Deluge 1.3.x and libtorrent-rasterbar v1.1.0
Bendik
bro.development at gmail.com
Tue Jul 12 15:20:45 UTC 2016
Patching Deluge 1.3.x is not straight forward, so I wouldn't go that route
just yet.
It looks like the fix to the CVE will be backported to libtorrent v1.0:
https://github.com/arvidn/libtorrent/issues/780
Regards
Bendik
On Tue, Jul 12, 2016 at 3:23 PM, Mikhail T. <mi+thun at aldan.algebra.com>
wrote:
> On 11.07.2016 09:46, Bendik wrote:
>
> Latest version of libtorrent-rasterbar is now 1.1.0, and ports has v1.0.9
> so it might be tempting to update it (like Arch did without testing).
>
> Khm, I have the update (almost) ready here -- and testing it with
> net-p2p/qbittorrent...
>
> However, libtorrent v1.1.0 introduces backwards incompatible changes, and
> will not work with Deluge 1.3.x.
>
> Is it difficult to patch up Deluge? libtorrent-rasterbar has a CVE
> <https://vuxml.freebsd.org/freebsd/093584f2-3f14-11e6-b3c8-14dae9d210b8.html>
> against it -- including version 1.1.0 -- and so sticking to the old version
> for very long is not going to work...
>
> -mi
>
>
More information about the freebsd-ports
mailing list