[MacPorts] #52146: transmission: change port file to new download location
#52146: transmission: change port file to new download location -------------------------------------+-------------------------------- Reporter: sierkb@… | Owner: macports-tickets@… Type: update | Status: new Priority: Normal | Milestone: Component: ports | Version: 2.3.4 Keywords: update dowload location | Port: transmission -------------------------------------+-------------------------------- __Quote from [https://transmissionbt.com/keydnap_qa/]:__ ---- '''Q. What happened?''' A. It appears that on or about August 28, 2016, unauthorized access was gained to our website server. The official Mac version of Transmission 2.92 was replaced with an unauthorized version that contained the OSX/Keydnap malware. The infected file was available for download somewhere between a few hours and less than a day. Additional information about the malware is available [http://www.welivesecurity.com/2016/08/30/osxkeydnap-spreads-via-signed- transmission-application/ here] and [http://www.welivesecurity.com/2016/07/06/new-osxkeydnap-malware-hungry- credentials/ here]. '''Q. What steps have been taken following the incident?''' A. The infected file was removed from the server immediately upon discovering its existence, which was less than 24 hours after the file was posted to the website. To help prevent future incidents, we have migrated the website and all binary files from our current servers to [https://github.com/transmission GitHub]. Other services, which are currently unavailable, will be migrated to new servers in the coming days. As an added precaution, we will be hosting the binaries and the website (including checksums) in two separate repositories. '''Q. Am I at risk?''' A. The infected file was available for download from our website for less than a day, and the file was not available through the auto-update mechanism. Steps to check for, and remove, an infection are available [http://transmissionbt.com/keydnap_removal/ here]. '''Q. Can you share any more information about this incident?''' A. We are in the process of investigating the incident and will share any relevant information that we discover here. '''If you have any questions or information about the incident, please send an email to security@transmissionbt.com.''' ---- Please change transmission's port file and its master_sites accordingly to at least the new project's official mirror server on GitHub [https://github.com/transmission/transmission], [https://github.com/transmission/transmission/releases] or to the announced upcoming new location or both of them. Additionally: the port file's current 2 master_sites locations seem to be unavailable/switched off. -- Ticket URL: <https://trac.macports.org/ticket/52146> MacPorts <https://www.macports.org/> Ports system for OS X
#52146: transmission @2.92_0: switch to GitHub ---------------------------+--------------------------- Reporter: sierkb@… | Owner: khindenburg@… Type: defect | Status: new Priority: Normal | Milestone: Component: ports | Version: Resolution: | Keywords: Port: transmission | ---------------------------+--------------------------- Changes (by larryv@…): * cc: khindenburg (removed) * owner: macports-tickets@… => khindenburg@… * version: 2.3.4 => * keywords: update dowload location => * type: update => defect Old description:
__Quote from [https://transmissionbt.com/keydnap_qa/]:__
---- '''Q. What happened?'''
A. It appears that on or about August 28, 2016, unauthorized access was gained to our website server. The official Mac version of Transmission 2.92 was replaced with an unauthorized version that contained the OSX/Keydnap malware. The infected file was available for download somewhere between a few hours and less than a day. Additional information about the malware is available [http://www.welivesecurity.com/2016/08/30/osxkeydnap-spreads- via-signed-transmission-application/ here] and [http://www.welivesecurity.com/2016/07/06/new-osxkeydnap-malware-hungry- credentials/ here].
'''Q. What steps have been taken following the incident?'''
A. The infected file was removed from the server immediately upon discovering its existence, which was less than 24 hours after the file was posted to the website. To help prevent future incidents, we have migrated the website and all binary files from our current servers to [https://github.com/transmission GitHub]. Other services, which are currently unavailable, will be migrated to new servers in the coming days. As an added precaution, we will be hosting the binaries and the website (including checksums) in two separate repositories.
'''Q. Am I at risk?'''
A. The infected file was available for download from our website for less than a day, and the file was not available through the auto-update mechanism. Steps to check for, and remove, an infection are available [http://transmissionbt.com/keydnap_removal/ here].
'''Q. Can you share any more information about this incident?'''
A. We are in the process of investigating the incident and will share any relevant information that we discover here.
'''If you have any questions or information about the incident, please send an email to security@transmissionbt.com.''' ----
Please change transmission's port file and its master_sites accordingly to at least the new project's official mirror server on GitHub [https://github.com/transmission/transmission], [https://github.com/transmission/transmission/releases] or to the announced upcoming new location or both of them. Additionally: the port file's current 2 master_sites locations seem to be unavailable/switched off.
New description: Quote from [https://transmissionbt.com/keydnap_qa/]: ---- Q: What happened?:: A: It appears that on or about August 28, 2016, unauthorized access was gained to our website server. The official Mac version of Transmission 2.92 was replaced with an unauthorized version that contained the OSX/Keydnap malware. The infected file was available for download somewhere between a few hours and less than a day. Additional information about the malware is available [http://www.welivesecurity.com/2016/08/30 /osxkeydnap-spreads-via-signed-transmission-application/ here] and [http://www.welivesecurity.com/2016/07/06/new-osxkeydnap-malware-hungry- credentials/ here]. Q: What steps have been taken following the incident?:: A: The infected file was removed from the server immediately upon discovering its existence, which was less than 24 hours after the file was posted to the website. To help prevent future incidents, we have migrated the website and all binary files from our current servers to [https://github.com/transmission GitHub]. Other services, which are currently unavailable, will be migrated to new servers in the coming days. As an added precaution, we will be hosting the binaries and the website (including checksums) in two separate repositories. Q: Am I at risk?:: A: The infected file was available for download from our website for less than a day, and the file was not available through the auto-update mechanism. Steps to check for, and remove, an infection are available [http://transmissionbt.com/keydnap_removal/ here]. Q: Can you share any more information about this incident?:: A: We are in the process of investigating the incident and will share any relevant information that we discover here. '''If you have any questions or information about the incident, please send an email to security@transmissionbt.com.''' ---- Please change transmission's port file and its master_sites accordingly to at least the new project's official mirror server on GitHub [https://github.com/transmission/transmission], [https://github.com/transmission/transmission/releases] or to the announced upcoming new location or both of them. Additionally: the port file's current 2 master_sites locations seem to be unavailable/switched off. -- Comment: Trac requires full email addresses. -- Ticket URL: <https://trac.macports.org/ticket/52146#comment:1> MacPorts <https://www.macports.org/> Ports system for OS X
#52146: transmission @2.92_0: switch to GitHub ---------------------------+--------------------------- Reporter: sierkb@… | Owner: khindenburg@… Type: defect | Status: new Priority: Normal | Milestone: Component: ports | Version: Resolution: | Keywords: Port: transmission | ---------------------------+--------------------------- Comment (by khindenburg@…): Thanks, since the checksums for the file are github are different, I'll wait to change this to use github. THe checksums we use match those on their official site. -- Ticket URL: <https://trac.macports.org/ticket/52146#comment:2> MacPorts <https://www.macports.org/> Ports system for OS X
participants (1)
-
MacPorts