summary refs log tree commit diff
diff options
context:
space:
mode:
-rw-r--r--gnu/local.mk5
-rw-r--r--gnu/packages/libevent.scm21
-rw-r--r--gnu/packages/patches/libevent-2.0-CVE-2016-10195.patch41
-rw-r--r--gnu/packages/patches/libevent-2.0-CVE-2016-10196.patch41
-rw-r--r--gnu/packages/patches/libevent-2.0-CVE-2016-10197.patch39
-rw-r--r--gnu/packages/patches/libevent-2.0-evbuffer-add-use-last-with-datap.patch38
-rw-r--r--gnu/packages/patches/libevent-dns-tests.patch16
7 files changed, 0 insertions, 201 deletions
diff --git a/gnu/local.mk b/gnu/local.mk
index 55a8fcd361..b0992547b4 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -985,11 +985,6 @@ dist_patch_DATA =						\
   %D%/packages/patches/libcroco-CVE-2017-7960.patch		\
   %D%/packages/patches/libcroco-CVE-2017-7961.patch		\
   %D%/packages/patches/libdrm-symbol-check.patch		\
-  %D%/packages/patches/libevent-dns-tests.patch			\
-  %D%/packages/patches/libevent-2.0-CVE-2016-10195.patch	\
-  %D%/packages/patches/libevent-2.0-CVE-2016-10196.patch	\
-  %D%/packages/patches/libevent-2.0-CVE-2016-10197.patch	\
-  %D%/packages/patches/libevent-2.0-evbuffer-add-use-last-with-datap.patch	\
   %D%/packages/patches/libexif-CVE-2016-6328.patch		\
   %D%/packages/patches/libexif-CVE-2017-7544.patch		\
   %D%/packages/patches/libgcrypt-make-yat2m-reproducible.patch	\
diff --git a/gnu/packages/libevent.scm b/gnu/packages/libevent.scm
index 466e474c29..7982a12dfd 100644
--- a/gnu/packages/libevent.scm
+++ b/gnu/packages/libevent.scm
@@ -72,27 +72,6 @@ then add or remove events dynamically without having to change the event
 loop.")
     (license bsd-3)))
 
-(define-public libevent-2.0
-  (package
-    (inherit libevent)
-    (version "2.0.22")
-    (source (origin
-              (method url-fetch)
-              (uri (string-append
-                    "https://github.com/libevent/libevent/releases/download/release-"
-                    version "-stable/libevent-" version "-stable.tar.gz"))
-              (sha256
-               (base32
-                "18qz9qfwrkakmazdlwxvjmw8p76g70n3faikwvdwznns1agw9hki"))
-              (patches
-               (search-patches
-                "libevent-dns-tests.patch"
-                "libevent-2.0-CVE-2016-10195.patch"
-                "libevent-2.0-CVE-2016-10196.patch"
-                "libevent-2.0-CVE-2016-10197.patch"
-                "libevent-2.0-evbuffer-add-use-last-with-datap.patch"))))
-    (arguments '())))
-
 (define-public libev
   (package
     (name "libev")
diff --git a/gnu/packages/patches/libevent-2.0-CVE-2016-10195.patch b/gnu/packages/patches/libevent-2.0-CVE-2016-10195.patch
deleted file mode 100644
index bffe2c454c..0000000000
--- a/gnu/packages/patches/libevent-2.0-CVE-2016-10195.patch
+++ /dev/null
@@ -1,41 +0,0 @@
-Fix CVE-2016-10195 (buffer overread in libevent's DNS code):
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10195
-https://github.com/libevent/libevent/issues/317
-
-Patch copied from upstream source repository:
-
-https://github.com/libevent/libevent/commit/96f64a022014a208105ead6c8a7066018449d86d
-
-From 3c570970516f48da35f42fef98276531fcc0abaa Mon Sep 17 00:00:00 2001
-From: Azat Khuzhin <a3at.mail@gmail.com>
-Date: Mon, 1 Feb 2016 17:32:09 +0300
-Subject: [PATCH] evdns: name_parse(): fix remote stack overread
-
----
- evdns.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/evdns.c b/evdns.c
-index 60b10485..137c24ea 100644
---- a/evdns.c
-+++ b/evdns.c
-@@ -960,7 +960,6 @@ name_parse(u8 *packet, int length, int *idx, char *name_out, int name_out_len) {
- 
- 	for (;;) {
- 		u8 label_len;
--		if (j >= length) return -1;
- 		GET8(label_len);
- 		if (!label_len) break;
- 		if (label_len & 0xc0) {
-@@ -981,6 +980,7 @@ name_parse(u8 *packet, int length, int *idx, char *name_out, int name_out_len) {
- 			*cp++ = '.';
- 		}
- 		if (cp + label_len >= end) return -1;
-+		if (j + label_len > length) return -1;
- 		memcpy(cp, packet + j, label_len);
- 		cp += label_len;
- 		j += label_len;
--- 
-2.11.0
-
diff --git a/gnu/packages/patches/libevent-2.0-CVE-2016-10196.patch b/gnu/packages/patches/libevent-2.0-CVE-2016-10196.patch
deleted file mode 100644
index 03f96e938b..0000000000
--- a/gnu/packages/patches/libevent-2.0-CVE-2016-10196.patch
+++ /dev/null
@@ -1,41 +0,0 @@
-Fix CVE-2016-10196 (buffer overflow in evutil):
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10196
-https://github.com/libevent/libevent/issues/318
-
-Patch copied from upstream source repository:
-
-https://github.com/libevent/libevent/commit/329acc18a0768c21ba22522f01a5c7f46cacc4d5
-
-From 28bdc2f3f62259d21ccaf7be2b60ef0a53e6f342 Mon Sep 17 00:00:00 2001
-From: Azat Khuzhin <a3at.mail@gmail.com>
-Date: Sun, 31 Jan 2016 00:57:16 +0300
-Subject: [PATCH] evutil_parse_sockaddr_port(): fix buffer overflow
-
----
- evutil.c | 6 +++---
- 1 file changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/evutil.c b/evutil.c
-index 33445170..e2dfe6e4 100644
---- a/evutil.c
-+++ b/evutil.c
-@@ -1808,12 +1808,12 @@ evutil_parse_sockaddr_port(const char *ip_as_string, struct sockaddr *out, int *
- 
- 	cp = strchr(ip_as_string, ':');
- 	if (*ip_as_string == '[') {
--		int len;
-+		size_t len;
- 		if (!(cp = strchr(ip_as_string, ']'))) {
- 			return -1;
- 		}
--		len = (int) ( cp-(ip_as_string + 1) );
--		if (len > (int)sizeof(buf)-1) {
-+		len = ( cp-(ip_as_string + 1) );
-+		if (len > sizeof(buf)-1) {
- 			return -1;
- 		}
- 		memcpy(buf, ip_as_string+1, len);
--- 
-2.11.0
-
diff --git a/gnu/packages/patches/libevent-2.0-CVE-2016-10197.patch b/gnu/packages/patches/libevent-2.0-CVE-2016-10197.patch
deleted file mode 100644
index c62a328627..0000000000
--- a/gnu/packages/patches/libevent-2.0-CVE-2016-10197.patch
+++ /dev/null
@@ -1,39 +0,0 @@
-Fix CVE-2016-10197 (out of bounds read on empty hostnames in evdns):
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10197
-https://github.com/libevent/libevent/issues/332
-
-Patch copied from upstream source repository:
-
-https://github.com/libevent/libevent/commit/ec65c42052d95d2c23d1d837136d1cf1d9ecef9e
-
-From a0305cec166a5bc89f1eb362510cc4cd25ecc0bc Mon Sep 17 00:00:00 2001
-From: Azat Khuzhin <a3at.mail@gmail.com>
-Date: Fri, 25 Mar 2016 00:33:47 +0300
-Subject: [PATCH] evdns: fix searching empty hostnames
-
----
- evdns.c | 5 ++++-
- 1 file changed, 4 insertions(+), 1 deletion(-)
-
-diff --git a/evdns.c b/evdns.c
-index 137c24ea..6191c677 100644
---- a/evdns.c
-+++ b/evdns.c
-@@ -3122,9 +3122,12 @@ search_set_from_hostname(struct evdns_base *base) {
- static char *
- search_make_new(const struct search_state *const state, int n, const char *const base_name) {
- 	const size_t base_len = strlen(base_name);
--	const char need_to_append_dot = base_name[base_len - 1] == '.' ? 0 : 1;
-+	char need_to_append_dot;
- 	struct search_domain *dom;
- 
-+	if (!base_len) return NULL;
-+	need_to_append_dot = base_name[base_len - 1] == '.' ? 0 : 1;
-+
- 	for (dom = state->head; dom; dom = dom->next) {
- 		if (!n--) {
- 			/* this is the postfix we want */
--- 
-2.11.0
-
diff --git a/gnu/packages/patches/libevent-2.0-evbuffer-add-use-last-with-datap.patch b/gnu/packages/patches/libevent-2.0-evbuffer-add-use-last-with-datap.patch
deleted file mode 100644
index 0253700bf6..0000000000
--- a/gnu/packages/patches/libevent-2.0-evbuffer-add-use-last-with-datap.patch
+++ /dev/null
@@ -1,38 +0,0 @@
-From a8769ef12d7e223e33fc47bed03fba2bfa2f3536 Mon Sep 17 00:00:00 2001
-From: Marcus Sundberg <marcus@marcussundberg.com>
-Date: Sat, 26 Mar 2016 20:11:43 +0100
-Subject: [PATCH] evbuffer_add: Use last_with_datap if set, not last.
-
-evbuffer_add() would always put data in the last chain, even if there
-was available space in a previous chain, and in doing so it also
-failed to update last_with_datap, causing subsequent calls to other
-functions that do look at last_with_datap to add data in the middle
-of the evbuffer instead of at the end.
-
-Fixes the evbuffer_add() part of issue #335, and the evbuffer/add2 and
-evbuffer/add3 tests, and also prevents wasting space available in the
-chain pointed to by last_with_datap.
----
- buffer.c | 6 +++++-
- 1 file changed, 5 insertions(+), 1 deletion(-)
-
-diff --git a/buffer.c b/buffer.c
-index 7cca0e8a..f378b731 100644
---- a/buffer.c
-+++ b/buffer.c
-@@ -1732,7 +1732,11 @@ evbuffer_add(struct evbuffer *buf, const void *data_in, size_t datlen)
- 		goto done;
- 	}
- 
--	chain = buf->last;
-+	if (*buf->last_with_datap == NULL) {
-+		chain = buf->last;
-+	} else {
-+		chain = *buf->last_with_datap;
-+	}
- 
- 	/* If there are no chains allocated for this buffer, allocate one
- 	 * big enough to hold all the data. */
--- 
-2.12.0
-
diff --git a/gnu/packages/patches/libevent-dns-tests.patch b/gnu/packages/patches/libevent-dns-tests.patch
deleted file mode 100644
index 6ff8aaaa7b..0000000000
--- a/gnu/packages/patches/libevent-dns-tests.patch
+++ /dev/null
@@ -1,16 +0,0 @@
-Disable tests that rely on usable DNS lookups, which aren't available
-in build chroots.
-
---- libevent-2.0.21-stable/test/regress_dns.c	2013-01-20 22:32:09.000000000 +0100
-+++ libevent-2.0.21-stable/test/regress_dns.c	2013-01-20 22:32:30.000000000 +0100
-@@ -1827,10 +1827,6 @@ end:
- 
- struct testcase_t dns_testcases[] = {
- 	DNS_LEGACY(server, TT_FORK|TT_NEED_BASE),
--	DNS_LEGACY(gethostbyname, TT_FORK|TT_NEED_BASE|TT_NEED_DNS),
--	DNS_LEGACY(gethostbyname6, TT_FORK|TT_NEED_BASE|TT_NEED_DNS),
--	DNS_LEGACY(gethostbyaddr, TT_FORK|TT_NEED_BASE|TT_NEED_DNS),
--	{ "resolve_reverse", dns_resolve_reverse, TT_FORK, NULL, NULL },
- 	{ "search", dns_search_test, TT_FORK|TT_NEED_BASE, &basic_setup, NULL },
- 	{ "search_cancel", dns_search_cancel_test,
- 	  TT_FORK|TT_NEED_BASE, &basic_setup, NULL },