- read-only demo server at https://a.ocv.me/pub/demo/
- docker image ╱ similar software ╱ client testbed
no vulnerabilities since 2023-07-23
- there is a discord server with an
@everyone
in case of future important updates - v1.8.7 (2023-07-23) - CVE-2023-38501 - reflected XSS
- v1.8.2 (2023-07-14) - CVE-2023-37474 - path traversal (first CVE)
new features
- tumbleweed
bugfixes
-
deleting files from the server could make some duplicates of that file unavailable (by breaking nested symlinks)
-
don't worry, we are not talking about data loss! but such broken links would disappear from the directory listing and would need to be remedied by replacing the broken links manually, either by using a file explorer or commandline
-
only affected linux/macos, did not affect servers with
--hardlink
or--never-symlink
or--no-dedup
, and mainly affected servers with lots of duplicate files (with some dupes in the same folder and some elsewhere) -
if you want to check for such broken symlinks, the following unix command will find all of them:
find -L -type l
- to also see creation times (and the invalid targets),
find -L /srv/w/ -type l -printf 'in folder \033[36m%h\033[0m ---\n name: \033[1;35m%f\033[0m\n target: \033[1;31m%l\033[0m\n created: \033[36m%TY-%Tm-%Td, %TH:%TM:%TS\033[0m\n\n'
- to also see creation times (and the invalid targets),
-
to repair a broken link, first
cd
into the folder with the broken link, then remove it and replace it:rm thelink.opus; ln -s /mnt/music/realfile.opus thelink.opus
-
if you have a mystery link and want to know what it used to be, you can grep the copyparty logs for the filename and the folder, replacing
cat copyparty.log
with something appropriate for your setup, maybejournalctl -a
orxz -dkc <cpp.xz
:cat copyparty.log | grep -aiF 'ghost.opus' | grep -aiF 'stellar'
you'll find the following line;
purl
is the folder/URL it was uploaded to, andwark
is the file ID we can use to find duplicates:{"name": "04. GHOST.opus", "purl": "/mu/vt/suisei/still-still-stellar/", "size": 4520986, "lmod": 1697091772, "sprs": true, "hash": [], "wark": "SJMASMtWOa0UZnc002nn5unO5iCBMa-krt2CDcq8eJe9"}
now, either do another grep for the
wark
, or you can ask the database (which tells you the correct path in case the file was moved since being uploaded):sqlite3 -separator / -readonly .hist/up2k.db "select rd,fn from up where w='SJMASMtWOa0UZnc002nn5unO5iCBMa-krt2CDcq8eJe9'" # vt/suisei/still-still-stellar/04. GHOST.opus
-
-
the server would throw an error if you tried to delete a broken symlink
-
prevent warnings about duplicate file entries in the database by preventing that from happening in the first place
-
u2c.py
(commandline uploader) would fail to delete files from the server if there's more than ~10'000 files to be deleted- and forgot to bump the version number...
1.11 (2nd season)
- and forgot to bump the version number...
other changes
--help
was slightly improved- docker images are now based on alpine v3.19
copyparty.exe
is now based on python v3.11.7