diff options
author | wiz <wiz@pkgsrc.org> | 2019-07-20 23:24:29 +0000 |
---|---|---|
committer | wiz <wiz@pkgsrc.org> | 2019-07-20 23:24:29 +0000 |
commit | b678e5fabd0697ad766ae1e58b3d8af929cd65f9 (patch) | |
tree | 55c6e69841ef68942b76956326c5c905dc2bda91 /net | |
parent | 9763656efbe89a4f0c9ccf200e86b378731ddf91 (diff) | |
download | pkgsrc-b678e5fabd0697ad766ae1e58b3d8af929cd65f9.tar.gz |
transmission: remove obsolete patches
Diffstat (limited to 'net')
10 files changed, 0 insertions, 635 deletions
diff --git a/net/transmission/patches/patch-ab b/net/transmission/patches/patch-ab deleted file mode 100644 index 96022fe9034..00000000000 --- a/net/transmission/patches/patch-ab +++ /dev/null @@ -1,20 +0,0 @@ -$NetBSD: patch-ab,v 1.2 2014/04/01 11:13:28 wiz Exp $ - -Provide default implementation if none exists. - ---- third-party/libnatpmp/getgateway.c.orig 2008-08-09 06:08:13.000000000 +0200 -+++ third-party/libnatpmp/getgateway.c -@@ -49,6 +49,13 @@ - #undef USE_SYSCTL_NET_ROUTE - #endif - -+#if !defined(USE_PROC_NET_ROUTE) && !defined(USE_SOCKET_ROUTE) && !defined(USE_SYSCTL_NET_ROUTE) -+int getdefaultgateway(in_addr_t * addr) -+{ -+ return -1; -+} -+#endif -+ - #ifdef WIN32 - #undef USE_PROC_NET_ROUTE - #undef USE_SOCKET_ROUTE diff --git a/net/transmission/patches/patch-libtransmission_crypto-utils-openssl.c b/net/transmission/patches/patch-libtransmission_crypto-utils-openssl.c deleted file mode 100644 index f40b2ed3b45..00000000000 --- a/net/transmission/patches/patch-libtransmission_crypto-utils-openssl.c +++ /dev/null @@ -1,115 +0,0 @@ -$NetBSD: patch-libtransmission_crypto-utils-openssl.c,v 1.1 2018/02/16 12:33:37 wiz Exp $ - -Fix build with openssl-1.1. -From upstream via Peter Hjalmarsson via -https://bugzilla.redhat.com/show_bug.cgi?id=1468077 - ---- libtransmission/crypto-utils-openssl.c.orig 2015-12-29 00:47:32.449150371 +0000 -+++ libtransmission/crypto-utils-openssl.c -@@ -230,6 +230,61 @@ tr_rc4_process (tr_rc4_ctx_t handle, - **** - ***/ - -+#if OPENSSL_VERSION_NUMBER < 0x10100000 -+static inline int -+DH_set0_pqg (DH * dh, -+ BIGNUM * p, -+ BIGNUM * q, -+ BIGNUM * g) -+{ -+ /* If the fields p and g in d are NULL, the corresponding input -+ * parameters MUST be non-NULL. q may remain NULL. -+ */ -+ if ((dh->p == NULL && p == NULL) -+ || (dh->g == NULL && g == NULL)) -+ return 0; -+ -+ if (p != NULL) { -+ BN_free (dh->p); -+ dh->p = p; -+ } -+ if (q != NULL) { -+ BN_free (dh->q); -+ dh->q = q; -+ } -+ if (g != NULL) { -+ BN_free (dh->g); -+ dh->g = g; -+ } -+ -+ if (q != NULL) { -+ dh->length = BN_num_bits (q); -+ } -+ -+ return 1; -+} -+ -+static inline int -+DH_set_length (DH * dh, -+ long length) -+{ -+ dh->length = length; -+ return 1; -+} -+ -+static inline void -+DH_get0_key(const DH * dh, -+ const BIGNUM ** pub_key, -+ const BIGNUM ** priv_key) -+{ -+ if (pub_key != NULL) -+ *pub_key = dh->pub_key; -+ if (priv_key != NULL) -+ *priv_key = dh->priv_key; -+} -+ -+#endif -+ - tr_dh_ctx_t - tr_dh_new (const uint8_t * prime_num, - size_t prime_num_length, -@@ -237,13 +292,19 @@ tr_dh_new (const uint8_t * prime_num, - size_t generator_num_length) - { - DH * handle = DH_new (); -+ BIGNUM * p, * g; - - assert (prime_num != NULL); - assert (generator_num != NULL); -+ p = BN_bin2bn (prime_num, prime_num_length, NULL); -+ g = BN_bin2bn (generator_num, generator_num_length, NULL); - -- if (!check_pointer (handle->p = BN_bin2bn (prime_num, prime_num_length, NULL)) || -- !check_pointer (handle->g = BN_bin2bn (generator_num, generator_num_length, NULL))) -+ if (!check_pointer (p) || -+ !check_pointer (g) || -+ !DH_set0_pqg (handle, p, NULL, g)) - { -+ BN_free (p); -+ BN_free (g); - DH_free (handle); - handle = NULL; - } -@@ -268,16 +329,20 @@ tr_dh_make_key (tr_dh_ctx_t raw_handle - { - DH * handle = raw_handle; - int dh_size, my_public_key_length; -+ const BIGNUM * hand_pub_key; - - assert (handle != NULL); - assert (public_key != NULL); - -- handle->length = private_key_length * 8; -+ -+ DH_set_length(handle, private_key_length * 8); - - if (!check_result (DH_generate_key (handle))) - return false; - -- my_public_key_length = BN_bn2bin (handle->pub_key, public_key); -+ DH_get0_key (handle, &hand_pub_key, NULL); -+ -+ my_public_key_length = BN_bn2bin (hand_pub_key, public_key); - dh_size = DH_size (handle); - - tr_dh_align_key (public_key, my_public_key_length, dh_size); diff --git a/net/transmission/patches/patch-libtransmission_platform-quota.c b/net/transmission/patches/patch-libtransmission_platform-quota.c deleted file mode 100644 index 70538e106cf..00000000000 --- a/net/transmission/patches/patch-libtransmission_platform-quota.c +++ /dev/null @@ -1,42 +0,0 @@ -$NetBSD$ - -Fix dragonflybsd build - ---- libtransmission/platform-quota.c.orig 2017-06-19 12:56:41.129003307 +0000 -+++ libtransmission/platform-quota.c -@@ -18,6 +18,8 @@ - #include <sys/types.h> /* types needed by quota.h */ - #if defined(__FreeBSD__) || defined(__OpenBSD__) - #include <ufs/ufs/quota.h> /* quotactl() */ -+ #elif defined (__DragonFly__) -+ #include <vfs/ufs/quota.h> /* quotactl */ - #elif defined (__NetBSD__) - #include <sys/param.h> - #ifndef statfs -@@ -244,12 +246,16 @@ getquota (const char * device) - static int64_t - getquota (const char * device) - { -+#ifdef __DragonFly__ -+ struct ufs_dqblk dq; -+#else - struct dqblk dq; -+#endif - int64_t limit; - int64_t freespace; - int64_t spaceused; - --#if defined(__FreeBSD__) || defined(__OpenBSD__) || defined(__APPLE__) -+#if defined(__FreeBSD__) || defined(__DragonFly__) || defined(__OpenBSD__) || defined(__APPLE__) - if (quotactl(device, QCMD(Q_GETQUOTA, USRQUOTA), getuid(), (caddr_t) &dq) == 0) - { - #elif defined(__sun) -@@ -281,7 +287,7 @@ getquota (const char * device) - /* No quota enabled for this user */ - return -1; - } --#if defined(__FreeBSD__) || defined(__OpenBSD__) -+#if defined(__FreeBSD__) || defined(__DragonFly__) || defined(__OpenBSD__) - spaceused = (int64_t) dq.dqb_curblocks >> 1; - #elif defined(__APPLE__) - spaceused = (int64_t) dq.dqb_curbytes; diff --git a/net/transmission/patches/patch-libtransmission_quark.c b/net/transmission/patches/patch-libtransmission_quark.c deleted file mode 100644 index cda163fb466..00000000000 --- a/net/transmission/patches/patch-libtransmission_quark.c +++ /dev/null @@ -1,39 +0,0 @@ -$NetBSD: patch-libtransmission_quark.c,v 1.1 2018/01/16 09:37:00 wiz Exp $ - -Fix a weakness that allows remote code execution via the Transmission -RPC server using DNS rebinding: - -https://bugs.chromium.org/p/project-zero/issues/detail?id=1447 - -Patch adapted from Tavis Ormandy's patch on the Transmission master -branch to the Transmission 2.92 release by Leo Famulari -<leo@famulari.name>: - -https://github.com/transmission/transmission/pull/468/commits - -From fe2d3c6e75088f3d9b6040ce06da3d530358bc2f Mon Sep 17 00:00:00 2001 -From: Tavis Ormandy <taviso@google.com> -Date: Thu, 11 Jan 2018 10:00:41 -0800 -Subject: [PATCH] mitigate dns rebinding attacks against daemon - ---- - libtransmission/quark.c | 2 + - libtransmission/quark.h | 2 + - libtransmission/rpc-server.c | 116 +++++++++++++++++++++++++++++++++++++---- - libtransmission/rpc-server.h | 4 ++ - libtransmission/session.c | 2 + - libtransmission/transmission.h | 1 + - libtransmission/web.c | 3 ++ - 7 files changed, 121 insertions(+), 9 deletions(-) - ---- libtransmission/quark.c.orig 2016-01-09 18:02:58.738698801 +0000 -+++ libtransmission/quark.c -@@ -289,6 +289,8 @@ static const struct tr_key_struct my_sta - { "rpc-authentication-required", 27 }, - { "rpc-bind-address", 16 }, - { "rpc-enabled", 11 }, -+ { "rpc-host-whitelist", 18 }, -+ { "rpc-host-whitelist-enabled", 26 }, - { "rpc-password", 12 }, - { "rpc-port", 8 }, - { "rpc-url", 7 }, diff --git a/net/transmission/patches/patch-libtransmission_quark.h b/net/transmission/patches/patch-libtransmission_quark.h deleted file mode 100644 index 926a75a5848..00000000000 --- a/net/transmission/patches/patch-libtransmission_quark.h +++ /dev/null @@ -1,39 +0,0 @@ -$NetBSD: patch-libtransmission_quark.h,v 1.1 2018/01/16 09:37:00 wiz Exp $ - -Fix a weakness that allows remote code execution via the Transmission -RPC server using DNS rebinding: - -https://bugs.chromium.org/p/project-zero/issues/detail?id=1447 - -Patch adapted from Tavis Ormandy's patch on the Transmission master -branch to the Transmission 2.92 release by Leo Famulari -<leo@famulari.name>: - -https://github.com/transmission/transmission/pull/468/commits - -From fe2d3c6e75088f3d9b6040ce06da3d530358bc2f Mon Sep 17 00:00:00 2001 -From: Tavis Ormandy <taviso@google.com> -Date: Thu, 11 Jan 2018 10:00:41 -0800 -Subject: [PATCH] mitigate dns rebinding attacks against daemon - ---- - libtransmission/quark.c | 2 + - libtransmission/quark.h | 2 + - libtransmission/rpc-server.c | 116 +++++++++++++++++++++++++++++++++++++---- - libtransmission/rpc-server.h | 4 ++ - libtransmission/session.c | 2 + - libtransmission/transmission.h | 1 + - libtransmission/web.c | 3 ++ - 7 files changed, 121 insertions(+), 9 deletions(-) - ---- libtransmission/quark.h.orig 2015-06-28 19:23:49.613528096 +0000 -+++ libtransmission/quark.h -@@ -291,6 +291,8 @@ enum - TR_KEY_rpc_authentication_required, - TR_KEY_rpc_bind_address, - TR_KEY_rpc_enabled, -+ TR_KEY_rpc_host_whitelist, -+ TR_KEY_rpc_host_whitelist_enabled, - TR_KEY_rpc_password, - TR_KEY_rpc_port, - TR_KEY_rpc_url, diff --git a/net/transmission/patches/patch-libtransmission_rpc-server.c b/net/transmission/patches/patch-libtransmission_rpc-server.c deleted file mode 100644 index 5d2ee9ac7a3..00000000000 --- a/net/transmission/patches/patch-libtransmission_rpc-server.c +++ /dev/null @@ -1,224 +0,0 @@ -$NetBSD: patch-libtransmission_rpc-server.c,v 1.1 2018/01/16 09:37:00 wiz Exp $ - -Fix a weakness that allows remote code execution via the Transmission -RPC server using DNS rebinding: - -https://bugs.chromium.org/p/project-zero/issues/detail?id=1447 - -Patch adapted from Tavis Ormandy's patch on the Transmission master -branch to the Transmission 2.92 release by Leo Famulari -<leo@famulari.name>: - -https://github.com/transmission/transmission/pull/468/commits - -From fe2d3c6e75088f3d9b6040ce06da3d530358bc2f Mon Sep 17 00:00:00 2001 -From: Tavis Ormandy <taviso@google.com> -Date: Thu, 11 Jan 2018 10:00:41 -0800 -Subject: [PATCH] mitigate dns rebinding attacks against daemon - ---- - libtransmission/quark.c | 2 + - libtransmission/quark.h | 2 + - libtransmission/rpc-server.c | 116 +++++++++++++++++++++++++++++++++++++---- - libtransmission/rpc-server.h | 4 ++ - libtransmission/session.c | 2 + - libtransmission/transmission.h | 1 + - libtransmission/web.c | 3 ++ - 7 files changed, 121 insertions(+), 9 deletions(-) - ---- libtransmission/rpc-server.c.orig 2016-01-09 18:02:58.740698836 +0000 -+++ libtransmission/rpc-server.c -@@ -52,6 +52,7 @@ struct tr_rpc_server - bool isEnabled; - bool isPasswordEnabled; - bool isWhitelistEnabled; -+ bool isHostWhitelistEnabled; - tr_port port; - char * url; - struct in_addr bindAddress; -@@ -63,6 +64,7 @@ struct tr_rpc_server - char * password; - char * whitelistStr; - tr_list * whitelist; -+ tr_list * hostWhitelist; - - char * sessionId; - time_t sessionIdExpiresAt; -@@ -588,6 +590,49 @@ isAddressAllowed (const tr_rpc_server * - return false; - } - -+static bool isHostnameAllowed(tr_rpc_server const* server, struct evhttp_request* req) -+{ -+ /* If password auth is enabled, any hostname is permitted. */ -+ if (server->isPasswordEnabled) -+ { -+ return true; -+ } -+ -+ char const* const host = evhttp_find_header(req->input_headers, "Host"); -+ -+ // If whitelist is disabled, no restrictions. -+ if (!server->isHostWhitelistEnabled) -+ return true; -+ -+ /* No host header, invalid request. */ -+ if (host == NULL) -+ { -+ return false; -+ } -+ -+ /* Host header might include the port. */ -+ char* const hostname = tr_strndup(host, strcspn(host, ":")); -+ -+ /* localhost or ipaddress is always acceptable. */ -+ if (strcmp(hostname, "localhost") == 0 || strcmp(hostname, "localhost.") == 0 || tr_addressIsIP(hostname)) -+ { -+ tr_free(hostname); -+ return true; -+ } -+ -+ /* Otherwise, hostname must be whitelisted. */ -+ for (tr_list* l = server->hostWhitelist; l != NULL; l = l->next) { -+ if (tr_wildmat(hostname, l->data)) -+ { -+ tr_free(hostname); -+ return true; -+ } -+ } -+ -+ tr_free(hostname); -+ return false; -+} -+ - static bool - test_session_id (struct tr_rpc_server * server, struct evhttp_request * req) - { -@@ -663,6 +708,23 @@ handle_request (struct evhttp_request * - handle_upload (req, server); - } - #ifdef REQUIRE_SESSION_ID -+ else if (!isHostnameAllowed(server, req)) -+ { -+ char* tmp = tr_strdup_printf( -+ "<p>Transmission received your request, but the hostname was unrecognized.</p>" -+ "<p>To fix this, choose one of the following options:" -+ "<ul>" -+ "<li>Enable password authentication, then any hostname is allowed.</li>" -+ "<li>Add the hostname you want to use to the whitelist in settings.</li>" -+ "</ul></p>" -+ "<p>If you're editing settings.json, see the 'rpc-host-whitelist' and 'rpc-host-whitelist-enabled' entries.</p>" -+ "<p>This requirement has been added to help prevent " -+ "<a href=\"https://en.wikipedia.org/wiki/DNS_rebinding\">DNS Rebinding</a> " -+ "attacks.</p>"); -+ send_simple_response(req, 421, tmp); -+ tr_free(tmp); -+ } -+ - else if (!test_session_id (server, req)) - { - const char * sessionId = get_current_session_id (server); -@@ -674,7 +736,7 @@ handle_request (struct evhttp_request * - "<li> When you get this 409 error message, resend your request with the updated header" - "</ol></p>" - "<p>This requirement has been added to help prevent " -- "<a href=\"http://en.wikipedia.org/wiki/Cross-site_request_forgery\">CSRF</a> " -+ "<a href=\"https://en.wikipedia.org/wiki/Cross-site_request_forgery\">CSRF</a> " - "attacks.</p>" - "<p><code>%s: %s</code></p>", - TR_RPC_SESSION_ID_HEADER, sessionId); -@@ -875,19 +937,14 @@ tr_rpcGetUrl (const tr_rpc_server * serv - return server->url ? server->url : ""; - } - --void --tr_rpcSetWhitelist (tr_rpc_server * server, const char * whitelistStr) -+static void -+tr_rpcSetList (char const* whitelistStr, tr_list** list) - { - void * tmp; - const char * walk; - -- /* keep the string */ -- tmp = server->whitelistStr; -- server->whitelistStr = tr_strdup (whitelistStr); -- tr_free (tmp); -- - /* clear out the old whitelist entries */ -- while ((tmp = tr_list_pop_front (&server->whitelist))) -+ while ((tmp = tr_list_pop_front (list)) != NULL) - tr_free (tmp); - - /* build the new whitelist entries */ -@@ -896,7 +953,7 @@ tr_rpcSetWhitelist (tr_rpc_server * serv - const char * delimiters = " ,;"; - const size_t len = strcspn (walk, delimiters); - char * token = tr_strndup (walk, len); -- tr_list_append (&server->whitelist, token); -+ tr_list_append (list, token); - if (strcspn (token, "+-") < len) - tr_logAddNamedInfo (MY_NAME, "Adding address to whitelist: %s (And it has a '+' or '-'! Are you using an old ACL by mistake?)", token); - else -@@ -909,6 +966,21 @@ tr_rpcSetWhitelist (tr_rpc_server * serv - } - } - -+void tr_rpcSetHostWhitelist(tr_rpc_server* server, char const* whitelistStr) -+{ -+ tr_rpcSetList(whitelistStr, &server->hostWhitelist); -+} -+ -+void tr_rpcSetWhitelist(tr_rpc_server* server, char const* whitelistStr) -+{ -+ /* keep the string */ -+ char* const tmp = server->whitelistStr; -+ server->whitelistStr = tr_strdup(whitelistStr); -+ tr_free(tmp); -+ -+ tr_rpcSetList(whitelistStr, &server->whitelist); -+} -+ - const char* - tr_rpcGetWhitelist (const tr_rpc_server * server) - { -@@ -930,6 +1002,11 @@ tr_rpcGetWhitelistEnabled (const tr_rpc_ - return server->isWhitelistEnabled; - } - -+void tr_rpcSetHostWhitelistEnabled(tr_rpc_server* server, bool isEnabled) -+{ -+ server->isHostWhitelistEnabled = isEnabled; -+} -+ - /**** - ***** PASSWORD - ****/ -@@ -1063,6 +1140,28 @@ tr_rpcInit (tr_session * session, tr_va - else - tr_rpcSetWhitelistEnabled (s, boolVal); - -+ key = TR_KEY_rpc_host_whitelist_enabled; -+ -+ if (!tr_variantDictFindBool(settings, key, &boolVal)) -+ { -+ missing_settings_key(key); -+ } -+ else -+ { -+ tr_rpcSetHostWhitelistEnabled(s, boolVal); -+ } -+ -+ key = TR_KEY_rpc_host_whitelist; -+ -+ if (!tr_variantDictFindStr(settings, key, &str, NULL) && str != NULL) -+ { -+ missing_settings_key(key); -+ } -+ else -+ { -+ tr_rpcSetHostWhitelist(s, str); -+ } -+ - key = TR_KEY_rpc_authentication_required; - if (!tr_variantDictFindBool (settings, key, &boolVal)) - missing_settings_key (key); diff --git a/net/transmission/patches/patch-libtransmission_rpc-server.h b/net/transmission/patches/patch-libtransmission_rpc-server.h deleted file mode 100644 index 0ade21cf0ab..00000000000 --- a/net/transmission/patches/patch-libtransmission_rpc-server.h +++ /dev/null @@ -1,41 +0,0 @@ -$NetBSD: patch-libtransmission_rpc-server.h,v 1.1 2018/01/16 09:37:00 wiz Exp $ - -Fix a weakness that allows remote code execution via the Transmission -RPC server using DNS rebinding: - -https://bugs.chromium.org/p/project-zero/issues/detail?id=1447 - -Patch adapted from Tavis Ormandy's patch on the Transmission master -branch to the Transmission 2.92 release by Leo Famulari -<leo@famulari.name>: - -https://github.com/transmission/transmission/pull/468/commits - -From fe2d3c6e75088f3d9b6040ce06da3d530358bc2f Mon Sep 17 00:00:00 2001 -From: Tavis Ormandy <taviso@google.com> -Date: Thu, 11 Jan 2018 10:00:41 -0800 -Subject: [PATCH] mitigate dns rebinding attacks against daemon - ---- - libtransmission/quark.c | 2 + - libtransmission/quark.h | 2 + - libtransmission/rpc-server.c | 116 +++++++++++++++++++++++++++++++++++++---- - libtransmission/rpc-server.h | 4 ++ - libtransmission/session.c | 2 + - libtransmission/transmission.h | 1 + - libtransmission/web.c | 3 ++ - 7 files changed, 121 insertions(+), 9 deletions(-) - ---- libtransmission/rpc-server.h.orig 2014-12-10 19:22:42.938222700 +0000 -+++ libtransmission/rpc-server.h -@@ -49,6 +49,10 @@ void tr_rpcSetWhitelist (tr_r - - const char* tr_rpcGetWhitelist (const tr_rpc_server * server); - -+void tr_rpcSetHostWhitelistEnabled(tr_rpc_server* server, bool isEnabled); -+ -+void tr_rpcSetHostWhitelist(tr_rpc_server* server, char const* whitelist); -+ - void tr_rpcSetPassword (tr_rpc_server * server, - const char * password); - diff --git a/net/transmission/patches/patch-libtransmission_session.c b/net/transmission/patches/patch-libtransmission_session.c deleted file mode 100644 index 62724aa7f23..00000000000 --- a/net/transmission/patches/patch-libtransmission_session.c +++ /dev/null @@ -1,39 +0,0 @@ -$NetBSD: patch-libtransmission_session.c,v 1.1 2018/01/16 09:37:00 wiz Exp $ - -Fix a weakness that allows remote code execution via the Transmission -RPC server using DNS rebinding: - -https://bugs.chromium.org/p/project-zero/issues/detail?id=1447 - -Patch adapted from Tavis Ormandy's patch on the Transmission master -branch to the Transmission 2.92 release by Leo Famulari -<leo@famulari.name>: - -https://github.com/transmission/transmission/pull/468/commits - -From fe2d3c6e75088f3d9b6040ce06da3d530358bc2f Mon Sep 17 00:00:00 2001 -From: Tavis Ormandy <taviso@google.com> -Date: Thu, 11 Jan 2018 10:00:41 -0800 -Subject: [PATCH] mitigate dns rebinding attacks against daemon - ---- - libtransmission/quark.c | 2 + - libtransmission/quark.h | 2 + - libtransmission/rpc-server.c | 116 +++++++++++++++++++++++++++++++++++++---- - libtransmission/rpc-server.h | 4 ++ - libtransmission/session.c | 2 + - libtransmission/transmission.h | 1 + - libtransmission/web.c | 3 ++ - 7 files changed, 121 insertions(+), 9 deletions(-) - ---- libtransmission/session.c.orig 2016-01-09 18:02:58.743698889 +0000 -+++ libtransmission/session.c -@@ -359,6 +359,8 @@ tr_sessionGetDefaultSettings (tr_variant - tr_variantDictAddStr (d, TR_KEY_rpc_username, ""); - tr_variantDictAddStr (d, TR_KEY_rpc_whitelist, TR_DEFAULT_RPC_WHITELIST); - tr_variantDictAddBool (d, TR_KEY_rpc_whitelist_enabled, true); -+ tr_variantDictAddStr(d, TR_KEY_rpc_host_whitelist, TR_DEFAULT_RPC_HOST_WHITELIST); -+ tr_variantDictAddBool(d, TR_KEY_rpc_host_whitelist_enabled, true); - tr_variantDictAddInt (d, TR_KEY_rpc_port, atoi (TR_DEFAULT_RPC_PORT_STR)); - tr_variantDictAddStr (d, TR_KEY_rpc_url, TR_DEFAULT_RPC_URL_STR); - tr_variantDictAddBool (d, TR_KEY_scrape_paused_torrents_enabled, true); diff --git a/net/transmission/patches/patch-libtransmission_transmission.h b/net/transmission/patches/patch-libtransmission_transmission.h deleted file mode 100644 index 55e007ed82b..00000000000 --- a/net/transmission/patches/patch-libtransmission_transmission.h +++ /dev/null @@ -1,38 +0,0 @@ -$NetBSD: patch-libtransmission_transmission.h,v 1.1 2018/01/16 09:37:00 wiz Exp $ - -Fix a weakness that allows remote code execution via the Transmission -RPC server using DNS rebinding: - -https://bugs.chromium.org/p/project-zero/issues/detail?id=1447 - -Patch adapted from Tavis Ormandy's patch on the Transmission master -branch to the Transmission 2.92 release by Leo Famulari -<leo@famulari.name>: - -https://github.com/transmission/transmission/pull/468/commits - -From fe2d3c6e75088f3d9b6040ce06da3d530358bc2f Mon Sep 17 00:00:00 2001 -From: Tavis Ormandy <taviso@google.com> -Date: Thu, 11 Jan 2018 10:00:41 -0800 -Subject: [PATCH] mitigate dns rebinding attacks against daemon - ---- - libtransmission/quark.c | 2 + - libtransmission/quark.h | 2 + - libtransmission/rpc-server.c | 116 +++++++++++++++++++++++++++++++++++++---- - libtransmission/rpc-server.h | 4 ++ - libtransmission/session.c | 2 + - libtransmission/transmission.h | 1 + - libtransmission/web.c | 3 ++ - 7 files changed, 121 insertions(+), 9 deletions(-) - ---- libtransmission/transmission.h.orig 2015-12-31 18:33:37.576878516 +0000 -+++ libtransmission/transmission.h -@@ -123,6 +123,7 @@ const char* tr_getDefaultDownloadDir (vo - #define TR_DEFAULT_BIND_ADDRESS_IPV4 "0.0.0.0" - #define TR_DEFAULT_BIND_ADDRESS_IPV6 "::" - #define TR_DEFAULT_RPC_WHITELIST "127.0.0.1" -+#define TR_DEFAULT_RPC_HOST_WHITELIST "" - #define TR_DEFAULT_RPC_PORT_STR "9091" - #define TR_DEFAULT_RPC_URL_STR "/transmission/" - #define TR_DEFAULT_PEER_PORT_STR "51413" diff --git a/net/transmission/patches/patch-libtransmission_web.c b/net/transmission/patches/patch-libtransmission_web.c deleted file mode 100644 index 674cf94c29f..00000000000 --- a/net/transmission/patches/patch-libtransmission_web.c +++ /dev/null @@ -1,38 +0,0 @@ -$NetBSD: patch-libtransmission_web.c,v 1.1 2018/01/16 09:37:00 wiz Exp $ - -Fix a weakness that allows remote code execution via the Transmission -RPC server using DNS rebinding: - -https://bugs.chromium.org/p/project-zero/issues/detail?id=1447 - -Patch adapted from Tavis Ormandy's patch on the Transmission master -branch to the Transmission 2.92 release by Leo Famulari -<leo@famulari.name>: - -https://github.com/transmission/transmission/pull/468/commits - -From fe2d3c6e75088f3d9b6040ce06da3d530358bc2f Mon Sep 17 00:00:00 2001 -From: Tavis Ormandy <taviso@google.com> -Date: Thu, 11 Jan 2018 10:00:41 -0800 -Subject: [PATCH] mitigate dns rebinding attacks against daemon - ---- - libtransmission/quark.c | 2 + - libtransmission/quark.h | 2 + - libtransmission/rpc-server.c | 116 +++++++++++++++++++++++++++++++++++++---- - libtransmission/rpc-server.h | 4 ++ - libtransmission/session.c | 2 + - libtransmission/transmission.h | 1 + - libtransmission/web.c | 3 ++ - 7 files changed, 121 insertions(+), 9 deletions(-) - ---- libtransmission/web.c.orig 2015-12-31 18:33:37.567878356 +0000 -+++ libtransmission/web.c -@@ -594,6 +594,7 @@ tr_webGetResponseStr (long code) - case 415: return "Unsupported Media Type"; - case 416: return "Requested Range Not Satisfiable"; - case 417: return "Expectation Failed"; -+ case 421: return "Misdirected Request"; - case 500: return "Internal Server Error"; - case 501: return "Not Implemented"; - case 502: return "Bad Gateway"; |