Hello community, here is the log from the commit of package transmission.1433 for openSUSE:12.2:Update checked in at 2013-03-19 17:20:00 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:12.2:Update/transmission.1433 (Old) and /work/SRC/openSUSE:12.2:Update/.transmission.1433.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "transmission.1433", Maintainer is "" Changes: -------- New Changes file: --- /dev/null 2013-02-26 18:15:11.936010755 +0100 +++ /work/SRC/openSUSE:12.2:Update/.transmission.1433.new/transmission.changes 2013-03-19 17:20:01.000000000 +0100 @@ -0,0 +1,1435 @@ +------------------------------------------------------------------- +Tue Mar 12 08:19:09 UTC 2013 - [email protected] + +- Add transmission-CVE-2012-6129.patch: Fix crash in + UTP_ProcessIncoming() (CVE-2012-6129, bnc#803088). + +------------------------------------------------------------------- +Fri Jul 6 16:41:02 UTC 2012 - [email protected] + +- Update to version 2.60: + + All Platforms: + - Fix issues when adding magnet links + - Improved scraping behavior for certain trackers + - Fix bug where cleared statistics might not save + - Updated versions of miniupnpc and libuTP + - Fixed compilation issues with Solaris and FreeBSD + - Other minor fixes + + Web Client: + - Notification of downloading and seeding completion (requires + browser support of notifications) + - Re-add select all and deselect all buttons to the file + inspector tab + + Mac-specific changes. + + Updated translations. + +------------------------------------------------------------------- +Sat May 19 18:36:07 UTC 2012 - [email protected] + +- Update to version 2.52: + + All Platforms: + - Fix bug with zero termination of multiscrape strings. + - Update the bundled libnatpmp and miniupnp port forwarding + libraries. + + GTK+: + - Fix minor bug in Ubuntu app indicator support. + + Mac-specific changes. +- Drop xz BuildRequires, since this comes for free in the + buildsystem now. + +------------------------------------------------------------------- +Mon Apr 9 11:41:27 UTC 2012 - [email protected] + +- Update to version 2.51: + + All Platforms: + - Update the bundled libnatpmp and miniupnp libraries for port + forwarding + - Add environment variable options to have libcurl verify SSL + certs + - Support user-specified CXX environment variables during + compile time + + GTK+: + - Fix crash when adding torrents on systems without + G_USER_DIRECTORY_DOWNLOAD + - Honor the notification sound setting + - Add a tooltip to files in the torrents' file list + - Fix broken handling of the Cancel button in the "Open URL" + dialog + - Improve support for Gnome Shell and Unity + - Catch SIGTERM instead of SIGKILL + + Qt: + - Progress bar colors are now similar to the Mac and Web + clients' + - Improve the "Open Folder" behavior + + Web Client: + - Fix global seed ratio progress bars + - Fix sometimes-incorrect ratio being displayed in the + Inspector + - If multiple torrents are selected, show the aggregate info in + the Inspector + - Upgrade to jQuery 1.7.2 + + Daemon: + - Show magnet link information in transmission-remote -i. + +------------------------------------------------------------------- +Mon Feb 27 20:31:47 UTC 2012 - [email protected] + +- Conditionally use libminiupnpc-devel BuildRequires on openSUSE + 12.2 and later only. Previous openSUSE versions did not have the + package and will make use of the miniupnp that is bundled with + the transmission sources. + +------------------------------------------------------------------- +Fri Feb 17 09:08:09 UTC 2012 - [email protected] + +- Add libminiupnpc-devel BuildRequires: use an external miniupnpc + instead of a bundled copy. This needs a fix in our miniupnpc + package to work, though. +- Remove libnotify-tools Requires from gtk subpackage: this is not + needed anymore since transmission now uses dbus directly to + create notifications. + +------------------------------------------------------------------- +Tue Feb 14 19:50:44 UTC 2012 - [email protected] + +- Update to version 2.50: + + All Platforms: + - Fix crash when adding some magnet links. + - Improved support for downloading webseeds with large files. + - Gracefully handle incorrectly-compressed data from webseed + downloads. + - Fairer bandwidth distribution across connected peers. + - Use less CPU when calculating undownloaded portions of large + torrents. + - Use the Selection Algorithm, rather than sorting, to select + peer candidates. + - Use base-10 units when displaying bandwidth speed and disk + space. + - If the OS has its own copy of natpmp, prefer it over our + bundled version. + - Fix Fails-To-Build error on Solaris 10 from use of mkdtemp(). + - Fix Fails-To-Build error on FreeBSD from use of alloca(). + - Fix Fails-To-Build error when building without a C++ compiler + for libuT. + + GTK+: + - Fix regression that broke the "--minimized" command-line + argument. + - Instead of notify-send, use the org.freedesktop.Notifications + DBus API. + - Fix a handful of small memory leaks. + + Qt: + - Fix FTB when building without libuTP support on Debian. + + Web Client: + - Filtering by state and tracker. + - Sorting by size. + - Larger, easier-to-press toolbar buttons. + - Fix the torrent size and time remaining in the inspector's + details tab. + - Bundle jQuery and the stylesheets to avoid third-party CDNs. + - Upgrade to jQuery 1.7.1. + - Fix runtime errors in IE 8, IE 9, and Opera. + - Revise CSS stylesheets to use SASS. + - Minor interface tweaks. + + Daemon: + - Fix corrupted status string in transmission-remote. + +------------------------------------------------------------------- +Thu Oct 20 08:50:01 UTC 2011 - [email protected] + +- Update to version 2.42: + + All Platforms: + - Fix error connecting to UDP trackers from big-endian systems + - Fix RPC error when editing UDP trackers + - Fix build failure when a C++ compiler is not installed + + Mac: + - Fix a potential crash on 10.5 Leopard + - Fix bugs with the tracker and file inspector tables + + GTK+: + - Support GTK+ 3.2 + - Fix crasher on systems not running DBus + + Web Client + - Fix bug which broke Opera support + + Updated translations. +- Add conditional pkgconfig(gtk+-3.0) BuildRequires, based on + favor_gtk2; in case favor_gtk2 evaluates to true, we stay with + the existing gtk2-devel BuildRequires. + +------------------------------------------------------------------- +Mon Oct 10 06:26:45 UTC 2011 - [email protected] + +- Update to version 2.41: + + Fix crash on Mac. + +------------------------------------------------------------------- +Sat Oct 8 11:30:21 UTC 2011 - [email protected] + +- Change notify-tools Requires to libnotify-tools (notify-tools + doesn't exist...). + +------------------------------------------------------------------- +Thu Oct 6 06:34:18 UTC 2011 - [email protected] + +- Update to version 2.40: + + All Platforms: + - Torrent queuing + - Improved webseed support + - Fix crash when removing a magnetized transfer + - Fix adding transfers over RPC when a subfolder does not exist + - Other minor fixes + + GTK+: + - Add GTK+ 3 support + - Make popup notification and system sounds system-configurable + - Add a settings option to hard-delete files instead of using + the recycle bin + + Qt: + - Add popup notification for finished torrents + - Fix non-UTF-8 display issue in the "New Torrent" dialog + + Daemon: + - SSL support in transmission-remote + + Web Client: + - Speed improvements + - Add filtering by tracker + - Allow preference changes on mobile devices + - Allow compact view on mobile devices + - Stop ratio functionality + - Compact view interface improvements + + Utils: + - Fix transmission-edit bug when adding a tracker to a ++++ 1238 more lines (skipped) ++++ between /dev/null ++++ and /work/SRC/openSUSE:12.2:Update/.transmission.1433.new/transmission.changes New: ---- transmission-2.60.tar.xz transmission-CVE-2012-6129.patch transmission-qt.desktop transmission.changes transmission.spec ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ transmission.spec ++++++ # # spec file for package transmission # # Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via http://bugs.opensuse.org/ # Name: transmission BuildRequires: fdupes BuildRequires: gcc-c++ BuildRequires: glib2-devel >= 2.28.0 %if 0%{?favor_gtk2} BuildRequires: gtk2-devel >= 2.22.0 %else BuildRequires: pkgconfig(gtk+-3.0) >= 3.2.0 %endif BuildRequires: intltool %if 0%{?WITH_APPINDICATOR} BuildRequires: libappindicator-devel >= 0.4.90 %endif BuildRequires: libcurl-devel BuildRequires: libevent-devel >= 2.0.0 %if 0%{?suse_version} > 1210 BuildRequires: libminiupnpc-devel %endif BuildRequires: libqt4-devel BuildRequires: openssl-devel BuildRequires: update-desktop-files Version: 2.60 Release: 0 Summary: Lightweight, yet powerful BitTorrent client License: GPL-2.0 ; MIT Group: Productivity/Networking/Other Source0: http://download.m0k.org/transmission/files/%{name}-%{version}.tar.xz Source1: transmission-qt.desktop # PATCH-FIX-UPSTREAM transmission-CVE-2012-6129.patch CVE-2012-6129 bnc#803088 [email protected] -- Fix crash in UTP_ProcessIncoming() Patch0: transmission-CVE-2012-6129.patch Url: http://www.transmissionbt.com/ BuildRoot: %{_tmppath}/%{name}-%{version}-build Requires: %{name}-common = %{version} Requires(post): update-alternatives Requires(postun): update-alternatives Provides: %{name}-ui = %{version} %description Transmission is a fast, easy, and free multi-platform BitTorrent client with a focus on being lightweight yet feature-filled. Its simple, intuitive interface is designed to integrate tightly with whatever computing environment you choose to use. Transmission strikes a balance between providing useful functionality without feature bloat. Furthermore, it is free for anyone to use or modify. %package gtk Summary: Lightweight, yet powerful BitTorrent client Group: Productivity/Networking/Other Requires: %{name}-common = %{version} # For canberra-gtk-play binary Requires: canberra-gtk-play Requires(post): update-alternatives Requires(postun): update-alternatives Recommends: %{name}-gtk-lang Provides: %{name}-ui = %{version} %description gtk Transmission is a fast, easy, and free multi-platform BitTorrent client with a focus on being lightweight yet feature-filled. Its simple, intuitive interface is designed to integrate tightly with whatever computing environment you choose to use. Transmission strikes a balance between providing useful functionality without feature bloat. Furthermore, it is free for anyone to use or modify. This package contains a graphical user interface to transmission. %package qt Summary: Lightweight, yet powerful BitTorrent client Group: Productivity/Networking/Other Requires: %{name}-common = %{version} Requires(post): update-alternatives Requires(postun): update-alternatives Provides: %{name}-ui = %{version} %description qt Transmission is a fast, easy, and free multi-platform BitTorrent client with a focus on being lightweight yet feature-filled. Its simple, intuitive interface is designed to integrate tightly with whatever computing environment you choose to use. Transmission strikes a balance between providing useful functionality without feature bloat. Furthermore, it is free for anyone to use or modify. This package contains a graphical user interface to transmission. %package common Summary: Lightweight, yet powerful BitTorrent client - Common Data Group: Productivity/Networking/Other Requires: %{name}-ui = %{version} %if 0%{suse_version} > 1110 BuildArch: noarch %endif %description common Transmission is a fast, easy, and free multi-platform BitTorrent client with a focus on being lightweight yet feature-filled. Its simple, intuitive interface is designed to integrate tightly with whatever computing environment you choose to use. Transmission strikes a balance between providing useful functionality without feature bloat. Furthermore, it is free for anyone to use or modify. %lang_package -n %{name}-gtk %prep %setup -q %patch0 -p1 %build export CFLAGS="$RPM_OPT_FLAGS -fPIC" export CXXFLAGS="$RPM_OPT_FLAGS -fPIC" %configure \ --disable-static \ %if 0%{?WITH_APPINDICATOR} --enable-libappindicator \ %endif --with-gtk %__make %{?jobs:-j%{jobs}} # the qt ui requires an extrawurst for now cd qt qmake QMAKE_CXXFLAGS="$RPM_OPT_FLAGS -fPIC" qtr.pro %__make %{?jobs:-j%{jobs}} %install %makeinstall %if 0%{?suse_version} <= 1110 %{__rm} %{buildroot}%{_datadir}/locale/fil/LC_MESSAGES/* %endif %if 0%{?suse_version} <= 1130 %{__rm} %{buildroot}%{_datadir}/locale/ceb/LC_MESSAGES/* %endif # install qt ui cd qt %__make install INSTALL_ROOT=%{buildroot}%{_prefix} cd .. # touch files for alternatives touch %{buildroot}%{_bindir}/transmission chmod 0755 %{buildroot}%{_bindir}/transmission touch %{buildroot}%{_mandir}/man1/transmission.1.gz %find_lang transmission-gtk %{?no_lang_C} %suse_update_desktop_file transmission-gtk %suse_update_desktop_file -i transmission-qt %fdupes $RPM_BUILD_ROOT %clean rm -rf %{buildroot} %post update-alternatives --install %{_bindir}/transmission transmission %{_bindir}/transmission-cli 5 \ --slave %{_mandir}/man1/transmission.1.gz transmission.1.gz %{_mandir}/man1/transmission-cli.1.gz %post gtk update-alternatives --install %{_bindir}/transmission transmission %{_bindir}/transmission-gtk 15 \ --slave %{_mandir}/man1/transmission.1.gz transmission.1.gz %{_mandir}/man1/transmission-gtk.1.gz %if 0%{?suse_version} > 1130 %desktop_database_post %endif %post qt update-alternatives --install %{_bindir}/transmission transmission %{_bindir}/transmission-qt 10 \ --slave %{_mandir}/man1/transmission.1.gz transmission.1.gz %{_mandir}/man1/transmission-qt.1.gz %if 0%{?suse_version} > 1130 %desktop_database_post %endif %if 0%{?suse_version} > 1130 %post common %icon_theme_cache_post %endif %postun # Note: we don't use "$1 -eq 0", to avoid issues if the package gets renamed if [ ! -f %{_bindir}/transmission-cli ]; then update-alternatives --remove transmission %{_bindir}/transmission-cli fi %postun gtk # Note: we don't use "$1 -eq 0", to avoid issues if the package gets renamed if [ ! -f %{_bindir}/transmission-gtk ]; then update-alternatives --remove transmission %{_bindir}/transmission-gtk fi %if 0%{?suse_version} > 1130 %desktop_database_postun %endif %postun qt # Note: we don't use "$1 -eq 0", to avoid issues if the package gets renamed if [ ! -f %{_bindir}/transmission-qt ]; then update-alternatives --remove transmission %{_bindir}/transmission-qt fi %if 0%{?suse_version} > 1130 %desktop_database_postun %endif %if 0%{?suse_version} > 1130 %postun common %icon_theme_cache_postun %endif %files %defattr(-,root,root) %doc AUTHORS NEWS README COPYING %ghost %{_bindir}/transmission %{_bindir}/transmission-cli %{_bindir}/transmission-create %{_bindir}/transmission-daemon %{_bindir}/transmission-edit %{_bindir}/transmission-remote %{_bindir}/transmission-show %ghost %doc %{_mandir}/man1/transmission.1* %doc %{_mandir}/man1/transmission-cli.1* %doc %{_mandir}/man1/transmission-create.1* %doc %{_mandir}/man1/transmission-daemon.1* %doc %{_mandir}/man1/transmission-edit.1* %doc %{_mandir}/man1/transmission-remote.1* %doc %{_mandir}/man1/transmission-show.1* %files -n %{name}-gtk-lang -f transmission-gtk.lang %defattr(-,root,root) %if 0%{?suse_version} <= 1140 %dir %{_datadir}/locale/an %dir %{_datadir}/locale/an/LC_MESSAGES %endif %files gtk %defattr(-,root,root) %doc AUTHORS NEWS README COPYING %ghost %{_bindir}/transmission %{_bindir}/transmission-gtk %{_datadir}/applications/transmission-gtk.desktop %ghost %doc %{_mandir}/man1/transmission.1* %doc %{_mandir}/man1/transmission-gtk.1* %files qt %defattr(-,root,root) %doc AUTHORS NEWS README COPYING %ghost %{_bindir}/transmission %{_bindir}/transmission-qt %{_datadir}/applications/transmission-qt.desktop %ghost %doc %{_mandir}/man1/transmission.1* %doc %{_mandir}/man1/transmission-qt.1* %files common %defattr(-,root,root) %{_datadir}/transmission/ %{_datadir}/icons/*/*/apps/transmission.* %{_datadir}/pixmaps/transmission.png %changelog ++++++ transmission-CVE-2012-6129.patch ++++++ Index: transmission-2.60/third-party/libutp/utp.cpp =================================================================== --- transmission-2.60.orig/third-party/libutp/utp.cpp +++ transmission-2.60/third-party/libutp/utp.cpp @@ -1487,6 +1487,8 @@ size_t UTPSocket::selective_ack_bytes(ui return acked_bytes; } +enum { MAX_EACK = 128 }; + void UTPSocket::selective_ack(uint base, const byte *mask, byte len) { if (cur_window_packets == 0) return; @@ -1499,7 +1501,7 @@ void UTPSocket::selective_ack(uint base, // resends is a stack of sequence numbers we need to resend. Since we // iterate in reverse over the acked packets, at the end, the top packets // are the ones we want to resend - int resends[32]; + int resends[MAX_EACK]; int nr = 0; LOG_UTPV("0x%08x: Got EACK [%032b] base:%u", this, *(uint32*)mask, base); @@ -1572,6 +1574,12 @@ void UTPSocket::selective_ack(uint base, if (((v - fast_resend_seq_nr) & ACK_NR_MASK) <= OUTGOING_BUFFER_MAX_SIZE && count >= DUPLICATE_ACKS_BEFORE_RESEND && duplicate_ack < DUPLICATE_ACKS_BEFORE_RESEND) { + // resends is a stack, and we're mostly interested in the top of it + // if we're full, just throw away the lower half + if (nr >= MAX_EACK - 2) { + memmove(resends, &resends[MAX_EACK/2], MAX_EACK/2 * sizeof(resends[0])); + nr -= MAX_EACK / 2; + } resends[nr++] = v; LOG_UTPV("0x%08x: no ack for %u", this, v); } else { @@ -1580,13 +1588,12 @@ void UTPSocket::selective_ack(uint base, } } while (--bits >= -1); - if (((base - 1 - fast_resend_seq_nr) & ACK_NR_MASK) < 256 && - count >= DUPLICATE_ACKS_BEFORE_RESEND && - duplicate_ack < DUPLICATE_ACKS_BEFORE_RESEND) { + if (((base - 1 - fast_resend_seq_nr) & ACK_NR_MASK) < OUTGOING_BUFFER_MAX_SIZE && + count >= DUPLICATE_ACKS_BEFORE_RESEND) { // if we get enough duplicate acks to start // resending, the first packet we should resend // is base-1 - resends[nr++] = base - 1; + resends[nr++] = (base - 1) & ACK_NR_MASK; } else { LOG_UTPV("0x%08x: not resending %u count:%d dup_ack:%u fast_resend_seq_nr:%u", this, base - 1, count, duplicate_ack, fast_resend_seq_nr); ++++++ transmission-qt.desktop ++++++ [Desktop Entry] Name=Transmission (Qt) GenericName=BitTorrent Client Comment=Download and share files over BitTorrent Exec=transmission-qt %F Icon=transmission Terminal=false TryExec=transmission-qt Type=Application MimeType=application/x-bittorrent; Categories=Network;P2P; -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
