Merge branch 'master' into mm/jade-export-wallet-via-qr

docs/elements.md

@@ -6,7 +6,7 @@ This document is a description on how to get started with elements/liquid. We'll
 After that, we'll explain how to connect your Specter Desktop to that node, create wallets and receive some coins (via sideshift.ai). Signing transactions is nowhere different than in any other Hotwallet.
 
 ## Elements Installation
-The Elements's instalaation is highly dependent to your system. Choose a fitting [artifact](https://github.com/ElementsProject/elements/releases) and install them. 
+The Elements installation process is highly dependent on your system. Choose a fitting [artifact](https://github.com/ElementsProject/elements/releases) and install it. 
 
 ## Liquid Node
 In order to validate Peg-Ins, you'll need RPC-access to your Bitcoin-Core node. I did this with a fullnode, it might also work with a pruned node (not tested, though).
@@ -107,4 +107,4 @@ Make sure that this is successfull by checking these two files to be existent:
 ```sh
 ls tests/elements/src/elements-cli tests/elements/src/elementsd
 tests/elements/src/elements-cli tests/elements/src/elementsd
-```
+```

docs/release-notes.md

@@ -1,5 +1,24 @@
 # Release Notes
 
+## v2.0.2 September 21, 2023
+- Bugfix: Add missing signet key #2368 (Manolis Mandrapilias)
+- Bugfix: Jade displaying wrong multisig addresses for descriptors using multi() #2366 (Manolis Mandrapilias)
+- Bugfix: JSON parsing issues when copy & pasting wallet data from PDF #2355 (Manolis Mandrapilias)
+- Bugfix: #2319 #2330 (k9ert)
+- Bugfix: fix specter.node has no _get_rpc() #2327 (k9ert)
+- Bugfix: Update spotbit api url and path #2372 (Benjamin B)
+- Chore(deps): Bump semver from 5.7.1 to 5.7.2 #2353 (dependabot[bot])
+- Chore(deps): Bump semver from 6.3.0 to 6.3.1 in /pyinstaller/electron #2352 (dependabot[bot])
+- Chore: Regex change to capture labels in wallet data imports better #2357 (Manolis Mandrapilias)
+- Chore: Use prettier for Electron app #2347 (Manolis Mandrapilias)
+- Chore: Optional ENFORCE_HWI_INITIALISATION_AT_STARTUP #2383 (k9ert)
+- Chore: remove SpecterUri #2358 (k9ert)
+- Chore: updating flask_babel fixes #2218 #2359 (k9ert)
+- Feature: Enable import of a multisig wallet that uses a multi-descriptor #2349 (Manolis Mandrapilias)
+- Feature: Implement automatic wallet import via Specter URI for MacOS #2344 (Manolis Mandrapilias)
+- Security: Patched Fix Electron vulnerable to out-of-package code execution when launched with arbitrary cwd #2380 (Sergev ₱)
+- Security: Fix login open redirect due to next parameter manipulation #2350 (zealsham)
+
 ## v2.0.1 March 27, 2023
 - Bugfix: Keyerror in case of frozen utxos #2308 (k9ert)
 - Bugfix: method getaddressinfo not implemented #2313 (k9ert)

pyinstaller/electron/yarn.lock

@@ -704,9 +704,9 @@ electron-publish@23.6.0:
  lazy-val "^1.0.5"
  mime "^2.5.2"
 
-electron@^22.3.21:
- version "22.3.21"
- resolved "https://registry.yarnpkg.com/electron/-/electron-22.3.21.tgz#a817446cc1e62e9650522fa7eae389f9fc5b5e19"
+electron@^22.1.0:
+ version "22.3.24"
+ resolved "https://registry.yarnpkg.com/electron/-/electron-22.3.24.tgz#14479cf11cf4709f78d324015429fa82492c2150"
  dependencies:
  "@electron/get" "^2.0.0"
  "@types/node" "^16.11.26"
@@ -1114,9 +1114,9 @@ json-schema-traverse@^0.4.1:
  version "0.4.1"
  resolved "https://registry.npmjs.org/json-schema-traverse/-/json-schema-traverse-0.4.1.tgz"
 
-json-schema@0.2.3:
- version "0.2.3"
- resolved "https://registry.npmjs.org/json-schema/-/json-schema-0.2.3.tgz"
+json-schema@0.4.0:
+ version "0.4.0"
+ resolved "https://registry.yarnpkg.com/json-schema/-/json-schema-0.4.0.tgz#f7de4cf6efab838ebaeb3236474cbba5a1930ab5"
 
 json-stringify-safe@^5.0.1, json-stringify-safe@~5.0.1:
  version "5.0.1"
@@ -1141,12 +1141,12 @@ jsonfile@^6.0.1:
  graceful-fs "^4.1.6"
 
 jsprim@^1.2.2:
- version "1.4.1"
- resolved "https://registry.npmjs.org/jsprim/-/jsprim-1.4.1.tgz"
+ version "1.4.2"
+ resolved "https://registry.yarnpkg.com/jsprim/-/jsprim-1.4.2.tgz#712c65533a15c878ba59e9ed5f0e26d5b77c5feb"
  dependencies:
  assert-plus "1.0.0"
  extsprintf "1.3.0"
- json-schema "0.2.3"
+ json-schema "0.4.0"
  verror "1.10.0"
 
 keyv@^4.0.0:

requirements.in

@@ -1,15 +1,14 @@
 certifi==2022.12.7
 chardet==3.0.4
 Click==8.1.1
-Flask==2.1.1
-#Werkzeug==2.0.3 # need to pin because Flask doesn't work with newer ones
+Flask==2.2.5
 Flask-Babel==3.1.0
 Flask-Cors==3.0.10
-Flask-Login==0.6.2
-Flask-RESTful==0.3.9
-Flask-HTTPAuth==4.7.0
+Flask-Login==0.6.3
+Flask-RESTful==0.3.10
+Flask-HTTPAuth==4.8.0
 hwi==2.1.1
-python-dotenv==0.13.0
+python-dotenv==0.21.1
 requests==2.26.0
 pysocks==1.7.1
 six==1.16.0
@@ -29,9 +28,15 @@ protobuf==3.20.2
 PyJWT==2.4.0
 pytimeparse==1.1.8
 psycopg2-binary==2.9.5
+
 # Extensions
 cryptoadvance-liquidissuer==0.2.4
 specterext-exfund==0.1.7
 specterext-faucet==0.1.2
 cryptoadvance.spectrum==0.6.4
 specterext-stacktrack==0.3.0
+
+# workarounds
+
+# greenlet is needed but not inserted as transitive dependency for some reason
+greenlet==2.0.2 

requirements.txt

@@ -163,9 +163,9 @@ embit==0.6.1 \
  # via
  # -r requirements.in
  # cryptoadvance-spectrum
-flask==2.1.1 \
- --hash=sha256:8a4cf32d904cf5621db9f0c9fbcd7efabf3003f22a04e4d0ce790c7137ec5264 \
- --hash=sha256:a8c9bd3e558ec99646d177a9739c41df1ded0629480b4c8d2975412f3c9519c8
+flask==2.2.5 \
+ --hash=sha256:58107ed83443e86067e41eff4631b058178191a355886f8e479e347fa1285fdf \
+ --hash=sha256:edee9b0a7ff26621bd5a8c10ff484ae28737a2410d99b0bb9a6850c7fb977aa0
  # via
  # -r requirements.in
  # cryptoadvance-spectrum
@@ -188,17 +188,17 @@ flask-cors==3.0.10 \
  --hash=sha256:74efc975af1194fc7891ff5cd85b0f7478be4f7f59fe158102e91abb72bb4438 \
  --hash=sha256:b60839393f3b84a0f3746f6cdca56c1ad7426aa738b70d6c61375857823181de
  # via -r requirements.in
-flask-httpauth==4.7.0 \
- --hash=sha256:a237e4c8ec1d339298a0eb88e5af2ca36117949b621631649462800e57e1ba37 \
- --hash=sha256:f7199e7bad20d5b68b3f0b62bddfca7637c55087e9d02f605ae26e0de479fd94
+flask-httpauth==4.8.0 \
+ --hash=sha256:66568a05bc73942c65f1e2201ae746295816dc009edd84b482c44c758d75097a \
+ --hash=sha256:a58fedd09989b9975448eef04806b096a3964a7feeebc0a78831ff55685b62b0
  # via -r requirements.in
-flask-login==0.6.2 \
- --hash=sha256:1ef79843f5eddd0f143c2cd994c1b05ac83c0401dc6234c143495af9a939613f \
- --hash=sha256:c0a7baa9fdc448cdd3dd6f0939df72eec5177b2f7abe6cb82fc934d29caac9c3
+flask-login==0.6.3 \
+ --hash=sha256:5e23d14a607ef12806c699590b89d0f0e0d67baeec599d75947bf9c147330333 \
+ --hash=sha256:849b25b82a436bf830a054e74214074af59097171562ab10bfa999e6b78aae5d
  # via -r requirements.in
-flask-restful==0.3.9 \
- --hash=sha256:4970c49b6488e46c520b325f54833374dc2b98e211f1b272bd4b0c516232afe2 \
- --hash=sha256:ccec650b835d48192138c85329ae03735e6ced58e9b2d9c2146d6c84c06fa53e
+flask-restful==0.3.10 \
+ --hash=sha256:1cf93c535172f112e080b0d4503a8d15f93a48c88bdd36dd87269bdaf405051b \
+ --hash=sha256:fe4af2ef0027df8f9b4f797aba20c5566801b6ade995ac63b588abf1a59cec37
  # via -r requirements.in
 flask-sqlalchemy==2.5.1 \
  --hash=sha256:2bda44b43e7cacb15d4e05ff3cc1f8bc97936cc464623424102bfc2c35e95912 \
@@ -211,6 +211,7 @@ flask-wtf==0.15.1 \
 greenlet==2.0.2 \
  --hash=sha256:03a8f4f3430c3b3ff8d10a2a86028c660355ab637cee9333d63d66b56f09d52a \
  --hash=sha256:0bf60faf0bc2468089bdc5edd10555bab6e85152191df713e2ab1fcc86382b5a \
+ --hash=sha256:1087300cf9700bbf455b1b97e24db18f2f77b55302a68272c56209d5587c12d1 \
  --hash=sha256:18a7f18b82b52ee85322d7a7874e676f34ab319b9f8cce5de06067384aa8ff43 \
  --hash=sha256:18e98fb3de7dba1c0a852731c3070cf022d14f0d68b4c87a19cc1016f3bb8b33 \
  --hash=sha256:1a819eef4b0e0b96bb0d98d797bef17dc1b4a10e8d7446be32d1da33e095dbb8 \
@@ -236,6 +237,7 @@ greenlet==2.0.2 \
  --hash=sha256:76ae285c8104046b3a7f06b42f29c7b73f77683df18c49ab5af7983994c2dd91 \
  --hash=sha256:7cafd1208fdbe93b67c7086876f061f660cfddc44f404279c1585bbf3cdc64c5 \
  --hash=sha256:7efde645ca1cc441d6dc4b48c0f7101e8d86b54c8530141b09fd31cef5149ec9 \
+ --hash=sha256:8512a0c38cfd4e66a858ddd1b17705587900dd760c6003998e9472b77b56d417 \
  --hash=sha256:88d9ab96491d38a5ab7c56dd7a3cc37d83336ecc564e4e8816dbed12e5aaefc8 \
  --hash=sha256:8eab883b3b2a38cc1e050819ef06a7e6344d4a990d24d45bc6f2cf959045a45b \
  --hash=sha256:910841381caba4f744a44bf81bfd573c94e10b3045ee00de0cbf436fe50673a6 \
@@ -259,8 +261,10 @@ greenlet==2.0.2 \
  --hash=sha256:c9c59a2120b55788e800d82dfa99b9e156ff8f2227f07c5e3012a45a399620b7 \
  --hash=sha256:cd021c754b162c0fb55ad5d6b9d960db667faad0fa2ff25bb6e1301b0b6e6a75 \
  --hash=sha256:d27ec7509b9c18b6d73f2f5ede2622441de812e7b1a80bbd446cb0633bd3d5ae \
+ --hash=sha256:d4606a527e30548153be1a9f155f4e283d109ffba663a15856089fb55f933e47 \
  --hash=sha256:d5508f0b173e6aa47273bdc0a0b5ba055b59662ba7c7ee5119528f466585526b \
  --hash=sha256:d75209eed723105f9596807495d58d10b3470fa6732dd6756595e89925ce2470 \
+ --hash=sha256:d967650d3f56af314b72df7089d96cda1083a7fc2da05b375d2bc48c82ab3f3c \
  --hash=sha256:db1a39669102a1d8d12b57de2bb7e2ec9066a6f2b3da35ae511ff93b01b5d564 \
  --hash=sha256:dbfcfc0218093a19c252ca8eb9aee3d29cfdcb586df21049b9d777fd32c14fd9 \
  --hash=sha256:e0f72c9ddb8cd28532185f54cc1453f2c16fb417a08b53a855c4e6a418edd099 \
@@ -269,7 +273,7 @@ greenlet==2.0.2 \
  --hash=sha256:eff4eb9b7eb3e4d0cae3d28c283dc16d9bed6b193c2e1ace3ed86ce48ea8df19 \
  --hash=sha256:f82d4d717d8ef19188687aa32b8363e96062911e63ba22a0cff7802a8e58e5f1 \
  --hash=sha256:fc3a569657468b6f3fb60587e48356fe512c1754ca05a564f11366ac9e306526
- # via sqlalchemy
+ # via -r requirements.in
 gunicorn==20.1.0 \
  --hash=sha256:9dcc4547dbb1cb284accfb15ab5667a0e5d1881cc443e0677b4882a4067a807e \
  --hash=sha256:e0a968b5ba15f8a328fdfd7ab1fcb5af4470c28aaf7e55df02a99bc13138e6e8
@@ -651,9 +655,9 @@ python-dateutil==2.8.2 \
  # via
  # flask-apscheduler
  # pandas
-python-dotenv==0.13.0 \
- --hash=sha256:25c0ff1a3e12f4bde8d592cc254ab075cfe734fc5dd989036716fd17ee7e5ec7 \
- --hash=sha256:3b9909bc96b0edc6b01586e1eed05e71174ef4e04c71da5786370cebea53ad74
+python-dotenv==0.21.1 \
+ --hash=sha256:1c93de8f636cde3ce377292818d0e440b6e45a82f215c3744979151fa8151c49 \
+ --hash=sha256:41e12e0318bebc859fcc4d97d4db8d20ad21721a6aa5047dd59f090391cb549a
  # via -r requirements.in
 pytimeparse==1.1.8 \
  --hash=sha256:04b7be6cc8bd9f5647a6325444926c3ac34ee6bc7e69da4367ba282f076036bd \

src/cryptoadvance/specter/cli/cli_server.py

@@ -57,6 +57,11 @@ def cli():
  is_flag=True,
  help="Start the hwi-bridge to use your HWWs with a remote specter.",
 )
+@click.option(
+ "--enforcehwiinitialisation",
+ is_flag=True,
+ help="calls enumerate() which is known to cause issues with certain usb-devices plugged in at startup.",
+)
 @click.option(
  "--devstatus-threshold",
  type=click.Choice(["alpha", "beta", "prod"], case_sensitive=False),
@@ -83,6 +88,7 @@ def server(
  filelog,
  tor,
  hwibridge,
+ enforcehwiinitialisation,
  devstatus_threshold,
  specter_data_folder,
  config,
@@ -148,6 +154,8 @@ def server(
  kwargs = configure_ssl(kwargs, app.config, ssl)
 
  app.app_context().push()
+ if enforcehwiinitialisation:
+ app.config["ENFORCE_HWI_INITIALISATION_AT_STARTUP"] = True
  init_app(app, hwibridge=hwibridge)
 
  if filelog:

src/cryptoadvance/specter/config.py

@@ -82,6 +82,11 @@ class BaseConfig(object):
  CERT = os.getenv("CERT", None)
  KEY = os.getenv("KEY", None)
 
+ # It might be necessary to enforce the HWI initialisation
+ ENFORCE_HWI_INITIALISATION_AT_STARTUP = _get_bool_env_var(
+ "ENFORCE_HWI_INITIALISATION_AT_STARTUP", False
+ )
+
  # This will be used to search for a bitcoin.conf in order to enable the
  # auth method "RPC password as pin"
  RASPIBLITZ_SPECTER_RPC_LOGIN_BITCOIN_CONF_LOCATION = os.getenv(

src/cryptoadvance/specter/hwi_rpc.py

@@ -66,7 +66,7 @@ class HWIBridge(JSONRPC):
  All methods of this class are callable over JSON-RPC, except _underscored.
  """
 
- def __init__(self):
+ def __init__(self, enforce_hwi_initialisation=False):
  self.exposed_rpc = {
  "enumerate": self.enumerate,
  "detect_device": self.detect_device,
@@ -81,11 +81,14 @@ def __init__(self):
  "extract_master_blinding_key": self.extract_master_blinding_key,
  "bitbox02_pairing": self.bitbox02_pairing,
  }
- # Running enumerate after beginning an interaction with a specific device
- # crashes python or make HWI misbehave. For now we just get all connected
- # devices once per session and save them.
- logger.info("Initializing HWI...") # to explain user why it takes so long
- self.enumerate()
+ if enforce_hwi_initialisation:
+ # Running enumerate after beginning an interaction with a specific device
+ # crashes python or make HWI misbehave. For now we just get all connected
+ # devices once per session and save them.
+ logger.info("Initializing HWI...") # to explain user why it takes so long
+ self.enumerate()
+ logger.info("Finished initializing HWI!")
+ self.devices = []
 
  @locked(hwilock)
  def enumerate(self, passphrase="", chain=""):

src/cryptoadvance/specter/node.py

@@ -668,10 +668,12 @@ def delete_wallet_file(self, wallet) -> bool:
  )
  except RpcError:
  pass
- if self.chain != "main":
- path = os.path.join(datadir, f"{self.chain}/wallets", wallet_rpc_path)
- else:
+ if self.chain == "test":
+ path = os.path.join(datadir, "testnet3/wallets", wallet_rpc_path)
+ elif self.chain == "main":
  path = os.path.join(datadir, wallet_rpc_path)
+ else:
+ path = os.path.join(datadir, f"{self.chain}/wallets", wallet_rpc_path)
  try:
  shutil.rmtree(path, ignore_errors=False)
  logger.debug(f"Removing wallet file at: {path}")

src/cryptoadvance/specter/server.py

@@ -50,12 +50,17 @@ def get_language_code(self):
  """
  Helper for Babel and other related language selection tasks.
  """
- if "language_code" in session:
- # Explicit selection
- return session["language_code"]
- else:
- # autodetect
- return request.accept_languages.best_match(self.supported_languages.keys())
+ try:
+ if "language_code" in session:
+ # Explicit selection
+ return session["language_code"]
+ else:
+ # autodetect
+ return request.accept_languages.best_match(
+ self.supported_languages.keys()
+ )
+ except: # RuntimeError: Working outside of request context.
+ return "en"
 
  def set_language_code(self, language_code):
  session["language_code"] = language_code
@@ -177,7 +182,7 @@ def service_manager_cleanup_on_exit(signum, frame):
  specter.initialize()
 
  # HWI
- specter.hwi = HWIBridge()
+ specter.hwi = HWIBridge(app.config["ENFORCE_HWI_INITIALISATION_AT_STARTUP"])
 
  login_manager = LoginManager()
  login_manager.session_protection = app.config.get("SESSION_PROTECTION", "strong")