Patching Deluge 1.3.x is not straight forward, so I wouldn't go that route just yet.
It looks like the fix to the CVE will be backported to libtorrent v1.0: https://github.com/arvidn/libtorrent/issues/780 Regards Bendik On Tue, Jul 12, 2016 at 3:23 PM, Mikhail T. <mi+t...@aldan.algebra.com> wrote: > On 11.07.2016 09:46, Bendik wrote: > > Latest version of libtorrent-rasterbar is now 1.1.0, and ports has v1.0.9 > so it might be tempting to update it (like Arch did without testing). > > Khm, I have the update (almost) ready here -- and testing it with > net-p2p/qbittorrent... > > However, libtorrent v1.1.0 introduces backwards incompatible changes, and > will not work with Deluge 1.3.x. > > Is it difficult to patch up Deluge? libtorrent-rasterbar has a CVE > <https://vuxml.freebsd.org/freebsd/093584f2-3f14-11e6-b3c8-14dae9d210b8.html> > against it -- including version 1.1.0 -- and so sticking to the old version > for very long is not going to work... > > -mi > > _______________________________________________ freebsd-ports@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"
