aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--gnu/local.mk5
-rw-r--r--gnu/packages/libevent.scm21
-rw-r--r--gnu/packages/patches/libevent-2.0-CVE-2016-10195.patch41
-rw-r--r--gnu/packages/patches/libevent-2.0-CVE-2016-10196.patch41
-rw-r--r--gnu/packages/patches/libevent-2.0-CVE-2016-10197.patch39
-rw-r--r--gnu/packages/patches/libevent-2.0-evbuffer-add-use-last-with-datap.patch38
-rw-r--r--gnu/packages/patches/libevent-dns-tests.patch16
7 files changed, 0 insertions, 201 deletions
diff --git a/gnu/local.mk b/gnu/local.mk
index 55a8fcd361..b0992547b4 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -985,11 +985,6 @@ dist_patch_DATA = \
%D%/packages/patches/libcroco-CVE-2017-7960.patch \
%D%/packages/patches/libcroco-CVE-2017-7961.patch \
%D%/packages/patches/libdrm-symbol-check.patch \
- %D%/packages/patches/libevent-dns-tests.patch \
- %D%/packages/patches/libevent-2.0-CVE-2016-10195.patch \
- %D%/packages/patches/libevent-2.0-CVE-2016-10196.patch \
- %D%/packages/patches/libevent-2.0-CVE-2016-10197.patch \
- %D%/packages/patches/libevent-2.0-evbuffer-add-use-last-with-datap.patch \
%D%/packages/patches/libexif-CVE-2016-6328.patch \
%D%/packages/patches/libexif-CVE-2017-7544.patch \
%D%/packages/patches/libgcrypt-make-yat2m-reproducible.patch \
diff --git a/gnu/packages/libevent.scm b/gnu/packages/libevent.scm
index 466e474c29..7982a12dfd 100644
--- a/gnu/packages/libevent.scm
+++ b/gnu/packages/libevent.scm
@@ -72,27 +72,6 @@ then add or remove events dynamically without having to change the event
loop.")
(license bsd-3)))
-(define-public libevent-2.0
- (package
- (inherit libevent)
- (version "2.0.22")
- (source (origin
- (method url-fetch)
- (uri (string-append
- "https://github.com/libevent/libevent/releases/download/release-"
- version "-stable/libevent-" version "-stable.tar.gz"))
- (sha256
- (base32
- "18qz9qfwrkakmazdlwxvjmw8p76g70n3faikwvdwznns1agw9hki"))
- (patches
- (search-patches
- "libevent-dns-tests.patch"
- "libevent-2.0-CVE-2016-10195.patch"
- "libevent-2.0-CVE-2016-10196.patch"
- "libevent-2.0-CVE-2016-10197.patch"
- "libevent-2.0-evbuffer-add-use-last-with-datap.patch"))))
- (arguments '())))
-
(define-public libev
(package
(name "libev")
diff --git a/gnu/packages/patches/libevent-2.0-CVE-2016-10195.patch b/gnu/packages/patches/libevent-2.0-CVE-2016-10195.patch
deleted file mode 100644
index bffe2c454c..0000000000
--- a/gnu/packages/patches/libevent-2.0-CVE-2016-10195.patch
+++ /dev/null
@@ -1,41 +0,0 @@
-Fix CVE-2016-10195 (buffer overread in libevent's DNS code):
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10195
-https://github.com/libevent/libevent/issues/317
-
-Patch copied from upstream source repository:
-
-https://github.com/libevent/libevent/commit/96f64a022014a208105ead6c8a7066018449d86d
-
-From 3c570970516f48da35f42fef98276531fcc0abaa Mon Sep 17 00:00:00 2001
-From: Azat Khuzhin <a3at.mail@gmail.com>
-Date: Mon, 1 Feb 2016 17:32:09 +0300
-Subject: [PATCH] evdns: name_parse(): fix remote stack overread
-
----
- evdns.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/evdns.c b/evdns.c
-index 60b10485..137c24ea 100644
---- a/evdns.c
-+++ b/evdns.c
-@@ -960,7 +960,6 @@ name_parse(u8 *packet, int length, int *idx, char *name_out, int name_out_len) {
-
- for (;;) {
- u8 label_len;
-- if (j >= length) return -1;
- GET8(label_len);
- if (!label_len) break;
- if (label_len & 0xc0) {
-@@ -981,6 +980,7 @@ name_parse(u8 *packet, int length, int *idx, char *name_out, int name_out_len) {
- *cp++ = '.';
- }
- if (cp + label_len >= end) return -1;
-+ if (j + label_len > length) return -1;
- memcpy(cp, packet + j, label_len);
- cp += label_len;
- j += label_len;
---
-2.11.0
-
diff --git a/gnu/packages/patches/libevent-2.0-CVE-2016-10196.patch b/gnu/packages/patches/libevent-2.0-CVE-2016-10196.patch
deleted file mode 100644
index 03f96e938b..0000000000
--- a/gnu/packages/patches/libevent-2.0-CVE-2016-10196.patch
+++ /dev/null
@@ -1,41 +0,0 @@
-Fix CVE-2016-10196 (buffer overflow in evutil):
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10196
-https://github.com/libevent/libevent/issues/318
-
-Patch copied from upstream source repository:
-
-https://github.com/libevent/libevent/commit/329acc18a0768c21ba22522f01a5c7f46cacc4d5
-
-From 28bdc2f3f62259d21ccaf7be2b60ef0a53e6f342 Mon Sep 17 00:00:00 2001
-From: Azat Khuzhin <a3at.mail@gmail.com>
-Date: Sun, 31 Jan 2016 00:57:16 +0300
-Subject: [PATCH] evutil_parse_sockaddr_port(): fix buffer overflow
-
----
- evutil.c | 6 +++---
- 1 file changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/evutil.c b/evutil.c
-index 33445170..e2dfe6e4 100644
---- a/evutil.c
-+++ b/evutil.c
-@@ -1808,12 +1808,12 @@ evutil_parse_sockaddr_port(const char *ip_as_string, struct sockaddr *out, int *
-
- cp = strchr(ip_as_string, ':');
- if (*ip_as_string == '[') {
-- int len;
-+ size_t len;
- if (!(cp = strchr(ip_as_string, ']'))) {
- return -1;
- }
-- len = (int) ( cp-(ip_as_string + 1) );
-- if (len > (int)sizeof(buf)-1) {
-+ len = ( cp-(ip_as_string + 1) );
-+ if (len > sizeof(buf)-1) {
- return -1;
- }
- memcpy(buf, ip_as_string+1, len);
---
-2.11.0
-
diff --git a/gnu/packages/patches/libevent-2.0-CVE-2016-10197.patch b/gnu/packages/patches/libevent-2.0-CVE-2016-10197.patch
deleted file mode 100644
index c62a328627..0000000000
--- a/gnu/packages/patches/libevent-2.0-CVE-2016-10197.patch
+++ /dev/null
@@ -1,39 +0,0 @@
-Fix CVE-2016-10197 (out of bounds read on empty hostnames in evdns):
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10197
-https://github.com/libevent/libevent/issues/332
-
-Patch copied from upstream source repository:
-
-https://github.com/libevent/libevent/commit/ec65c42052d95d2c23d1d837136d1cf1d9ecef9e
-
-From a0305cec166a5bc89f1eb362510cc4cd25ecc0bc Mon Sep 17 00:00:00 2001
-From: Azat Khuzhin <a3at.mail@gmail.com>
-Date: Fri, 25 Mar 2016 00:33:47 +0300
-Subject: [PATCH] evdns: fix searching empty hostnames
-
----
- evdns.c | 5 ++++-
- 1 file changed, 4 insertions(+), 1 deletion(-)
-
-diff --git a/evdns.c b/evdns.c
-index 137c24ea..6191c677 100644
---- a/evdns.c
-+++ b/evdns.c
-@@ -3122,9 +3122,12 @@ search_set_from_hostname(struct evdns_base *base) {
- static char *
- search_make_new(const struct search_state *const state, int n, const char *const base_name) {
- const size_t base_len = strlen(base_name);
-- const char need_to_append_dot = base_name[base_len - 1] == '.' ? 0 : 1;
-+ char need_to_append_dot;
- struct search_domain *dom;
-
-+ if (!base_len) return NULL;
-+ need_to_append_dot = base_name[base_len - 1] == '.' ? 0 : 1;
-+
- for (dom = state->head; dom; dom = dom->next) {
- if (!n--) {
- /* this is the postfix we want */
---
-2.11.0
-
diff --git a/gnu/packages/patches/libevent-2.0-evbuffer-add-use-last-with-datap.patch b/gnu/packages/patches/libevent-2.0-evbuffer-add-use-last-with-datap.patch
deleted file mode 100644
index 0253700bf6..0000000000
--- a/gnu/packages/patches/libevent-2.0-evbuffer-add-use-last-with-datap.patch
+++ /dev/null
@@ -1,38 +0,0 @@
-From a8769ef12d7e223e33fc47bed03fba2bfa2f3536 Mon Sep 17 00:00:00 2001
-From: Marcus Sundberg <marcus@marcussundberg.com>
-Date: Sat, 26 Mar 2016 20:11:43 +0100
-Subject: [PATCH] evbuffer_add: Use last_with_datap if set, not last.
-
-evbuffer_add() would always put data in the last chain, even if there
-was available space in a previous chain, and in doing so it also
-failed to update last_with_datap, causing subsequent calls to other
-functions that do look at last_with_datap to add data in the middle
-of the evbuffer instead of at the end.
-
-Fixes the evbuffer_add() part of issue #335, and the evbuffer/add2 and
-evbuffer/add3 tests, and also prevents wasting space available in the
-chain pointed to by last_with_datap.
----
- buffer.c | 6 +++++-
- 1 file changed, 5 insertions(+), 1 deletion(-)
-
-diff --git a/buffer.c b/buffer.c
-index 7cca0e8a..f378b731 100644
---- a/buffer.c
-+++ b/buffer.c
-@@ -1732,7 +1732,11 @@ evbuffer_add(struct evbuffer *buf, const void *data_in, size_t datlen)
- goto done;
- }
-
-- chain = buf->last;
-+ if (*buf->last_with_datap == NULL) {
-+ chain = buf->last;
-+ } else {
-+ chain = *buf->last_with_datap;
-+ }
-
- /* If there are no chains allocated for this buffer, allocate one
- * big enough to hold all the data. */
---
-2.12.0
-
diff --git a/gnu/packages/patches/libevent-dns-tests.patch b/gnu/packages/patches/libevent-dns-tests.patch
deleted file mode 100644
index 6ff8aaaa7b..0000000000
--- a/gnu/packages/patches/libevent-dns-tests.patch
+++ /dev/null
@@ -1,16 +0,0 @@
-Disable tests that rely on usable DNS lookups, which aren't available
-in build chroots.
-
---- libevent-2.0.21-stable/test/regress_dns.c 2013-01-20 22:32:09.000000000 +0100
-+++ libevent-2.0.21-stable/test/regress_dns.c 2013-01-20 22:32:30.000000000 +0100
-@@ -1827,10 +1827,6 @@ end:
-
- struct testcase_t dns_testcases[] = {
- DNS_LEGACY(server, TT_FORK|TT_NEED_BASE),
-- DNS_LEGACY(gethostbyname, TT_FORK|TT_NEED_BASE|TT_NEED_DNS),
-- DNS_LEGACY(gethostbyname6, TT_FORK|TT_NEED_BASE|TT_NEED_DNS),
-- DNS_LEGACY(gethostbyaddr, TT_FORK|TT_NEED_BASE|TT_NEED_DNS),
-- { "resolve_reverse", dns_resolve_reverse, TT_FORK, NULL, NULL },
- { "search", dns_search_test, TT_FORK|TT_NEED_BASE, &basic_setup, NULL },
- { "search_cancel", dns_search_cancel_test,
- TT_FORK|TT_NEED_BASE, &basic_setup, NULL },