[arch-commits] Commit in transmission/trunk (3 files)
Florian Pritz
bluewind at archlinux.org
Fri Jan 26 16:43:17 UTC 2018
Date: Friday, January 26, 2018 @ 16:43:15
Author: bluewind
Revision: 315473
upgpkg: transmission 2.93-1
upstream update
Modified:
transmission/trunk/PKGBUILD
Deleted:
transmission/trunk/transmission-2.92-openssl-1.1.0.patch
transmission/trunk/transmission-daemon-rce-fix.patch
---------------------------------------+
PKGBUILD | 12 -
transmission-2.92-openssl-1.1.0.patch | 261 ------------------------------
transmission-daemon-rce-fix.patch | 274 --------------------------------
3 files changed, 3 insertions(+), 544 deletions(-)
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2018-01-26 15:37:29 UTC (rev 315472)
+++ PKGBUILD 2018-01-26 16:43:15 UTC (rev 315473)
@@ -4,22 +4,18 @@
pkgbase=transmission
pkgname=(transmission-cli transmission-gtk transmission-qt)
-pkgver=2.92
-pkgrel=8
+pkgver=2.93
+pkgrel=1
arch=(x86_64)
url="http://www.transmissionbt.com/"
license=(MIT)
makedepends=(gtk3 intltool curl qt5-base libevent systemd qt5-tools)
source=(https://github.com/transmission/transmission-releases/raw/master/transmission-${pkgver}.tar.xz
- transmission-daemon-rce-fix.patch
transmission-2.90-libsystemd.patch
- transmission-2.92-openssl-1.1.0.patch
transmission-cli.sysusers
transmission-cli.tmpfiles)
-sha256sums=('3a8d045c306ad9acb7bf81126939b9594553a388482efa0ec1bfb67b22acd35f'
- '622e40013c8442ed9fae006eeb18f5c5662ab7462d387d845cd51f2b5afe71bf'
+sha256sums=('8815920e0a4499bcdadbbe89a4115092dab42ce5199f71ff9a926cfd12b9b90b'
'9f8f4bb532e0e46776dbd90e75557364f495ec95896ee35900ea222d69bda411'
- 'efd41985f60c977a95744ee44dfbb628424765caee83c6af3e29a5b1cbfadc98'
'641310fb0590d40e00bea1b5b9c843953ab78edf019109f276be9c6a7bdaf5b2'
'1266032bb07e47d6bcdc7dabd74df2557cc466c33bf983a5881316a4cc098451')
@@ -26,8 +22,6 @@
prepare() {
cd $pkgbase-$pkgver
patch -p1 -i "$srcdir/transmission-2.90-libsystemd.patch"
- patch -p1 -i "$srcdir/transmission-2.92-openssl-1.1.0.patch"
- patch -p1 -i "$srcdir/transmission-daemon-rce-fix.patch"
rm -f m4/glib-gettext.m4
autoreconf -fi
Deleted: transmission-2.92-openssl-1.1.0.patch
===================================================================
--- transmission-2.92-openssl-1.1.0.patch 2018-01-26 15:37:29 UTC (rev 315472)
+++ transmission-2.92-openssl-1.1.0.patch 2018-01-26 16:43:15 UTC (rev 315473)
@@ -1,261 +0,0 @@
-From f91cf5ad8c677b61ceb0bf5877b87f9e93256dd7 Mon Sep 17 00:00:00 2001
-From: Sebastian Andrzej Siewior <sebastian at breakpoint.cc>
-Date: Mon, 5 Sep 2016 21:49:07 +0000
-Subject: [PATCH] transmission: build against openssl 1.1.0
-
-Signed-off-by: Sebastian Andrzej Siewior <sebastian at breakpoint.cc>
----
- libtransmission/crypto-utils-openssl.c | 73 ++++++++++++++++++++++++++++++++--
- 1 file changed, 69 insertions(+), 4 deletions(-)
-
-diff --git a/libtransmission/crypto-utils-openssl.c b/libtransmission/crypto-utils-openssl.c
-index c4539dc..972e24a 100644
---- a/libtransmission/crypto-utils-openssl.c
-+++ b/libtransmission/crypto-utils-openssl.c
-@@ -229,6 +229,61 @@ tr_rc4_process (tr_rc4_ctx_t handle,
- ****
- ***/
-
-+#if OPENSSL_VERSION_NUMBER < 0x10100000
-+static inline int
-+DH_set0_pqg (DH * dh,
-+ BIGNUM * p,
-+ BIGNUM * q,
-+ BIGNUM * g)
-+{
-+ /* If the fields p and g in d are NULL, the corresponding input
-+ * parameters MUST be non-NULL. q may remain NULL.
-+ */
-+ if ((dh->p == NULL && p == NULL)
-+ || (dh->g == NULL && g == NULL))
-+ return 0;
-+
-+ if (p != NULL) {
-+ BN_free (dh->p);
-+ dh->p = p;
-+ }
-+ if (q != NULL) {
-+ BN_free (dh->q);
-+ dh->q = q;
-+ }
-+ if (g != NULL) {
-+ BN_free (dh->g);
-+ dh->g = g;
-+ }
-+
-+ if (q != NULL) {
-+ dh->length = BN_num_bits (q);
-+ }
-+
-+ return 1;
-+}
-+
-+static inline int
-+DH_set_length (DH * dh,
-+ long length)
-+{
-+ dh->length = length;
-+ return 1;
-+}
-+
-+static inline void
-+DH_get0_key(const DH * dh,
-+ const BIGNUM ** pub_key,
-+ const BIGNUM ** priv_key)
-+{
-+ if (pub_key != NULL)
-+ *pub_key = dh->pub_key;
-+ if (priv_key != NULL)
-+ *priv_key = dh->priv_key;
-+}
-+
-+#endif
-+
- tr_dh_ctx_t
- tr_dh_new (const uint8_t * prime_num,
- size_t prime_num_length,
-@@ -236,13 +291,19 @@ tr_dh_new (const uint8_t * prime_num,
- size_t generator_num_length)
- {
- DH * handle = DH_new ();
-+ BIGNUM * p, * g;
-
- assert (prime_num != NULL);
- assert (generator_num != NULL);
-+ p = BN_bin2bn (prime_num, prime_num_length, NULL);
-+ g = BN_bin2bn (generator_num, generator_num_length, NULL);
-
-- if (!check_pointer (handle->p = BN_bin2bn (prime_num, prime_num_length, NULL)) ||
-- !check_pointer (handle->g = BN_bin2bn (generator_num, generator_num_length, NULL)))
-+ if (!check_pointer (p) ||
-+ !check_pointer (g) ||
-+ !DH_set0_pqg (handle, p, NULL, g))
- {
-+ BN_free (p);
-+ BN_free (g);
- DH_free (handle);
- handle = NULL;
- }
-@@ -267,16 +328,20 @@ tr_dh_make_key (tr_dh_ctx_t raw_handle,
- {
- DH * handle = raw_handle;
- int dh_size, my_public_key_length;
-+ const BIGNUM * hand_pub_key;
-
- assert (handle != NULL);
- assert (public_key != NULL);
-
-- handle->length = private_key_length * 8;
-+
-+ DH_set_length(handle, private_key_length * 8);
-
- if (!check_result (DH_generate_key (handle)))
- return false;
-
-- my_public_key_length = BN_bn2bin (handle->pub_key, public_key);
-+ DH_get0_key (handle, &hand_pub_key, NULL);
-+
-+ my_public_key_length = BN_bn2bin (hand_pub_key, public_key);
- dh_size = DH_size (handle);
-
- tr_dh_align_key (public_key, my_public_key_length, dh_size);
-From 8c8386a7f3f482a9c917f51d28e0042e55f56b3e Mon Sep 17 00:00:00 2001
-From: Mike Gelfand <mikedld at mikedld.com>
-Date: Wed, 7 Sep 2016 01:09:04 +0300
-Subject: [PATCH] Fix coding style and building with !TR_LIGHTWEIGHT
-
----
- libtransmission/crypto-utils-openssl.c | 60 +++++++++++++++++++---------------
- 1 file changed, 33 insertions(+), 27 deletions(-)
-
-diff --git a/libtransmission/crypto-utils-openssl.c b/libtransmission/crypto-utils-openssl.c
-index 972e24a..9fd2c58 100644
---- a/libtransmission/crypto-utils-openssl.c
-+++ b/libtransmission/crypto-utils-openssl.c
-@@ -14,6 +14,7 @@
- #include <assert.h>
-
- #include <openssl/bn.h>
-+#include <openssl/crypto.h>
- #include <openssl/dh.h>
- #include <openssl/err.h>
- #include <openssl/evp.h>
-@@ -48,7 +49,12 @@ log_openssl_error (const char * file,
- static bool strings_loaded = false;
- if (!strings_loaded)
- {
-+#if OPENSSL_VERSION_NUMBER < 0x10100000
- ERR_load_crypto_strings ();
-+#else
-+ OPENSSL_init_crypto (OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL);
-+#endif
-+
- strings_loaded = true;
- }
- #endif
-@@ -230,6 +236,7 @@ tr_rc4_process (tr_rc4_ctx_t handle,
- ***/
-
- #if OPENSSL_VERSION_NUMBER < 0x10100000
-+
- static inline int
- DH_set0_pqg (DH * dh,
- BIGNUM * p,
-@@ -237,28 +244,29 @@ DH_set0_pqg (DH * dh,
- BIGNUM * g)
- {
- /* If the fields p and g in d are NULL, the corresponding input
-- * parameters MUST be non-NULL. q may remain NULL.
-+ * parameters MUST be non-NULL. q may remain NULL.
- */
-- if ((dh->p == NULL && p == NULL)
-- || (dh->g == NULL && g == NULL))
-+ if ((dh->p == NULL && p == NULL) || (dh->g == NULL && g == NULL))
- return 0;
-
-- if (p != NULL) {
-- BN_free (dh->p);
-- dh->p = p;
-- }
-- if (q != NULL) {
-- BN_free (dh->q);
-- dh->q = q;
-- }
-- if (g != NULL) {
-- BN_free (dh->g);
-- dh->g = g;
-- }
--
-- if (q != NULL) {
-+ if (p != NULL)
-+ {
-+ BN_free (dh->p);
-+ dh->p = p;
-+ }
-+ if (q != NULL)
-+ {
-+ BN_free (dh->q);
-+ dh->q = q;
-+ }
-+ if (g != NULL)
-+ {
-+ BN_free (dh->g);
-+ dh->g = g;
-+ }
-+
-+ if (q != NULL)
- dh->length = BN_num_bits (q);
-- }
-
- return 1;
- }
-@@ -267,8 +275,8 @@ static inline int
- DH_set_length (DH * dh,
- long length)
- {
-- dh->length = length;
-- return 1;
-+ dh->length = length;
-+ return 1;
- }
-
- static inline void
-@@ -295,12 +303,11 @@ tr_dh_new (const uint8_t * prime_num,
-
- assert (prime_num != NULL);
- assert (generator_num != NULL);
-+
- p = BN_bin2bn (prime_num, prime_num_length, NULL);
- g = BN_bin2bn (generator_num, generator_num_length, NULL);
-
-- if (!check_pointer (p) ||
-- !check_pointer (g) ||
-- !DH_set0_pqg (handle, p, NULL, g))
-+ if (!check_pointer (p) || !check_pointer (g) || !DH_set0_pqg (handle, p, NULL, g))
- {
- BN_free (p);
- BN_free (g);
-@@ -328,20 +335,19 @@ tr_dh_make_key (tr_dh_ctx_t raw_handle,
- {
- DH * handle = raw_handle;
- int dh_size, my_public_key_length;
-- const BIGNUM * hand_pub_key;
-+ const BIGNUM * my_public_key;
-
- assert (handle != NULL);
- assert (public_key != NULL);
-
--
- DH_set_length(handle, private_key_length * 8);
-
- if (!check_result (DH_generate_key (handle)))
- return false;
-
-- DH_get0_key (handle, &hand_pub_key, NULL);
-+ DH_get0_key (handle, &my_public_key, NULL);
-
-- my_public_key_length = BN_bn2bin (hand_pub_key, public_key);
-+ my_public_key_length = BN_bn2bin (my_public_key, public_key);
- dh_size = DH_size (handle);
-
- tr_dh_align_key (public_key, my_public_key_length, dh_size);
Deleted: transmission-daemon-rce-fix.patch
===================================================================
--- transmission-daemon-rce-fix.patch 2018-01-26 15:37:29 UTC (rev 315472)
+++ transmission-daemon-rce-fix.patch 2018-01-26 16:43:15 UTC (rev 315473)
@@ -1,274 +0,0 @@
-diff --git a/libtransmission/quark.c b/libtransmission/quark.c
-index 861050057..e19ac9a2f 100644
---- a/libtransmission/quark.c
-+++ b/libtransmission/quark.c
-@@ -288,6 +288,8 @@ static struct tr_key_struct const my_static[] =
- { "rpc-authentication-required", 27 },
- { "rpc-bind-address", 16 },
- { "rpc-enabled", 11 },
-+ { "rpc-host-whitelist", 18 },
-+ { "rpc-host-whitelist-enabled", 26 },
- { "rpc-password", 12 },
- { "rpc-port", 8 },
- { "rpc-url", 7 },
-diff --git a/libtransmission/quark.h b/libtransmission/quark.h
-index d40ab75fa..9dc534560 100644
---- a/libtransmission/quark.h
-+++ b/libtransmission/quark.h
-@@ -290,6 +290,8 @@ enum
- TR_KEY_rpc_authentication_required,
- TR_KEY_rpc_bind_address,
- TR_KEY_rpc_enabled,
-+ TR_KEY_rpc_host_whitelist,
-+ TR_KEY_rpc_host_whitelist_enabled,
- TR_KEY_rpc_password,
- TR_KEY_rpc_port,
- TR_KEY_rpc_url,
-diff --git a/libtransmission/rpc-server.c b/libtransmission/rpc-server.c
-index 7c78f92ac..c4db2e64c 100644
---- a/libtransmission/rpc-server.c
-+++ b/libtransmission/rpc-server.c
-@@ -51,6 +51,7 @@ struct tr_rpc_server
- bool isEnabled;
- bool isPasswordEnabled;
- bool isWhitelistEnabled;
-+ bool isHostWhitelistEnabled;
- tr_port port;
- char * url;
- struct in_addr bindAddress;
-@@ -62,6 +63,7 @@ struct tr_rpc_server
- char * password;
- char * whitelistStr;
- tr_list * whitelist;
-+ tr_list* hostWhitelist;
-
- char * sessionId;
- time_t sessionIdExpiresAt;
-@@ -547,6 +549,48 @@ static bool isAddressAllowed(tr_rpc_server const* server, char const* address)
- return false;
- }
-
-+static bool isHostnameAllowed(tr_rpc_server const* server, struct evhttp_request* req)
-+{
-+ const char *host = evhttp_find_header(req->input_headers, "Host");
-+ char *hostname;
-+
-+ // If password auth is enabled, any hostname is permitted.
-+ if (server->isPasswordEnabled)
-+ return true;
-+
-+ // If whitelist is disabled, no restrictions.
-+ if (!server->isHostWhitelistEnabled)
-+ return true;
-+
-+ // No host header, invalid request.
-+ if (!host)
-+ return false;
-+
-+ // Host header might include the port.
-+ hostname = tr_strndup(host, strcspn(host, ":"));
-+
-+ // localhost or ipaddress is always acceptable.
-+ if (strcmp(hostname, "localhost") == 0
-+ || strcmp(hostname, "localhost.") == 0
-+ || tr_addressIsIP(hostname))
-+ {
-+ tr_free(hostname);
-+ return true;
-+ }
-+
-+ // Otherwise, hostname must be whitelisted.
-+ for (tr_list* l = server->hostWhitelist; l != NULL; l = l->next) {
-+ if (tr_wildmat(hostname, l->data))
-+ {
-+ tr_free(hostname);
-+ return true;
-+ }
-+ }
-+
-+ tr_free(hostname);
-+ return false;
-+}
-+
- static bool
- test_session_id (struct tr_rpc_server * server, struct evhttp_request * req)
- {
-@@ -636,6 +680,22 @@ static void handle_request(struct evhttp_request* req, void* arg)
- handle_upload (req, server);
- }
- #ifdef REQUIRE_SESSION_ID
-+ else if (!isHostnameAllowed(server, req))
-+ {
-+ char* tmp = tr_strdup_printf(
-+ "<p>Transmission received your request, but the hostname was unrecognized.</p>"
-+ "<p>To fix this, choose one of the following options:"
-+ "<ul>"
-+ "<li>Enable password authentication, then any hostname is allowed.</li>"
-+ "<li>Add the hostname you want to use to the whitelist in settings.</li>"
-+ "</ul></p>"
-+ "<p>If you're editing settings.json, see the 'rpc-host-whitelist' and 'rpc-host-whitelist-enabled' entries.</p>"
-+ "<p>This requirement has been added to help prevent "
-+ "<a href=\"https://en.wikipedia.org/wiki/DNS_rebinding\">DNS Rebinding</a> "
-+ "attacks.</p>");
-+ send_simple_response(req, 421, tmp);
-+ tr_free(tmp);
-+ }
- else if (!test_session_id (server, req))
- {
- const char * sessionId = get_current_session_id (server);
-@@ -647,7 +707,7 @@ static void handle_request(struct evhttp_request* req, void* arg)
- "<li> When you get this 409 error message, resend your request with the updated header"
- "</ol></p>"
- "<p>This requirement has been added to help prevent "
-- "<a href=\"http://en.wikipedia.org/wiki/Cross-site_request_forgery\">CSRF</a> "
-+ "<a href=\"https://en.wikipedia.org/wiki/Cross-site_request_forgery\">CSRF</a> "
- "attacks.</p>"
- "<p><code>%s: %s</code></p>",
- TR_RPC_SESSION_ID_HEADER, sessionId);
-@@ -875,19 +875,13 @@ char const* tr_rpcGetUrl(tr_rpc_server const* server)
- return server->url ? server->url : "";
- }
-
--void
--tr_rpcSetWhitelist (tr_rpc_server * server, const char * whitelistStr)
-+static void tr_rpcSetList(char const* whitelistStr, tr_list** list)
- {
- void * tmp;
- const char * walk;
-
-- /* keep the string */
-- tmp = server->whitelistStr;
-- server->whitelistStr = tr_strdup (whitelistStr);
-- tr_free (tmp);
--
- /* clear out the old whitelist entries */
-- while ((tmp = tr_list_pop_front (&server->whitelist)))
-+ while ((tmp = tr_list_pop_front(list)) != NULL)
- tr_free (tmp);
-
- /* build the new whitelist entries */
-@@ -866,7 +921,7 @@ void tr_rpcSetWhitelist(tr_rpc_server* server, char const* whitelistStr)
- const char * delimiters = " ,;";
- const size_t len = strcspn (walk, delimiters);
- char * token = tr_strndup (walk, len);
-- tr_list_append (&server->whitelist, token);
-+ tr_list_append(list, token);
- if (strcspn (token, "+-") < len)
- tr_logAddNamedInfo (MY_NAME, "Adding address to whitelist: %s (And it has a '+' or '-'! Are you using an old ACL by mistake?)", token);
- else
-@@ -889,6 +944,22 @@ void tr_rpcSetWhitelist(tr_rpc_server* server, char const* whitelistStr)
- }
- }
-
-+void tr_rpcSetHostWhitelist(tr_rpc_server* server, char const* whitelistStr)
-+{
-+ tr_rpcSetList(whitelistStr, &server->hostWhitelist);
-+}
-+
-+void tr_rpcSetWhitelist(tr_rpc_server* server, char const* whitelistStr)
-+{
-+ /* keep the string */
-+ char* const tmp = server->whitelistStr;
-+
-+ server->whitelistStr = tr_strdup(whitelistStr);
-+ tr_free(tmp);
-+
-+ tr_rpcSetList(whitelistStr, &server->whitelist);
-+}
-+
- const char*
- tr_rpcGetWhitelist (const tr_rpc_server * server)
- {
-@@ -904,6 +975,11 @@ bool tr_rpcGetWhitelistEnabled(tr_rpc_server const* server)
- return server->isWhitelistEnabled;
- }
-
-+void tr_rpcSetHostWhitelistEnabled(tr_rpc_server* server, bool isEnabled)
-+{
-+ server->isHostWhitelistEnabled = isEnabled;
-+}
-+
- /****
- ***** PASSWORD
- ****/
-@@ -1054,6 +1130,28 @@ tr_rpc_server* tr_rpcInit(tr_session* session, tr_variant* settings)
- else
- tr_rpcSetWhitelistEnabled (s, boolVal);
-
-+ key = TR_KEY_rpc_host_whitelist_enabled;
-+
-+ if (!tr_variantDictFindBool(settings, key, &boolVal))
-+ {
-+ missing_settings_key(key);
-+ }
-+ else
-+ {
-+ tr_rpcSetHostWhitelistEnabled(s, boolVal);
-+ }
-+
-+ key = TR_KEY_rpc_host_whitelist;
-+
-+ if (!tr_variantDictFindStr(settings, key, &str, NULL) && str != NULL)
-+ {
-+ missing_settings_key(key);
-+ }
-+ else
-+ {
-+ tr_rpcSetHostWhitelist(s, str);
-+ }
-+
- key = TR_KEY_rpc_authentication_required;
- if (!tr_variantDictFindBool (settings, key, &boolVal))
- missing_settings_key (key);
-diff --git a/libtransmission/rpc-server.h b/libtransmission/rpc-server.h
-index 46e8a871f..ad1eb5204 100644
---- a/libtransmission/rpc-server.h
-+++ b/libtransmission/rpc-server.h
-@@ -49,6 +49,10 @@ void tr_rpcSetWhitelist (tr_rpc_server * server,
-
- const char* tr_rpcGetWhitelist (const tr_rpc_server * server);
-
-+void tr_rpcSetHostWhitelistEnabled (tr_rpc_server * server, bool isEnabled);
-+
-+void tr_rpcSetHostWhitelist (tr_rpc_server * server, char const * whitelist);
-+
- void tr_rpcSetPassword (tr_rpc_server * server,
- const char * password);
-
-diff --git a/libtransmission/session.c b/libtransmission/session.c
-index 86d054f7f..9a0b7c104 100644
---- a/libtransmission/session.c
-+++ b/libtransmission/session.c
-@@ -371,6 +371,8 @@ void tr_sessionGetDefaultSettings(tr_variant* d)
- tr_variantDictAddStr (d, TR_KEY_rpc_username, "");
- tr_variantDictAddStr (d, TR_KEY_rpc_whitelist, TR_DEFAULT_RPC_WHITELIST);
- tr_variantDictAddBool (d, TR_KEY_rpc_whitelist_enabled, true);
-+ tr_variantDictAddStr (d, TR_KEY_rpc_host_whitelist, TR_DEFAULT_RPC_HOST_WHITELIST);
-+ tr_variantDictAddBool (d, TR_KEY_rpc_host_whitelist_enabled, true);
- tr_variantDictAddInt (d, TR_KEY_rpc_port, atoi (TR_DEFAULT_RPC_PORT_STR));
- tr_variantDictAddStr (d, TR_KEY_rpc_url, TR_DEFAULT_RPC_URL_STR);
- tr_variantDictAddBool (d, TR_KEY_scrape_paused_torrents_enabled, true);
-diff --git a/libtransmission/transmission.h b/libtransmission/transmission.h
-index ac1871adb..08a24eca4 100644
---- a/libtransmission/transmission.h
-+++ b/libtransmission/transmission.h
-@@ -109,6 +109,7 @@ char const* tr_getDefaultDownloadDir(void);
- #define TR_DEFAULT_BIND_ADDRESS_IPV4 "0.0.0.0"
- #define TR_DEFAULT_BIND_ADDRESS_IPV6 "::"
- #define TR_DEFAULT_RPC_WHITELIST "127.0.0.1"
-+#define TR_DEFAULT_RPC_HOST_WHITELIST ""
- #define TR_DEFAULT_RPC_PORT_STR "9091"
- #define TR_DEFAULT_RPC_URL_STR "/transmission/"
- #define TR_DEFAULT_PEER_PORT_STR "51413"
-diff --git a/libtransmission/web.c b/libtransmission/web.c
-index cca888b66..a57c85457 100644
---- a/libtransmission/web.c
-+++ b/libtransmission/web.c
-@@ -678,6 +678,7 @@ char const* tr_webGetResponseStr(long code)
- case 415: return "Unsupported Media Type";
- case 416: return "Requested Range Not Satisfiable";
- case 417: return "Expectation Failed";
-+ case 421: return "Misdirected Request";
- case 500: return "Internal Server Error";
- case 501: return "Not Implemented";
- case 502: return "Bad Gateway";
More information about the arch-commits
mailing list