forked from pool/python-onionshare
Dominique Leuenberger
689015e059
- Additional changes:
* drop python-stem in favor of python-cepa
* relax-async-mode.patch added
* fix-test-cli-web.patch added
* fix for boo#1194866
- Update to version 2.5.0
* CVE-2022-21696: It was possible to change the username to that
of another chat participant with an additional space character
at the end of the name string.
* CVE-2022-21695: Authenticated users (or unauthenticated in
public mode) could send messages without being visible in the
list of chat participants
* CVE-2022-21694:
* CVE-2022-21693: An adversary with a primitive that allows for
filesystem access from the context of the Onionshare process
could access sensitive files in the entire user home folder.
* CVE-2022-21692: anyone with access to the chat environment
could write messages disguised as another chat participant
* CVE-2022-21691: chat participants could spoof their channel
leave message, tricking others into assuming they left the chatroom.
* CVE-2022-21690: The path parameter of the requested URL was not
sanitized before being passed to the QT frontend. This path is
used in all components for displaying the server access history.
* CVE-2022-21688, CVE-2022-21689: Use microseconds in Receive mode
directory creation to avoid potential DoS
* Major feature:
* Obtain bridges from Moat / BridgeDB
* Snowflake bridge support
* New feature:
* Tor connection settings, as well as general settings,
are now Tabs rather than dialogs
* User can customize the Content-Security-Policy header
in Website mode
* Built-in bridges are automatically updated from Tor's API
when the user has chosen to use them
* Switch to using stem fork called cepa
* Various bug fixes
- Drop desktop file, upstream already provides one
- Install metainfo file
- Adjust requirements
- Added relax-async-mode.patch
OBS-URL: https://build.opensuse.org/request/show/967749
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-onionshare?expand=0&rev=11