Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

transmission 2.92: doesnt support Humble Bundle torrents #294

Closed
sandrotosi opened this issue May 28, 2017 · 36 comments
Closed

transmission 2.92: doesnt support Humble Bundle torrents #294

sandrotosi opened this issue May 28, 2017 · 36 comments
Milestone

Comments

@sandrotosi
Copy link

sandrotosi commented May 28, 2017

Hello,
this has been reported in Debian as http://bugs.debian.org/862063:

While attempting to download a purchase from Humble Bundle, which provides .torrent download options, I stumbled across an issue triggered by the torrent file for MiniMetro. transmission-daemon's directory watch feature failed to load the file with a metadata error. Attempting to use transmission-show resulted in the same error:

[2017-05-07 19:40:24.417] dinosaurpoloclub/MiniMetro-gamma19a-linux.tar.gz: Invalid metadata entry "path"
Error parsing .torrent file "MiniMetro-gamma19a-linux.tar.gz.torrent"

I was able to open the file using the Python library "bencode", and saw that there was no "path" metadata entry, and that the torrent was for a single file with the info/name entry "dinosaurpoloclub/MiniMetro-gamma19a-linux.tar.gz".

Removing "dinosaurpoloclub/" from that entry was enough to allow the torrent to work. I did a bit of searching, and it looks like having a full path in the info/name entry is valid (although I've never seen it before, bep 3 doesn't seem to prohibit it)

It may also be worth noting that the "dinosaurpoloclub" folder did not exist on my computer

+

As a clarification - editing the file allowed it to be loaded into transmission successfully. The download could not continue and logged the bug below. If I'm reading the standard correctly, the no-longer-matching hash of the info dictionary caused this.

MiniMetro-gamma19a-linux.tar.gz Tracker error: "unregistered torrent" (torrent.c:581)

+

I had also submitted a ticket to Humble Bundle about the torrent file. They tested it with uTorrent and it sounds like it's working there:

Hi there!

I tested the torrent and was able to download it — I don't have a Linux machine available to test at the time, but what happens when you try to install it?

I successfully torrented the file using uTorrent. Maybe you could give that client a try? You can also download the files directly via the direct downloads button — this game isn't too big, so that might be a good option.

I'm happy to look into the torrent file further, but it might take a while to get a solution for you.
Hopefully one of my proposed solutions is sufficient for you, but if you need me to look into this further, let me know and I'm happy to do so!

-Dan
Humble Bundle

@sandrotosi
Copy link
Author

@hauntingEcho

@cfpp2p
Copy link

cfpp2p commented May 28, 2017

https://trac.transmissionbt.com/ticket/5517#comment:34

Could you please point me to at least one (or better more than one) real torrent with such structure, and/or at least one real torrent-making program which creates torrents with such structure? I'll be glad to reconsider.
https://trac.transmissionbt.com/ticket/5517#comment:35

cfpp2p/transmission@10fa7bd

@sandrotosi
Copy link
Author

i'm afraid the only way to get such a torrent is by buying a humble bundle - @hauntingEcho as the original submitted to the debian bug, can you provide some help here?

@cfpp2p
Copy link

cfpp2p commented May 28, 2017

294-sample-torrent

examples the problem.

@hauntingEcho
Copy link

Due to copyright issues, I don't think I can forward along the torrent itself, but cfpp2p's sample torrent does demonstrate the same issue. I do want to clarify something with the title though - the problem doesn't seem to be present in any of Humble's other torrents that I've tried, just MiniMetro. I'll contact Humble again & ask if they can provide additional details on their torrent-creation process.

@hauntingEcho
Copy link

hauntingEcho commented Jun 5, 2017

sorry for my slow response time, this is the response I got from Humble support:

Hey again,

I apologize. We're not able to comment on the methods for compiling the torrents. I know that makes reproducing harder, and I apologize.

My best recommendation in the short-term is to use a different client (like utorrent) sorry again for the hassle!

Take care, and happy gaming,

-Dan
Humble Bundle

@Astara
Copy link

Astara commented Jul 12, 2017

Supporting an absolute path in a torrent could easily be seen as a security risk. Utilities for file transfer (like 'tar', for example), deliberately strip off absolute paths due to the security problems.

It would be all to easy to have a torrent overwrite all the files in your home directory or any directory on the system where you have write access. It makes sense to limit a file-transfer util (like transmission) to saving files under "some" subdirectory. To give torrents the ability to go out of its configured subdirectory would be a disaster waiting to happen.

@hauntingEcho
Copy link

@Astara - while going up the folder tree should definitely be prevented, the torrent still should do something other than fail entirely.

One possibility would be to just strip the path entirely as you mention. Another option would be the way zip works:

image

@cfpp2p
Copy link

cfpp2p commented Jul 13, 2017

@Astara @hauntingEcho

The original poster states:

and that the torrent was for a single file with the info/name entry "dinosaurpoloclub/MiniMetro-gamma19a-linux.tar.gz"

so this particular problem is not about supporting absolute paths, or relative paths and directory traversal security, but about the "/" path element contained in the info/name entry dinosaurpoloclub/MiniMetro-gamma19a-linux.tar.gz

This can be dealt with without security issues and without stripping the path entirely by properly recognizing valid path elements. This has been already discussed quite thoroughly in TRAC - Don't create or add torrents with "../" at the beginning of the path or "/../" anywhere in the path

@Astara
Copy link

Astara commented Jul 13, 2017

If you strip the path, you would have people complaining because of filename collisions.

I don't see the harm in adding (on linux, anyway), "." at the front of the path, so /etc/passwd, would become ./etc/passwd -- a subdir to be created under the curdir.

That said, I'm guessing it's a matter of resources and how often this bug comes up "in general", while every bug that one reports is impacting the reporter (or they wouldn't have reported it), how many people it impacts is another matter. Most torrent creation software, I'm guessing strips out absolute path components when the torrent is created, but there are always some creation clients that won't test inputs and allow garbage-in, creating garbage-out. ;^/

Am wondering in your case, are the torrents created by humble utilities, or do they just host torrents created by any third party util. If it was the former, you could lobby them to patch up absolute paths to relative, but it sounds like its the latter, which makes it harder to get them to change things -- unless you can convince them of how it is a security risk. To do that, you might need to create a torrent that would overwrite some homedir or profile dir file as a proof of concept to convince them, though they still might abdicate responsibility saying it would be some torrent client (µtorrent?) that allows the overwrite that is at fault (i.e. engage in finger pointing). Almost every security problem is a
convergence of multiple effects from different sources that hit some 'edge case'....so finger pointing is not, unfortunately, rare.

@Astara
Copy link

Astara commented Jul 13, 2017

@cfpp2p -- looking at the trac issue you mention shows that the path "dinosaurpoloclub/MiniMetro-gamma19a-linux.tar.gz" did work, but it looks like it was disabled due to problems on the mac(?). I've seen more than one change go into xmission to dumb it down for Mac clients, like extra sleep cycles added during torrent verification so as to not overwhelm the delicate i/o subsystem on a mac. They were reduced from what they were, but 2.92 still has some of them (verify.c#39, #139).

What I don't understand is how torrents with multiple levels of subdirs work if paths w/subdirs doesn't work. It's not uncommon to have a top-folder with source material and a subdir with extra docs or images. So what is different about the torrent you mention? Maybe the subdir has to be "pre-mentioned" as a dir in the torrent file? Yeah, sounds like the torrent file is ill-formed. I bet you could recreate the torrent file, adding the metadata element, and it would work correctly.

From the error message you got, it complained that "MiniMetro-gamma19a-linux.tar.gz" didn't match any registered torrent -- and it doesn't, as the file was under "dinosaurpoloclub/".

BTW, it might help if you 'xz' (compressed) posted the torrent file as a sample (the torrent files shouldn't have any personally identifying information, since they get distributed to anyone who wants to download the torrent).

NOTE: please only post a torrent file for free material (i.e. not for a copyrighted work). Either that or edit the filenames/dirnames to not be recognizable.

@avh4
Copy link

avh4 commented Jul 13, 2017

I just tested with all games in my Humble Bundle account with Transmission 2.92 (14714), Mac OS.

7 of the 23 games in my account failed to open in Transmission with Invalid metatdata entry "path".

@cfpp2p
Copy link

cfpp2p commented Jul 13, 2017

@Astara

what is different about the torrent you mention?

The difference is that transmission currently does not allow the "/" character to be contained in any torrent metadata path component, that's what triggers the torrent as invalid.

If the info dictionary has any changes made to it the hash changes so that's why you just can't change the name or such, ... didn't match any registered torrent ...

@lhriley
Copy link

lhriley commented Oct 21, 2017

Just found that this happens with the Cuphead OST (MP3 and FLAC) sold via Humble Bundle.

[2017-10-20 17:25:32.510] studiomdhr_H8o9C/Cuphead_OST_Mstrd_Aug_31_MP3.zip: Invalid metadata entry "path"
[2017-10-20 17:26:14.292] studiomdhr_H8o9C/Cuphead_OST_Mstrd_Aug_31_Flac.zip: Invalid metadata entry "path"

@cweiske
Copy link

cweiske commented Oct 21, 2017

I have the same problem with the Humble Bundle "Overgrowth" torrent.

Filename in there also has a slash: wolfiregames/overgrowth-1.0.2_build-4665-linux64.zip

@Humanimaliberation
Copy link

Same problem here.
Transmission works with a torrent file for Xubuntu 17.10 64bit
but it doesn't work with a torrent file for TwoWorlds Epic Edition

message log_005

@Enverex
Copy link

Enverex commented Jun 14, 2018

As this is still an ongoing issue, I thought I'd add...

That said, I'm guessing it's a matter of resources and how often this bug comes up "in general", while every bug that one reports is impacting the reporter (or they wouldn't have reported it), how many people it impacts is another matter.

This affects almost every Humble Bundle game torrent (as in the ones that Humble distribute themselves). Only very rarely have I had one of their torrents actually work in Transmission due to this issue.

@cfpp2p
Copy link

cfpp2p commented Jun 15, 2018

Only very rarely have I had one of their torrents actually work in Transmission due to this issue.

ahh, but with cfpp2p/transmission@10fa7bd (plus a few other miniscule tweaks committed later for other TRAC 5517 related problems) fork of transmission with Humble Bundle and other similar, actually not a problem in transmission.

@Oblomov
Copy link

Oblomov commented Aug 16, 2018

It would seem that at least the version in Debian unstable (2.94 d8e60ee) is still affected by this issue. I have over 150 Humble Bundle torrents I cannot download because of the path component in the file name —and it's not clear why the torrent specifying a subdir where to place files should be invalid, provided it's not an absolute path.

@virtual812
Copy link

Attempting to download "Outcast 2" from Humble bundle recently i ran into the issue.
My situation is a tiny bit different, i'm running a Synology NAS with the 'Download Station' app for all forms of downloading.
This download station is AFAIK just a UI for Transmission.
The response from Humble Bundle above was disappointing considering this is likely to affect many users, only a few of whom will follow it up as an issue.
For the torrent in my case it was ONLY offered by torrent and no HTTP option was available.
Happy to provide any log data, i do have shell access to the NAS, but not sure exactly what i might be looking for.

@lhriley
Copy link

lhriley commented Dec 20, 2018

This isn't a solution for Transmission, but as a workaround I am now running Deluge in a FreeNAS jail for Humble Bundle torrents with this issue. Deluge has no problem parsing these torrents.

@amagnolo
Copy link

I opened a ticket with Humble Bundle to inform them of the problem. They seem receptive, in fact they replied

I cannot guarantee any immediate changes, but I will certainly forward your feedback along to the rest of the team for further consideration!

I think that if they see that many of their customers encounter this problem, they will more likely solve it. So I suggest you write to Humble Bundle a polite request to make their torrents compatible with Transmission (include a link to this issue so they can quickly understand the matter).

@hauntingEcho
Copy link

@amagnolo - while that will solve one source of torrents which trigger this bug, the torrents that Humble are producing are valid torrents per the specification. The real bug here is that transmission does not function for single-file torrents specifying that their file should be in a child folder (which, though arguably dumb, is still valid per my understanding of the spec).

@grinapo
Copy link

grinapo commented Dec 28, 2018

@amagnolo Just don't get started on a nice dream. I've told HB about this possibly 2 years ago first, and they promised to do something about it. Then re-notified them a year ago, and they said they surely will do something about it. (They also noted that the torrents are prepared and served by an external contractor who is not cooperating, or in other words sticking to that it's all good and shiny as it is.)
I also would like to second @hauntingEcho's sentiment that they are valid, and while I see the security intent it should be possible to override since it's arbitrarily violating the specs.

@amagnolo
Copy link

amagnolo commented Jan 2, 2019

OK, so it should be solved by Transmission, it would be awesome; still, I think that if HB gets enough complaints, they may be more willing to not ignore the problem that their customers are facing.

@Ambrevar
Copy link

Ambrevar commented Mar 6, 2019

Any update on this?

@Oblomov
Copy link

Oblomov commented Mar 17, 2019

@cfpp2p do you think you could create a PR for your changesets that improve the path parsing?

As an alternative, an option to disregard any path component in the torrent (just use the basename of the path) could be useful to support these torrents.

@pyroscope
Copy link

It is called info.name and not info.path for a reason – these metafiles are garbage, and GIGO applies.

The correct way to create a foo/bar.zip metafile is to create a "multi" metafile with just one entry in info.files.

@Ziktofel
Copy link

Ziktofel commented Mar 22, 2019

Reproduced with Tacoma (Humble Bundle, linux version) which is now free atm (Transmission 2.92)

@hauntingEcho
Copy link

hauntingEcho commented Mar 23, 2019

@pyroscope - going by BEP 3:

info dictionary

The name key maps to a UTF-8 encoded string which is the suggested name to save the file
(or directory) as. It is purely advisory.

and further down:

For the purposes of the other keys, the multi-file case is treated as only having
a single file by concatenating the files in the order they appear in the files list.
The files list is the value files maps to, and is a list of dictionaries containing
the following keys:

length - The length of the file, in bytes.

path - A list of UTF-8 encoded strings corresponding to subdirectory names,
the last of which is the actual file name (a zero length list is an error case).

In the single file case, the name key is the name of a file, in the muliple file case,
it's the name of a directory.

while I don't agree that having a name including paths is necessarily against spec, the spec does allow for it to be munged a bit - for example, dropping everything up to the last folder-separator would be a valid thing to do if otherwise protecting from directory traversal is not worthwhile.

Further, the fact that path only appears in the multi-file torrent spec implies to me that the correct way to add a single file in a subfolder would be solely via the name key (although I agree on principal that having a single file in a subfolder doesn't make sense)

@skyegecko
Copy link

@pyroscope brings up an interesting point in the linked discussion for rtorrent:

If you want evidence beyond the spec, the original BT client has validation checks that reject / in name.

Since the spec can be interpreted either way, it's perhaps better to refer to the closest thing there is to a reference implementation.

@Oblomov
Copy link

Oblomov commented Mar 24, 2019

Juding from e.g. the source code of the original BT client as found here, the info.name path check was actually commented out at some point, and in fact slashes in path names weren't allowed even in info.files by default, which partly invalidates @pyroscope's point.

That being said, even given that the first releases of the original BT client didn't support it, the fact remains that currently in the ecosystem there are clients that produce info.names with paths, and clients that accept it. Leaning on the side of Postel's law:

be conservative in what you produce, but liberal in what you accept

I think it's better for the users if transmission, while never producing such torrents, would accept it, at least given an appropriate “strip paths” option, that would eliminate all security issue and, being opt-in for the user, give them the possibility, if they so wish, to obtain the torrent data.

@Elinvention
Copy link

Is it possible to manually fix these torrents somehow, so that they are accepted by transmission?

@hauntingEcho
Copy link

hauntingEcho commented Mar 26, 2019

as noted in the original issue report, that will break the hash of the info dictionary & cause trackers/peers to think your torrent has been tampered with

edit with copy/paste:

As a clarification - editing the file allowed it to be loaded into transmission successfully. The download could not continue and logged the bug below. If I'm reading the standard correctly, the no-longer-matching hash of the info dictionary caused this.

MiniMetro-gamma19a-linux.tar.gz Tracker error: "unregistered torrent" (torrent.c:581)

@grinapo
Copy link

grinapo commented Mar 26, 2019

Is it possible to manually fix these torrents somehow, so that they are accepted by transmission?

You either patch transmission source to disable the check or ue a different client (like btdownload which is written in python and easier to modify).

As noted already: this check could be trivially made a command line switch, it is not a technical question but a philosophical one for the developer(s). Right now they seem to believe that they wouldn't accept that some users are actually knowledgeable enough to be able to decide when to override the check. (The check could be disabled, or slashes could be replaced by underscores, or paths could be stripped altogether [possibly that'd the worst in case of multiple directories and clashing filenames].)

@mikedld
Copy link
Member

mikedld commented Jun 23, 2019

Thanks to everyone involved. If someone is okay with trying the latest master build, please do and report back if you notice any issues with the fix.

netbsd-srcmastr pushed a commit to NetBSD/pkgsrc that referenced this issue Jul 13, 2020
### All Platforms
- Allow the RPC server to listen on an IPv6 address ([#161](transmission/transmission#161))
- Change `TR_CURL_SSL_VERIFY` to `TR_CURL_SSL_NO_VERIFY` and enable verification by default ([#334](transmission/transmission#334))
- Go back to using hash as base name for resume and torrent files (those stored in configuration directory) ([#122](transmission/transmission#122))
- Handle "fields" argument in "session-get" RPC request; if "fields" array is present in arguments, only return session fields specified; otherwise return all the fields as before
- Limit the number of incorrect authentication attempts in embedded web server to 100 to prevent brute-force attacks ([#371](transmission/transmission#371))
- Set idle seed limit range to 1..40320 (4 weeks tops) in all clients ([#212](transmission/transmission#212))
- Add Peer ID for Xfplay, PicoTorrent, Free Download Manager, Folx, Baidu Netdisk torrent clients ([#256](transmission/transmission#256), [#285](transmission/transmission#285), [#355](transmission/transmission#355), [#363](transmission/transmission#363), [#386](transmission/transmission#386))
- Announce `INT64_MAX` as size left if the value is unknown (helps with e.g. Amazon S3 trackers) ([#250](transmission/transmission#250))
- Add `TCP_FASTOPEN` support (should result in slight speedup) ([#184](transmission/transmission#184))
- Improve ToS handling on IPv6 connections ([#128](transmission/transmission#128), [#341](transmission/transmission#341), [#360](transmission/transmission#360), [#692](transmission/transmission#692), [#737](transmission/transmission#737))
- Abort handshake if establishing DH shared secret fails (leads to crash) ([#27](transmission/transmission#27))
- Don't switch trackers while announcing (leads to crash) ([#297](transmission/transmission#297))
- Improve completion scripts execution and error handling; add support for .cmd and .bat files on Windows ([#405](transmission/transmission#405))
- Maintain a "session ID" file (in temporary directory) to better detect whether session is local or remote; return the ID as part of "session-get" response (TRAC-5348, [#861](transmission/transmission#861))
- Change torrent location even if no data move is needed ([#35](transmission/transmission#35))
- Support CIDR-notated blocklists ([#230](transmission/transmission#230), [#741](transmission/transmission#741))
- Update the resume file before running scripts ([#825](transmission/transmission#825))
- Make multiscrape limits adaptive ([#837](transmission/transmission#837))
- Add labels support to libtransmission and transmission-remote ([#822](transmission/transmission#822))
- Parse `session-id` header case-insensitively ([#765](transmission/transmission#765))
- Sanitize suspicious path components instead of rejecting them ([#62](transmission/transmission#62), [#294](transmission/transmission#294))
- Load CA certs from system store on Windows / OpenSSL ([#446](transmission/transmission#446))
- Add support for mbedtls (formely polarssl) and wolfssl (formely cyassl), LibreSSL ([#115](transmission/transmission#115), [#116](transmission/transmission#116), [#284](transmission/transmission#284), [#486](transmission/transmission#486), [#524](transmission/transmission#524), [#570](transmission/transmission#570))
- Fix building against OpenSSL 1.1.0+ ([#24](transmission/transmission#24))
- Fix quota support for uClibc-ng 1.0.18+ and DragonFly BSD ([#42](transmission/transmission#42), [#58](transmission/transmission#58), [#312](transmission/transmission#312))
- Fix a number of memory leaks (magnet loading, session shutdown, bencoded data parsing) ([#56](transmission/transmission#56))
- Bump miniupnpc version to 2.0.20170509 ([#347](transmission/transmission#347))
- CMake-related improvements (Ninja generator, libappindicator, systemd, Solaris and macOS) ([#72](transmission/transmission#72), [#96](transmission/transmission#96), [#117](transmission/transmission#117), [#118](transmission/transmission#118), [#133](transmission/transmission#133), [#191](transmission/transmission#191))
- Switch to submodules to manage (most of) third-party dependencies
- Fail installation on Windows if UCRT is not installed

### Mac Client
- Bump minimum macOS version to 10.10
- Dark Mode support ([#644](transmission/transmission#644), [#722](transmission/transmission#722), [#757](transmission/transmission#757), [#779](transmission/transmission#779), [#788](transmission/transmission#788))
- Remove Growl support, notification center is always used ([#387](transmission/transmission#387))
- Fix autoupdate on High Sierra and up by bumping the Sparkle version ([#121](transmission/transmission#121), [#600](transmission/transmission#600))
- Transition to ARC ([#336](transmission/transmission#336))
- Use proper UTF-8 encoding (with macOS-specific normalization) when setting download/incomplete directory and completion script paths ([#11](transmission/transmission#11))
- Fix uncaught exception when dragging multiple items between groups ([#51](transmission/transmission#51))
- Add flat variants of status icons for message log ([#134](transmission/transmission#134))
- Optimize image resources size ([#304](transmission/transmission#304), [#429](transmission/transmission#429))
- Update file icon when file name changes ([#37](transmission/transmission#37))
- Update translations

### GTK+ Client
- Add queue up/down hotkeys ([#158](transmission/transmission#158))
- Modernize the .desktop file ([#162](transmission/transmission#162))
- Add AppData file ([#224](transmission/transmission#224))
- Add symbolic icon variant for the Gnome top bar and when the high contrast theme is in use ([#414](transmission/transmission#414), [#449](transmission/transmission#449))
- Update file icon when its name changes ([#37](transmission/transmission#37))
- Switch from intltool to gettext for translations ([#584](transmission/transmission#584), [#647](transmission/transmission#647))
- Update translations, add new translations for Portuguese (Portugal)

### Qt Client
- Bump minimum Qt version to 5.2
- Fix dropping .torrent files into main window on Windows ([#269](transmission/transmission#269))
- Fix prepending of drive letter to various user-selected paths on Windows ([#236](transmission/transmission#236), [#307](transmission/transmission#307), [#404](transmission/transmission#404), [#437](transmission/transmission#437), [#699](transmission/transmission#699), [#723](transmission/transmission#723), [#877](transmission/transmission#877))
- Fix sorting by progress in presence of magnet transfers ([#234](transmission/transmission#234))
- Fix .torrent file trashing upon addition ([#262](transmission/transmission#262))
- Add queue up/down hotkeys ([#158](transmission/transmission#158))
- Reduce torrent properties (file tree) memory usage
- Display tooltips in torrent properties (file tree) in case the names don't fit ([#411](transmission/transmission#411))
- Improve UI look on hi-dpi displays (YMMV)
- Use session ID (if available) to check if session is local or not ([#861](transmission/transmission#861))
- Use default (instead of system) locale to be more flexible ([#130](transmission/transmission#130))
- Modernize the .desktop file ([#162](transmission/transmission#162))
- Update translations, add new translations for Afrikaans, Catalan, Danish, Greek, Norwegian Bokmål, Slovenian

### Daemon
- Use libsystemd instead of libsystemd-daemon (TRAC-5921)
- Harden transmission-daemon.service by disallowing privileges elevation ([#795](transmission/transmission#795))
- Fix exit code to be zero when dumping settings ([#487](transmission/transmission#487))

### Web Client
- Fix tracker error XSS in inspector (CVE-?)
- Fix performance issues due to improper use of `setInterval()` for UI refresh (TRAC-6031)
- Fix recognition of `https://` links in comments field ([#41](transmission/transmission#41), [#180](transmission/transmission#180))
- Fix torrent list style in Google Chrome 59+ ([#384](transmission/transmission#384))
- Show ETA in compact view on non-mobile devices ([#146](transmission/transmission#146))
- Show upload file button on mobile devices ([#320](transmission/transmission#320), [#431](transmission/transmission#431), [#956](transmission/transmission#956))
- Add keyboard hotkeys for web interface ([#351](transmission/transmission#351))
- Disable autocompletion in torrent URL field ([#367](transmission/transmission#367))

### Utils
- Prevent crash in transmission-show displaying torrents with invalid creation date ([#609](transmission/transmission#609))
- Handle IPv6 RPC addresses in transmission-remote ([#247](transmission/transmission#247))
- Add `--unsorted` option to transmission-show ([#767](transmission/transmission#767))
- Widen the torrent-id column in transmission-remote for cleaner formatting ([#840](transmission/transmission#840))
netbsd-srcmastr pushed a commit to NetBSD/pkgsrc that referenced this issue Aug 3, 2020
net/transmission-gtk: security update
net/transmission-qt: security update
net/transmission: security update

Revisions pulled up:
- net/transmission-gtk/Makefile                                 1.46
- net/transmission-gtk/PLIST                                    1.2
- net/transmission-qt/Makefile                                  1.54
- net/transmission/Makefile                                     1.27
- net/transmission/Makefile.common                              1.10
- net/transmission/PLIST                                        1.4
- net/transmission/distinfo                                     1.16
- net/transmission/patches/patch-qt_qtr.pro                     1.7

-------------------------------------------------------------------
   Module Name:	pkgsrc
   Committed By:	wiz
   Date:		Mon Jul 13 13:01:02 UTC 2020

   Modified Files:
   	pkgsrc/net/transmission: Makefile Makefile.common PLIST distinfo
   	pkgsrc/net/transmission-gtk: Makefile PLIST
   	pkgsrc/net/transmission-qt: Makefile
   	pkgsrc/net/transmission/patches: patch-qt_qtr.pro

   Log Message:
   transmission*: update to 3.00

   ### All Platforms
   - Allow the RPC server to listen on an IPv6 address ([#161](transmission/transmission#161))
   - Change `TR_CURL_SSL_VERIFY` to `TR_CURL_SSL_NO_VERIFY` and enable verification by default ([#334](transmission/transmission#334))
   - Go back to using hash as base name for resume and torrent files (those stored in configuration directory) ([#122](transmission/transmission#122))
   - Handle "fields" argument in "session-get" RPC request; if "fields" array is present in arguments, only return session fields specified; otherwise return all the fields as before
   - Limit the number of incorrect authentication attempts in embedded web server to 100 to prevent brute-force attacks ([#371](transmission/transmission#371))
   - Set idle seed limit range to 1..40320 (4 weeks tops) in all clients ([#212](transmission/transmission#212))
   - Add Peer ID for Xfplay, PicoTorrent, Free Download Manager, Folx, Baidu Netdisk torrent clients ([#256](transmission/transmission#256), [#285](transmission/transmission#285), [#355](transmission/transmission#355), [#363](transmission/transmission#363), [#386](transmission/transmission#386))
   - Announce `INT64_MAX` as size left if the value is unknown (helps with e.g. Amazon S3 trackers) ([#250](transmission/transmission#250))
   - Add `TCP_FASTOPEN` support (should result in slight speedup) ([#184](transmission/transmission#184))
   - Improve ToS handling on IPv6 connections ([#128](transmission/transmission#128), [#341](transmission/transmission#341), [#360](transmission/transmission#360), [#692](transmission/transmission#692), [#737](transmission/transmission#737))
   - Abort handshake if establishing DH shared secret fails (leads to crash) ([#27](transmission/transmission#27))
   - Don't switch trackers while announcing (leads to crash) ([#297](transmission/transmission#297))
   - Improve completion scripts execution and error handling; add support for .cmd and .bat files on Windows ([#405](transmission/transmission#405))
   - Maintain a "session ID" file (in temporary directory) to better detect whether session is local or remote; return the ID as part of "session-get" response (TRAC-5348, [#861](transmission/transmission#861))
   - Change torrent location even if no data move is needed ([#35](transmission/transmission#35))
   - Support CIDR-notated blocklists ([#230](transmission/transmission#230), [#741](transmission/transmission#741))
   - Update the resume file before running scripts ([#825](transmission/transmission#825))
   - Make multiscrape limits adaptive ([#837](transmission/transmission#837))
   - Add labels support to libtransmission and transmission-remote ([#822](transmission/transmission#822))
   - Parse `session-id` header case-insensitively ([#765](transmission/transmission#765))
   - Sanitize suspicious path components instead of rejecting them ([#62](transmission/transmission#62), [#294](transmission/transmission#294))
   - Load CA certs from system store on Windows / OpenSSL ([#446](transmission/transmission#446))
   - Add support for mbedtls (formely polarssl) and wolfssl (formely cyassl), LibreSSL ([#115](transmission/transmission#115), [#116](transmission/transmission#116), [#284](transmission/transmission#284), [#486](transmission/transmission#486), [#524](transmission/transmission#524), [#570](transmission/transmission#570))
   - Fix building against OpenSSL 1.1.0+ ([#24](transmission/transmission#24))
   - Fix quota support for uClibc-ng 1.0.18+ and DragonFly BSD ([#42](transmission/transmission#42), [#58](transmission/transmission#58), [#312](transmission/transmission#312))
   - Fix a number of memory leaks (magnet loading, session shutdown, bencoded data parsing) ([#56](transmission/transmission#56))
   - Bump miniupnpc version to 2.0.20170509 ([#347](transmission/transmission#347))
   - CMake-related improvements (Ninja generator, libappindicator, systemd, Solaris and macOS) ([#72](transmission/transmission#72), [#96](transmission/transmission#96), [#117](transmission/transmission#117), [#118](transmission/transmission#118), [#133](transmission/transmission#133), [#191](transmission/transmission#191))
   - Switch to submodules to manage (most of) third-party dependencies
   - Fail installation on Windows if UCRT is not installed

   ### Mac Client
   - Bump minimum macOS version to 10.10
   - Dark Mode support ([#644](transmission/transmission#644), [#722](transmission/transmission#722), [#757](transmission/transmission#757), [#779](transmission/transmission#779), [#788](transmission/transmission#788))
   - Remove Growl support, notification center is always used ([#387](transmission/transmission#387))
   - Fix autoupdate on High Sierra and up by bumping the Sparkle version ([#121](transmission/transmission#121), [#600](transmission/transmission#600))
   - Transition to ARC ([#336](transmission/transmission#336))
   - Use proper UTF-8 encoding (with macOS-specific normalization) when setting download/incomplete directory and completion script paths ([#11](transmission/transmission#11))
   - Fix uncaught exception when dragging multiple items between groups ([#51](transmission/transmission#51))
   - Add flat variants of status icons for message log ([#134](transmission/transmission#134))
   - Optimize image resources size ([#304](transmission/transmission#304), [#429](transmission/transmission#429))
   - Update file icon when file name changes ([#37](transmission/transmission#37))
   - Update translations

   ### GTK+ Client
   - Add queue up/down hotkeys ([#158](transmission/transmission#158))
   - Modernize the .desktop file ([#162](transmission/transmission#162))
   - Add AppData file ([#224](transmission/transmission#224))
   - Add symbolic icon variant for the Gnome top bar and when the high contrast theme is in use ([#414](transmission/transmission#414), [#449](transmission/transmission#449))
   - Update file icon when its name changes ([#37](transmission/transmission#37))
   - Switch from intltool to gettext for translations ([#584](transmission/transmission#584), [#647](transmission/transmission#647))
   - Update translations, add new translations for Portuguese (Portugal)

   ### Qt Client
   - Bump minimum Qt version to 5.2
   - Fix dropping .torrent files into main window on Windows ([#269](transmission/transmission#269))
   - Fix prepending of drive letter to various user-selected paths on Windows ([#236](transmission/transmission#236), [#307](transmission/transmission#307), [#404](transmission/transmission#404), [#437](transmission/transmission#437), [#699](transmission/transmission#699), [#723](transmission/transmission#723), [#877](transmission/transmission#877))
   - Fix sorting by progress in presence of magnet transfers ([#234](transmission/transmission#234))
   - Fix .torrent file trashing upon addition ([#262](transmission/transmission#262))
   - Add queue up/down hotkeys ([#158](transmission/transmission#158))
   - Reduce torrent properties (file tree) memory usage
   - Display tooltips in torrent properties (file tree) in case the names don't fit ([#411](transmission/transmission#411))
   - Improve UI look on hi-dpi displays (YMMV)
   - Use session ID (if available) to check if session is local or not ([#861](transmission/transmission#861))
   - Use default (instead of system) locale to be more flexible ([#130](transmission/transmission#130))
   - Modernize the .desktop file ([#162](transmission/transmission#162))
   - Update translations, add new translations for Afrikaans, Catalan, Danish, Greek, Norwegian Bokmål, Slovenian

   ### Daemon
   - Use libsystemd instead of libsystemd-daemon (TRAC-5921)
   - Harden transmission-daemon.service by disallowing privileges elevation ([#795](transmission/transmission#795))
   - Fix exit code to be zero when dumping settings ([#487](transmission/transmission#487))

   ### Web Client
   - Fix tracker error XSS in inspector (CVE-?)
   - Fix performance issues due to improper use of `setInterval()` for UI refresh (TRAC-6031)
   - Fix recognition of `https://` links in comments field ([#41](transmission/transmission#41), [#180](transmission/transmission#180))
   - Fix torrent list style in Google Chrome 59+ ([#384](transmission/transmission#384))
   - Show ETA in compact view on non-mobile devices ([#146](transmission/transmission#146))
   - Show upload file button on mobile devices ([#320](transmission/transmission#320), [#431](transmission/transmission#431), [#956](transmission/transmission#956))
   - Add keyboard hotkeys for web interface ([#351](transmission/transmission#351))
   - Disable autocompletion in torrent URL field ([#367](transmission/transmission#367))

   ### Utils
   - Prevent crash in transmission-show displaying torrents with invalid creation date ([#609](transmission/transmission#609))
   - Handle IPv6 RPC addresses in transmission-remote ([#247](transmission/transmission#247))
   - Add `--unsorted` option to transmission-show ([#767](transmission/transmission#767))
   - Widen the torrent-id column in transmission-remote for cleaner formatting ([#840](transmission/transmission#840))


   To generate a diff of this commit:
   cvs rdiff -u -r1.26 -r1.27 pkgsrc/net/transmission/Makefile
   cvs rdiff -u -r1.9 -r1.10 pkgsrc/net/transmission/Makefile.common
   cvs rdiff -u -r1.3 -r1.4 pkgsrc/net/transmission/PLIST
   cvs rdiff -u -r1.15 -r1.16 pkgsrc/net/transmission/distinfo
   cvs rdiff -u -r1.45 -r1.46 pkgsrc/net/transmission-gtk/Makefile
   cvs rdiff -u -r1.1 -r1.2 pkgsrc/net/transmission-gtk/PLIST
   cvs rdiff -u -r1.52 -r1.53 pkgsrc/net/transmission-qt/Makefile
   cvs rdiff -u -r1.6 -r1.7 pkgsrc/net/transmission/patches/patch-qt_qtr.pro
-------------------------------------------------------------------
   Module Name:    pkgsrc
   Committed By:   wiz
   Date:           Sat Jul 25 20:20:05 UTC 2020

   Modified Files:
           pkgsrc/net/transmission-qt: Makefile

   Log Message:
   transmission-qt: needs gcc 7.x (for <optional>)

   Reported and tested by spz.


   To generate a diff of this commit:
   cvs rdiff -u -r1.53 -r1.54 pkgsrc/net/transmission-qt/Makefile
netbsd-srcmastr pushed a commit to NetBSD/pkgsrc that referenced this issue Oct 14, 2021
net/transmission-gtk: security update
net/transmission-qt: security update
net/transmission: security update

Revisions pulled up:
- net/transmission-gtk/Makefile                                 1.46
- net/transmission-gtk/PLIST                                    1.2
- net/transmission-qt/Makefile                                  1.54
- net/transmission/Makefile                                     1.27
- net/transmission/Makefile.common                              1.10
- net/transmission/PLIST                                        1.4
- net/transmission/distinfo                                     1.16
- net/transmission/patches/patch-qt_qtr.pro                     1.7

-------------------------------------------------------------------
   Module Name:	pkgsrc
   Committed By:	wiz
   Date:		Mon Jul 13 13:01:02 UTC 2020

   Modified Files:
   	pkgsrc/net/transmission: Makefile Makefile.common PLIST distinfo
   	pkgsrc/net/transmission-gtk: Makefile PLIST
   	pkgsrc/net/transmission-qt: Makefile
   	pkgsrc/net/transmission/patches: patch-qt_qtr.pro

   Log Message:
   transmission*: update to 3.00

   ### All Platforms
   - Allow the RPC server to listen on an IPv6 address ([#161](transmission/transmission#161))
   - Change `TR_CURL_SSL_VERIFY` to `TR_CURL_SSL_NO_VERIFY` and enable verification by default ([#334](transmission/transmission#334))
   - Go back to using hash as base name for resume and torrent files (those stored in configuration directory) ([#122](transmission/transmission#122))
   - Handle "fields" argument in "session-get" RPC request; if "fields" array is present in arguments, only return session fields specified; otherwise return all the fields as before
   - Limit the number of incorrect authentication attempts in embedded web server to 100 to prevent brute-force attacks ([#371](transmission/transmission#371))
   - Set idle seed limit range to 1..40320 (4 weeks tops) in all clients ([#212](transmission/transmission#212))
   - Add Peer ID for Xfplay, PicoTorrent, Free Download Manager, Folx, Baidu Netdisk torrent clients ([#256](transmission/transmission#256), [#285](transmission/transmission#285), [#355](transmission/transmission#355), [#363](transmission/transmission#363), [#386](transmission/transmission#386))
   - Announce `INT64_MAX` as size left if the value is unknown (helps with e.g. Amazon S3 trackers) ([#250](transmission/transmission#250))
   - Add `TCP_FASTOPEN` support (should result in slight speedup) ([#184](transmission/transmission#184))
   - Improve ToS handling on IPv6 connections ([#128](transmission/transmission#128), [#341](transmission/transmission#341), [#360](transmission/transmission#360), [#692](transmission/transmission#692), [#737](transmission/transmission#737))
   - Abort handshake if establishing DH shared secret fails (leads to crash) ([#27](transmission/transmission#27))
   - Don't switch trackers while announcing (leads to crash) ([#297](transmission/transmission#297))
   - Improve completion scripts execution and error handling; add support for .cmd and .bat files on Windows ([#405](transmission/transmission#405))
   - Maintain a "session ID" file (in temporary directory) to better detect whether session is local or remote; return the ID as part of "session-get" response (TRAC-5348, [#861](transmission/transmission#861))
   - Change torrent location even if no data move is needed ([#35](transmission/transmission#35))
   - Support CIDR-notated blocklists ([#230](transmission/transmission#230), [#741](transmission/transmission#741))
   - Update the resume file before running scripts ([#825](transmission/transmission#825))
   - Make multiscrape limits adaptive ([#837](transmission/transmission#837))
   - Add labels support to libtransmission and transmission-remote ([#822](transmission/transmission#822))
   - Parse `session-id` header case-insensitively ([#765](transmission/transmission#765))
   - Sanitize suspicious path components instead of rejecting them ([#62](transmission/transmission#62), [#294](transmission/transmission#294))
   - Load CA certs from system store on Windows / OpenSSL ([#446](transmission/transmission#446))
   - Add support for mbedtls (formely polarssl) and wolfssl (formely cyassl), LibreSSL ([#115](transmission/transmission#115), [#116](transmission/transmission#116), [#284](transmission/transmission#284), [#486](transmission/transmission#486), [#524](transmission/transmission#524), [#570](transmission/transmission#570))
   - Fix building against OpenSSL 1.1.0+ ([#24](transmission/transmission#24))
   - Fix quota support for uClibc-ng 1.0.18+ and DragonFly BSD ([#42](transmission/transmission#42), [#58](transmission/transmission#58), [#312](transmission/transmission#312))
   - Fix a number of memory leaks (magnet loading, session shutdown, bencoded data parsing) ([#56](transmission/transmission#56))
   - Bump miniupnpc version to 2.0.20170509 ([#347](transmission/transmission#347))
   - CMake-related improvements (Ninja generator, libappindicator, systemd, Solaris and macOS) ([#72](transmission/transmission#72), [#96](transmission/transmission#96), [#117](transmission/transmission#117), [#118](transmission/transmission#118), [#133](transmission/transmission#133), [#191](transmission/transmission#191))
   - Switch to submodules to manage (most of) third-party dependencies
   - Fail installation on Windows if UCRT is not installed

   ### Mac Client
   - Bump minimum macOS version to 10.10
   - Dark Mode support ([#644](transmission/transmission#644), [#722](transmission/transmission#722), [#757](transmission/transmission#757), [#779](transmission/transmission#779), [#788](transmission/transmission#788))
   - Remove Growl support, notification center is always used ([#387](transmission/transmission#387))
   - Fix autoupdate on High Sierra and up by bumping the Sparkle version ([#121](transmission/transmission#121), [#600](transmission/transmission#600))
   - Transition to ARC ([#336](transmission/transmission#336))
   - Use proper UTF-8 encoding (with macOS-specific normalization) when setting download/incomplete directory and completion script paths ([#11](transmission/transmission#11))
   - Fix uncaught exception when dragging multiple items between groups ([#51](transmission/transmission#51))
   - Add flat variants of status icons for message log ([#134](transmission/transmission#134))
   - Optimize image resources size ([#304](transmission/transmission#304), [#429](transmission/transmission#429))
   - Update file icon when file name changes ([#37](transmission/transmission#37))
   - Update translations

   ### GTK+ Client
   - Add queue up/down hotkeys ([#158](transmission/transmission#158))
   - Modernize the .desktop file ([#162](transmission/transmission#162))
   - Add AppData file ([#224](transmission/transmission#224))
   - Add symbolic icon variant for the Gnome top bar and when the high contrast theme is in use ([#414](transmission/transmission#414), [#449](transmission/transmission#449))
   - Update file icon when its name changes ([#37](transmission/transmission#37))
   - Switch from intltool to gettext for translations ([#584](transmission/transmission#584), [#647](transmission/transmission#647))
   - Update translations, add new translations for Portuguese (Portugal)

   ### Qt Client
   - Bump minimum Qt version to 5.2
   - Fix dropping .torrent files into main window on Windows ([#269](transmission/transmission#269))
   - Fix prepending of drive letter to various user-selected paths on Windows ([#236](transmission/transmission#236), [#307](transmission/transmission#307), [#404](transmission/transmission#404), [#437](transmission/transmission#437), [#699](transmission/transmission#699), [#723](transmission/transmission#723), [#877](transmission/transmission#877))
   - Fix sorting by progress in presence of magnet transfers ([#234](transmission/transmission#234))
   - Fix .torrent file trashing upon addition ([#262](transmission/transmission#262))
   - Add queue up/down hotkeys ([#158](transmission/transmission#158))
   - Reduce torrent properties (file tree) memory usage
   - Display tooltips in torrent properties (file tree) in case the names don't fit ([#411](transmission/transmission#411))
   - Improve UI look on hi-dpi displays (YMMV)
   - Use session ID (if available) to check if session is local or not ([#861](transmission/transmission#861))
   - Use default (instead of system) locale to be more flexible ([#130](transmission/transmission#130))
   - Modernize the .desktop file ([#162](transmission/transmission#162))
   - Update translations, add new translations for Afrikaans, Catalan, Danish, Greek, Norwegian Bokmål, Slovenian

   ### Daemon
   - Use libsystemd instead of libsystemd-daemon (TRAC-5921)
   - Harden transmission-daemon.service by disallowing privileges elevation ([#795](transmission/transmission#795))
   - Fix exit code to be zero when dumping settings ([#487](transmission/transmission#487))

   ### Web Client
   - Fix tracker error XSS in inspector (CVE-?)
   - Fix performance issues due to improper use of `setInterval()` for UI refresh (TRAC-6031)
   - Fix recognition of `https://` links in comments field ([#41](transmission/transmission#41), [#180](transmission/transmission#180))
   - Fix torrent list style in Google Chrome 59+ ([#384](transmission/transmission#384))
   - Show ETA in compact view on non-mobile devices ([#146](transmission/transmission#146))
   - Show upload file button on mobile devices ([#320](transmission/transmission#320), [#431](transmission/transmission#431), [#956](transmission/transmission#956))
   - Add keyboard hotkeys for web interface ([#351](transmission/transmission#351))
   - Disable autocompletion in torrent URL field ([#367](transmission/transmission#367))

   ### Utils
   - Prevent crash in transmission-show displaying torrents with invalid creation date ([#609](transmission/transmission#609))
   - Handle IPv6 RPC addresses in transmission-remote ([#247](transmission/transmission#247))
   - Add `--unsorted` option to transmission-show ([#767](transmission/transmission#767))
   - Widen the torrent-id column in transmission-remote for cleaner formatting ([#840](transmission/transmission#840))


   To generate a diff of this commit:
   cvs rdiff -u -r1.26 -r1.27 pkgsrc/net/transmission/Makefile
   cvs rdiff -u -r1.9 -r1.10 pkgsrc/net/transmission/Makefile.common
   cvs rdiff -u -r1.3 -r1.4 pkgsrc/net/transmission/PLIST
   cvs rdiff -u -r1.15 -r1.16 pkgsrc/net/transmission/distinfo
   cvs rdiff -u -r1.45 -r1.46 pkgsrc/net/transmission-gtk/Makefile
   cvs rdiff -u -r1.1 -r1.2 pkgsrc/net/transmission-gtk/PLIST
   cvs rdiff -u -r1.52 -r1.53 pkgsrc/net/transmission-qt/Makefile
   cvs rdiff -u -r1.6 -r1.7 pkgsrc/net/transmission/patches/patch-qt_qtr.pro
-------------------------------------------------------------------
   Module Name:    pkgsrc
   Committed By:   wiz
   Date:           Sat Jul 25 20:20:05 UTC 2020

   Modified Files:
           pkgsrc/net/transmission-qt: Makefile

   Log Message:
   transmission-qt: needs gcc 7.x (for <optional>)

   Reported and tested by spz.


   To generate a diff of this commit:
   cvs rdiff -u -r1.53 -r1.54 pkgsrc/net/transmission-qt/Makefile
netbsd-srcmastr pushed a commit to NetBSD/pkgsrc that referenced this issue Dec 10, 2024
net/transmission-gtk: security update
net/transmission-qt: security update
net/transmission: security update

Revisions pulled up:
- net/transmission-gtk/Makefile                                 1.46
- net/transmission-gtk/PLIST                                    1.2
- net/transmission-qt/Makefile                                  1.54
- net/transmission/Makefile                                     1.27
- net/transmission/Makefile.common                              1.10
- net/transmission/PLIST                                        1.4
- net/transmission/distinfo                                     1.16
- net/transmission/patches/patch-qt_qtr.pro                     1.7

-------------------------------------------------------------------
   Module Name:	pkgsrc
   Committed By:	wiz
   Date:		Mon Jul 13 13:01:02 UTC 2020

   Modified Files:
   	pkgsrc/net/transmission: Makefile Makefile.common PLIST distinfo
   	pkgsrc/net/transmission-gtk: Makefile PLIST
   	pkgsrc/net/transmission-qt: Makefile
   	pkgsrc/net/transmission/patches: patch-qt_qtr.pro

   Log Message:
   transmission*: update to 3.00

   ### All Platforms
   - Allow the RPC server to listen on an IPv6 address ([#161](transmission/transmission#161))
   - Change `TR_CURL_SSL_VERIFY` to `TR_CURL_SSL_NO_VERIFY` and enable verification by default ([#334](transmission/transmission#334))
   - Go back to using hash as base name for resume and torrent files (those stored in configuration directory) ([#122](transmission/transmission#122))
   - Handle "fields" argument in "session-get" RPC request; if "fields" array is present in arguments, only return session fields specified; otherwise return all the fields as before
   - Limit the number of incorrect authentication attempts in embedded web server to 100 to prevent brute-force attacks ([#371](transmission/transmission#371))
   - Set idle seed limit range to 1..40320 (4 weeks tops) in all clients ([#212](transmission/transmission#212))
   - Add Peer ID for Xfplay, PicoTorrent, Free Download Manager, Folx, Baidu Netdisk torrent clients ([#256](transmission/transmission#256), [#285](transmission/transmission#285), [#355](transmission/transmission#355), [#363](transmission/transmission#363), [#386](transmission/transmission#386))
   - Announce `INT64_MAX` as size left if the value is unknown (helps with e.g. Amazon S3 trackers) ([#250](transmission/transmission#250))
   - Add `TCP_FASTOPEN` support (should result in slight speedup) ([#184](transmission/transmission#184))
   - Improve ToS handling on IPv6 connections ([#128](transmission/transmission#128), [#341](transmission/transmission#341), [#360](transmission/transmission#360), [#692](transmission/transmission#692), [#737](transmission/transmission#737))
   - Abort handshake if establishing DH shared secret fails (leads to crash) ([#27](transmission/transmission#27))
   - Don't switch trackers while announcing (leads to crash) ([#297](transmission/transmission#297))
   - Improve completion scripts execution and error handling; add support for .cmd and .bat files on Windows ([#405](transmission/transmission#405))
   - Maintain a "session ID" file (in temporary directory) to better detect whether session is local or remote; return the ID as part of "session-get" response (TRAC-5348, [#861](transmission/transmission#861))
   - Change torrent location even if no data move is needed ([#35](transmission/transmission#35))
   - Support CIDR-notated blocklists ([#230](transmission/transmission#230), [#741](transmission/transmission#741))
   - Update the resume file before running scripts ([#825](transmission/transmission#825))
   - Make multiscrape limits adaptive ([#837](transmission/transmission#837))
   - Add labels support to libtransmission and transmission-remote ([#822](transmission/transmission#822))
   - Parse `session-id` header case-insensitively ([#765](transmission/transmission#765))
   - Sanitize suspicious path components instead of rejecting them ([#62](transmission/transmission#62), [#294](transmission/transmission#294))
   - Load CA certs from system store on Windows / OpenSSL ([#446](transmission/transmission#446))
   - Add support for mbedtls (formely polarssl) and wolfssl (formely cyassl), LibreSSL ([#115](transmission/transmission#115), [#116](transmission/transmission#116), [#284](transmission/transmission#284), [#486](transmission/transmission#486), [#524](transmission/transmission#524), [#570](transmission/transmission#570))
   - Fix building against OpenSSL 1.1.0+ ([#24](transmission/transmission#24))
   - Fix quota support for uClibc-ng 1.0.18+ and DragonFly BSD ([#42](transmission/transmission#42), [#58](transmission/transmission#58), [#312](transmission/transmission#312))
   - Fix a number of memory leaks (magnet loading, session shutdown, bencoded data parsing) ([#56](transmission/transmission#56))
   - Bump miniupnpc version to 2.0.20170509 ([#347](transmission/transmission#347))
   - CMake-related improvements (Ninja generator, libappindicator, systemd, Solaris and macOS) ([#72](transmission/transmission#72), [#96](transmission/transmission#96), [#117](transmission/transmission#117), [#118](transmission/transmission#118), [#133](transmission/transmission#133), [#191](transmission/transmission#191))
   - Switch to submodules to manage (most of) third-party dependencies
   - Fail installation on Windows if UCRT is not installed

   ### Mac Client
   - Bump minimum macOS version to 10.10
   - Dark Mode support ([#644](transmission/transmission#644), [#722](transmission/transmission#722), [#757](transmission/transmission#757), [#779](transmission/transmission#779), [#788](transmission/transmission#788))
   - Remove Growl support, notification center is always used ([#387](transmission/transmission#387))
   - Fix autoupdate on High Sierra and up by bumping the Sparkle version ([#121](transmission/transmission#121), [#600](transmission/transmission#600))
   - Transition to ARC ([#336](transmission/transmission#336))
   - Use proper UTF-8 encoding (with macOS-specific normalization) when setting download/incomplete directory and completion script paths ([#11](transmission/transmission#11))
   - Fix uncaught exception when dragging multiple items between groups ([#51](transmission/transmission#51))
   - Add flat variants of status icons for message log ([#134](transmission/transmission#134))
   - Optimize image resources size ([#304](transmission/transmission#304), [#429](transmission/transmission#429))
   - Update file icon when file name changes ([#37](transmission/transmission#37))
   - Update translations

   ### GTK+ Client
   - Add queue up/down hotkeys ([#158](transmission/transmission#158))
   - Modernize the .desktop file ([#162](transmission/transmission#162))
   - Add AppData file ([#224](transmission/transmission#224))
   - Add symbolic icon variant for the Gnome top bar and when the high contrast theme is in use ([#414](transmission/transmission#414), [#449](transmission/transmission#449))
   - Update file icon when its name changes ([#37](transmission/transmission#37))
   - Switch from intltool to gettext for translations ([#584](transmission/transmission#584), [#647](transmission/transmission#647))
   - Update translations, add new translations for Portuguese (Portugal)

   ### Qt Client
   - Bump minimum Qt version to 5.2
   - Fix dropping .torrent files into main window on Windows ([#269](transmission/transmission#269))
   - Fix prepending of drive letter to various user-selected paths on Windows ([#236](transmission/transmission#236), [#307](transmission/transmission#307), [#404](transmission/transmission#404), [#437](transmission/transmission#437), [#699](transmission/transmission#699), [#723](transmission/transmission#723), [#877](transmission/transmission#877))
   - Fix sorting by progress in presence of magnet transfers ([#234](transmission/transmission#234))
   - Fix .torrent file trashing upon addition ([#262](transmission/transmission#262))
   - Add queue up/down hotkeys ([#158](transmission/transmission#158))
   - Reduce torrent properties (file tree) memory usage
   - Display tooltips in torrent properties (file tree) in case the names don't fit ([#411](transmission/transmission#411))
   - Improve UI look on hi-dpi displays (YMMV)
   - Use session ID (if available) to check if session is local or not ([#861](transmission/transmission#861))
   - Use default (instead of system) locale to be more flexible ([#130](transmission/transmission#130))
   - Modernize the .desktop file ([#162](transmission/transmission#162))
   - Update translations, add new translations for Afrikaans, Catalan, Danish, Greek, Norwegian Bokmål, Slovenian

   ### Daemon
   - Use libsystemd instead of libsystemd-daemon (TRAC-5921)
   - Harden transmission-daemon.service by disallowing privileges elevation ([#795](transmission/transmission#795))
   - Fix exit code to be zero when dumping settings ([#487](transmission/transmission#487))

   ### Web Client
   - Fix tracker error XSS in inspector (CVE-?)
   - Fix performance issues due to improper use of `setInterval()` for UI refresh (TRAC-6031)
   - Fix recognition of `https://` links in comments field ([#41](transmission/transmission#41), [#180](transmission/transmission#180))
   - Fix torrent list style in Google Chrome 59+ ([#384](transmission/transmission#384))
   - Show ETA in compact view on non-mobile devices ([#146](transmission/transmission#146))
   - Show upload file button on mobile devices ([#320](transmission/transmission#320), [#431](transmission/transmission#431), [#956](transmission/transmission#956))
   - Add keyboard hotkeys for web interface ([#351](transmission/transmission#351))
   - Disable autocompletion in torrent URL field ([#367](transmission/transmission#367))

   ### Utils
   - Prevent crash in transmission-show displaying torrents with invalid creation date ([#609](transmission/transmission#609))
   - Handle IPv6 RPC addresses in transmission-remote ([#247](transmission/transmission#247))
   - Add `--unsorted` option to transmission-show ([#767](transmission/transmission#767))
   - Widen the torrent-id column in transmission-remote for cleaner formatting ([#840](transmission/transmission#840))


   To generate a diff of this commit:
   cvs rdiff -u -r1.26 -r1.27 pkgsrc/net/transmission/Makefile
   cvs rdiff -u -r1.9 -r1.10 pkgsrc/net/transmission/Makefile.common
   cvs rdiff -u -r1.3 -r1.4 pkgsrc/net/transmission/PLIST
   cvs rdiff -u -r1.15 -r1.16 pkgsrc/net/transmission/distinfo
   cvs rdiff -u -r1.45 -r1.46 pkgsrc/net/transmission-gtk/Makefile
   cvs rdiff -u -r1.1 -r1.2 pkgsrc/net/transmission-gtk/PLIST
   cvs rdiff -u -r1.52 -r1.53 pkgsrc/net/transmission-qt/Makefile
   cvs rdiff -u -r1.6 -r1.7 pkgsrc/net/transmission/patches/patch-qt_qtr.pro
-------------------------------------------------------------------
   Module Name:    pkgsrc
   Committed By:   wiz
   Date:           Sat Jul 25 20:20:05 UTC 2020

   Modified Files:
           pkgsrc/net/transmission-qt: Makefile

   Log Message:
   transmission-qt: needs gcc 7.x (for <optional>)

   Reported and tested by spz.


   To generate a diff of this commit:
   cvs rdiff -u -r1.53 -r1.54 pkgsrc/net/transmission-qt/Makefile
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Development

No branches or pull requests