Date: Tue, 12 Jul 2016 17:20:14 +0200 From: Bendik <bro.development@gmail.com> To: "Mikhail T." <mi+thun@aldan.algebra.com> Cc: freebsd-ports@freebsd.org Subject: Re: Deluge 1.3.x and libtorrent-rasterbar v1.1.0 Message-ID: <CAAns4iwU8D5eaanON8M70nCRw2eEzfOnqOyXhqG9nvpojd1Gbg@mail.gmail.com> In-Reply-To: <bf3518e6-f218-5cbf-fd00-727f36b3ef79@aldan.algebra.com> References: <CAAns4iyFhauHwy_pe%2Bd8X1tFtg3uH_pCJDQ4iAnw8sjbqvZ88Q@mail.gmail.com> <bf3518e6-f218-5cbf-fd00-727f36b3ef79@aldan.algebra.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Patching Deluge 1.3.x is not straight forward, so I wouldn't go that route just yet. It looks like the fix to the CVE will be backported to libtorrent v1.0: https://github.com/arvidn/libtorrent/issues/780 Regards Bendik On Tue, Jul 12, 2016 at 3:23 PM, Mikhail T. <mi+thun@aldan.algebra.com> wrote: > On 11.07.2016 09:46, Bendik wrote: > > Latest version of libtorrent-rasterbar is now 1.1.0, and ports has v1.0.9 > so it might be tempting to update it (like Arch did without testing). > > Khm, I have the update (almost) ready here -- and testing it with > net-p2p/qbittorrent... > > However, libtorrent v1.1.0 introduces backwards incompatible changes, and > will not work with Deluge 1.3.x. > > Is it difficult to patch up Deluge? libtorrent-rasterbar has a CVE > <https://vuxml.freebsd.org/freebsd/093584f2-3f14-11e6-b3c8-14dae9d210b8.html>; > against it -- including version 1.1.0 -- and so sticking to the old version > for very long is not going to work... > > -mi > >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAAns4iwU8D5eaanON8M70nCRw2eEzfOnqOyXhqG9nvpojd1Gbg>