Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 14 Jan 2018 23:29:04 +0000 (UTC)
From:      Ben Woods <woodsb02@FreeBSD.org>
To:        ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org
Subject:   svn commit: r459013 - head
Message-ID:  <201801142329.w0ENT4Cg009768@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help 
Author: woodsb02
Date: Sun Jan 14 23:29:04 2018
New Revision: 459013
URL: https://svnweb.freebsd.org/changeset/ports/459013

Log:
  Add note to UPDATING for net-p2p/transmission-daemon explaining how to
  allow client access with the new DNS rebinding mitigations.
  
  PR:		225150
  MFH:		2018Q1
  Security:	https://www.vuxml.org/freebsd/3e5b8bd3-0c32-452f-a60e-beab7b762351.html

Modified:
  head/UPDATING

Modified: head/UPDATING
==============================================================================
--- head/UPDATING	Sun Jan 14 22:49:58 2018	(r459012)
+++ head/UPDATING	Sun Jan 14 23:29:04 2018	(r459013)
@@ -5,6 +5,23 @@ they are unavoidable.
 You should get into the habit of checking this file for changes each time
 you update your ports collection, before attempting any port upgrades.
 
+20180115
+  AFFECTS: users of net-p2p/transmission-daemon
+  AUTHOR: woodsb02@FreeBSD.org
+
+  The transmission-daemon port has been updated to 2.92_4 to incorporate
+  a patch which mitigates DNS rebinding attacks. This will prevent users
+  from being able to connect to the transmission daemon (via the CLI,
+  web or GUI interfaces) unless one of the following is done:
+    - Enable password authentication, then any hostname is allowed.
+      This can be achieved by add either editing settings.json to set
+      rpc-authentication-required, rpc-username and rpc-password or by
+      running transmission-daemon with the following arguments (can be
+      set with transmission_flags in /etc/rc.conf):
+      -t -u USERNAME -v PASSWORD
+    OR
+    - Add the allowed client hostnames to the rpc-host-whitelist setting
+
 20180111
   AFFECTS: users of editors/vim-lite
   AUTHOR: adamw@FreeBSD.org

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201801142329.w0ENT4Cg009768>