anti-brute force for RPC Server #371
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
@bobbyhopere, thanks for your PR! By analyzing the history of the files in this pull request, we identified @Charlesk, @mikedld and @jhujhiti to be potential reviewers. |
mikedld
requested changes
Aug 13, 2017
libtransmission/rpc-server.c
Outdated
|
|
||
| if (req != NULL && req->evcon != NULL) | ||
| { | ||
| static int attempts = 0; |
Member
There was a problem hiding this comment.
If someone was to create two RPC servers, they would interfere with each other. There is a tr_rpc_server structure at the top of this file that holds the server state and this field should be moved there (and probaly renamed to give an idea of what we're counting exactly). The structure is available in the scope of this function as server.
libtransmission/rpc-server.c
Outdated
| { | ||
| send_simple_response (req, 403, | ||
| "Too many unsuccessful login attempts. " | ||
| "Please restart transmission-daemon."); |
Member
There was a problem hiding this comment.
There is no point in wrapping the line if it fits in current length limit (which is 128 as specified in uncrustify.cfg) and there is no particular structure to it (like HTML paragraphs below). Same below on unauthuser initialization.
libtransmission/rpc-server.c
Outdated
|
|
||
| if (attempts == 100) | ||
| { | ||
| send_simple_response (req, 403, |
Member
There was a problem hiding this comment.
This is minor and I could fix it up myself but note that space between function name and the brace isn't the style anymore. Same below with a couple of tr_free calls.
libtransmission/rpc-server.c
Outdated
| tr_free (user); | ||
| return; | ||
| } | ||
| else |
Member
There was a problem hiding this comment.
It would be nicer to not have else after a conditional block that return-s.
libtransmission/rpc-server.c
Outdated
| attempts++; | ||
| char* unauthuser = tr_strdup_printf( | ||
| "Unauthorized User. " | ||
| "%i unsuccessful login attempts.", |
Member
There was a problem hiding this comment.
It's not a big deal but the rest of the code uses %d for int formatting, and uniform style is always preferred.
Member
|
I have mixed feeling about this. On one hand, we don't recommend exposing the RPC to the public. On the other, we still have authentication in place which makes people think it's okay to expose it... I guess having this limit in place won't hurt. |
Contributor
Author
|
A brute force attack can happen locally as well. For example:
|
mikedld
approved these changes
Aug 23, 2017
netbsd-srcmastr
pushed a commit
to NetBSD/pkgsrc
that referenced
this pull request
Jul 13, 2020
### All Platforms - Allow the RPC server to listen on an IPv6 address ([#161](transmission/transmission#161)) - Change `TR_CURL_SSL_VERIFY` to `TR_CURL_SSL_NO_VERIFY` and enable verification by default ([#334](transmission/transmission#334)) - Go back to using hash as base name for resume and torrent files (those stored in configuration directory) ([#122](transmission/transmission#122)) - Handle "fields" argument in "session-get" RPC request; if "fields" array is present in arguments, only return session fields specified; otherwise return all the fields as before - Limit the number of incorrect authentication attempts in embedded web server to 100 to prevent brute-force attacks ([#371](transmission/transmission#371)) - Set idle seed limit range to 1..40320 (4 weeks tops) in all clients ([#212](transmission/transmission#212)) - Add Peer ID for Xfplay, PicoTorrent, Free Download Manager, Folx, Baidu Netdisk torrent clients ([#256](transmission/transmission#256), [#285](transmission/transmission#285), [#355](transmission/transmission#355), [#363](transmission/transmission#363), [#386](transmission/transmission#386)) - Announce `INT64_MAX` as size left if the value is unknown (helps with e.g. Amazon S3 trackers) ([#250](transmission/transmission#250)) - Add `TCP_FASTOPEN` support (should result in slight speedup) ([#184](transmission/transmission#184)) - Improve ToS handling on IPv6 connections ([#128](transmission/transmission#128), [#341](transmission/transmission#341), [#360](transmission/transmission#360), [#692](transmission/transmission#692), [#737](transmission/transmission#737)) - Abort handshake if establishing DH shared secret fails (leads to crash) ([#27](transmission/transmission#27)) - Don't switch trackers while announcing (leads to crash) ([#297](transmission/transmission#297)) - Improve completion scripts execution and error handling; add support for .cmd and .bat files on Windows ([#405](transmission/transmission#405)) - Maintain a "session ID" file (in temporary directory) to better detect whether session is local or remote; return the ID as part of "session-get" response (TRAC-5348, [#861](transmission/transmission#861)) - Change torrent location even if no data move is needed ([#35](transmission/transmission#35)) - Support CIDR-notated blocklists ([#230](transmission/transmission#230), [#741](transmission/transmission#741)) - Update the resume file before running scripts ([#825](transmission/transmission#825)) - Make multiscrape limits adaptive ([#837](transmission/transmission#837)) - Add labels support to libtransmission and transmission-remote ([#822](transmission/transmission#822)) - Parse `session-id` header case-insensitively ([#765](transmission/transmission#765)) - Sanitize suspicious path components instead of rejecting them ([#62](transmission/transmission#62), [#294](transmission/transmission#294)) - Load CA certs from system store on Windows / OpenSSL ([#446](transmission/transmission#446)) - Add support for mbedtls (formely polarssl) and wolfssl (formely cyassl), LibreSSL ([#115](transmission/transmission#115), [#116](transmission/transmission#116), [#284](transmission/transmission#284), [#486](transmission/transmission#486), [#524](transmission/transmission#524), [#570](transmission/transmission#570)) - Fix building against OpenSSL 1.1.0+ ([#24](transmission/transmission#24)) - Fix quota support for uClibc-ng 1.0.18+ and DragonFly BSD ([#42](transmission/transmission#42), [#58](transmission/transmission#58), [#312](transmission/transmission#312)) - Fix a number of memory leaks (magnet loading, session shutdown, bencoded data parsing) ([#56](transmission/transmission#56)) - Bump miniupnpc version to 2.0.20170509 ([#347](transmission/transmission#347)) - CMake-related improvements (Ninja generator, libappindicator, systemd, Solaris and macOS) ([#72](transmission/transmission#72), [#96](transmission/transmission#96), [#117](transmission/transmission#117), [#118](transmission/transmission#118), [#133](transmission/transmission#133), [#191](transmission/transmission#191)) - Switch to submodules to manage (most of) third-party dependencies - Fail installation on Windows if UCRT is not installed ### Mac Client - Bump minimum macOS version to 10.10 - Dark Mode support ([#644](transmission/transmission#644), [#722](transmission/transmission#722), [#757](transmission/transmission#757), [#779](transmission/transmission#779), [#788](transmission/transmission#788)) - Remove Growl support, notification center is always used ([#387](transmission/transmission#387)) - Fix autoupdate on High Sierra and up by bumping the Sparkle version ([#121](transmission/transmission#121), [#600](transmission/transmission#600)) - Transition to ARC ([#336](transmission/transmission#336)) - Use proper UTF-8 encoding (with macOS-specific normalization) when setting download/incomplete directory and completion script paths ([#11](transmission/transmission#11)) - Fix uncaught exception when dragging multiple items between groups ([#51](transmission/transmission#51)) - Add flat variants of status icons for message log ([#134](transmission/transmission#134)) - Optimize image resources size ([#304](transmission/transmission#304), [#429](transmission/transmission#429)) - Update file icon when file name changes ([#37](transmission/transmission#37)) - Update translations ### GTK+ Client - Add queue up/down hotkeys ([#158](transmission/transmission#158)) - Modernize the .desktop file ([#162](transmission/transmission#162)) - Add AppData file ([#224](transmission/transmission#224)) - Add symbolic icon variant for the Gnome top bar and when the high contrast theme is in use ([#414](transmission/transmission#414), [#449](transmission/transmission#449)) - Update file icon when its name changes ([#37](transmission/transmission#37)) - Switch from intltool to gettext for translations ([#584](transmission/transmission#584), [#647](transmission/transmission#647)) - Update translations, add new translations for Portuguese (Portugal) ### Qt Client - Bump minimum Qt version to 5.2 - Fix dropping .torrent files into main window on Windows ([#269](transmission/transmission#269)) - Fix prepending of drive letter to various user-selected paths on Windows ([#236](transmission/transmission#236), [#307](transmission/transmission#307), [#404](transmission/transmission#404), [#437](transmission/transmission#437), [#699](transmission/transmission#699), [#723](transmission/transmission#723), [#877](transmission/transmission#877)) - Fix sorting by progress in presence of magnet transfers ([#234](transmission/transmission#234)) - Fix .torrent file trashing upon addition ([#262](transmission/transmission#262)) - Add queue up/down hotkeys ([#158](transmission/transmission#158)) - Reduce torrent properties (file tree) memory usage - Display tooltips in torrent properties (file tree) in case the names don't fit ([#411](transmission/transmission#411)) - Improve UI look on hi-dpi displays (YMMV) - Use session ID (if available) to check if session is local or not ([#861](transmission/transmission#861)) - Use default (instead of system) locale to be more flexible ([#130](transmission/transmission#130)) - Modernize the .desktop file ([#162](transmission/transmission#162)) - Update translations, add new translations for Afrikaans, Catalan, Danish, Greek, Norwegian Bokmål, Slovenian ### Daemon - Use libsystemd instead of libsystemd-daemon (TRAC-5921) - Harden transmission-daemon.service by disallowing privileges elevation ([#795](transmission/transmission#795)) - Fix exit code to be zero when dumping settings ([#487](transmission/transmission#487)) ### Web Client - Fix tracker error XSS in inspector (CVE-?) - Fix performance issues due to improper use of `setInterval()` for UI refresh (TRAC-6031) - Fix recognition of `https://` links in comments field ([#41](transmission/transmission#41), [#180](transmission/transmission#180)) - Fix torrent list style in Google Chrome 59+ ([#384](transmission/transmission#384)) - Show ETA in compact view on non-mobile devices ([#146](transmission/transmission#146)) - Show upload file button on mobile devices ([#320](transmission/transmission#320), [#431](transmission/transmission#431), [#956](transmission/transmission#956)) - Add keyboard hotkeys for web interface ([#351](transmission/transmission#351)) - Disable autocompletion in torrent URL field ([#367](transmission/transmission#367)) ### Utils - Prevent crash in transmission-show displaying torrents with invalid creation date ([#609](transmission/transmission#609)) - Handle IPv6 RPC addresses in transmission-remote ([#247](transmission/transmission#247)) - Add `--unsorted` option to transmission-show ([#767](transmission/transmission#767)) - Widen the torrent-id column in transmission-remote for cleaner formatting ([#840](transmission/transmission#840))
netbsd-srcmastr
pushed a commit
to NetBSD/pkgsrc
that referenced
this pull request
Aug 3, 2020
net/transmission-gtk: security update net/transmission-qt: security update net/transmission: security update Revisions pulled up: - net/transmission-gtk/Makefile 1.46 - net/transmission-gtk/PLIST 1.2 - net/transmission-qt/Makefile 1.54 - net/transmission/Makefile 1.27 - net/transmission/Makefile.common 1.10 - net/transmission/PLIST 1.4 - net/transmission/distinfo 1.16 - net/transmission/patches/patch-qt_qtr.pro 1.7 ------------------------------------------------------------------- Module Name: pkgsrc Committed By: wiz Date: Mon Jul 13 13:01:02 UTC 2020 Modified Files: pkgsrc/net/transmission: Makefile Makefile.common PLIST distinfo pkgsrc/net/transmission-gtk: Makefile PLIST pkgsrc/net/transmission-qt: Makefile pkgsrc/net/transmission/patches: patch-qt_qtr.pro Log Message: transmission*: update to 3.00 ### All Platforms - Allow the RPC server to listen on an IPv6 address ([#161](transmission/transmission#161)) - Change `TR_CURL_SSL_VERIFY` to `TR_CURL_SSL_NO_VERIFY` and enable verification by default ([#334](transmission/transmission#334)) - Go back to using hash as base name for resume and torrent files (those stored in configuration directory) ([#122](transmission/transmission#122)) - Handle "fields" argument in "session-get" RPC request; if "fields" array is present in arguments, only return session fields specified; otherwise return all the fields as before - Limit the number of incorrect authentication attempts in embedded web server to 100 to prevent brute-force attacks ([#371](transmission/transmission#371)) - Set idle seed limit range to 1..40320 (4 weeks tops) in all clients ([#212](transmission/transmission#212)) - Add Peer ID for Xfplay, PicoTorrent, Free Download Manager, Folx, Baidu Netdisk torrent clients ([#256](transmission/transmission#256), [#285](transmission/transmission#285), [#355](transmission/transmission#355), [#363](transmission/transmission#363), [#386](transmission/transmission#386)) - Announce `INT64_MAX` as size left if the value is unknown (helps with e.g. Amazon S3 trackers) ([#250](transmission/transmission#250)) - Add `TCP_FASTOPEN` support (should result in slight speedup) ([#184](transmission/transmission#184)) - Improve ToS handling on IPv6 connections ([#128](transmission/transmission#128), [#341](transmission/transmission#341), [#360](transmission/transmission#360), [#692](transmission/transmission#692), [#737](transmission/transmission#737)) - Abort handshake if establishing DH shared secret fails (leads to crash) ([#27](transmission/transmission#27)) - Don't switch trackers while announcing (leads to crash) ([#297](transmission/transmission#297)) - Improve completion scripts execution and error handling; add support for .cmd and .bat files on Windows ([#405](transmission/transmission#405)) - Maintain a "session ID" file (in temporary directory) to better detect whether session is local or remote; return the ID as part of "session-get" response (TRAC-5348, [#861](transmission/transmission#861)) - Change torrent location even if no data move is needed ([#35](transmission/transmission#35)) - Support CIDR-notated blocklists ([#230](transmission/transmission#230), [#741](transmission/transmission#741)) - Update the resume file before running scripts ([#825](transmission/transmission#825)) - Make multiscrape limits adaptive ([#837](transmission/transmission#837)) - Add labels support to libtransmission and transmission-remote ([#822](transmission/transmission#822)) - Parse `session-id` header case-insensitively ([#765](transmission/transmission#765)) - Sanitize suspicious path components instead of rejecting them ([#62](transmission/transmission#62), [#294](transmission/transmission#294)) - Load CA certs from system store on Windows / OpenSSL ([#446](transmission/transmission#446)) - Add support for mbedtls (formely polarssl) and wolfssl (formely cyassl), LibreSSL ([#115](transmission/transmission#115), [#116](transmission/transmission#116), [#284](transmission/transmission#284), [#486](transmission/transmission#486), [#524](transmission/transmission#524), [#570](transmission/transmission#570)) - Fix building against OpenSSL 1.1.0+ ([#24](transmission/transmission#24)) - Fix quota support for uClibc-ng 1.0.18+ and DragonFly BSD ([#42](transmission/transmission#42), [#58](transmission/transmission#58), [#312](transmission/transmission#312)) - Fix a number of memory leaks (magnet loading, session shutdown, bencoded data parsing) ([#56](transmission/transmission#56)) - Bump miniupnpc version to 2.0.20170509 ([#347](transmission/transmission#347)) - CMake-related improvements (Ninja generator, libappindicator, systemd, Solaris and macOS) ([#72](transmission/transmission#72), [#96](transmission/transmission#96), [#117](transmission/transmission#117), [#118](transmission/transmission#118), [#133](transmission/transmission#133), [#191](transmission/transmission#191)) - Switch to submodules to manage (most of) third-party dependencies - Fail installation on Windows if UCRT is not installed ### Mac Client - Bump minimum macOS version to 10.10 - Dark Mode support ([#644](transmission/transmission#644), [#722](transmission/transmission#722), [#757](transmission/transmission#757), [#779](transmission/transmission#779), [#788](transmission/transmission#788)) - Remove Growl support, notification center is always used ([#387](transmission/transmission#387)) - Fix autoupdate on High Sierra and up by bumping the Sparkle version ([#121](transmission/transmission#121), [#600](transmission/transmission#600)) - Transition to ARC ([#336](transmission/transmission#336)) - Use proper UTF-8 encoding (with macOS-specific normalization) when setting download/incomplete directory and completion script paths ([#11](transmission/transmission#11)) - Fix uncaught exception when dragging multiple items between groups ([#51](transmission/transmission#51)) - Add flat variants of status icons for message log ([#134](transmission/transmission#134)) - Optimize image resources size ([#304](transmission/transmission#304), [#429](transmission/transmission#429)) - Update file icon when file name changes ([#37](transmission/transmission#37)) - Update translations ### GTK+ Client - Add queue up/down hotkeys ([#158](transmission/transmission#158)) - Modernize the .desktop file ([#162](transmission/transmission#162)) - Add AppData file ([#224](transmission/transmission#224)) - Add symbolic icon variant for the Gnome top bar and when the high contrast theme is in use ([#414](transmission/transmission#414), [#449](transmission/transmission#449)) - Update file icon when its name changes ([#37](transmission/transmission#37)) - Switch from intltool to gettext for translations ([#584](transmission/transmission#584), [#647](transmission/transmission#647)) - Update translations, add new translations for Portuguese (Portugal) ### Qt Client - Bump minimum Qt version to 5.2 - Fix dropping .torrent files into main window on Windows ([#269](transmission/transmission#269)) - Fix prepending of drive letter to various user-selected paths on Windows ([#236](transmission/transmission#236), [#307](transmission/transmission#307), [#404](transmission/transmission#404), [#437](transmission/transmission#437), [#699](transmission/transmission#699), [#723](transmission/transmission#723), [#877](transmission/transmission#877)) - Fix sorting by progress in presence of magnet transfers ([#234](transmission/transmission#234)) - Fix .torrent file trashing upon addition ([#262](transmission/transmission#262)) - Add queue up/down hotkeys ([#158](transmission/transmission#158)) - Reduce torrent properties (file tree) memory usage - Display tooltips in torrent properties (file tree) in case the names don't fit ([#411](transmission/transmission#411)) - Improve UI look on hi-dpi displays (YMMV) - Use session ID (if available) to check if session is local or not ([#861](transmission/transmission#861)) - Use default (instead of system) locale to be more flexible ([#130](transmission/transmission#130)) - Modernize the .desktop file ([#162](transmission/transmission#162)) - Update translations, add new translations for Afrikaans, Catalan, Danish, Greek, Norwegian Bokmål, Slovenian ### Daemon - Use libsystemd instead of libsystemd-daemon (TRAC-5921) - Harden transmission-daemon.service by disallowing privileges elevation ([#795](transmission/transmission#795)) - Fix exit code to be zero when dumping settings ([#487](transmission/transmission#487)) ### Web Client - Fix tracker error XSS in inspector (CVE-?) - Fix performance issues due to improper use of `setInterval()` for UI refresh (TRAC-6031) - Fix recognition of `https://` links in comments field ([#41](transmission/transmission#41), [#180](transmission/transmission#180)) - Fix torrent list style in Google Chrome 59+ ([#384](transmission/transmission#384)) - Show ETA in compact view on non-mobile devices ([#146](transmission/transmission#146)) - Show upload file button on mobile devices ([#320](transmission/transmission#320), [#431](transmission/transmission#431), [#956](transmission/transmission#956)) - Add keyboard hotkeys for web interface ([#351](transmission/transmission#351)) - Disable autocompletion in torrent URL field ([#367](transmission/transmission#367)) ### Utils - Prevent crash in transmission-show displaying torrents with invalid creation date ([#609](transmission/transmission#609)) - Handle IPv6 RPC addresses in transmission-remote ([#247](transmission/transmission#247)) - Add `--unsorted` option to transmission-show ([#767](transmission/transmission#767)) - Widen the torrent-id column in transmission-remote for cleaner formatting ([#840](transmission/transmission#840)) To generate a diff of this commit: cvs rdiff -u -r1.26 -r1.27 pkgsrc/net/transmission/Makefile cvs rdiff -u -r1.9 -r1.10 pkgsrc/net/transmission/Makefile.common cvs rdiff -u -r1.3 -r1.4 pkgsrc/net/transmission/PLIST cvs rdiff -u -r1.15 -r1.16 pkgsrc/net/transmission/distinfo cvs rdiff -u -r1.45 -r1.46 pkgsrc/net/transmission-gtk/Makefile cvs rdiff -u -r1.1 -r1.2 pkgsrc/net/transmission-gtk/PLIST cvs rdiff -u -r1.52 -r1.53 pkgsrc/net/transmission-qt/Makefile cvs rdiff -u -r1.6 -r1.7 pkgsrc/net/transmission/patches/patch-qt_qtr.pro ------------------------------------------------------------------- Module Name: pkgsrc Committed By: wiz Date: Sat Jul 25 20:20:05 UTC 2020 Modified Files: pkgsrc/net/transmission-qt: Makefile Log Message: transmission-qt: needs gcc 7.x (for <optional>) Reported and tested by spz. To generate a diff of this commit: cvs rdiff -u -r1.53 -r1.54 pkgsrc/net/transmission-qt/Makefile
netbsd-srcmastr
pushed a commit
to NetBSD/pkgsrc
that referenced
this pull request
Oct 14, 2021
net/transmission-gtk: security update net/transmission-qt: security update net/transmission: security update Revisions pulled up: - net/transmission-gtk/Makefile 1.46 - net/transmission-gtk/PLIST 1.2 - net/transmission-qt/Makefile 1.54 - net/transmission/Makefile 1.27 - net/transmission/Makefile.common 1.10 - net/transmission/PLIST 1.4 - net/transmission/distinfo 1.16 - net/transmission/patches/patch-qt_qtr.pro 1.7 ------------------------------------------------------------------- Module Name: pkgsrc Committed By: wiz Date: Mon Jul 13 13:01:02 UTC 2020 Modified Files: pkgsrc/net/transmission: Makefile Makefile.common PLIST distinfo pkgsrc/net/transmission-gtk: Makefile PLIST pkgsrc/net/transmission-qt: Makefile pkgsrc/net/transmission/patches: patch-qt_qtr.pro Log Message: transmission*: update to 3.00 ### All Platforms - Allow the RPC server to listen on an IPv6 address ([#161](transmission/transmission#161)) - Change `TR_CURL_SSL_VERIFY` to `TR_CURL_SSL_NO_VERIFY` and enable verification by default ([#334](transmission/transmission#334)) - Go back to using hash as base name for resume and torrent files (those stored in configuration directory) ([#122](transmission/transmission#122)) - Handle "fields" argument in "session-get" RPC request; if "fields" array is present in arguments, only return session fields specified; otherwise return all the fields as before - Limit the number of incorrect authentication attempts in embedded web server to 100 to prevent brute-force attacks ([#371](transmission/transmission#371)) - Set idle seed limit range to 1..40320 (4 weeks tops) in all clients ([#212](transmission/transmission#212)) - Add Peer ID for Xfplay, PicoTorrent, Free Download Manager, Folx, Baidu Netdisk torrent clients ([#256](transmission/transmission#256), [#285](transmission/transmission#285), [#355](transmission/transmission#355), [#363](transmission/transmission#363), [#386](transmission/transmission#386)) - Announce `INT64_MAX` as size left if the value is unknown (helps with e.g. Amazon S3 trackers) ([#250](transmission/transmission#250)) - Add `TCP_FASTOPEN` support (should result in slight speedup) ([#184](transmission/transmission#184)) - Improve ToS handling on IPv6 connections ([#128](transmission/transmission#128), [#341](transmission/transmission#341), [#360](transmission/transmission#360), [#692](transmission/transmission#692), [#737](transmission/transmission#737)) - Abort handshake if establishing DH shared secret fails (leads to crash) ([#27](transmission/transmission#27)) - Don't switch trackers while announcing (leads to crash) ([#297](transmission/transmission#297)) - Improve completion scripts execution and error handling; add support for .cmd and .bat files on Windows ([#405](transmission/transmission#405)) - Maintain a "session ID" file (in temporary directory) to better detect whether session is local or remote; return the ID as part of "session-get" response (TRAC-5348, [#861](transmission/transmission#861)) - Change torrent location even if no data move is needed ([#35](transmission/transmission#35)) - Support CIDR-notated blocklists ([#230](transmission/transmission#230), [#741](transmission/transmission#741)) - Update the resume file before running scripts ([#825](transmission/transmission#825)) - Make multiscrape limits adaptive ([#837](transmission/transmission#837)) - Add labels support to libtransmission and transmission-remote ([#822](transmission/transmission#822)) - Parse `session-id` header case-insensitively ([#765](transmission/transmission#765)) - Sanitize suspicious path components instead of rejecting them ([#62](transmission/transmission#62), [#294](transmission/transmission#294)) - Load CA certs from system store on Windows / OpenSSL ([#446](transmission/transmission#446)) - Add support for mbedtls (formely polarssl) and wolfssl (formely cyassl), LibreSSL ([#115](transmission/transmission#115), [#116](transmission/transmission#116), [#284](transmission/transmission#284), [#486](transmission/transmission#486), [#524](transmission/transmission#524), [#570](transmission/transmission#570)) - Fix building against OpenSSL 1.1.0+ ([#24](transmission/transmission#24)) - Fix quota support for uClibc-ng 1.0.18+ and DragonFly BSD ([#42](transmission/transmission#42), [#58](transmission/transmission#58), [#312](transmission/transmission#312)) - Fix a number of memory leaks (magnet loading, session shutdown, bencoded data parsing) ([#56](transmission/transmission#56)) - Bump miniupnpc version to 2.0.20170509 ([#347](transmission/transmission#347)) - CMake-related improvements (Ninja generator, libappindicator, systemd, Solaris and macOS) ([#72](transmission/transmission#72), [#96](transmission/transmission#96), [#117](transmission/transmission#117), [#118](transmission/transmission#118), [#133](transmission/transmission#133), [#191](transmission/transmission#191)) - Switch to submodules to manage (most of) third-party dependencies - Fail installation on Windows if UCRT is not installed ### Mac Client - Bump minimum macOS version to 10.10 - Dark Mode support ([#644](transmission/transmission#644), [#722](transmission/transmission#722), [#757](transmission/transmission#757), [#779](transmission/transmission#779), [#788](transmission/transmission#788)) - Remove Growl support, notification center is always used ([#387](transmission/transmission#387)) - Fix autoupdate on High Sierra and up by bumping the Sparkle version ([#121](transmission/transmission#121), [#600](transmission/transmission#600)) - Transition to ARC ([#336](transmission/transmission#336)) - Use proper UTF-8 encoding (with macOS-specific normalization) when setting download/incomplete directory and completion script paths ([#11](transmission/transmission#11)) - Fix uncaught exception when dragging multiple items between groups ([#51](transmission/transmission#51)) - Add flat variants of status icons for message log ([#134](transmission/transmission#134)) - Optimize image resources size ([#304](transmission/transmission#304), [#429](transmission/transmission#429)) - Update file icon when file name changes ([#37](transmission/transmission#37)) - Update translations ### GTK+ Client - Add queue up/down hotkeys ([#158](transmission/transmission#158)) - Modernize the .desktop file ([#162](transmission/transmission#162)) - Add AppData file ([#224](transmission/transmission#224)) - Add symbolic icon variant for the Gnome top bar and when the high contrast theme is in use ([#414](transmission/transmission#414), [#449](transmission/transmission#449)) - Update file icon when its name changes ([#37](transmission/transmission#37)) - Switch from intltool to gettext for translations ([#584](transmission/transmission#584), [#647](transmission/transmission#647)) - Update translations, add new translations for Portuguese (Portugal) ### Qt Client - Bump minimum Qt version to 5.2 - Fix dropping .torrent files into main window on Windows ([#269](transmission/transmission#269)) - Fix prepending of drive letter to various user-selected paths on Windows ([#236](transmission/transmission#236), [#307](transmission/transmission#307), [#404](transmission/transmission#404), [#437](transmission/transmission#437), [#699](transmission/transmission#699), [#723](transmission/transmission#723), [#877](transmission/transmission#877)) - Fix sorting by progress in presence of magnet transfers ([#234](transmission/transmission#234)) - Fix .torrent file trashing upon addition ([#262](transmission/transmission#262)) - Add queue up/down hotkeys ([#158](transmission/transmission#158)) - Reduce torrent properties (file tree) memory usage - Display tooltips in torrent properties (file tree) in case the names don't fit ([#411](transmission/transmission#411)) - Improve UI look on hi-dpi displays (YMMV) - Use session ID (if available) to check if session is local or not ([#861](transmission/transmission#861)) - Use default (instead of system) locale to be more flexible ([#130](transmission/transmission#130)) - Modernize the .desktop file ([#162](transmission/transmission#162)) - Update translations, add new translations for Afrikaans, Catalan, Danish, Greek, Norwegian Bokmål, Slovenian ### Daemon - Use libsystemd instead of libsystemd-daemon (TRAC-5921) - Harden transmission-daemon.service by disallowing privileges elevation ([#795](transmission/transmission#795)) - Fix exit code to be zero when dumping settings ([#487](transmission/transmission#487)) ### Web Client - Fix tracker error XSS in inspector (CVE-?) - Fix performance issues due to improper use of `setInterval()` for UI refresh (TRAC-6031) - Fix recognition of `https://` links in comments field ([#41](transmission/transmission#41), [#180](transmission/transmission#180)) - Fix torrent list style in Google Chrome 59+ ([#384](transmission/transmission#384)) - Show ETA in compact view on non-mobile devices ([#146](transmission/transmission#146)) - Show upload file button on mobile devices ([#320](transmission/transmission#320), [#431](transmission/transmission#431), [#956](transmission/transmission#956)) - Add keyboard hotkeys for web interface ([#351](transmission/transmission#351)) - Disable autocompletion in torrent URL field ([#367](transmission/transmission#367)) ### Utils - Prevent crash in transmission-show displaying torrents with invalid creation date ([#609](transmission/transmission#609)) - Handle IPv6 RPC addresses in transmission-remote ([#247](transmission/transmission#247)) - Add `--unsorted` option to transmission-show ([#767](transmission/transmission#767)) - Widen the torrent-id column in transmission-remote for cleaner formatting ([#840](transmission/transmission#840)) To generate a diff of this commit: cvs rdiff -u -r1.26 -r1.27 pkgsrc/net/transmission/Makefile cvs rdiff -u -r1.9 -r1.10 pkgsrc/net/transmission/Makefile.common cvs rdiff -u -r1.3 -r1.4 pkgsrc/net/transmission/PLIST cvs rdiff -u -r1.15 -r1.16 pkgsrc/net/transmission/distinfo cvs rdiff -u -r1.45 -r1.46 pkgsrc/net/transmission-gtk/Makefile cvs rdiff -u -r1.1 -r1.2 pkgsrc/net/transmission-gtk/PLIST cvs rdiff -u -r1.52 -r1.53 pkgsrc/net/transmission-qt/Makefile cvs rdiff -u -r1.6 -r1.7 pkgsrc/net/transmission/patches/patch-qt_qtr.pro ------------------------------------------------------------------- Module Name: pkgsrc Committed By: wiz Date: Sat Jul 25 20:20:05 UTC 2020 Modified Files: pkgsrc/net/transmission-qt: Makefile Log Message: transmission-qt: needs gcc 7.x (for <optional>) Reported and tested by spz. To generate a diff of this commit: cvs rdiff -u -r1.53 -r1.54 pkgsrc/net/transmission-qt/Makefile
netbsd-srcmastr
pushed a commit
to NetBSD/pkgsrc
that referenced
this pull request
Dec 10, 2024
net/transmission-gtk: security update net/transmission-qt: security update net/transmission: security update Revisions pulled up: - net/transmission-gtk/Makefile 1.46 - net/transmission-gtk/PLIST 1.2 - net/transmission-qt/Makefile 1.54 - net/transmission/Makefile 1.27 - net/transmission/Makefile.common 1.10 - net/transmission/PLIST 1.4 - net/transmission/distinfo 1.16 - net/transmission/patches/patch-qt_qtr.pro 1.7 ------------------------------------------------------------------- Module Name: pkgsrc Committed By: wiz Date: Mon Jul 13 13:01:02 UTC 2020 Modified Files: pkgsrc/net/transmission: Makefile Makefile.common PLIST distinfo pkgsrc/net/transmission-gtk: Makefile PLIST pkgsrc/net/transmission-qt: Makefile pkgsrc/net/transmission/patches: patch-qt_qtr.pro Log Message: transmission*: update to 3.00 ### All Platforms - Allow the RPC server to listen on an IPv6 address ([#161](transmission/transmission#161)) - Change `TR_CURL_SSL_VERIFY` to `TR_CURL_SSL_NO_VERIFY` and enable verification by default ([#334](transmission/transmission#334)) - Go back to using hash as base name for resume and torrent files (those stored in configuration directory) ([#122](transmission/transmission#122)) - Handle "fields" argument in "session-get" RPC request; if "fields" array is present in arguments, only return session fields specified; otherwise return all the fields as before - Limit the number of incorrect authentication attempts in embedded web server to 100 to prevent brute-force attacks ([#371](transmission/transmission#371)) - Set idle seed limit range to 1..40320 (4 weeks tops) in all clients ([#212](transmission/transmission#212)) - Add Peer ID for Xfplay, PicoTorrent, Free Download Manager, Folx, Baidu Netdisk torrent clients ([#256](transmission/transmission#256), [#285](transmission/transmission#285), [#355](transmission/transmission#355), [#363](transmission/transmission#363), [#386](transmission/transmission#386)) - Announce `INT64_MAX` as size left if the value is unknown (helps with e.g. Amazon S3 trackers) ([#250](transmission/transmission#250)) - Add `TCP_FASTOPEN` support (should result in slight speedup) ([#184](transmission/transmission#184)) - Improve ToS handling on IPv6 connections ([#128](transmission/transmission#128), [#341](transmission/transmission#341), [#360](transmission/transmission#360), [#692](transmission/transmission#692), [#737](transmission/transmission#737)) - Abort handshake if establishing DH shared secret fails (leads to crash) ([#27](transmission/transmission#27)) - Don't switch trackers while announcing (leads to crash) ([#297](transmission/transmission#297)) - Improve completion scripts execution and error handling; add support for .cmd and .bat files on Windows ([#405](transmission/transmission#405)) - Maintain a "session ID" file (in temporary directory) to better detect whether session is local or remote; return the ID as part of "session-get" response (TRAC-5348, [#861](transmission/transmission#861)) - Change torrent location even if no data move is needed ([#35](transmission/transmission#35)) - Support CIDR-notated blocklists ([#230](transmission/transmission#230), [#741](transmission/transmission#741)) - Update the resume file before running scripts ([#825](transmission/transmission#825)) - Make multiscrape limits adaptive ([#837](transmission/transmission#837)) - Add labels support to libtransmission and transmission-remote ([#822](transmission/transmission#822)) - Parse `session-id` header case-insensitively ([#765](transmission/transmission#765)) - Sanitize suspicious path components instead of rejecting them ([#62](transmission/transmission#62), [#294](transmission/transmission#294)) - Load CA certs from system store on Windows / OpenSSL ([#446](transmission/transmission#446)) - Add support for mbedtls (formely polarssl) and wolfssl (formely cyassl), LibreSSL ([#115](transmission/transmission#115), [#116](transmission/transmission#116), [#284](transmission/transmission#284), [#486](transmission/transmission#486), [#524](transmission/transmission#524), [#570](transmission/transmission#570)) - Fix building against OpenSSL 1.1.0+ ([#24](transmission/transmission#24)) - Fix quota support for uClibc-ng 1.0.18+ and DragonFly BSD ([#42](transmission/transmission#42), [#58](transmission/transmission#58), [#312](transmission/transmission#312)) - Fix a number of memory leaks (magnet loading, session shutdown, bencoded data parsing) ([#56](transmission/transmission#56)) - Bump miniupnpc version to 2.0.20170509 ([#347](transmission/transmission#347)) - CMake-related improvements (Ninja generator, libappindicator, systemd, Solaris and macOS) ([#72](transmission/transmission#72), [#96](transmission/transmission#96), [#117](transmission/transmission#117), [#118](transmission/transmission#118), [#133](transmission/transmission#133), [#191](transmission/transmission#191)) - Switch to submodules to manage (most of) third-party dependencies - Fail installation on Windows if UCRT is not installed ### Mac Client - Bump minimum macOS version to 10.10 - Dark Mode support ([#644](transmission/transmission#644), [#722](transmission/transmission#722), [#757](transmission/transmission#757), [#779](transmission/transmission#779), [#788](transmission/transmission#788)) - Remove Growl support, notification center is always used ([#387](transmission/transmission#387)) - Fix autoupdate on High Sierra and up by bumping the Sparkle version ([#121](transmission/transmission#121), [#600](transmission/transmission#600)) - Transition to ARC ([#336](transmission/transmission#336)) - Use proper UTF-8 encoding (with macOS-specific normalization) when setting download/incomplete directory and completion script paths ([#11](transmission/transmission#11)) - Fix uncaught exception when dragging multiple items between groups ([#51](transmission/transmission#51)) - Add flat variants of status icons for message log ([#134](transmission/transmission#134)) - Optimize image resources size ([#304](transmission/transmission#304), [#429](transmission/transmission#429)) - Update file icon when file name changes ([#37](transmission/transmission#37)) - Update translations ### GTK+ Client - Add queue up/down hotkeys ([#158](transmission/transmission#158)) - Modernize the .desktop file ([#162](transmission/transmission#162)) - Add AppData file ([#224](transmission/transmission#224)) - Add symbolic icon variant for the Gnome top bar and when the high contrast theme is in use ([#414](transmission/transmission#414), [#449](transmission/transmission#449)) - Update file icon when its name changes ([#37](transmission/transmission#37)) - Switch from intltool to gettext for translations ([#584](transmission/transmission#584), [#647](transmission/transmission#647)) - Update translations, add new translations for Portuguese (Portugal) ### Qt Client - Bump minimum Qt version to 5.2 - Fix dropping .torrent files into main window on Windows ([#269](transmission/transmission#269)) - Fix prepending of drive letter to various user-selected paths on Windows ([#236](transmission/transmission#236), [#307](transmission/transmission#307), [#404](transmission/transmission#404), [#437](transmission/transmission#437), [#699](transmission/transmission#699), [#723](transmission/transmission#723), [#877](transmission/transmission#877)) - Fix sorting by progress in presence of magnet transfers ([#234](transmission/transmission#234)) - Fix .torrent file trashing upon addition ([#262](transmission/transmission#262)) - Add queue up/down hotkeys ([#158](transmission/transmission#158)) - Reduce torrent properties (file tree) memory usage - Display tooltips in torrent properties (file tree) in case the names don't fit ([#411](transmission/transmission#411)) - Improve UI look on hi-dpi displays (YMMV) - Use session ID (if available) to check if session is local or not ([#861](transmission/transmission#861)) - Use default (instead of system) locale to be more flexible ([#130](transmission/transmission#130)) - Modernize the .desktop file ([#162](transmission/transmission#162)) - Update translations, add new translations for Afrikaans, Catalan, Danish, Greek, Norwegian Bokmål, Slovenian ### Daemon - Use libsystemd instead of libsystemd-daemon (TRAC-5921) - Harden transmission-daemon.service by disallowing privileges elevation ([#795](transmission/transmission#795)) - Fix exit code to be zero when dumping settings ([#487](transmission/transmission#487)) ### Web Client - Fix tracker error XSS in inspector (CVE-?) - Fix performance issues due to improper use of `setInterval()` for UI refresh (TRAC-6031) - Fix recognition of `https://` links in comments field ([#41](transmission/transmission#41), [#180](transmission/transmission#180)) - Fix torrent list style in Google Chrome 59+ ([#384](transmission/transmission#384)) - Show ETA in compact view on non-mobile devices ([#146](transmission/transmission#146)) - Show upload file button on mobile devices ([#320](transmission/transmission#320), [#431](transmission/transmission#431), [#956](transmission/transmission#956)) - Add keyboard hotkeys for web interface ([#351](transmission/transmission#351)) - Disable autocompletion in torrent URL field ([#367](transmission/transmission#367)) ### Utils - Prevent crash in transmission-show displaying torrents with invalid creation date ([#609](transmission/transmission#609)) - Handle IPv6 RPC addresses in transmission-remote ([#247](transmission/transmission#247)) - Add `--unsorted` option to transmission-show ([#767](transmission/transmission#767)) - Widen the torrent-id column in transmission-remote for cleaner formatting ([#840](transmission/transmission#840)) To generate a diff of this commit: cvs rdiff -u -r1.26 -r1.27 pkgsrc/net/transmission/Makefile cvs rdiff -u -r1.9 -r1.10 pkgsrc/net/transmission/Makefile.common cvs rdiff -u -r1.3 -r1.4 pkgsrc/net/transmission/PLIST cvs rdiff -u -r1.15 -r1.16 pkgsrc/net/transmission/distinfo cvs rdiff -u -r1.45 -r1.46 pkgsrc/net/transmission-gtk/Makefile cvs rdiff -u -r1.1 -r1.2 pkgsrc/net/transmission-gtk/PLIST cvs rdiff -u -r1.52 -r1.53 pkgsrc/net/transmission-qt/Makefile cvs rdiff -u -r1.6 -r1.7 pkgsrc/net/transmission/patches/patch-qt_qtr.pro ------------------------------------------------------------------- Module Name: pkgsrc Committed By: wiz Date: Sat Jul 25 20:20:05 UTC 2020 Modified Files: pkgsrc/net/transmission-qt: Makefile Log Message: transmission-qt: needs gcc 7.x (for <optional>) Reported and tested by spz. To generate a diff of this commit: cvs rdiff -u -r1.53 -r1.54 pkgsrc/net/transmission-qt/Makefile
riastradh
pushed a commit
to riastradh/pkgsrc-test20250901
that referenced
this pull request
Sep 1, 2025
net/transmission-gtk: security update net/transmission-qt: security update net/transmission: security update Revisions pulled up: - net/transmission-gtk/Makefile 1.46 - net/transmission-gtk/PLIST 1.2 - net/transmission-qt/Makefile 1.54 - net/transmission/Makefile 1.27 - net/transmission/Makefile.common 1.10 - net/transmission/PLIST 1.4 - net/transmission/distinfo 1.16 - net/transmission/patches/patch-qt_qtr.pro 1.7 ------------------------------------------------------------------- Module Name: pkgsrc Committed By: wiz Date: Mon Jul 13 13:01:02 UTC 2020 Modified Files: pkgsrc/net/transmission: Makefile Makefile.common PLIST distinfo pkgsrc/net/transmission-gtk: Makefile PLIST pkgsrc/net/transmission-qt: Makefile pkgsrc/net/transmission/patches: patch-qt_qtr.pro Log Message: transmission*: update to 3.00 ### All Platforms - Allow the RPC server to listen on an IPv6 address ([#161](transmission/transmission#161)) - Change `TR_CURL_SSL_VERIFY` to `TR_CURL_SSL_NO_VERIFY` and enable verification by default ([#334](transmission/transmission#334)) - Go back to using hash as base name for resume and torrent files (those stored in configuration directory) ([#122](transmission/transmission#122)) - Handle "fields" argument in "session-get" RPC request; if "fields" array is present in arguments, only return session fields specified; otherwise return all the fields as before - Limit the number of incorrect authentication attempts in embedded web server to 100 to prevent brute-force attacks ([#371](transmission/transmission#371)) - Set idle seed limit range to 1..40320 (4 weeks tops) in all clients ([#212](transmission/transmission#212)) - Add Peer ID for Xfplay, PicoTorrent, Free Download Manager, Folx, Baidu Netdisk torrent clients ([#256](transmission/transmission#256), [#285](transmission/transmission#285), [#355](transmission/transmission#355), [#363](transmission/transmission#363), [#386](transmission/transmission#386)) - Announce `INT64_MAX` as size left if the value is unknown (helps with e.g. Amazon S3 trackers) ([#250](transmission/transmission#250)) - Add `TCP_FASTOPEN` support (should result in slight speedup) ([#184](transmission/transmission#184)) - Improve ToS handling on IPv6 connections ([#128](transmission/transmission#128), [#341](transmission/transmission#341), [#360](transmission/transmission#360), [#692](transmission/transmission#692), [#737](transmission/transmission#737)) - Abort handshake if establishing DH shared secret fails (leads to crash) ([#27](transmission/transmission#27)) - Don't switch trackers while announcing (leads to crash) ([#297](transmission/transmission#297)) - Improve completion scripts execution and error handling; add support for .cmd and .bat files on Windows ([#405](transmission/transmission#405)) - Maintain a "session ID" file (in temporary directory) to better detect whether session is local or remote; return the ID as part of "session-get" response (TRAC-5348, [#861](transmission/transmission#861)) - Change torrent location even if no data move is needed ([#35](transmission/transmission#35)) - Support CIDR-notated blocklists ([#230](transmission/transmission#230), [#741](transmission/transmission#741)) - Update the resume file before running scripts ([#825](transmission/transmission#825)) - Make multiscrape limits adaptive ([#837](transmission/transmission#837)) - Add labels support to libtransmission and transmission-remote ([#822](transmission/transmission#822)) - Parse `session-id` header case-insensitively ([#765](transmission/transmission#765)) - Sanitize suspicious path components instead of rejecting them ([#62](transmission/transmission#62), [#294](transmission/transmission#294)) - Load CA certs from system store on Windows / OpenSSL ([#446](transmission/transmission#446)) - Add support for mbedtls (formely polarssl) and wolfssl (formely cyassl), LibreSSL ([#115](transmission/transmission#115), [#116](transmission/transmission#116), [#284](transmission/transmission#284), [#486](transmission/transmission#486), [#524](transmission/transmission#524), [#570](transmission/transmission#570)) - Fix building against OpenSSL 1.1.0+ ([#24](transmission/transmission#24)) - Fix quota support for uClibc-ng 1.0.18+ and DragonFly BSD ([#42](transmission/transmission#42), [#58](transmission/transmission#58), [#312](transmission/transmission#312)) - Fix a number of memory leaks (magnet loading, session shutdown, bencoded data parsing) ([#56](transmission/transmission#56)) - Bump miniupnpc version to 2.0.20170509 ([#347](transmission/transmission#347)) - CMake-related improvements (Ninja generator, libappindicator, systemd, Solaris and macOS) ([#72](transmission/transmission#72), [#96](transmission/transmission#96), [#117](transmission/transmission#117), [#118](transmission/transmission#118), [#133](transmission/transmission#133), [#191](transmission/transmission#191)) - Switch to submodules to manage (most of) third-party dependencies - Fail installation on Windows if UCRT is not installed ### Mac Client - Bump minimum macOS version to 10.10 - Dark Mode support ([#644](transmission/transmission#644), [#722](transmission/transmission#722), [#757](transmission/transmission#757), [#779](transmission/transmission#779), [#788](transmission/transmission#788)) - Remove Growl support, notification center is always used ([#387](transmission/transmission#387)) - Fix autoupdate on High Sierra and up by bumping the Sparkle version ([#121](transmission/transmission#121), [#600](transmission/transmission#600)) - Transition to ARC ([#336](transmission/transmission#336)) - Use proper UTF-8 encoding (with macOS-specific normalization) when setting download/incomplete directory and completion script paths ([#11](transmission/transmission#11)) - Fix uncaught exception when dragging multiple items between groups ([#51](transmission/transmission#51)) - Add flat variants of status icons for message log ([#134](transmission/transmission#134)) - Optimize image resources size ([#304](transmission/transmission#304), [#429](transmission/transmission#429)) - Update file icon when file name changes ([#37](transmission/transmission#37)) - Update translations ### GTK+ Client - Add queue up/down hotkeys ([#158](transmission/transmission#158)) - Modernize the .desktop file ([#162](transmission/transmission#162)) - Add AppData file ([#224](transmission/transmission#224)) - Add symbolic icon variant for the Gnome top bar and when the high contrast theme is in use ([#414](transmission/transmission#414), [#449](transmission/transmission#449)) - Update file icon when its name changes ([#37](transmission/transmission#37)) - Switch from intltool to gettext for translations ([#584](transmission/transmission#584), [#647](transmission/transmission#647)) - Update translations, add new translations for Portuguese (Portugal) ### Qt Client - Bump minimum Qt version to 5.2 - Fix dropping .torrent files into main window on Windows ([#269](transmission/transmission#269)) - Fix prepending of drive letter to various user-selected paths on Windows ([#236](transmission/transmission#236), [#307](transmission/transmission#307), [#404](transmission/transmission#404), [#437](transmission/transmission#437), [#699](transmission/transmission#699), [#723](transmission/transmission#723), [#877](transmission/transmission#877)) - Fix sorting by progress in presence of magnet transfers ([#234](transmission/transmission#234)) - Fix .torrent file trashing upon addition ([#262](transmission/transmission#262)) - Add queue up/down hotkeys ([#158](transmission/transmission#158)) - Reduce torrent properties (file tree) memory usage - Display tooltips in torrent properties (file tree) in case the names don't fit ([#411](transmission/transmission#411)) - Improve UI look on hi-dpi displays (YMMV) - Use session ID (if available) to check if session is local or not ([#861](transmission/transmission#861)) - Use default (instead of system) locale to be more flexible ([#130](transmission/transmission#130)) - Modernize the .desktop file ([#162](transmission/transmission#162)) - Update translations, add new translations for Afrikaans, Catalan, Danish, Greek, Norwegian Bokmål, Slovenian ### Daemon - Use libsystemd instead of libsystemd-daemon (TRAC-5921) - Harden transmission-daemon.service by disallowing privileges elevation ([#795](transmission/transmission#795)) - Fix exit code to be zero when dumping settings ([#487](transmission/transmission#487)) ### Web Client - Fix tracker error XSS in inspector (CVE-?) - Fix performance issues due to improper use of `setInterval()` for UI refresh (TRAC-6031) - Fix recognition of `https://` links in comments field ([#41](transmission/transmission#41), [#180](transmission/transmission#180)) - Fix torrent list style in Google Chrome 59+ ([#384](transmission/transmission#384)) - Show ETA in compact view on non-mobile devices ([#146](transmission/transmission#146)) - Show upload file button on mobile devices ([#320](transmission/transmission#320), [#431](transmission/transmission#431), [#956](transmission/transmission#956)) - Add keyboard hotkeys for web interface ([#351](transmission/transmission#351)) - Disable autocompletion in torrent URL field ([#367](transmission/transmission#367)) ### Utils - Prevent crash in transmission-show displaying torrents with invalid creation date ([#609](transmission/transmission#609)) - Handle IPv6 RPC addresses in transmission-remote ([#247](transmission/transmission#247)) - Add `--unsorted` option to transmission-show ([#767](transmission/transmission#767)) - Widen the torrent-id column in transmission-remote for cleaner formatting ([#840](transmission/transmission#840)) To generate a diff of this commit: cvs rdiff -u -r1.26 -r1.27 pkgsrc/net/transmission/Makefile cvs rdiff -u -r1.9 -r1.10 pkgsrc/net/transmission/Makefile.common cvs rdiff -u -r1.3 -r1.4 pkgsrc/net/transmission/PLIST cvs rdiff -u -r1.15 -r1.16 pkgsrc/net/transmission/distinfo cvs rdiff -u -r1.45 -r1.46 pkgsrc/net/transmission-gtk/Makefile cvs rdiff -u -r1.1 -r1.2 pkgsrc/net/transmission-gtk/PLIST cvs rdiff -u -r1.52 -r1.53 pkgsrc/net/transmission-qt/Makefile cvs rdiff -u -r1.6 -r1.7 pkgsrc/net/transmission/patches/patch-qt_qtr.pro ------------------------------------------------------------------- Module Name: pkgsrc Committed By: wiz Date: Sat Jul 25 20:20:05 UTC 2020 Modified Files: pkgsrc/net/transmission-qt: Makefile Log Message: transmission-qt: needs gcc 7.x (for <optional>) Reported and tested by spz. To generate a diff of this commit: cvs rdiff -u -r1.53 -r1.54 pkgsrc/net/transmission-qt/Makefile
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The RPC Server does not appear to have any protection against brute force attacks using username:password combinations. The following patch will allow for up to 100 unsuccessful login attempts after which logins will be disabled.