-
Notifications
You must be signed in to change notification settings - Fork 1.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Parse session-id header case-insensitively #765
Conversation
a1baab1
to
d7058e1
Compare
44af985
to
e06fc7c
Compare
@mikedld Any thoughts on this? |
651470e
to
ec89d06
Compare
a912885
to
a2d1394
Compare
@ckerr @mikedld changes are made and tested on linux, but I have no access to macOS or windows machines and I don't know why the builds fail. I am not familiar with VS or XCode so I have no idea how to modify their build setups. Any help would be appreciated. I believe I found and included the right windows hearder for StrStrIA() according to this. |
c733092
to
f695754
Compare
Fixed Windows/macOS build issues, fixed code style, rebased with master. Let me know if anything else needs to be done. For me, this fixes the issues I was having with nginx as a reverse proxy. |
a6cc32e
to
d95921e
Compare
This has been rebased and updated again for the new code style. @ckerr mind giving it another review? |
RFC 2616 defines headers as case-insensitive, so if rpc is behind a reverse proxy that lowers the case of headers, transmission will not parse them correctly. A new wrapper function, `tr_strcasestr` is added to libtransmission/utils.c to allow for comparisons of headers case insensitively, and checks in cmake and autogen are included.
Looks like the comments have been addressed.
### All Platforms - Allow the RPC server to listen on an IPv6 address ([#161](transmission/transmission#161)) - Change `TR_CURL_SSL_VERIFY` to `TR_CURL_SSL_NO_VERIFY` and enable verification by default ([#334](transmission/transmission#334)) - Go back to using hash as base name for resume and torrent files (those stored in configuration directory) ([#122](transmission/transmission#122)) - Handle "fields" argument in "session-get" RPC request; if "fields" array is present in arguments, only return session fields specified; otherwise return all the fields as before - Limit the number of incorrect authentication attempts in embedded web server to 100 to prevent brute-force attacks ([#371](transmission/transmission#371)) - Set idle seed limit range to 1..40320 (4 weeks tops) in all clients ([#212](transmission/transmission#212)) - Add Peer ID for Xfplay, PicoTorrent, Free Download Manager, Folx, Baidu Netdisk torrent clients ([#256](transmission/transmission#256), [#285](transmission/transmission#285), [#355](transmission/transmission#355), [#363](transmission/transmission#363), [#386](transmission/transmission#386)) - Announce `INT64_MAX` as size left if the value is unknown (helps with e.g. Amazon S3 trackers) ([#250](transmission/transmission#250)) - Add `TCP_FASTOPEN` support (should result in slight speedup) ([#184](transmission/transmission#184)) - Improve ToS handling on IPv6 connections ([#128](transmission/transmission#128), [#341](transmission/transmission#341), [#360](transmission/transmission#360), [#692](transmission/transmission#692), [#737](transmission/transmission#737)) - Abort handshake if establishing DH shared secret fails (leads to crash) ([#27](transmission/transmission#27)) - Don't switch trackers while announcing (leads to crash) ([#297](transmission/transmission#297)) - Improve completion scripts execution and error handling; add support for .cmd and .bat files on Windows ([#405](transmission/transmission#405)) - Maintain a "session ID" file (in temporary directory) to better detect whether session is local or remote; return the ID as part of "session-get" response (TRAC-5348, [#861](transmission/transmission#861)) - Change torrent location even if no data move is needed ([#35](transmission/transmission#35)) - Support CIDR-notated blocklists ([#230](transmission/transmission#230), [#741](transmission/transmission#741)) - Update the resume file before running scripts ([#825](transmission/transmission#825)) - Make multiscrape limits adaptive ([#837](transmission/transmission#837)) - Add labels support to libtransmission and transmission-remote ([#822](transmission/transmission#822)) - Parse `session-id` header case-insensitively ([#765](transmission/transmission#765)) - Sanitize suspicious path components instead of rejecting them ([#62](transmission/transmission#62), [#294](transmission/transmission#294)) - Load CA certs from system store on Windows / OpenSSL ([#446](transmission/transmission#446)) - Add support for mbedtls (formely polarssl) and wolfssl (formely cyassl), LibreSSL ([#115](transmission/transmission#115), [#116](transmission/transmission#116), [#284](transmission/transmission#284), [#486](transmission/transmission#486), [#524](transmission/transmission#524), [#570](transmission/transmission#570)) - Fix building against OpenSSL 1.1.0+ ([#24](transmission/transmission#24)) - Fix quota support for uClibc-ng 1.0.18+ and DragonFly BSD ([#42](transmission/transmission#42), [#58](transmission/transmission#58), [#312](transmission/transmission#312)) - Fix a number of memory leaks (magnet loading, session shutdown, bencoded data parsing) ([#56](transmission/transmission#56)) - Bump miniupnpc version to 2.0.20170509 ([#347](transmission/transmission#347)) - CMake-related improvements (Ninja generator, libappindicator, systemd, Solaris and macOS) ([#72](transmission/transmission#72), [#96](transmission/transmission#96), [#117](transmission/transmission#117), [#118](transmission/transmission#118), [#133](transmission/transmission#133), [#191](transmission/transmission#191)) - Switch to submodules to manage (most of) third-party dependencies - Fail installation on Windows if UCRT is not installed ### Mac Client - Bump minimum macOS version to 10.10 - Dark Mode support ([#644](transmission/transmission#644), [#722](transmission/transmission#722), [#757](transmission/transmission#757), [#779](transmission/transmission#779), [#788](transmission/transmission#788)) - Remove Growl support, notification center is always used ([#387](transmission/transmission#387)) - Fix autoupdate on High Sierra and up by bumping the Sparkle version ([#121](transmission/transmission#121), [#600](transmission/transmission#600)) - Transition to ARC ([#336](transmission/transmission#336)) - Use proper UTF-8 encoding (with macOS-specific normalization) when setting download/incomplete directory and completion script paths ([#11](transmission/transmission#11)) - Fix uncaught exception when dragging multiple items between groups ([#51](transmission/transmission#51)) - Add flat variants of status icons for message log ([#134](transmission/transmission#134)) - Optimize image resources size ([#304](transmission/transmission#304), [#429](transmission/transmission#429)) - Update file icon when file name changes ([#37](transmission/transmission#37)) - Update translations ### GTK+ Client - Add queue up/down hotkeys ([#158](transmission/transmission#158)) - Modernize the .desktop file ([#162](transmission/transmission#162)) - Add AppData file ([#224](transmission/transmission#224)) - Add symbolic icon variant for the Gnome top bar and when the high contrast theme is in use ([#414](transmission/transmission#414), [#449](transmission/transmission#449)) - Update file icon when its name changes ([#37](transmission/transmission#37)) - Switch from intltool to gettext for translations ([#584](transmission/transmission#584), [#647](transmission/transmission#647)) - Update translations, add new translations for Portuguese (Portugal) ### Qt Client - Bump minimum Qt version to 5.2 - Fix dropping .torrent files into main window on Windows ([#269](transmission/transmission#269)) - Fix prepending of drive letter to various user-selected paths on Windows ([#236](transmission/transmission#236), [#307](transmission/transmission#307), [#404](transmission/transmission#404), [#437](transmission/transmission#437), [#699](transmission/transmission#699), [#723](transmission/transmission#723), [#877](transmission/transmission#877)) - Fix sorting by progress in presence of magnet transfers ([#234](transmission/transmission#234)) - Fix .torrent file trashing upon addition ([#262](transmission/transmission#262)) - Add queue up/down hotkeys ([#158](transmission/transmission#158)) - Reduce torrent properties (file tree) memory usage - Display tooltips in torrent properties (file tree) in case the names don't fit ([#411](transmission/transmission#411)) - Improve UI look on hi-dpi displays (YMMV) - Use session ID (if available) to check if session is local or not ([#861](transmission/transmission#861)) - Use default (instead of system) locale to be more flexible ([#130](transmission/transmission#130)) - Modernize the .desktop file ([#162](transmission/transmission#162)) - Update translations, add new translations for Afrikaans, Catalan, Danish, Greek, Norwegian Bokmål, Slovenian ### Daemon - Use libsystemd instead of libsystemd-daemon (TRAC-5921) - Harden transmission-daemon.service by disallowing privileges elevation ([#795](transmission/transmission#795)) - Fix exit code to be zero when dumping settings ([#487](transmission/transmission#487)) ### Web Client - Fix tracker error XSS in inspector (CVE-?) - Fix performance issues due to improper use of `setInterval()` for UI refresh (TRAC-6031) - Fix recognition of `https://` links in comments field ([#41](transmission/transmission#41), [#180](transmission/transmission#180)) - Fix torrent list style in Google Chrome 59+ ([#384](transmission/transmission#384)) - Show ETA in compact view on non-mobile devices ([#146](transmission/transmission#146)) - Show upload file button on mobile devices ([#320](transmission/transmission#320), [#431](transmission/transmission#431), [#956](transmission/transmission#956)) - Add keyboard hotkeys for web interface ([#351](transmission/transmission#351)) - Disable autocompletion in torrent URL field ([#367](transmission/transmission#367)) ### Utils - Prevent crash in transmission-show displaying torrents with invalid creation date ([#609](transmission/transmission#609)) - Handle IPv6 RPC addresses in transmission-remote ([#247](transmission/transmission#247)) - Add `--unsorted` option to transmission-show ([#767](transmission/transmission#767)) - Widen the torrent-id column in transmission-remote for cleaner formatting ([#840](transmission/transmission#840))
net/transmission-gtk: security update net/transmission-qt: security update net/transmission: security update Revisions pulled up: - net/transmission-gtk/Makefile 1.46 - net/transmission-gtk/PLIST 1.2 - net/transmission-qt/Makefile 1.54 - net/transmission/Makefile 1.27 - net/transmission/Makefile.common 1.10 - net/transmission/PLIST 1.4 - net/transmission/distinfo 1.16 - net/transmission/patches/patch-qt_qtr.pro 1.7 ------------------------------------------------------------------- Module Name: pkgsrc Committed By: wiz Date: Mon Jul 13 13:01:02 UTC 2020 Modified Files: pkgsrc/net/transmission: Makefile Makefile.common PLIST distinfo pkgsrc/net/transmission-gtk: Makefile PLIST pkgsrc/net/transmission-qt: Makefile pkgsrc/net/transmission/patches: patch-qt_qtr.pro Log Message: transmission*: update to 3.00 ### All Platforms - Allow the RPC server to listen on an IPv6 address ([#161](transmission/transmission#161)) - Change `TR_CURL_SSL_VERIFY` to `TR_CURL_SSL_NO_VERIFY` and enable verification by default ([#334](transmission/transmission#334)) - Go back to using hash as base name for resume and torrent files (those stored in configuration directory) ([#122](transmission/transmission#122)) - Handle "fields" argument in "session-get" RPC request; if "fields" array is present in arguments, only return session fields specified; otherwise return all the fields as before - Limit the number of incorrect authentication attempts in embedded web server to 100 to prevent brute-force attacks ([#371](transmission/transmission#371)) - Set idle seed limit range to 1..40320 (4 weeks tops) in all clients ([#212](transmission/transmission#212)) - Add Peer ID for Xfplay, PicoTorrent, Free Download Manager, Folx, Baidu Netdisk torrent clients ([#256](transmission/transmission#256), [#285](transmission/transmission#285), [#355](transmission/transmission#355), [#363](transmission/transmission#363), [#386](transmission/transmission#386)) - Announce `INT64_MAX` as size left if the value is unknown (helps with e.g. Amazon S3 trackers) ([#250](transmission/transmission#250)) - Add `TCP_FASTOPEN` support (should result in slight speedup) ([#184](transmission/transmission#184)) - Improve ToS handling on IPv6 connections ([#128](transmission/transmission#128), [#341](transmission/transmission#341), [#360](transmission/transmission#360), [#692](transmission/transmission#692), [#737](transmission/transmission#737)) - Abort handshake if establishing DH shared secret fails (leads to crash) ([#27](transmission/transmission#27)) - Don't switch trackers while announcing (leads to crash) ([#297](transmission/transmission#297)) - Improve completion scripts execution and error handling; add support for .cmd and .bat files on Windows ([#405](transmission/transmission#405)) - Maintain a "session ID" file (in temporary directory) to better detect whether session is local or remote; return the ID as part of "session-get" response (TRAC-5348, [#861](transmission/transmission#861)) - Change torrent location even if no data move is needed ([#35](transmission/transmission#35)) - Support CIDR-notated blocklists ([#230](transmission/transmission#230), [#741](transmission/transmission#741)) - Update the resume file before running scripts ([#825](transmission/transmission#825)) - Make multiscrape limits adaptive ([#837](transmission/transmission#837)) - Add labels support to libtransmission and transmission-remote ([#822](transmission/transmission#822)) - Parse `session-id` header case-insensitively ([#765](transmission/transmission#765)) - Sanitize suspicious path components instead of rejecting them ([#62](transmission/transmission#62), [#294](transmission/transmission#294)) - Load CA certs from system store on Windows / OpenSSL ([#446](transmission/transmission#446)) - Add support for mbedtls (formely polarssl) and wolfssl (formely cyassl), LibreSSL ([#115](transmission/transmission#115), [#116](transmission/transmission#116), [#284](transmission/transmission#284), [#486](transmission/transmission#486), [#524](transmission/transmission#524), [#570](transmission/transmission#570)) - Fix building against OpenSSL 1.1.0+ ([#24](transmission/transmission#24)) - Fix quota support for uClibc-ng 1.0.18+ and DragonFly BSD ([#42](transmission/transmission#42), [#58](transmission/transmission#58), [#312](transmission/transmission#312)) - Fix a number of memory leaks (magnet loading, session shutdown, bencoded data parsing) ([#56](transmission/transmission#56)) - Bump miniupnpc version to 2.0.20170509 ([#347](transmission/transmission#347)) - CMake-related improvements (Ninja generator, libappindicator, systemd, Solaris and macOS) ([#72](transmission/transmission#72), [#96](transmission/transmission#96), [#117](transmission/transmission#117), [#118](transmission/transmission#118), [#133](transmission/transmission#133), [#191](transmission/transmission#191)) - Switch to submodules to manage (most of) third-party dependencies - Fail installation on Windows if UCRT is not installed ### Mac Client - Bump minimum macOS version to 10.10 - Dark Mode support ([#644](transmission/transmission#644), [#722](transmission/transmission#722), [#757](transmission/transmission#757), [#779](transmission/transmission#779), [#788](transmission/transmission#788)) - Remove Growl support, notification center is always used ([#387](transmission/transmission#387)) - Fix autoupdate on High Sierra and up by bumping the Sparkle version ([#121](transmission/transmission#121), [#600](transmission/transmission#600)) - Transition to ARC ([#336](transmission/transmission#336)) - Use proper UTF-8 encoding (with macOS-specific normalization) when setting download/incomplete directory and completion script paths ([#11](transmission/transmission#11)) - Fix uncaught exception when dragging multiple items between groups ([#51](transmission/transmission#51)) - Add flat variants of status icons for message log ([#134](transmission/transmission#134)) - Optimize image resources size ([#304](transmission/transmission#304), [#429](transmission/transmission#429)) - Update file icon when file name changes ([#37](transmission/transmission#37)) - Update translations ### GTK+ Client - Add queue up/down hotkeys ([#158](transmission/transmission#158)) - Modernize the .desktop file ([#162](transmission/transmission#162)) - Add AppData file ([#224](transmission/transmission#224)) - Add symbolic icon variant for the Gnome top bar and when the high contrast theme is in use ([#414](transmission/transmission#414), [#449](transmission/transmission#449)) - Update file icon when its name changes ([#37](transmission/transmission#37)) - Switch from intltool to gettext for translations ([#584](transmission/transmission#584), [#647](transmission/transmission#647)) - Update translations, add new translations for Portuguese (Portugal) ### Qt Client - Bump minimum Qt version to 5.2 - Fix dropping .torrent files into main window on Windows ([#269](transmission/transmission#269)) - Fix prepending of drive letter to various user-selected paths on Windows ([#236](transmission/transmission#236), [#307](transmission/transmission#307), [#404](transmission/transmission#404), [#437](transmission/transmission#437), [#699](transmission/transmission#699), [#723](transmission/transmission#723), [#877](transmission/transmission#877)) - Fix sorting by progress in presence of magnet transfers ([#234](transmission/transmission#234)) - Fix .torrent file trashing upon addition ([#262](transmission/transmission#262)) - Add queue up/down hotkeys ([#158](transmission/transmission#158)) - Reduce torrent properties (file tree) memory usage - Display tooltips in torrent properties (file tree) in case the names don't fit ([#411](transmission/transmission#411)) - Improve UI look on hi-dpi displays (YMMV) - Use session ID (if available) to check if session is local or not ([#861](transmission/transmission#861)) - Use default (instead of system) locale to be more flexible ([#130](transmission/transmission#130)) - Modernize the .desktop file ([#162](transmission/transmission#162)) - Update translations, add new translations for Afrikaans, Catalan, Danish, Greek, Norwegian Bokmål, Slovenian ### Daemon - Use libsystemd instead of libsystemd-daemon (TRAC-5921) - Harden transmission-daemon.service by disallowing privileges elevation ([#795](transmission/transmission#795)) - Fix exit code to be zero when dumping settings ([#487](transmission/transmission#487)) ### Web Client - Fix tracker error XSS in inspector (CVE-?) - Fix performance issues due to improper use of `setInterval()` for UI refresh (TRAC-6031) - Fix recognition of `https://` links in comments field ([#41](transmission/transmission#41), [#180](transmission/transmission#180)) - Fix torrent list style in Google Chrome 59+ ([#384](transmission/transmission#384)) - Show ETA in compact view on non-mobile devices ([#146](transmission/transmission#146)) - Show upload file button on mobile devices ([#320](transmission/transmission#320), [#431](transmission/transmission#431), [#956](transmission/transmission#956)) - Add keyboard hotkeys for web interface ([#351](transmission/transmission#351)) - Disable autocompletion in torrent URL field ([#367](transmission/transmission#367)) ### Utils - Prevent crash in transmission-show displaying torrents with invalid creation date ([#609](transmission/transmission#609)) - Handle IPv6 RPC addresses in transmission-remote ([#247](transmission/transmission#247)) - Add `--unsorted` option to transmission-show ([#767](transmission/transmission#767)) - Widen the torrent-id column in transmission-remote for cleaner formatting ([#840](transmission/transmission#840)) To generate a diff of this commit: cvs rdiff -u -r1.26 -r1.27 pkgsrc/net/transmission/Makefile cvs rdiff -u -r1.9 -r1.10 pkgsrc/net/transmission/Makefile.common cvs rdiff -u -r1.3 -r1.4 pkgsrc/net/transmission/PLIST cvs rdiff -u -r1.15 -r1.16 pkgsrc/net/transmission/distinfo cvs rdiff -u -r1.45 -r1.46 pkgsrc/net/transmission-gtk/Makefile cvs rdiff -u -r1.1 -r1.2 pkgsrc/net/transmission-gtk/PLIST cvs rdiff -u -r1.52 -r1.53 pkgsrc/net/transmission-qt/Makefile cvs rdiff -u -r1.6 -r1.7 pkgsrc/net/transmission/patches/patch-qt_qtr.pro ------------------------------------------------------------------- Module Name: pkgsrc Committed By: wiz Date: Sat Jul 25 20:20:05 UTC 2020 Modified Files: pkgsrc/net/transmission-qt: Makefile Log Message: transmission-qt: needs gcc 7.x (for <optional>) Reported and tested by spz. To generate a diff of this commit: cvs rdiff -u -r1.53 -r1.54 pkgsrc/net/transmission-qt/Makefile
net/transmission-gtk: security update net/transmission-qt: security update net/transmission: security update Revisions pulled up: - net/transmission-gtk/Makefile 1.46 - net/transmission-gtk/PLIST 1.2 - net/transmission-qt/Makefile 1.54 - net/transmission/Makefile 1.27 - net/transmission/Makefile.common 1.10 - net/transmission/PLIST 1.4 - net/transmission/distinfo 1.16 - net/transmission/patches/patch-qt_qtr.pro 1.7 ------------------------------------------------------------------- Module Name: pkgsrc Committed By: wiz Date: Mon Jul 13 13:01:02 UTC 2020 Modified Files: pkgsrc/net/transmission: Makefile Makefile.common PLIST distinfo pkgsrc/net/transmission-gtk: Makefile PLIST pkgsrc/net/transmission-qt: Makefile pkgsrc/net/transmission/patches: patch-qt_qtr.pro Log Message: transmission*: update to 3.00 ### All Platforms - Allow the RPC server to listen on an IPv6 address ([#161](transmission/transmission#161)) - Change `TR_CURL_SSL_VERIFY` to `TR_CURL_SSL_NO_VERIFY` and enable verification by default ([#334](transmission/transmission#334)) - Go back to using hash as base name for resume and torrent files (those stored in configuration directory) ([#122](transmission/transmission#122)) - Handle "fields" argument in "session-get" RPC request; if "fields" array is present in arguments, only return session fields specified; otherwise return all the fields as before - Limit the number of incorrect authentication attempts in embedded web server to 100 to prevent brute-force attacks ([#371](transmission/transmission#371)) - Set idle seed limit range to 1..40320 (4 weeks tops) in all clients ([#212](transmission/transmission#212)) - Add Peer ID for Xfplay, PicoTorrent, Free Download Manager, Folx, Baidu Netdisk torrent clients ([#256](transmission/transmission#256), [#285](transmission/transmission#285), [#355](transmission/transmission#355), [#363](transmission/transmission#363), [#386](transmission/transmission#386)) - Announce `INT64_MAX` as size left if the value is unknown (helps with e.g. Amazon S3 trackers) ([#250](transmission/transmission#250)) - Add `TCP_FASTOPEN` support (should result in slight speedup) ([#184](transmission/transmission#184)) - Improve ToS handling on IPv6 connections ([#128](transmission/transmission#128), [#341](transmission/transmission#341), [#360](transmission/transmission#360), [#692](transmission/transmission#692), [#737](transmission/transmission#737)) - Abort handshake if establishing DH shared secret fails (leads to crash) ([#27](transmission/transmission#27)) - Don't switch trackers while announcing (leads to crash) ([#297](transmission/transmission#297)) - Improve completion scripts execution and error handling; add support for .cmd and .bat files on Windows ([#405](transmission/transmission#405)) - Maintain a "session ID" file (in temporary directory) to better detect whether session is local or remote; return the ID as part of "session-get" response (TRAC-5348, [#861](transmission/transmission#861)) - Change torrent location even if no data move is needed ([#35](transmission/transmission#35)) - Support CIDR-notated blocklists ([#230](transmission/transmission#230), [#741](transmission/transmission#741)) - Update the resume file before running scripts ([#825](transmission/transmission#825)) - Make multiscrape limits adaptive ([#837](transmission/transmission#837)) - Add labels support to libtransmission and transmission-remote ([#822](transmission/transmission#822)) - Parse `session-id` header case-insensitively ([#765](transmission/transmission#765)) - Sanitize suspicious path components instead of rejecting them ([#62](transmission/transmission#62), [#294](transmission/transmission#294)) - Load CA certs from system store on Windows / OpenSSL ([#446](transmission/transmission#446)) - Add support for mbedtls (formely polarssl) and wolfssl (formely cyassl), LibreSSL ([#115](transmission/transmission#115), [#116](transmission/transmission#116), [#284](transmission/transmission#284), [#486](transmission/transmission#486), [#524](transmission/transmission#524), [#570](transmission/transmission#570)) - Fix building against OpenSSL 1.1.0+ ([#24](transmission/transmission#24)) - Fix quota support for uClibc-ng 1.0.18+ and DragonFly BSD ([#42](transmission/transmission#42), [#58](transmission/transmission#58), [#312](transmission/transmission#312)) - Fix a number of memory leaks (magnet loading, session shutdown, bencoded data parsing) ([#56](transmission/transmission#56)) - Bump miniupnpc version to 2.0.20170509 ([#347](transmission/transmission#347)) - CMake-related improvements (Ninja generator, libappindicator, systemd, Solaris and macOS) ([#72](transmission/transmission#72), [#96](transmission/transmission#96), [#117](transmission/transmission#117), [#118](transmission/transmission#118), [#133](transmission/transmission#133), [#191](transmission/transmission#191)) - Switch to submodules to manage (most of) third-party dependencies - Fail installation on Windows if UCRT is not installed ### Mac Client - Bump minimum macOS version to 10.10 - Dark Mode support ([#644](transmission/transmission#644), [#722](transmission/transmission#722), [#757](transmission/transmission#757), [#779](transmission/transmission#779), [#788](transmission/transmission#788)) - Remove Growl support, notification center is always used ([#387](transmission/transmission#387)) - Fix autoupdate on High Sierra and up by bumping the Sparkle version ([#121](transmission/transmission#121), [#600](transmission/transmission#600)) - Transition to ARC ([#336](transmission/transmission#336)) - Use proper UTF-8 encoding (with macOS-specific normalization) when setting download/incomplete directory and completion script paths ([#11](transmission/transmission#11)) - Fix uncaught exception when dragging multiple items between groups ([#51](transmission/transmission#51)) - Add flat variants of status icons for message log ([#134](transmission/transmission#134)) - Optimize image resources size ([#304](transmission/transmission#304), [#429](transmission/transmission#429)) - Update file icon when file name changes ([#37](transmission/transmission#37)) - Update translations ### GTK+ Client - Add queue up/down hotkeys ([#158](transmission/transmission#158)) - Modernize the .desktop file ([#162](transmission/transmission#162)) - Add AppData file ([#224](transmission/transmission#224)) - Add symbolic icon variant for the Gnome top bar and when the high contrast theme is in use ([#414](transmission/transmission#414), [#449](transmission/transmission#449)) - Update file icon when its name changes ([#37](transmission/transmission#37)) - Switch from intltool to gettext for translations ([#584](transmission/transmission#584), [#647](transmission/transmission#647)) - Update translations, add new translations for Portuguese (Portugal) ### Qt Client - Bump minimum Qt version to 5.2 - Fix dropping .torrent files into main window on Windows ([#269](transmission/transmission#269)) - Fix prepending of drive letter to various user-selected paths on Windows ([#236](transmission/transmission#236), [#307](transmission/transmission#307), [#404](transmission/transmission#404), [#437](transmission/transmission#437), [#699](transmission/transmission#699), [#723](transmission/transmission#723), [#877](transmission/transmission#877)) - Fix sorting by progress in presence of magnet transfers ([#234](transmission/transmission#234)) - Fix .torrent file trashing upon addition ([#262](transmission/transmission#262)) - Add queue up/down hotkeys ([#158](transmission/transmission#158)) - Reduce torrent properties (file tree) memory usage - Display tooltips in torrent properties (file tree) in case the names don't fit ([#411](transmission/transmission#411)) - Improve UI look on hi-dpi displays (YMMV) - Use session ID (if available) to check if session is local or not ([#861](transmission/transmission#861)) - Use default (instead of system) locale to be more flexible ([#130](transmission/transmission#130)) - Modernize the .desktop file ([#162](transmission/transmission#162)) - Update translations, add new translations for Afrikaans, Catalan, Danish, Greek, Norwegian Bokmål, Slovenian ### Daemon - Use libsystemd instead of libsystemd-daemon (TRAC-5921) - Harden transmission-daemon.service by disallowing privileges elevation ([#795](transmission/transmission#795)) - Fix exit code to be zero when dumping settings ([#487](transmission/transmission#487)) ### Web Client - Fix tracker error XSS in inspector (CVE-?) - Fix performance issues due to improper use of `setInterval()` for UI refresh (TRAC-6031) - Fix recognition of `https://` links in comments field ([#41](transmission/transmission#41), [#180](transmission/transmission#180)) - Fix torrent list style in Google Chrome 59+ ([#384](transmission/transmission#384)) - Show ETA in compact view on non-mobile devices ([#146](transmission/transmission#146)) - Show upload file button on mobile devices ([#320](transmission/transmission#320), [#431](transmission/transmission#431), [#956](transmission/transmission#956)) - Add keyboard hotkeys for web interface ([#351](transmission/transmission#351)) - Disable autocompletion in torrent URL field ([#367](transmission/transmission#367)) ### Utils - Prevent crash in transmission-show displaying torrents with invalid creation date ([#609](transmission/transmission#609)) - Handle IPv6 RPC addresses in transmission-remote ([#247](transmission/transmission#247)) - Add `--unsorted` option to transmission-show ([#767](transmission/transmission#767)) - Widen the torrent-id column in transmission-remote for cleaner formatting ([#840](transmission/transmission#840)) To generate a diff of this commit: cvs rdiff -u -r1.26 -r1.27 pkgsrc/net/transmission/Makefile cvs rdiff -u -r1.9 -r1.10 pkgsrc/net/transmission/Makefile.common cvs rdiff -u -r1.3 -r1.4 pkgsrc/net/transmission/PLIST cvs rdiff -u -r1.15 -r1.16 pkgsrc/net/transmission/distinfo cvs rdiff -u -r1.45 -r1.46 pkgsrc/net/transmission-gtk/Makefile cvs rdiff -u -r1.1 -r1.2 pkgsrc/net/transmission-gtk/PLIST cvs rdiff -u -r1.52 -r1.53 pkgsrc/net/transmission-qt/Makefile cvs rdiff -u -r1.6 -r1.7 pkgsrc/net/transmission/patches/patch-qt_qtr.pro ------------------------------------------------------------------- Module Name: pkgsrc Committed By: wiz Date: Sat Jul 25 20:20:05 UTC 2020 Modified Files: pkgsrc/net/transmission-qt: Makefile Log Message: transmission-qt: needs gcc 7.x (for <optional>) Reported and tested by spz. To generate a diff of this commit: cvs rdiff -u -r1.53 -r1.54 pkgsrc/net/transmission-qt/Makefile
net/transmission-gtk: security update net/transmission-qt: security update net/transmission: security update Revisions pulled up: - net/transmission-gtk/Makefile 1.46 - net/transmission-gtk/PLIST 1.2 - net/transmission-qt/Makefile 1.54 - net/transmission/Makefile 1.27 - net/transmission/Makefile.common 1.10 - net/transmission/PLIST 1.4 - net/transmission/distinfo 1.16 - net/transmission/patches/patch-qt_qtr.pro 1.7 ------------------------------------------------------------------- Module Name: pkgsrc Committed By: wiz Date: Mon Jul 13 13:01:02 UTC 2020 Modified Files: pkgsrc/net/transmission: Makefile Makefile.common PLIST distinfo pkgsrc/net/transmission-gtk: Makefile PLIST pkgsrc/net/transmission-qt: Makefile pkgsrc/net/transmission/patches: patch-qt_qtr.pro Log Message: transmission*: update to 3.00 ### All Platforms - Allow the RPC server to listen on an IPv6 address ([#161](transmission/transmission#161)) - Change `TR_CURL_SSL_VERIFY` to `TR_CURL_SSL_NO_VERIFY` and enable verification by default ([#334](transmission/transmission#334)) - Go back to using hash as base name for resume and torrent files (those stored in configuration directory) ([#122](transmission/transmission#122)) - Handle "fields" argument in "session-get" RPC request; if "fields" array is present in arguments, only return session fields specified; otherwise return all the fields as before - Limit the number of incorrect authentication attempts in embedded web server to 100 to prevent brute-force attacks ([#371](transmission/transmission#371)) - Set idle seed limit range to 1..40320 (4 weeks tops) in all clients ([#212](transmission/transmission#212)) - Add Peer ID for Xfplay, PicoTorrent, Free Download Manager, Folx, Baidu Netdisk torrent clients ([#256](transmission/transmission#256), [#285](transmission/transmission#285), [#355](transmission/transmission#355), [#363](transmission/transmission#363), [#386](transmission/transmission#386)) - Announce `INT64_MAX` as size left if the value is unknown (helps with e.g. Amazon S3 trackers) ([#250](transmission/transmission#250)) - Add `TCP_FASTOPEN` support (should result in slight speedup) ([#184](transmission/transmission#184)) - Improve ToS handling on IPv6 connections ([#128](transmission/transmission#128), [#341](transmission/transmission#341), [#360](transmission/transmission#360), [#692](transmission/transmission#692), [#737](transmission/transmission#737)) - Abort handshake if establishing DH shared secret fails (leads to crash) ([#27](transmission/transmission#27)) - Don't switch trackers while announcing (leads to crash) ([#297](transmission/transmission#297)) - Improve completion scripts execution and error handling; add support for .cmd and .bat files on Windows ([#405](transmission/transmission#405)) - Maintain a "session ID" file (in temporary directory) to better detect whether session is local or remote; return the ID as part of "session-get" response (TRAC-5348, [#861](transmission/transmission#861)) - Change torrent location even if no data move is needed ([#35](transmission/transmission#35)) - Support CIDR-notated blocklists ([#230](transmission/transmission#230), [#741](transmission/transmission#741)) - Update the resume file before running scripts ([#825](transmission/transmission#825)) - Make multiscrape limits adaptive ([#837](transmission/transmission#837)) - Add labels support to libtransmission and transmission-remote ([#822](transmission/transmission#822)) - Parse `session-id` header case-insensitively ([#765](transmission/transmission#765)) - Sanitize suspicious path components instead of rejecting them ([#62](transmission/transmission#62), [#294](transmission/transmission#294)) - Load CA certs from system store on Windows / OpenSSL ([#446](transmission/transmission#446)) - Add support for mbedtls (formely polarssl) and wolfssl (formely cyassl), LibreSSL ([#115](transmission/transmission#115), [#116](transmission/transmission#116), [#284](transmission/transmission#284), [#486](transmission/transmission#486), [#524](transmission/transmission#524), [#570](transmission/transmission#570)) - Fix building against OpenSSL 1.1.0+ ([#24](transmission/transmission#24)) - Fix quota support for uClibc-ng 1.0.18+ and DragonFly BSD ([#42](transmission/transmission#42), [#58](transmission/transmission#58), [#312](transmission/transmission#312)) - Fix a number of memory leaks (magnet loading, session shutdown, bencoded data parsing) ([#56](transmission/transmission#56)) - Bump miniupnpc version to 2.0.20170509 ([#347](transmission/transmission#347)) - CMake-related improvements (Ninja generator, libappindicator, systemd, Solaris and macOS) ([#72](transmission/transmission#72), [#96](transmission/transmission#96), [#117](transmission/transmission#117), [#118](transmission/transmission#118), [#133](transmission/transmission#133), [#191](transmission/transmission#191)) - Switch to submodules to manage (most of) third-party dependencies - Fail installation on Windows if UCRT is not installed ### Mac Client - Bump minimum macOS version to 10.10 - Dark Mode support ([#644](transmission/transmission#644), [#722](transmission/transmission#722), [#757](transmission/transmission#757), [#779](transmission/transmission#779), [#788](transmission/transmission#788)) - Remove Growl support, notification center is always used ([#387](transmission/transmission#387)) - Fix autoupdate on High Sierra and up by bumping the Sparkle version ([#121](transmission/transmission#121), [#600](transmission/transmission#600)) - Transition to ARC ([#336](transmission/transmission#336)) - Use proper UTF-8 encoding (with macOS-specific normalization) when setting download/incomplete directory and completion script paths ([#11](transmission/transmission#11)) - Fix uncaught exception when dragging multiple items between groups ([#51](transmission/transmission#51)) - Add flat variants of status icons for message log ([#134](transmission/transmission#134)) - Optimize image resources size ([#304](transmission/transmission#304), [#429](transmission/transmission#429)) - Update file icon when file name changes ([#37](transmission/transmission#37)) - Update translations ### GTK+ Client - Add queue up/down hotkeys ([#158](transmission/transmission#158)) - Modernize the .desktop file ([#162](transmission/transmission#162)) - Add AppData file ([#224](transmission/transmission#224)) - Add symbolic icon variant for the Gnome top bar and when the high contrast theme is in use ([#414](transmission/transmission#414), [#449](transmission/transmission#449)) - Update file icon when its name changes ([#37](transmission/transmission#37)) - Switch from intltool to gettext for translations ([#584](transmission/transmission#584), [#647](transmission/transmission#647)) - Update translations, add new translations for Portuguese (Portugal) ### Qt Client - Bump minimum Qt version to 5.2 - Fix dropping .torrent files into main window on Windows ([#269](transmission/transmission#269)) - Fix prepending of drive letter to various user-selected paths on Windows ([#236](transmission/transmission#236), [#307](transmission/transmission#307), [#404](transmission/transmission#404), [#437](transmission/transmission#437), [#699](transmission/transmission#699), [#723](transmission/transmission#723), [#877](transmission/transmission#877)) - Fix sorting by progress in presence of magnet transfers ([#234](transmission/transmission#234)) - Fix .torrent file trashing upon addition ([#262](transmission/transmission#262)) - Add queue up/down hotkeys ([#158](transmission/transmission#158)) - Reduce torrent properties (file tree) memory usage - Display tooltips in torrent properties (file tree) in case the names don't fit ([#411](transmission/transmission#411)) - Improve UI look on hi-dpi displays (YMMV) - Use session ID (if available) to check if session is local or not ([#861](transmission/transmission#861)) - Use default (instead of system) locale to be more flexible ([#130](transmission/transmission#130)) - Modernize the .desktop file ([#162](transmission/transmission#162)) - Update translations, add new translations for Afrikaans, Catalan, Danish, Greek, Norwegian Bokmål, Slovenian ### Daemon - Use libsystemd instead of libsystemd-daemon (TRAC-5921) - Harden transmission-daemon.service by disallowing privileges elevation ([#795](transmission/transmission#795)) - Fix exit code to be zero when dumping settings ([#487](transmission/transmission#487)) ### Web Client - Fix tracker error XSS in inspector (CVE-?) - Fix performance issues due to improper use of `setInterval()` for UI refresh (TRAC-6031) - Fix recognition of `https://` links in comments field ([#41](transmission/transmission#41), [#180](transmission/transmission#180)) - Fix torrent list style in Google Chrome 59+ ([#384](transmission/transmission#384)) - Show ETA in compact view on non-mobile devices ([#146](transmission/transmission#146)) - Show upload file button on mobile devices ([#320](transmission/transmission#320), [#431](transmission/transmission#431), [#956](transmission/transmission#956)) - Add keyboard hotkeys for web interface ([#351](transmission/transmission#351)) - Disable autocompletion in torrent URL field ([#367](transmission/transmission#367)) ### Utils - Prevent crash in transmission-show displaying torrents with invalid creation date ([#609](transmission/transmission#609)) - Handle IPv6 RPC addresses in transmission-remote ([#247](transmission/transmission#247)) - Add `--unsorted` option to transmission-show ([#767](transmission/transmission#767)) - Widen the torrent-id column in transmission-remote for cleaner formatting ([#840](transmission/transmission#840)) To generate a diff of this commit: cvs rdiff -u -r1.26 -r1.27 pkgsrc/net/transmission/Makefile cvs rdiff -u -r1.9 -r1.10 pkgsrc/net/transmission/Makefile.common cvs rdiff -u -r1.3 -r1.4 pkgsrc/net/transmission/PLIST cvs rdiff -u -r1.15 -r1.16 pkgsrc/net/transmission/distinfo cvs rdiff -u -r1.45 -r1.46 pkgsrc/net/transmission-gtk/Makefile cvs rdiff -u -r1.1 -r1.2 pkgsrc/net/transmission-gtk/PLIST cvs rdiff -u -r1.52 -r1.53 pkgsrc/net/transmission-qt/Makefile cvs rdiff -u -r1.6 -r1.7 pkgsrc/net/transmission/patches/patch-qt_qtr.pro ------------------------------------------------------------------- Module Name: pkgsrc Committed By: wiz Date: Sat Jul 25 20:20:05 UTC 2020 Modified Files: pkgsrc/net/transmission-qt: Makefile Log Message: transmission-qt: needs gcc 7.x (for <optional>) Reported and tested by spz. To generate a diff of this commit: cvs rdiff -u -r1.53 -r1.54 pkgsrc/net/transmission-qt/Makefile
RFC 2616 defines headers as case-insensitive, so if rpc is behind a
reverse proxy that lowers the case of headers, transmission will not
parse the headers correctly.