File libevent.changes of Package libevent.6437

Fri Jan 12 13:48:37 UTC 2018 -

- libevent-CVE-2016-10195.patch: DNS remote stack overread vulnerability (bnc#1022917 CVE-2016-10195) 
- libevent-CVE-2016-10196.patch: stack/buffer overflow in evutil_parse_sockaddr_port() (bnc#1022918 CVE-2016-10196) 
- libevent-CVE-2016-10197.patch: out-of-bounds read in search_make_new() (bnc#1022919 CVE-2016-10197) 

Mon Sep 22 15:43:30 UTC 2014 -

- libevent-CVE-2014-6272.patch: fixed buffer overflows in buffer methods
  (bnc#897243 CVE-2014-6272)

Sat Jun 29 12:36:28 UTC 2013 -

- update to 2.0.21
  * see ChangeLog for details.

Fri Nov 16 21:24:42 UTC 2012 -

- update to 2.0.20
  * core: Make event_pending() threadsafe
  * evhttp: Fix a memory leak on error in evhttp_uriencode
  * evbuffer: Avoid possible needless call to writev
  * evdns: memset sockaddr_in before using it
  * evhttp: Check more setsockopt return values when binding sockets
  * evdns: Avoid segfault on weird timeout during name lookup
  * bufferevent_ssl: Correctly invoke callbacks when a SSL
    bufferevent reads some and then blocks

Mon Jul 30 22:21:50 UTC 2012 -

- Libevent 2.0.19
* Fix periodic timeout behavior when time jumps forwar
* Avoid certain priority inversions 
* More evdns improvements
* lots of other bugfixes, see NEWS for details.
- Provide openssl support. 

Wed Feb  1 01:13:02 UTC 2012 -

- Remove redundant tags/sections per specfile guideline suggestions
- Use "pkgconfig" BR so that the package also works on Redhats.

Wed Aug  3 13:59:36 UTC 2011 -

- spec mods
  o libsoname macro
  o name macro
- added baselibs.conf
- rpmlint
  o fix self obsoletes

Mon Mar 22 11:51:31 UTC 2011 -

- Drop autoreconf call from build section. We do not carry any
  patches at this time.

Mon Mar 21 23:02:31 UTC 2011 -

- Update to version 2.0.10:
  + Bugfixes:
    - Minor fix for IOCP shutdown handling fix
    - Correctly notify the main thread when activating an event
      from a subthread
    - Reject overlong http requests early when Expect:100-continue
      is set
    - EVUTIL_ASSERT: Use sizeof() to avoid "unused variable"
      warnings with -DNDEBUG.
  + Code cleanups:
    - bufferevent-internal.h: Use the new event2/util.h header,
      not evutil.h
    - Use relative includes instead of system includes consistently
    - Make whitespace more consistent
- For all changes between 1.4.14 and 2.0.10, see ChangeLog.
- BuildRequire pkg-config, for proper pkgconfig() provides.
- Change library soname to libevent-2_0-5

Mon Jun 21 14:41:53 UTC 2010 -

- Spec file cleaned with spec-cleaner;
- Changes in 1.4.14b-stable
 o Set the VERSION_INFO correctly for 1.4.14

- Changes in 1.4.14-stable
 o Add a .gitignore file for the 1.4 branch. (d014edb)
 o Backport evbuffer_readln(). (b04cc60 Nicholas Marriott)
 o Make the evbuffer_readln backport follow the current API (c545485)
 o Valgrind fix: Clear struct kevent before checking for OSX bug. (5713d5d William Ahern)
 o Fix a crash when reading badly formatted resolve.conf (5b10d00 Yasuoka Masahiko)
 o Fix memory-leak of signal handler array with kqueue. [backport] (01f3775)
 o Update sample/signal-test.c to use newer APIs and not leak. (891765c Evan Jones)
 o Correct all versions in 1.4 branch (ac0d213)
 o Make evutil_make_socket_nonblocking() leave any other flags alone. (81c26ba Jardel Weyrich)
 o Adjusted fcntl() retval comparison on evutil_make_socket_nonblocking(). (5f2e250 Jardel Weyrich)
 o Correct a debug message in evhttp_parse_request_line (35df59e)
 o Merge branch 'readln-backport' into patches-1.4 (8771d5b)
 o Do not send an HTTP error when we've already closed or responded. (4fd2dd9 Pavel Plesov)
 o Re-add event_siglcb; some old code _was_ still using it. :( (bd03d06)
 o Make Libevent 1.4 build on win32 with Unicode enabled. (bce58d6 Brodie Thiesfield)
 o Distribute nmake makefile for 1.4 (20d706d)
 o do not fail while sending on http connections the client closed. (5c8b446)
 o make evhttp_send() safe against terminated connections, too (01ea0c5)
 o Fix a free(NULL) in min_heap.h (2458934)
 o Fix memory leak when setting up priorities; reported by Alexander Drozdov (cb1a722)
 o Clean up properly when adding a signal handler fails. (ae6ece0 Gilad Benjamini)
 o Do not abort HTTP requests missing a reason string. (29d7b32 Pierre Phaneuf)
 o Fix compile warning in http.c (906d573)
 o Define _REENTRANT as needed on Solaris, elsewhere (6cbea13)

- Changes in 1.4.13-stable:
 o If the kernel tells us that there are a negative number of bytes to read from a socket, do not believe it.  Fixes bug 2841177; found by Alexander Pronchenkov.
 o Do not allocate the maximum event queue and fd array for the epoll backend at startup.  Instead, start out accepting 32 events at a time, and double the queue's size when it seems that the OS is generating events faster than we're requesting them.  Saves up to 512K per epoll-based event_base.  Resolves bug 2839240.
 o Fix compilation on Android, which forgot to define fd_mask in its sys/select.h
 o Do not drop data from evbuffer when out of memory; reported by Jacek Masiulaniec
 o Rename our replacement compat/sys/_time.h header to avoid build a conflict on HPUX; reported by Kathryn Hogg.
 o Build kqueue.c correctly on GNU/kFreeBSD platforms. Patch pulled upstream from Debian.
 o Fix a problem with excessive memory allocation when using multiple event priorities.
 o When running set[ug]id, don't check the environment. Based on a patch from OpenBSD.

Wed Oct 28 17:39:29 UTC 2009 -

- libevent-devel Requires glibc-devel 

Thu Aug 27 15:21:57 CEST 2009 -

- Changes in 1.4.12-stable:
 o Try to contain degree of failure when running on a win32 version so
   heavily firewalled that we can't fake a socketpair.
 o Fix an obscure timing-dependent, allocator-dependent crash in the evdns code.
 o Use __VA_ARGS__ syntax for varargs macros in event_rpcgen when compiler
   is not GCC.
 o Activate fd events in a pseudorandom order with O(N) backends, so
   that we don't systematically favor low fds (select) or earlier-added fds
   (poll, win32).
 o Fix another pair of fencepost bugs in epoll.c.  [Patch from Adam Langley.]
 o Do not break evdns connections to nameservers when our IP changes.
 o Set truncated flag correctly in evdns server replies.
 o Disable strict aliasing with GCC: our code is not compliant with it.
- Changes in 1.4.11-stable:
 o Fix a bug when removing a timeout from the heap. [Patch from Marko Kreen]
 o Remove the limit on size of HTTP headers by removing static buffers.
 o Fix a nasty dangling pointer bug in epoll.c that could occur after
   epoll_recalc(). [Patch from Kevin Springborn]
 o Distribute Win32-Code/event-config.h, not ./event-config.h
- Changes in 1.4.10-stable:
 o clean up buffered http connection data on reset; reported by Brian O'Kelley
 o bug fix and potential race condition in signal handling; from Alexander Drozdov
 o rename the Solaris event ports backend to evport
 o support compilation on Haiku
 o fix signal processing when a signal callback delivers a signal; from Alexander Drozdov
 o const-ify some arguments to evdns functions.
 o off-by-one error in epoll_recalc; reported by Victor Goya
 o include Doxyfile in tar ball; from Jeff Garzik
 o correctly parse queries with encoded \r, \n or + characters

Mon Mar 16 16:48:18 CET 2009 -

- updated to 1.4.9-stable:
 o event_add would not return error for some backends; from Dean McNamee
 o Clear the timer cache on entering the event loop; reported by Victor Chang
 o Only bind the socket on connect when a local address has been provided;
   reported by Alejo Sanchez
 o Allow setting of local port for evhttp connections to support millions
   of connections from a single system; from Richard J ones.
 o Clear the timer cache when leaving the event loop; reported by Robin Haberkorn
 o Fix a typo in setting the global event base; reported by lance.
 o Fix a memory leak when reading multi-line headers
 o Fix a memory leak by not running explicit close detection for server connections

- updated to 1.4.8-stable:
 o Match the query in DNS replies to the query in the request; from Vsevolod Stakhov.
 o Fix a merge problem in which name_from_addr returned pointers to the stack; found by Jiang Hong.
 o Do not remove Accept-Encoding header
- updated to 1.4.7-stable:
 o Fix a bug where headers arriving in multiple packets were not parsed; fix from Jiang Hong; test by me.
- updated to 1.4.6-stable:
 o evutil.h now includes <stdarg.h> directly
 o switch all uses of [v]snprintf over to evutil
 o Correct handling of trailing headers in chunked replies; from Scott Lamb.
 o Support multi-line HTTP headers; based on a patch from Moshe Litvin
 o Reject negative Content-Length headers; anonymous bug report
 o Detect CLOCK_MONOTONIC at runtime for evdns; anonymous bug report    
 o Fix a bug where deleting signals with the kqueue backend would cause subsequent adds to fail
 o Support multiple events listening on the same signal; make signals
   regular events that go on the same event queue; problem
   report by Alexander Drozdov.
 o Deal with evbuffer_read() returning -1 on EINTR|EAGAIN; from Adam Langley.
 o Fix a bug in which the DNS server would incorrectly set the type of a cname reply to a.
 o Fix a bug where setting the timeout on a bufferevent would take not effect if the event was already pending.
 o Fix a memory leak when using signals for some event bases; reported by Alexander Drozdov.
 o Add libevent.vcproj file to distribution to help with Windows build.
 o Fix a problem with epoll() and reinit; problem report by Alexander Drozdov.  
 o Fix off-by-one errors in devpoll; from Ian Bell
 o Make event_add not change any state if it fails; reported by Ian Bell.
 o Do not warn on accept when errno is either EAGAIN or EINTR

Tue Sep 16 17:54:14 CEST 2008 -

- split out devel and shared library package.
- drop static libs

Thu Jul  3 11:57:22 CEST 2008 -

- upgraded to version 1.4.5-stable:
 o Fix connection keep-alive behavior for HTTP/1.0
 o Fix use of freed memory in event_reinit; pointed out by Peter Postma
 o Constify struct timeval * where possible; pointed out by Forest
 o allow min_heap_erase to be called on removed members; from liusifan.
   INPUT/OUTPUT aliases on on-win32 platforms for backwards compatibility.
 o Do not use SO_REUSEADDR when connecting
 o Fix Windows build
 o Fix a bug in event_rpcgen when generated fixed-sized entries

- upgraded to version 1.4.4-stable:
 o Correct the documentation on buffer printf functions.
 o Don't warn on unimplemented epoll_create(): this isn't a problem,
   just a reason to fall back to poll or select.
 o Correctly handle timeouts larger than 35 minutes on Linux with epoll.c.
   This is probably a kernel defect, but we'll have to support old kernels
   anyway even if it gets fixed.
 o Fix a potential stack corruption bug in tagging on 64-bit CPUs.
 o expose bufferevent_setwatermark via header files and fix high watermark
   on read
 o fix a bug in bufferevent read water marks and add a test for them
 o introduce bufferevent_setcb and bufferevent_setfd to allow better
   manipulation of bufferevents
 o use libevent's internal timercmp on all platforms, to avoid bugs on
   old platforms where timercmp(a,b,<=) is buggy.
 o reduce system calls for getting current time by caching it.
 o fix evhttp_bind_socket() so that multiple sockets can be bound by
   the same http server.
 o Build test directory correctly with CPPFLAGS set.
 o Fix build under Visual C++ 2005.
 o Expose evhttp_accept_socket() API.
 o Merge windows gettimeofday() replacement into a new
   evutil_gettimeofday() function.
 o Fix autoconf script behavior on IRIX.
 o Make sure winsock2.h include always comes before windows.h include.

Tue Apr  8 09:04:44 CEST 2008 -

- upgraded to version 1.4.3stable
  * include Content-Length in reply for HTTP/1.0 requests with keep-alive
  * Patch from Tani Hosokawa: make some functions in http.c threadsafe.
  * Do not free the kqop file descriptor in other processes, also allow it to be 0; from Andrei Nigmatulin
  * make generate code include event-config.h; reported by Sam Banks.
  * make event methods static so that they are not exported; from Andrei Nigmatulin
  * make RPC replies use application/octet-stream as mime type
  * do not delete uninitialized timeout event in evdns

Fri Mar 28 13:47:32 CET 2008 -

- upgraded to version 1.4.2rc
  * make Solaris event subsystems more reliable; from W.C.A. Wijngaards
  * event_base_get_method(); from Springande Ulv
  * fix HTTP/1.1 chunk formatting; from "propanbutan"
  * allow 64-bit content lengths; from Scott Lamb
  * and more...
- upgraded to version 1.4.1beta
  * fixed some memory leaks and other misc cleanup; from Christopher Layne, Scott Lamb and Charles Kerr
  * introduced event_reinit to deal with fork()
  * improved efficiency of generated RPC structure
  * performance improvements to Win32 backend
  * and many more...
- upgraded to version 1.4.0beta
  * a new RPC subsytem for writing distributed clients and servers
  * almost everything is documented via Doxygen now
  * many fixes and improvements to evdns and evhttp
  * libevent now builds two additional libraries: libevent_core (containing only the event core) and libevent_extras (contained evdns, evhttp and evrpc)
  * performance improvements due to using a heap instead of red-black trees for timeouts
  * Solaris' event ports are better supported

Thu Dec 27 06:09:22 CET 2007 -

- fix library-without-ldconfig-* errors
- version 1.3e
 * Add a "Date" header to HTTP responses when it's missing, as required by HTTP 1.1. Original Patch from Ralph Moritz.
 * Fix a memory leak in which failed HTTP connections whould not free the request object.
 * Fix a memory leak in the DNS server.
 * Handle NULL timeouts correctly on Solaris; from Trond Norbye
 * Recalculate pending events properly when reallocating event array on Solaris; from Trond Norbye 

Mon Mar  5 14:00:29 CET 2007 -

- upgraded to 1.3b:
  + signals now useable in multithreaded apps.

Tue Feb 20 13:17:44 CET 2007 -

- Updated to 1.3a.
  + Small bug and performances fixes to evhttp layer.
  + DNS Server from Adam Langley and Nick Mathewson
  + Chunked transfer encoding for HTTP/1.1 from Dug Song.
  + DNS DDoS fix; bug report from Jon Oberheide.
  + Various small improvements.

Sun Nov 12 19:04:24 CET 2006 -

- Update to version 1.2.
  + Support for non-blocking DNS resolution.
  + Support for lightweight HTTP clients and servers.

Wed Jan 25 21:37:27 CET 2006 -

- converted neededforbuild to BuildRequires

Mon May 30 12:05:26 CEST 2005 -

- Initial packaging