Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Parse session-id header case-insensitively #765

Merged
merged 1 commit into from
Mar 17, 2019

Conversation

LaserEyess
Copy link
Contributor

RFC 2616 defines headers as case-insensitive, so if rpc is behind a
reverse proxy that lowers the case of headers, transmission will not
parse the headers correctly.

libtransmission/rpc-server.c Outdated Show resolved Hide resolved
utils/remote.c Show resolved Hide resolved
@LaserEyess LaserEyess force-pushed the fix_headers branch 4 times, most recently from 44af985 to e06fc7c Compare November 29, 2018 23:06
@LaserEyess
Copy link
Contributor Author

@mikedld Any thoughts on this?

ckerr
ckerr previously requested changes Feb 2, 2019
libtransmission/utils.c Show resolved Hide resolved
@LaserEyess LaserEyess force-pushed the fix_headers branch 3 times, most recently from a912885 to a2d1394 Compare February 10, 2019 18:05
@LaserEyess
Copy link
Contributor Author

@ckerr @mikedld changes are made and tested on linux, but I have no access to macOS or windows machines and I don't know why the builds fail. I am not familiar with VS or XCode so I have no idea how to modify their build setups. Any help would be appreciated. I believe I found and included the right windows hearder for StrStrIA() according to this.

@LaserEyess LaserEyess force-pushed the fix_headers branch 4 times, most recently from c733092 to f695754 Compare February 15, 2019 19:29
@LaserEyess
Copy link
Contributor Author

Fixed Windows/macOS build issues, fixed code style, rebased with master. Let me know if anything else needs to be done. For me, this fixes the issues I was having with nginx as a reverse proxy.

@LaserEyess LaserEyess force-pushed the fix_headers branch 3 times, most recently from a6cc32e to d95921e Compare February 23, 2019 15:08
mikedld
mikedld previously approved these changes Feb 24, 2019
@LaserEyess
Copy link
Contributor Author

This has been rebased and updated again for the new code style.

@ckerr mind giving it another review?

RFC 2616 defines headers as case-insensitive, so if rpc is behind a
reverse proxy that lowers the case of headers, transmission will not
parse them correctly.

A new wrapper function, `tr_strcasestr` is added to
libtransmission/utils.c to allow for comparisons of headers case
insensitively, and checks in cmake and autogen are included.
@mikedld mikedld dismissed ckerr’s stale review March 17, 2019 14:36

Looks like the comments have been addressed.

@mikedld mikedld merged commit 7505891 into transmission:master Mar 17, 2019
@mikedld mikedld added this to the 3.00 milestone Mar 17, 2019
@LaserEyess LaserEyess deleted the fix_headers branch March 17, 2019 14:38
netbsd-srcmastr pushed a commit to NetBSD/pkgsrc that referenced this pull request Jul 13, 2020
### All Platforms
- Allow the RPC server to listen on an IPv6 address ([#161](transmission/transmission#161))
- Change `TR_CURL_SSL_VERIFY` to `TR_CURL_SSL_NO_VERIFY` and enable verification by default ([#334](transmission/transmission#334))
- Go back to using hash as base name for resume and torrent files (those stored in configuration directory) ([#122](transmission/transmission#122))
- Handle "fields" argument in "session-get" RPC request; if "fields" array is present in arguments, only return session fields specified; otherwise return all the fields as before
- Limit the number of incorrect authentication attempts in embedded web server to 100 to prevent brute-force attacks ([#371](transmission/transmission#371))
- Set idle seed limit range to 1..40320 (4 weeks tops) in all clients ([#212](transmission/transmission#212))
- Add Peer ID for Xfplay, PicoTorrent, Free Download Manager, Folx, Baidu Netdisk torrent clients ([#256](transmission/transmission#256), [#285](transmission/transmission#285), [#355](transmission/transmission#355), [#363](transmission/transmission#363), [#386](transmission/transmission#386))
- Announce `INT64_MAX` as size left if the value is unknown (helps with e.g. Amazon S3 trackers) ([#250](transmission/transmission#250))
- Add `TCP_FASTOPEN` support (should result in slight speedup) ([#184](transmission/transmission#184))
- Improve ToS handling on IPv6 connections ([#128](transmission/transmission#128), [#341](transmission/transmission#341), [#360](transmission/transmission#360), [#692](transmission/transmission#692), [#737](transmission/transmission#737))
- Abort handshake if establishing DH shared secret fails (leads to crash) ([#27](transmission/transmission#27))
- Don't switch trackers while announcing (leads to crash) ([#297](transmission/transmission#297))
- Improve completion scripts execution and error handling; add support for .cmd and .bat files on Windows ([#405](transmission/transmission#405))
- Maintain a "session ID" file (in temporary directory) to better detect whether session is local or remote; return the ID as part of "session-get" response (TRAC-5348, [#861](transmission/transmission#861))
- Change torrent location even if no data move is needed ([#35](transmission/transmission#35))
- Support CIDR-notated blocklists ([#230](transmission/transmission#230), [#741](transmission/transmission#741))
- Update the resume file before running scripts ([#825](transmission/transmission#825))
- Make multiscrape limits adaptive ([#837](transmission/transmission#837))
- Add labels support to libtransmission and transmission-remote ([#822](transmission/transmission#822))
- Parse `session-id` header case-insensitively ([#765](transmission/transmission#765))
- Sanitize suspicious path components instead of rejecting them ([#62](transmission/transmission#62), [#294](transmission/transmission#294))
- Load CA certs from system store on Windows / OpenSSL ([#446](transmission/transmission#446))
- Add support for mbedtls (formely polarssl) and wolfssl (formely cyassl), LibreSSL ([#115](transmission/transmission#115), [#116](transmission/transmission#116), [#284](transmission/transmission#284), [#486](transmission/transmission#486), [#524](transmission/transmission#524), [#570](transmission/transmission#570))
- Fix building against OpenSSL 1.1.0+ ([#24](transmission/transmission#24))
- Fix quota support for uClibc-ng 1.0.18+ and DragonFly BSD ([#42](transmission/transmission#42), [#58](transmission/transmission#58), [#312](transmission/transmission#312))
- Fix a number of memory leaks (magnet loading, session shutdown, bencoded data parsing) ([#56](transmission/transmission#56))
- Bump miniupnpc version to 2.0.20170509 ([#347](transmission/transmission#347))
- CMake-related improvements (Ninja generator, libappindicator, systemd, Solaris and macOS) ([#72](transmission/transmission#72), [#96](transmission/transmission#96), [#117](transmission/transmission#117), [#118](transmission/transmission#118), [#133](transmission/transmission#133), [#191](transmission/transmission#191))
- Switch to submodules to manage (most of) third-party dependencies
- Fail installation on Windows if UCRT is not installed

### Mac Client
- Bump minimum macOS version to 10.10
- Dark Mode support ([#644](transmission/transmission#644), [#722](transmission/transmission#722), [#757](transmission/transmission#757), [#779](transmission/transmission#779), [#788](transmission/transmission#788))
- Remove Growl support, notification center is always used ([#387](transmission/transmission#387))
- Fix autoupdate on High Sierra and up by bumping the Sparkle version ([#121](transmission/transmission#121), [#600](transmission/transmission#600))
- Transition to ARC ([#336](transmission/transmission#336))
- Use proper UTF-8 encoding (with macOS-specific normalization) when setting download/incomplete directory and completion script paths ([#11](transmission/transmission#11))
- Fix uncaught exception when dragging multiple items between groups ([#51](transmission/transmission#51))
- Add flat variants of status icons for message log ([#134](transmission/transmission#134))
- Optimize image resources size ([#304](transmission/transmission#304), [#429](transmission/transmission#429))
- Update file icon when file name changes ([#37](transmission/transmission#37))
- Update translations

### GTK+ Client
- Add queue up/down hotkeys ([#158](transmission/transmission#158))
- Modernize the .desktop file ([#162](transmission/transmission#162))
- Add AppData file ([#224](transmission/transmission#224))
- Add symbolic icon variant for the Gnome top bar and when the high contrast theme is in use ([#414](transmission/transmission#414), [#449](transmission/transmission#449))
- Update file icon when its name changes ([#37](transmission/transmission#37))
- Switch from intltool to gettext for translations ([#584](transmission/transmission#584), [#647](transmission/transmission#647))
- Update translations, add new translations for Portuguese (Portugal)

### Qt Client
- Bump minimum Qt version to 5.2
- Fix dropping .torrent files into main window on Windows ([#269](transmission/transmission#269))
- Fix prepending of drive letter to various user-selected paths on Windows ([#236](transmission/transmission#236), [#307](transmission/transmission#307), [#404](transmission/transmission#404), [#437](transmission/transmission#437), [#699](transmission/transmission#699), [#723](transmission/transmission#723), [#877](transmission/transmission#877))
- Fix sorting by progress in presence of magnet transfers ([#234](transmission/transmission#234))
- Fix .torrent file trashing upon addition ([#262](transmission/transmission#262))
- Add queue up/down hotkeys ([#158](transmission/transmission#158))
- Reduce torrent properties (file tree) memory usage
- Display tooltips in torrent properties (file tree) in case the names don't fit ([#411](transmission/transmission#411))
- Improve UI look on hi-dpi displays (YMMV)
- Use session ID (if available) to check if session is local or not ([#861](transmission/transmission#861))
- Use default (instead of system) locale to be more flexible ([#130](transmission/transmission#130))
- Modernize the .desktop file ([#162](transmission/transmission#162))
- Update translations, add new translations for Afrikaans, Catalan, Danish, Greek, Norwegian Bokmål, Slovenian

### Daemon
- Use libsystemd instead of libsystemd-daemon (TRAC-5921)
- Harden transmission-daemon.service by disallowing privileges elevation ([#795](transmission/transmission#795))
- Fix exit code to be zero when dumping settings ([#487](transmission/transmission#487))

### Web Client
- Fix tracker error XSS in inspector (CVE-?)
- Fix performance issues due to improper use of `setInterval()` for UI refresh (TRAC-6031)
- Fix recognition of `https://` links in comments field ([#41](transmission/transmission#41), [#180](transmission/transmission#180))
- Fix torrent list style in Google Chrome 59+ ([#384](transmission/transmission#384))
- Show ETA in compact view on non-mobile devices ([#146](transmission/transmission#146))
- Show upload file button on mobile devices ([#320](transmission/transmission#320), [#431](transmission/transmission#431), [#956](transmission/transmission#956))
- Add keyboard hotkeys for web interface ([#351](transmission/transmission#351))
- Disable autocompletion in torrent URL field ([#367](transmission/transmission#367))

### Utils
- Prevent crash in transmission-show displaying torrents with invalid creation date ([#609](transmission/transmission#609))
- Handle IPv6 RPC addresses in transmission-remote ([#247](transmission/transmission#247))
- Add `--unsorted` option to transmission-show ([#767](transmission/transmission#767))
- Widen the torrent-id column in transmission-remote for cleaner formatting ([#840](transmission/transmission#840))
netbsd-srcmastr pushed a commit to NetBSD/pkgsrc that referenced this pull request Aug 3, 2020
net/transmission-gtk: security update
net/transmission-qt: security update
net/transmission: security update

Revisions pulled up:
- net/transmission-gtk/Makefile                                 1.46
- net/transmission-gtk/PLIST                                    1.2
- net/transmission-qt/Makefile                                  1.54
- net/transmission/Makefile                                     1.27
- net/transmission/Makefile.common                              1.10
- net/transmission/PLIST                                        1.4
- net/transmission/distinfo                                     1.16
- net/transmission/patches/patch-qt_qtr.pro                     1.7

-------------------------------------------------------------------
   Module Name:	pkgsrc
   Committed By:	wiz
   Date:		Mon Jul 13 13:01:02 UTC 2020

   Modified Files:
   	pkgsrc/net/transmission: Makefile Makefile.common PLIST distinfo
   	pkgsrc/net/transmission-gtk: Makefile PLIST
   	pkgsrc/net/transmission-qt: Makefile
   	pkgsrc/net/transmission/patches: patch-qt_qtr.pro

   Log Message:
   transmission*: update to 3.00

   ### All Platforms
   - Allow the RPC server to listen on an IPv6 address ([#161](transmission/transmission#161))
   - Change `TR_CURL_SSL_VERIFY` to `TR_CURL_SSL_NO_VERIFY` and enable verification by default ([#334](transmission/transmission#334))
   - Go back to using hash as base name for resume and torrent files (those stored in configuration directory) ([#122](transmission/transmission#122))
   - Handle "fields" argument in "session-get" RPC request; if "fields" array is present in arguments, only return session fields specified; otherwise return all the fields as before
   - Limit the number of incorrect authentication attempts in embedded web server to 100 to prevent brute-force attacks ([#371](transmission/transmission#371))
   - Set idle seed limit range to 1..40320 (4 weeks tops) in all clients ([#212](transmission/transmission#212))
   - Add Peer ID for Xfplay, PicoTorrent, Free Download Manager, Folx, Baidu Netdisk torrent clients ([#256](transmission/transmission#256), [#285](transmission/transmission#285), [#355](transmission/transmission#355), [#363](transmission/transmission#363), [#386](transmission/transmission#386))
   - Announce `INT64_MAX` as size left if the value is unknown (helps with e.g. Amazon S3 trackers) ([#250](transmission/transmission#250))
   - Add `TCP_FASTOPEN` support (should result in slight speedup) ([#184](transmission/transmission#184))
   - Improve ToS handling on IPv6 connections ([#128](transmission/transmission#128), [#341](transmission/transmission#341), [#360](transmission/transmission#360), [#692](transmission/transmission#692), [#737](transmission/transmission#737))
   - Abort handshake if establishing DH shared secret fails (leads to crash) ([#27](transmission/transmission#27))
   - Don't switch trackers while announcing (leads to crash) ([#297](transmission/transmission#297))
   - Improve completion scripts execution and error handling; add support for .cmd and .bat files on Windows ([#405](transmission/transmission#405))
   - Maintain a "session ID" file (in temporary directory) to better detect whether session is local or remote; return the ID as part of "session-get" response (TRAC-5348, [#861](transmission/transmission#861))
   - Change torrent location even if no data move is needed ([#35](transmission/transmission#35))
   - Support CIDR-notated blocklists ([#230](transmission/transmission#230), [#741](transmission/transmission#741))
   - Update the resume file before running scripts ([#825](transmission/transmission#825))
   - Make multiscrape limits adaptive ([#837](transmission/transmission#837))
   - Add labels support to libtransmission and transmission-remote ([#822](transmission/transmission#822))
   - Parse `session-id` header case-insensitively ([#765](transmission/transmission#765))
   - Sanitize suspicious path components instead of rejecting them ([#62](transmission/transmission#62), [#294](transmission/transmission#294))
   - Load CA certs from system store on Windows / OpenSSL ([#446](transmission/transmission#446))
   - Add support for mbedtls (formely polarssl) and wolfssl (formely cyassl), LibreSSL ([#115](transmission/transmission#115), [#116](transmission/transmission#116), [#284](transmission/transmission#284), [#486](transmission/transmission#486), [#524](transmission/transmission#524), [#570](transmission/transmission#570))
   - Fix building against OpenSSL 1.1.0+ ([#24](transmission/transmission#24))
   - Fix quota support for uClibc-ng 1.0.18+ and DragonFly BSD ([#42](transmission/transmission#42), [#58](transmission/transmission#58), [#312](transmission/transmission#312))
   - Fix a number of memory leaks (magnet loading, session shutdown, bencoded data parsing) ([#56](transmission/transmission#56))
   - Bump miniupnpc version to 2.0.20170509 ([#347](transmission/transmission#347))
   - CMake-related improvements (Ninja generator, libappindicator, systemd, Solaris and macOS) ([#72](transmission/transmission#72), [#96](transmission/transmission#96), [#117](transmission/transmission#117), [#118](transmission/transmission#118), [#133](transmission/transmission#133), [#191](transmission/transmission#191))
   - Switch to submodules to manage (most of) third-party dependencies
   - Fail installation on Windows if UCRT is not installed

   ### Mac Client
   - Bump minimum macOS version to 10.10
   - Dark Mode support ([#644](transmission/transmission#644), [#722](transmission/transmission#722), [#757](transmission/transmission#757), [#779](transmission/transmission#779), [#788](transmission/transmission#788))
   - Remove Growl support, notification center is always used ([#387](transmission/transmission#387))
   - Fix autoupdate on High Sierra and up by bumping the Sparkle version ([#121](transmission/transmission#121), [#600](transmission/transmission#600))
   - Transition to ARC ([#336](transmission/transmission#336))
   - Use proper UTF-8 encoding (with macOS-specific normalization) when setting download/incomplete directory and completion script paths ([#11](transmission/transmission#11))
   - Fix uncaught exception when dragging multiple items between groups ([#51](transmission/transmission#51))
   - Add flat variants of status icons for message log ([#134](transmission/transmission#134))
   - Optimize image resources size ([#304](transmission/transmission#304), [#429](transmission/transmission#429))
   - Update file icon when file name changes ([#37](transmission/transmission#37))
   - Update translations

   ### GTK+ Client
   - Add queue up/down hotkeys ([#158](transmission/transmission#158))
   - Modernize the .desktop file ([#162](transmission/transmission#162))
   - Add AppData file ([#224](transmission/transmission#224))
   - Add symbolic icon variant for the Gnome top bar and when the high contrast theme is in use ([#414](transmission/transmission#414), [#449](transmission/transmission#449))
   - Update file icon when its name changes ([#37](transmission/transmission#37))
   - Switch from intltool to gettext for translations ([#584](transmission/transmission#584), [#647](transmission/transmission#647))
   - Update translations, add new translations for Portuguese (Portugal)

   ### Qt Client
   - Bump minimum Qt version to 5.2
   - Fix dropping .torrent files into main window on Windows ([#269](transmission/transmission#269))
   - Fix prepending of drive letter to various user-selected paths on Windows ([#236](transmission/transmission#236), [#307](transmission/transmission#307), [#404](transmission/transmission#404), [#437](transmission/transmission#437), [#699](transmission/transmission#699), [#723](transmission/transmission#723), [#877](transmission/transmission#877))
   - Fix sorting by progress in presence of magnet transfers ([#234](transmission/transmission#234))
   - Fix .torrent file trashing upon addition ([#262](transmission/transmission#262))
   - Add queue up/down hotkeys ([#158](transmission/transmission#158))
   - Reduce torrent properties (file tree) memory usage
   - Display tooltips in torrent properties (file tree) in case the names don't fit ([#411](transmission/transmission#411))
   - Improve UI look on hi-dpi displays (YMMV)
   - Use session ID (if available) to check if session is local or not ([#861](transmission/transmission#861))
   - Use default (instead of system) locale to be more flexible ([#130](transmission/transmission#130))
   - Modernize the .desktop file ([#162](transmission/transmission#162))
   - Update translations, add new translations for Afrikaans, Catalan, Danish, Greek, Norwegian Bokmål, Slovenian

   ### Daemon
   - Use libsystemd instead of libsystemd-daemon (TRAC-5921)
   - Harden transmission-daemon.service by disallowing privileges elevation ([#795](transmission/transmission#795))
   - Fix exit code to be zero when dumping settings ([#487](transmission/transmission#487))

   ### Web Client
   - Fix tracker error XSS in inspector (CVE-?)
   - Fix performance issues due to improper use of `setInterval()` for UI refresh (TRAC-6031)
   - Fix recognition of `https://` links in comments field ([#41](transmission/transmission#41), [#180](transmission/transmission#180))
   - Fix torrent list style in Google Chrome 59+ ([#384](transmission/transmission#384))
   - Show ETA in compact view on non-mobile devices ([#146](transmission/transmission#146))
   - Show upload file button on mobile devices ([#320](transmission/transmission#320), [#431](transmission/transmission#431), [#956](transmission/transmission#956))
   - Add keyboard hotkeys for web interface ([#351](transmission/transmission#351))
   - Disable autocompletion in torrent URL field ([#367](transmission/transmission#367))

   ### Utils
   - Prevent crash in transmission-show displaying torrents with invalid creation date ([#609](transmission/transmission#609))
   - Handle IPv6 RPC addresses in transmission-remote ([#247](transmission/transmission#247))
   - Add `--unsorted` option to transmission-show ([#767](transmission/transmission#767))
   - Widen the torrent-id column in transmission-remote for cleaner formatting ([#840](transmission/transmission#840))


   To generate a diff of this commit:
   cvs rdiff -u -r1.26 -r1.27 pkgsrc/net/transmission/Makefile
   cvs rdiff -u -r1.9 -r1.10 pkgsrc/net/transmission/Makefile.common
   cvs rdiff -u -r1.3 -r1.4 pkgsrc/net/transmission/PLIST
   cvs rdiff -u -r1.15 -r1.16 pkgsrc/net/transmission/distinfo
   cvs rdiff -u -r1.45 -r1.46 pkgsrc/net/transmission-gtk/Makefile
   cvs rdiff -u -r1.1 -r1.2 pkgsrc/net/transmission-gtk/PLIST
   cvs rdiff -u -r1.52 -r1.53 pkgsrc/net/transmission-qt/Makefile
   cvs rdiff -u -r1.6 -r1.7 pkgsrc/net/transmission/patches/patch-qt_qtr.pro
-------------------------------------------------------------------
   Module Name:    pkgsrc
   Committed By:   wiz
   Date:           Sat Jul 25 20:20:05 UTC 2020

   Modified Files:
           pkgsrc/net/transmission-qt: Makefile

   Log Message:
   transmission-qt: needs gcc 7.x (for <optional>)

   Reported and tested by spz.


   To generate a diff of this commit:
   cvs rdiff -u -r1.53 -r1.54 pkgsrc/net/transmission-qt/Makefile
netbsd-srcmastr pushed a commit to NetBSD/pkgsrc that referenced this pull request Oct 14, 2021
net/transmission-gtk: security update
net/transmission-qt: security update
net/transmission: security update

Revisions pulled up:
- net/transmission-gtk/Makefile                                 1.46
- net/transmission-gtk/PLIST                                    1.2
- net/transmission-qt/Makefile                                  1.54
- net/transmission/Makefile                                     1.27
- net/transmission/Makefile.common                              1.10
- net/transmission/PLIST                                        1.4
- net/transmission/distinfo                                     1.16
- net/transmission/patches/patch-qt_qtr.pro                     1.7

-------------------------------------------------------------------
   Module Name:	pkgsrc
   Committed By:	wiz
   Date:		Mon Jul 13 13:01:02 UTC 2020

   Modified Files:
   	pkgsrc/net/transmission: Makefile Makefile.common PLIST distinfo
   	pkgsrc/net/transmission-gtk: Makefile PLIST
   	pkgsrc/net/transmission-qt: Makefile
   	pkgsrc/net/transmission/patches: patch-qt_qtr.pro

   Log Message:
   transmission*: update to 3.00

   ### All Platforms
   - Allow the RPC server to listen on an IPv6 address ([#161](transmission/transmission#161))
   - Change `TR_CURL_SSL_VERIFY` to `TR_CURL_SSL_NO_VERIFY` and enable verification by default ([#334](transmission/transmission#334))
   - Go back to using hash as base name for resume and torrent files (those stored in configuration directory) ([#122](transmission/transmission#122))
   - Handle "fields" argument in "session-get" RPC request; if "fields" array is present in arguments, only return session fields specified; otherwise return all the fields as before
   - Limit the number of incorrect authentication attempts in embedded web server to 100 to prevent brute-force attacks ([#371](transmission/transmission#371))
   - Set idle seed limit range to 1..40320 (4 weeks tops) in all clients ([#212](transmission/transmission#212))
   - Add Peer ID for Xfplay, PicoTorrent, Free Download Manager, Folx, Baidu Netdisk torrent clients ([#256](transmission/transmission#256), [#285](transmission/transmission#285), [#355](transmission/transmission#355), [#363](transmission/transmission#363), [#386](transmission/transmission#386))
   - Announce `INT64_MAX` as size left if the value is unknown (helps with e.g. Amazon S3 trackers) ([#250](transmission/transmission#250))
   - Add `TCP_FASTOPEN` support (should result in slight speedup) ([#184](transmission/transmission#184))
   - Improve ToS handling on IPv6 connections ([#128](transmission/transmission#128), [#341](transmission/transmission#341), [#360](transmission/transmission#360), [#692](transmission/transmission#692), [#737](transmission/transmission#737))
   - Abort handshake if establishing DH shared secret fails (leads to crash) ([#27](transmission/transmission#27))
   - Don't switch trackers while announcing (leads to crash) ([#297](transmission/transmission#297))
   - Improve completion scripts execution and error handling; add support for .cmd and .bat files on Windows ([#405](transmission/transmission#405))
   - Maintain a "session ID" file (in temporary directory) to better detect whether session is local or remote; return the ID as part of "session-get" response (TRAC-5348, [#861](transmission/transmission#861))
   - Change torrent location even if no data move is needed ([#35](transmission/transmission#35))
   - Support CIDR-notated blocklists ([#230](transmission/transmission#230), [#741](transmission/transmission#741))
   - Update the resume file before running scripts ([#825](transmission/transmission#825))
   - Make multiscrape limits adaptive ([#837](transmission/transmission#837))
   - Add labels support to libtransmission and transmission-remote ([#822](transmission/transmission#822))
   - Parse `session-id` header case-insensitively ([#765](transmission/transmission#765))
   - Sanitize suspicious path components instead of rejecting them ([#62](transmission/transmission#62), [#294](transmission/transmission#294))
   - Load CA certs from system store on Windows / OpenSSL ([#446](transmission/transmission#446))
   - Add support for mbedtls (formely polarssl) and wolfssl (formely cyassl), LibreSSL ([#115](transmission/transmission#115), [#116](transmission/transmission#116), [#284](transmission/transmission#284), [#486](transmission/transmission#486), [#524](transmission/transmission#524), [#570](transmission/transmission#570))
   - Fix building against OpenSSL 1.1.0+ ([#24](transmission/transmission#24))
   - Fix quota support for uClibc-ng 1.0.18+ and DragonFly BSD ([#42](transmission/transmission#42), [#58](transmission/transmission#58), [#312](transmission/transmission#312))
   - Fix a number of memory leaks (magnet loading, session shutdown, bencoded data parsing) ([#56](transmission/transmission#56))
   - Bump miniupnpc version to 2.0.20170509 ([#347](transmission/transmission#347))
   - CMake-related improvements (Ninja generator, libappindicator, systemd, Solaris and macOS) ([#72](transmission/transmission#72), [#96](transmission/transmission#96), [#117](transmission/transmission#117), [#118](transmission/transmission#118), [#133](transmission/transmission#133), [#191](transmission/transmission#191))
   - Switch to submodules to manage (most of) third-party dependencies
   - Fail installation on Windows if UCRT is not installed

   ### Mac Client
   - Bump minimum macOS version to 10.10
   - Dark Mode support ([#644](transmission/transmission#644), [#722](transmission/transmission#722), [#757](transmission/transmission#757), [#779](transmission/transmission#779), [#788](transmission/transmission#788))
   - Remove Growl support, notification center is always used ([#387](transmission/transmission#387))
   - Fix autoupdate on High Sierra and up by bumping the Sparkle version ([#121](transmission/transmission#121), [#600](transmission/transmission#600))
   - Transition to ARC ([#336](transmission/transmission#336))
   - Use proper UTF-8 encoding (with macOS-specific normalization) when setting download/incomplete directory and completion script paths ([#11](transmission/transmission#11))
   - Fix uncaught exception when dragging multiple items between groups ([#51](transmission/transmission#51))
   - Add flat variants of status icons for message log ([#134](transmission/transmission#134))
   - Optimize image resources size ([#304](transmission/transmission#304), [#429](transmission/transmission#429))
   - Update file icon when file name changes ([#37](transmission/transmission#37))
   - Update translations

   ### GTK+ Client
   - Add queue up/down hotkeys ([#158](transmission/transmission#158))
   - Modernize the .desktop file ([#162](transmission/transmission#162))
   - Add AppData file ([#224](transmission/transmission#224))
   - Add symbolic icon variant for the Gnome top bar and when the high contrast theme is in use ([#414](transmission/transmission#414), [#449](transmission/transmission#449))
   - Update file icon when its name changes ([#37](transmission/transmission#37))
   - Switch from intltool to gettext for translations ([#584](transmission/transmission#584), [#647](transmission/transmission#647))
   - Update translations, add new translations for Portuguese (Portugal)

   ### Qt Client
   - Bump minimum Qt version to 5.2
   - Fix dropping .torrent files into main window on Windows ([#269](transmission/transmission#269))
   - Fix prepending of drive letter to various user-selected paths on Windows ([#236](transmission/transmission#236), [#307](transmission/transmission#307), [#404](transmission/transmission#404), [#437](transmission/transmission#437), [#699](transmission/transmission#699), [#723](transmission/transmission#723), [#877](transmission/transmission#877))
   - Fix sorting by progress in presence of magnet transfers ([#234](transmission/transmission#234))
   - Fix .torrent file trashing upon addition ([#262](transmission/transmission#262))
   - Add queue up/down hotkeys ([#158](transmission/transmission#158))
   - Reduce torrent properties (file tree) memory usage
   - Display tooltips in torrent properties (file tree) in case the names don't fit ([#411](transmission/transmission#411))
   - Improve UI look on hi-dpi displays (YMMV)
   - Use session ID (if available) to check if session is local or not ([#861](transmission/transmission#861))
   - Use default (instead of system) locale to be more flexible ([#130](transmission/transmission#130))
   - Modernize the .desktop file ([#162](transmission/transmission#162))
   - Update translations, add new translations for Afrikaans, Catalan, Danish, Greek, Norwegian Bokmål, Slovenian

   ### Daemon
   - Use libsystemd instead of libsystemd-daemon (TRAC-5921)
   - Harden transmission-daemon.service by disallowing privileges elevation ([#795](transmission/transmission#795))
   - Fix exit code to be zero when dumping settings ([#487](transmission/transmission#487))

   ### Web Client
   - Fix tracker error XSS in inspector (CVE-?)
   - Fix performance issues due to improper use of `setInterval()` for UI refresh (TRAC-6031)
   - Fix recognition of `https://` links in comments field ([#41](transmission/transmission#41), [#180](transmission/transmission#180))
   - Fix torrent list style in Google Chrome 59+ ([#384](transmission/transmission#384))
   - Show ETA in compact view on non-mobile devices ([#146](transmission/transmission#146))
   - Show upload file button on mobile devices ([#320](transmission/transmission#320), [#431](transmission/transmission#431), [#956](transmission/transmission#956))
   - Add keyboard hotkeys for web interface ([#351](transmission/transmission#351))
   - Disable autocompletion in torrent URL field ([#367](transmission/transmission#367))

   ### Utils
   - Prevent crash in transmission-show displaying torrents with invalid creation date ([#609](transmission/transmission#609))
   - Handle IPv6 RPC addresses in transmission-remote ([#247](transmission/transmission#247))
   - Add `--unsorted` option to transmission-show ([#767](transmission/transmission#767))
   - Widen the torrent-id column in transmission-remote for cleaner formatting ([#840](transmission/transmission#840))


   To generate a diff of this commit:
   cvs rdiff -u -r1.26 -r1.27 pkgsrc/net/transmission/Makefile
   cvs rdiff -u -r1.9 -r1.10 pkgsrc/net/transmission/Makefile.common
   cvs rdiff -u -r1.3 -r1.4 pkgsrc/net/transmission/PLIST
   cvs rdiff -u -r1.15 -r1.16 pkgsrc/net/transmission/distinfo
   cvs rdiff -u -r1.45 -r1.46 pkgsrc/net/transmission-gtk/Makefile
   cvs rdiff -u -r1.1 -r1.2 pkgsrc/net/transmission-gtk/PLIST
   cvs rdiff -u -r1.52 -r1.53 pkgsrc/net/transmission-qt/Makefile
   cvs rdiff -u -r1.6 -r1.7 pkgsrc/net/transmission/patches/patch-qt_qtr.pro
-------------------------------------------------------------------
   Module Name:    pkgsrc
   Committed By:   wiz
   Date:           Sat Jul 25 20:20:05 UTC 2020

   Modified Files:
           pkgsrc/net/transmission-qt: Makefile

   Log Message:
   transmission-qt: needs gcc 7.x (for <optional>)

   Reported and tested by spz.


   To generate a diff of this commit:
   cvs rdiff -u -r1.53 -r1.54 pkgsrc/net/transmission-qt/Makefile
netbsd-srcmastr pushed a commit to NetBSD/pkgsrc that referenced this pull request Dec 10, 2024
net/transmission-gtk: security update
net/transmission-qt: security update
net/transmission: security update

Revisions pulled up:
- net/transmission-gtk/Makefile                                 1.46
- net/transmission-gtk/PLIST                                    1.2
- net/transmission-qt/Makefile                                  1.54
- net/transmission/Makefile                                     1.27
- net/transmission/Makefile.common                              1.10
- net/transmission/PLIST                                        1.4
- net/transmission/distinfo                                     1.16
- net/transmission/patches/patch-qt_qtr.pro                     1.7

-------------------------------------------------------------------
   Module Name:	pkgsrc
   Committed By:	wiz
   Date:		Mon Jul 13 13:01:02 UTC 2020

   Modified Files:
   	pkgsrc/net/transmission: Makefile Makefile.common PLIST distinfo
   	pkgsrc/net/transmission-gtk: Makefile PLIST
   	pkgsrc/net/transmission-qt: Makefile
   	pkgsrc/net/transmission/patches: patch-qt_qtr.pro

   Log Message:
   transmission*: update to 3.00

   ### All Platforms
   - Allow the RPC server to listen on an IPv6 address ([#161](transmission/transmission#161))
   - Change `TR_CURL_SSL_VERIFY` to `TR_CURL_SSL_NO_VERIFY` and enable verification by default ([#334](transmission/transmission#334))
   - Go back to using hash as base name for resume and torrent files (those stored in configuration directory) ([#122](transmission/transmission#122))
   - Handle "fields" argument in "session-get" RPC request; if "fields" array is present in arguments, only return session fields specified; otherwise return all the fields as before
   - Limit the number of incorrect authentication attempts in embedded web server to 100 to prevent brute-force attacks ([#371](transmission/transmission#371))
   - Set idle seed limit range to 1..40320 (4 weeks tops) in all clients ([#212](transmission/transmission#212))
   - Add Peer ID for Xfplay, PicoTorrent, Free Download Manager, Folx, Baidu Netdisk torrent clients ([#256](transmission/transmission#256), [#285](transmission/transmission#285), [#355](transmission/transmission#355), [#363](transmission/transmission#363), [#386](transmission/transmission#386))
   - Announce `INT64_MAX` as size left if the value is unknown (helps with e.g. Amazon S3 trackers) ([#250](transmission/transmission#250))
   - Add `TCP_FASTOPEN` support (should result in slight speedup) ([#184](transmission/transmission#184))
   - Improve ToS handling on IPv6 connections ([#128](transmission/transmission#128), [#341](transmission/transmission#341), [#360](transmission/transmission#360), [#692](transmission/transmission#692), [#737](transmission/transmission#737))
   - Abort handshake if establishing DH shared secret fails (leads to crash) ([#27](transmission/transmission#27))
   - Don't switch trackers while announcing (leads to crash) ([#297](transmission/transmission#297))
   - Improve completion scripts execution and error handling; add support for .cmd and .bat files on Windows ([#405](transmission/transmission#405))
   - Maintain a "session ID" file (in temporary directory) to better detect whether session is local or remote; return the ID as part of "session-get" response (TRAC-5348, [#861](transmission/transmission#861))
   - Change torrent location even if no data move is needed ([#35](transmission/transmission#35))
   - Support CIDR-notated blocklists ([#230](transmission/transmission#230), [#741](transmission/transmission#741))
   - Update the resume file before running scripts ([#825](transmission/transmission#825))
   - Make multiscrape limits adaptive ([#837](transmission/transmission#837))
   - Add labels support to libtransmission and transmission-remote ([#822](transmission/transmission#822))
   - Parse `session-id` header case-insensitively ([#765](transmission/transmission#765))
   - Sanitize suspicious path components instead of rejecting them ([#62](transmission/transmission#62), [#294](transmission/transmission#294))
   - Load CA certs from system store on Windows / OpenSSL ([#446](transmission/transmission#446))
   - Add support for mbedtls (formely polarssl) and wolfssl (formely cyassl), LibreSSL ([#115](transmission/transmission#115), [#116](transmission/transmission#116), [#284](transmission/transmission#284), [#486](transmission/transmission#486), [#524](transmission/transmission#524), [#570](transmission/transmission#570))
   - Fix building against OpenSSL 1.1.0+ ([#24](transmission/transmission#24))
   - Fix quota support for uClibc-ng 1.0.18+ and DragonFly BSD ([#42](transmission/transmission#42), [#58](transmission/transmission#58), [#312](transmission/transmission#312))
   - Fix a number of memory leaks (magnet loading, session shutdown, bencoded data parsing) ([#56](transmission/transmission#56))
   - Bump miniupnpc version to 2.0.20170509 ([#347](transmission/transmission#347))
   - CMake-related improvements (Ninja generator, libappindicator, systemd, Solaris and macOS) ([#72](transmission/transmission#72), [#96](transmission/transmission#96), [#117](transmission/transmission#117), [#118](transmission/transmission#118), [#133](transmission/transmission#133), [#191](transmission/transmission#191))
   - Switch to submodules to manage (most of) third-party dependencies
   - Fail installation on Windows if UCRT is not installed

   ### Mac Client
   - Bump minimum macOS version to 10.10
   - Dark Mode support ([#644](transmission/transmission#644), [#722](transmission/transmission#722), [#757](transmission/transmission#757), [#779](transmission/transmission#779), [#788](transmission/transmission#788))
   - Remove Growl support, notification center is always used ([#387](transmission/transmission#387))
   - Fix autoupdate on High Sierra and up by bumping the Sparkle version ([#121](transmission/transmission#121), [#600](transmission/transmission#600))
   - Transition to ARC ([#336](transmission/transmission#336))
   - Use proper UTF-8 encoding (with macOS-specific normalization) when setting download/incomplete directory and completion script paths ([#11](transmission/transmission#11))
   - Fix uncaught exception when dragging multiple items between groups ([#51](transmission/transmission#51))
   - Add flat variants of status icons for message log ([#134](transmission/transmission#134))
   - Optimize image resources size ([#304](transmission/transmission#304), [#429](transmission/transmission#429))
   - Update file icon when file name changes ([#37](transmission/transmission#37))
   - Update translations

   ### GTK+ Client
   - Add queue up/down hotkeys ([#158](transmission/transmission#158))
   - Modernize the .desktop file ([#162](transmission/transmission#162))
   - Add AppData file ([#224](transmission/transmission#224))
   - Add symbolic icon variant for the Gnome top bar and when the high contrast theme is in use ([#414](transmission/transmission#414), [#449](transmission/transmission#449))
   - Update file icon when its name changes ([#37](transmission/transmission#37))
   - Switch from intltool to gettext for translations ([#584](transmission/transmission#584), [#647](transmission/transmission#647))
   - Update translations, add new translations for Portuguese (Portugal)

   ### Qt Client
   - Bump minimum Qt version to 5.2
   - Fix dropping .torrent files into main window on Windows ([#269](transmission/transmission#269))
   - Fix prepending of drive letter to various user-selected paths on Windows ([#236](transmission/transmission#236), [#307](transmission/transmission#307), [#404](transmission/transmission#404), [#437](transmission/transmission#437), [#699](transmission/transmission#699), [#723](transmission/transmission#723), [#877](transmission/transmission#877))
   - Fix sorting by progress in presence of magnet transfers ([#234](transmission/transmission#234))
   - Fix .torrent file trashing upon addition ([#262](transmission/transmission#262))
   - Add queue up/down hotkeys ([#158](transmission/transmission#158))
   - Reduce torrent properties (file tree) memory usage
   - Display tooltips in torrent properties (file tree) in case the names don't fit ([#411](transmission/transmission#411))
   - Improve UI look on hi-dpi displays (YMMV)
   - Use session ID (if available) to check if session is local or not ([#861](transmission/transmission#861))
   - Use default (instead of system) locale to be more flexible ([#130](transmission/transmission#130))
   - Modernize the .desktop file ([#162](transmission/transmission#162))
   - Update translations, add new translations for Afrikaans, Catalan, Danish, Greek, Norwegian Bokmål, Slovenian

   ### Daemon
   - Use libsystemd instead of libsystemd-daemon (TRAC-5921)
   - Harden transmission-daemon.service by disallowing privileges elevation ([#795](transmission/transmission#795))
   - Fix exit code to be zero when dumping settings ([#487](transmission/transmission#487))

   ### Web Client
   - Fix tracker error XSS in inspector (CVE-?)
   - Fix performance issues due to improper use of `setInterval()` for UI refresh (TRAC-6031)
   - Fix recognition of `https://` links in comments field ([#41](transmission/transmission#41), [#180](transmission/transmission#180))
   - Fix torrent list style in Google Chrome 59+ ([#384](transmission/transmission#384))
   - Show ETA in compact view on non-mobile devices ([#146](transmission/transmission#146))
   - Show upload file button on mobile devices ([#320](transmission/transmission#320), [#431](transmission/transmission#431), [#956](transmission/transmission#956))
   - Add keyboard hotkeys for web interface ([#351](transmission/transmission#351))
   - Disable autocompletion in torrent URL field ([#367](transmission/transmission#367))

   ### Utils
   - Prevent crash in transmission-show displaying torrents with invalid creation date ([#609](transmission/transmission#609))
   - Handle IPv6 RPC addresses in transmission-remote ([#247](transmission/transmission#247))
   - Add `--unsorted` option to transmission-show ([#767](transmission/transmission#767))
   - Widen the torrent-id column in transmission-remote for cleaner formatting ([#840](transmission/transmission#840))


   To generate a diff of this commit:
   cvs rdiff -u -r1.26 -r1.27 pkgsrc/net/transmission/Makefile
   cvs rdiff -u -r1.9 -r1.10 pkgsrc/net/transmission/Makefile.common
   cvs rdiff -u -r1.3 -r1.4 pkgsrc/net/transmission/PLIST
   cvs rdiff -u -r1.15 -r1.16 pkgsrc/net/transmission/distinfo
   cvs rdiff -u -r1.45 -r1.46 pkgsrc/net/transmission-gtk/Makefile
   cvs rdiff -u -r1.1 -r1.2 pkgsrc/net/transmission-gtk/PLIST
   cvs rdiff -u -r1.52 -r1.53 pkgsrc/net/transmission-qt/Makefile
   cvs rdiff -u -r1.6 -r1.7 pkgsrc/net/transmission/patches/patch-qt_qtr.pro
-------------------------------------------------------------------
   Module Name:    pkgsrc
   Committed By:   wiz
   Date:           Sat Jul 25 20:20:05 UTC 2020

   Modified Files:
           pkgsrc/net/transmission-qt: Makefile

   Log Message:
   transmission-qt: needs gcc 7.x (for <optional>)

   Reported and tested by spz.


   To generate a diff of this commit:
   cvs rdiff -u -r1.53 -r1.54 pkgsrc/net/transmission-qt/Makefile
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Development

Successfully merging this pull request may close these issues.

3 participants