diff --git a/CVE-2020-8252.patch b/CVE-2020-8252.patch deleted file mode 100644 index d4967e4ea251df639aa8ee229213ce6c69a734cd..0000000000000000000000000000000000000000 --- a/CVE-2020-8252.patch +++ /dev/null @@ -1,41 +0,0 @@ -From 0e6e8620496dff0eb285589ef1e37a7f407f3ddd Mon Sep 17 00:00:00 2001 -From: Ben Noordhuis -Date: Mon, 24 Aug 2020 11:42:27 +0200 -Subject: [PATCH] unix: don't use _POSIX_PATH_MAX - -Libuv was using _POSIX_PATH_MAX wrong. Bug introduced in commit b56d279b -("unix: do not require PATH_MAX to be defined") from September 2018. - -_POSIX_PATH_MAX is the minimum max path size guaranteed by POSIX, not -the actual max path size of the system libuv runs on. _POSIX_PATH_MAX -is always 256, the real max is often much bigger. - -This commit fixes buffer overruns when processing very long paths in -uv_fs_readlink() and uv_fs_realpath() because libuv was not allocating -enough memory to store the result. - -Fixes: https://github.com/libuv/libuv/issues/2965 -PR-URL: https://github.com/libuv/libuv/pull/2966 -Reviewed-By: Richard Lau -Reviewed-By: Santiago Gimeno -Reviewed-By: Colin Ihrig -Reviewed-By: Jameson Nash ---- - src/unix/internal.h | 4 +--- - 1 file changed, 1 insertion(+), 3 deletions(-) - -diff --git a/src/unix/internal.h b/src/unix/internal.h -index 30711673e0..9d3c2297f8 100644 ---- a/src/unix/internal.h -+++ b/src/unix/internal.h -@@ -62,9 +62,7 @@ - # include - #endif - --#if defined(_POSIX_PATH_MAX) --# define UV__PATH_MAX _POSIX_PATH_MAX --#elif defined(PATH_MAX) -+#if defined(PATH_MAX) - # define UV__PATH_MAX PATH_MAX - #else - # define UV__PATH_MAX 8192 diff --git a/libuv-v1.38.1.tar.gz b/libuv-v1.38.1.tar.gz deleted file mode 100644 index 1b9fa8b4784787123e07ce3d2e4a8987a27500d2..0000000000000000000000000000000000000000 Binary files a/libuv-v1.38.1.tar.gz and /dev/null differ diff --git a/libuv-v1.42.0.tar.gz b/libuv-v1.42.0.tar.gz new file mode 100644 index 0000000000000000000000000000000000000000..fcb70d49f53cdaabe7647fb4c6acbd9488a119db Binary files /dev/null and b/libuv-v1.42.0.tar.gz differ diff --git a/libuv.pc.in b/libuv.pc.in deleted file mode 100644 index cbc7062b35d959e049dc714be951af047737bfa7..0000000000000000000000000000000000000000 --- a/libuv.pc.in +++ /dev/null @@ -1,11 +0,0 @@ -prefix=@prefix@ -exec_prefix=@exec_prefix@ -libdir=@libdir@ -includedir=@includedir@ - -Name: libuv -Description: Development libraries for libuv -Version: @version@ -Libs: -L${libdir} -luv -lrt -lpthread -lnsl -ldl -Cflags: -I{includedir} -URL: http://libuv.org/ diff --git a/libuv.spec b/libuv.spec index 04cfdb537803b3d584d138493c3e6676b1ede91e..cd8a90b98e032d0414958d09aabcff756432b05d 100644 --- a/libuv.spec +++ b/libuv.spec @@ -1,15 +1,13 @@ Name: libuv Epoch: 1 -Version: 1.38.1 -Release: 2 +Version: 1.42.0 +Release: 1 Summary: A multi-platform support library with a focus on asynchronous I/O -# the licensing breakdown is described in detail in the LICENSE file -License: MIT and BSD and ISC +# from README.md +License: MIT and CC-BY-4.0 URL: http://libuv.org/ Source0: http://dist.libuv.org/dist/v%{version}/%{name}-v%{version}.tar.gz -Source2: %{name}.pc.in -Patch0: CVE-2020-8252.patch BuildRequires: autoconf automake libtool gcc @@ -29,7 +27,6 @@ Development libraries for libuv %package_help - %prep %autosetup -p1 -n %{name}-v%{version} @@ -61,6 +58,9 @@ Development libraries for libuv %doc ChangeLog %changelog +* Thu Mar 24 2022 wangkai - 1.42.0-1 +- upgrade version to 1.42.0 + * Mon Dec 14 2020 wangxiao - 1.38.1-2 - fix CVE-2020-8252