New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
enhanced-ctorrent: fix CVE-2009-1759 #39311
Conversation
Last update was 2008 https://sourceforge.net/projects/dtorrent/files/?source=navbar |
I searched for a bit. This is the right upstream. There do appear to be Debian patches, including one to fix a CVE which I don't think this tarball has. I've fixed the CVE with Debian's patches. |
We also have |
Ok, this is the same version you want to add: http://www.rahul.net/dholmes/ctorrent/ |
Oh, then it sounds like I should retarget my fix and put it on that existing package. |
Patches from Debian.
1b7b119
to
d848e73
Compare
@GrahamcOfBorg build enhanced-ctorrent |
Success on x86_64-linux (full log) Attempted: enhanced-ctorrent Partial log (click to expand)
|
Success on x86_64-darwin (full log) Attempted: enhanced-ctorrent Partial log (click to expand)
|
Success on aarch64-linux (full log) Attempted: enhanced-ctorrent Partial log (click to expand)
|
Patches from Debian. (cherry picked from commit 69f23d9)
18.03 backport: [detached HEAD 691a6fc] enhanced-ctorrent: fix CVE-2009-1759 (#39311) |
This package has a checkered history; the version used here is "enhanced
ctorrent", which contains many updates. (The original tarball doesn't even
build on NixOS!)
Motivation for this change
Things done
build-use-sandbox
innix.conf
on non-NixOS)nix-shell -p nox --run "nox-review wip"
./result/bin/
)