.gitignore

@@ -1 +1 @@
-SOURCES/libmaxminddb-1.2.0.tar.gz
+SOURCES/libmaxminddb-1.5.2.tar.gz

.libmaxminddb.metadata

@@ -1 +1 @@
-27b3a1cdf8f7053fa1b053ca8b31d4497ffa6019 SOURCES/libmaxminddb-1.2.0.tar.gz
+9e00fef11ceb8df1dc56ce3276bf2193c5baa5c8 SOURCES/libmaxminddb-1.5.2.tar.gz

SOURCES/0000-CVE-2020-28241.patch

@@ -1,123 +0,0 @@
-From eac45e29196bcde1d123a6035c15d30356bed248 Mon Sep 17 00:00:00 2001
-From: Gregory Oschwald <goschwald@maxmind.com>
-Date: Wed, 5 Aug 2020 14:16:17 -0700
-Subject: [PATCH] Replace most malloc uses with calloc
-
-Closes #236.
----
- Changes.md          |  4 ++++
- bin/mmdblookup.c    | 10 +++++-----
- doc/libmaxminddb.md |  2 +-
- src/maxminddb.c     | 21 ++++++++++++---------
- 4 files changed, 22 insertions(+), 15 deletions(-)
-
-diff --git a/bin/mmdblookup.c b/bin/mmdblookup.c
-index 4a3403c6..d7ec3fff 100644
---- a/bin/mmdblookup.c
-+++ b/bin/mmdblookup.c
-@@ -294,7 +294,7 @@ LOCAL const char **get_options(
-     }
- 
-     const char **lookup_path =
--        malloc(sizeof(const char *) * ((argc - optind) + 1));
-+        calloc((argc - optind) + 1, sizeof(const char *));
-     int i;
-     for (i = 0; i < argc - optind; i++) {
-         lookup_path[i] = argv[i + optind];
-diff --git a/doc/libmaxminddb.md b/doc/libmaxminddb.md
-index 191637b3..6e841cbc 100644
---- a/doc/libmaxminddb.md
-+++ b/doc/libmaxminddb.md
-@@ -307,7 +307,7 @@ libmaxminddb code.
- 
- The `utf8_string`, `bytes`, and (maybe) the `uint128` members of this structure
- are all pointers directly into the database's data section. This can either be
--a `malloc`'d or `mmap`'d block of memory. In either case, these pointers will
-+a `calloc`'d or `mmap`'d block of memory. In either case, these pointers will
- become invalid after `MMDB_close()` is called.
- 
- If you need to refer to this data after that time you should copy the data
-diff --git a/src/maxminddb.c b/src/maxminddb.c
-index 21c18f2b..b45d5afa 100644
---- a/src/maxminddb.c
-+++ b/src/maxminddb.c
-@@ -36,7 +36,7 @@
-     do {                                                        \
-         char *binary = byte_to_binary(byte);                    \
-         if (NULL == binary) {                                   \
--            fprintf(stderr, "Malloc failed in DEBUG_BINARY\n"); \
-+            fprintf(stderr, "Calloc failed in DEBUG_BINARY\n"); \
-             abort();                                            \
-         }                                                       \
-         fprintf(stderr, fmt "\n", binary);                      \
-@@ -54,7 +54,7 @@
- #ifdef MMDB_DEBUG
- DEBUG_FUNC char *byte_to_binary(uint8_t byte)
- {
--    char *bits = malloc(sizeof(char) * 9);
-+    char *bits = calloc(9, sizeof(char));
-     if (NULL == bits) {
-         return bits;
-     }
-@@ -704,7 +704,7 @@ LOCAL int populate_languages_metadata(MMDB_s *mmdb, MMDB_s *metadata_db,
-                               MMDB_INVALID_METADATA_ERROR);
- 
-     mmdb->metadata.languages.count = 0;
--    mmdb->metadata.languages.names = malloc(array_size * sizeof(char *));
-+    mmdb->metadata.languages.names = calloc(array_size, sizeof(char *));
-     if (NULL == mmdb->metadata.languages.names) {
-         return MMDB_OUT_OF_MEMORY_ERROR;
-     }
-@@ -722,7 +722,7 @@ LOCAL int populate_languages_metadata(MMDB_s *mmdb, MMDB_s *metadata_db,
-         if (NULL == mmdb->metadata.languages.names[i]) {
-             return MMDB_OUT_OF_MEMORY_ERROR;
-         }
--        // We assign this as we go so that if we fail a malloc and need to
-+        // We assign this as we go so that if we fail a calloc and need to
-         // free it, the count is right.
-         mmdb->metadata.languages.count = i + 1;
-     }
-@@ -774,7 +774,7 @@ LOCAL int populate_description_metadata(MMDB_s *mmdb, MMDB_s *metadata_db,
-                               MMDB_INVALID_METADATA_ERROR);
- 
-     mmdb->metadata.description.descriptions =
--        malloc(map_size * sizeof(MMDB_description_s *));
-+        calloc(map_size, sizeof(MMDB_description_s *));
-     if (NULL == mmdb->metadata.description.descriptions) {
-         status = MMDB_OUT_OF_MEMORY_ERROR;
-         goto cleanup;
-@@ -782,7 +782,7 @@ LOCAL int populate_description_metadata(MMDB_s *mmdb, MMDB_s *metadata_db,
- 
-     for (uint32_t i = 0; i < map_size; i++) {
-         mmdb->metadata.description.descriptions[i] =
--            malloc(sizeof(MMDB_description_s));
-+            calloc(1, sizeof(MMDB_description_s));
-         if (NULL == mmdb->metadata.description.descriptions[i]) {
-             status = MMDB_OUT_OF_MEMORY_ERROR;
-             goto cleanup;
-@@ -1134,7 +1134,7 @@ int MMDB_vget_value(MMDB_entry_s *const start,
-     MAYBE_CHECK_SIZE_OVERFLOW(length, SIZE_MAX / sizeof(const char *) - 1,
-                               MMDB_INVALID_METADATA_ERROR);
- 
--    const char **path = malloc((length + 1) * sizeof(const char *));
-+    const char **path = calloc(length + 1, sizeof(const char *));
-     if (NULL == path) {
-         return MMDB_OUT_OF_MEMORY_ERROR;
-     }
-@@ -2010,6 +2010,7 @@ LOCAL MMDB_entry_data_list_s *dump_entry_data_list(
-             char *hex_string =
-                 bytes_to_hex((uint8_t *)entry_data_list->entry_data.bytes,
-                              entry_data_list->entry_data.data_size);
-+
-             if (NULL == hex_string) {
-                 *status = MMDB_OUT_OF_MEMORY_ERROR;
-                 return NULL;
-@@ -2103,7 +2104,7 @@ LOCAL char *bytes_to_hex(uint8_t *bytes, uint32_t size)
-     char *hex_string;
-     MAYBE_CHECK_SIZE_OVERFLOW(size, SIZE_MAX / 2 - 1, NULL);
- 
--    hex_string = malloc((size * 2) + 1);
-+    hex_string = calloc((size * 2) + 1, sizeof(char));
-     if (NULL == hex_string) {
-         return NULL;
-     }

SPECS/libmaxminddb.spec

@@ -1,47 +1,42 @@
 Name:           libmaxminddb
 Summary:        C library for the MaxMind DB file format
-Version:        1.2.0
+Version:        1.5.2
-Release:        10%{?dist}.1
+Release:        3%{?dist}
 URL:            https://maxmind.github.io/libmaxminddb
-Source0:        https://github.com/maxmind/%{name}/releases/download/%{version}/%{name}-%{version}.tar.gz
+Source:         https://github.com/maxmind/libmaxminddb/releases/download/%{version}/%{name}-%{version}.tar.gz
 
 # original libmaxminddb code is Apache Licence 2.0
 # src/maxminddb-compat-util.h is BSD
 License:        ASL 2.0 and BSD
 
+BuildRequires:  gcc
+BuildRequires:  autoconf
+BuildRequires:  automake
+BuildRequires:  libtool
 BuildRequires:  perl-interpreter
-Recommends:		geolite2-city, geolite2-country
+BuildRequires:  perl(FindBin)
-
+BuildRequires:  make
-Patch0000: 0000-CVE-2020-28241.patch
 
 %description
 The package contains libmaxminddb library.
 
 %package devel
-Requires:       %{name}%{?_isa} = %{version}-%{release}
-Requires:       pkgconfig
-#the only binary in -devel subpackage has been moved to the main package
-#this means that the -devel-debuginfo pkg is missing and it would interrupt update path
-Obsoletes:      libmaxminddb-devel-debuginfo < 1.2.0-8
 Summary:        Development header files for libmaxminddb
+Requires:       %{name}%{?_isa} = %{?epoch:%{epoch}:}%{version}-%{release}
 
 %description devel
 The package contains development header files for the libmaxminddb library
 and the mmdblookup utility which allows IP address lookup in a MaxMind DB file.
 
 %prep
-%setup -q
+%autosetup
-
+sed -i -e '/AM_CFLAGS=/d' common.mk
-%patch0000 -p1 -b .cve-2020-28241
+sed -i -e '/CFLAGS=/d' configure.ac
 
 %build
+autoreconf -vfi
 %configure --disable-static
-# remove embeded RPATH
+%make_build
-sed -i 's|^hardcode_libdir_flag_spec=.*|hardcode_libdir_flag_spec=""|g' libtool
-sed -i 's|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g' libtool
-# link only requried libraries
-sed -i -e 's! -shared ! -Wl,--as-needed\0!g' libtool
-make %{?_smp_mflags}
 
 %check
 # tests are linked dynamically, preload the library as we have removed RPATH
@@ -49,9 +44,9 @@ LD_PRELOAD=%{buildroot}%{_libdir}/libmaxminddb.so make check
 
 %install
 %make_install
-rm -fv %{buildroot}%{_libdir}/*.la
+rm -v %{buildroot}%{_libdir}/*.la
 
-#fix multilib install of devel pkg
+#downstream fix for multilib install of devel pkg
 mv %{buildroot}%{_includedir}/maxminddb_config.h \
    %{buildroot}%{_includedir}/maxminddb_config-%{__isa_bits}.h
 cat > %{buildroot}%{_includedir}/maxminddb_config.h << EOF
@@ -66,16 +61,11 @@ cat > %{buildroot}%{_includedir}/maxminddb_config.h << EOF
 #endif
 EOF
 
-
-%post -p /sbin/ldconfig
-
-%postun -p /sbin/ldconfig
-
 %files
 %license LICENSE
-%{_libdir}/libmaxminddb.so.*
+%{_libdir}/libmaxminddb.so.0*
 %{_bindir}/mmdblookup
-%{_mandir}/man1/mmdblookup.1.gz
+%{_mandir}/man1/*.1*
 
 %files devel
 %license NOTICE
@@ -84,27 +74,53 @@ EOF
 %{_includedir}/maxminddb_config*.h
 %{_libdir}/libmaxminddb.so
 %{_libdir}/pkgconfig/libmaxminddb.pc
-%{_mandir}/man3/*
+%{_mandir}/man3/*.3*
 
 %changelog
-* Thu Jan 04 2024 Michal Ruprich <mruprich@redhat.com> - 1.2.0-10.1
+* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 1.5.2-3
-- Resolves: RHEL-20594 - improper initialization in dump_entry_data_list() in maxminddb.c
+- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
+  Related: rhbz#1991688
 
-* Mon Jun 08 2020 Michal Ruprich <michalruprich@gmail.com> - 1.2.0-10
+* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 1.5.2-2
-- Related: #1642001 - Obsoleting -devel-debuginfo to enable clean update path
+- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
 
-* Mon May 25 2020 Michal Ruprich <michalruprich@gmail.com> - 1.2.0-9
+* Tue Mar 16 2021 Michal Ruprich <mruprich@redhat.com> - 1.5.2-1
-- Related: #1642001 - moving manpage of mmdblookup from -devel subpackage
+- Update to 1.5.2
 
-* Fri May 15 2020 Michal Ruprich <michalruprich@gmail.com> - 1.2.0-8
+* Tue Jan 26 2021 Michal Ruprich <mruprich@redhat.com> - 1.5.0-1
-- Resolves: #1642001 - binary mmdblookup is in libmaxminddb-devel
+- Update to 1.5.0
 
-* Thu Jan 09 2020 Michal Ruprich <mruprich@redhat.com> - 1.2.0-7
+* Thu Dec 10 2020 Michal Ruprich <mruprich@redhat.com> - 1.4.3-1
-- Resolves: #1788956 - conflicts with multilib install
+- Update to 1.4.3
+- Resolves: #1758843 - libmaxminddb-devel i686 can't be installed in parallel to x86_64
+- Fix for CVE-2020-28241
 
-* Thu Aug 02 2018 Michal Ruprich <mruprich@redhat.com> - 1.2.0-6
+* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.4.2-3
-- Adding libmaxminddb as a new package to RHEL-8 (rhbz#1607927)
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
-- Adding Recommends tag for geolite2 databases
+
+* Tue Jun 02 2020 Michal Ruprich <michalruprich@gmail.com> - 1.4.2-2
+- Move manpage for mmdblookup from -devel to the main package
+
+* Tue May 12 2020 Igor Raits <ignatenkobrain@fedoraproject.org> - 1.4.2-1
+- Update to 1.4.2
+
+* Mon Mar 30 2020 Michal Ruprich <mruprich@redhat.com> - 1.3.2-3
+- Move mmdblookup binary from -devel to the main package
+
+* Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.3.2-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
+
+* Mon Oct 21 2019 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 1.3.2-1
+- Update to 1.3.2
+
+* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.0-8
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
+
+* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.0-7
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
+
+* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.0-6
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
 
 * Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.0-5
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild