Browse Source

transmission: Update to 2.94

Mainly a bugfix for XSS. Patches have been refreshed.

Added an upstream fix for TLS verification. Now enabled by default.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
lilik-openwrt-22.03
Rosen Penev 7 years ago
parent
commit
a46d0ffb83
10 changed files with 97 additions and 475 deletions
  1. +4
    -4
      net/transmission/Makefile
  2. +0
    -1
      net/transmission/files/transmission.init
  3. +0
    -430
      net/transmission/patches/010-add-mbedtls-support.patch
  4. +0
    -0
      net/transmission/patches/010-fix-port-test.patch
  5. +0
    -35
      net/transmission/patches/020-fix-external-miniupnpc.patch
  6. +0
    -0
      net/transmission/patches/020-fix-safari.patch
  7. +31
    -0
      net/transmission/patches/030-fix-dht-memory-leak.patch
  8. +29
    -0
      net/transmission/patches/040-fix-curl.patch
  9. +5
    -5
      net/transmission/patches/050-https-portcheck.patch
  10. +28
    -0
      net/transmission/patches/060-fix-tls-verify.patch

+ 4
- 4
net/transmission/Makefile View File

@ -8,12 +8,12 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=transmission
PKG_VERSION:=2.93
PKG_RELEASE:=7
PKG_VERSION:=2.94
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
PKG_SOURCE_URL:=@GITHUB/transmission/transmission-releases/master
PKG_HASH:=8815920e0a4499bcdadbbe89a4115092dab42ce5199f71ff9a926cfd12b9b90b
PKG_HASH:=35442cc849f91f8df982c3d0d479d650c6ca19310a994eccdaa79a4af3916b7d
PKG_MAINTAINER:=Rosen Penev <rosenp@gmail.com>
PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(BUILD_VARIANT)/$(PKG_NAME)-$(PKG_VERSION)
@ -32,7 +32,7 @@ define Package/transmission/template
CATEGORY:=Network
TITLE:=BitTorrent client
URL:=http://www.transmissionbt.com
DEPENDS:=+ca-bundle +libcurl +libevent2 +libminiupnpc +libnatpmp +libpthread +librt +zlib
DEPENDS:=+libcurl +libevent2 +libminiupnpc +libnatpmp +libpthread +librt +zlib
endef
define Package/transmission-daemon/Default


+ 0
- 1
net/transmission/files/transmission.init View File

@ -111,7 +111,6 @@ transmission() {
cmdline="transmission-daemon -g $config_dir -f"
procd_open_instance
procd_set_param command $cmdline
procd_set_param env CURL_CA_BUNDLE=/etc/ssl/certs/ca-certificates.crt
procd_set_param user $user
procd_set_param group $group
procd_set_param nice $nice


+ 0
- 430
net/transmission/patches/010-add-mbedtls-support.patch View File

@ -1,430 +0,0 @@
From bad7f584eb11076ae37fd51cdb21842935c6ea57 Mon Sep 17 00:00:00 2001
From: Mike Gelfand <mikedld@mikedld.com>
Date: Wed, 26 Oct 2016 20:37:10 +0300
Subject: [PATCH] Add support for mbedtls (formely polarssl)
---
cmake/FindPolarSSL.cmake | 37 +++++++----
configure.ac | 28 ++++----
libtransmission/CMakeLists.txt | 4 ++
libtransmission/Makefile.am | 3 +
libtransmission/crypto-utils-polarssl.c | 112 +++++++++++++++++++-------------
5 files changed, 115 insertions(+), 69 deletions(-)
diff --git a/cmake/FindPolarSSL.cmake b/cmake/FindPolarSSL.cmake
index 0a958e0..e4e1ac6 100644
--- a/cmake/FindPolarSSL.cmake
+++ b/cmake/FindPolarSSL.cmake
@@ -8,21 +8,36 @@ if(POLARSSL_PREFER_STATIC_LIB)
endif()
if(UNIX)
- find_package(PkgConfig QUIET)
- pkg_check_modules(_POLARSSL QUIET polarssl)
+ find_package(PkgConfig QUIET)
+ pkg_check_modules(_MBEDTLS QUIET mbedtls)
endif()
-find_path(POLARSSL_INCLUDE_DIR NAMES polarssl/version.h HINTS ${_POLARSSL_INCLUDEDIR})
-find_library(POLARSSL_LIBRARY NAMES polarssl HINTS ${_POLARSSL_LIBDIR})
+find_path(MBEDTLS_INCLUDE_DIR NAMES mbedtls/version.h HINTS ${_MBEDTLS_INCLUDEDIR})
+find_library(MBEDTLS_LIBRARY NAMES mbedtls HINTS ${_MBEDTLS_LIBDIR})
+if(MBEDTLS_INCLUDE_DIR AND MBEDTLS_LIBRARY)
+ set(POLARSSL_INCLUDE_DIR ${MBEDTLS_INCLUDE_DIR})
+ set(POLARSSL_LIBRARY ${MBEDTLS_LIBRARY})
+ set(POLARSSL_VERSION ${_MBEDTLS_VERSION})
+ set(POLARSSL_IS_MBEDTLS ON)
+else()
+ if(UNIX)
+ pkg_check_modules(_POLARSSL QUIET polarssl)
+ endif()
+
+ find_path(POLARSSL_INCLUDE_DIR NAMES polarssl/version.h HINTS ${_POLARSSL_INCLUDEDIR})
+ find_library(POLARSSL_LIBRARY NAMES polarssl HINTS ${_POLARSSL_LIBDIR})
+ set(POLARSSL_VERSION ${_POLARSSL_VERSION})
+ set(POLARSSL_IS_MBEDTLS OFF)
+endif()
-if(POLARSSL_INCLUDE_DIR)
- if(_POLARSSL_VERSION)
- set(POLARSSL_VERSION ${_POLARSSL_VERSION})
+if(NOT POLARSSL_VERSION AND POLARSSL_INCLUDE_DIR)
+ if(POLARSSL_IS_MBEDTLS)
+ file(STRINGS "${POLARSSL_INCLUDE_DIR}/mbedtls/version.h" POLARSSL_VERSION_STR REGEX "^#define[\t ]+MBEDTLS_VERSION_STRING[\t ]+\"[^\"]+\"")
else()
file(STRINGS "${POLARSSL_INCLUDE_DIR}/polarssl/version.h" POLARSSL_VERSION_STR REGEX "^#define[\t ]+POLARSSL_VERSION_STRING[\t ]+\"[^\"]+\"")
- if(POLARSSL_VERSION_STR MATCHES "\"([^\"]+)\"")
- set(POLARSSL_VERSION "${CMAKE_MATCH_1}")
- endif()
+ endif()
+ if(POLARSSL_VERSION_STR MATCHES "\"([^\"]+)\"")
+ set(POLARSSL_VERSION "${CMAKE_MATCH_1}")
endif()
endif()
@@ -39,7 +54,7 @@ find_package_handle_standard_args(PolarSSL
POLARSSL_VERSION
)
-mark_as_advanced(POLARSSL_INCLUDE_DIR POLARSSL_LIBRARY)
+mark_as_advanced(MBEDTLS_INCLUDE_DIR MBEDTLS_LIBRARY POLARSSL_INCLUDE_DIR POLARSSL_LIBRARY)
if(POLARSSL_PREFER_STATIC_LIB)
set(CMAKE_FIND_LIBRARY_SUFFIXES ${POLARSSL_ORIG_CMAKE_FIND_LIBRARY_SUFFIXES})
diff --git a/configure.ac b/configure.ac
index aff673b..cb026df 100644
--- a/configure.ac
+++ b/configure.ac
@@ -149,23 +149,26 @@ AS_IF([test "x$want_crypto" = "xauto" -o "x$want_crypto" = "xcyassl"], [
)
])
AS_IF([test "x$want_crypto" = "xauto" -o "x$want_crypto" = "xpolarssl"], [
- AC_CHECK_HEADER([polarssl/version.h],
- [AC_EGREP_CPP([version_ok], [#include <polarssl/version.h>
- #if defined (POLARSSL_VERSION_NUMBER) && POLARSSL_VERSION_NUMBER >= $POLARSSL_MINIMUM
- version_ok
- #endif],
- [AC_CHECK_LIB([polarssl], [dhm_calc_secret],
- [want_crypto="polarssl"; CRYPTO_PKG="polarssl"; CRYPTO_CFLAGS=""; CRYPTO_LIBS="-lpolarssl"],
+ PKG_CHECK_MODULES(MBEDTLS, [mbedtls >= $POLARSSL_MINIMUM],
+ [want_crypto="polarssl"; CRYPTO_PKG="polarssl"; CRYPTO_CFLAGS="$MBEDTLS_CFLAGS"; CRYPTO_LIBS="$MBEDTLS_LIBS"; POLARSSL_IS_MBEDTLS=yes],
+ [AC_CHECK_HEADER([polarssl/version.h],
+ [AC_EGREP_CPP([version_ok], [#include <polarssl/version.h>
+ #if defined (POLARSSL_VERSION_NUMBER) && POLARSSL_VERSION_NUMBER >= $POLARSSL_MINIMUM
+ version_ok
+ #endif],
+ [AC_CHECK_LIB([polarssl], [dhm_calc_secret],
+ [want_crypto="polarssl"; CRYPTO_PKG="polarssl"; CRYPTO_CFLAGS=""; CRYPTO_LIBS="-lpolarssl"],
+ [AS_IF([test "x$want_crypto" = "xpolarssl"],
+ [AC_MSG_ERROR([PolarSSL support requested, but library not found.])]
+ )]
+ )],
[AS_IF([test "x$want_crypto" = "xpolarssl"],
- [AC_MSG_ERROR([PolarSSL support requested, but library not found.])]
+ [AC_MSG_ERROR([PolarSSL support requested, but version not suitable.])]
)]
)],
[AS_IF([test "x$want_crypto" = "xpolarssl"],
- [AC_MSG_ERROR([PolarSSL support requested, but version not suitable.])]
+ [AC_MSG_ERROR([PolarSSL support requested, but headers not found.])]
)]
- )],
- [AS_IF([test "x$want_crypto" = "xpolarssl"],
- [AC_MSG_ERROR([PolarSSL support requested, but headers not found.])]
)]
)
])
@@ -180,6 +183,7 @@ AS_IF([test "x$CRYPTO_PKG" = "x"], [
AM_CONDITIONAL([CRYPTO_USE_OPENSSL],[test "x$CRYPTO_PKG" = "xopenssl"])
AM_CONDITIONAL([CRYPTO_USE_CYASSL],[test "x$CRYPTO_PKG" = "xcyassl"])
AM_CONDITIONAL([CRYPTO_USE_POLARSSL],[test "x$CRYPTO_PKG" = "xpolarssl"])
+AM_CONDITIONAL([POLARSSL_IS_MBEDTLS],[test "x$POLARSSL_IS_MBEDTLS" = "xyes"])
AC_SUBST(CRYPTO_PKG)
AC_SUBST(CRYPTO_CFLAGS)
AC_SUBST(CRYPTO_LIBS)
diff --git a/libtransmission/CMakeLists.txt b/libtransmission/CMakeLists.txt
index 4865dee..b5230b9 100644
--- a/libtransmission/CMakeLists.txt
+++ b/libtransmission/CMakeLists.txt
@@ -194,6 +194,10 @@ if(USE_SYSTEM_B64)
add_definitions(-DUSE_SYSTEM_B64)
endif()
+if(POLARSSL_IS_MBEDTLS)
+ add_definitions(-DPOLARSSL_IS_MBEDTLS)
+endif()
+
include_directories(
${PROJECT_SOURCE_DIR}
${PROJECT_BINARY_DIR}
diff --git a/libtransmission/Makefile.am b/libtransmission/Makefile.am
index f91769a..4d7e85a 100644
--- a/libtransmission/Makefile.am
+++ b/libtransmission/Makefile.am
@@ -102,6 +102,9 @@ libtransmission_a_SOURCES += crypto-utils-cyassl.c
endif
if CRYPTO_USE_POLARSSL
libtransmission_a_SOURCES += crypto-utils-polarssl.c
+if POLARSSL_IS_MBEDTLS
+AM_CPPFLAGS += -DPOLARSSL_IS_MBEDTLS
+endif
endif
noinst_HEADERS = \
diff --git a/libtransmission/crypto-utils-polarssl.c b/libtransmission/crypto-utils-polarssl.c
index 1c59a7f..e98c13d 100644
--- a/libtransmission/crypto-utils-polarssl.c
+++ b/libtransmission/crypto-utils-polarssl.c
@@ -1,5 +1,5 @@
/*
- * This file Copyright (C) 2014-2015 Mnemosyne LLC
+ * This file Copyright (C) 2014-2016 Mnemosyne LLC
*
* It may be used under the GNU GPL versions 2 or 3
* or any future license endorsed by Mnemosyne LLC.
@@ -7,15 +7,25 @@
* $Id$
*/
+#if defined (POLARSSL_IS_MBEDTLS)
+ #define API_HEADER(x) <mbedtls/x>
+ #define API(x) mbedtls_##x
+ #define API_VERSION_NUMBER MBEDTLS_VERSION_NUMBER
+#else
+ #define API_HEADER(x) <polarssl/x>
+ #define API(x) x
+ #define API_VERSION_NUMBER POLARSSL_VERSION_NUMBER
+#endif
+
#include <assert.h>
-#include <polarssl/arc4.h>
-#include <polarssl/base64.h>
-#include <polarssl/ctr_drbg.h>
-#include <polarssl/dhm.h>
-#include <polarssl/error.h>
-#include <polarssl/sha1.h>
-#include <polarssl/version.h>
+#include API_HEADER (arc4.h)
+#include API_HEADER (base64.h)
+#include API_HEADER (ctr_drbg.h)
+#include API_HEADER (dhm.h)
+#include API_HEADER (error.h)
+#include API_HEADER (sha1.h)
+#include API_HEADER (version.h)
#include "transmission.h"
#include "crypto-utils.h"
@@ -41,7 +51,9 @@ log_polarssl_error (int error_code,
{
char error_message[256];
-#if POLARSSL_VERSION_NUMBER >= 0x01030000
+#if defined (POLARSSL_IS_MBEDTLS)
+ mbedtls_strerror (error_code, error_message, sizeof (error_message));
+#elif API_VERSION_NUMBER >= 0x01030000
polarssl_strerror (error_code, error_message, sizeof (error_message));
#else
error_strerror (error_code, error_message, sizeof (error_message));
@@ -51,7 +63,7 @@ log_polarssl_error (int error_code,
}
}
-#define log_error(error_code) log_polarssl_error(error_code, __FILE__, __LINE__)
+#define log_error(error_code) log_polarssl_error ((error_code), __FILE__, __LINE__)
static bool
check_polarssl_result (int result,
@@ -83,15 +95,20 @@ my_rand (void * context UNUSED, unsigned char * buffer, size_t buffer_size)
return 0;
}
-static ctr_drbg_context *
+static API (ctr_drbg_context) *
get_rng (void)
{
- static ctr_drbg_context rng;
+ static API (ctr_drbg_context) rng;
static bool rng_initialized = false;
if (!rng_initialized)
{
- if (!check_result (ctr_drbg_init (&rng, &my_rand, NULL, NULL, 0)))
+#if API_VERSION_NUMBER >= 0x02000000
+ API (ctr_drbg_init) (&rng);
+ if (!check_result (API (ctr_drbg_seed) (&rng, &my_rand, NULL, NULL, 0)))
+#else
+ if (!check_result (API (ctr_drbg_init) (&rng, &my_rand, NULL, NULL, 0)))
+#endif
return NULL;
rng_initialized = true;
}
@@ -117,13 +134,13 @@ get_rng_lock (void)
tr_sha1_ctx_t
tr_sha1_init (void)
{
- sha1_context * handle = tr_new0 (sha1_context, 1);
+ API (sha1_context) * handle = tr_new0 (API (sha1_context), 1);
-#if POLARSSL_VERSION_NUMBER >= 0x01030800
- sha1_init (handle);
+#if API_VERSION_NUMBER >= 0x01030800
+ API (sha1_init) (handle);
#endif
- sha1_starts (handle);
+ API (sha1_starts) (handle);
return handle;
}
@@ -139,7 +156,7 @@ tr_sha1_update (tr_sha1_ctx_t handle,
assert (data != NULL);
- sha1_update (handle, data, data_length);
+ API (sha1_update) (handle, data, data_length);
return true;
}
@@ -151,11 +168,11 @@ tr_sha1_final (tr_sha1_ctx_t handle,
{
assert (handle != NULL);
- sha1_finish (handle, hash);
+ API (sha1_finish) (handle, hash);
}
-#if POLARSSL_VERSION_NUMBER >= 0x01030800
- sha1_free (handle);
+#if API_VERSION_NUMBER >= 0x01030800
+ API (sha1_free) (handle);
#endif
tr_free (handle);
@@ -169,10 +186,10 @@ tr_sha1_final (tr_sha1_ctx_t handle,
tr_rc4_ctx_t
tr_rc4_new (void)
{
- arc4_context * handle = tr_new0 (arc4_context, 1);
+ API (arc4_context) * handle = tr_new0 (API (arc4_context), 1);
-#if POLARSSL_VERSION_NUMBER >= 0x01030800
- arc4_init (handle);
+#if API_VERSION_NUMBER >= 0x01030800
+ API (arc4_init) (handle);
#endif
return handle;
@@ -181,8 +198,8 @@ tr_rc4_new (void)
void
tr_rc4_free (tr_rc4_ctx_t handle)
{
-#if POLARSSL_VERSION_NUMBER >= 0x01030800
- arc4_free (handle);
+#if API_VERSION_NUMBER >= 0x01030800
+ API (arc4_free) (handle);
#endif
tr_free (handle);
@@ -196,7 +213,7 @@ tr_rc4_set_key (tr_rc4_ctx_t handle,
assert (handle != NULL);
assert (key != NULL);
- arc4_setup (handle, key, key_length);
+ API (arc4_setup) (handle, key, key_length);
}
void
@@ -213,7 +230,7 @@ tr_rc4_process (tr_rc4_ctx_t handle,
assert (input != NULL);
assert (output != NULL);
- arc4_crypt (handle, length, input, output);
+ API (arc4_crypt) (handle, length, input, output);
}
/***
@@ -226,19 +243,19 @@ tr_dh_new (const uint8_t * prime_num,
const uint8_t * generator_num,
size_t generator_num_length)
{
- dhm_context * handle = tr_new0 (dhm_context, 1);
+ API (dhm_context) * handle = tr_new0 (API (dhm_context), 1);
assert (prime_num != NULL);
assert (generator_num != NULL);
-#if POLARSSL_VERSION_NUMBER >= 0x01030800
- dhm_init (handle);
+#if API_VERSION_NUMBER >= 0x01030800
+ API (dhm_init) (handle);
#endif
- if (!check_result (mpi_read_binary (&handle->P, prime_num, prime_num_length)) ||
- !check_result (mpi_read_binary (&handle->G, generator_num, generator_num_length)))
+ if (!check_result (API (mpi_read_binary) (&handle->P, prime_num, prime_num_length)) ||
+ !check_result (API (mpi_read_binary) (&handle->G, generator_num, generator_num_length)))
{
- dhm_free (handle);
+ API (dhm_free) (handle);
return NULL;
}
@@ -253,7 +270,7 @@ tr_dh_free (tr_dh_ctx_t handle)
if (handle == NULL)
return;
- dhm_free (handle);
+ API (dhm_free) (handle);
}
bool
@@ -262,7 +279,7 @@ tr_dh_make_key (tr_dh_ctx_t raw_handle,
uint8_t * public_key,
size_t * public_key_length)
{
- dhm_context * handle = raw_handle;
+ API (dhm_context) * handle = raw_handle;
assert (handle != NULL);
assert (public_key != NULL);
@@ -270,8 +287,8 @@ tr_dh_make_key (tr_dh_ctx_t raw_handle,
if (public_key_length != NULL)
*public_key_length = handle->len;
- return check_result (dhm_make_public (handle, private_key_length, public_key,
- handle->len, my_rand, NULL));
+ return check_result (API (dhm_make_public) (handle, private_key_length, public_key,
+ handle->len, my_rand, NULL));
}
tr_dh_secret_t
@@ -279,26 +296,29 @@ tr_dh_agree (tr_dh_ctx_t raw_handle,
const uint8_t * other_public_key,
size_t other_public_key_length)
{
- dhm_context * handle = raw_handle;
+ API (dhm_context) * handle = raw_handle;
struct tr_dh_secret * ret;
size_t secret_key_length;
assert (handle != NULL);
assert (other_public_key != NULL);
- if (!check_result (dhm_read_public (handle, other_public_key,
- other_public_key_length)))
+ if (!check_result (API (dhm_read_public )(handle, other_public_key,
+ other_public_key_length)))
return NULL;
ret = tr_dh_secret_new (handle->len);
secret_key_length = handle->len;
-#if POLARSSL_VERSION_NUMBER >= 0x01030000
- if (!check_result (dhm_calc_secret (handle, ret->key,
- &secret_key_length, my_rand, NULL)))
+#if API_VERSION_NUMBER >= 0x02000000
+ if (!check_result (API (dhm_calc_secret) (handle, ret->key, secret_key_length,
+ &secret_key_length, my_rand, NULL)))
+#elif API_VERSION_NUMBER >= 0x01030000
+ if (!check_result (API (dhm_calc_secret) (handle, ret->key,
+ &secret_key_length, my_rand, NULL)))
#else
- if (!check_result (dhm_calc_secret (handle, ret->key, &secret_key_length)))
+ if (!check_result (API (dhm_calc_secret) (handle, ret->key, &secret_key_length)))
#endif
{
tr_dh_secret_free (ret);
@@ -324,7 +344,7 @@ tr_rand_buffer (void * buffer,
assert (buffer != NULL);
tr_lockLock (rng_lock);
- ret = check_result (ctr_drbg_random (get_rng (), buffer, length));
+ ret = check_result (API (ctr_drbg_random) (get_rng (), buffer, length));
tr_lockUnlock (rng_lock);
return ret;
--
2.7.4

net/transmission/patches/030-fix-port-test.patch → net/transmission/patches/010-fix-port-test.patch View File


+ 0
- 35
net/transmission/patches/020-fix-external-miniupnpc.patch View File

@ -1,35 +0,0 @@
From 94fa0bba88740b9ab58c5805ddb24b05b2635f34 Mon Sep 17 00:00:00 2001
From: Mike Gelfand <mikedld@mikedld.com>
Date: Fri, 26 Jan 2018 08:31:16 +0300
Subject: [PATCH] Fix FTCBFS due to AC_RUN_IFELSE (patch by Helmut Grohne)
Fixes: #475
---
configure.ac | 8 +++-----
1 file changed, 3 insertions(+), 5 deletions(-)
diff --git a/configure.ac b/configure.ac
index cb026df..335f4a7 100644
--- a/configure.ac
+++ b/configure.ac
@@ -390,14 +390,12 @@ dnl Let's hope it's 1.7 or higher, since it provides
dnl MINIUPNPC_API_VERSION and we won't have to figure
dnl it out on our own
if test "x$upnp_version" = "xunknown" ; then
- AC_RUN_IFELSE(
+ AC_COMPILE_IFELSE(
[AC_LANG_PROGRAM(
[#include <stdlib.h>
#include <miniupnpc/miniupnpc.h>],
- [#ifdef MINIUPNPC_API_VERSION
- return EXIT_SUCCESS;
- #else
- return EXIT_FAILURE;
+ [#ifndef MINIUPNPC_API_VERSION
+ #error MINIUPNPC_API_VERSION undefined
#endif]
)],
[upnp_version=">= 1.7"]
--
2.7.4

net/transmission/patches/050-fix-safari.patch → net/transmission/patches/020-fix-safari.patch View File


+ 31
- 0
net/transmission/patches/030-fix-dht-memory-leak.patch View File

@ -0,0 +1,31 @@
From df03e037c69ebd74dd2db77d034b65980f0dc2d0 Mon Sep 17 00:00:00 2001
From: Mike Gelfand <mikedld@mikedld.com>
Date: Tue, 23 Jan 2018 21:20:30 +0300
Subject: [PATCH] Fix memory leak in `tr_dhtInit` in failure condition
Fixes: #482
---
libtransmission/tr-dht.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/libtransmission/tr-dht.c b/libtransmission/tr-dht.c
index 243429f64..df56542bc 100644
--- a/libtransmission/tr-dht.c
+++ b/libtransmission/tr-dht.c
@@ -333,8 +333,11 @@ tr_dhtInit (tr_session *ss)
return 1;
- fail:
- tr_logAddNamedDbg ("DHT", "DHT initialization failed (errno = %d)", errno);
+fail:
+ tr_free(nodes6);
+ tr_free(nodes);
+
+ tr_logAddNamedDbg("DHT", "DHT initialization failed (errno = %d)", errno);
session = NULL;
return -1;
}
--
2.17.0

+ 29
- 0
net/transmission/patches/040-fix-curl.patch View File

@ -0,0 +1,29 @@
From 4fa98f0b0b493ebbef616404dbc03ba5fe811997 Mon Sep 17 00:00:00 2001
From: userwithuid <userwithuid@gmail.com>
Date: Sun, 27 May 2018 12:47:15 -0700
Subject: [PATCH] fix logic for setting the curl ca bundle file
we do not want to delete the system default by setting this to NULL...
---
libtransmission/web.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/libtransmission/web.c b/libtransmission/web.c
index db349760b..997a151b5 100644
--- a/libtransmission/web.c
+++ b/libtransmission/web.c
@@ -191,7 +191,10 @@ createEasy (tr_session * s, struct tr_web * web, struct tr_web_task * task)
#endif
if (web->curl_ssl_verify)
{
- curl_easy_setopt (e, CURLOPT_CAINFO, web->curl_ca_bundle);
+ if (web->curl_ca_bundle != NULL)
+ {
+ curl_easy_setopt (e, CURLOPT_CAINFO, web->curl_ca_bundle);
+ }
}
else
{
--
2.17.0

net/transmission/patches/040-https-portcheck.patch → net/transmission/patches/050-https-portcheck.patch View File


+ 28
- 0
net/transmission/patches/060-fix-tls-verify.patch View File

@ -0,0 +1,28 @@
From 81d584b9027b2b2ddd3209c1582c9ec73c26cc3e Mon Sep 17 00:00:00 2001
From: Simon Wells <simonrwells@gmail.com>
Date: Sun, 27 May 2018 13:44:41 -0700
Subject: [PATCH] Change TR_CURL_SSL_VERIFY to TR_CURL_SSL_NO_VERIFY
use secure by default and change the env var to match curl -k behaviour
Closes: #179
---
libtransmission/web.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libtransmission/web.c b/libtransmission/web.c
index 997a151b5..ce41e342a 100644
--- a/libtransmission/web.c
+++ b/libtransmission/web.c
@@ -392,7 +392,7 @@ tr_webThreadFunc (void * vsession)
web->taskLock = tr_lockNew ();
web->tasks = NULL;
web->curl_verbose = tr_env_key_exists ("TR_CURL_VERBOSE");
- web->curl_ssl_verify = tr_env_key_exists ("TR_CURL_SSL_VERIFY");
+ web->curl_ssl_verify = !tr_env_key_exists ("TR_CURL_SSL_NO_VERIFY");
web->curl_ca_bundle = tr_env_get_string ("CURL_CA_BUNDLE", NULL);
if (web->curl_ssl_verify)
{
--
2.17.0

Loading…
Cancel
Save