python/python-onionshare
SHA256
14
0
Fork 0
forked from pool/python-onionshare
Code Pull Requests Activity
Files
9e0f2ca1d75787d69d1cd5f70c4ae7ee643bb097200ff05acd9ccd554cd3805e
python-onionshare/python-onionshare.changes

253 lines
11 KiB
Plaintext
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
-------------------------------------------------------------------
Wed May 31 16:00:56 UTC 2023 - Ben Greiner <code@bnavigator.de>
- Add onionshare-poetry-core.patch
* poetry-core is enough to build and has a much smaller footprint
-------------------------------------------------------------------
Sat Dec 10 20:57:15 UTC 2022 - Dirk Müller <dmueller@suse.com>
- update to 2.6:
* Major feature: a new 'Quickstart' screen, which enables toggling on or
off an animated automatic connection to Tor. This allows configuring
network settings prior to automatic connection.
* Major feature: Censorship circumvention. Use new features in the
upstream Tor API to try to automatically obtain bridges depending on the
user's location.
* New feature: automatically fetch the built-in bridges from the upstream
Tor API rather than hardcode them in each release of OnionShare.
* New feature: keyboard shortcuts to access various modes and menus, and
accessibility hints
* Bug fix: Temporary Directory for serving the OnionShare web pages was
broken on Windows
* Packaging: Packaging is more automated, and Linux Snapcraft releases are
available for amd64, arm64, and armhf
* Miscellaneous: Many dependency updates and web page theming improvements
-------------------------------------------------------------------
Tue Jul 26 10:12:57 UTC 2022 - Axel Braun <axel.braun@gmx.de>
- dependency on python3-PySocks added
-------------------------------------------------------------------
Mon May 23 10:27:18 UTC 2022 - Axel Braun <axel.braun@gmx.de>
- desktop tests disabled. Started failing without code change....
-------------------------------------------------------------------
Fri Feb 25 06:52:51 UTC 2022 - Axel Braun <axel.braun@gmx.de>
- Additional changes:
* drop python-stem in favor of python-cepa
* relax-async-mode.patch added
* fix-test-cli-web.patch added
* fix for boo#1194866
-------------------------------------------------------------------
Thu Feb 24 19:33:47 UTC 2022 - Ferdinand Thiessen <rpm@fthiessen.de>
- Update to version 2.5.0
* CVE-2022-21696: It was possible to change the username to that
of another chat participant with an additional space character
at the end of the name string.
* CVE-2022-21695: Authenticated users (or unauthenticated in
public mode) could send messages without being visible in the
list of chat participants
* CVE-2022-21694:
* CVE-2022-21693: An adversary with a primitive that allows for
filesystem access from the context of the Onionshare process
could access sensitive files in the entire user home folder.
* CVE-2022-21692: anyone with access to the chat environment
could write messages disguised as another chat participant
* CVE-2022-21691: chat participants could spoof their channel
leave message, tricking others into assuming they left the chatroom.
* CVE-2022-21690: The path parameter of the requested URL was not
sanitized before being passed to the QT frontend. This path is
used in all components for displaying the server access history.
* CVE-2022-21688, CVE-2022-21689: Use microseconds in Receive mode
directory creation to avoid potential DoS
* Major feature:
* Obtain bridges from Moat / BridgeDB
* Snowflake bridge support
* New feature:
* Tor connection settings, as well as general settings,
are now Tabs rather than dialogs
* User can customize the Content-Security-Policy header
in Website mode
* Built-in bridges are automatically updated from Tor's API
when the user has chosen to use them
* Switch to using stem fork called cepa
* Various bug fixes
- Drop desktop file, upstream already provides one
- Install metainfo file
- Adjust requirements
- Added relax-async-mode.patch
-------------------------------------------------------------------
Thu Oct 7 20:00:10 UTC 2021 - Axel Braun <axel.braun@gmx.de>
- runtime dependency on python-PyNaCl added
-------------------------------------------------------------------
Tue Oct 5 10:26:20 UTC 2021 - Axel Braun <axel.braun@gmx.de>
- source file fixed (download)
-------------------------------------------------------------------
Tue Oct 5 08:12:25 UTC 2021 - Gabriele Sonnu <gabriele.sonnu@suse.com>
- Update to 2.4:
* Major feature: Private keys (v3 onion client authentication) replaces passwords and HTTP basic auth
* Updated Tor to 0.4.6.7 on all platforms
* Various bug fixes
- CVE-2021-41867: Fixed remote information disclosure when using --chat feature (boo#1191311)
- CVE-2021-41868: Fixed remote unauthenticated file upload when using the --receive functionality (boo#1191312)
- Remove fix-compare-offset-naive-and-offset-aware-datetimes.patch because accepted upstream
-------------------------------------------------------------------
Sun Aug 22 07:38:13 UTC 2021 - Fusion Future <qydwhotmail@gmail.com>
- Fix fix-compare-offset-naive-and-offset-aware-datetimes.patch to
use the correct timezone.
-------------------------------------------------------------------
Sun Aug 22 05:09:53 UTC 2021 - Fusion Future <qydwhotmail@gmail.com>
- Update to 2.3.3:
* New feature: Setting for light or dark theme
* Updated Tor to 0.4.6.7 for Linux, 0.4.5.10 for Windows and macOS
* Various bug fixes
- Add fix-compare-offset-naive-and-offset-aware-datetimes.patch to
fix test errors in test_if_unmodified_since and test_firefox_like_behavior
(gh#onionshare/onionshare#1398).
-------------------------------------------------------------------
Tue Jun 8 11:34:37 UTC 2021 - Axel Braun <axel.braun@gmx.de>
- update to version 2.3.2
* New feature: Custom titles can be set for OnionShare's various modes
* New feature: Receive mode supports notification webhooks
* New feature: Receive mode supports submitting messages as well as files
* New feature: New ASCII art banner and prettier verbose output
* New feature: Partial support for range requests (pausing and resuming in HTTP)
* Updated Tor to 0.4.5.7
* Updated built-in obfs4 bridges
* Various bug fixes
* 0001-adjust_tests.diff added to skip download test
-------------------------------------------------------------------
Sun May 16 09:28:39 UTC 2021 - Axel Braun <axel.braun@gmx.de>
- update to version 2.3.1
* Bugfix: Fix chat mode
* Bugfix: Fix persistent in onionshare-cli
* Bugfix: Fix checking for updates in Windows and macOS
* Major new feature: Multiple tabs, including better support for persistent services, faster Tor connections
* New feature: Chat anonymously mode
* New feature: All new design
* New feature: Ability to display QR codes of OnionShare addresses
* New feature: Web apps have responsive design and look better on mobile
* New feature: Flatpak and Snapcraft packaging for Linux
* New dependencies added
* package onionshare-data removed
* singlespec removed
* update alternatives removed (pyside2 issues with python flavours)
-------------------------------------------------------------------
Wed Jun 3 10:24:26 UTC 2020 - Axel Braun <axel.braun@gmx.de>
- fix for dependency error (see https://build.opensuse.org/request/show/807929 )
-------------------------------------------------------------------
Thu May 21 06:55:37 UTC 2020 - Petr Gajdos <pgajdos@suse.com>
- %python3_only -> %python_alternative
-------------------------------------------------------------------
Wed Nov 6 16:13:36 UTC 2019 - Axel Braun <axel.braun@gmx.de>
- Version 2.2
* fix for desktop icon installation
* New feature: Website mode, which allows publishing a static HTML website as an onion service
* Allow individual files to be viewed or downloaded in Share mode, including the ability to browse into subdirectories and use breadcrumbs to navigate back
* Show a counter when individual files or pages are viewed
* Better History items including colors and status codes to differentiate between successful and failed requests
* Swap out the random /slug suffix for HTTP basic authentication (when in non-public mode)
* Hide the Tor connection settings if the ONIONSHARE_HIDE_TOR_SETTINGS environment variable is set (Tails compatibility)
* Remove the NoScript XSS warning in Receive Mode now that the NoScript/Tor Browser bug is fixed. The ajax upload method still exists when javascript is enabled.
* Better support for DragonFly BSD
* Updated various dependencies, including Flask, Werkzeug, urllib3, requests, and PyQt5
* Updated Tor to 0.4.1.5
* Other minor bug fixes
* New translations:
Arabic (العربية)
Dutch (Nederlands)
Persian (فارسی)
Romanian (Română)
Serbian latin (Srpska (latinica))
* Removed translations with fewer than 90% of strings translated:
Finnish (Suomi)
-------------------------------------------------------------------
Tue Aug 13 07:50:48 UTC 2019 - Axel Braun <axel.braun@gmx.de>
- Version 2.1
* New feature: Auto-start timer, which allows scheduling when the server starts
* Renamed CLI argument --debug to --verbose
* Make Tor connection timeout configurable as a CLI argument
* Updated various dependencies, including to fix third-party security issues in urllib3, jinja2, and jQuery
* Update Tor to 0.3.5.8
* New translations:
Traditional Chinese (正體中文 (繁體)),
Simplified Chinese (中文 (简体))
Finnish (Suomi)
German (Deutsch)
Icelandic (Íslenska)
Irish (Gaeilge)
Norwegian Bokmål (Norsk Bokmål)
Polish (Polski)
Portuguese Portugal (Português (Portugal))
Telugu (తెలుగు)
Turkish (Türkçe)
Ukrainian (Українська)
* Removed translations because less than 90% of the strings were translated:
Bengali (বাংলা)
Persian (فارسی)
-------------------------------------------------------------------
Fri Feb 22 09:26:00 UTC 2019 - Robert Frohl <rfrohl@suse.com>
- Version 2.0
* Receiver mode allows you to receive files with OnionShare, instead of only
sending files
* Support for next generation onion services
* Public mode feature, for public uses of OnionShare, which when enabled
turns off slugs in the URL and removes the limit on how many 404 requests
can be made
* If you're sharing a single file, don't zip it up
* Full support for meek_lite (Azure) bridges
* Allow selecting your language from a dropdown
-------------------------------------------------------------------
Fri Dec 21 16:34:04 UTC 2018 - Axel Braun <axel.braun@gmx.de>
- Version 1.3.2 to fix CVE-2018-19960 (boo#1120205)
-------------------------------------------------------------------
Wed Dec 12 21:11:56 UTC 2018 - Jan Engelhardt <jengelh@inai.de>
- Trim a few redundancies from the descriptions.
-------------------------------------------------------------------
Wed Dec 12 10:29:46 UTC 2018 - Ismail Dönmez <idonmez@suse.com>
- Use full source URLs to verify the integrity
https://en.opensuse.org/SourceUrls
-------------------------------------------------------------------
Fri Nov 23 17:20:53 UTC 2018 - Axel Braun <axel.braun@gmx.de>
- Version 1.3.1
initial build on OBS
thanks to scarabeus_iv for the testing part!
View Git Blame Copy Permalink