kpriv/freebsd-ports
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
freebsd-ports/net-p2p
History
Ben Woods a2389f045c MFH: r459011 r459013 r459492 
net-p2p/transmission-daemon: Mitigate DNS rebinding attack

Incorporate upstream pull request 468, proposed by Tavis Ormandy from
Google Project Zero, which mitigates this attack by requiring a host
whitelist for requests that cannot be proven to be secure, but it can
be disabled if a user does not want security.

PR:		225150
Submitted by:	Tavis Ormandy
Approved by:	crees (maintainer)
Obtained from:	https://github.com/transmission/transmission/pull/468#issuecomment-357098126
Security:	https://www.vuxml.org/freebsd/3e5b8bd3-0c32-452f-a60e-beab7b762351.html

Add note to UPDATING for net-p2p/transmission-daemon explaining how to
allow client access with the new DNS rebinding mitigations.

PR:		225150
Security:	https://www.vuxml.org/freebsd/3e5b8bd3-0c32-452f-a60e-beab7b762351.html

net-p2p/transmission-daemon: Improve UPDATING entry and add pkg-message

This will ensure users who do not read UPDATING are still presented with
the message about how to allow clients to connect to the daemon using
DNS when they upgrade the package.

PR:		225150
Reported by:	swills
Security:	https://www.vuxml.org/freebsd/3e5b8bd3-0c32-452f-a60e-beab7b762351.html

Approved by:	ports-secteam (swills)
2018-01-20 01:28:56 +00:00
..
amule
amule-devel Cleanup LIB_DEPENDS on libpng 2017-12-01 07:19:53 +00:00
bitcoin MFH: r457938 2018-01-03 00:26:14 +00:00
bitcoin-daemon Use a more modern way of distinguishing "big-endian platforms". 2017-12-21 09:31:25 +00:00
bitcoin-utils Use a more modern way of distinguishing "big-endian platforms". 2017-12-21 09:31:25 +00:00
bitflu
bitmessage Convert Python ports to FLAVORS. 2017-11-30 15:50:30 +00:00
bnbt
btpd Regular USE_GITHUB cleanup. 2017-07-27 13:57:30 +00:00
btsync
couchpotato Convert Python ports to FLAVORS. 2017-11-30 15:50:30 +00:00
cpuminer Bump PORTREVISION for ports depending on the canonical version of GCC 2017-09-10 20:55:38 +00:00
createtorrent
ctcs
ctorrent - cleanup patch 2017-09-17 14:43:20 +00:00
dclib
deluge Convert Python ports to FLAVORS. 2017-11-30 15:50:30 +00:00
deluge-cli Convert Python ports to FLAVORS. 2017-11-30 15:50:30 +00:00
dogecoin Update devel/protobuf to 3.5.0 2017-12-11 18:26:13 +00:00
ed2k
edonkey-tool-hash
eiskaltdcpp-cli
eiskaltdcpp-daemon devel/boost-*: update to 1.65.1 2017-09-25 00:08:16 +00:00
eiskaltdcpp-data
eiskaltdcpp-gtk devel/boost-*: update to 1.65.1 2017-09-25 00:08:16 +00:00
eiskaltdcpp-lib devel/boost-*: update to 1.65.1 2017-09-25 00:08:16 +00:00
eiskaltdcpp-qt devel/boost-*: update to 1.65.1 2017-09-25 00:08:16 +00:00
frost
gkremldk
gnewtellium
go-ethereum Update to upstream version 1.7.3 2017-12-02 11:08:41 +00:00
gtk-gnutella
gtorrentviewer
hs-torrent - Update The Glorious Glasgow Haskell Compiler to version 8.0.2 2017-08-08 17:21:45 +00:00
jackett Welcome net-p2p/jackett to the tree 2017-08-03 16:47:31 +00:00
jigdo
ktorrent devel/boost-*: update to 1.65.1 2017-09-25 00:08:16 +00:00
libbt
liberator
libktorrent devel/boost-*: update to 1.65.1 2017-09-25 00:08:16 +00:00
libpdtp
libswift Mark some ports failing on power64. In cases where the error message 2017-05-13 23:36:16 +00:00
libtorrent Disable instrumentation on 32-bit PowerPC like we already do for i386/gcc 2017-10-09 09:42:45 +00:00
libtorrent-rasterbar devel/boost-*: update to 1.65.1 2017-09-25 00:08:16 +00:00
libtorrent-rasterbar-python Convert Python ports to FLAVORS. 2017-11-30 15:50:30 +00:00
linuxdcpp devel/boost-*: update to 1.65.1 2017-09-25 00:08:16 +00:00
litecoin net-p2p/bitcoin: unbreak with boost 1.66 2017-12-25 18:07:48 +00:00
litecoin-daemon net-p2p/litecoin: update to 0.14.2 2017-09-17 00:38:59 +00:00
litecoin-utils net-p2p/litecoin: update to 0.14.2 2017-09-17 00:38:59 +00:00
lopster
microdc2 Update devel/readline to 7.0 patch 3 2017-06-27 13:46:53 +00:00
minder Remove all USE_OPENSSL occurrences. 2017-03-15 14:45:30 +00:00
mktorrent Restore the maximum piece size of 2^30 introduced in r435987. 2017-09-07 15:19:51 +00:00
mldonkey - Patch configure instead of configure.in so we can avoid USES=autoreconf. 2017-12-30 15:21:01 +00:00
mldonkey-core
mldonkey-gui
monero-cli net-p2p/monero-cli: Implement missing miner functions 2017-11-12 15:22:15 +00:00
namecoin Update devel/protobuf to 3.5.0 2017-12-11 18:26:13 +00:00
namecoin-daemon
napshare
ncdc
opendchub Remove all USE_OPENSSL occurrences. 2017-03-15 14:45:30 +00:00
p5-Net-BitTorrent
p5-Net-BitTorrent-File Fix license information for portgs that use "the same license as Perl". 2017-09-15 08:58:46 +00:00
p5-Net-BitTorrent-PeerPacket
p5-Net-DirectConnect Fix license information for portgs that use "the same license as Perl". 2017-09-15 08:58:46 +00:00
p5-WWW-BitTorrent
phex
py-py2play Convert Python ports to FLAVORS. 2017-11-30 15:50:30 +00:00
py-transmissionrpc Convert Python ports to FLAVORS. 2017-11-30 15:50:30 +00:00
py-tremc net-p2p/py-tremc: create port 2017-12-30 20:23:12 +00:00
py-vertex Allow concurrent installation (USE_PYTHON=concurrent) 2017-12-17 15:54:15 +00:00
qbittorrent Update net-p2p/qbittorrent to 3.3.16 2017-10-21 10:06:25 +00:00
qbittorrent-nox11
radarr net-p2p/radarr: Update to 0.2.0.910 2017-12-23 22:38:35 +00:00
retroshare Fix build of net-p2p/retroshare with recent versions of clang. 2017-12-21 21:01:37 +00:00
rtorrent Bump PORTREVISION for ports depending on the canonical version of GCC 2017-09-10 20:55:38 +00:00
shx Update devel/readline to 7.0 patch 3 2017-06-27 13:46:53 +00:00
sonarr net-p2p/sonarr: Update to 2.0.0.5085 2017-12-23 22:51:32 +00:00
squall
torrent-file-editor - Update `net-p2p/torrent-file-editor' to version 0.3.9, which fixes 2017-12-11 11:32:01 +00:00
torrentcheck
torrentsniff
transmission Add -qt5 port. 2017-08-14 19:21:04 +00:00
transmission-cli MFH: r459011 r459013 r459492 2018-01-20 01:28:56 +00:00
transmission-daemon MFH: r459011 r459013 r459492 2018-01-20 01:28:56 +00:00
transmission-gtk Add -qt5 port. 2017-08-14 19:21:04 +00:00
transmission-qt4 Bump PORTREVISION for ports depending on the canonical version of GCC 2017-09-10 20:55:38 +00:00
transmission-qt5 Bump PORTREVISION for ports depending on the canonical version of GCC 2017-09-10 20:55:38 +00:00
transmission-remote-gui - Bump PORTREVISION. Lazarus was update to 1.6.4 2017-03-01 17:52:16 +00:00
tribler - Update WWW 2017-12-30 09:00:42 +00:00
twister devel/boost-*: update to 1.65.1 2017-09-25 00:08:16 +00:00
uhub
valknut
verlihub Remove all USE_OPENSSL occurrences. 2017-03-15 14:45:30 +00:00
verlihub-plugins
verlihub-plugins-chatroom Mark these ports as buildable on armv6 after a trybroken run. (Also 2017-12-08 01:46:00 +00:00
verlihub-plugins-floodprotect Mark these ports as buildable on armv6 after a trybroken run. (Also 2017-12-08 01:46:00 +00:00
verlihub-plugins-forbid Mark these ports as buildable on armv6 after a trybroken run. (Also 2017-12-08 01:46:00 +00:00
verlihub-plugins-iplog Mark these ports as buildable on armv6 after a trybroken run. (Also 2017-12-08 01:46:00 +00:00
verlihub-plugins-isp Mark these ports as buildable on armv6 after a trybroken run. (Also 2017-12-08 01:46:00 +00:00
verlihub-plugins-luascript Mark these ports as buildable on armv6 after a trybroken run. (Also 2017-12-08 01:46:00 +00:00
verlihub-plugins-messanger Mark these ports as buildable on armv6 after a trybroken run. (Also 2017-12-08 01:46:00 +00:00
verlihub-plugins-stats Mark these ports as buildable on armv6 after a trybroken run. (Also 2017-12-08 01:46:00 +00:00
vuze
xmrig XMRig is a high performance Monero (XMR) CPU miner written in C++. 2017-12-23 10:14:10 +00:00
xnap
zetacoin Update devel/protobuf to 3.5.0 2017-12-11 18:26:13 +00:00
zetacoin-nox11 Provide more descriptive error messages for ports failing on powerpc64. 2017-04-30 01:12:10 +00:00
Makefile net-p2p/py-tremc: create port 2017-12-30 20:23:12 +00:00