I have successfully built a modified package that contains all these fixes, and the debdiff for torrentflux_2.1-1ubuntu0.1 to torrentflux_2.1-1ubuntu0.2 is attached. The changes are pretty simple, though the debdiff runs to some 939 lines they are mostly just including dpatch files that are available in the Debian package of torrentflux (2.1-7 or newer). Here is the diffstat:
You can see that other than updating the changelog and 00list files, all I have done is removed 05_sanitize_html_entities.dpatch and added the other patch files (I only included the ones with security fixes, not that fixed other bugs). If you want, you can check that the dpatch files in the new version are the same as the ones in the Debian torrentflux package by downloading the latest torrentflux version, which includes the same dpatch files though they are no longer used due to upstream fixes.
Though I was able to build the new package successfully in a pbuilder for Edgy, I no longer have an edgy machine to install the new version on to test that everything works properly. However, I am VERY familiar with the changes made here and the package in general, and I'm confident that these changes will cause no problems in edgy. I was able to install this version and use it in gutsy without any problems.
I have successfully built a modified package that contains all these fixes, and the debdiff for torrentflux_ 2.1-1ubuntu0. 1 to torrentflux_ 2.1-1ubuntu0. 2 is attached. The changes are pretty simple, though the debdiff runs to some 939 lines they are mostly just including dpatch files that are available in the Debian package of torrentflux (2.1-7 or newer). Here is the diffstat:
debian/ patches/ 05_sanitize_ html_entities. dpatch | 26 -- patches/ 06_sanitize_ html_entities. dpatch | 244 +++++++ +++++++ ++++++ patches/ 09_fix_ directory_ traversal. dpatch | 18 + patches/ 10_sanitize_ file_input. dpatch | 179 ++++++++++++++ patches/ 11_missed_ security_ fixes.dpatch | 135 +++++++++++ patches/ 12_metaInfo_ remote_ command. dpatch | 43 +++ patches/ 13_possible_ xss_vulnerabili ty.dpatch | 58 ++++ patches/ 14_maketorrent_ remote_ command. dpatch | 19 + patches/ 15_additional_ possible_ fixes.dpatch | 126 ++++++++++ 2.1/debian/ changelog | 27 ++ 2.1/debian/ patches/ 00list | 9
debian/
debian/
debian/
debian/
debian/
debian/
debian/
debian/
torrentflux-
torrentflux-
11 files changed, 857 insertions(+), 27 deletions(-)
You can see that other than updating the changelog and 00list files, all I have done is removed 05_sanitize_ html_entities. dpatch and added the other patch files (I only included the ones with security fixes, not that fixed other bugs). If you want, you can check that the dpatch files in the new version are the same as the ones in the Debian torrentflux package by downloading the latest torrentflux version, which includes the same dpatch files though they are no longer used due to upstream fixes.
Though I was able to build the new package successfully in a pbuilder for Edgy, I no longer have an edgy machine to install the new version on to test that everything works properly. However, I am VERY familiar with the changes made here and the package in general, and I'm confident that these changes will cause no problems in edgy. I was able to install this version and use it in gutsy without any problems.