From 0d3dbe3f56949ad07d8a3816a8a884d3726d2c7d Mon Sep 17 00:00:00 2001 From: Marius Bakke Date: Sun, 26 May 2019 14:18:26 +0200 Subject: gnu: libevent: Update to 2.1.0. * gnu/packages/patches/libevent-2.1-dns-tests.patch, gnu/packages/patches/libevent-2.1-skip-failing-test.patch: Delete files. * gnu/local.mk (dist_patch_DATA): Adjust accordingly. * gnu/packages/libevent.scm (libevent): Update to 2.1.10. [source](patches): Remove. --- gnu/packages/libevent.scm | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) (limited to 'gnu/packages/libevent.scm') diff --git a/gnu/packages/libevent.scm b/gnu/packages/libevent.scm index 01e1e3b00a5..72227c1d957 100644 --- a/gnu/packages/libevent.scm +++ b/gnu/packages/libevent.scm @@ -3,7 +3,7 @@ ;;; Copyright © 2015, 2017 Mark H Weaver ;;; Copyright © 2015 Eric Dvorsak ;;; Copyright © 2016 David Thompson -;;; Copyright © 2017 Marius Bakke +;;; Copyright © 2017, 2019 Marius Bakke ;;; Copyright © 2017 Efraim Flashner ;;; Copyright © 2018, 2019 Tobias Geerinckx-Rice ;;; Copyright © 2019 Pierre Neidhardt @@ -41,7 +41,7 @@ (define-public libevent (package (name "libevent") - (version "2.1.8") + (version "2.1.10") (source (origin (method url-fetch) (uri (string-append @@ -49,11 +49,7 @@ version "-stable/libevent-" version "-stable.tar.gz")) (sha256 (base32 - "1hhxnxlr0fsdv7bdmzsnhdz16fxf3jg2r6vyljcl3kj6pflcap4n")) - (patches (search-patches "libevent-2.1-dns-tests.patch" - ;; XXX: Try removing this for > 2.1.8. - ;; https://github.com/libevent/libevent/issues/452 - "libevent-2.1-skip-failing-test.patch")))) + "1c25928gdv495clxk2v1d4gkr5py7ack4gx2n7d13frnld0syr78")))) (build-system gnu-build-system) (arguments ;; This skips some of the tests which fail on armhf and aarch64. -- cgit v1.3 From 7024846181a24e32343d49a192cca4be96b1e1ca Mon Sep 17 00:00:00 2001 From: Marius Bakke Date: Sun, 26 May 2019 14:21:19 +0200 Subject: gnu: node: Update to 10.15.3. * gnu/packages/libevent.scm (libuv-1.19): Remove variable. * gnu/packages/node.scm (node): Update to 10.15.3. [source]: Use XZ-compressed tarball. [arguments]: Add #:test-target. Use DELETE-FILE instead of DELETE-IF-EXISTS. Remove obsolete test deletions. [inputs]: Change OPENSSL to OPENSSL-NEXT. Change LIBUV-1.19 to LIBUV. (node-lts): Remove variable. --- gnu/packages/libevent.scm | 13 ------------- gnu/packages/node.scm | 48 +++++++++++------------------------------------ 2 files changed, 11 insertions(+), 50 deletions(-) (limited to 'gnu/packages/libevent.scm') diff --git a/gnu/packages/libevent.scm b/gnu/packages/libevent.scm index 72227c1d957..bb96fd6abff 100644 --- a/gnu/packages/libevent.scm +++ b/gnu/packages/libevent.scm @@ -150,19 +150,6 @@ resolution, asynchronous file system operations, and threading primitives.") ;; details. Documentation is CC-BY 4.0 as of 1.12.0; see 'LICENSE-docs'. (license (list expat cc-by4.0)))) -;; This version is required for Node versions < 10. -(define-public libuv-1.19 - (package - (inherit libuv) - (version "1.19.2") - (source (origin - (method url-fetch) - (uri (string-append "https://dist.libuv.org/dist/v" version - "/libuv-v" version ".tar.gz")) - (sha256 - (base32 - "1msk9ac1z69whww88ibrwjqkd1apdla6l77cm2fwy5kigq0z5g3w")))))) - (define-public perl-anyevent (package (name "perl-anyevent") diff --git a/gnu/packages/node.scm b/gnu/packages/node.scm index a0221601dd3..fc43fcb04c9 100644 --- a/gnu/packages/node.scm +++ b/gnu/packages/node.scm @@ -5,7 +5,7 @@ ;;; Copyright © 2016 Ludovic Courtès ;;; Copyright © 2017 Mike Gerwitz ;;; Copyright © 2018 Tobias Geerinckx-Rice -;;; Copyright © 2018 Marius Bakke +;;; Copyright © 2018, 2019 Marius Bakke ;;; ;;; This file is part of GNU Guix. ;;; @@ -45,14 +45,14 @@ (define-public node (package (name "node") - (version "9.11.1") + (version "10.15.3") (source (origin (method url-fetch) (uri (string-append "https://nodejs.org/dist/v" version - "/node-v" version ".tar.gz")) + "/node-v" version ".tar.xz")) (sha256 (base32 - "1vjh9zvw7wkdz6b0l99ya7mqjk0l8lbg9isr1q8rxwp400dhkk32")) + "1mcijznh481s44i59p571a38bfvcxm9f8x2l0l1005aly0kdj8jf")) (modules '((guix build utils))) (snippet `(begin @@ -83,18 +83,14 @@ "--shared-zlib" "--without-snapshot" "--with-intl=system-icu") + ;; Run only the CI tests. The default test target requires additional + ;; add-ons from NPM that are not distributed with the source. + #:test-target "test-ci-js" #:phases (modify-phases %standard-phases (add-before 'configure 'patch-files (lambda* (#:key inputs #:allow-other-keys) - ;; This phase is inherited by Node LTS, which does not have all - ;; the files listed here. Use this helper for convenience. - (define (delete-if-exists file) - (if (file-exists? file) - (delete-file file) - '())) - ;; Fix hardcoded /bin/sh references. (substitute* '("lib/child_process.js" "lib/internal/v8_prof_polyfill.js" @@ -110,17 +106,9 @@ (("'/usr/bin/env'") (string-append "'" (which "env") "'"))) - ;; FIXME: These tests depend on being able to install eslint. - ;; See https://github.com/nodejs/node/issues/17098. - (for-each delete-if-exists - '("test/parallel/test-eslint-alphabetize-errors.js" - "test/parallel/test-eslint-buffer-constructor.js" - "test/parallel/test-eslint-documented-errors.js" - "test/parallel/test-eslint-inspector-check.js")) - ;; FIXME: These tests fail in the build container, but they don't ;; seem to be indicative of real problems in practice. - (for-each delete-if-exists + (for-each delete-file '("test/async-hooks/test-ttywrap.readstream.js" "test/parallel/test-util-inspect.js" "test/parallel/test-v8-serdes.js" @@ -132,14 +120,13 @@ "test/parallel/test-net-listen-after-destroying-stdin.js" "test/parallel/test-npm-install.js" "test/sequential/test-child-process-emfile.js" - "test/sequential/test-benchmark-child-process.js" "test/sequential/test-http-regr-gh-2928.js")) ;; These tests have an expiry date: they depend on the validity of ;; TLS certificates that are bundled with the source. We want this ;; package to be reproducible forever, so remove those. ;; TODO: Regenerate certs instead. - (for-each delete-if-exists + (for-each delete-file '("test/parallel/test-tls-passphrase.js" "test/parallel/test-tls-server-verify.js")) #t)) @@ -184,9 +171,9 @@ `(("c-ares" ,c-ares) ("http-parser" ,http-parser) ("icu4c" ,icu4c) - ("libuv" ,libuv-1.19) + ("libuv" ,libuv) ("nghttp2" ,nghttp2 "lib") - ("openssl" ,openssl) + ("openssl" ,openssl-next) ("zlib" ,zlib))) (synopsis "Evented I/O for V8 JavaScript") (description "Node.js is a platform built on Chrome's JavaScript runtime @@ -197,16 +184,3 @@ devices.") (home-page "https://nodejs.org/") (license expat) (properties '((timeout . 3600))))) ; 1 h - -(define-public node-lts - (package - (inherit node) - (name "node-lts") - (version "8.12.0") - (source (origin - (inherit (package-source node)) - (uri (string-append "https://nodejs.org/dist/v" version - "/node-v" version ".tar.xz")) - (sha256 - (base32 - "16j1rrxkhmvpcw689ndw1raql1gz4jqn7n82z55zn63c05cgz7as")))))) -- cgit v1.3 From 1f889a59020f497fcbef8c51586aa73cfa06798a Mon Sep 17 00:00:00 2001 From: Marius Bakke Date: Thu, 30 May 2019 13:52:26 +0200 Subject: gnu: libevent: Update home page. * gnu/packages/libevent.scm (libevent)[home-page]: Use HTTPS. --- gnu/packages/libevent.scm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'gnu/packages/libevent.scm') diff --git a/gnu/packages/libevent.scm b/gnu/packages/libevent.scm index bb96fd6abff..466e474c298 100644 --- a/gnu/packages/libevent.scm +++ b/gnu/packages/libevent.scm @@ -58,7 +58,7 @@ `(("python" ,python-2))) ; for 'event_rpcgen.py' (native-inputs `(("which" ,which))) - (home-page "http://libevent.org/") + (home-page "https://libevent.org/") (synopsis "Event notification library") (description "The libevent API provides a mechanism to execute a callback -- cgit v1.3 From d3e3a6adcd77abdf6c8253b5c13ac0d3a3d80fdd Mon Sep 17 00:00:00 2001 From: Marius Bakke Date: Thu, 30 May 2019 13:55:44 +0200 Subject: gnu: Remove libevent@2.0. * gnu/packages/patches/libevent-2.0-CVE-2016-10195.patch, gnu/packages/patches/libevent-2.0-CVE-2016-10196.patch, gnu/packages/patches/libevent-2.0-CVE-2016-10197.patch, gnu/packages/patches/libevent-2.0-evbuffer-add-use-last-with-datap.patch, gnu/packages/patches/libevent-dns-tests.patch: Delete files. * gnu/local.mk (dist_patch_DATA): Adjust accordingly. * gnu/packages/libevent.scm (libevevent-2.0): Remove variable. --- gnu/local.mk | 5 --- gnu/packages/libevent.scm | 21 ----------- .../patches/libevent-2.0-CVE-2016-10195.patch | 41 ---------------------- .../patches/libevent-2.0-CVE-2016-10196.patch | 41 ---------------------- .../patches/libevent-2.0-CVE-2016-10197.patch | 39 -------------------- ...vent-2.0-evbuffer-add-use-last-with-datap.patch | 38 -------------------- gnu/packages/patches/libevent-dns-tests.patch | 16 --------- 7 files changed, 201 deletions(-) delete mode 100644 gnu/packages/patches/libevent-2.0-CVE-2016-10195.patch delete mode 100644 gnu/packages/patches/libevent-2.0-CVE-2016-10196.patch delete mode 100644 gnu/packages/patches/libevent-2.0-CVE-2016-10197.patch delete mode 100644 gnu/packages/patches/libevent-2.0-evbuffer-add-use-last-with-datap.patch delete mode 100644 gnu/packages/patches/libevent-dns-tests.patch (limited to 'gnu/packages/libevent.scm') diff --git a/gnu/local.mk b/gnu/local.mk index 55a8fcd3613..b0992547b43 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -985,11 +985,6 @@ dist_patch_DATA = \ %D%/packages/patches/libcroco-CVE-2017-7960.patch \ %D%/packages/patches/libcroco-CVE-2017-7961.patch \ %D%/packages/patches/libdrm-symbol-check.patch \ - %D%/packages/patches/libevent-dns-tests.patch \ - %D%/packages/patches/libevent-2.0-CVE-2016-10195.patch \ - %D%/packages/patches/libevent-2.0-CVE-2016-10196.patch \ - %D%/packages/patches/libevent-2.0-CVE-2016-10197.patch \ - %D%/packages/patches/libevent-2.0-evbuffer-add-use-last-with-datap.patch \ %D%/packages/patches/libexif-CVE-2016-6328.patch \ %D%/packages/patches/libexif-CVE-2017-7544.patch \ %D%/packages/patches/libgcrypt-make-yat2m-reproducible.patch \ diff --git a/gnu/packages/libevent.scm b/gnu/packages/libevent.scm index 466e474c298..7982a12dfdc 100644 --- a/gnu/packages/libevent.scm +++ b/gnu/packages/libevent.scm @@ -72,27 +72,6 @@ then add or remove events dynamically without having to change the event loop.") (license bsd-3))) -(define-public libevent-2.0 - (package - (inherit libevent) - (version "2.0.22") - (source (origin - (method url-fetch) - (uri (string-append - "https://github.com/libevent/libevent/releases/download/release-" - version "-stable/libevent-" version "-stable.tar.gz")) - (sha256 - (base32 - "18qz9qfwrkakmazdlwxvjmw8p76g70n3faikwvdwznns1agw9hki")) - (patches - (search-patches - "libevent-dns-tests.patch" - "libevent-2.0-CVE-2016-10195.patch" - "libevent-2.0-CVE-2016-10196.patch" - "libevent-2.0-CVE-2016-10197.patch" - "libevent-2.0-evbuffer-add-use-last-with-datap.patch")))) - (arguments '()))) - (define-public libev (package (name "libev") diff --git a/gnu/packages/patches/libevent-2.0-CVE-2016-10195.patch b/gnu/packages/patches/libevent-2.0-CVE-2016-10195.patch deleted file mode 100644 index bffe2c454ca..00000000000 --- a/gnu/packages/patches/libevent-2.0-CVE-2016-10195.patch +++ /dev/null @@ -1,41 +0,0 @@ -Fix CVE-2016-10195 (buffer overread in libevent's DNS code): - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10195 -https://github.com/libevent/libevent/issues/317 - -Patch copied from upstream source repository: - -https://github.com/libevent/libevent/commit/96f64a022014a208105ead6c8a7066018449d86d - -From 3c570970516f48da35f42fef98276531fcc0abaa Mon Sep 17 00:00:00 2001 -From: Azat Khuzhin -Date: Mon, 1 Feb 2016 17:32:09 +0300 -Subject: [PATCH] evdns: name_parse(): fix remote stack overread - ---- - evdns.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/evdns.c b/evdns.c -index 60b10485..137c24ea 100644 ---- a/evdns.c -+++ b/evdns.c -@@ -960,7 +960,6 @@ name_parse(u8 *packet, int length, int *idx, char *name_out, int name_out_len) { - - for (;;) { - u8 label_len; -- if (j >= length) return -1; - GET8(label_len); - if (!label_len) break; - if (label_len & 0xc0) { -@@ -981,6 +980,7 @@ name_parse(u8 *packet, int length, int *idx, char *name_out, int name_out_len) { - *cp++ = '.'; - } - if (cp + label_len >= end) return -1; -+ if (j + label_len > length) return -1; - memcpy(cp, packet + j, label_len); - cp += label_len; - j += label_len; --- -2.11.0 - diff --git a/gnu/packages/patches/libevent-2.0-CVE-2016-10196.patch b/gnu/packages/patches/libevent-2.0-CVE-2016-10196.patch deleted file mode 100644 index 03f96e938bb..00000000000 --- a/gnu/packages/patches/libevent-2.0-CVE-2016-10196.patch +++ /dev/null @@ -1,41 +0,0 @@ -Fix CVE-2016-10196 (buffer overflow in evutil): - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10196 -https://github.com/libevent/libevent/issues/318 - -Patch copied from upstream source repository: - -https://github.com/libevent/libevent/commit/329acc18a0768c21ba22522f01a5c7f46cacc4d5 - -From 28bdc2f3f62259d21ccaf7be2b60ef0a53e6f342 Mon Sep 17 00:00:00 2001 -From: Azat Khuzhin -Date: Sun, 31 Jan 2016 00:57:16 +0300 -Subject: [PATCH] evutil_parse_sockaddr_port(): fix buffer overflow - ---- - evutil.c | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -diff --git a/evutil.c b/evutil.c -index 33445170..e2dfe6e4 100644 ---- a/evutil.c -+++ b/evutil.c -@@ -1808,12 +1808,12 @@ evutil_parse_sockaddr_port(const char *ip_as_string, struct sockaddr *out, int * - - cp = strchr(ip_as_string, ':'); - if (*ip_as_string == '[') { -- int len; -+ size_t len; - if (!(cp = strchr(ip_as_string, ']'))) { - return -1; - } -- len = (int) ( cp-(ip_as_string + 1) ); -- if (len > (int)sizeof(buf)-1) { -+ len = ( cp-(ip_as_string + 1) ); -+ if (len > sizeof(buf)-1) { - return -1; - } - memcpy(buf, ip_as_string+1, len); --- -2.11.0 - diff --git a/gnu/packages/patches/libevent-2.0-CVE-2016-10197.patch b/gnu/packages/patches/libevent-2.0-CVE-2016-10197.patch deleted file mode 100644 index c62a3286273..00000000000 --- a/gnu/packages/patches/libevent-2.0-CVE-2016-10197.patch +++ /dev/null @@ -1,39 +0,0 @@ -Fix CVE-2016-10197 (out of bounds read on empty hostnames in evdns): - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10197 -https://github.com/libevent/libevent/issues/332 - -Patch copied from upstream source repository: - -https://github.com/libevent/libevent/commit/ec65c42052d95d2c23d1d837136d1cf1d9ecef9e - -From a0305cec166a5bc89f1eb362510cc4cd25ecc0bc Mon Sep 17 00:00:00 2001 -From: Azat Khuzhin -Date: Fri, 25 Mar 2016 00:33:47 +0300 -Subject: [PATCH] evdns: fix searching empty hostnames - ---- - evdns.c | 5 ++++- - 1 file changed, 4 insertions(+), 1 deletion(-) - -diff --git a/evdns.c b/evdns.c -index 137c24ea..6191c677 100644 ---- a/evdns.c -+++ b/evdns.c -@@ -3122,9 +3122,12 @@ search_set_from_hostname(struct evdns_base *base) { - static char * - search_make_new(const struct search_state *const state, int n, const char *const base_name) { - const size_t base_len = strlen(base_name); -- const char need_to_append_dot = base_name[base_len - 1] == '.' ? 0 : 1; -+ char need_to_append_dot; - struct search_domain *dom; - -+ if (!base_len) return NULL; -+ need_to_append_dot = base_name[base_len - 1] == '.' ? 0 : 1; -+ - for (dom = state->head; dom; dom = dom->next) { - if (!n--) { - /* this is the postfix we want */ --- -2.11.0 - diff --git a/gnu/packages/patches/libevent-2.0-evbuffer-add-use-last-with-datap.patch b/gnu/packages/patches/libevent-2.0-evbuffer-add-use-last-with-datap.patch deleted file mode 100644 index 0253700bf63..00000000000 --- a/gnu/packages/patches/libevent-2.0-evbuffer-add-use-last-with-datap.patch +++ /dev/null @@ -1,38 +0,0 @@ -From a8769ef12d7e223e33fc47bed03fba2bfa2f3536 Mon Sep 17 00:00:00 2001 -From: Marcus Sundberg -Date: Sat, 26 Mar 2016 20:11:43 +0100 -Subject: [PATCH] evbuffer_add: Use last_with_datap if set, not last. - -evbuffer_add() would always put data in the last chain, even if there -was available space in a previous chain, and in doing so it also -failed to update last_with_datap, causing subsequent calls to other -functions that do look at last_with_datap to add data in the middle -of the evbuffer instead of at the end. - -Fixes the evbuffer_add() part of issue #335, and the evbuffer/add2 and -evbuffer/add3 tests, and also prevents wasting space available in the -chain pointed to by last_with_datap. ---- - buffer.c | 6 +++++- - 1 file changed, 5 insertions(+), 1 deletion(-) - -diff --git a/buffer.c b/buffer.c -index 7cca0e8a..f378b731 100644 ---- a/buffer.c -+++ b/buffer.c -@@ -1732,7 +1732,11 @@ evbuffer_add(struct evbuffer *buf, const void *data_in, size_t datlen) - goto done; - } - -- chain = buf->last; -+ if (*buf->last_with_datap == NULL) { -+ chain = buf->last; -+ } else { -+ chain = *buf->last_with_datap; -+ } - - /* If there are no chains allocated for this buffer, allocate one - * big enough to hold all the data. */ --- -2.12.0 - diff --git a/gnu/packages/patches/libevent-dns-tests.patch b/gnu/packages/patches/libevent-dns-tests.patch deleted file mode 100644 index 6ff8aaaa7bc..00000000000 --- a/gnu/packages/patches/libevent-dns-tests.patch +++ /dev/null @@ -1,16 +0,0 @@ -Disable tests that rely on usable DNS lookups, which aren't available -in build chroots. - ---- libevent-2.0.21-stable/test/regress_dns.c 2013-01-20 22:32:09.000000000 +0100 -+++ libevent-2.0.21-stable/test/regress_dns.c 2013-01-20 22:32:30.000000000 +0100 -@@ -1827,10 +1827,6 @@ end: - - struct testcase_t dns_testcases[] = { - DNS_LEGACY(server, TT_FORK|TT_NEED_BASE), -- DNS_LEGACY(gethostbyname, TT_FORK|TT_NEED_BASE|TT_NEED_DNS), -- DNS_LEGACY(gethostbyname6, TT_FORK|TT_NEED_BASE|TT_NEED_DNS), -- DNS_LEGACY(gethostbyaddr, TT_FORK|TT_NEED_BASE|TT_NEED_DNS), -- { "resolve_reverse", dns_resolve_reverse, TT_FORK, NULL, NULL }, - { "search", dns_search_test, TT_FORK|TT_NEED_BASE, &basic_setup, NULL }, - { "search_cancel", dns_search_cancel_test, - TT_FORK|TT_NEED_BASE, &basic_setup, NULL }, -- cgit v1.3