Subject: CVS commit: [pkgsrc-2017Q4] pkgsrc/net
From: S.P.Zeidler
Date: 2018-01-19 22:33:24
Message id: 20180119213325.06D02FBDE@cvs.NetBSD.org
Log Message:
Pullup ticket #5683 - requested by wiz
net/transmission: security update
net/transmission-qt: security update
net/transmission-gtk: security update

Revisions pulled up:
- net/transmission-gtk/Makefile                                 1.26
- net/transmission-qt/Makefile                                  1.30
- net/transmission/Makefile                                     1.13
- net/transmission/distinfo                                     1.13
- net/transmission/patches/patch-libtransmission_quark.c        1.1
- net/transmission/patches/patch-libtransmission_quark.h        1.1
- net/transmission/patches/patch-libtransmission_rpc-server.c   1.1
- net/transmission/patches/patch-libtransmission_rpc-server.h   1.1
- net/transmission/patches/patch-libtransmission_session.c      1.1
- net/transmission/patches/patch-libtransmission_transmission.h 1.1
- net/transmission/patches/patch-libtransmission_web.c          1.1

-------------------------------------------------------------------
   Module Name:	pkgsrc
   Committed By:	wiz
   Date:		Tue Jan 16 09:37:00 UTC 2018

   Modified Files:
   	pkgsrc/net/transmission: Makefile distinfo
   	pkgsrc/net/transmission-gtk: Makefile
   	pkgsrc/net/transmission-qt: Makefile
   Added Files:
   	pkgsrc/net/transmission/patches: patch-libtransmission_quark.c
   	    patch-libtransmission_quark.h patch-libtransmission_rpc-server.c
   	    patch-libtransmission_rpc-server.h patch-libtransmission_session.c
   	    patch-libtransmission_transmission.h patch-libtransmission_web.c

   Log Message:
   transmission*: Fix security issue

   Fix a weakness that allows remote code execution via the Transmission
   RPC server using DNS rebinding:

   https://bugs.chromium.org/p/project-zero/issues/detail?id47

   Patch adapted from Tavis Ormandy's patch on the Transmission master
   branch to the Transmission 2.92 release by Leo Famulari
   <leo@famulari.name>:

   https://github.com/transmission/transmission/pull/468/commits

   Via FreeBSD ports.

   Bump PKGREVISION.

   To generate a diff of this commit:
   cvs rdiff -u -r1.12 -r1.13 pkgsrc/net/transmission/Makefile \
       pkgsrc/net/transmission/distinfo
   cvs rdiff -u -r1.25 -r1.26 pkgsrc/net/transmission-gtk/Makefile
   cvs rdiff -u -r1.29 -r1.30 pkgsrc/net/transmission-qt/Makefile
   cvs rdiff -u -r0 -r1.1 \
       pkgsrc/net/transmission/patches/patch-libtransmission_quark.c \
       pkgsrc/net/transmission/patches/patch-libtransmission_quark.h \
       pkgsrc/net/transmission/patches/patch-libtransmission_rpc-server.c \
       pkgsrc/net/transmission/patches/patch-libtransmission_rpc-server.h \
       pkgsrc/net/transmission/patches/patch-libtransmission_session.c \
       pkgsrc/net/transmission/patches/patch-libtransmission_transmission.h \
       pkgsrc/net/transmission/patches/patch-libtransmission_web.c
Files:
RevisionActionfile
1.11.6.1modifypkgsrc/net/transmission/Makefile
1.12.6.1modifypkgsrc/net/transmission/distinfo
1.24.2.1modifypkgsrc/net/transmission-gtk/Makefile
1.28.2.1modifypkgsrc/net/transmission-qt/Makefile
1.1.2.2addpkgsrc/net/transmission/patches/patch-libtransmission_quark.c
1.1.2.2addpkgsrc/net/transmission/patches/patch-libtransmission_quark.h
1.1.2.2addpkgsrc/net/transmission/patches/patch-libtransmission_rpc-server.c
1.1.2.2addpkgsrc/net/transmission/patches/patch-libtransmission_rpc-server.h
1.1.2.2addpkgsrc/net/transmission/patches/patch-libtransmission_session.c
1.1.2.2addpkgsrc/net/transmission/patches/patch-libtransmission_transmission.h
1.1.2.2addpkgsrc/net/transmission/patches/patch-libtransmission_web.c