- Additional changes:
  * drop python-stem in favor of python-cepa
  * relax-async-mode.patch added
  * fix-test-cli-web.patch added
  * fix for boo#1194866
  
- Update to version 2.5.0
  * CVE-2022-21696: It was possible to change the username to that
    of another chat participant with an additional space character
    at the end of the name string. 
  * CVE-2022-21695: Authenticated users (or unauthenticated in
    public mode) could send messages without being visible in the
    list of chat participants
  * CVE-2022-21694:
  * CVE-2022-21693: An adversary with a primitive that allows for
    filesystem access from the context of the Onionshare process
    could access sensitive files in the entire user home folder.
  * CVE-2022-21692: anyone with access to the chat environment
    could write messages disguised as another chat participant
  * CVE-2022-21691: chat participants could spoof their channel
    leave message, tricking others into assuming they left the chatroom.
  * CVE-2022-21690: The path parameter of the requested URL was not
    sanitized before being passed to the QT frontend. This path is
    used in all components for displaying the server access history.
  * CVE-2022-21688, CVE-2022-21689: Use microseconds in Receive mode
    directory creation to avoid potential DoS
  * Major feature:
    * Obtain bridges from Moat / BridgeDB
    * Snowflake bridge support
  * New feature:
    * Tor connection settings, as well as general settings,
      are now Tabs rather than dialogs
    * User can customize the Content-Security-Policy header
      in Website mode
    * Built-in bridges are automatically updated from Tor's API
      when the user has chosen to use them
  * Switch to using stem fork called cepa
  * Various bug fixes
- Drop desktop file, upstream already provides one
- Install metainfo file
- Adjust requirements
- Added relax-async-mode.patch

• Files Changed
• Browse Source