From e83ef684fc1b490cd54612339a909203d5b94fa4 Mon Sep 17 00:00:00 2001
From: Leo Famulari <leo@famulari.name>
Date: Thu, 2 Feb 2017 10:48:53 -0500
Subject: gnu: libevent-2.0: Include CVE IDs in patches.

* gnu/packages/patches/libevent-2.0-evdns-fix-remote-stack-overread.patch,
gnu/packages/patches/libevent-2.0-evutil-fix-buffer-overflow.patch,
gnu/packages/patches/libevent-2.0-evdns-fix-searching-empty-hostnames.patch:
Rename to ...
* gnu/packages/patches/libevent-2.0-CVE-2016-10195.patch,
gnu/packages/patches/libevent-2.0-CVE-2016-10196.patch,
gnu/packages/patches/libevent-2.0-CVE-2016-10197.patch: ... new files.
* gnu/local.mk (dist_patch_DATA): Adjust accordingly.
* gnu/packages/libevent.scm (libevent-2.0)[sources]: Likewise.
---
 gnu/packages/libevent.scm                          |  6 ++--
 .../patches/libevent-2.0-CVE-2016-10195.patch      | 41 +++++++++++++++++++++
 .../patches/libevent-2.0-CVE-2016-10196.patch      | 41 +++++++++++++++++++++
 .../patches/libevent-2.0-CVE-2016-10197.patch      | 39 ++++++++++++++++++++
 ...event-2.0-evdns-fix-remote-stack-overread.patch | 42 ----------------------
 ...t-2.0-evdns-fix-searching-empty-hostnames.patch | 40 ---------------------
 .../libevent-2.0-evutil-fix-buffer-overflow.patch  | 42 ----------------------
 7 files changed, 124 insertions(+), 127 deletions(-)
 create mode 100644 gnu/packages/patches/libevent-2.0-CVE-2016-10195.patch
 create mode 100644 gnu/packages/patches/libevent-2.0-CVE-2016-10196.patch
 create mode 100644 gnu/packages/patches/libevent-2.0-CVE-2016-10197.patch
 delete mode 100644 gnu/packages/patches/libevent-2.0-evdns-fix-remote-stack-overread.patch
 delete mode 100644 gnu/packages/patches/libevent-2.0-evdns-fix-searching-empty-hostnames.patch
 delete mode 100644 gnu/packages/patches/libevent-2.0-evutil-fix-buffer-overflow.patch

(limited to 'gnu/packages')

diff --git a/gnu/packages/libevent.scm b/gnu/packages/libevent.scm
index bef09f9538..f26ce63386 100644
--- a/gnu/packages/libevent.scm
+++ b/gnu/packages/libevent.scm
@@ -80,9 +80,9 @@ loop.")
             "18qz9qfwrkakmazdlwxvjmw8p76g70n3faikwvdwznns1agw9hki"))
           (patches (search-patches
                     "libevent-dns-tests.patch"
-                    "libevent-2.0-evdns-fix-remote-stack-overread.patch"
-                    "libevent-2.0-evutil-fix-buffer-overflow.patch"
-                    "libevent-2.0-evdns-fix-searching-empty-hostnames.patch"))))))
+                    "libevent-2.0-CVE-2016-10195.patch"
+                    "libevent-2.0-CVE-2016-10196.patch"
+                    "libevent-2.0-CVE-2016-10197.patch"))))))
 
 (define-public libev
   (package
diff --git a/gnu/packages/patches/libevent-2.0-CVE-2016-10195.patch b/gnu/packages/patches/libevent-2.0-CVE-2016-10195.patch
new file mode 100644
index 0000000000..bffe2c454c
--- /dev/null
+++ b/gnu/packages/patches/libevent-2.0-CVE-2016-10195.patch
@@ -0,0 +1,41 @@
+Fix CVE-2016-10195 (buffer overread in libevent's DNS code):
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10195
+https://github.com/libevent/libevent/issues/317
+
+Patch copied from upstream source repository:
+
+https://github.com/libevent/libevent/commit/96f64a022014a208105ead6c8a7066018449d86d
+
+From 3c570970516f48da35f42fef98276531fcc0abaa Mon Sep 17 00:00:00 2001
+From: Azat Khuzhin <a3at.mail@gmail.com>
+Date: Mon, 1 Feb 2016 17:32:09 +0300
+Subject: [PATCH] evdns: name_parse(): fix remote stack overread
+
+---
+ evdns.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/evdns.c b/evdns.c
+index 60b10485..137c24ea 100644
+--- a/evdns.c
++++ b/evdns.c
+@@ -960,7 +960,6 @@ name_parse(u8 *packet, int length, int *idx, char *name_out, int name_out_len) {
+ 
+ 	for (;;) {
+ 		u8 label_len;
+-		if (j >= length) return -1;
+ 		GET8(label_len);
+ 		if (!label_len) break;
+ 		if (label_len & 0xc0) {
+@@ -981,6 +980,7 @@ name_parse(u8 *packet, int length, int *idx, char *name_out, int name_out_len) {
+ 			*cp++ = '.';
+ 		}
+ 		if (cp + label_len >= end) return -1;
++		if (j + label_len > length) return -1;
+ 		memcpy(cp, packet + j, label_len);
+ 		cp += label_len;
+ 		j += label_len;
+-- 
+2.11.0
+
diff --git a/gnu/packages/patches/libevent-2.0-CVE-2016-10196.patch b/gnu/packages/patches/libevent-2.0-CVE-2016-10196.patch
new file mode 100644
index 0000000000..03f96e938b
--- /dev/null
+++ b/gnu/packages/patches/libevent-2.0-CVE-2016-10196.patch
@@ -0,0 +1,41 @@
+Fix CVE-2016-10196 (buffer overflow in evutil):
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10196
+https://github.com/libevent/libevent/issues/318
+
+Patch copied from upstream source repository:
+
+https://github.com/libevent/libevent/commit/329acc18a0768c21ba22522f01a5c7f46cacc4d5
+
+From 28bdc2f3f62259d21ccaf7be2b60ef0a53e6f342 Mon Sep 17 00:00:00 2001
+From: Azat Khuzhin <a3at.mail@gmail.com>
+Date: Sun, 31 Jan 2016 00:57:16 +0300
+Subject: [PATCH] evutil_parse_sockaddr_port(): fix buffer overflow
+
+---
+ evutil.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/evutil.c b/evutil.c
+index 33445170..e2dfe6e4 100644
+--- a/evutil.c
++++ b/evutil.c
+@@ -1808,12 +1808,12 @@ evutil_parse_sockaddr_port(const char *ip_as_string, struct sockaddr *out, int *
+ 
+ 	cp = strchr(ip_as_string, ':');
+ 	if (*ip_as_string == '[') {
+-		int len;
++		size_t len;
+ 		if (!(cp = strchr(ip_as_string, ']'))) {
+ 			return -1;
+ 		}
+-		len = (int) ( cp-(ip_as_string + 1) );
+-		if (len > (int)sizeof(buf)-1) {
++		len = ( cp-(ip_as_string + 1) );
++		if (len > sizeof(buf)-1) {
+ 			return -1;
+ 		}
+ 		memcpy(buf, ip_as_string+1, len);
+-- 
+2.11.0
+
diff --git a/gnu/packages/patches/libevent-2.0-CVE-2016-10197.patch b/gnu/packages/patches/libevent-2.0-CVE-2016-10197.patch
new file mode 100644
index 0000000000..c62a328627
--- /dev/null
+++ b/gnu/packages/patches/libevent-2.0-CVE-2016-10197.patch
@@ -0,0 +1,39 @@
+Fix CVE-2016-10197 (out of bounds read on empty hostnames in evdns):
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10197
+https://github.com/libevent/libevent/issues/332
+
+Patch copied from upstream source repository:
+
+https://github.com/libevent/libevent/commit/ec65c42052d95d2c23d1d837136d1cf1d9ecef9e
+
+From a0305cec166a5bc89f1eb362510cc4cd25ecc0bc Mon Sep 17 00:00:00 2001
+From: Azat Khuzhin <a3at.mail@gmail.com>
+Date: Fri, 25 Mar 2016 00:33:47 +0300
+Subject: [PATCH] evdns: fix searching empty hostnames
+
+---
+ evdns.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/evdns.c b/evdns.c
+index 137c24ea..6191c677 100644
+--- a/evdns.c
++++ b/evdns.c
+@@ -3122,9 +3122,12 @@ search_set_from_hostname(struct evdns_base *base) {
+ static char *
+ search_make_new(const struct search_state *const state, int n, const char *const base_name) {
+ 	const size_t base_len = strlen(base_name);
+-	const char need_to_append_dot = base_name[base_len - 1] == '.' ? 0 : 1;
++	char need_to_append_dot;
+ 	struct search_domain *dom;
+ 
++	if (!base_len) return NULL;
++	need_to_append_dot = base_name[base_len - 1] == '.' ? 0 : 1;
++
+ 	for (dom = state->head; dom; dom = dom->next) {
+ 		if (!n--) {
+ 			/* this is the postfix we want */
+-- 
+2.11.0
+
diff --git a/gnu/packages/patches/libevent-2.0-evdns-fix-remote-stack-overread.patch b/gnu/packages/patches/libevent-2.0-evdns-fix-remote-stack-overread.patch
deleted file mode 100644
index f1907d53e2..0000000000
--- a/gnu/packages/patches/libevent-2.0-evdns-fix-remote-stack-overread.patch
+++ /dev/null
@@ -1,42 +0,0 @@
-Fix buffer overread in libevents DNS code.
-
-Upstream bug report:
-
-https://github.com/libevent/libevent/issues/317
-
-Patch copied from upstream source repository:
-
-https://github.com/libevent/libevent/commit/96f64a022014a208105ead6c8a7066018449d86d
-
-From 3c570970516f48da35f42fef98276531fcc0abaa Mon Sep 17 00:00:00 2001
-From: Azat Khuzhin <a3at.mail@gmail.com>
-Date: Mon, 1 Feb 2016 17:32:09 +0300
-Subject: [PATCH] evdns: name_parse(): fix remote stack overread
-
----
- evdns.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/evdns.c b/evdns.c
-index 60b10485..137c24ea 100644
---- a/evdns.c
-+++ b/evdns.c
-@@ -960,7 +960,6 @@ name_parse(u8 *packet, int length, int *idx, char *name_out, int name_out_len) {
- 
- 	for (;;) {
- 		u8 label_len;
--		if (j >= length) return -1;
- 		GET8(label_len);
- 		if (!label_len) break;
- 		if (label_len & 0xc0) {
-@@ -981,6 +980,7 @@ name_parse(u8 *packet, int length, int *idx, char *name_out, int name_out_len) {
- 			*cp++ = '.';
- 		}
- 		if (cp + label_len >= end) return -1;
-+		if (j + label_len > length) return -1;
- 		memcpy(cp, packet + j, label_len);
- 		cp += label_len;
- 		j += label_len;
--- 
-2.11.0
-
diff --git a/gnu/packages/patches/libevent-2.0-evdns-fix-searching-empty-hostnames.patch b/gnu/packages/patches/libevent-2.0-evdns-fix-searching-empty-hostnames.patch
deleted file mode 100644
index c4ad0a1a4a..0000000000
--- a/gnu/packages/patches/libevent-2.0-evdns-fix-searching-empty-hostnames.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-Fix OOB read on empty hostnames in evdns.
-
-Upstream bug report:
-
-https://github.com/libevent/libevent/issues/332
-
-Patch copied from upstream source repository:
-
-https://github.com/libevent/libevent/commit/ec65c42052d95d2c23d1d837136d1cf1d9ecef9e
-
-From a0305cec166a5bc89f1eb362510cc4cd25ecc0bc Mon Sep 17 00:00:00 2001
-From: Azat Khuzhin <a3at.mail@gmail.com>
-Date: Fri, 25 Mar 2016 00:33:47 +0300
-Subject: [PATCH] evdns: fix searching empty hostnames
-
----
- evdns.c | 5 ++++-
- 1 file changed, 4 insertions(+), 1 deletion(-)
-
-diff --git a/evdns.c b/evdns.c
-index 137c24ea..6191c677 100644
---- a/evdns.c
-+++ b/evdns.c
-@@ -3122,9 +3122,12 @@ search_set_from_hostname(struct evdns_base *base) {
- static char *
- search_make_new(const struct search_state *const state, int n, const char *const base_name) {
- 	const size_t base_len = strlen(base_name);
--	const char need_to_append_dot = base_name[base_len - 1] == '.' ? 0 : 1;
-+	char need_to_append_dot;
- 	struct search_domain *dom;
- 
-+	if (!base_len) return NULL;
-+	need_to_append_dot = base_name[base_len - 1] == '.' ? 0 : 1;
-+
- 	for (dom = state->head; dom; dom = dom->next) {
- 		if (!n--) {
- 			/* this is the postfix we want */
--- 
-2.11.0
-
diff --git a/gnu/packages/patches/libevent-2.0-evutil-fix-buffer-overflow.patch b/gnu/packages/patches/libevent-2.0-evutil-fix-buffer-overflow.patch
deleted file mode 100644
index 4d16a4b917..0000000000
--- a/gnu/packages/patches/libevent-2.0-evutil-fix-buffer-overflow.patch
+++ /dev/null
@@ -1,42 +0,0 @@
-Fix buffer overflow in evutil.
-
-Upstream bug report:
-
-https://github.com/libevent/libevent/issues/318
-
-Patch copied from upstream source repository:
-
-https://github.com/libevent/libevent/commit/329acc18a0768c21ba22522f01a5c7f46cacc4d5
-
-From 28bdc2f3f62259d21ccaf7be2b60ef0a53e6f342 Mon Sep 17 00:00:00 2001
-From: Azat Khuzhin <a3at.mail@gmail.com>
-Date: Sun, 31 Jan 2016 00:57:16 +0300
-Subject: [PATCH] evutil_parse_sockaddr_port(): fix buffer overflow
-
----
- evutil.c | 6 +++---
- 1 file changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/evutil.c b/evutil.c
-index 33445170..e2dfe6e4 100644
---- a/evutil.c
-+++ b/evutil.c
-@@ -1808,12 +1808,12 @@ evutil_parse_sockaddr_port(const char *ip_as_string, struct sockaddr *out, int *
- 
- 	cp = strchr(ip_as_string, ':');
- 	if (*ip_as_string == '[') {
--		int len;
-+		size_t len;
- 		if (!(cp = strchr(ip_as_string, ']'))) {
- 			return -1;
- 		}
--		len = (int) ( cp-(ip_as_string + 1) );
--		if (len > (int)sizeof(buf)-1) {
-+		len = ( cp-(ip_as_string + 1) );
-+		if (len > sizeof(buf)-1) {
- 			return -1;
- 		}
- 		memcpy(buf, ip_as_string+1, len);
--- 
-2.11.0
-
-- 
cgit v1.2.3