pkgsrc-Changes archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

CVS commit: pkgsrc/devel/libevent



Module Name:    pkgsrc
Committed By:   wiz
Date:           Wed Jul  1 21:14:26 UTC 2026

Modified Files:
        pkgsrc/devel/libevent: Makefile Makefile.common builtin.mk distinfo

Log Message:
libevent: update to 2.1.13.

Fix pkglint while here.

Changes in version 2.1.13-stable (01 July 2026)

 This release contains several security fixes, affecting users of the
 following modules: evbuffer, bufferevent, evtag, evrpc, evdns, evhttp.
 If you have a program that uses one of those modules,
 or if you distribute libevent, you should upgrade.

 Additionally, this release backports some small modernizations to
 the libevent codebase, to aid in compiling with the compilers
 released over the last few years.

 Security Fixes (evtag, evrpc):
 - Fix an out-of-bounds read in decode_tag_internal.
   (Found by @Brubbish. GHSA-fj29-64w6-73h6)
 - Fix an integer overflow in evtag_unmarshal_header.
   (Found by @Brubbish. GHSA-45c6-qx49-89m8)

 Security Fixes (evhttp):
 - Discard HTTP trailers, to prevent header smuggling attacks.
   (Found by @sebastianosrt. GHSA-2gmv-p5m7-98p6)
 - Restrict HTTP header parsing to prevent request smuggling.
   (Originally reported by @xclow3n; and then by @kodareef5,
   @nstaller0490, @AsafMeizneer, and @yaotushaozhu.
   GHSA-q39v-w2g7-gr8j.)
 - Treat CRLF and %00 more strictly in HTTP headers, to prevent
   parser mismatch attacks.
   (Reported by @xclow3n and @AsafMeizner. See GHSA-q39v-w2g7-gr8j,
   GHSA-jcwh-pvf2-73p2.)
 - Fix a heap out-of-bound write that could occur when using
   AF_UNIX sockets and compiling libevent with -DNDEBUG.
   (Found by @mat-mo. GHSA-cvq5-vrvr-j338)

 Security fixes (evbuffer, bufferevent):
 - Fixed a dangling pointer in evbuffer_add_reference.
   (Found by @DarkaMaul. GHSA-c2pj-cg4r-88c8)

 Security fixes (evdns):
 - Fix an out-of-bounds write in dnsname_to_labels
   when building a DNS response of 2^16 bytes.
   (Found by @sectroyer. GHSA-58rx-7448-jw47)

 Security fixes (example code):
 - Avoid using strcpy() in sample/http-server.c.
   (Reported by @sectroyer. GHSA-5rgj-2c58-7jrc.)

 Other fixes:
 - Backport fixes for numerous compiler warnings.
 - Backport fixes for compilation with openssl 3 and later.


To generate a diff of this commit:
cvs rdiff -u -r1.60 -r1.61 pkgsrc/devel/libevent/Makefile
cvs rdiff -u -r1.6 -r1.7 pkgsrc/devel/libevent/Makefile.common
cvs rdiff -u -r1.21 -r1.22 pkgsrc/devel/libevent/builtin.mk
cvs rdiff -u -r1.42 -r1.43 pkgsrc/devel/libevent/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/devel/libevent/Makefile
diff -u pkgsrc/devel/libevent/Makefile:1.60 pkgsrc/devel/libevent/Makefile:1.61
--- pkgsrc/devel/libevent/Makefile:1.60 Sun Oct  5 02:49:44 2025
+++ pkgsrc/devel/libevent/Makefile      Wed Jul  1 21:14:26 2026
@@ -1,6 +1,5 @@
-# $NetBSD: Makefile,v 1.60 2025/10/05 02:49:44 js Exp $
+# $NetBSD: Makefile,v 1.61 2026/07/01 21:14:26 wiz Exp $
 
-PKGREVISION= 2
 .include "../../devel/libevent/Makefile.common"
 
 PKGNAME=       ${DISTNAME:S/-stable//}
@@ -23,6 +22,9 @@ CPPFLAGS.QNX+=                -D__EXT_POSIX2
 
 .include "../../mk/bsd.prefs.mk"
 
+# test status as of 2.1.13
+# 2/342 TESTS FAILED. (51 skipped)
+
 # No OpenSSL on QNX.
 CONFIGURE_ARGS.QNX+=   --disable-openssl
 
@@ -36,7 +38,7 @@ CONFIGURE_ENV+=               ac_cv_func_kqueue=no
 CONFIGURE_ENV+=                ac_cv_func_poll=no
 .endif
 
-.if !empty(MACHINE_PLATFORM:MHPUX-11.11-*)
+.if ${MACHINE_PLATFORM:MHPUX-11.11-*}
 CONFIGURE_ENV+=                ac_cv_func_strtoll=yes
 CPPFLAGS+=             -Dstrtoll=__strtoll
 .endif

Index: pkgsrc/devel/libevent/Makefile.common
diff -u pkgsrc/devel/libevent/Makefile.common:1.6 pkgsrc/devel/libevent/Makefile.common:1.7
--- pkgsrc/devel/libevent/Makefile.common:1.6   Mon Jul  6 10:08:58 2020
+++ pkgsrc/devel/libevent/Makefile.common       Wed Jul  1 21:14:26 2026
@@ -1,9 +1,9 @@
-# $NetBSD: Makefile.common,v 1.6 2020/07/06 10:08:58 adam Exp $
+# $NetBSD: Makefile.common,v 1.7 2026/07/01 21:14:26 wiz Exp $
 #
 # used by devel/libevent/Makefile
 # used by devel/py-libevent-rpcgen/Makefile
 
-DISTNAME=      libevent-2.1.12-stable
+DISTNAME=      libevent-2.1.13-stable
 CATEGORIES=    devel
 MASTER_SITES=  ${MASTER_SITE_GITHUB:=libevent/}
 GITHUB_PROJECT=        libevent

Index: pkgsrc/devel/libevent/builtin.mk
diff -u pkgsrc/devel/libevent/builtin.mk:1.21 pkgsrc/devel/libevent/builtin.mk:1.22
--- pkgsrc/devel/libevent/builtin.mk:1.21       Fri Nov  6 15:48:15 2020
+++ pkgsrc/devel/libevent/builtin.mk    Wed Jul  1 21:14:26 2026
@@ -1,4 +1,4 @@
-# $NetBSD: builtin.mk,v 1.21 2020/11/06 15:48:15 ryoon Exp $
+# $NetBSD: builtin.mk,v 1.22 2026/07/01 21:14:26 wiz Exp $
 
 BUILTIN_PKG:=  libevent
 
@@ -25,7 +25,7 @@ MAKEVARS+=            IS_BUILTIN.libevent
 ### a package name to represent the built-in package.
 ###
 .if !defined(BUILTIN_PKG.libevent) && \
-    !empty(IS_BUILTIN.libevent:M[yY][eE][sS]) && \
+    ${IS_BUILTIN.libevent:tl} == yes && \
     empty(H_LIBEVENT:M__nonexistent__)
 .  if empty(H_LIBEVENTCONFIG:M__nonexistent__)
 _BLTN_EVENT_1_4_11!=           \
@@ -118,10 +118,10 @@ USE_BUILTIN.libevent=     no
 .  else
 USE_BUILTIN.libevent=  ${IS_BUILTIN.libevent}
 .    if defined(BUILTIN_PKG.libevent) && \
-        !empty(IS_BUILTIN.libevent:M[yY][eE][sS])
+        ${IS_BUILTIN.libevent:tl} == yes
 USE_BUILTIN.libevent=  yes
 .      for _dep_ in ${BUILDLINK_API_DEPENDS.libevent}
-.        if !empty(USE_BUILTIN.libevent:M[yY][eE][sS])
+.        if ${USE_BUILTIN.libevent:tl} == yes
 USE_BUILTIN.libevent!=                                                 \
        if ${PKG_ADMIN} pmatch ${_dep_:Q} ${BUILTIN_PKG.libevent:Q}; then \
                ${ECHO} yes;                                            \
@@ -137,7 +137,7 @@ MAKEVARS+=          USE_BUILTIN.libevent
 
 # Fake pkg-config for builtin libevent on NetBSD
 
-.if !empty(USE_BUILTIN.libevent:M[yY][eE][sS])
+.if ${USE_BUILTIN.libevent:tl} == yes
 .  if !empty(USE_TOOLS:C/:.*//:Mpkg-config)
 do-configure-pre-hook: override-libevent-pkgconfig
 

Index: pkgsrc/devel/libevent/distinfo
diff -u pkgsrc/devel/libevent/distinfo:1.42 pkgsrc/devel/libevent/distinfo:1.43
--- pkgsrc/devel/libevent/distinfo:1.42 Tue Jan 11 09:14:00 2022
+++ pkgsrc/devel/libevent/distinfo      Wed Jul  1 21:14:26 2026
@@ -1,8 +1,8 @@
-$NetBSD: distinfo,v 1.42 2022/01/11 09:14:00 schmonz Exp $
+$NetBSD: distinfo,v 1.43 2026/07/01 21:14:26 wiz Exp $
 
-BLAKE2s (libevent-2.1.12-stable.tar.gz) = 4a65abf53bda3c21fd30f52dfe2c83c9ea778cfe9198166c824cf25aed5dc6d2
-SHA512 (libevent-2.1.12-stable.tar.gz) = 88d8944cd75cbe78bc4e56a6741ca67c017a3686d5349100f1c74f8a68ac0b6410ce64dff160be4a4ba0696ee29540dfed59aaf3c9a02f0c164b00307fcfe84f
-Size (libevent-2.1.12-stable.tar.gz) = 1100847 bytes
+BLAKE2s (libevent-2.1.13-stable.tar.gz) = f76d7b4e6bba8de45203246e33837205d2c5e74a5b98656b6de404dbbcf06277
+SHA512 (libevent-2.1.13-stable.tar.gz) = 5c7a1b9f48087258f49653ecb4ce24d7015a9ef4015ad6ffa910a101d5bd37c657c26fc948eaae30c4abeb54d1cda33290878161bd73bb50e4e85f7dc667c36d
+Size (libevent-2.1.13-stable.tar.gz) = 1126525 bytes
 SHA1 (patch-Makefile.in) = 09c7524eb8657e1f76232db97273806a8c900219
 SHA1 (patch-signal.c) = 868f5f217afd030407a6c8be2d3fbecd58dc7999
 SHA1 (patch-util-internal.h) = cbc8e0e1e682402e72521ca7e1a3a626b763f82b



Home | Main Index | Thread Index | Old Index