!61 fix CVE-2024-24806

From: @tong_1001 
Reviewed-by: @zengwefeng 
Signed-off-by: @zengwefeng

0001-unix-ignore-ifaddrs-with-NULL-ifa_addr-4218.patch

@@ -0,0 +1,33 @@
+From b963f0a75bd6c95fbfa0ac17e46ab1f9d1a787c4 Mon Sep 17 00:00:00 2001
+From: Stephen Gallagher <sgallagh@redhat.com>
+Date: Tue, 14 Nov 2023 04:23:28 -0500
+Subject: [PATCH 1/2] unix: ignore ifaddrs with NULL ifa_addr (#4218)
+
+Passing this to uv__is_ipv6_link_local() is causing a segmentation
+fault. Note that the documentation for getifaddrs() explicitly states
+that this value may be NULL.
+
+Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
+---
+ src/unix/tcp.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/src/unix/tcp.c b/src/unix/tcp.c
+index a6b53e5913271d0c83e1d7f7e4cb8140f5f3936d..29f4532e747db50146a8b821389f4d45304c5cd0 100644
+--- a/src/unix/tcp.c
++++ b/src/unix/tcp.c
+@@ -233,8 +233,9 @@ static int uv__ipv6_link_local_scope_id(void) {
+     return 0;
+ 
+   for (p = ifa; p != NULL; p = p->ifa_next)
+-    if (uv__is_ipv6_link_local(p->ifa_addr))
+-      break;
++    if (p->ifa_addr != NULL)
++      if (uv__is_ipv6_link_local(p->ifa_addr))
++        break;
+ 
+   rv = 0;
+   if (p != NULL) {
+-- 
+2.41.0
+

0002-test-check-if-ipv6-link-local-traffic-is-routable.patch

@@ -0,0 +1,58 @@
+From 21e403424060d71e97ee1ef328288fdb9d24a191 Mon Sep 17 00:00:00 2001
+From: Ben Noordhuis <info@bnoordhuis.nl>
+Date: Tue, 14 Nov 2023 10:58:02 +0100
+Subject: [PATCH 2/2] test: check if ipv6 link-local traffic is routable
+
+Fixes: https://github.com/libuv/libuv/issues/4211
+---
+ test/test-tcp-connect6-error.c | 17 +++++++++++++++++
+ 1 file changed, 17 insertions(+)
+
+diff --git a/test/test-tcp-connect6-error.c b/test/test-tcp-connect6-error.c
+index 1e6d7c78da999d5d6d1f5e1e57646e34aba4a33b..dc2fce82f8958ac5afaeafafa8f2efccf2a1e1ec 100644
+--- a/test/test-tcp-connect6-error.c
++++ b/test/test-tcp-connect6-error.c
+@@ -23,6 +23,7 @@
+ #include "task.h"
+ #include <stdio.h>
+ #include <stdlib.h>
++#include <string.h>
+ 
+ 
+ static int connect_cb_called = 0;
+@@ -75,9 +76,13 @@ TEST_IMPL(tcp_connect6_error_fault) {
+ 
+ 
+ TEST_IMPL(tcp_connect6_link_local) {
++  uv_interface_address_t* ifs;
++  uv_interface_address_t* p;
+   struct sockaddr_in6 addr;
+   uv_connect_t req;
+   uv_tcp_t server;
++  int ok;
++  int n;
+ 
+   if (!can_ipv6())
+     RETURN_SKIP("IPv6 not supported");
+@@ -90,6 +95,18 @@ TEST_IMPL(tcp_connect6_link_local) {
+   RETURN_SKIP("Test does not currently work in QEMU");
+ #endif  /* defined(__QEMU__) */
+ 
++  /* Check there's an interface that routes link-local (fe80::/10) traffic. */
++  ASSERT_OK(uv_interface_addresses(&ifs, &n));
++  for (p = ifs; p < &ifs[n]; p++)
++    if (p->address.address6.sin6_family == AF_INET6)
++      if (!memcmp(&p->address.address6.sin6_addr, "\xfe\x80", 2))
++        break;
++  ok = (p < &ifs[n]);
++  uv_free_interface_addresses(ifs, n);
++
++  if (!ok)
++    RETURN_SKIP("IPv6 link-local traffic not supported");
++
+   ASSERT_OK(uv_ip6_addr("fe80::0bad:babe", 1337, &addr));
+   ASSERT_OK(uv_tcp_init(uv_default_loop(), &server));
+ 
+-- 
+2.41.0
+

0003-test_fs.c-Fix-issue-on-32-bit-systems-using-btrfs.patch

@@ -0,0 +1,34 @@
+From 3d10efa49dc063831787bc01501ab946f6d91282 Mon Sep 17 00:00:00 2001
+From: Stephen Gallagher <sgallagh@redhat.com>
+Date: Thu, 16 Nov 2023 10:00:20 -0500
+Subject: [PATCH 3/3] test_fs.c: Fix issue on 32-bit systems using btrfs
+
+On Fedora's build system, the build environment runs on btrfs. This
+revealed a bug in the test on i686 systems, where this comparison was
+being performed as a comparison of two signed integers, but the
+filesystem type of btrfs happens to use the higher-order bits, resulting
+in it appearing as a negative value.
+
+BTRFS_SUPER_MAGIC     0x9123683e
+
+Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
+---
+ test/test-fs.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/test/test-fs.c b/test/test-fs.c
+index 1acdc5c67082c7ea4f579f25af82cd9bd3fefc71..ab8a9e07ccea95493e479703a07bebca5e29be30 100644
+--- a/test/test-fs.c
++++ b/test/test-fs.c
+@@ -343,7 +343,7 @@ static void statfs_cb(uv_fs_t* req) {
+   defined(__OpenBSD__) || defined(__NetBSD__)
+   ASSERT_OK(stats->f_type);
+ #else
+-  ASSERT_GT(stats->f_type, 0);
++  ASSERT_UINT64_GT(stats->f_type, 0);
+ #endif
+ 
+   ASSERT_GT(stats->f_bsize, 0);
+-- 
+2.41.0
+

backport-0001-CVE-2024-24806.patch

@@ -0,0 +1,50 @@
+From 0f2d7e784a256b54b2385043438848047bc2a629 Mon Sep 17 00:00:00 2001
+From: Ben Noordhuis <info@bnoordhuis.nl>
+Date: Thu, 18 Jan 2024 14:51:40 +0100
+Subject: [PATCH] fix: always zero-terminate idna output
+
+Fixes: https://github.com/libuv/libuv/security/advisories/GHSA-f74f-cvh7-c6q6
+---
+ src/idna.c       | 5 +++--
+ test/test-idna.c | 4 ++++
+ 2 files changed, 7 insertions(+), 2 deletions(-)
+
+diff --git a/src/idna.c b/src/idna.c
+index 3cf79ca94b1..4638546d020 100644
+--- a/src/idna.c
++++ b/src/idna.c
+@@ -356,9 +356,10 @@ ssize_t uv__idna_toascii(const char* s, const char* se, char* d, char* de) {
+       return rc;
+   }
+ 
+-  if (d < de)
+-    *d++ = '\0';
++  if (d >= de)
++    return UV_EINVAL;
+ 
++  *d++ = '\0';
+   return d - ds;  /* Number of bytes written. */
+ }
+ 
+diff --git a/test/test-idna.c b/test/test-idna.c
+index bcacfc8a3ad..5f8d696a7f0 100644
+--- a/test/test-idna.c
++++ b/test/test-idna.c
+@@ -100,6 +100,7 @@ TEST_IMPL(utf8_decode1) {
+ TEST_IMPL(utf8_decode1_overrun) {
+   const char* p;
+   char b[1];
++  char c[1];
+ 
+   /* Single byte. */
+   p = b;
+@@ -113,6 +114,9 @@ TEST_IMPL(utf8_decode1_overrun) {
+   ASSERT_EQ((unsigned) -1, uv__utf8_decode1(&p, b + 1));
+   ASSERT_PTR_EQ(p, b + 1);
+ 
++  b[0] = 0x7F;
++  ASSERT_EQ(UV_EINVAL, uv__idna_toascii(b, b + 1, c, c + 1));
++
+   return 0;
+ }
+ 

backport-0002-CVE-2024-24806.patch

@@ -0,0 +1,37 @@
+From 3530bcc30350d4a6ccf35d2f7b33e23292b9de70 Mon Sep 17 00:00:00 2001
+From: Ben Noordhuis <info@bnoordhuis.nl>
+Date: Thu, 18 Jan 2024 14:52:38 +0100
+Subject: [PATCH] fix: reject zero-length idna inputs
+
+Fixes: https://github.com/libuv/libuv/security/advisories/GHSA-f74f-cvh7-c6q6
+---
+ src/idna.c       | 3 +++
+ test/test-idna.c | 1 +
+ 2 files changed, 4 insertions(+)
+
+diff --git a/src/idna.c b/src/idna.c
+index 4638546d020..efc5f283ce2 100644
+--- a/src/idna.c
++++ b/src/idna.c
+@@ -322,6 +322,9 @@ ssize_t uv__idna_toascii(const char* s, const char* se, char* d, char* de) {
+   char* ds;
+   int rc;
+ 
++  if (s == se)
++    return UV_EINVAL;
++
+   ds = d;
+ 
+   si = s;
+diff --git a/test/test-idna.c b/test/test-idna.c
+index 5f8d696a7f0..3c4820f7659 100644
+--- a/test/test-idna.c
++++ b/test/test-idna.c
+@@ -115,6 +115,7 @@ TEST_IMPL(utf8_decode1_overrun) {
+   ASSERT_PTR_EQ(p, b + 1);
+ 
+   b[0] = 0x7F;
++  ASSERT_EQ(UV_EINVAL, uv__idna_toascii(b, b + 0, c, c + 1));
+   ASSERT_EQ(UV_EINVAL, uv__idna_toascii(b, b + 1, c, c + 1));
+ 
+   return 0;

backport-0003-CVE-2024-24806.patch

@@ -0,0 +1,24 @@
+From e0327e1d508b8207c9150b6e582f0adf26213c39 Mon Sep 17 00:00:00 2001
+From: Santiago Gimeno <santiago.gimeno@gmail.com>
+Date: Wed, 7 Feb 2024 20:27:58 +0100
+Subject: [PATCH] test: empty strings are not valid IDNA
+
+Fixes: https://github.com/libuv/libuv/security/advisories/GHSA-f74f-cvh7-c6q6
+---
+ test/test-idna.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/test/test-idna.c b/test/test-idna.c
+index 3c4820f7659..28f9eaaae9e 100644
+--- a/test/test-idna.c
++++ b/test/test-idna.c
+@@ -151,8 +151,8 @@ TEST_IMPL(idna_toascii) {
+   /* Illegal inputs. */
+   F("\xC0\x80\xC1\x80", UV_EINVAL);  /* Overlong UTF-8 sequence. */
+   F("\xC0\x80\xC1\x80.com", UV_EINVAL);  /* Overlong UTF-8 sequence. */
++  F("", UV_EINVAL);
+   /* No conversion. */
+-  T("", "");
+   T(".", ".");
+   T(".com", ".com");
+   T("example", "example");

backport-Skip-some-tests.patch

@@ -1,47 +0,0 @@
-From ec2de79876a5612916707aa3f107a99e6eeb0bff Mon Sep 17 00:00:00 2001
-From: Stephen Gallagher <sgallagh@redhat.com>
-Date: Wed, 5 Jan 2022 17:02:49 -0500
-Subject: [PATCH] Skip some tests 
-
-Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
----
- test/test-list.h | 6 ------
- 1 file changed, 6 deletions(-)
-
-diff --git a/test/test-list.h b/test/test-list.h
-index 59b95da..1d8e00a 100644
---- a/test/test-list.h
-+++ b/test/test-list.h
-@@ -163,12 +163,9 @@ TEST_DECLARE   (udp_create_early)
- TEST_DECLARE   (udp_create_early_bad_bind)
- TEST_DECLARE   (udp_create_early_bad_domain)
- TEST_DECLARE   (udp_send_and_recv)
--TEST_DECLARE   (udp_send_hang_loop)
- TEST_DECLARE   (udp_send_immediate)
- TEST_DECLARE   (udp_send_unreachable)
- TEST_DECLARE   (udp_mmsg)
--TEST_DECLARE   (udp_multicast_join)
--TEST_DECLARE   (udp_multicast_join6)
- TEST_DECLARE   (udp_multicast_ttl)
- TEST_DECLARE   (udp_multicast_interface)
- TEST_DECLARE   (udp_multicast_interface6)
-@@ -737,7 +734,6 @@ TASK_LIST_START
-   TEST_ENTRY  (udp_create_early_bad_bind)
-   TEST_ENTRY  (udp_create_early_bad_domain)
-   TEST_ENTRY  (udp_send_and_recv)
--  TEST_ENTRY  (udp_send_hang_loop)
-   TEST_ENTRY  (udp_send_immediate)
-   TEST_ENTRY  (udp_send_unreachable)
-   TEST_ENTRY  (udp_dgram_too_big)
-@@ -749,8 +745,6 @@ TASK_LIST_START
-   TEST_ENTRY  (udp_mmsg)
-   TEST_ENTRY  (udp_multicast_interface)
-   TEST_ENTRY  (udp_multicast_interface6)
--  TEST_ENTRY  (udp_multicast_join)
--  TEST_ENTRY  (udp_multicast_join6)
-   TEST_ENTRY  (udp_multicast_ttl)
-   TEST_ENTRY  (udp_sendmmsg_error)
-   TEST_ENTRY  (udp_try_send)
--- 
-2.33.0
-

libuv.abignore

@@ -0,0 +1,6 @@
+[suppress_function]
+symbol_name_regexp = ^uv__.*
+
+[suppress_function]
+symbol_name_regexp = .*
+change_kind = added-function

libuv.pc.in

@@ -0,0 +1,11 @@
+prefix=@prefix@
+exec_prefix=@exec_prefix@
+libdir=@libdir@
+includedir=@includedir@
+
+Name: libuv
+Description: Development libraries for libuv
+Version: @version@
+Libs: -L${libdir} -luv -lrt -lpthread -lnsl -ldl
+Cflags: -I{includedir}
+URL: http://libuv.org/

libuv.spec

@@ -1,15 +1,31 @@
 Name:           libuv
 Epoch:          1
-Version:        1.42.0
-Release:        4
+Version:        1.47.0
+Release:        2
 Summary:        A multi-platform support library with a focus on asynchronous I/O
 
 # from README.md
 License:        MIT and CC-BY-4.0
 URL:            http://libuv.org/
 Source0:        http://dist.libuv.org/dist/v%{version}/%{name}-v%{version}.tar.gz
+Source2:        %{name}.pc.in
+Source3:        libuv.abignore
 
-Patch1:         backport-Skip-some-tests.patch
+# Test fix for IPv6 interfaces with a NULL ifa_addr
+# https://github.com/libuv/libuv/pull/4218
+Patch1: 0001-unix-ignore-ifaddrs-with-NULL-ifa_addr-4218.patch
+
+# test: check if ipv6 link-local traffic is routable
+# https://github.com/libuv/libuv/pull/4220
+Patch2: 0002-test-check-if-ipv6-link-local-traffic-is-routable.patch
+
+# test: Use unsigned comparison for fs_type
+# https://github.com/libuv/libuv/pull/4227
+Patch3: 0003-test_fs.c-Fix-issue-on-32-bit-systems-using-btrfs.patch
+
+Patch6000: backport-0001-CVE-2024-24806.patch
+Patch6001: backport-0002-CVE-2024-24806.patch
+Patch6002: backport-0003-CVE-2024-24806.patch
 
 BuildRequires:  autoconf automake libtool gcc make
 
@@ -21,7 +37,7 @@ Julia, pyuv, and others.
 %package devel
 Summary:        Development libraries for libuv
 Requires:       %{name}%{?_isa} = %{epoch}:%{version}-%{release}
-Obsoletes:      %{name}-static
+Obsoletes:      %{name}-static < %{version}-%{release}
 Provides:       %{name}-static
 
 %description devel
@@ -40,14 +56,18 @@ Development libraries for libuv
 %install
 %make_install
 %delete_la
+mkdir -p %{buildroot}%{_libdir}/libuv/
+install -Dm0644 -t %{buildroot}%{_libdir}/libuv/ %{SOURCE3}
+
+%ldconfig_scriptlets
 
 %check
-%ldconfig_scriptlets
 make check
 
 %files
 %license LICENSE
 %{_libdir}/%{name}.so.*
+%{_libdir}/libuv/libuv.abignore
 
 %files devel
 %{_libdir}/%{name}.so
@@ -61,6 +81,18 @@ make check
 %doc ChangeLog
 
 %changelog
+* Sun Feb 18 2024 shixuantong <shixuantong1@huawei.com> - 1:1.47.0-2
+- fix CVE-2024-24806
+
+* Mon Nov 27 2023 Jingwiw  <wangjingwei@iscas.ac.cn> - 1:1.47.0-1
+- Upgrade to 1.47.0
+
+* Thu May 04 2023 lilong <lilong@kylinos.cn> - 1:1.44.2-1
+- Upgrade to 1.44.2
+
+* Mon Apr 24 2023 shixuantong <shixuantong1@huawei.com> - 1:1.42.0-5
+- fix Obsoletes in spec and remove ldconfig_scriptlets from check
+
 * Thu Dec 15 2022 shixuantong <shixuantong1@huawei.com> - 1:1.42.0-4
 - add make to buildrequires
 
@@ -79,7 +111,7 @@ make check
 * Mon Dec 14 2020 wangxiao <wangxiao65@huawei.com> - 1.38.1-2
 - fix CVE-2020-8252
 
-* Mon Jul 27 2020wenzhanli<wenzhanli2@huawei.com> - 1.38.1-1
+* Mon Jul 27 2020 wenzhanli <wenzhanli2@huawei.com> - 1.38.1-1
 - Type:bugfix
 - ID:NA
 - SUG:NA