gnu: Remove libevent@2.0.
* gnu/packages/patches/libevent-2.0-CVE-2016-10195.patch, gnu/packages/patches/libevent-2.0-CVE-2016-10196.patch, gnu/packages/patches/libevent-2.0-CVE-2016-10197.patch, gnu/packages/patches/libevent-2.0-evbuffer-add-use-last-with-datap.patch, gnu/packages/patches/libevent-dns-tests.patch: Delete files. * gnu/local.mk (dist_patch_DATA): Adjust accordingly. * gnu/packages/libevent.scm (libevevent-2.0): Remove variable.
This commit is contained in:
Marius Bakke
parent
1f889a5902
commit
d3e3a6adcd
@ -985,11 +985,6 @@ dist_patch_DATA = \
|
||||
%D%/packages/patches/libcroco-CVE-2017-7960.patch \
|
||||
%D%/packages/patches/libcroco-CVE-2017-7961.patch \
|
||||
%D%/packages/patches/libdrm-symbol-check.patch \
|
||||
%D%/packages/patches/libevent-dns-tests.patch \
|
||||
%D%/packages/patches/libevent-2.0-CVE-2016-10195.patch \
|
||||
%D%/packages/patches/libevent-2.0-CVE-2016-10196.patch \
|
||||
%D%/packages/patches/libevent-2.0-CVE-2016-10197.patch \
|
||||
%D%/packages/patches/libevent-2.0-evbuffer-add-use-last-with-datap.patch \
|
||||
%D%/packages/patches/libexif-CVE-2016-6328.patch \
|
||||
%D%/packages/patches/libexif-CVE-2017-7544.patch \
|
||||
%D%/packages/patches/libgcrypt-make-yat2m-reproducible.patch \
|
||||
|
||||
@ -72,27 +72,6 @@ then add or remove events dynamically without having to change the event
|
||||
loop.")
|
||||
(license bsd-3)))
|
||||
|
||||
(define-public libevent-2.0
|
||||
(package
|
||||
(inherit libevent)
|
||||
(version "2.0.22")
|
||||
(source (origin
|
||||
(method url-fetch)
|
||||
(uri (string-append
|
||||
"https://github.com/libevent/libevent/releases/download/release-"
|
||||
version "-stable/libevent-" version "-stable.tar.gz"))
|
||||
(sha256
|
||||
(base32
|
||||
"18qz9qfwrkakmazdlwxvjmw8p76g70n3faikwvdwznns1agw9hki"))
|
||||
(patches
|
||||
(search-patches
|
||||
"libevent-dns-tests.patch"
|
||||
"libevent-2.0-CVE-2016-10195.patch"
|
||||
"libevent-2.0-CVE-2016-10196.patch"
|
||||
"libevent-2.0-CVE-2016-10197.patch"
|
||||
"libevent-2.0-evbuffer-add-use-last-with-datap.patch"))))
|
||||
(arguments '())))
|
||||
|
||||
(define-public libev
|
||||
(package
|
||||
(name "libev")
|
||||
|
||||
@ -1,41 +0,0 @@
|
||||
Fix CVE-2016-10195 (buffer overread in libevent's DNS code):
|
||||
|
||||
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10195
|
||||
https://github.com/libevent/libevent/issues/317
|
||||
|
||||
Patch copied from upstream source repository:
|
||||
|
||||
https://github.com/libevent/libevent/commit/96f64a022014a208105ead6c8a7066018449d86d
|
||||
|
||||
From 3c570970516f48da35f42fef98276531fcc0abaa Mon Sep 17 00:00:00 2001
|
||||
From: Azat Khuzhin <a3at.mail@gmail.com>
|
||||
Date: Mon, 1 Feb 2016 17:32:09 +0300
|
||||
Subject: [PATCH] evdns: name_parse(): fix remote stack overread
|
||||
|
||||
---
|
||||
evdns.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/evdns.c b/evdns.c
|
||||
index 60b10485..137c24ea 100644
|
||||
--- a/evdns.c
|
||||
+++ b/evdns.c
|
||||
@@ -960,7 +960,6 @@ name_parse(u8 *packet, int length, int *idx, char *name_out, int name_out_len) {
|
||||
|
||||
for (;;) {
|
||||
u8 label_len;
|
||||
- if (j >= length) return -1;
|
||||
GET8(label_len);
|
||||
if (!label_len) break;
|
||||
if (label_len & 0xc0) {
|
||||
@@ -981,6 +980,7 @@ name_parse(u8 *packet, int length, int *idx, char *name_out, int name_out_len) {
|
||||
*cp++ = '.';
|
||||
}
|
||||
if (cp + label_len >= end) return -1;
|
||||
+ if (j + label_len > length) return -1;
|
||||
memcpy(cp, packet + j, label_len);
|
||||
cp += label_len;
|
||||
j += label_len;
|
||||
--
|
||||
2.11.0
|
||||
|
||||
@ -1,41 +0,0 @@
|
||||
Fix CVE-2016-10196 (buffer overflow in evutil):
|
||||
|
||||
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10196
|
||||
https://github.com/libevent/libevent/issues/318
|
||||
|
||||
Patch copied from upstream source repository:
|
||||
|
||||
https://github.com/libevent/libevent/commit/329acc18a0768c21ba22522f01a5c7f46cacc4d5
|
||||
|
||||
From 28bdc2f3f62259d21ccaf7be2b60ef0a53e6f342 Mon Sep 17 00:00:00 2001
|
||||
From: Azat Khuzhin <a3at.mail@gmail.com>
|
||||
Date: Sun, 31 Jan 2016 00:57:16 +0300
|
||||
Subject: [PATCH] evutil_parse_sockaddr_port(): fix buffer overflow
|
||||
|
||||
---
|
||||
evutil.c | 6 +++---
|
||||
1 file changed, 3 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/evutil.c b/evutil.c
|
||||
index 33445170..e2dfe6e4 100644
|
||||
--- a/evutil.c
|
||||
+++ b/evutil.c
|
||||
@@ -1808,12 +1808,12 @@ evutil_parse_sockaddr_port(const char *ip_as_string, struct sockaddr *out, int *
|
||||
|
||||
cp = strchr(ip_as_string, ':');
|
||||
if (*ip_as_string == '[') {
|
||||
- int len;
|
||||
+ size_t len;
|
||||
if (!(cp = strchr(ip_as_string, ']'))) {
|
||||
return -1;
|
||||
}
|
||||
- len = (int) ( cp-(ip_as_string + 1) );
|
||||
- if (len > (int)sizeof(buf)-1) {
|
||||
+ len = ( cp-(ip_as_string + 1) );
|
||||
+ if (len > sizeof(buf)-1) {
|
||||
return -1;
|
||||
}
|
||||
memcpy(buf, ip_as_string+1, len);
|
||||
--
|
||||
2.11.0
|
||||
|
||||
@ -1,39 +0,0 @@
|
||||
Fix CVE-2016-10197 (out of bounds read on empty hostnames in evdns):
|
||||
|
||||
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10197
|
||||
https://github.com/libevent/libevent/issues/332
|
||||
|
||||
Patch copied from upstream source repository:
|
||||
|
||||
https://github.com/libevent/libevent/commit/ec65c42052d95d2c23d1d837136d1cf1d9ecef9e
|
||||
|
||||
From a0305cec166a5bc89f1eb362510cc4cd25ecc0bc Mon Sep 17 00:00:00 2001
|
||||
From: Azat Khuzhin <a3at.mail@gmail.com>
|
||||
Date: Fri, 25 Mar 2016 00:33:47 +0300
|
||||
Subject: [PATCH] evdns: fix searching empty hostnames
|
||||
|
||||
---
|
||||
evdns.c | 5 ++++-
|
||||
1 file changed, 4 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/evdns.c b/evdns.c
|
||||
index 137c24ea..6191c677 100644
|
||||
--- a/evdns.c
|
||||
+++ b/evdns.c
|
||||
@@ -3122,9 +3122,12 @@ search_set_from_hostname(struct evdns_base *base) {
|
||||
static char *
|
||||
search_make_new(const struct search_state *const state, int n, const char *const base_name) {
|
||||
const size_t base_len = strlen(base_name);
|
||||
- const char need_to_append_dot = base_name[base_len - 1] == '.' ? 0 : 1;
|
||||
+ char need_to_append_dot;
|
||||
struct search_domain *dom;
|
||||
|
||||
+ if (!base_len) return NULL;
|
||||
+ need_to_append_dot = base_name[base_len - 1] == '.' ? 0 : 1;
|
||||
+
|
||||
for (dom = state->head; dom; dom = dom->next) {
|
||||
if (!n--) {
|
||||
/* this is the postfix we want */
|
||||
--
|
||||
2.11.0
|
||||
|
||||
@ -1,38 +0,0 @@
|
||||
From a8769ef12d7e223e33fc47bed03fba2bfa2f3536 Mon Sep 17 00:00:00 2001
|
||||
From: Marcus Sundberg <marcus@marcussundberg.com>
|
||||
Date: Sat, 26 Mar 2016 20:11:43 +0100
|
||||
Subject: [PATCH] evbuffer_add: Use last_with_datap if set, not last.
|
||||
|
||||
evbuffer_add() would always put data in the last chain, even if there
|
||||
was available space in a previous chain, and in doing so it also
|
||||
failed to update last_with_datap, causing subsequent calls to other
|
||||
functions that do look at last_with_datap to add data in the middle
|
||||
of the evbuffer instead of at the end.
|
||||
|
||||
Fixes the evbuffer_add() part of issue #335, and the evbuffer/add2 and
|
||||
evbuffer/add3 tests, and also prevents wasting space available in the
|
||||
chain pointed to by last_with_datap.
|
||||
---
|
||||
buffer.c | 6 +++++-
|
||||
1 file changed, 5 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/buffer.c b/buffer.c
|
||||
index 7cca0e8a..f378b731 100644
|
||||
--- a/buffer.c
|
||||
+++ b/buffer.c
|
||||
@@ -1732,7 +1732,11 @@ evbuffer_add(struct evbuffer *buf, const void *data_in, size_t datlen)
|
||||
goto done;
|
||||
}
|
||||
|
||||
- chain = buf->last;
|
||||
+ if (*buf->last_with_datap == NULL) {
|
||||
+ chain = buf->last;
|
||||
+ } else {
|
||||
+ chain = *buf->last_with_datap;
|
||||
+ }
|
||||
|
||||
/* If there are no chains allocated for this buffer, allocate one
|
||||
* big enough to hold all the data. */
|
||||
--
|
||||
2.12.0
|
||||
|
||||
@ -1,16 +0,0 @@
|
||||
Disable tests that rely on usable DNS lookups, which aren't available
|
||||
in build chroots.
|
||||
|
||||
--- libevent-2.0.21-stable/test/regress_dns.c 2013-01-20 22:32:09.000000000 +0100
|
||||
+++ libevent-2.0.21-stable/test/regress_dns.c 2013-01-20 22:32:30.000000000 +0100
|
||||
@@ -1827,10 +1827,6 @@ end:
|
||||
|
||||
struct testcase_t dns_testcases[] = {
|
||||
DNS_LEGACY(server, TT_FORK|TT_NEED_BASE),
|
||||
- DNS_LEGACY(gethostbyname, TT_FORK|TT_NEED_BASE|TT_NEED_DNS),
|
||||
- DNS_LEGACY(gethostbyname6, TT_FORK|TT_NEED_BASE|TT_NEED_DNS),
|
||||
- DNS_LEGACY(gethostbyaddr, TT_FORK|TT_NEED_BASE|TT_NEED_DNS),
|
||||
- { "resolve_reverse", dns_resolve_reverse, TT_FORK, NULL, NULL },
|
||||
{ "search", dns_search_test, TT_FORK|TT_NEED_BASE, &basic_setup, NULL },
|
||||
{ "search_cancel", dns_search_cancel_test,
|
||||
TT_FORK|TT_NEED_BASE, &basic_setup, NULL },
|
||||
Loading…
Reference in New Issue
Block a user