From 5e2f59be629be0dec17e1278160875eb308f19fc Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 26 Jan 2024 06:46:09 +0000 Subject: [PATCH 1/4] chore(deps): update dependency tape to v5.7.4 --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 120195ee..8b3fde75 100644 --- a/package.json +++ b/package.json @@ -56,7 +56,7 @@ "magnet-uri": "7.0.5", "semantic-release": "21.1.2", "standard": "*", - "tape": "5.7.3", + "tape": "5.7.4", "undici": "^5.27.0", "webtorrent-fixtures": "2.0.2", "wrtc": "0.4.7" From ea1e78e1ded1d4a6e7bab9210a593a88fcff50ed Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 15 Feb 2024 22:47:54 +0000 Subject: [PATCH 2/4] chore(deps): update dependency tape to v5.7.5 --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 8b3fde75..1e9d4cc5 100644 --- a/package.json +++ b/package.json @@ -56,7 +56,7 @@ "magnet-uri": "7.0.5", "semantic-release": "21.1.2", "standard": "*", - "tape": "5.7.4", + "tape": "5.7.5", "undici": "^5.27.0", "webtorrent-fixtures": "2.0.2", "wrtc": "0.4.7" From fe75272d51653e626583689081afb0b7aeadb84f Mon Sep 17 00:00:00 2001 From: Brad Marsden Date: Tue, 12 Mar 2024 17:40:46 +0000 Subject: [PATCH 3/4] fix(parse-http): ignore announcements from peers with invalid announcement ports. (#513) --- lib/server/parse-http.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/server/parse-http.js b/lib/server/parse-http.js index a6ba6a56..97b46e30 100644 --- a/lib/server/parse-http.js +++ b/lib/server/parse-http.js @@ -22,7 +22,7 @@ export default function (req, opts) { params.peer_id = bin2hex(params.peer_id) params.port = Number(params.port) - if (!params.port) throw new Error('invalid port') + if (!params.port || params.port <= 0 || params.port > 65535) throw new Error('invalid port') params.left = Number(params.left) if (Number.isNaN(params.left)) params.left = Infinity From a4f956e3cbc2534fb92bb9a8841cccb5224130e1 Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Tue, 12 Mar 2024 17:43:38 +0000 Subject: [PATCH 4/4] chore(release): 11.0.2 ## [11.0.2](https://github.com/webtorrent/bittorrent-tracker/compare/v11.0.1...v11.0.2) (2024-03-12) ### Bug Fixes * **parse-http:** ignore announcements from peers with invalid announcement ports. ([#513](https://github.com/webtorrent/bittorrent-tracker/issues/513)) ([fe75272](https://github.com/webtorrent/bittorrent-tracker/commit/fe75272d51653e626583689081afb0b7aeadb84f)) --- AUTHORS.md | 1 + CHANGELOG.md | 7 +++++++ package.json | 2 +- 3 files changed, 9 insertions(+), 1 deletion(-) diff --git a/AUTHORS.md b/AUTHORS.md index d314f4df..abe53c94 100644 --- a/AUTHORS.md +++ b/AUTHORS.md @@ -65,5 +65,6 @@ - Tom Snelling (tomsnelling8@gmail.com) - Cas_ (6506529+ThaUnknown@users.noreply.github.com) - Arsène Fougerouse (arsene582@gmail.com) +- Brad Marsden (silentbot1@gmail.com) #### Generated by tools/update-authors.sh. diff --git a/CHANGELOG.md b/CHANGELOG.md index 3175bee9..6db84216 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,10 @@ +## [11.0.2](https://github.com/webtorrent/bittorrent-tracker/compare/v11.0.1...v11.0.2) (2024-03-12) + + +### Bug Fixes + +* **parse-http:** ignore announcements from peers with invalid announcement ports. ([#513](https://github.com/webtorrent/bittorrent-tracker/issues/513)) ([fe75272](https://github.com/webtorrent/bittorrent-tracker/commit/fe75272d51653e626583689081afb0b7aeadb84f)) + ## [11.0.1](https://github.com/webtorrent/bittorrent-tracker/compare/v11.0.0...v11.0.1) (2024-01-16) diff --git a/package.json b/package.json index 1e9d4cc5..f04ef3dc 100644 --- a/package.json +++ b/package.json @@ -1,7 +1,7 @@ { "name": "bittorrent-tracker", "description": "Simple, robust, BitTorrent tracker (client & server) implementation", - "version": "11.0.1", + "version": "11.0.2", "author": { "name": "WebTorrent LLC", "email": "feross@webtorrent.io",