the bitrig master branch has been updated by patrick with 4 new commits: commit d6b0a686c01918e848b90798bc72883ba44c80cb diff: https://github.com/bitrig/bitrig/commit/d6b0a68 author: Alexander Bluhm <[email protected]> date: Tue Jan 6 23:11:24 2015 +0000
Backout revision 1.37. Setting ev->ev_pncalls to NULL results in a use after free if the callback has freed the ev. With F in malloc.conf both tmux and the regression tests triggered a segmentation fault. OK nicm@ M lib/libevent/event.c commit bdc025f56484884de1260c295731526d5c5abb6e diff: https://github.com/bitrig/bitrig/commit/bdc025f author: Alexander Bluhm <[email protected]> date: Tue Jan 6 11:42:38 2015 +0000 Apply commit e0e6958aa074a7714cd7c4aa779a1dfede3a03b1 from upstream. - Avoid deadlock when activating signals. Fixes bug 3048812. Based on patch by Nicholas Marriott. The deadlock was ultimately fixed in a different way (by disabling reinit - see event.c r1.25). Add it now for consistency but without the Windows compatibility code. Convert the fnctl() calls to SOCK_CLOEXEC | SOCK_NONBLOCK to simplify the code. OK nicm@ M lib/libevent/signal.c commit 1202a3625680272b409a6eaf6940ec27a76904fd diff: https://github.com/bitrig/bitrig/commit/1202a36 author: Alexander Bluhm <[email protected]> date: Tue Jan 6 11:27:36 2015 +0000 Apply commit 2d8cf0b720cdd5f9f292f174a10ff74e62a380ec from upstream. - Defensive programming to prevent (hopefully impossible) stack-stomping OK nicm@ M lib/libevent/event.c commit 1ca3eabb7b3ad775013d6362d0df40ac0aab5009 diff: https://github.com/bitrig/bitrig/commit/1ca3eab author: Alexander Bluhm <[email protected]> date: Mon Jan 5 23:14:37 2015 +0000 Fix CVE-2014-6272 in Libevent 1.4 from upstream: - https://github.com/libevent/libevent/commit/7b21c4eabf1f3946d3f63cce1319c490caab8ecf - For this fix, we need to make sure that passing too-large inputs to the evbuffer functions can't make us do bad things with the heap. On top of that do: - Update libevent version to 1.4.15-stable. - Use SIZE_MAX from limits.h instead of a private define. - Do not declare 'size_t need' twice to avoid a compiler warning. OK sthen M lib/libevent/buffer.c M lib/libevent/event.h
