search

usmannasir / cyberpanel

Cyber Panel - The hosting control panel for OpenLiteSpeed
GNU General Public License v3.0
1.61k stars 616 forks source link

[BUG] Upgrade not possible, cloudflare pip package "TypeError: canonicalize_version() got an unexpected keyword argument 'strip_trailing_zero'" #1345

Open Orgoth opened 4 weeks ago

Orgoth commented 4 weeks ago

Describe the bug running preUpgrade and it fails when settingup cloudflare.

To Reproduce simply run "sh <(curl https://raw.githubusercontent.com/usmannasir/cyberpanel/stable/preUpgrade.sh || wget -O - https://raw.githubusercontent.com/usmannasir/cyberpanel/stable/preUpgrade.sh)" on an ubuntu 22.04 LTS after you have installed cyberpanel < 2.3.7

Expected behavior It should run without any errors.

Screenshots

Collecting cloudflare==2.8.13 (from -r /usr/local/requirments.txt (line 5))
  Using cached cloudflare-2.8.13.tar.gz (65 kB)
  Preparing metadata (setup.py) ... error
  error: subprocess-exited-with-error

  × python setup.py egg_info did not run successfully.
  │ exit code: 1
  ╰─> [45 lines of output]
      running egg_info
      creating /tmp/pip-pip-egg-info-cqprurlq/cloudflare.egg-info
      writing /tmp/pip-pip-egg-info-cqprurlq/cloudflare.egg-info/PKG-INFO
      writing dependency_links to /tmp/pip-pip-egg-info-cqprurlq/cloudflare.egg-info/dependency_links.txt
      writing entry points to /tmp/pip-pip-egg-info-cqprurlq/cloudflare.egg-info/entry_points.txt
      writing requirements to /tmp/pip-pip-egg-info-cqprurlq/cloudflare.egg-info/requires.txt
      writing top-level names to /tmp/pip-pip-egg-info-cqprurlq/cloudflare.egg-info/top_level.txt
      writing manifest file '/tmp/pip-pip-egg-info-cqprurlq/cloudflare.egg-info/SOURCES.txt'
      reading manifest file '/tmp/pip-pip-egg-info-cqprurlq/cloudflare.egg-info/SOURCES.txt'
      reading manifest template 'MANIFEST.in'
      adding license file 'LICENSE'
      Traceback (most recent call last):
        File "<string>", line 2, in <module>
        File "<pip-setuptools-caller>", line 34, in <module>
        File "/tmp/pip-install-766g99es/cloudflare_8c9e811f7b024c1aa51ba3fdd529cf00/setup.py", line 60, in <module>
          main()
        File "/tmp/pip-install-766g99es/cloudflare_8c9e811f7b024c1aa51ba3fdd529cf00/setup.py", line 18, in main
          setup(
        File "/usr/local/CyberPanel/lib/python3.10/site-packages/setuptools/__init__.py", line 117, in setup
          return distutils.core.setup(**attrs)
        File "/usr/local/CyberPanel/lib/python3.10/site-packages/setuptools/_distutils/core.py", line 183, in setup
          return run_commands(dist)
        File "/usr/local/CyberPanel/lib/python3.10/site-packages/setuptools/_distutils/core.py", line 199, in run_commands
          dist.run_commands()
        File "/usr/local/CyberPanel/lib/python3.10/site-packages/setuptools/_distutils/dist.py", line 954, in run_commands
          self.run_command(cmd)
        File "/usr/local/CyberPanel/lib/python3.10/site-packages/setuptools/dist.py", line 991, in run_command
          super().run_command(command)
        File "/usr/local/CyberPanel/lib/python3.10/site-packages/setuptools/_distutils/dist.py", line 973, in run_command
          cmd_obj.run()
        File "/usr/local/CyberPanel/lib/python3.10/site-packages/setuptools/command/egg_info.py", line 315, in run
          self.find_sources()
        File "/usr/local/CyberPanel/lib/python3.10/site-packages/setuptools/command/egg_info.py", line 323, in find_sources
          mm.run()
        File "/usr/local/CyberPanel/lib/python3.10/site-packages/setuptools/command/egg_info.py", line 549, in run
          self.prune_file_list()
        File "/usr/local/CyberPanel/lib/python3.10/site-packages/setuptools/command/sdist.py", line 161, in prune_file_list
          super().prune_file_list()
        File "/usr/local/CyberPanel/lib/python3.10/site-packages/setuptools/_distutils/command/sdist.py", line 380, in prune_file_list
          base_dir = self.distribution.get_fullname()
        File "/usr/local/CyberPanel/lib/python3.10/site-packages/setuptools/_core_metadata.py", line 267, in get_fullname
          return _distribution_fullname(self.get_name(), self.get_version())
        File "/usr/local/CyberPanel/lib/python3.10/site-packages/setuptools/_core_metadata.py", line 285, in _distribution_fullname
          canonicalize_version(version, strip_trailing_zero=False),
      TypeError: canonicalize_version() got an unexpected keyword argument 'strip_trailing_zero'
      [end of output]

  note: This error originates from a subprocess, and is likely not a problem with pip.
error: metadata-generation-failed

Operating system: Ubuntu 22.04 LTS

CyberPanel version: Current Version: 2.3 Build: 5Current Commit: 9f2c26167284149e174fec2c21311a52f410a52b Latest Version: 2.3 Latest Build: 7Latest Commit: 4ad53e349c4e146241f6fffca13d8a15530cdabe

Additional context

bs-timstans commented 3 weeks ago

Same here,

Describe the bug running preUpgrade and it fails when settingup cloudflare.

To Reproduce simply run "sh <(curl https://raw.githubusercontent.com/usmannasir/cyberpanel/stable/preUpgrade.sh || wget -O - https://raw.githubusercontent.com/usmannasir/cyberpanel/stable/preUpgrade.sh)" on an ubuntu 22.04 LTS after you have installed cyberpanel < 2.3.7

Expected behavior It should run without any errors.

Collecting cloudflare==2.8.13 (from -r /usr/local/requirments.txt (line 5))
  Using cached cloudflare-2.8.13.tar.gz (65 kB)
  Preparing metadata (setup.py) ... error
  error: subprocess-exited-with-error

  × python setup.py egg_info did not run successfully.
  │ exit code: 1
  ╰─> [45 lines of output]
      running egg_info
      creating /tmp/pip-pip-egg-info-fc2kspko/cloudflare.egg-info
      writing /tmp/pip-pip-egg-info-fc2kspko/cloudflare.egg-info/PKG-INFO
      writing dependency_links to /tmp/pip-pip-egg-info-fc2kspko/cloudflare.egg-info/dependency_links.txt
      writing entry points to /tmp/pip-pip-egg-info-fc2kspko/cloudflare.egg-info/entry_points.txt
      writing requirements to /tmp/pip-pip-egg-info-fc2kspko/cloudflare.egg-info/requires.txt
      writing top-level names to /tmp/pip-pip-egg-info-fc2kspko/cloudflare.egg-info/top_level.txt
      writing manifest file '/tmp/pip-pip-egg-info-fc2kspko/cloudflare.egg-info/SOURCES.txt'
      reading manifest file '/tmp/pip-pip-egg-info-fc2kspko/cloudflare.egg-info/SOURCES.txt'
      reading manifest template 'MANIFEST.in'
      adding license file 'LICENSE'
      Traceback (most recent call last):
        File "<string>", line 2, in <module>
        File "<pip-setuptools-caller>", line 34, in <module>
        File "/tmp/pip-install-m9yp7yqv/cloudflare_3150c3c2fbdc416c97f4d7738e1dbd9e/setup.py", line 60, in <module>
          main()
        File "/tmp/pip-install-m9yp7yqv/cloudflare_3150c3c2fbdc416c97f4d7738e1dbd9e/setup.py", line 18, in main
          setup(
        File "/usr/local/CyberPanel/lib/python3.10/site-packages/setuptools/__init__.py", line 117, in setup
          return distutils.core.setup(**attrs)
        File "/usr/local/CyberPanel/lib/python3.10/site-packages/setuptools/_distutils/core.py", line 183, in setup
          return run_commands(dist)
        File "/usr/local/CyberPanel/lib/python3.10/site-packages/setuptools/_distutils/core.py", line 199, in run_commands
          dist.run_commands()
        File "/usr/local/CyberPanel/lib/python3.10/site-packages/setuptools/_distutils/dist.py", line 954, in run_commands
          self.run_command(cmd)
        File "/usr/local/CyberPanel/lib/python3.10/site-packages/setuptools/dist.py", line 991, in run_command
          super().run_command(command)
        File "/usr/local/CyberPanel/lib/python3.10/site-packages/setuptools/_distutils/dist.py", line 973, in run_command
          cmd_obj.run()
        File "/usr/local/CyberPanel/lib/python3.10/site-packages/setuptools/command/egg_info.py", line 315, in run
          self.find_sources()
        File "/usr/local/CyberPanel/lib/python3.10/site-packages/setuptools/command/egg_info.py", line 323, in find_sources
          mm.run()
        File "/usr/local/CyberPanel/lib/python3.10/site-packages/setuptools/command/egg_info.py", line 549, in run
          self.prune_file_list()
        File "/usr/local/CyberPanel/lib/python3.10/site-packages/setuptools/command/sdist.py", line 161, in prune_file_list
          super().prune_file_list()
        File "/usr/local/CyberPanel/lib/python3.10/site-packages/setuptools/_distutils/command/sdist.py", line 380, in prune_file_list
          base_dir = self.distribution.get_fullname()
        File "/usr/local/CyberPanel/lib/python3.10/site-packages/setuptools/_core_metadata.py", line 267, in get_fullname
          return _distribution_fullname(self.get_name(), self.get_version())
        File "/usr/local/CyberPanel/lib/python3.10/site-packages/setuptools/_core_metadata.py", line 285, in _distribution_fullname
          canonicalize_version(version, strip_trailing_zero=False),
      TypeError: canonicalize_version() got an unexpected keyword argument 'strip_trailing_zero'
      [end of output]

  note: This error originates from a subprocess, and is likely not a problem with pip.
error: metadata-generation-failed

× Encountered error while generating package metadata.
╰─> See above for output.

note: This is an issue with the package mentioned above, not pip.
hint: See above for details.
above command failed...

CyberPanel version: Current Version: 2.3 Build: 5Current Commit: https://github.com/usmannasir/cyberpanel/commit/9f2c26167284149e174fec2c21311a52f410a52b Latest Version: 2.3 Latest Build: 7Latest Commit: https://github.com/usmannasir/cyberpanel/commit/4ad53e349c4e146241f6fffca13d8a15530cdabe

T-Induwara commented 3 weeks ago

Same issue. Today I received an email from Hostinger, mentioning "Urgent: Action required for CyberPanel security vulnerability". When I run the update command, I receive the same error that @Orgoth and @bs-timstans mentioned here. I tried several times and no luck so far.

Orgoth commented 3 weeks ago

@T-Induwara you should be fast and search for this, or all could be encrypted!

https://community.cyberpanel.net/t/critical-security-alert-vulnerable-cyberpanel-instance-detected-on-your-network/56021/14?u=kibbelking

ps aux | grep -E 'kinsing|udiskssd|kdevtmpfsi|bash2|bash3'

and

https://community.cyberpanel.net/t/critical-security-alert-vulnerable-cyberpanel-instance-detected-on-your-network/56021/9?u=kibbelking

For me it was too late and nearly all was encrypted, I keep this topic open since it is still a problem for some users.

Orgoth commented 3 weeks ago

"Urgent: Action required for CyberPanel security vulne

Yes, Cyberpanel has a Remote Code Execution "RCE" vulnerability, the attacker is able to inject code and execute it as ROOT!

cybertr0n1 commented 3 weeks ago

I have the same as the author and it would feel a LOT better if we could upgrade to fix the vulnerability! (I have cleaned my system and changed the portnumber) Hopefully this and my other mitigations Will work until I can upgrade!

andreslopezco commented 3 weeks ago

I'm getting the same error:

Preparing metadata (setup.py) ... error
  error: subprocess-exited-with-error

  × python setup.py egg_info did not run successfully.
  │ exit code: 1
  ╰─> [45 lines of output]
      running egg_info
      creating /tmp/pip-pip-egg-info-r4a070lr/cloudflare.egg-info
      writing /tmp/pip-pip-egg-info-r4a070lr/cloudflare.egg-info/PKG-INFO
      writing dependency_links to /tmp/pip-pip-egg-info-r4a070lr/cloudflare.egg-info/dependency_links.txt
      writing entry points to /tmp/pip-pip-egg-info-r4a070lr/cloudflare.egg-info/entry_points.txt
      writing requirements to /tmp/pip-pip-egg-info-r4a070lr/cloudflare.egg-info/requires.txt
      writing top-level names to /tmp/pip-pip-egg-info-r4a070lr/cloudflare.egg-info/top_level.txt
      writing manifest file '/tmp/pip-pip-egg-info-r4a070lr/cloudflare.egg-info/SOURCES.txt'
      reading manifest file '/tmp/pip-pip-egg-info-r4a070lr/cloudflare.egg-info/SOURCES.txt'
      reading manifest template 'MANIFEST.in'
      adding license file 'LICENSE'
      Traceback (most recent call last):
        File "<string>", line 2, in <module>
        File "<pip-setuptools-caller>", line 34, in <module>
        File "/tmp/pip-install-7cpl0xae/cloudflare_44dada7261d24f2ca7df3722ae718612/setup.py", line 60, in <module>
          main()
        File "/tmp/pip-install-7cpl0xae/cloudflare_44dada7261d24f2ca7df3722ae718612/setup.py", line 18, in main
          setup(
        File "/usr/local/CyberPanel/lib/python3.10/site-packages/setuptools/__init__.py", line 117, in setup
          return distutils.core.setup(**attrs)
        File "/usr/local/CyberPanel/lib/python3.10/site-packages/setuptools/_distutils/core.py", line 183, in setup
          return run_commands(dist)
        File "/usr/local/CyberPanel/lib/python3.10/site-packages/setuptools/_distutils/core.py", line 199, in run_commands
          dist.run_commands()
        File "/usr/local/CyberPanel/lib/python3.10/site-packages/setuptools/_distutils/dist.py", line 954, in run_commands
          self.run_command(cmd)
        File "/usr/local/CyberPanel/lib/python3.10/site-packages/setuptools/dist.py", line 991, in run_command
          super().run_command(command)
        File "/usr/local/CyberPanel/lib/python3.10/site-packages/setuptools/_distutils/dist.py", line 973, in run_command
          cmd_obj.run()
        File "/usr/local/CyberPanel/lib/python3.10/site-packages/setuptools/command/egg_info.py", line 315, in run
          self.find_sources()
        File "/usr/local/CyberPanel/lib/python3.10/site-packages/setuptools/command/egg_info.py", line 323, in find_sources
          mm.run()
        File "/usr/local/CyberPanel/lib/python3.10/site-packages/setuptools/command/egg_info.py", line 549, in run
          self.prune_file_list()
        File "/usr/local/CyberPanel/lib/python3.10/site-packages/setuptools/command/sdist.py", line 161, in prune_file_list
          super().prune_file_list()
        File "/usr/local/CyberPanel/lib/python3.10/site-packages/setuptools/_distutils/command/sdist.py", line 380, in prune_file_list
          base_dir = self.distribution.get_fullname()
        File "/usr/local/CyberPanel/lib/python3.10/site-packages/setuptools/_core_metadata.py", line 267, in get_fullname
          return _distribution_fullname(self.get_name(), self.get_version())
        File "/usr/local/CyberPanel/lib/python3.10/site-packages/setuptools/_core_metadata.py", line 285, in _distribution_fullname
          canonicalize_version(version, strip_trailing_zero=False),
      TypeError: canonicalize_version() got an unexpected keyword argument 'strip_trailing_zero'
      [end of output]

  note: This error originates from a subprocess, and is likely not a problem with pip.
error: metadata-generation-failed

× Encountered error while generating package metadata.
╰─> See above for output.

note: This is an issue with the package mentioned above, not pip.
hint: See above for details.
above command failed...
cybertr0n1 commented 3 weeks ago

Found a workaround:

Do a pip install cloudflare==2.8.13 as root, then it will fail on another pip, do the same poip install nextpackage==versionumer

It will work in the end. My installation is now updated!

trevorrobinson commented 3 weeks ago

I found running the following command fixed it for me:

pip install packaging==22

Orgoth commented 3 weeks ago

I found running the following command fixed it for me:

pip install packaging==22

Thank you, but since the server files were encrypted, I can not test anymore. I will also keep this issue open, to show, cyberpanel does not care and does not reply to issues at all.

cybertr0n1 commented 3 weeks ago

@Orgoth there are decryption scripts availible. Go to bleepingcomputer they have links to the scripts. I think there are ways to recover from all three malwarecryptos https://www.bleepingcomputer.com/news/security/massive-psaux-ransomware-attack-targets-22-000-cyberpanel-instances/

Orgoth commented 3 weeks ago

@Orgoth there are decryption scripts availible. Go to bleepingcomputer they have links to the scripts. I think there are ways to recover from all three malwarecryptos https://www.bleepingcomputer.com/news/security/massive-psaux-ransomware-attack-targets-22-000-cyberpanel-instances/

@cybertr0n1 Thank you very much, but it is not needed. The Data on this test server were not important. We simply set up a new server without cyberpanel and all works just fine, without to worry about cyberpanel and their catastrophic communication at all.

XandorMaker commented 2 weeks ago

Same issue. Today I received an email from Hostinger, mentioning "Urgent: Action required for CyberPanel security vulnerability". When I run the update command, I receive the same error that @Orgoth and @bs-timstans mentioned here. I tried several times and no luck so far.

Drope down cyberpanel for now, or block the port used for Dashboard, until we will not be able to update.

XandorMaker commented 2 weeks ago

I found running the following command fixed it for me:

pip install packaging==22

Not working for me

XandorMaker commented 2 weeks ago

Actually the script was fine 28-29 October. Now i was trying to update one isolated server and script is broken. What is going on with developers?

T-Induwara commented 2 weeks ago

Same issue. Today I received an email from Hostinger, mentioning "Urgent: Action required for CyberPanel security vulnerability". When I run the update command, I receive the same error that @Orgoth and @bs-timstans mentioned here. I tried several times and no luck so far.

Drope down cyberpanel for now, or block the port used for Dashboard, until we will not be able to update.

That's what I did. I moved most of my sites from CyberPanel to Fast Panel except a couple of servers that I was able to update to the new version.

Orgoth commented 2 weeks ago

There are multiple solutions for the package problem.

sudo pip install packaging==22

or 

pip install cloudflare==2.8.13

This is the official fix by cyberpanel:

https://raw.githubusercontent.com/shbs9/CPupgradebash/refs/heads/main/ubuntufix.sh

erzawansyah commented 2 weeks ago

I found running the following command fixed it for me: pip install packaging==22

Thank you, but since the server files were encrypted, I can not test anymore. I will also keep this issue open, to show, cyberpanel does not care and does not reply to issues at all.

Hi, how do I know if my server is encrypted. I successfully upgraded my cyberpanel to the latest version with this line of code:

sudo pip install packaging==22

Is that a sign that my cyberpanel is not encrypted?

Orgoth commented 2 weeks ago

@erzawansyah Most of the pages including cyberpanel are not working anymore, and you have files with extensions like .encryp, .locked, .psaux or similar.
In addition, you will find files like help-readme.txt or README1.html, they include the ransom claim.

Some cases of encrypted Servers and decrypt-tools.
https://gist.github.com/gboddin/d78823245b518edd54bfc2301c5f8882

But it does not need to be encrypted, others have reported, the server was used for sending spam, scanning other servers or crypto mining.

Pretobrazza commented 2 weeks ago

It cost me a day to find out what was possibly wrong BUT this worked like a charm: sudo pip install packaging==22

Thanx!

Alex9001 commented 20 hours ago

Hi,

I'm getting this error after running upgrade script. My web panel is no longer accessible via https and I can't ssh into it.

My websites are still running.

I'm using Alma Linux I installed Cyberpanel a week or two ago. It was working fine before I upgraded.

It does not use standard port.