Add note to UPDATING for net-p2p/transmission-daemon explaining how to

allow client access with the new DNS rebinding mitigations. PR: 225150 MFH: 2018Q1 Security: https://www.vuxml.org/freebsd/3e5b8bd3-0c32-452f-a60e-beab7b762351.html
svn path=/head/; revision=459013
2024-12-01 01:17:02 +00:00 · 2018-01-14 23:29:04 +00:00 · 2018-01-14 23:29:04 +00:00 · 20d10694c1 · 2021-03-31 03:12:20 +00:00
commit 20d10694c1
parent ac76b3f03c
1 changed files with 17 additions and 0 deletions
--- a/17
+++ b/17
@ -5,6 +5,23 @@ they are unavoidable.
 You should get into the habit of checking this file for changes each time
 you update your ports collection, before attempting any port upgrades.

+20180115
+  AFFECTS: users of net-p2p/transmission-daemon
+  AUTHOR: woodsb02@FreeBSD.org
+
+  The transmission-daemon port has been updated to 2.92_4 to incorporate
+  a patch which mitigates DNS rebinding attacks. This will prevent users
+  from being able to connect to the transmission daemon (via the CLI,
+  web or GUI interfaces) unless one of the following is done:
+    - Enable password authentication, then any hostname is allowed.
+      This can be achieved by add either editing settings.json to set
+      rpc-authentication-required, rpc-username and rpc-password or by
+      running transmission-daemon with the following arguments (can be
+      set with transmission_flags in /etc/rc.conf):
+      -t -u USERNAME -v PASSWORD
+    OR
+    - Add the allowed client hostnames to the rpc-host-whitelist setting
+
 20180111
  AFFECTS: users of editors/vim-lite
  AUTHOR: adamw@FreeBSD.org