Package: libuv1 / 1.44.2-1+deb12u1

Metadata

Package Version Patches format
libuv1 1.44.2-1+deb12u1 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
sparc skip tcp_oob.diff | (download)

test/test-tcp-oob.c | 6 6 + 0 - 0 !
1 file changed, 6 insertions(+)

 
 workaround for test failure on old sparc kernels
disable_ipv6_test.patch | (download)

test/test-getnameinfo.c | 2 2 + 0 - 0 !
1 file changed, 2 insertions(+)

 
 export res_options = attempts:0 makes this test fail
path_max_zero_st_size | (download)

src/unix/fs.c | 11 11 + 0 - 0 !
1 file changed, 11 insertions(+)

 
 fix undefined path_max for st_size zero
 The downstream 'path_max' patch in Debian sets the buffer size
 for readlink() to the 'st_size' value obtained with lstat().
 .
 However, it might be zero for some symlinks in /proc on Linux
 (notably /proc/self) leading to readlink() failing with EINVAL.
 .
     $ strace -e lstat stat /proc/self 2>&1 \
         | grep -e lstat -e File: -e Size:
     lstat("/proc/self", {st_mode=S_IFLNK|0777, st_size=0, ...}) = 0
       File: /proc/self -> 30875
       Size: 0             Blocks: 0          IO Block: 1024   symbolic link
 .
 This causes readlink (tool) to files like /dev/stdin to fail,
 which may link to /proc/self/fd/0 on containers or elsewhere.
 .
 Test-case:
 .
     ubuntu@cosmic:~/node$
     $ strace -E LD_LIBRARY_PATH=/usr/local/lib/ -f -e lstat,readlink \
       node test/parallel/test-fs-realpath-pipe.js
 .
 With path_max:
 .
     [pid 17785] lstat("/dev", {st_mode=S_IFDIR|0755, st_size=480, ...}) = 0
     [pid 17786] lstat("/dev/stdin", {st_mode=S_IFLNK|0777, st_size=15, ...}) = 0
     [pid 17788] lstat("/dev/stdin", {st_mode=S_IFLNK|0777, st_size=15, ...}) = 0
     [pid 17788] readlink("/dev/stdin", "/proc/self/fd/0", 15) = 15
 .
     [pid 17785] lstat("/proc", {st_mode=S_IFDIR|0555, st_size=0, ...}) = 0
     [pid 17786] lstat("/proc/self", {st_mode=S_IFLNK|0777, st_size=0, ...}) = 0
     [pid 17788] lstat("/proc/self", {st_mode=S_IFLNK|0777, st_size=0, ...}) = 0
     [pid 17788] readlink("/proc/self", 0x7f2a6c000b40, 0) = -1 EINVAL (Invalid argument)
 .
 Without path_max:
 .
     [pid 18114] lstat("/dev", {st_mode=S_IFDIR|0755, st_size=480, ...}) = 0
     [pid 18114] lstat("/dev/stdin", {st_mode=S_IFLNK|0777, st_size=15, ...}) = 0
     [pid 18114] readlink("/dev/stdin", "/proc/self/fd/0", 4096) = 15
 .
     [pid 18114] lstat("/proc", {st_mode=S_IFDIR|0555, st_size=0, ...}) = 0
     [pid 18114] lstat("/proc/self", {st_mode=S_IFLNK|0777, st_size=0, ...}) = 0
     [pid 18114] readlink("/proc/self", "18114", 4096) = 5
 .
     [pid 18114] lstat("/proc/18114", {st_mode=S_IFDIR|0555, st_size=0, ...}) = 0
     [pid 18114] lstat("/proc/18114/fd", {st_mode=S_IFDIR|0500, st_size=0, ...}) = 0
     [pid 18114] lstat("/proc/18114/fd/0", {st_mode=S_IFLNK|0700, st_size=64, ...}) = 0
     [pid 18114] readlink("/proc/18114/fd/0", "socket:[199607]", 4096) = 15
 .
 With this patch on top of path_max:
 .
     [pid 18433] lstat("/dev", {st_mode=S_IFDIR|0755, st_size=480, ...}) = 0
     [pid 18433] lstat("/dev/stdin", {st_mode=S_IFLNK|0777, st_size=15, ...}) = 0
     [pid 18433] lstat("/dev/stdin", {st_mode=S_IFLNK|0777, st_size=15, ...}) = 0
     [pid 18433] readlink("/dev/stdin", "/proc/self/fd/0", 15) = 15
 .
     [pid 18433] lstat("/proc", {st_mode=S_IFDIR|0555, st_size=0, ...}) = 0
     [pid 18433] lstat("/proc/self", {st_mode=S_IFLNK|0777, st_size=0, ...}) = 0
     [pid 18433] lstat("/proc/self", {st_mode=S_IFLNK|0777, st_size=0, ...}) = 0
     [pid 18433] readlink("/proc/self", "18433", 256) = 5
 .
     [pid 18433] lstat("/proc/18433", {st_mode=S_IFDIR|0555, st_size=0, ...}) = 0
     [pid 18433] lstat("/proc/18433/fd", {st_mode=S_IFDIR|0500, st_size=0, ...}) = 0
     [pid 18433] lstat("/proc/18433/fd/0", {st_mode=S_IFLNK|0700, st_size=64, ...}) = 0
     [pid 18433] lstat("/proc/18433/fd/0", {st_mode=S_IFLNK|0700, st_size=64, ...}) = 0
     [pid 18433] readlink("/proc/18433/fd/0", "socket:[191351]", 64) = 15
Bug-Ubuntu: https://bugs.launchpad.net/bugs/1792647
Bug-Debian: https://bugs.debian.org/909011
skip multicast test | (download)

test/test-udp-multicast-join.c | 2 2 + 0 - 0 !
test/test-udp-multicast-join6.c | 2 2 + 0 - 0 !
2 files changed, 4 insertions(+)

 
 skip multicast test
 Skip muliticast test to avoid this error on all build daemons:
 .
 ok 346 - udp_multicast_interface6
 not ok 347 - udp_multicast_join
 # timeout
 # Output from process `udp_multicast_join`: (no output)
 not ok 348 - udp_multicast_join6
 # timeout
 # Output from process `udp_multicast_join6`: (no output)
 ok 349 - udp_multicast_ttl
fix cve 2024 24806 | (download)

src/idna.c | 8 6 + 2 - 0 !
test/test-idna.c | 7 6 + 1 - 0 !
2 files changed, 12 insertions(+), 3 deletions(-)

 
 fix cve-2024-24806
 From upstream change log:
    Merge pull request from GHSA-f74f-cvh7-c6q6
     * fix: always zero-terminate idna output
     * fix: reject zero-length idna inputs
     * test: empty strings are not valid IDNA
 .
 See also https://github.com/libuv/libuv/security/advisories/GHSA-f74f-cvh7-c6q6
Bug: https://github.com/libuv/libuv/security/advisories/GHSA-f74f-cvh7-c6q6
Bug-Debian: https://bugs.debian.org/1063484