diff --git a/0001-unix-ignore-ifaddrs-with-NULL-ifa_addr-4218.patch b/0001-unix-ignore-ifaddrs-with-NULL-ifa_addr-4218.patch deleted file mode 100644 index 20a8d6ae40246949a4d2a8d798b5c45205aee844..0000000000000000000000000000000000000000 --- a/0001-unix-ignore-ifaddrs-with-NULL-ifa_addr-4218.patch +++ /dev/null @@ -1,33 +0,0 @@ -From b963f0a75bd6c95fbfa0ac17e46ab1f9d1a787c4 Mon Sep 17 00:00:00 2001 -From: Stephen Gallagher -Date: Tue, 14 Nov 2023 04:23:28 -0500 -Subject: [PATCH 1/2] unix: ignore ifaddrs with NULL ifa_addr (#4218) - -Passing this to uv__is_ipv6_link_local() is causing a segmentation -fault. Note that the documentation for getifaddrs() explicitly states -that this value may be NULL. - -Signed-off-by: Stephen Gallagher ---- - src/unix/tcp.c | 5 +++-- - 1 file changed, 3 insertions(+), 2 deletions(-) - -diff --git a/src/unix/tcp.c b/src/unix/tcp.c -index a6b53e5913271d0c83e1d7f7e4cb8140f5f3936d..29f4532e747db50146a8b821389f4d45304c5cd0 100644 ---- a/src/unix/tcp.c -+++ b/src/unix/tcp.c -@@ -233,8 +233,9 @@ static int uv__ipv6_link_local_scope_id(void) { - return 0; - - for (p = ifa; p != NULL; p = p->ifa_next) -- if (uv__is_ipv6_link_local(p->ifa_addr)) -- break; -+ if (p->ifa_addr != NULL) -+ if (uv__is_ipv6_link_local(p->ifa_addr)) -+ break; - - rv = 0; - if (p != NULL) { --- -2.41.0 - diff --git a/0002-test-check-if-ipv6-link-local-traffic-is-routable.patch b/0002-test-check-if-ipv6-link-local-traffic-is-routable.patch deleted file mode 100644 index 53cd53a92825d90ac65bbfe09b43f69c99b68d2d..0000000000000000000000000000000000000000 --- a/0002-test-check-if-ipv6-link-local-traffic-is-routable.patch +++ /dev/null @@ -1,58 +0,0 @@ -From 21e403424060d71e97ee1ef328288fdb9d24a191 Mon Sep 17 00:00:00 2001 -From: Ben Noordhuis -Date: Tue, 14 Nov 2023 10:58:02 +0100 -Subject: [PATCH 2/2] test: check if ipv6 link-local traffic is routable - -Fixes: https://github.com/libuv/libuv/issues/4211 ---- - test/test-tcp-connect6-error.c | 17 +++++++++++++++++ - 1 file changed, 17 insertions(+) - -diff --git a/test/test-tcp-connect6-error.c b/test/test-tcp-connect6-error.c -index 1e6d7c78da999d5d6d1f5e1e57646e34aba4a33b..dc2fce82f8958ac5afaeafafa8f2efccf2a1e1ec 100644 ---- a/test/test-tcp-connect6-error.c -+++ b/test/test-tcp-connect6-error.c -@@ -23,6 +23,7 @@ - #include "task.h" - #include - #include -+#include - - - static int connect_cb_called = 0; -@@ -75,9 +76,13 @@ TEST_IMPL(tcp_connect6_error_fault) { - - - TEST_IMPL(tcp_connect6_link_local) { -+ uv_interface_address_t* ifs; -+ uv_interface_address_t* p; - struct sockaddr_in6 addr; - uv_connect_t req; - uv_tcp_t server; -+ int ok; -+ int n; - - if (!can_ipv6()) - RETURN_SKIP("IPv6 not supported"); -@@ -90,6 +95,18 @@ TEST_IMPL(tcp_connect6_link_local) { - RETURN_SKIP("Test does not currently work in QEMU"); - #endif /* defined(__QEMU__) */ - -+ /* Check there's an interface that routes link-local (fe80::/10) traffic. */ -+ ASSERT_OK(uv_interface_addresses(&ifs, &n)); -+ for (p = ifs; p < &ifs[n]; p++) -+ if (p->address.address6.sin6_family == AF_INET6) -+ if (!memcmp(&p->address.address6.sin6_addr, "\xfe\x80", 2)) -+ break; -+ ok = (p < &ifs[n]); -+ uv_free_interface_addresses(ifs, n); -+ -+ if (!ok) -+ RETURN_SKIP("IPv6 link-local traffic not supported"); -+ - ASSERT_OK(uv_ip6_addr("fe80::0bad:babe", 1337, &addr)); - ASSERT_OK(uv_tcp_init(uv_default_loop(), &server)); - --- -2.41.0 - diff --git a/0003-test_fs.c-Fix-issue-on-32-bit-systems-using-btrfs.patch b/0003-test_fs.c-Fix-issue-on-32-bit-systems-using-btrfs.patch deleted file mode 100644 index c851c32de6b7f1b8e838979dc5eb7c1b82f7eae8..0000000000000000000000000000000000000000 --- a/0003-test_fs.c-Fix-issue-on-32-bit-systems-using-btrfs.patch +++ /dev/null @@ -1,34 +0,0 @@ -From 3d10efa49dc063831787bc01501ab946f6d91282 Mon Sep 17 00:00:00 2001 -From: Stephen Gallagher -Date: Thu, 16 Nov 2023 10:00:20 -0500 -Subject: [PATCH 3/3] test_fs.c: Fix issue on 32-bit systems using btrfs - -On Fedora's build system, the build environment runs on btrfs. This -revealed a bug in the test on i686 systems, where this comparison was -being performed as a comparison of two signed integers, but the -filesystem type of btrfs happens to use the higher-order bits, resulting -in it appearing as a negative value. - -BTRFS_SUPER_MAGIC 0x9123683e - -Signed-off-by: Stephen Gallagher ---- - test/test-fs.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/test/test-fs.c b/test/test-fs.c -index 1acdc5c67082c7ea4f579f25af82cd9bd3fefc71..ab8a9e07ccea95493e479703a07bebca5e29be30 100644 ---- a/test/test-fs.c -+++ b/test/test-fs.c -@@ -343,7 +343,7 @@ static void statfs_cb(uv_fs_t* req) { - defined(__OpenBSD__) || defined(__NetBSD__) - ASSERT_OK(stats->f_type); - #else -- ASSERT_GT(stats->f_type, 0); -+ ASSERT_UINT64_GT(stats->f_type, 0); - #endif - - ASSERT_GT(stats->f_bsize, 0); --- -2.41.0 - diff --git a/backport-0001-CVE-2024-24806.patch b/backport-0001-CVE-2024-24806.patch deleted file mode 100644 index 3e66e23fd4b1d5078cda03b523d3481d48366953..0000000000000000000000000000000000000000 --- a/backport-0001-CVE-2024-24806.patch +++ /dev/null @@ -1,50 +0,0 @@ -From 0f2d7e784a256b54b2385043438848047bc2a629 Mon Sep 17 00:00:00 2001 -From: Ben Noordhuis -Date: Thu, 18 Jan 2024 14:51:40 +0100 -Subject: [PATCH] fix: always zero-terminate idna output - -Fixes: https://github.com/libuv/libuv/security/advisories/GHSA-f74f-cvh7-c6q6 ---- - src/idna.c | 5 +++-- - test/test-idna.c | 4 ++++ - 2 files changed, 7 insertions(+), 2 deletions(-) - -diff --git a/src/idna.c b/src/idna.c -index 3cf79ca94b1..4638546d020 100644 ---- a/src/idna.c -+++ b/src/idna.c -@@ -356,9 +356,10 @@ ssize_t uv__idna_toascii(const char* s, const char* se, char* d, char* de) { - return rc; - } - -- if (d < de) -- *d++ = '\0'; -+ if (d >= de) -+ return UV_EINVAL; - -+ *d++ = '\0'; - return d - ds; /* Number of bytes written. */ - } - -diff --git a/test/test-idna.c b/test/test-idna.c -index bcacfc8a3ad..5f8d696a7f0 100644 ---- a/test/test-idna.c -+++ b/test/test-idna.c -@@ -100,6 +100,7 @@ TEST_IMPL(utf8_decode1) { - TEST_IMPL(utf8_decode1_overrun) { - const char* p; - char b[1]; -+ char c[1]; - - /* Single byte. */ - p = b; -@@ -113,6 +114,9 @@ TEST_IMPL(utf8_decode1_overrun) { - ASSERT_EQ((unsigned) -1, uv__utf8_decode1(&p, b + 1)); - ASSERT_PTR_EQ(p, b + 1); - -+ b[0] = 0x7F; -+ ASSERT_EQ(UV_EINVAL, uv__idna_toascii(b, b + 1, c, c + 1)); -+ - return 0; - } - diff --git a/backport-0002-CVE-2024-24806.patch b/backport-0002-CVE-2024-24806.patch deleted file mode 100644 index 4477fab7e2ad63b63025f43471c3424334c78cfa..0000000000000000000000000000000000000000 --- a/backport-0002-CVE-2024-24806.patch +++ /dev/null @@ -1,37 +0,0 @@ -From 3530bcc30350d4a6ccf35d2f7b33e23292b9de70 Mon Sep 17 00:00:00 2001 -From: Ben Noordhuis -Date: Thu, 18 Jan 2024 14:52:38 +0100 -Subject: [PATCH] fix: reject zero-length idna inputs - -Fixes: https://github.com/libuv/libuv/security/advisories/GHSA-f74f-cvh7-c6q6 ---- - src/idna.c | 3 +++ - test/test-idna.c | 1 + - 2 files changed, 4 insertions(+) - -diff --git a/src/idna.c b/src/idna.c -index 4638546d020..efc5f283ce2 100644 ---- a/src/idna.c -+++ b/src/idna.c -@@ -322,6 +322,9 @@ ssize_t uv__idna_toascii(const char* s, const char* se, char* d, char* de) { - char* ds; - int rc; - -+ if (s == se) -+ return UV_EINVAL; -+ - ds = d; - - si = s; -diff --git a/test/test-idna.c b/test/test-idna.c -index 5f8d696a7f0..3c4820f7659 100644 ---- a/test/test-idna.c -+++ b/test/test-idna.c -@@ -115,6 +115,7 @@ TEST_IMPL(utf8_decode1_overrun) { - ASSERT_PTR_EQ(p, b + 1); - - b[0] = 0x7F; -+ ASSERT_EQ(UV_EINVAL, uv__idna_toascii(b, b + 0, c, c + 1)); - ASSERT_EQ(UV_EINVAL, uv__idna_toascii(b, b + 1, c, c + 1)); - - return 0; diff --git a/backport-0003-CVE-2024-24806.patch b/backport-0003-CVE-2024-24806.patch deleted file mode 100644 index ca751a3918dc52b2266848364c5cbf1ec3ed5366..0000000000000000000000000000000000000000 --- a/backport-0003-CVE-2024-24806.patch +++ /dev/null @@ -1,24 +0,0 @@ -From e0327e1d508b8207c9150b6e582f0adf26213c39 Mon Sep 17 00:00:00 2001 -From: Santiago Gimeno -Date: Wed, 7 Feb 2024 20:27:58 +0100 -Subject: [PATCH] test: empty strings are not valid IDNA - -Fixes: https://github.com/libuv/libuv/security/advisories/GHSA-f74f-cvh7-c6q6 ---- - test/test-idna.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/test/test-idna.c b/test/test-idna.c -index 3c4820f7659..28f9eaaae9e 100644 ---- a/test/test-idna.c -+++ b/test/test-idna.c -@@ -151,8 +151,8 @@ TEST_IMPL(idna_toascii) { - /* Illegal inputs. */ - F("\xC0\x80\xC1\x80", UV_EINVAL); /* Overlong UTF-8 sequence. */ - F("\xC0\x80\xC1\x80.com", UV_EINVAL); /* Overlong UTF-8 sequence. */ -+ F("", UV_EINVAL); - /* No conversion. */ -- T("", ""); - T(".", "."); - T(".com", ".com"); - T("example", "example"); diff --git a/libuv-v1.47.0.tar.gz b/libuv-v1.47.0.tar.gz deleted file mode 100644 index 13848e84bdc37d191cf809dbeb8f2a40e64a9f5d..0000000000000000000000000000000000000000 Binary files a/libuv-v1.47.0.tar.gz and /dev/null differ diff --git a/libuv-v1.48.0.tar.gz b/libuv-v1.48.0.tar.gz new file mode 100644 index 0000000000000000000000000000000000000000..25133d5233b62b56ebad9348fba6b27cdda8639b Binary files /dev/null and b/libuv-v1.48.0.tar.gz differ diff --git a/libuv.spec b/libuv.spec index a786aeabc5fc45929e31f2f6c636ec90f333f72e..9d5e6de938fc9828c91b497f9ef41391577567f9 100644 --- a/libuv.spec +++ b/libuv.spec @@ -1,7 +1,7 @@ Name: libuv Epoch: 1 -Version: 1.47.0 -Release: 2 +Version: 1.48.0 +Release: 1 Summary: A multi-platform support library with a focus on asynchronous I/O # from README.md @@ -11,22 +11,6 @@ Source0: http://dist.libuv.org/dist/v%{version}/%{name}-v%{version}.tar.g Source2: %{name}.pc.in Source3: libuv.abignore -# Test fix for IPv6 interfaces with a NULL ifa_addr -# https://github.com/libuv/libuv/pull/4218 -Patch1: 0001-unix-ignore-ifaddrs-with-NULL-ifa_addr-4218.patch - -# test: check if ipv6 link-local traffic is routable -# https://github.com/libuv/libuv/pull/4220 -Patch2: 0002-test-check-if-ipv6-link-local-traffic-is-routable.patch - -# test: Use unsigned comparison for fs_type -# https://github.com/libuv/libuv/pull/4227 -Patch3: 0003-test_fs.c-Fix-issue-on-32-bit-systems-using-btrfs.patch - -Patch6000: backport-0001-CVE-2024-24806.patch -Patch6001: backport-0002-CVE-2024-24806.patch -Patch6002: backport-0003-CVE-2024-24806.patch - BuildRequires: autoconf automake libtool gcc make %description @@ -81,6 +65,9 @@ make check %doc ChangeLog %changelog +* Mon Apr 08 2024 yinyongkang - 1:1.48.0-1 +- Upgrade to 1.48.0 + * Sun Feb 18 2024 shixuantong - 1:1.47.0-2 - fix CVE-2024-24806