Issues found with existing distfiles:
distfiles/eclipse-sourceBuild-srcIncluded-3.0.1.zip
distfiles/fortran-utils-1.1.tar.gz
distfiles/ivykis-0.39.tar.gz
distfiles/enum-1.11.tar.gz
distfiles/pvs-3.2-libraries.tgz
distfiles/pvs-3.2-linux.tgz
distfiles/pvs-3.2-solaris.tgz
distfiles/pvs-3.2-system.tgz
No changes made to these distinfo files.
Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden). All existing
SHA1 digests retained for now as an audit trail.
Upstream ChangeLog:
Changes in version 2.0.22-stable (5 Jan 2015)
SECURITY FIXES (evbuffers)
o Avoid integer overflow bugs in evbuffer_add() and related functions.
See CVE-2014-6272 advisory for more information.
(20d6d4458bee5d88bda1511c225c25b2d3198d6c)
BUGFIXES (evhttp)
o fix#73 and fix http_connection_fail_test to catch it (crash fix)
(b618204 Greg Hazel)
o Avoid racy bufferevent activation (5eb1788 Nate Rosenblum)
BUGFIXES (compilation and portability)
o Fix compilation with WIN32_HAVE_CONDITION_VARIABLES enabled (7e45739)
o Fix missing AC_PROG_SED on older Autoconfs (9ab2b3f Tay Ray Chuan)
o Backport libevent to vanilla Autoconf 2.59 (as used in RHEL5)
(74d4c44 Kevin Bowling)
o Use AC_CONFIG_HEADERS in place of AM_CONFIG_HEADERS for
automake 1.13 compat (817ea36)
o Rename configure.in to configure.ac to appease newer autoconfs (0c79787)
o Avoid using top_srcdir in TESTS: new automakes do not like this (a55514e)
o Use windows vsnprintf fixup logic on all windows environments (e826f19)
o Fix a compiler warning when checking for arc4random_buf linker breakage.
(5cb3865)
o Fix another arc4random_buf-related warning (e64a2b0)
o Add -Qunused-arguments for clang on macos (b56611d Trond Norbye)
BUGFIXES (resource leaks/lock errors on error)
o Avoid leaking fds on evconnlistener with no callback set (69db261)
o Avoid double-close on getsockname error in evutil_ersatz_socketpair
(0a822a6)
o Fix a locking error in bufferevent_socket_get_dns_error. (0a5eb2e)
o libevent/win32_dealloc() : fix sizeof(pointer) vs sizeof(*pointer)
(b8f5980 Frank Denis)
BUGFIXES: (other stability)
o bufferevent_pair: don't call downcast(NULL) (f2428a2)
o Consistently check for failure from evbuffer_pullup() (60f8f72)
o Fix race caused by event_active (3c7d6fc vjpai)
BUGFIXES (miscellaneous)
o Avoid redundant invocations of init_extension_functions for IOCP (3b77d62)
o Typo fixes from Linus Nordberg (cec62cb, 8cd695b)
o Add a few files created by "make verify" to .gitignore.
(1a8295a Pierre Phaneuf)
o regress_buffer: fix 'memcmp' compare size (79800df Maks Naumov)
o Fix bufferevent setwatermark suspend_read (b34e4ac ufo2243)
o Fix evbuffer_peek() with len==-1 and start_at non-NULL. (fb7e76a)
BUFGIXES (evdns)
o Checking request nameserver for NULL, before using it.
(5c710c0 Belobrov Andrey)
o Fix SEGFAULT after evdns_base_resume if no nameservers installed.
(f8d7df8 Azat Khuzhin)
o Fix a crash in evdns related to shutting down evdns (9f39c88,e8fe749)
BUGFIXES (epoll)
o Check does arch have the epoll_create and __NR_epoll_wait syscalls.
(dfe1e52 Marcin Juszkiewicz)
BUGFIXES (evutil_secure_random)
o Avoid other RNG initialization FS reads when urandom file is specified
(9695e9c, bb52471)
o When we seed from /proc/sys/kernel/random/uuid, count it as success (e35b540)
o Document that arc4random is not a great cryptographic PRNG. (6e49696)
o Add evutil_secure_rng_set_urandom_device_file (2bbb5d7)
o Really remove RNG seeds from the stack (f5ced88)
DOCUMENTATION FIXES
o Fix a mistake in evbuffer_remove() arguments in example http server
code (c322c20 Gyepi Sam)
o Fix a typo in a comment in buffer.h. Spotted by Alt_F4 (773b0a5)
o Clarify event_base_loop exit conditions (031a803)
o Use FindClose for handle from FindFirstFile in http-server.c (6466e88)
o Fix a typo in a doxygen comment. Reported by 亦得. (be1aeff)
Changes in version 2.0.21-stable (18 Nov 2012)
BUGFIXES:
o ssl: Don't discard SSL read event when timeout and read come close together (576b29f)
o ssl: Stop looping in "consider_reading" if reading is suspended. (f719b8a Joachim Bauch)
o ssl: No need to reserve space if reading is suspended. (1acf2eb Joachim Bauch)
o dns: Avoid a memory-leak on OOM in evdns. (73e85dd, f2bff75 George Danchev)
o build: Use python2 rather than python (0eb0109 Ross Lagerwall)
o build: Compile without warnings on mingw64 (94866c2)
o build: Fix compilation on mingw64 with -DUSE_DEBUG (62bd2c4)
o build: Make rpcgen_wrapper.sh work on systems without a "python2" binary (f3009e4)
o iocp: Close IOCP listener socket on free when LEV_OPT_CLOSE_ON_FREE is set (cb853ea Juan Pablo Fernandez)
o core: Avoid crash when event_pending() called with no event_base set on event (e3cccf3)
o misc: remove stray 'x' so print_err will compile when uncommented (ac35650 Patrick Pelletier)
o tests: Fix renegotiation test to work around openssl 1.0.1 bug (c2f3086)
o tests: Warn when openssl version in unit test mismatches compiled version. (ac009f9)
Changes in version 2.0.20-stable (23 Aug 2012)
BUGFIXES:
o core: Make event_pending() threadsafe. (be7a95c Simon Liu)
o win32: avoid crash when waiting forever on zero fds. (160e58b)
o evhttp: Fix a memory leak on error in evhttp_uriencode (11c8b31)
o evbuffer: Avoid possible needless call to writev. Found by coverity. (6a4ec5c)
o evdns: memset sockaddr_in before using it. Found by coverity. (a1a0e67)
o evhttp: Check more setsockopt return values when binding sockets. Found by coverity (a0912e3)
o evdns: Avoid segfault on weird timeout during name lookup. (dc32077 Greg Hazel)
o bufferevent_ssl: Correctly invoke callbacks when a SSL bufferevent reads some and then blocks. (606ac43)
PORTABILITY FIXES:
o check for arc4random_buf at runtime, on OS X (bff5f94 Greg Hazel)
o Correctly check for arc4random_buf (fcec3e8 Sebastian Hahn)
o Add explicit AC_PROG_SED to configure.in so all autoconfs will expose $(SED) (ca80ea6)
BUILD FIXES:
o Add GCC annotations so that the vsprintf functions get checked properly (117e327)
o Fix an unused variable warning on *BSD. (c0720c1)
UNIT TEST FIXES:
o Fix a couple of memory leaks (found with Valgrind). (3b2529a Ross Lagerwall)
o Remove deadcode in http regression tests. Found by coverity. (5553346)
o Fix possible uninitialized read in dns regression tests. Found by coverity. (2259777)
o Set umask before calling mkstemp in unit tests. Found by coverity (f1ce15d)
o Fix various check-after-dereference issues in unit tests: found by coverity (4f3732d)
o Fix resource leaks in the unit tests; found by coverity (270f279)
o Add some missing null checks to unit tests; found by coverity (f021c3d)
o Avoid more crashes/bad calls in unit tests; found by coverity (3cde5bf)
o Remove unused variable; spotted by coverity (6355b2a)
o Add checks to various return values in unit tests. Found by coverity (b9e7329)
o Move assignment outside tt_assert in ssl unit tests. Appeases coverity. (a2006c0)
Changes in version 2.0.19-stable (3 May 2012)
* Refactor event_persist_closure: raise and extract some common logic
* If time has jumped so we'd reschedule a periodic event in the past, schedule
it for the future instead
* If a higher-priority event becomes active, don't continue running events
of the current priority.
* Fixed potential double-readcb execution with openssl bufferevents.
* Cancel a probe request when the server is freed, and ignore cancelled probe
callbacks
* Remove redundant DNS_ERR_CANCEL check, move comment
* When retransmitting a timed-out DNS request, pick a fresh nameserver.
* Backport: provide EVENT_LOG_* names, and deprecate _EVENT_LOG_*
Changes in version 2.0.18-stable (22 Mar 2012)
* Make uses of open() close-on-exec safe by introducing an internal
evutil_open_closeonexec.
* Properly zero the kevent in kq_setup_kevent()
* Stop crashing in evdns when nameserver probes give a weird error
Changes in version 2.0.17-stable (10 Feb 2012)
* Be absolutely sure to clear pncalls before leaving event_signal_closure
* check for sysctl before we use it
* Remove bogus casts of socket to int before calling ev_callback
* Make evconnlistener work around bug in older Linux when getting nmapped
* Fix a list corruption bug when using event_reinit() with signals present
* Fix a fd leak in event_reinit()
* Do a memberwise comparison of threading function tables
* Use C-style comments in C source files (for compatibility with compilers
such as xlc on AIX).
* Avoid crash when freeing event_iocp and using event_set_mem_functions
* In the kqueue backend, do not report EBADF as an EV_READ
* Fix behavior of evbuffer_peek(buf,-1,NULL,NULL,0)
* Loop on filtering SSL reads until we are blocked or exhausted.
* Force strict validation of HTTP version in response.
* evdns: fix a bug in circular-queue implementation
* Backport evhttp_connection_get_bufferevent to Libevent 2.0
Changes in version 2.0.16-stable (18 Nov 2011)
* More detailed message in case of libevent self-debugging failure.
* epoll: close fd on alloc fail at initialization
* Fix compile warning from saying event2/*.h inside a comment
* Warn when unable to construct base because of failing make_base_notifiable
* Don't try to make notifiable event_base when no threading fns are configured
* unit test for remove_buffer bug
* Fix an evbuffer crash in evbuffer_remove_buffer()
* Refactor amount-to-read calculations in buffervent_ssl consider_reading()
* Move SSL rate-limit enforcement into bytes_to_read()
* Avoid spinning on OpenSSL reads
* Empty DNS reply with OK status is another way to say NODATA.
Changes in version 2.0.15-stable (12 Oct 2011)
* DNS: add ttl for negative answers using RFC 2308 idea.
* Add DNS_ERR_NODATA error code to handle empty replies.
* Make evbuffer callbacks get the right n_added value after evbuffer_add
* Prefer mmap to sendfile unless a DRAINS_TO_FD flag is set. Allows add_file
to work with SSL.
* When a signal callback is activated to run multiple times, allow
event_base_loopbreak to work even before they all have run.
* Several SSL bufferevent fixes
* A Solaris sendfile bugfix
* A few other IOCP and rate-limiting bufferevent fixes
* Memory leak fixes
* Coverity fixes
* Portability and build fixes
* and more...
This requires a dependency on Python. Bump PKGREVISION to 1.
This is probably not the best solution: I guess it'd be nice to have a
libevent package that only included the binary libraries and no dependency
on Python, and another libevent-dev package with the event_rpcgen.py binary
and the Python dependency. But this can be done later; I want to just fix
the breakage first.
Supposedly API backwards-compatible with libevent 1.x.
Will need a recursive revbump for shlib name changes, though.
All regression tests pass except "thread_conditions_simple". Not sure
why yet, but it's new API so shouldn't break anything existing in pkgsrc
today.
Changes in libevent 2.0 include cleaner interfaces, buffered I/O improvements,
improved multithreading and openssl integration.
Changes in 1.4.12-stable:
Try to contain degree of failure when running on a win32 version so heavily firewalled that we can't fake a socketpair.
Fix an obscure timing-dependent, allocator-dependent crash in the evdns code.
Use __VA_ARGS__ syntax for varargs macros in event_rpcgen when compiler is not GCC.
Activate fd events in a pseudorandom order with O(N) backends, so that we don't systematically favor low fds (select) or earlier-added fds (poll, win32).
Fix another pair of fencepost bugs in epoll.c. [Patch from Adam Langley.]
Do not break evdns connections to nameservers when our IP changes.
Set truncated flag correctly in evdns server replies.
Disable strict aliasing with GCC: our code is not compliant with it.
Changes in 1.4.11-stable:
Fix a bug when removing a timeout from the heap. [Patch from Marko Kreen]
Remove the limit on size of HTTP headers by removing static buffers.
Fix a nasty dangling pointer bug in epoll.c that could occur after epoll_recalc(). [Patch from Kevin Springborn]
Distribute Win32-Code/event-config.h, not ./event-config.h
Changes in 1.4.10-stable:
clean up buffered http connection data on reset; reported by Brian O'Kelley
bug fix and potential race condition in signal handling; from Alexander Drozdov
rename the Solaris event ports backend to evport
support compilation on Haiku
fix signal processing when a signal callback delivers a signal; from Alexander Drozdov
const-ify some arguments to evdns functions.
off-by-one error in epoll_recalc; reported by Victor Goya
include Doxyfile in tar ball; from Jeff Garzik
correctly parse queries with encoded \r, \n or + characters
This changes the buildlink3.mk files to use an include guard for the
recursive include. The use of BUILDLINK_DEPTH, BUILDLINK_DEPENDS,
BUILDLINK_PACKAGES and BUILDLINK_ORDER is handled by a single new
variable BUILDLINK_TREE. Each buildlink3.mk file adds a pair of
enter/exit marker, which can be used to reconstruct the tree and
to determine first level includes. Avoiding := for large variables
(BUILDLINK_ORDER) speeds up parse time as += has linear complexity.
The include guard reduces system time by avoiding reading files over and
over again. For complex packages this reduces both %user and %sys time to
half of the former time.
Changes in 1.4.9-stable:
o event_add would not return error for some backends; from Dean
McNamee
o Clear the timer cache on entering the event loop; reported by
Victor Chang
o Only bind the socket on connect when a local address has been
provided; reported by Alejo Sanchez
o Allow setting of local port for evhttp connections to support
millions of connections from a single system; from Richard Jones.
o Clear the timer cache when leaving the event loop; reported by
Robin Haberkorn
o Fix a typo in setting the global event base; reported by lance.
o Fix a memory leak when reading multi-line headers
o Fix a memory leak by not running explicit close detection for
server connections
Changes in 1.4.8-stable:
o Match the query in DNS replies to the query in the request; from Vsevolod Stakhov.
o Fix a merge problem in which name_from_addr returned pointers to the stack; found by Jiang Hong.
o Do not remove Accept-Encoding header
Changes in 1.4.7-stable:
o Fix a bug where headers arriving in multiple packets were not parsed; fix from Jiang Hong; test by me.
Changes in 1.4.6-stable:
o evutil.h now includes <stdarg.h> directly
o switch all uses of [v]snprintf over to evutil
o Correct handling of trailing headers in chunked replies; from Scott Lamb.
o Support multi-line HTTP headers; based on a patch from Moshe Litvin
o Reject negative Content-Length headers; anonymous bug report
o Detect CLOCK_MONOTONIC at runtime for evdns; anonymous bug report
o Fix a bug where deleting signals with the kqueue backend would cause subsequent adds to fail
o Support multiple events listening on the same signal; make signals regular events that go on the same event queue; problem report by Alexander Drozdov.
o Deal with evbuffer_read() returning -1 on EINTR|EAGAIN; from Adam Langley.
o Fix a bug in which the DNS server would incorrectly set the type of a cname reply to a.
o Fix a bug where setting the timeout on a bufferevent would take not effect if the event was already pending.
o Fix a memory leak when using signals for some event bases; reported by Alexander Drozdov.
o Add libevent.vcproj file to distribution to help with Windows build.
o Fix a problem with epoll() and reinit; problem report by Alexander Drozdov.
o Fix off-by-one errors in devpoll; from Ian Bell
o Make event_add not change any state if it fails; reported by Ian Bell.
o Do not warn on accept when errno is either EAGAIN or EINTR
Changes in 1.4.5-stable:
o Fix connection keep-alive behavior for HTTP/1.0
o Fix use of freed memory in event_reinit; pointed out by Peter Postma
o Constify struct timeval * where possible; pointed out by Forest Wilkinson
o allow min_heap_erase to be called on removed members; from liusifan.
o Rename INPUT and OUTPUT to EVRPC_INPUT and EVRPC_OUTPUT. Retain INPUT/OUTPUT aliases on on-win32 platforms for backwards compatibility.
o Do not use SO_REUSEADDR when connecting
o Fix Windows build
o Fix a bug in event_rpcgen when generated fixed-sized entries
Changes in 1.4.4-stable:
o Correct the documentation on buffer printf functions.
o Don't warn on unimplemented epoll_create(): this isn't a problem, just a reason to fall back to poll or select.
o Correctly handle timeouts larger than 35 minutes on Linux with epoll.c. This is probably a kernel defect, but we'll have to support old kernels anyway even if it gets fixed.
o Fix a potential stack corruption bug in tagging on 64-bit CPUs.
o expose bufferevent_setwatermark via header files and fix high watermark on read
o fix a bug in bufferevent read water marks and add a test for them
o introduce bufferevent_setcb and bufferevent_setfd to allow better manipulation of bufferevents
o use libevent's internal timercmp on all platforms, to avoid bugs on old platforms where timercmp(a,b,<=) is buggy.
o reduce system calls for getting current time by caching it.
o fix evhttp_bind_socket() so that multiple sockets can be bound by the same http server.
o Build test directory correctly with CPPFLAGS set.
o Fix build under Visual C++ 2005.
o Expose evhttp_accept_socket() API.
o Merge windows gettimeofday() replacement into a new evutil_gettimeofday() function.
o Fix autoconf script behavior on IRIX.
o Make sure winsock2.h include always comes before windows.h include.
1.4.3-stable:
1.4.2-rc:
* make Solaris event subsystems more reliable; from W.C.A. Wijngaards
* event_base_get_method(); from Springande Ulv
* fix HTTP/1.1 chunk formatting; from "propanbutan"
* allow 64-bit content lengths; from Scott Lamb
* and more...
1.4.1-beta:
* fixed some memory leaks and other misc cleanup; from Christopher Layne,
Scott Lamb and Charles Kerr
* introduced event_reinit to deal with fork()
* improved efficiency of generated RPC structure
* performance improvements to Win32 backend
* and many more...
1.4.0-beta:
* a new RPC subsytem for writing distributed clients and servers
* almost everything is documented via Doxygen now
* many fixes and improvements to evdns and evhttp
* libevent now builds two additional libraries: libevent_core (containing only
the event core) and libevent_extras (contained evdns, evhttp and evrpc)
* performance improvements due to using a heap instead of red-black trees for
timeouts
* Solaris' event ports are better supported
1.3e:
* Fix compilation on Solaris; from Magne Mahre
* Add a "Date" header to HTTP responses when it's missing, as required by
HTTP 1.1. Original Patch from Ralph Moritz.
* Fix a memory leak in which failed HTTP connections whould not free the
request object.
* Fix a memory leak in the DNS server.
* Handle NULL timeouts correctly on Solaris; from Trond Norbye
* Recalculate pending events properly when reallocating event array on
Solaris; from Trond Norbye
libevent-1.3d:
Bug fixes in the HTTP layer.
libevent-1.3c:
Small bug and portability fixes.
Worth mentioning is that patch-ab and patch-ac were applied upstream.
As usual with libevent, this breaks the ABI due to .so naming, so a
small revbump sweep will be needed.
1.3b:
* Fixes when using signals in multi-threaded applications from Scott Lamb.
* Other small bug fixes.
1.3a:
* Small bug and performances fixes to evhttp layer.
1.3:
* DNS Server from Adam Langley and Nick Mathewson
* Chunked transfer encoding for HTTP/1.1 from Dug Song.
* DNS DDoS fix; bug report from Jon Oberheide.
* Various small improvements.
- configure script already has provision for different compiler inline
directives, just not every file was using it.
- u_intXX_t types need to be fixed in installed event.h too.
