Upstream ChangeLog:
Changes in version 2.0.22-stable (5 Jan 2015)
SECURITY FIXES (evbuffers)
o Avoid integer overflow bugs in evbuffer_add() and related functions.
See CVE-2014-6272 advisory for more information.
(20d6d4458bee5d88bda1511c225c25b2d3198d6c)
BUGFIXES (evhttp)
o fix#73 and fix http_connection_fail_test to catch it (crash fix)
(b618204 Greg Hazel)
o Avoid racy bufferevent activation (5eb1788 Nate Rosenblum)
BUGFIXES (compilation and portability)
o Fix compilation with WIN32_HAVE_CONDITION_VARIABLES enabled (7e45739)
o Fix missing AC_PROG_SED on older Autoconfs (9ab2b3f Tay Ray Chuan)
o Backport libevent to vanilla Autoconf 2.59 (as used in RHEL5)
(74d4c44 Kevin Bowling)
o Use AC_CONFIG_HEADERS in place of AM_CONFIG_HEADERS for
automake 1.13 compat (817ea36)
o Rename configure.in to configure.ac to appease newer autoconfs (0c79787)
o Avoid using top_srcdir in TESTS: new automakes do not like this (a55514e)
o Use windows vsnprintf fixup logic on all windows environments (e826f19)
o Fix a compiler warning when checking for arc4random_buf linker breakage.
(5cb3865)
o Fix another arc4random_buf-related warning (e64a2b0)
o Add -Qunused-arguments for clang on macos (b56611d Trond Norbye)
BUGFIXES (resource leaks/lock errors on error)
o Avoid leaking fds on evconnlistener with no callback set (69db261)
o Avoid double-close on getsockname error in evutil_ersatz_socketpair
(0a822a6)
o Fix a locking error in bufferevent_socket_get_dns_error. (0a5eb2e)
o libevent/win32_dealloc() : fix sizeof(pointer) vs sizeof(*pointer)
(b8f5980 Frank Denis)
BUGFIXES: (other stability)
o bufferevent_pair: don't call downcast(NULL) (f2428a2)
o Consistently check for failure from evbuffer_pullup() (60f8f72)
o Fix race caused by event_active (3c7d6fc vjpai)
BUGFIXES (miscellaneous)
o Avoid redundant invocations of init_extension_functions for IOCP (3b77d62)
o Typo fixes from Linus Nordberg (cec62cb, 8cd695b)
o Add a few files created by "make verify" to .gitignore.
(1a8295a Pierre Phaneuf)
o regress_buffer: fix 'memcmp' compare size (79800df Maks Naumov)
o Fix bufferevent setwatermark suspend_read (b34e4ac ufo2243)
o Fix evbuffer_peek() with len==-1 and start_at non-NULL. (fb7e76a)
BUFGIXES (evdns)
o Checking request nameserver for NULL, before using it.
(5c710c0 Belobrov Andrey)
o Fix SEGFAULT after evdns_base_resume if no nameservers installed.
(f8d7df8 Azat Khuzhin)
o Fix a crash in evdns related to shutting down evdns (9f39c88,e8fe749)
BUGFIXES (epoll)
o Check does arch have the epoll_create and __NR_epoll_wait syscalls.
(dfe1e52 Marcin Juszkiewicz)
BUGFIXES (evutil_secure_random)
o Avoid other RNG initialization FS reads when urandom file is specified
(9695e9c, bb52471)
o When we seed from /proc/sys/kernel/random/uuid, count it as success (e35b540)
o Document that arc4random is not a great cryptographic PRNG. (6e49696)
o Add evutil_secure_rng_set_urandom_device_file (2bbb5d7)
o Really remove RNG seeds from the stack (f5ced88)
DOCUMENTATION FIXES
o Fix a mistake in evbuffer_remove() arguments in example http server
code (c322c20 Gyepi Sam)
o Fix a typo in a comment in buffer.h. Spotted by Alt_F4 (773b0a5)
o Clarify event_base_loop exit conditions (031a803)
o Use FindClose for handle from FindFirstFile in http-server.c (6466e88)
o Fix a typo in a doxygen comment. Reported by 亦得. (be1aeff)
Changes in version 2.0.21-stable (18 Nov 2012)
BUGFIXES:
o ssl: Don't discard SSL read event when timeout and read come close together (576b29f)
o ssl: Stop looping in "consider_reading" if reading is suspended. (f719b8a Joachim Bauch)
o ssl: No need to reserve space if reading is suspended. (1acf2eb Joachim Bauch)
o dns: Avoid a memory-leak on OOM in evdns. (73e85dd, f2bff75 George Danchev)
o build: Use python2 rather than python (0eb0109 Ross Lagerwall)
o build: Compile without warnings on mingw64 (94866c2)
o build: Fix compilation on mingw64 with -DUSE_DEBUG (62bd2c4)
o build: Make rpcgen_wrapper.sh work on systems without a "python2" binary (f3009e4)
o iocp: Close IOCP listener socket on free when LEV_OPT_CLOSE_ON_FREE is set (cb853ea Juan Pablo Fernandez)
o core: Avoid crash when event_pending() called with no event_base set on event (e3cccf3)
o misc: remove stray 'x' so print_err will compile when uncommented (ac35650 Patrick Pelletier)
o tests: Fix renegotiation test to work around openssl 1.0.1 bug (c2f3086)
o tests: Warn when openssl version in unit test mismatches compiled version. (ac009f9)
Changes in version 2.0.20-stable (23 Aug 2012)
BUGFIXES:
o core: Make event_pending() threadsafe. (be7a95c Simon Liu)
o win32: avoid crash when waiting forever on zero fds. (160e58b)
o evhttp: Fix a memory leak on error in evhttp_uriencode (11c8b31)
o evbuffer: Avoid possible needless call to writev. Found by coverity. (6a4ec5c)
o evdns: memset sockaddr_in before using it. Found by coverity. (a1a0e67)
o evhttp: Check more setsockopt return values when binding sockets. Found by coverity (a0912e3)
o evdns: Avoid segfault on weird timeout during name lookup. (dc32077 Greg Hazel)
o bufferevent_ssl: Correctly invoke callbacks when a SSL bufferevent reads some and then blocks. (606ac43)
PORTABILITY FIXES:
o check for arc4random_buf at runtime, on OS X (bff5f94 Greg Hazel)
o Correctly check for arc4random_buf (fcec3e8 Sebastian Hahn)
o Add explicit AC_PROG_SED to configure.in so all autoconfs will expose $(SED) (ca80ea6)
BUILD FIXES:
o Add GCC annotations so that the vsprintf functions get checked properly (117e327)
o Fix an unused variable warning on *BSD. (c0720c1)
UNIT TEST FIXES:
o Fix a couple of memory leaks (found with Valgrind). (3b2529a Ross Lagerwall)
o Remove deadcode in http regression tests. Found by coverity. (5553346)
o Fix possible uninitialized read in dns regression tests. Found by coverity. (2259777)
o Set umask before calling mkstemp in unit tests. Found by coverity (f1ce15d)
o Fix various check-after-dereference issues in unit tests: found by coverity (4f3732d)
o Fix resource leaks in the unit tests; found by coverity (270f279)
o Add some missing null checks to unit tests; found by coverity (f021c3d)
o Avoid more crashes/bad calls in unit tests; found by coverity (3cde5bf)
o Remove unused variable; spotted by coverity (6355b2a)
o Add checks to various return values in unit tests. Found by coverity (b9e7329)
o Move assignment outside tt_assert in ssl unit tests. Appeases coverity. (a2006c0)
Changes in version 2.0.19-stable (3 May 2012)
* Refactor event_persist_closure: raise and extract some common logic
* If time has jumped so we'd reschedule a periodic event in the past, schedule
it for the future instead
* If a higher-priority event becomes active, don't continue running events
of the current priority.
* Fixed potential double-readcb execution with openssl bufferevents.
* Cancel a probe request when the server is freed, and ignore cancelled probe
callbacks
* Remove redundant DNS_ERR_CANCEL check, move comment
* When retransmitting a timed-out DNS request, pick a fresh nameserver.
* Backport: provide EVENT_LOG_* names, and deprecate _EVENT_LOG_*
Changes in version 2.0.18-stable (22 Mar 2012)
* Make uses of open() close-on-exec safe by introducing an internal
evutil_open_closeonexec.
* Properly zero the kevent in kq_setup_kevent()
* Stop crashing in evdns when nameserver probes give a weird error
Changes in version 2.0.17-stable (10 Feb 2012)
* Be absolutely sure to clear pncalls before leaving event_signal_closure
* check for sysctl before we use it
* Remove bogus casts of socket to int before calling ev_callback
* Make evconnlistener work around bug in older Linux when getting nmapped
* Fix a list corruption bug when using event_reinit() with signals present
* Fix a fd leak in event_reinit()
* Do a memberwise comparison of threading function tables
* Use C-style comments in C source files (for compatibility with compilers
such as xlc on AIX).
* Avoid crash when freeing event_iocp and using event_set_mem_functions
* In the kqueue backend, do not report EBADF as an EV_READ
* Fix behavior of evbuffer_peek(buf,-1,NULL,NULL,0)
* Loop on filtering SSL reads until we are blocked or exhausted.
* Force strict validation of HTTP version in response.
* evdns: fix a bug in circular-queue implementation
* Backport evhttp_connection_get_bufferevent to Libevent 2.0
Changes in version 2.0.16-stable (18 Nov 2011)
* More detailed message in case of libevent self-debugging failure.
* epoll: close fd on alloc fail at initialization
* Fix compile warning from saying event2/*.h inside a comment
* Warn when unable to construct base because of failing make_base_notifiable
* Don't try to make notifiable event_base when no threading fns are configured
* unit test for remove_buffer bug
* Fix an evbuffer crash in evbuffer_remove_buffer()
* Refactor amount-to-read calculations in buffervent_ssl consider_reading()
* Move SSL rate-limit enforcement into bytes_to_read()
* Avoid spinning on OpenSSL reads
* Empty DNS reply with OK status is another way to say NODATA.
Changes in version 2.0.15-stable (12 Oct 2011)
* DNS: add ttl for negative answers using RFC 2308 idea.
* Add DNS_ERR_NODATA error code to handle empty replies.
* Make evbuffer callbacks get the right n_added value after evbuffer_add
* Prefer mmap to sendfile unless a DRAINS_TO_FD flag is set. Allows add_file
to work with SSL.
* When a signal callback is activated to run multiple times, allow
event_base_loopbreak to work even before they all have run.
* Several SSL bufferevent fixes
* A Solaris sendfile bugfix
* A few other IOCP and rate-limiting bufferevent fixes
* Memory leak fixes
* Coverity fixes
* Portability and build fixes
* and more...
This requires a dependency on Python. Bump PKGREVISION to 1.
This is probably not the best solution: I guess it'd be nice to have a
libevent package that only included the binary libraries and no dependency
on Python, and another libevent-dev package with the event_rpcgen.py binary
and the Python dependency. But this can be done later; I want to just fix
the breakage first.
Supposedly API backwards-compatible with libevent 1.x.
Will need a recursive revbump for shlib name changes, though.
All regression tests pass except "thread_conditions_simple". Not sure
why yet, but it's new API so shouldn't break anything existing in pkgsrc
today.
Changes in libevent 2.0 include cleaner interfaces, buffered I/O improvements,
improved multithreading and openssl integration.
Changes in 1.4.12-stable:
Try to contain degree of failure when running on a win32 version so heavily firewalled that we can't fake a socketpair.
Fix an obscure timing-dependent, allocator-dependent crash in the evdns code.
Use __VA_ARGS__ syntax for varargs macros in event_rpcgen when compiler is not GCC.
Activate fd events in a pseudorandom order with O(N) backends, so that we don't systematically favor low fds (select) or earlier-added fds (poll, win32).
Fix another pair of fencepost bugs in epoll.c. [Patch from Adam Langley.]
Do not break evdns connections to nameservers when our IP changes.
Set truncated flag correctly in evdns server replies.
Disable strict aliasing with GCC: our code is not compliant with it.
Changes in 1.4.11-stable:
Fix a bug when removing a timeout from the heap. [Patch from Marko Kreen]
Remove the limit on size of HTTP headers by removing static buffers.
Fix a nasty dangling pointer bug in epoll.c that could occur after epoll_recalc(). [Patch from Kevin Springborn]
Distribute Win32-Code/event-config.h, not ./event-config.h
Changes in 1.4.10-stable:
clean up buffered http connection data on reset; reported by Brian O'Kelley
bug fix and potential race condition in signal handling; from Alexander Drozdov
rename the Solaris event ports backend to evport
support compilation on Haiku
fix signal processing when a signal callback delivers a signal; from Alexander Drozdov
const-ify some arguments to evdns functions.
off-by-one error in epoll_recalc; reported by Victor Goya
include Doxyfile in tar ball; from Jeff Garzik
correctly parse queries with encoded \r, \n or + characters
This changes the buildlink3.mk files to use an include guard for the
recursive include. The use of BUILDLINK_DEPTH, BUILDLINK_DEPENDS,
BUILDLINK_PACKAGES and BUILDLINK_ORDER is handled by a single new
variable BUILDLINK_TREE. Each buildlink3.mk file adds a pair of
enter/exit marker, which can be used to reconstruct the tree and
to determine first level includes. Avoiding := for large variables
(BUILDLINK_ORDER) speeds up parse time as += has linear complexity.
The include guard reduces system time by avoiding reading files over and
over again. For complex packages this reduces both %user and %sys time to
half of the former time.
Changes in 1.4.9-stable:
o event_add would not return error for some backends; from Dean
McNamee
o Clear the timer cache on entering the event loop; reported by
Victor Chang
o Only bind the socket on connect when a local address has been
provided; reported by Alejo Sanchez
o Allow setting of local port for evhttp connections to support
millions of connections from a single system; from Richard Jones.
o Clear the timer cache when leaving the event loop; reported by
Robin Haberkorn
o Fix a typo in setting the global event base; reported by lance.
o Fix a memory leak when reading multi-line headers
o Fix a memory leak by not running explicit close detection for
server connections
Changes in 1.4.8-stable:
o Match the query in DNS replies to the query in the request; from Vsevolod Stakhov.
o Fix a merge problem in which name_from_addr returned pointers to the stack; found by Jiang Hong.
o Do not remove Accept-Encoding header
Changes in 1.4.7-stable:
o Fix a bug where headers arriving in multiple packets were not parsed; fix from Jiang Hong; test by me.
Changes in 1.4.6-stable:
o evutil.h now includes <stdarg.h> directly
o switch all uses of [v]snprintf over to evutil
o Correct handling of trailing headers in chunked replies; from Scott Lamb.
o Support multi-line HTTP headers; based on a patch from Moshe Litvin
o Reject negative Content-Length headers; anonymous bug report
o Detect CLOCK_MONOTONIC at runtime for evdns; anonymous bug report
o Fix a bug where deleting signals with the kqueue backend would cause subsequent adds to fail
o Support multiple events listening on the same signal; make signals regular events that go on the same event queue; problem report by Alexander Drozdov.
o Deal with evbuffer_read() returning -1 on EINTR|EAGAIN; from Adam Langley.
o Fix a bug in which the DNS server would incorrectly set the type of a cname reply to a.
o Fix a bug where setting the timeout on a bufferevent would take not effect if the event was already pending.
o Fix a memory leak when using signals for some event bases; reported by Alexander Drozdov.
o Add libevent.vcproj file to distribution to help with Windows build.
o Fix a problem with epoll() and reinit; problem report by Alexander Drozdov.
o Fix off-by-one errors in devpoll; from Ian Bell
o Make event_add not change any state if it fails; reported by Ian Bell.
o Do not warn on accept when errno is either EAGAIN or EINTR
Changes in 1.4.5-stable:
o Fix connection keep-alive behavior for HTTP/1.0
o Fix use of freed memory in event_reinit; pointed out by Peter Postma
o Constify struct timeval * where possible; pointed out by Forest Wilkinson
o allow min_heap_erase to be called on removed members; from liusifan.
o Rename INPUT and OUTPUT to EVRPC_INPUT and EVRPC_OUTPUT. Retain INPUT/OUTPUT aliases on on-win32 platforms for backwards compatibility.
o Do not use SO_REUSEADDR when connecting
o Fix Windows build
o Fix a bug in event_rpcgen when generated fixed-sized entries
Changes in 1.4.4-stable:
o Correct the documentation on buffer printf functions.
o Don't warn on unimplemented epoll_create(): this isn't a problem, just a reason to fall back to poll or select.
o Correctly handle timeouts larger than 35 minutes on Linux with epoll.c. This is probably a kernel defect, but we'll have to support old kernels anyway even if it gets fixed.
o Fix a potential stack corruption bug in tagging on 64-bit CPUs.
o expose bufferevent_setwatermark via header files and fix high watermark on read
o fix a bug in bufferevent read water marks and add a test for them
o introduce bufferevent_setcb and bufferevent_setfd to allow better manipulation of bufferevents
o use libevent's internal timercmp on all platforms, to avoid bugs on old platforms where timercmp(a,b,<=) is buggy.
o reduce system calls for getting current time by caching it.
o fix evhttp_bind_socket() so that multiple sockets can be bound by the same http server.
o Build test directory correctly with CPPFLAGS set.
o Fix build under Visual C++ 2005.
o Expose evhttp_accept_socket() API.
o Merge windows gettimeofday() replacement into a new evutil_gettimeofday() function.
o Fix autoconf script behavior on IRIX.
o Make sure winsock2.h include always comes before windows.h include.
1.4.3-stable:
1.4.2-rc:
* make Solaris event subsystems more reliable; from W.C.A. Wijngaards
* event_base_get_method(); from Springande Ulv
* fix HTTP/1.1 chunk formatting; from "propanbutan"
* allow 64-bit content lengths; from Scott Lamb
* and more...
1.4.1-beta:
* fixed some memory leaks and other misc cleanup; from Christopher Layne,
Scott Lamb and Charles Kerr
* introduced event_reinit to deal with fork()
* improved efficiency of generated RPC structure
* performance improvements to Win32 backend
* and many more...
1.4.0-beta:
* a new RPC subsytem for writing distributed clients and servers
* almost everything is documented via Doxygen now
* many fixes and improvements to evdns and evhttp
* libevent now builds two additional libraries: libevent_core (containing only
the event core) and libevent_extras (contained evdns, evhttp and evrpc)
* performance improvements due to using a heap instead of red-black trees for
timeouts
* Solaris' event ports are better supported
1.3e:
* Fix compilation on Solaris; from Magne Mahre
* Add a "Date" header to HTTP responses when it's missing, as required by
HTTP 1.1. Original Patch from Ralph Moritz.
* Fix a memory leak in which failed HTTP connections whould not free the
request object.
* Fix a memory leak in the DNS server.
* Handle NULL timeouts correctly on Solaris; from Trond Norbye
* Recalculate pending events properly when reallocating event array on
Solaris; from Trond Norbye
libevent-1.3d:
Bug fixes in the HTTP layer.
libevent-1.3c:
Small bug and portability fixes.
Worth mentioning is that patch-ab and patch-ac were applied upstream.
As usual with libevent, this breaks the ABI due to .so naming, so a
small revbump sweep will be needed.
1.3b:
* Fixes when using signals in multi-threaded applications from Scott Lamb.
* Other small bug fixes.
1.3a:
* Small bug and performances fixes to evhttp layer.
1.3:
* DNS Server from Adam Langley and Nick Mathewson
* Chunked transfer encoding for HTTP/1.1 from Dug Song.
* DNS DDoS fix; bug report from Jon Oberheide.
* Various small improvements.
- configure script already has provision for different compiler inline
directives, just not every file was using it.
- u_intXX_t types need to be fixed in installed event.h too.
1.2a:
* Made HTTP support more usable
* Various portability fixes.
1.2:
* Support for non-blocking DNS resolution; from Adam Langley
and Nick Mathewson.
* Support for lightweight HTTP clients and servers.
* Support for Sun's Event Ports from David Pacheco of Sun.
