* Tue May 07 2024 Axel Braun <axel.braun@gmx.de>
- version 2.6.2
* Security fix: Removes newlines from History item path
* Security fix: Set a maximum length of 524288 characters for text messages in Receive mode
* Security fix: Allows only specific ASCII characters for usernames and removes control characters
* Security fix: Forcefully disconnect user from chat on disconnect event
* Security fix: Handle username validation excpeptions to prevent silent joining
* Mon Mar 04 2024 Ben Greiner <code@bnavigator.de>
- Add more missing runtime requirements
* Mon Mar 04 2024 Axel Braun <axel.braun@gmx.de>
- Requires: python-packaging
* Wed Feb 28 2024 Axel Braun <axel.braun@gmx.de>
- version 2.6.1
* Release updates: Automate builds with CI, make just 64-bit Windows release, make a single universal2 release for both Intel and Apple Silicon macOS
* Upgrade dependencies, including Tor, meek, and snowflake
* Bug fix: Restore the primary_action mode settings in a tab after OnionShare reconnects to Tor
* Bug fix: Fix issue with auto-connecting to Tor with persistent tabs open
* Bug fix: Fix packaging issue where Windows version of OnionShare conflicts with Windows version of Dangerzone
* Bug fix: Fix 'Use a bridge' checkbox state change
* Bug fix: Raise error from waitress if not shutdown
* Patches removed:
fix-test-cli-web.patch
onionshare-pr1677-fix-werkzeug3.patch
onionshare-poetry-core.patch
* Sun Jan 28 2024 Ben Greiner <code@bnavigator.de>
- Use (single flavor) python_subpackages for correct package prefix
- Obsolete incorrectly named packages, convince rpmlint that it is
fine
* Thu Nov 23 2023 Ben Greiner <code@bnavigator.de>
- Fix dependencies
* Add onionshare-pr1677-fix-werkzeug3.patch
- PEP517: Use pyproject instead of deprecated setup.py
* Wed May 31 2023 Ben Greiner <code@bnavigator.de>
- Add onionshare-poetry-core.patch
* poetry-core is enough to build and has a much smaller footprint
* Sat Dec 10 2022 Dirk Müller <dmueller@suse.com>
- update to 2.6:
* Major feature: a new 'Quickstart' screen, which enables toggling on or
off an animated automatic connection to Tor. This allows configuring
network settings prior to automatic connection.
* Major feature: Censorship circumvention. Use new features in the
upstream Tor API to try to automatically obtain bridges depending on the
user's location.
* New feature: automatically fetch the built-in bridges from the upstream
Tor API rather than hardcode them in each release of OnionShare.
* New feature: keyboard shortcuts to access various modes and menus, and
accessibility hints
* Bug fix: Temporary Directory for serving the OnionShare web pages was
broken on Windows
* Packaging: Packaging is more automated, and Linux Snapcraft releases are
available for amd64, arm64, and armhf
* Miscellaneous: Many dependency updates and web page theming improvements
* Tue Jul 26 2022 Axel Braun <axel.braun@gmx.de>
- dependency on python3-PySocks added
* Mon May 23 2022 Axel Braun <axel.braun@gmx.de>
- desktop tests disabled. Started failing without code change....
* Fri Feb 25 2022 Axel Braun <axel.braun@gmx.de>
- Additional changes:
* drop python-stem in favor of python-cepa
* relax-async-mode.patch added
* fix-test-cli-web.patch added
* fix for boo#1194866
* Thu Feb 24 2022 Ferdinand Thiessen <rpm@fthiessen.de>
- Update to version 2.5.0
* CVE-2022-21696: It was possible to change the username to that
of another chat participant with an additional space character
at the end of the name string.
* CVE-2022-21695: Authenticated users (or unauthenticated in
public mode) could send messages without being visible in the
list of chat participants
* CVE-2022-21694:
* CVE-2022-21693: An adversary with a primitive that allows for
filesystem access from the context of the Onionshare process
could access sensitive files in the entire user home folder.
* CVE-2022-21692: anyone with access to the chat environment
could write messages disguised as another chat participant
* CVE-2022-21691: chat participants could spoof their channel
leave message, tricking others into assuming they left the chatroom.
* CVE-2022-21690: The path parameter of the requested URL was not
sanitized before being passed to the QT frontend. This path is
used in all components for displaying the server access history.
* CVE-2022-21688, CVE-2022-21689: Use microseconds in Receive mode
directory creation to avoid potential DoS
* Major feature:
* Obtain bridges from Moat / BridgeDB
* Snowflake bridge support
* New feature:
* Tor connection settings, as well as general settings,
are now Tabs rather than dialogs
* User can customize the Content-Security-Policy header
in Website mode
* Built-in bridges are automatically updated from Tor's API
when the user has chosen to use them
* Switch to using stem fork called cepa
* Various bug fixes
- Drop desktop file, upstream already provides one
- Install metainfo file
- Adjust requirements
- Added relax-async-mode.patch
* Thu Oct 07 2021 Axel Braun <axel.braun@gmx.de>
- runtime dependency on python-PyNaCl added
* Tue Oct 05 2021 Axel Braun <axel.braun@gmx.de>
- source file fixed (download)
* Tue Oct 05 2021 Gabriele Sonnu <gabriele.sonnu@suse.com>
- Update to 2.4:
* Major feature: Private keys (v3 onion client authentication) replaces passwords and HTTP basic auth
* Updated Tor to 0.4.6.7 on all platforms
* Various bug fixes
- CVE-2021-41867: Fixed remote information disclosure when using --chat feature (boo#1191311)
- CVE-2021-41868: Fixed remote unauthenticated file upload when using the --receive functionality (boo#1191312)
- Remove fix-compare-offset-naive-and-offset-aware-datetimes.patch because accepted upstream
* Sun Aug 22 2021 Fusion Future <qydwhotmail@gmail.com>
- Fix fix-compare-offset-naive-and-offset-aware-datetimes.patch to
use the correct timezone.
* Sun Aug 22 2021 Fusion Future <qydwhotmail@gmail.com>
- Update to 2.3.3:
* New feature: Setting for light or dark theme
* Updated Tor to 0.4.6.7 for Linux, 0.4.5.10 for Windows and macOS
* Various bug fixes
- Add fix-compare-offset-naive-and-offset-aware-datetimes.patch to
fix test errors in test_if_unmodified_since and test_firefox_like_behavior
(gh#onionshare/onionshare#1398).
* Tue Jun 08 2021 Axel Braun <axel.braun@gmx.de>
- update to version 2.3.2
* New feature: Custom titles can be set for OnionShare's various modes
* New feature: Receive mode supports notification webhooks
* New feature: Receive mode supports submitting messages as well as files
* New feature: New ASCII art banner and prettier verbose output
* New feature: Partial support for range requests (pausing and resuming in HTTP)
* Updated Tor to 0.4.5.7
* Updated built-in obfs4 bridges
* Various bug fixes
* 0001-adjust_tests.diff added to skip download test
* Sun May 16 2021 Axel Braun <axel.braun@gmx.de>
- update to version 2.3.1
* Bugfix: Fix chat mode
* Bugfix: Fix –persistent in onionshare-cli
* Bugfix: Fix checking for updates in Windows and macOS
* Major new feature: Multiple tabs, including better support for persistent services, faster Tor connections
* New feature: Chat anonymously mode
* New feature: All new design
* New feature: Ability to display QR codes of OnionShare addresses
* New feature: Web apps have responsive design and look better on mobile
* New feature: Flatpak and Snapcraft packaging for Linux
* New dependencies added
* package onionshare-data removed
* singlespec removed
* update alternatives removed (pyside2 issues with python flavours)
* Wed Jun 03 2020 Axel Braun <axel.braun@gmx.de>
- fix for dependency error (see https://build.opensuse.org/request/show/807929 )
Version: 2.2-bp152.1.9
* Wed Nov 06 2019 Axel Braun <axel.braun@gmx.de>
- Version 2.2
* fix for desktop icon installation
* New feature: Website mode, which allows publishing a static HTML website as an onion service
* Allow individual files to be viewed or downloaded in Share mode, including the ability to browse into subdirectories and use breadcrumbs to navigate back
* Show a counter when individual files or pages are viewed
* Better History items including colors and status codes to differentiate between successful and failed requests
* Swap out the random /slug suffix for HTTP basic authentication (when in non-public mode)
* Hide the Tor connection settings if the ONIONSHARE_HIDE_TOR_SETTINGS environment variable is set (Tails compatibility)
* Remove the NoScript XSS warning in Receive Mode now that the NoScript/Tor Browser bug is fixed. The ajax upload method still exists when javascript is enabled.
* Better support for DragonFly BSD
* Updated various dependencies, including Flask, Werkzeug, urllib3, requests, and PyQt5
* Updated Tor to 0.4.1.5
* Other minor bug fixes
* New translations:
Arabic (العربية)
Dutch (Nederlands)
Persian (فارسی)
Romanian (Română)
Serbian latin (Srpska (latinica))
* Removed translations with fewer than 90% of strings translated:
Finnish (Suomi)
* Tue Aug 13 2019 Axel Braun <axel.braun@gmx.de>
- Version 2.1
* New feature: Auto-start timer, which allows scheduling when the server starts
* Renamed CLI argument --debug to --verbose
* Make Tor connection timeout configurable as a CLI argument
* Updated various dependencies, including to fix third-party security issues in urllib3, jinja2, and jQuery
* Update Tor to 0.3.5.8
* New translations:
Traditional Chinese (正體中文 (繁體)),
Simplified Chinese (中文 (简体))
Finnish (Suomi)
German (Deutsch)
Icelandic (Íslenska)
Irish (Gaeilge)
Norwegian Bokmål (Norsk Bokmål)
Polish (Polski)
Portuguese Portugal (Português (Portugal))
Telugu (తెలుగు)
Turkish (Türkçe)
Ukrainian (Українська)
* Removed translations because less than 90% of the strings were translated:
Bengali (বাংলা)
Persian (فارسی)
Version: 2.0-bp151.1.2
* Fri Feb 22 2019 Robert Frohl <rfrohl@suse.com>
- Version 2.0
* Receiver mode allows you to receive files with OnionShare, instead of only
sending files
* Support for next generation onion services
* Public mode feature, for public uses of OnionShare, which when enabled
turns off slugs in the URL and removes the limit on how many 404 requests
can be made
* If you're sharing a single file, don't zip it up
* Full support for meek_lite (Azure) bridges
* Allow selecting your language from a dropdown
* Fri Dec 21 2018 Axel Braun <axel.braun@gmx.de>
- Version 1.3.2 to fix CVE-2018-19960 (boo#1120205)
* Wed Dec 12 2018 Jan Engelhardt <jengelh@inai.de>
- Trim a few redundancies from the descriptions.
* Wed Dec 12 2018 Ismail Dönmez <idonmez@suse.com>
- Use full source URLs to verify the integrity
https://en.opensuse.org/SourceUrls
* Fri Nov 23 2018 Axel Braun <axel.braun@gmx.de>
- Version 1.3.1
initial build on OBS
thanks to scarabeus_iv for the testing part!