From 8a406025741c6ef744aa2a3adb94553e17ab18a4 Mon Sep 17 00:00:00 2001 From: Micah Lee Date: Tue, 6 Sep 2016 10:09:46 -0700 Subject: [PATCH 1/7] Version bump to 0.9.1, and updated changelog --- CHANGELOG.md | 7 +++++++ resources/version.txt | 2 +- 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index d240a322..4a8cb1fe 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,12 @@ # OnionShare Changelog +## 0.9.1 + +* Added Nautilus extension, so you can right-click on a file and choose "Share via OnionShare", thanks to Subgraph developers +* Switch to using the term "onion service" rather than "hidden service" +* Fix CVE-2016-5026, minor security issue related to use of /tmp directory +* Switch from PyInstaller to cx_Freeze for Windows and OSX packaging + ## 0.9 * Slugs are now shorter and human-readable, with rate limiting to prevent URL guessing diff --git a/resources/version.txt b/resources/version.txt index dc9bff91..f374f666 100644 --- a/resources/version.txt +++ b/resources/version.txt @@ -1 +1 @@ -0.9.1-dev +0.9.1 From 7ab936cec20322c6c530e1b62c18e1a07497b86e Mon Sep 17 00:00:00 2001 From: Micah Lee Date: Tue, 6 Sep 2016 10:18:50 -0700 Subject: [PATCH 2/7] Prevent canceling download from being confused with rate limit attacker --- onionshare/web.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/onionshare/web.py b/onionshare/web.py index 958e8c3a..f0cb830b 100644 --- a/onionshare/web.py +++ b/onionshare/web.py @@ -73,7 +73,7 @@ REQUEST_DOWNLOAD = 1 REQUEST_PROGRESS = 2 REQUEST_OTHER = 3 REQUEST_CANCELED = 4 -REQUEST_RATE_LIMIT = 4 +REQUEST_RATE_LIMIT = 5 q = queue.Queue() From e093c7298a687d8b1bf5c01b0193ca38f720e6fd Mon Sep 17 00:00:00 2001 From: Micah Lee Date: Tue, 6 Sep 2016 18:44:35 -0700 Subject: [PATCH 3/7] Disable writing to stdout in Windows (fixes #304) --- onionshare/web.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/onionshare/web.py b/onionshare/web.py index f0cb830b..f32f13da 100644 --- a/onionshare/web.py +++ b/onionshare/web.py @@ -243,8 +243,8 @@ def download(slug_candidate): downloaded_bytes = fp.tell() percent = (1.0 * downloaded_bytes / zip_filesize) * 100 - # suppress stdout platform on OSX (#203) - if helpers.get_platform() != 'Darwin': + # only output to stdout in Linux (#203, #304) + if helpers.get_platform() == 'Linux': sys.stdout.write( "\r{0:s}, {1:.2f}% ".format(helpers.human_readable_filesize(downloaded_bytes), percent)) sys.stdout.flush() From 9c250fc4e447953c82f560db33f734be655b1c43 Mon Sep 17 00:00:00 2001 From: Micah Lee Date: Tue, 6 Sep 2016 11:56:09 -0700 Subject: [PATCH 4/7] Add instructions for using CLI version to README, and add supporting Windows/OSX CLI to changelog --- CHANGELOG.md | 1 + README.md | 8 ++++++++ 2 files changed, 9 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 4a8cb1fe..22254631 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,7 @@ * Switch to using the term "onion service" rather than "hidden service" * Fix CVE-2016-5026, minor security issue related to use of /tmp directory * Switch from PyInstaller to cx_Freeze for Windows and OSX packaging +* Support CLI in Windows and OSX ## 0.9 diff --git a/README.md b/README.md index 7f680855..b3531938 100644 --- a/README.md +++ b/README.md @@ -34,3 +34,11 @@ Open OnionShare and drag and drop files and folders you wish to share, and click Send this URL to the person you're trying to send the files to. If the files you're sending aren't secret, you can use normal means of sending the URL: emailing it, posting it to Facebook or Twitter, etc. If you're trying to send secret files then it's important to send this URL securely. The person who is receiving the files doesn't need OnionShare. All they need is to open the URL you send them in Tor Browser to be able to download the file. + +## Using the command line version + +In Linux: Just run `onionshare` from the terminal. + +In Windows: Add `C:\Program Files (x86)\OnionShare` to your PATH. Now you can run `onionshare.exe` in a command prompt. + +In Mac OS X: Run `ln -s /Applications/OnionShare.app/Contents/MacOS/onionshare /usr/local/bin`. Now you can run `onionshare` from the terminal. From 7a46336149a624d5cbc9b31959103cce82584b5f Mon Sep 17 00:00:00 2001 From: Micah Lee Date: Tue, 6 Sep 2016 12:09:10 -0700 Subject: [PATCH 5/7] Enable stdout in Windows, OSX CLI versions (#305) --- onionshare/web.py | 15 ++++++++++++--- onionshare_gui/onionshare_gui.py | 1 + 2 files changed, 13 insertions(+), 3 deletions(-) diff --git a/onionshare/web.py b/onionshare/web.py index f32f13da..259bad1d 100644 --- a/onionshare/web.py +++ b/onionshare/web.py @@ -123,6 +123,15 @@ def get_transparent_torification(): """ return transparent_torification +# Are we running in GUI mode? +gui_mode = False +def set_gui_mode(): + """ + Tell the web service that we're running in GUI mode + """ + global gui_mode + gui_mode = True + def debug_mode(): """ Turn on debugging mode, which will log flask errors to a debug file. @@ -213,7 +222,7 @@ def download(slug_candidate): def generate(): # The user hasn't canceled the download - global client_cancel + global client_cancel, gui_mode client_cancel = False # Starting a new download @@ -243,8 +252,8 @@ def download(slug_candidate): downloaded_bytes = fp.tell() percent = (1.0 * downloaded_bytes / zip_filesize) * 100 - # only output to stdout in Linux (#203, #304) - if helpers.get_platform() == 'Linux': + # only output to stdout if running onionshare in CLI mode, or if using Linux (#203, #304) + if not gui_mode or helpers.get_platform() == 'Linux': sys.stdout.write( "\r{0:s}, {1:.2f}% ".format(helpers.human_readable_filesize(downloaded_bytes), percent)) sys.stdout.flush() diff --git a/onionshare_gui/onionshare_gui.py b/onionshare_gui/onionshare_gui.py index 5fa8f624..032140d5 100644 --- a/onionshare_gui/onionshare_gui.py +++ b/onionshare_gui/onionshare_gui.py @@ -139,6 +139,7 @@ class OnionShareGui(QtWidgets.QMainWindow): # Reset web counters web.download_count = 0 web.error404_count = 0 + web.set_gui_mode() # pick an available local port for the http service to listen on self.app.choose_port() From 76937d5cb5d0171f9cc2bcadfb0f60c38450256c Mon Sep 17 00:00:00 2001 From: Micah Lee Date: Tue, 6 Sep 2016 13:17:55 -0700 Subject: [PATCH 6/7] Move imports to module level --- onionshare/web.py | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/onionshare/web.py b/onionshare/web.py index 259bad1d..b8c9f045 100644 --- a/onionshare/web.py +++ b/onionshare/web.py @@ -17,7 +17,7 @@ GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . """ -import queue, mimetypes, platform, os, sys +import queue, mimetypes, platform, os, sys, socket, logging from urllib.request import urlopen from flask import Flask, Response, request, render_template_string, abort @@ -136,8 +136,6 @@ def debug_mode(): """ Turn on debugging mode, which will log flask errors to a debug file. """ - import logging - if platform.system() == 'Windows': temp_dir = os.environ['Temp'].replace('\\', '/') else: @@ -360,8 +358,6 @@ def stop(port): # to stop flask, load http://127.0.0.1://shutdown try: if transparent_torification: - import socket - s = socket.socket() s.connect(('127.0.0.1', port)) s.sendall('GET /{0:s}/shutdown HTTP/1.1\r\n\r\n'.format(shutdown_slug)) From 373f24e64b52aea6ad9dc5caeb9073e728abec2f Mon Sep 17 00:00:00 2001 From: Micah Lee Date: Tue, 6 Sep 2016 13:27:59 -0700 Subject: [PATCH 7/7] Sleep between launching threads in onionshare-gui, preventing a cx_Freeze crash related to loading the same modules in multiple threads while they're locked --- onionshare_gui/onionshare_gui.py | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/onionshare_gui/onionshare_gui.py b/onionshare_gui/onionshare_gui.py index 032140d5..cbda5431 100644 --- a/onionshare_gui/onionshare_gui.py +++ b/onionshare_gui/onionshare_gui.py @@ -144,6 +144,13 @@ class OnionShareGui(QtWidgets.QMainWindow): # pick an available local port for the http service to listen on self.app.choose_port() + # start onionshare http service in new thread + t = threading.Thread(target=web.start, args=(self.app.port, self.app.stay_open, self.app.transparent_torification)) + t.daemon = True + t.start() + # wait for modules in thread to load, preventing a thread-related cx_Freeze crash + time.sleep(0.2) + # start the onion service in a new thread def start_onion_service(self): self.status_bar.showMessage(strings._('gui_starting_server1', True)) @@ -155,14 +162,9 @@ class OnionShareGui(QtWidgets.QMainWindow): self.starting_server_error.emit(e.args[0]) return - t1 = threading.Thread(target=start_onion_service, kwargs={'self': self}) - t1.daemon = True - t1.start() - - # start onionshare http service in new thread - t2 = threading.Thread(target=web.start, args=(self.app.port, self.app.stay_open, self.app.transparent_torification)) - t2.daemon = True - t2.start() + t = threading.Thread(target=start_onion_service, kwargs={'self': self}) + t.daemon = True + t.start() def start_server_step2(self): """