Date: Wed, 21 Jan 2015 19:43:03 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-ports-bugs@FreeBSD.org Subject: [Bug 196351] net/libutp: backport fix for transmission crash (likely CVE-2012-6129) Message-ID: <bug-196351-13-UpXL4Iowkl@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-196351-13@https.bugs.freebsd.org/bugzilla/> References: <bug-196351-13@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=196351 --- Comment #11 from Mikhail T. <mi@ALDAN.algebra.com> --- Comment on attachment 151065 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=151065 files/patch-CVE-2012-6129 Jan, comparing third-party/libutp, that's bundled with Transmission against our bittorrent-libutp-7c4f19a, I get exactly the same changes as above EXCEPT for the following: --- bittorrent-libutp-7c4f19a/utp_utils.cpp 2013-05-14 19:05:36.000000000 -0400 +++ libutp/utp_utils.cpp 2014-07-01 13:10:47.850913000 -0400 ... -#define UDP_TEREDO_MTU (TEREDO_MTU - IPV6_HEADER_SIZE - UDP_HEADER_SIZE) +#define UDP_TEREDO_MTU (TEREDO_MTU - UDP_HEADER_SIZE) It would seem to me, if we are bringing our libutp in line with what its main (sole?) user expects, we should include all changes. Did you omit the change to utp_utils.cpp on purpose? Thank you! -- You are receiving this mail because: You are the assignee for the bug.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-196351-13-UpXL4Iowkl>