File python-onionshare.changes of Package python-onionshare

Overview Repositories Revisions Requests Users Attributes Meta

File python-onionshare.changes of Package python-onionshare

-------------------------------------------------------------------
Tue May  7 00:21:33 UTC 2024 - Axel Braun <axel.braun@gmx.de>

- version 2.6.2
  * Security fix: Removes newlines from History item path
  * Security fix: Set a maximum length of 524288 characters for text messages in Receive mode
  * Security fix: Allows only specific ASCII characters for usernames and removes control characters
  * Security fix: Forcefully disconnect user from chat on disconnect event
  * Security fix: Handle username validation excpeptions to prevent silent joining

-------------------------------------------------------------------
Mon Mar  4 16:35:25 UTC 2024 - Ben Greiner <code@bnavigator.de>

- Add more missing runtime requirements

-------------------------------------------------------------------
Mon Mar  4 16:10:24 UTC 2024 - Axel Braun <axel.braun@gmx.de>

- Requires: python-packaging

-------------------------------------------------------------------
Wed Feb 28 18:28:24 UTC 2024 - Axel Braun <axel.braun@gmx.de>

- version 2.6.1
  * Release updates: Automate builds with CI, make just 64-bit Windows release, make a single universal2 release for both Intel and Apple Silicon macOS
  * Upgrade dependencies, including Tor, meek, and snowflake
  * Bug fix: Restore the primary_action mode settings in a tab after OnionShare reconnects to Tor
  * Bug fix: Fix issue with auto-connecting to Tor with persistent tabs open
  * Bug fix: Fix packaging issue where Windows version of OnionShare conflicts with Windows version of Dangerzone
  * Bug fix: Fix 'Use a bridge' checkbox state change
  * Bug fix: Raise error from waitress if not shutdown
  * Patches removed:
    fix-test-cli-web.patch
    onionshare-pr1677-fix-werkzeug3.patch
    onionshare-poetry-core.patch

-------------------------------------------------------------------
Sun Jan 28 17:35:56 UTC 2024 - Ben Greiner <code@bnavigator.de>

- Use (single flavor) python_subpackages for correct package prefix
- Obsolete incorrectly named packages, convince rpmlint that it is
  fine

-------------------------------------------------------------------
Thu Nov 23 14:22:20 UTC 2023 - Ben Greiner <code@bnavigator.de>

- Fix dependencies
  * Add onionshare-pr1677-fix-werkzeug3.patch
- PEP517: Use pyproject instead of deprecated setup.py

-------------------------------------------------------------------
Wed May 31 16:00:56 UTC 2023 - Ben Greiner <code@bnavigator.de>

- Add onionshare-poetry-core.patch
  * poetry-core is enough to build and has a much smaller footprint

-------------------------------------------------------------------
Sat Dec 10 20:57:15 UTC 2022 - Dirk Müller <dmueller@suse.com>

- update to 2.6:
  * Major feature: a new 'Quickstart' screen, which enables toggling on or
    off an animated automatic connection to Tor. This allows configuring
    network settings prior to automatic connection.
  * Major feature: Censorship circumvention. Use new features in the
    upstream Tor API to try to automatically obtain bridges depending on the
    user's location.
  * New feature: automatically fetch the built-in bridges from the upstream
    Tor API rather than hardcode them in each release of OnionShare.
  * New feature: keyboard shortcuts to access various modes and menus, and
    accessibility hints
  * Bug fix: Temporary Directory for serving the OnionShare web pages was
    broken on Windows
  * Packaging: Packaging is more automated, and Linux Snapcraft releases are
    available for amd64, arm64, and armhf
  * Miscellaneous: Many dependency updates and web page theming improvements

-------------------------------------------------------------------
Tue Jul 26 10:12:57 UTC 2022 - Axel Braun <axel.braun@gmx.de>

- dependency on python3-PySocks added

-------------------------------------------------------------------
Mon May 23 10:27:18 UTC 2022 - Axel Braun <axel.braun@gmx.de>

- desktop tests disabled. Started failing without code change....

-------------------------------------------------------------------
Fri Feb 25 06:52:51 UTC 2022 - Axel Braun <axel.braun@gmx.de>

- Additional changes:
  * drop python-stem in favor of python-cepa
  * relax-async-mode.patch added
  * fix-test-cli-web.patch added
  * fix for boo#1194866
  
-------------------------------------------------------------------
Thu Feb 24 19:33:47 UTC 2022 - Ferdinand Thiessen <rpm@fthiessen.de>

- Update to version 2.5.0
  * CVE-2022-21696: It was possible to change the username to that
    of another chat participant with an additional space character
    at the end of the name string. 
  * CVE-2022-21695: Authenticated users (or unauthenticated in
    public mode) could send messages without being visible in the
    list of chat participants
  * CVE-2022-21694:
  * CVE-2022-21693: An adversary with a primitive that allows for
    filesystem access from the context of the Onionshare process
    could access sensitive files in the entire user home folder.
  * CVE-2022-21692: anyone with access to the chat environment
    could write messages disguised as another chat participant
  * CVE-2022-21691: chat participants could spoof their channel
    leave message, tricking others into assuming they left the chatroom.
  * CVE-2022-21690: The path parameter of the requested URL was not
    sanitized before being passed to the QT frontend. This path is
    used in all components for displaying the server access history.
  * CVE-2022-21688, CVE-2022-21689: Use microseconds in Receive mode
    directory creation to avoid potential DoS
  * Major feature:
    * Obtain bridges from Moat / BridgeDB
    * Snowflake bridge support
  * New feature:
    * Tor connection settings, as well as general settings,
      are now Tabs rather than dialogs
    * User can customize the Content-Security-Policy header
      in Website mode
    * Built-in bridges are automatically updated from Tor's API
      when the user has chosen to use them
  * Switch to using stem fork called cepa
  * Various bug fixes
- Drop desktop file, upstream already provides one
- Install metainfo file
- Adjust requirements
- Added relax-async-mode.patch

-------------------------------------------------------------------
Thu Oct  7 20:00:10 UTC 2021 - Axel Braun <axel.braun@gmx.de>

- runtime dependency on python-PyNaCl added

-------------------------------------------------------------------
Tue Oct  5 10:26:20 UTC 2021 - Axel Braun <axel.braun@gmx.de>

- source file fixed (download)

-------------------------------------------------------------------
Tue Oct  5 08:12:25 UTC 2021 - Gabriele Sonnu <gabriele.sonnu@suse.com>

- Update to 2.4:
  * Major feature: Private keys (v3 onion client authentication) replaces passwords and HTTP basic auth
  * Updated Tor to 0.4.6.7 on all platforms
  * Various bug fixes
- CVE-2021-41867: Fixed remote information disclosure when using --chat feature (boo#1191311)
- CVE-2021-41868: Fixed remote unauthenticated file upload when using the --receive functionality (boo#1191312)
- Remove fix-compare-offset-naive-and-offset-aware-datetimes.patch because accepted upstream

-------------------------------------------------------------------
Sun Aug 22 07:38:13 UTC 2021 - Fusion Future <qydwhotmail@gmail.com>

- Fix fix-compare-offset-naive-and-offset-aware-datetimes.patch to
  use the correct timezone.

-------------------------------------------------------------------
Sun Aug 22 05:09:53 UTC 2021 - Fusion Future <qydwhotmail@gmail.com>

- Update to 2.3.3:
  * New feature: Setting for light or dark theme
  * Updated Tor to 0.4.6.7 for Linux, 0.4.5.10 for Windows and macOS
  * Various bug fixes
- Add fix-compare-offset-naive-and-offset-aware-datetimes.patch to
  fix test errors in test_if_unmodified_since and test_firefox_like_behavior
  (gh#onionshare/onionshare#1398).

-------------------------------------------------------------------
Tue Jun  8 11:34:37 UTC 2021 - Axel Braun <axel.braun@gmx.de>

- update to version 2.3.2
  * New feature: Custom titles can be set for OnionShare's various modes
  * New feature: Receive mode supports notification webhooks
  * New feature: Receive mode supports submitting messages as well as files
  * New feature: New ASCII art banner and prettier verbose output
  * New feature: Partial support for range requests (pausing and resuming in HTTP)
  * Updated Tor to 0.4.5.7
  * Updated built-in obfs4 bridges
  * Various bug fixes
  * 0001-adjust_tests.diff added to skip download test

-------------------------------------------------------------------
Sun May 16 09:28:39 UTC 2021 - Axel Braun <axel.braun@gmx.de>

- update to version 2.3.1
  * Bugfix: Fix chat mode
  * Bugfix: Fix –persistent in onionshare-cli
  * Bugfix: Fix checking for updates in Windows and macOS 
  * Major new feature: Multiple tabs, including better support for persistent services, faster Tor connections
  * New feature: Chat anonymously mode
  * New feature: All new design
  * New feature: Ability to display QR codes of OnionShare addresses
  * New feature: Web apps have responsive design and look better on mobile
  * New feature: Flatpak and Snapcraft packaging for Linux
  * New dependencies added
  * package onionshare-data removed
  * singlespec removed
  * update alternatives removed (pyside2 issues with python flavours)
  
-------------------------------------------------------------------
Wed Jun  3 10:24:26 UTC 2020 - Axel Braun <axel.braun@gmx.de>

- fix for dependency error (see https://build.opensuse.org/request/show/807929 )

-------------------------------------------------------------------
Thu May 21 06:55:37 UTC 2020 - Petr Gajdos <pgajdos@suse.com>

- %python3_only -> %python_alternative

-------------------------------------------------------------------
Wed Nov  6 16:13:36 UTC 2019 - Axel Braun <axel.braun@gmx.de>

- Version 2.2
  * fix for desktop icon installation
  * New feature: Website mode, which allows publishing a static HTML website as an onion service
  * Allow individual files to be viewed or downloaded in Share mode, including the ability to browse into subdirectories and use breadcrumbs to navigate back
  * Show a counter when individual files or pages are viewed
  * Better History items including colors and status codes to differentiate between successful and failed requests
  * Swap out the random /slug suffix for HTTP basic authentication (when in non-public mode)
  * Hide the Tor connection settings if the ONIONSHARE_HIDE_TOR_SETTINGS environment variable is set (Tails compatibility)
  * Remove the NoScript XSS warning in Receive Mode now that the NoScript/Tor Browser bug is fixed. The ajax upload method still exists when javascript is enabled.
  * Better support for DragonFly BSD
  * Updated various dependencies, including Flask, Werkzeug, urllib3, requests, and PyQt5
  * Updated Tor to 0.4.1.5
  * Other minor bug fixes
  * New translations:
        Arabic (العربية)
        Dutch (Nederlands)
        Persian (فارسی)
        Romanian (Română)
        Serbian latin (Srpska (latinica))
  * Removed translations with fewer than 90% of strings translated:
        Finnish (Suomi)

-------------------------------------------------------------------
Tue Aug 13 07:50:48 UTC 2019 - Axel Braun <axel.braun@gmx.de>

- Version 2.1
  * New feature: Auto-start timer, which allows scheduling when the server starts
  * Renamed CLI argument --debug to --verbose
  * Make Tor connection timeout configurable as a CLI argument
  * Updated various dependencies, including to fix third-party security issues in urllib3, jinja2, and jQuery
  * Update Tor to 0.3.5.8
  * New translations:
        Traditional Chinese (正體中文 (繁體)),
        Simplified Chinese (中文 (简体))
        Finnish (Suomi)
        German (Deutsch)
        Icelandic (Íslenska)
        Irish (Gaeilge)
        Norwegian Bokmål (Norsk Bokmål)
        Polish (Polski)
        Portuguese Portugal (Português (Portugal))
        Telugu (తెలుగు)
        Turkish (Türkçe)
        Ukrainian (Українська)
  * Removed translations because less than 90% of the strings were translated:
        Bengali (বাংলা)
        Persian (فارسی)
        
-------------------------------------------------------------------
Fri Feb 22 09:26:00 UTC 2019 - Robert Frohl <rfrohl@suse.com>

- Version 2.0
  * Receiver mode allows you to receive files with OnionShare, instead of only
    sending files
  * Support for next generation onion services
  * Public mode feature, for public uses of OnionShare, which when enabled
    turns off slugs in the URL and removes the limit on how many 404 requests
    can be made
  * If you're sharing a single file, don't zip it up
  * Full support for meek_lite (Azure) bridges
  * Allow selecting your language from a dropdown

-------------------------------------------------------------------
Fri Dec 21 16:34:04 UTC 2018 - Axel Braun <axel.braun@gmx.de>

- Version 1.3.2 to fix CVE-2018-19960 (boo#1120205)

-------------------------------------------------------------------
Wed Dec 12 21:11:56 UTC 2018 - Jan Engelhardt <jengelh@inai.de>

- Trim a few redundancies from the descriptions.

-------------------------------------------------------------------
Wed Dec 12 10:29:46 UTC 2018 - Ismail Dönmez <idonmez@suse.com>

- Use full source URLs to verify the integrity
  https://en.opensuse.org/SourceUrls

-------------------------------------------------------------------
Fri Nov 23 17:20:53 UTC 2018 - Axel Braun <axel.braun@gmx.de>

- Version 1.3.1
  initial build on OBS 
  thanks to scarabeus_iv for the testing part!

Places

File python-onionshare.changes of Package python-onionshare

Places