import libuv-1.38.0-2.el8

.gitignore

@@ -1 +1 @@
-SOURCES/libuv-v1.23.1.tar.gz
+SOURCES/libuv-v1.38.0.tar.gz

.libuv.metadata

@@ -1 +1 @@
-394e088ff024e34bc4470e08a55e0eabe3209eae SOURCES/libuv-v1.23.1.tar.gz
+ec045c2dfd29e1c6caab5886244fcb56a95b93f1 SOURCES/libuv-v1.38.0.tar.gz

SOURCES/0001-Disable-failing-network-tests.patch

@@ -0,0 +1,65 @@
+diff --git a/Makefile.am b/Makefile.am
+index d9d2f3d0..1d105806 100644
+--- a/Makefile.am
++++ b/Makefile.am
+@@ -254,7 +254,6 @@ test_run_tests_SOURCES = test/blackhole-server.c \
+                          test/test-tcp-create-socket-early.c \
+                          test/test-tcp-connect-error-after-write.c \
+                          test/test-tcp-connect-error.c \
+-                         test/test-tcp-connect-timeout.c \
+                          test/test-tcp-connect6-error.c \
+                          test/test-tcp-flags.c \
+                          test/test-tcp-open.c \
+@@ -288,8 +287,6 @@ test_run_tests_SOURCES = test/blackhole-server.c \
+                          test/test-udp-ipv6.c \
+                          test/test-udp-multicast-interface.c \
+                          test/test-udp-multicast-interface6.c \
+-                         test/test-udp-multicast-join.c \
+-                         test/test-udp-multicast-join6.c \
+                          test/test-udp-multicast-ttl.c \
+                          test/test-udp-open.c \
+                          test/test-udp-options.c \
+diff --git a/test/test-list.h b/test/test-list.h
+index 24a8a657..cb034076 100644
+--- a/test/test-list.h
++++ b/test/test-list.h
+@@ -126,7 +126,7 @@ TEST_DECLARE   (tcp_bind_invalid_flags)
+ TEST_DECLARE   (tcp_bind_writable_flags)
+ TEST_DECLARE   (tcp_listen_without_bind)
+ TEST_DECLARE   (tcp_connect_error_fault)
+-TEST_DECLARE   (tcp_connect_timeout)
++// TEST_DECLARE   (tcp_connect_timeout)
+ TEST_DECLARE   (tcp_close_while_connecting)
+ TEST_DECLARE   (tcp_close)
+ TEST_DECLARE   (tcp_close_reset_accepted)
+@@ -162,8 +162,8 @@ TEST_DECLARE   (udp_send_and_recv)
+ TEST_DECLARE   (udp_send_hang_loop)
+ TEST_DECLARE   (udp_send_immediate)
+ TEST_DECLARE   (udp_send_unreachable)
+-TEST_DECLARE   (udp_multicast_join)
+-TEST_DECLARE   (udp_multicast_join6)
++// TEST_DECLARE   (udp_multicast_join)
++// TEST_DECLARE   (udp_multicast_join6)
+ TEST_DECLARE   (udp_multicast_ttl)
+ TEST_DECLARE   (udp_multicast_interface)
+ TEST_DECLARE   (udp_multicast_interface6)
+@@ -670,7 +670,7 @@ TASK_LIST_START
+   TEST_ENTRY  (tcp_bind_writable_flags)
+   TEST_ENTRY  (tcp_listen_without_bind)
+   TEST_ENTRY  (tcp_connect_error_fault)
+-  TEST_ENTRY  (tcp_connect_timeout)
++//  TEST_ENTRY  (tcp_connect_timeout)
+   TEST_ENTRY  (tcp_close_while_connecting)
+   TEST_ENTRY  (tcp_close)
+   TEST_ENTRY  (tcp_close_reset_accepted)
+@@ -717,8 +717,8 @@ TASK_LIST_START
+   TEST_ENTRY  (udp_no_autobind)
+   TEST_ENTRY  (udp_multicast_interface)
+   TEST_ENTRY  (udp_multicast_interface6)
+-  TEST_ENTRY  (udp_multicast_join)
+-  TEST_ENTRY  (udp_multicast_join6)
++//  TEST_ENTRY  (udp_multicast_join)
++//  TEST_ENTRY  (udp_multicast_join6)
+   TEST_ENTRY  (udp_multicast_ttl)
+   TEST_ENTRY  (udp_try_send)
+ 

SOURCES/libuv-unix-don-t-use-_POSIX_PATH_MAX.patch

@@ -0,0 +1,48 @@
+Upstream patch from https://github.com/libuv/libuv/pull/2966
+to address https://bugzilla.redhat.com/show_bug.cgi?id=1879330
+Resolves: #CVE-2020-8252
+
+From 0e6e8620496dff0eb285589ef1e37a7f407f3ddd Mon Sep 17 00:00:00 2001
+From: Ben Noordhuis <info@bnoordhuis.nl>
+Date: Mon, 24 Aug 2020 11:42:27 +0200
+Subject: unix: don't use _POSIX_PATH_MAX
+
+Libuv was using _POSIX_PATH_MAX wrong. Bug introduced in commit b56d279b
+("unix: do not require PATH_MAX to be defined") from September 2018.
+
+_POSIX_PATH_MAX is the minimum max path size guaranteed by POSIX, not
+the actual max path size of the system libuv runs on. _POSIX_PATH_MAX
+is always 256, the real max is often much bigger.
+
+This commit fixes buffer overruns when processing very long paths in
+uv_fs_readlink() and uv_fs_realpath() because libuv was not allocating
+enough memory to store the result.
+
+Fixes: https://github.com/libuv/libuv/issues/2965
+PR-URL: https://github.com/libuv/libuv/pull/2966
+Reviewed-By: Richard Lau <riclau@uk.ibm.com>
+Reviewed-By: Santiago Gimeno <santiago.gimeno@gmail.com>
+Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
+Reviewed-By: Jameson Nash <vtjnash@gmail.com>
+---
+ src/unix/internal.h | 4 +---
+ 1 file changed, 1 insertion(+), 3 deletions(-)
+
+diff --git a/src/unix/internal.h b/src/unix/internal.h
+index 30711673..9d3c2297 100644
+--- a/src/unix/internal.h
++++ b/src/unix/internal.h
+@@ -62,9 +62,7 @@
+ # include <AvailabilityMacros.h>
+ #endif
+ 
+-#if defined(_POSIX_PATH_MAX)
+-# define UV__PATH_MAX _POSIX_PATH_MAX
+-#elif defined(PATH_MAX)
++#if defined(PATH_MAX)
+ # define UV__PATH_MAX PATH_MAX
+ #else
+ # define UV__PATH_MAX 8192
+-- 
+2.26.2
+

SOURCES/libuv.abignore

@@ -0,0 +1,6 @@
+[suppress_function]
+symbol_name_regexp = ^uv__.*
+
+[suppress_function]
+symbol_name_regexp = .*
+change_kind = added-function

SPECS/libuv.spec

@@ -1,7 +1,12 @@
+# Some of the tests do not work with the network-free environment in Koji
+# The packager should run `fedpkg local --with tests` on their machine
+# before pushing to Koji
+%bcond_with tests
+
 Name:           libuv
 Epoch:          1
-Version:        1.23.1
-Release:        1%{?dist}
+Version:        1.38.0
+Release:        2%{?dist}
 Summary:        Platform layer for node.js
 
 # the licensing breakdown is described in detail in the LICENSE file
@@ -9,10 +14,19 @@ License:        MIT and BSD and ISC
 URL:            http://libuv.org/
 Source0:        http://dist.libuv.org/dist/v%{version}/libuv-v%{version}.tar.gz
 Source2:        %{name}.pc.in
+Source3:        libuv.abignore
 
 BuildRequires:  autoconf automake libtool
 BuildRequires:  gcc
 
+%if %{with tests}
+# don't remove network tests
+%else
+# -- Patches -- #
+Patch1:         0001-Disable-failing-network-tests.patch
+%endif
+Patch2:         libuv-unix-don-t-use-_POSIX_PATH_MAX.patch
+
 %description
 libuv is a new platform layer for Node. Its purpose is to abstract IOCP on
 Windows and libev on Unix systems. We intend to eventually contain all platform
@@ -32,6 +46,7 @@ Requires:       %{name}-devel%{?_isa} = %{epoch}:%{version}-%{release}
 %description static
 Static library (.a) version of libuv.
 
+
 %prep
 %autosetup -n %{name}-v%{version} -p1
 
@@ -44,12 +59,17 @@ Static library (.a) version of libuv.
 %make_install
 rm -f %{buildroot}%{_libdir}/libuv.la
 
+mkdir -p %{buildroot}%{_libdir}/libuv/
+install -Dm0644 -t %{buildroot}%{_libdir}/libuv/ %{SOURCE3}
+
 %check
 # Tests are currently disabled because some require network access
 # Working with upstream to split these out
 #./run-tests
 #./run-benchmarks
 
+make check
+
 %ldconfig_scriptlets
 
 %files
@@ -57,6 +77,7 @@ rm -f %{buildroot}%{_libdir}/libuv.la
 %doc ChangeLog
 %license LICENSE
 %{_libdir}/%{name}.so.*
+%{_libdir}/libuv/libuv.abignore
 
 %files devel
 %{_libdir}/%{name}.so
@@ -68,6 +89,26 @@ rm -f %{buildroot}%{_libdir}/libuv.la
 %{_libdir}/%{name}.a
 
 %changelog
+* Wed Sep 23 2020 Honza Horak <hhorak@redhat.com> - 1:1.38.0-2
+- Fix max path size by not using _POSIX_PATH_MAX
+  Resolves: #1879330
+  Fixes: CVE-2020-8252
+
+* Tue Jun 09 2020 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:1.38.0-1
+- Update, disable failing tests
+
+* Thu May 28 2020 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:1.37.0-3
+- Run tests
+
+* Mon May 11 2020 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:1.37.0-2
+- Resolves: RHBZ#1817821
+- bump for build
+
+* Mon May 04 2020 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:1.37.0-1
+- Resolves: RHBZ#1817821
+- Update to 1.37.0
+- Add abidiff ignore file
+
 * Mon Oct 08 2018 Jan Staněk <jstanek@redhat.com> - 1:1.23.1-1
 - Update to 1.23.1
 - Resolves: rhbz#1637000