main/libevent: security upgrade to 2.1.8 - fixes #6798

CVE-2016-10195: dns remote stack overread vulnerability
CVE-2016-10196: (stack) buffer overflow in evutil_parse_sockaddr_port()
CVE-2016-10197: out-of-bounds read in search_make_new()

1 files changed, 97 insertions, 0 deletions

diff --git a/main/libevent/libressl.patch b/main/libevent/libressl.patch
new file mode 100644
index 0000000000..21a750c2c3
--- /dev/null
+++ b/main/libevent/libressl.patch
@@ -0,0 +1,97 @@
+diff -ru a/openssl-compat.h b/openssl-compat.h
+--- a/openssl-compat.h
++++ b/openssl-compat.h
+@@ -1,7 +1,7 @@
+ #ifndef OPENSSL_COMPAT_H
+ #define OPENSSL_COMPAT_H
+ 
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ 
+ static inline BIO_METHOD *BIO_meth_new(int type, const char *name)
+ {
+@@ -30,6 +30,6 @@
+ 
+ #define TLS_method SSLv23_method
+ 
+-#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */
++#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) */
+ 
+ #endif /* OPENSSL_COMPAT_H */
+diff -ru a/sample/https-client.c b/sample/https-client.c
+--- a/sample/https-client.c
++++ b/sample/https-client.c
+@@ -312,7 +312,7 @@
+ 	}
+ 	uri[sizeof(uri) - 1] = '\0';
+ 
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ 	// Initialize OpenSSL
+ 	SSL_library_init();
+ 	ERR_load_crypto_strings();
+@@ -480,7 +480,7 @@
+ 		SSL_CTX_free(ssl_ctx);
+ 	if (type == HTTP && ssl)
+ 		SSL_free(ssl);
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ 	EVP_cleanup();
+ 	ERR_free_strings();
+ 
+@@ -492,7 +492,7 @@
+ 	CRYPTO_cleanup_all_ex_data();
+ 
+ 	sk_SSL_COMP_free(SSL_COMP_get_compression_methods());
+-#endif /*OPENSSL_VERSION_NUMBER < 0x10100000L */
++#endif /*OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) */
+ 
+ #ifdef _WIN32
+ 	WSACleanup();
+diff -ru a/sample/le-proxy.c b/sample/le-proxy.c
+--- a/sample/le-proxy.c
++++ b/sample/le-proxy.c
+@@ -259,7 +259,7 @@
+ 
+ 	if (use_ssl) {
+ 		int r;
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ 		SSL_library_init();
+ 		ERR_load_crypto_strings();
+ 		SSL_load_error_strings();
+diff -ru a/sample/openssl_hostname_validation.c b/sample/openssl_hostname_validation.c
+--- a/sample/openssl_hostname_validation.c
++++ b/sample/openssl_hostname_validation.c
+@@ -48,7 +48,7 @@
+ 
+ #define HOSTNAME_MAX_SIZE 255
+ 
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ #define ASN1_STRING_get0_data ASN1_STRING_data
+ #endif
+ 
+diff -ru a/test/regress_ssl.c b/test/regress_ssl.c
+--- a/test/regress_ssl.c
++++ b/test/regress_ssl.c
+@@ -186,7 +186,7 @@
+ void
+ init_ssl(void)
+ {
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ 	SSL_library_init();
+ 	ERR_load_crypto_strings();
+ 	SSL_load_error_strings();
+@@ -194,6 +194,10 @@
+ 	if (SSLeay() != OPENSSL_VERSION_NUMBER) {
+ 		TT_DECLARE("WARN", ("Version mismatch for openssl: compiled with %lx but running with %lx", (unsigned long)OPENSSL_VERSION_NUMBER, (unsigned long) SSLeay()));
+ 	}
++	if (SSLeay() != LIBRESSL_VERSION_NUMBER) {
++		TT_DECLARE("WARN", ("Version mismatch for libressl: compiled with %lx but running with %lx", (unsigned long)LIBRESSL_VERSION_NUMBER, (unsigned long) SSLeay()));
++	}
++
+ #endif
+ }
+