From owner-svn-ports-head@freebsd.org Sun Jan 14 23:29:05 2018 Return-Path: Delivered-To: svn-ports-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id A1315E63D52; Sun, 14 Jan 2018 23:29:05 +0000 (UTC) (envelope-from woodsb02@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 7C3D572A91; Sun, 14 Jan 2018 23:29:05 +0000 (UTC) (envelope-from woodsb02@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id B98806C8; Sun, 14 Jan 2018 23:29:04 +0000 (UTC) (envelope-from woodsb02@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id w0ENT4oL009769; Sun, 14 Jan 2018 23:29:04 GMT (envelope-from woodsb02@FreeBSD.org) Received: (from woodsb02@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id w0ENT4Cg009768; Sun, 14 Jan 2018 23:29:04 GMT (envelope-from woodsb02@FreeBSD.org) Message-Id: <201801142329.w0ENT4Cg009768@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: woodsb02 set sender to woodsb02@FreeBSD.org using -f From: Ben Woods Date: Sun, 14 Jan 2018 23:29:04 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r459013 - head X-SVN-Group: ports-head X-SVN-Commit-Author: woodsb02 X-SVN-Commit-Paths: head X-SVN-Commit-Revision: 459013 X-SVN-Commit-Repository: ports MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-head@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: SVN commit messages for the ports tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 14 Jan 2018 23:29:05 -0000 Author: woodsb02 Date: Sun Jan 14 23:29:04 2018 New Revision: 459013 URL: https://svnweb.freebsd.org/changeset/ports/459013 Log: Add note to UPDATING for net-p2p/transmission-daemon explaining how to allow client access with the new DNS rebinding mitigations. PR: 225150 MFH: 2018Q1 Security: https://www.vuxml.org/freebsd/3e5b8bd3-0c32-452f-a60e-beab7b762351.html Modified: head/UPDATING Modified: head/UPDATING ============================================================================== --- head/UPDATING Sun Jan 14 22:49:58 2018 (r459012) +++ head/UPDATING Sun Jan 14 23:29:04 2018 (r459013) @@ -5,6 +5,23 @@ they are unavoidable. You should get into the habit of checking this file for changes each time you update your ports collection, before attempting any port upgrades. +20180115 + AFFECTS: users of net-p2p/transmission-daemon + AUTHOR: woodsb02@FreeBSD.org + + The transmission-daemon port has been updated to 2.92_4 to incorporate + a patch which mitigates DNS rebinding attacks. This will prevent users + from being able to connect to the transmission daemon (via the CLI, + web or GUI interfaces) unless one of the following is done: + - Enable password authentication, then any hostname is allowed. + This can be achieved by add either editing settings.json to set + rpc-authentication-required, rpc-username and rpc-password or by + running transmission-daemon with the following arguments (can be + set with transmission_flags in /etc/rc.conf): + -t -u USERNAME -v PASSWORD + OR + - Add the allowed client hostnames to the rpc-host-whitelist setting + 20180111 AFFECTS: users of editors/vim-lite AUTHOR: adamw@FreeBSD.org