From a6207995994d63ceae0924e6587988ccc5cdfa09 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Nov 03 2020 12:01:43 +0000 Subject: import libuv-1.38.0-2.el8 --- diff --git a/.gitignore b/.gitignore index dc227aa..52fcd27 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -SOURCES/libuv-v1.23.1.tar.gz +SOURCES/libuv-v1.38.0.tar.gz diff --git a/.libuv.metadata b/.libuv.metadata index 4d871a8..68c7fcd 100644 --- a/.libuv.metadata +++ b/.libuv.metadata @@ -1 +1 @@ -394e088ff024e34bc4470e08a55e0eabe3209eae SOURCES/libuv-v1.23.1.tar.gz +ec045c2dfd29e1c6caab5886244fcb56a95b93f1 SOURCES/libuv-v1.38.0.tar.gz diff --git a/SOURCES/0001-Disable-failing-network-tests.patch b/SOURCES/0001-Disable-failing-network-tests.patch new file mode 100644 index 0000000..ddf7157 --- /dev/null +++ b/SOURCES/0001-Disable-failing-network-tests.patch @@ -0,0 +1,65 @@ +diff --git a/Makefile.am b/Makefile.am +index d9d2f3d0..1d105806 100644 +--- a/Makefile.am ++++ b/Makefile.am +@@ -254,7 +254,6 @@ test_run_tests_SOURCES = test/blackhole-server.c \ + test/test-tcp-create-socket-early.c \ + test/test-tcp-connect-error-after-write.c \ + test/test-tcp-connect-error.c \ +- test/test-tcp-connect-timeout.c \ + test/test-tcp-connect6-error.c \ + test/test-tcp-flags.c \ + test/test-tcp-open.c \ +@@ -288,8 +287,6 @@ test_run_tests_SOURCES = test/blackhole-server.c \ + test/test-udp-ipv6.c \ + test/test-udp-multicast-interface.c \ + test/test-udp-multicast-interface6.c \ +- test/test-udp-multicast-join.c \ +- test/test-udp-multicast-join6.c \ + test/test-udp-multicast-ttl.c \ + test/test-udp-open.c \ + test/test-udp-options.c \ +diff --git a/test/test-list.h b/test/test-list.h +index 24a8a657..cb034076 100644 +--- a/test/test-list.h ++++ b/test/test-list.h +@@ -126,7 +126,7 @@ TEST_DECLARE (tcp_bind_invalid_flags) + TEST_DECLARE (tcp_bind_writable_flags) + TEST_DECLARE (tcp_listen_without_bind) + TEST_DECLARE (tcp_connect_error_fault) +-TEST_DECLARE (tcp_connect_timeout) ++// TEST_DECLARE (tcp_connect_timeout) + TEST_DECLARE (tcp_close_while_connecting) + TEST_DECLARE (tcp_close) + TEST_DECLARE (tcp_close_reset_accepted) +@@ -162,8 +162,8 @@ TEST_DECLARE (udp_send_and_recv) + TEST_DECLARE (udp_send_hang_loop) + TEST_DECLARE (udp_send_immediate) + TEST_DECLARE (udp_send_unreachable) +-TEST_DECLARE (udp_multicast_join) +-TEST_DECLARE (udp_multicast_join6) ++// TEST_DECLARE (udp_multicast_join) ++// TEST_DECLARE (udp_multicast_join6) + TEST_DECLARE (udp_multicast_ttl) + TEST_DECLARE (udp_multicast_interface) + TEST_DECLARE (udp_multicast_interface6) +@@ -670,7 +670,7 @@ TASK_LIST_START + TEST_ENTRY (tcp_bind_writable_flags) + TEST_ENTRY (tcp_listen_without_bind) + TEST_ENTRY (tcp_connect_error_fault) +- TEST_ENTRY (tcp_connect_timeout) ++// TEST_ENTRY (tcp_connect_timeout) + TEST_ENTRY (tcp_close_while_connecting) + TEST_ENTRY (tcp_close) + TEST_ENTRY (tcp_close_reset_accepted) +@@ -717,8 +717,8 @@ TASK_LIST_START + TEST_ENTRY (udp_no_autobind) + TEST_ENTRY (udp_multicast_interface) + TEST_ENTRY (udp_multicast_interface6) +- TEST_ENTRY (udp_multicast_join) +- TEST_ENTRY (udp_multicast_join6) ++// TEST_ENTRY (udp_multicast_join) ++// TEST_ENTRY (udp_multicast_join6) + TEST_ENTRY (udp_multicast_ttl) + TEST_ENTRY (udp_try_send) + diff --git a/SOURCES/libuv-unix-don-t-use-_POSIX_PATH_MAX.patch b/SOURCES/libuv-unix-don-t-use-_POSIX_PATH_MAX.patch new file mode 100644 index 0000000..d759b0e --- /dev/null +++ b/SOURCES/libuv-unix-don-t-use-_POSIX_PATH_MAX.patch @@ -0,0 +1,48 @@ +Upstream patch from https://github.com/libuv/libuv/pull/2966 +to address https://bugzilla.redhat.com/show_bug.cgi?id=1879330 +Resolves: #CVE-2020-8252 + +From 0e6e8620496dff0eb285589ef1e37a7f407f3ddd Mon Sep 17 00:00:00 2001 +From: Ben Noordhuis +Date: Mon, 24 Aug 2020 11:42:27 +0200 +Subject: unix: don't use _POSIX_PATH_MAX + +Libuv was using _POSIX_PATH_MAX wrong. Bug introduced in commit b56d279b +("unix: do not require PATH_MAX to be defined") from September 2018. + +_POSIX_PATH_MAX is the minimum max path size guaranteed by POSIX, not +the actual max path size of the system libuv runs on. _POSIX_PATH_MAX +is always 256, the real max is often much bigger. + +This commit fixes buffer overruns when processing very long paths in +uv_fs_readlink() and uv_fs_realpath() because libuv was not allocating +enough memory to store the result. + +Fixes: https://github.com/libuv/libuv/issues/2965 +PR-URL: https://github.com/libuv/libuv/pull/2966 +Reviewed-By: Richard Lau +Reviewed-By: Santiago Gimeno +Reviewed-By: Colin Ihrig +Reviewed-By: Jameson Nash +--- + src/unix/internal.h | 4 +--- + 1 file changed, 1 insertion(+), 3 deletions(-) + +diff --git a/src/unix/internal.h b/src/unix/internal.h +index 30711673..9d3c2297 100644 +--- a/src/unix/internal.h ++++ b/src/unix/internal.h +@@ -62,9 +62,7 @@ + # include + #endif + +-#if defined(_POSIX_PATH_MAX) +-# define UV__PATH_MAX _POSIX_PATH_MAX +-#elif defined(PATH_MAX) ++#if defined(PATH_MAX) + # define UV__PATH_MAX PATH_MAX + #else + # define UV__PATH_MAX 8192 +-- +2.26.2 + diff --git a/SOURCES/libuv.abignore b/SOURCES/libuv.abignore new file mode 100644 index 0000000..41cabc6 --- /dev/null +++ b/SOURCES/libuv.abignore @@ -0,0 +1,6 @@ +[suppress_function] +symbol_name_regexp = ^uv__.* + +[suppress_function] +symbol_name_regexp = .* +change_kind = added-function diff --git a/SPECS/libuv.spec b/SPECS/libuv.spec index 0ea24f6..2c42a0a 100644 --- a/SPECS/libuv.spec +++ b/SPECS/libuv.spec @@ -1,7 +1,12 @@ +# Some of the tests do not work with the network-free environment in Koji +# The packager should run `fedpkg local --with tests` on their machine +# before pushing to Koji +%bcond_with tests + Name: libuv Epoch: 1 -Version: 1.23.1 -Release: 1%{?dist} +Version: 1.38.0 +Release: 2%{?dist} Summary: Platform layer for node.js # the licensing breakdown is described in detail in the LICENSE file @@ -9,10 +14,19 @@ License: MIT and BSD and ISC URL: http://libuv.org/ Source0: http://dist.libuv.org/dist/v%{version}/libuv-v%{version}.tar.gz Source2: %{name}.pc.in +Source3: libuv.abignore BuildRequires: autoconf automake libtool BuildRequires: gcc +%if %{with tests} +# don't remove network tests +%else +# -- Patches -- # +Patch1: 0001-Disable-failing-network-tests.patch +%endif +Patch2: libuv-unix-don-t-use-_POSIX_PATH_MAX.patch + %description libuv is a new platform layer for Node. Its purpose is to abstract IOCP on Windows and libev on Unix systems. We intend to eventually contain all platform @@ -32,6 +46,7 @@ Requires: %{name}-devel%{?_isa} = %{epoch}:%{version}-%{release} %description static Static library (.a) version of libuv. + %prep %autosetup -n %{name}-v%{version} -p1 @@ -44,12 +59,17 @@ Static library (.a) version of libuv. %make_install rm -f %{buildroot}%{_libdir}/libuv.la +mkdir -p %{buildroot}%{_libdir}/libuv/ +install -Dm0644 -t %{buildroot}%{_libdir}/libuv/ %{SOURCE3} + %check # Tests are currently disabled because some require network access # Working with upstream to split these out #./run-tests #./run-benchmarks +make check + %ldconfig_scriptlets %files @@ -57,6 +77,7 @@ rm -f %{buildroot}%{_libdir}/libuv.la %doc ChangeLog %license LICENSE %{_libdir}/%{name}.so.* +%{_libdir}/libuv/libuv.abignore %files devel %{_libdir}/%{name}.so @@ -68,6 +89,26 @@ rm -f %{buildroot}%{_libdir}/libuv.la %{_libdir}/%{name}.a %changelog +* Wed Sep 23 2020 Honza Horak - 1:1.38.0-2 +- Fix max path size by not using _POSIX_PATH_MAX + Resolves: #1879330 + Fixes: CVE-2020-8252 + +* Tue Jun 09 2020 Zuzana Svetlikova - 1:1.38.0-1 +- Update, disable failing tests + +* Thu May 28 2020 Zuzana Svetlikova - 1:1.37.0-3 +- Run tests + +* Mon May 11 2020 Zuzana Svetlikova - 1:1.37.0-2 +- Resolves: RHBZ#1817821 +- bump for build + +* Mon May 04 2020 Zuzana Svetlikova - 1:1.37.0-1 +- Resolves: RHBZ#1817821 +- Update to 1.37.0 +- Add abidiff ignore file + * Mon Oct 08 2018 Jan Staněk - 1:1.23.1-1 - Update to 1.23.1 - Resolves: rhbz#1637000