Debian Patches
Status for nncp/8.8.2-3+deb12u1
| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| Fix-texi-direntry | Fix the texi build . nncp (7.6.0-1) unstable; urgency=medium . * Initial release (Closes: #942689) |
John Goerzen <jgoerzen@complete.org> | no | debian | ||
| Fix-config-file-location | Look for config file in /etc/nncp.hjson . nncp (7.6.0-1) unstable; urgency=medium . * Initial release (Closes: #942689) |
John Goerzen <jgoerzen@complete.org> | no | debian | ||
| gvisor-20221219.patch | gvisor 20221219 | Shengjing Zhu <zhsj@debian.org> | no | 2023-01-02 | ||
| reass-backport.diff | Fix bug in reassembly of certain chunked files On April 28 2023, a bug was reported describing that reassembly of chunked files could fail when the file size is an integer multiple of the chunk size. http://lists.cypherpunks.ru/archive/nncp-devel/ZEz6W5VHuvZR24DD@stargrave.org/T/#t . NNCP author Sergey Matveev released NNCP 8.8.3, which also contained updates to the Go dependencies, including to Go 1.20. This makes it unsuitable for upload to unstable or transition to testing at this time. . This patch isolates just the bugfix from NNCP 8.8.3, backporting it to NNCP 8.8.2. |
Sergey Matveev | no | upstream | 2023-04-29 | |
| Prevent-path-traversal-during-freq-file.patch | [PATCH] Prevent path traversal during freq/file As it currently stands, NNCP is vulnerable to path traversal attacks with freq and file functions: Despite the requirement for both to supply full path in configuration, both types of packets will accept and act upon paths containing "..". Most obviously, this allows one to request any file NNCP has access to, like its own configuration file with the private keys in it. Likewise, a sent file can break out of the incoming directory in the same manner and be written anywhere on the system that the user can write to. This patch is my take on dealing with this by by limiting path traversal to below the configured full path. It does nothing about, e.g., symlinks, and I'm not sure anything should be done about those. |
Eugene Medvedev <rn3aoh.g@gmail.com> | no | 2025-09-19 |
All known versions for source package 'nncp'
- 8.12.1-1 (sid)
- 8.11.0-4+deb13u1 (trixie-security)
- 8.11.0-4 (trixie, forky)
- 8.11.0-2~bpo12+1 (bookworm-backports)
- 8.8.2-3+deb12u1 (bookworm-proposed-updates, bookworm-security)
- 8.8.2-3 (bookworm)