nixo
/
guix-devel
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

gnu: Remove libevent@2.0. 

* gnu/packages/patches/libevent-2.0-CVE-2016-10195.patch,
gnu/packages/patches/libevent-2.0-CVE-2016-10196.patch,
gnu/packages/patches/libevent-2.0-CVE-2016-10197.patch,
gnu/packages/patches/libevent-2.0-evbuffer-add-use-last-with-datap.patch,
gnu/packages/patches/libevent-dns-tests.patch: Delete files.
* gnu/local.mk (dist_patch_DATA): Adjust accordingly.
* gnu/packages/libevent.scm (libevevent-2.0): Remove variable.
master
Marius Bakke 2019-05-30 13:55:44 +02:00
parent 1f889a5902
commit d3e3a6adcd
No known key found for this signature in database
GPG Key ID: A2A06DF2A33A54FA
7 changed files with 0 additions and 201 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
gnu/local.mk
View File

@ -985,11 +985,6 @@ dist_patch_DATA = \
%D%/packages/patches/libcroco-CVE-2017-7960.patch \
%D%/packages/patches/libcroco-CVE-2017-7961.patch \
%D%/packages/patches/libdrm-symbol-check.patch \
%D%/packages/patches/libevent-dns-tests.patch \
%D%/packages/patches/libevent-2.0-CVE-2016-10195.patch \
%D%/packages/patches/libevent-2.0-CVE-2016-10196.patch \
%D%/packages/patches/libevent-2.0-CVE-2016-10197.patch \
%D%/packages/patches/libevent-2.0-evbuffer-add-use-last-with-datap.patch \
%D%/packages/patches/libexif-CVE-2016-6328.patch \
%D%/packages/patches/libexif-CVE-2017-7544.patch \
%D%/packages/patches/libgcrypt-make-yat2m-reproducible.patch \

21
gnu/packages/libevent.scm
View File

@ -72,27 +72,6 @@ then add or remove events dynamically without having to change the event
loop.")
(license bsd-3)))
(define-public libevent-2.0
(package
(inherit libevent)
(version "2.0.22")
(source (origin
(method url-fetch)
(uri (string-append
"https://github.com/libevent/libevent/releases/download/release-"
version "-stable/libevent-" version "-stable.tar.gz"))
(sha256
(base32
"18qz9qfwrkakmazdlwxvjmw8p76g70n3faikwvdwznns1agw9hki"))
(patches
(search-patches
"libevent-dns-tests.patch"
"libevent-2.0-CVE-2016-10195.patch"
"libevent-2.0-CVE-2016-10196.patch"
"libevent-2.0-CVE-2016-10197.patch"
"libevent-2.0-evbuffer-add-use-last-with-datap.patch"))))
(arguments '())))
(define-public libev
(package
(name "libev")

41
gnu/packages/patches/libevent-2.0-CVE-2016-10195.patch
View File

@ -1,41 +0,0 @@
Fix CVE-2016-10195 (buffer overread in libevent's DNS code):
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10195
https://github.com/libevent/libevent/issues/317
Patch copied from upstream source repository:
https://github.com/libevent/libevent/commit/96f64a022014a208105ead6c8a7066018449d86d
From 3c570970516f48da35f42fef98276531fcc0abaa Mon Sep 17 00:00:00 2001
From: Azat Khuzhin <a3at.mail@gmail.com>
Date: Mon, 1 Feb 2016 17:32:09 +0300
Subject: [PATCH] evdns: name_parse(): fix remote stack overread
---
evdns.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/evdns.c b/evdns.c
index 60b10485..137c24ea 100644
--- a/evdns.c
+++ b/evdns.c
@@ -960,7 +960,6 @@ name_parse(u8 *packet, int length, int *idx, char *name_out, int name_out_len) {
for (;;) {
u8 label_len;
- if (j >= length) return -1;
GET8(label_len);
if (!label_len) break;
if (label_len & 0xc0) {
@@ -981,6 +980,7 @@ name_parse(u8 *packet, int length, int *idx, char *name_out, int name_out_len) {
*cp++ = '.';
}
if (cp + label_len >= end) return -1;
+ if (j + label_len > length) return -1;
memcpy(cp, packet + j, label_len);
cp += label_len;
j += label_len;
--
2.11.0

41
gnu/packages/patches/libevent-2.0-CVE-2016-10196.patch
View File

@ -1,41 +0,0 @@
Fix CVE-2016-10196 (buffer overflow in evutil):
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10196
https://github.com/libevent/libevent/issues/318
Patch copied from upstream source repository:
https://github.com/libevent/libevent/commit/329acc18a0768c21ba22522f01a5c7f46cacc4d5
From 28bdc2f3f62259d21ccaf7be2b60ef0a53e6f342 Mon Sep 17 00:00:00 2001
From: Azat Khuzhin <a3at.mail@gmail.com>
Date: Sun, 31 Jan 2016 00:57:16 +0300
Subject: [PATCH] evutil_parse_sockaddr_port(): fix buffer overflow
---
evutil.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/evutil.c b/evutil.c
index 33445170..e2dfe6e4 100644
--- a/evutil.c
+++ b/evutil.c
@@ -1808,12 +1808,12 @@ evutil_parse_sockaddr_port(const char *ip_as_string, struct sockaddr *out, int *
cp = strchr(ip_as_string, ':');
if (*ip_as_string == '[') {
- int len;
+ size_t len;
if (!(cp = strchr(ip_as_string, ']'))) {
return -1;
}
- len = (int) ( cp-(ip_as_string + 1) );
- if (len > (int)sizeof(buf)-1) {
+ len = ( cp-(ip_as_string + 1) );
+ if (len > sizeof(buf)-1) {
return -1;
}
memcpy(buf, ip_as_string+1, len);
--
2.11.0

39
gnu/packages/patches/libevent-2.0-CVE-2016-10197.patch
View File

@ -1,39 +0,0 @@
Fix CVE-2016-10197 (out of bounds read on empty hostnames in evdns):
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10197
https://github.com/libevent/libevent/issues/332
Patch copied from upstream source repository:
https://github.com/libevent/libevent/commit/ec65c42052d95d2c23d1d837136d1cf1d9ecef9e
From a0305cec166a5bc89f1eb362510cc4cd25ecc0bc Mon Sep 17 00:00:00 2001
From: Azat Khuzhin <a3at.mail@gmail.com>
Date: Fri, 25 Mar 2016 00:33:47 +0300
Subject: [PATCH] evdns: fix searching empty hostnames
---
evdns.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/evdns.c b/evdns.c
index 137c24ea..6191c677 100644
--- a/evdns.c
+++ b/evdns.c
@@ -3122,9 +3122,12 @@ search_set_from_hostname(struct evdns_base *base) {
static char *
search_make_new(const struct search_state *const state, int n, const char *const base_name) {
const size_t base_len = strlen(base_name);
- const char need_to_append_dot = base_name[base_len - 1] == '.' ? 0 : 1;
+ char need_to_append_dot;
struct search_domain *dom;
+ if (!base_len) return NULL;
+ need_to_append_dot = base_name[base_len - 1] == '.' ? 0 : 1;
+
for (dom = state->head; dom; dom = dom->next) {
if (!n--) {
/* this is the postfix we want */
--
2.11.0

38
gnu/packages/patches/libevent-2.0-evbuffer-add-use-last-with-datap.patch
View File

@ -1,38 +0,0 @@
From a8769ef12d7e223e33fc47bed03fba2bfa2f3536 Mon Sep 17 00:00:00 2001
From: Marcus Sundberg <marcus@marcussundberg.com>
Date: Sat, 26 Mar 2016 20:11:43 +0100
Subject: [PATCH] evbuffer_add: Use last_with_datap if set, not last.
evbuffer_add() would always put data in the last chain, even if there
was available space in a previous chain, and in doing so it also
failed to update last_with_datap, causing subsequent calls to other
functions that do look at last_with_datap to add data in the middle
of the evbuffer instead of at the end.
Fixes the evbuffer_add() part of issue #335, and the evbuffer/add2 and
evbuffer/add3 tests, and also prevents wasting space available in the
chain pointed to by last_with_datap.
---
buffer.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/buffer.c b/buffer.c
index 7cca0e8a..f378b731 100644
--- a/buffer.c
+++ b/buffer.c
@@ -1732,7 +1732,11 @@ evbuffer_add(struct evbuffer *buf, const void *data_in, size_t datlen)
goto done;
}
- chain = buf->last;
+ if (*buf->last_with_datap == NULL) {
+ chain = buf->last;
+ } else {
+ chain = *buf->last_with_datap;
+ }
/* If there are no chains allocated for this buffer, allocate one
* big enough to hold all the data. */
--
2.12.0

16
gnu/packages/patches/libevent-dns-tests.patch
View File

@ -1,16 +0,0 @@
Disable tests that rely on usable DNS lookups, which aren't available
in build chroots.
--- libevent-2.0.21-stable/test/regress_dns.c 2013-01-20 22:32:09.000000000 +0100
+++ libevent-2.0.21-stable/test/regress_dns.c 2013-01-20 22:32:30.000000000 +0100
@@ -1827,10 +1827,6 @@ end:
struct testcase_t dns_testcases[] = {
DNS_LEGACY(server, TT_FORK|TT_NEED_BASE),
- DNS_LEGACY(gethostbyname, TT_FORK|TT_NEED_BASE|TT_NEED_DNS),
- DNS_LEGACY(gethostbyname6, TT_FORK|TT_NEED_BASE|TT_NEED_DNS),
- DNS_LEGACY(gethostbyaddr, TT_FORK|TT_NEED_BASE|TT_NEED_DNS),
- { "resolve_reverse", dns_resolve_reverse, TT_FORK, NULL, NULL },
{ "search", dns_search_test, TT_FORK|TT_NEED_BASE, &basic_setup, NULL },
{ "search_cancel", dns_search_cancel_test,
TT_FORK|TT_NEED_BASE, &basic_setup, NULL },