diff options
author | Ben Woods <woodsb02@FreeBSD.org> | 2018-01-20 01:20:19 +0000 |
---|---|---|
committer | Ben Woods <woodsb02@FreeBSD.org> | 2018-01-20 01:20:19 +0000 |
commit | 5dd21e42a3a7072e3c746ca61d1ac3edb0708e13 (patch) | |
tree | 8234d272ed49686e536ec09026ded8cb2cd13fe7 /UPDATING | |
parent | d09ecf81bad302fa846ad94b33fc34975b378fd0 (diff) | |
download | ports-5dd21e42a3a7072e3c746ca61d1ac3edb0708e13.tar.gz ports-5dd21e42a3a7072e3c746ca61d1ac3edb0708e13.zip |
net-p2p/transmission-daemon: Improve UPDATING entry and add pkg-message
This will ensure users who do not read UPDATING are still presented with
the message about how to allow clients to connect to the daemon using
DNS when they upgrade the package.
PR: 225150
Reported by: swills
Security: https://www.vuxml.org/freebsd/3e5b8bd3-0c32-452f-a60e-beab7b762351.html
Notes
Notes:
svn path=/head/; revision=459492
Diffstat (limited to 'UPDATING')
-rw-r--r-- | UPDATING | 25 |
1 files changed, 16 insertions, 9 deletions
@@ -19,17 +19,24 @@ you update your ports collection, before attempting any port upgrades. AUTHOR: woodsb02@FreeBSD.org The transmission-daemon port has been updated to 2.92_4 to incorporate - a patch which mitigates DNS rebinding attacks. This will prevent users - from being able to connect to the transmission daemon (via the CLI, - web or GUI interfaces) unless one of the following is done: + a patch which mitigates DNS rebinding attacks. This will prevent + clients from being able to connect to the transmission daemon using + DNS with any hostname other than localhost, unless one of the + following is done: - Enable password authentication, then any hostname is allowed. - This can be achieved by add either editing settings.json to set - rpc-authentication-required, rpc-username and rpc-password or by - running transmission-daemon with the following arguments (can be - set with transmission_flags in /etc/rc.conf): - -t -u USERNAME -v PASSWORD + This can be achieved by either: + - setting rpc-authentication-required to true, and adding + credentials to the rpc-username and rpc-password fields in + settings.json (must be done whilst the transmission service is + stopped); or + - running transmission-daemon with the following arguments + (these can be set with transmission_flags in /etc/rc.conf): + -t -u USERNAME -v PASSWORD OR - - Add the allowed client hostnames to the rpc-host-whitelist setting + - Add the allowed server hostnames to the rpc-host-whitelist setting + in settings.json (must be done whilst the transmission service is + stopped). Note that this value is NOT a list of allowed CLIENTS, + but instead a list of allowed SERVER hostnames. 20180111 AFFECTS: users of editors/vim-lite |