Skip to content

v4.1.x: First commit of libevent 2.1.12 #10602

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
jsquyres wants to merge 1 commit into from
Closed

v4.1.x: First commit of libevent 2.1.12 #10602

jsquyres wants to merge 1 commit into from

Conversation

@jsquyres
Copy link
Member

@jsquyres jsquyres commented Jul 24, 2022
edited
Loading

I made this PR in case #10565 is not sufficient: it upgrades the libevent on the v4.1.x branch to libevent 2.1.12. I'm opening this PR to see how well it does against CI testing.

There's at least a little more work that would need to be done on this PR if we want to merge it:

  1. make install-exec-hook gives warnings about common symbols in libevent .o files.
  2. More extensive testing to ensure this version of libevent+its integration works in all cases.
  3. Ensure that this PR does not affect things like the Open MPI v4.x ABI guarantees.
  4. If libevent symbol prefixing is to be kept, the opal_rename.h file needs to be extended to include the new public symbols in libevent 2.1.12.

bot:notacherrypick

Refs: #10542, #10565, #10583

Replace libevent 2.0.22 with 2.1.12 to address some CVEs. The CVEs in
question were in code that Open MPI did not use, and were therefore
harmless. However, in order to not have to continually explain this
to end users, we'll just upgrade the embedded libevent to a version
that does not contain the CVEs at all.

Signed-off-by: Jeff Squyres [email protected]

@jsquyres
First commit of libevent 2.1.12
dd2a23e 
Replace libevent 2.0.22 with 2.1.12 to address some CVEs.  The CVEs in
question were in code that Open MPI did not use, and were therefore
harmless.  However, in order to not have to continually explain this
to end users, we'll just upgrade the embedded libevent to a version
that does not contain the CVEs at all.

Signed-off-by: Jeff Squyres <[email protected]>
@jsquyres jsquyres added this to the v4.1.5 milestone Jul 24, 2022
@jsquyres
Copy link
Member Author

jsquyres commented Jul 24, 2022
edited
Loading

Hey @bwbarrett I'm unable to replicate the linker error that is showing up on the OMPI/Jenkins CI link fails. I've tried on MacOS, RHEL 6 and 7, and Ubuntu 20 (which is what the CI is using). Any idea what is happening on that failure?

@artemry-nv artemry-nv mentioned this pull request Sep 6, 2022
Closed
@jsquyres
Copy link
Member Author

jsquyres commented Sep 22, 2022

After much discussion and back-n-forth, this PR seems to be too much of a pain. Instead, we're going to merge the upstream patches in #10565. Closing this PR.

@jsquyres jsquyres closed this Sep 22, 2022
@jsquyres jsquyres deleted the pr/v4.1.x/libevent-2.1.12 branch September 22, 2022 15:28
@jsquyres jsquyres mentioned this pull request Sep 22, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

Target: v4.1.x

Projects

None yet

Milestone

v4.1.5

Development

Successfully merging this pull request may close these issues.

1 participant

@jsquyres