diff --git a/.gitignore b/.gitignore index a8498d8..5c53e6b 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -SOURCES/libmaxminddb-1.2.0.tar.gz +libmaxminddb-1.9.1.tar.gz diff --git a/.libmaxminddb.metadata b/.libmaxminddb.metadata deleted file mode 100644 index 04afa58..0000000 --- a/.libmaxminddb.metadata +++ /dev/null @@ -1 +0,0 @@ -27b3a1cdf8f7053fa1b053ca8b31d4497ffa6019 SOURCES/libmaxminddb-1.2.0.tar.gz diff --git a/SOURCES/0000-CVE-2020-28241.patch b/SOURCES/0000-CVE-2020-28241.patch deleted file mode 100644 index 981754e..0000000 --- a/SOURCES/0000-CVE-2020-28241.patch +++ /dev/null @@ -1,123 +0,0 @@ -From eac45e29196bcde1d123a6035c15d30356bed248 Mon Sep 17 00:00:00 2001 -From: Gregory Oschwald -Date: Wed, 5 Aug 2020 14:16:17 -0700 -Subject: [PATCH] Replace most malloc uses with calloc - -Closes #236. ---- - Changes.md | 4 ++++ - bin/mmdblookup.c | 10 +++++----- - doc/libmaxminddb.md | 2 +- - src/maxminddb.c | 21 ++++++++++++--------- - 4 files changed, 22 insertions(+), 15 deletions(-) - -diff --git a/bin/mmdblookup.c b/bin/mmdblookup.c -index 4a3403c6..d7ec3fff 100644 ---- a/bin/mmdblookup.c -+++ b/bin/mmdblookup.c -@@ -294,7 +294,7 @@ LOCAL const char **get_options( - } - - const char **lookup_path = -- malloc(sizeof(const char *) * ((argc - optind) + 1)); -+ calloc((argc - optind) + 1, sizeof(const char *)); - int i; - for (i = 0; i < argc - optind; i++) { - lookup_path[i] = argv[i + optind]; -diff --git a/doc/libmaxminddb.md b/doc/libmaxminddb.md -index 191637b3..6e841cbc 100644 ---- a/doc/libmaxminddb.md -+++ b/doc/libmaxminddb.md -@@ -307,7 +307,7 @@ libmaxminddb code. - - The `utf8_string`, `bytes`, and (maybe) the `uint128` members of this structure - are all pointers directly into the database's data section. This can either be --a `malloc`'d or `mmap`'d block of memory. In either case, these pointers will -+a `calloc`'d or `mmap`'d block of memory. In either case, these pointers will - become invalid after `MMDB_close()` is called. - - If you need to refer to this data after that time you should copy the data -diff --git a/src/maxminddb.c b/src/maxminddb.c -index 21c18f2b..b45d5afa 100644 ---- a/src/maxminddb.c -+++ b/src/maxminddb.c -@@ -36,7 +36,7 @@ - do { \ - char *binary = byte_to_binary(byte); \ - if (NULL == binary) { \ -- fprintf(stderr, "Malloc failed in DEBUG_BINARY\n"); \ -+ fprintf(stderr, "Calloc failed in DEBUG_BINARY\n"); \ - abort(); \ - } \ - fprintf(stderr, fmt "\n", binary); \ -@@ -54,7 +54,7 @@ - #ifdef MMDB_DEBUG - DEBUG_FUNC char *byte_to_binary(uint8_t byte) - { -- char *bits = malloc(sizeof(char) * 9); -+ char *bits = calloc(9, sizeof(char)); - if (NULL == bits) { - return bits; - } -@@ -704,7 +704,7 @@ LOCAL int populate_languages_metadata(MMDB_s *mmdb, MMDB_s *metadata_db, - MMDB_INVALID_METADATA_ERROR); - - mmdb->metadata.languages.count = 0; -- mmdb->metadata.languages.names = malloc(array_size * sizeof(char *)); -+ mmdb->metadata.languages.names = calloc(array_size, sizeof(char *)); - if (NULL == mmdb->metadata.languages.names) { - return MMDB_OUT_OF_MEMORY_ERROR; - } -@@ -722,7 +722,7 @@ LOCAL int populate_languages_metadata(MMDB_s *mmdb, MMDB_s *metadata_db, - if (NULL == mmdb->metadata.languages.names[i]) { - return MMDB_OUT_OF_MEMORY_ERROR; - } -- // We assign this as we go so that if we fail a malloc and need to -+ // We assign this as we go so that if we fail a calloc and need to - // free it, the count is right. - mmdb->metadata.languages.count = i + 1; - } -@@ -774,7 +774,7 @@ LOCAL int populate_description_metadata(MMDB_s *mmdb, MMDB_s *metadata_db, - MMDB_INVALID_METADATA_ERROR); - - mmdb->metadata.description.descriptions = -- malloc(map_size * sizeof(MMDB_description_s *)); -+ calloc(map_size, sizeof(MMDB_description_s *)); - if (NULL == mmdb->metadata.description.descriptions) { - status = MMDB_OUT_OF_MEMORY_ERROR; - goto cleanup; -@@ -782,7 +782,7 @@ LOCAL int populate_description_metadata(MMDB_s *mmdb, MMDB_s *metadata_db, - - for (uint32_t i = 0; i < map_size; i++) { - mmdb->metadata.description.descriptions[i] = -- malloc(sizeof(MMDB_description_s)); -+ calloc(1, sizeof(MMDB_description_s)); - if (NULL == mmdb->metadata.description.descriptions[i]) { - status = MMDB_OUT_OF_MEMORY_ERROR; - goto cleanup; -@@ -1134,7 +1134,7 @@ int MMDB_vget_value(MMDB_entry_s *const start, - MAYBE_CHECK_SIZE_OVERFLOW(length, SIZE_MAX / sizeof(const char *) - 1, - MMDB_INVALID_METADATA_ERROR); - -- const char **path = malloc((length + 1) * sizeof(const char *)); -+ const char **path = calloc(length + 1, sizeof(const char *)); - if (NULL == path) { - return MMDB_OUT_OF_MEMORY_ERROR; - } -@@ -2010,6 +2010,7 @@ LOCAL MMDB_entry_data_list_s *dump_entry_data_list( - char *hex_string = - bytes_to_hex((uint8_t *)entry_data_list->entry_data.bytes, - entry_data_list->entry_data.data_size); -+ - if (NULL == hex_string) { - *status = MMDB_OUT_OF_MEMORY_ERROR; - return NULL; -@@ -2103,7 +2104,7 @@ LOCAL char *bytes_to_hex(uint8_t *bytes, uint32_t size) - char *hex_string; - MAYBE_CHECK_SIZE_OVERFLOW(size, SIZE_MAX / 2 - 1, NULL); - -- hex_string = malloc((size * 2) + 1); -+ hex_string = calloc((size * 2) + 1, sizeof(char)); - if (NULL == hex_string) { - return NULL; - } diff --git a/SPECS/libmaxminddb.spec b/SPECS/libmaxminddb.spec deleted file mode 100644 index e633ee1..0000000 --- a/SPECS/libmaxminddb.spec +++ /dev/null @@ -1,143 +0,0 @@ -Name: libmaxminddb -Summary: C library for the MaxMind DB file format -Version: 1.2.0 -Release: 10%{?dist}.1 -URL: https://maxmind.github.io/libmaxminddb -Source0: https://github.com/maxmind/%{name}/releases/download/%{version}/%{name}-%{version}.tar.gz - -# original libmaxminddb code is Apache Licence 2.0 -# src/maxminddb-compat-util.h is BSD -License: ASL 2.0 and BSD - -BuildRequires: perl-interpreter -Recommends: geolite2-city, geolite2-country - -Patch0000: 0000-CVE-2020-28241.patch - -%description -The package contains libmaxminddb library. - -%package devel -Requires: %{name}%{?_isa} = %{version}-%{release} -Requires: pkgconfig -#the only binary in -devel subpackage has been moved to the main package -#this means that the -devel-debuginfo pkg is missing and it would interrupt update path -Obsoletes: libmaxminddb-devel-debuginfo < 1.2.0-8 -Summary: Development header files for libmaxminddb - -%description devel -The package contains development header files for the libmaxminddb library -and the mmdblookup utility which allows IP address lookup in a MaxMind DB file. - -%prep -%setup -q - -%patch0000 -p1 -b .cve-2020-28241 - -%build -%configure --disable-static -# remove embeded RPATH -sed -i 's|^hardcode_libdir_flag_spec=.*|hardcode_libdir_flag_spec=""|g' libtool -sed -i 's|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g' libtool -# link only requried libraries -sed -i -e 's! -shared ! -Wl,--as-needed\0!g' libtool -make %{?_smp_mflags} - -%check -# tests are linked dynamically, preload the library as we have removed RPATH -LD_PRELOAD=%{buildroot}%{_libdir}/libmaxminddb.so make check - -%install -%make_install -rm -fv %{buildroot}%{_libdir}/*.la - -#fix multilib install of devel pkg -mv %{buildroot}%{_includedir}/maxminddb_config.h \ - %{buildroot}%{_includedir}/maxminddb_config-%{__isa_bits}.h -cat > %{buildroot}%{_includedir}/maxminddb_config.h << EOF -#include - -#if __WORDSIZE == 32 -#include -#elif __WORDSIZE == 64 -#include -#else -#error "Unknown word size" -#endif -EOF - - -%post -p /sbin/ldconfig - -%postun -p /sbin/ldconfig - -%files -%license LICENSE -%{_libdir}/libmaxminddb.so.* -%{_bindir}/mmdblookup -%{_mandir}/man1/mmdblookup.1.gz - -%files devel -%license NOTICE -%doc Changes.md -%{_includedir}/maxminddb.h -%{_includedir}/maxminddb_config*.h -%{_libdir}/libmaxminddb.so -%{_libdir}/pkgconfig/libmaxminddb.pc -%{_mandir}/man3/* - -%changelog -* Thu Jan 04 2024 Michal Ruprich - 1.2.0-10.1 -- Resolves: RHEL-20594 - improper initialization in dump_entry_data_list() in maxminddb.c - -* Mon Jun 08 2020 Michal Ruprich - 1.2.0-10 -- Related: #1642001 - Obsoleting -devel-debuginfo to enable clean update path - -* Mon May 25 2020 Michal Ruprich - 1.2.0-9 -- Related: #1642001 - moving manpage of mmdblookup from -devel subpackage - -* Fri May 15 2020 Michal Ruprich - 1.2.0-8 -- Resolves: #1642001 - binary mmdblookup is in libmaxminddb-devel - -* Thu Jan 09 2020 Michal Ruprich - 1.2.0-7 -- Resolves: #1788956 - conflicts with multilib install - -* Thu Aug 02 2018 Michal Ruprich - 1.2.0-6 -- Adding libmaxminddb as a new package to RHEL-8 (rhbz#1607927) -- Adding Recommends tag for geolite2 databases - -* Wed Feb 07 2018 Fedora Release Engineering - 1.2.0-5 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild - -* Thu Aug 03 2017 Fedora Release Engineering - 1.2.0-4 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild - -* Wed Jul 26 2017 Fedora Release Engineering - 1.2.0-3 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild - -* Fri Feb 10 2017 Fedora Release Engineering - 1.2.0-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild - -* Sun Mar 27 2016 Jan Vcelak 1.2.0-1 -- rebase to new version - -* Mon Mar 21 2016 Jan Vcelak 1.1.5-1 -- rebase to new version - -* Thu Feb 04 2016 Fedora Release Engineering - 1.1.1-6 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild - -* Tue Sep 15 2015 Jan Vcelak 1.1.1-5 -- add pkg-config file from the upcoming upstream version - -* Mon Sep 14 2015 Jan Vcelak 1.1.1-4 -- remove utils subpackage and place mmdblookup into devel subpackage -- remove Group from the spec file -- move NOTICE and Changes.md to devel subpackage - -* Thu Sep 03 2015 Jan Vcelak 1.1.1-3 -- updated package licence -- added --as-needed linker flag - -* Tue Sep 01 2015 Jan Vcelak 1.1.1-1 -- initial version of the package diff --git a/libmaxminddb.spec b/libmaxminddb.spec new file mode 100644 index 0000000..afe6663 --- /dev/null +++ b/libmaxminddb.spec @@ -0,0 +1,197 @@ +Summary: C library for reading MaxMind DB files +Name: libmaxminddb +Version: 1.9.1 +Release: 4%{?dist} +# BSD-3-Clause (src/maxminddb-compat-util.h) and Apache-2.0 (the rest) +License: Apache-2.0 AND BSD-3-Clause +URL: https://maxmind.github.io/libmaxminddb/ +Source0: https://github.com/maxmind/libmaxminddb/releases/download/%{version}/%{name}-%{version}.tar.gz +Source1: maxminddb_config.h +BuildRequires: autoconf +BuildRequires: automake +BuildRequires: libtool +BuildRequires: gcc +BuildRequires: make +# Testsuite in %%check +BuildRequires: gcc-c++ +BuildRequires: perl-interpreter +BuildRequires: perl(File::Temp) +BuildRequires: perl(FindBin) +BuildRequires: perl(IPC::Run3) +BuildRequires: perl(Test::More) >= 0.88 +BuildRequires: perl(Test::Output) + +%description +The libmaxminddb library provides a C library for reading MaxMind DB +files, including the GeoIP2 databases from MaxMind. This is a custom +binary format designed to facilitate fast lookups of IP addresses +while allowing for great flexibility in the type of data associated +with an address. + +The MaxMind DB format is an open file format. The specification is +available at https://maxmind.github.io/MaxMind-DB/ and licensed under +the Creative Commons Attribution-ShareAlike 3.0 Unported License. + +%package devel +Summary: Development files for %{name} +Requires: %{name}%{?_isa} = %{version}-%{release} + +%description devel +The %{name}-devel package contains libraries and header files for +developing applications that use %{name}. + +%prep +%setup -q +autoreconf --force --install + +%build +%configure --disable-static +%make_build + +%install +%make_install + +# Don't install any libtool .la files +rm -f $RPM_BUILD_ROOT%{_libdir}/%{name}.la + +# Avoid file conflicts in multilib installations of -devel subpackage +mv -f $RPM_BUILD_ROOT%{_includedir}/maxminddb_config{,-%{__isa_bits}}.h +install -p -m 0644 %{SOURCE1} $RPM_BUILD_ROOT%{_includedir}/maxminddb_config.h + +%check +# Tests are linked dynamically, preload the library as RPATH is removed +LD_PRELOAD=$RPM_BUILD_ROOT%{_libdir}/%{name}.so make check + +%files +%license LICENSE +%doc Changes.md README.md +%{_bindir}/mmdblookup +%{_libdir}/%{name}.so.0* +%{_mandir}/man1/mmdblookup.1* + +%files devel +%{_libdir}/%{name}.so +%{_libdir}/pkgconfig/%{name}.pc +%{_includedir}/maxminddb.h +%{_includedir}/maxminddb_config.h +%{_includedir}/maxminddb_config-%{__isa_bits}.h +%{_mandir}/man3/%{name}.3* +%{_mandir}/man3/MMDB_*.3* + +%changelog +* Tue Oct 29 2024 Troy Dawson - 1.9.1-4 +- Bump release for October 2024 mass rebuild: + Resolves: RHEL-64018 + +* Mon Jun 24 2024 Troy Dawson - 1.9.1-3 +- Bump release for June 2024 mass rebuild + +* Thu Jan 25 2024 Fedora Release Engineering - 1.9.1-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild + +* Sun Jan 21 2024 Robert Scheck 1.9.1-1 +- Upgrade to 1.9.1 (#2257602) + +* Sun Jan 21 2024 Fedora Release Engineering - 1.8.0-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild + +* Wed Nov 15 2023 Robert Scheck 1.8.0-1 +- Upgrade to 1.8.0 (#2248696) + +* Thu Jul 20 2023 Fedora Release Engineering - 1.7.1-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild + +* Thu Jan 19 2023 Fedora Release Engineering - 1.7.1-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild + +* Sun Oct 02 2022 Robert Scheck 1.7.1-1 +- Upgrade to 1.7.1 (#2131161 #c1) + +* Sat Oct 01 2022 Robert Scheck 1.7.0-1 +- Upgrade to 1.7.0 (#2131161) + +* Thu Jul 21 2022 Fedora Release Engineering 1.6.0-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild + +* Thu Jan 20 2022 Fedora Release Engineering 1.6.0-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild + +* Sun Nov 28 2021 Igor Raits 1.6.0-1 +- Update to 1.6.0 + +* Thu Jul 22 2021 Fedora Release Engineering - 1.5.2-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild + +* Mon Mar 15 2021 Michal Ruprich - 1.5.2-1 +- Update to 1.5.2 + +* Tue Jan 26 2021 Michal Ruprich - 1.5.0-1 +- Update to 1.5.0 + +* Thu Dec 10 2020 Michal Ruprich - 1.4.3-1 +- Update to 1.4.3 +- Resolves: #1758843 - libmaxminddb-devel i686 can't be installed in parallel to x86_64 +- Fix for CVE-2020-28241 + +* Tue Jul 28 2020 Fedora Release Engineering - 1.4.2-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + +* Tue Jun 02 2020 Michal Ruprich - 1.4.2-2 +- Move manpage for mmdblookup from -devel to the main package + +* Tue May 12 2020 Igor Raits - 1.4.2-1 +- Update to 1.4.2 + +* Mon Mar 30 2020 Michal Ruprich - 1.3.2-3 +- Move mmdblookup binary from -devel to the main package + +* Wed Jan 29 2020 Fedora Release Engineering - 1.3.2-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild + +* Mon Oct 21 2019 Igor Gnatenko - 1.3.2-1 +- Update to 1.3.2 + +* Thu Jul 25 2019 Fedora Release Engineering - 1.2.0-8 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild + +* Fri Feb 01 2019 Fedora Release Engineering - 1.2.0-7 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild + +* Fri Jul 13 2018 Fedora Release Engineering - 1.2.0-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild + +* Wed Feb 07 2018 Fedora Release Engineering - 1.2.0-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild + +* Thu Aug 03 2017 Fedora Release Engineering - 1.2.0-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild + +* Wed Jul 26 2017 Fedora Release Engineering - 1.2.0-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild + +* Fri Feb 10 2017 Fedora Release Engineering - 1.2.0-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild + +* Sun Mar 27 2016 Jan Vcelak 1.2.0-1 +- rebase to new version + +* Mon Mar 21 2016 Jan Vcelak 1.1.5-1 +- rebase to new version + +* Thu Feb 04 2016 Fedora Release Engineering - 1.1.1-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild + +* Tue Sep 15 2015 Jan Vcelak 1.1.1-5 +- add pkg-config file from the upcoming upstream version + +* Mon Sep 14 2015 Jan Vcelak 1.1.1-4 +- remove utils subpackage and place mmdblookup into devel subpackage +- remove Group from the spec file +- move NOTICE and Changes.md to devel subpackage + +* Thu Sep 03 2015 Jan Vcelak 1.1.1-3 +- updated package licence +- added --as-needed linker flag + +* Tue Sep 01 2015 Jan Vcelak 1.1.1-1 +- initial version of the package diff --git a/maxminddb_config.h b/maxminddb_config.h new file mode 100644 index 0000000..94c74d8 --- /dev/null +++ b/maxminddb_config.h @@ -0,0 +1,9 @@ +#include + +#if __WORDSIZE == 32 +#include +#elif __WORDSIZE == 64 +#include +#else +#error "Unknown word size" +#endif diff --git a/sources b/sources new file mode 100644 index 0000000..b8f5422 --- /dev/null +++ b/sources @@ -0,0 +1 @@ +SHA512 (libmaxminddb-1.9.1.tar.gz) = 6da76bb584c5f8a0c01eb9439afd7c4b18b765966591c15e9aaf6ce7edfd3c429cff87a3e7481eff1d3e75df6eb7fd484752946417747c193dbfb277a843810c