import librabbitmq-0.9.0-2.el8

2020-04-24 03:19:23 +00:00 · 2020-04-24 03:19:23 +00:00 · 284d8fb8f5
commit 284d8fb8f5
4 changed files with 245 additions and 0 deletions
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1 @@
+SOURCES/v0.9.0.tar.gz
--- a/.librabbitmq.metadata
+++ b/.librabbitmq.metadata
@ -0,0 +1 @@
+0709ef3c9906bd13158d3f9b11f1666bb3903f1d SOURCES/v0.9.0.tar.gz
--- a/SOURCES/rabbitmq-c-0.9.0-CVE-2019-18609.patch
+++ b/SOURCES/rabbitmq-c-0.9.0-CVE-2019-18609.patch
@ -0,0 +1,28 @@
+diff -up rabbitmq-c-0.9.0/librabbitmq/amqp_connection.c.CVE-2019-18609 rabbitmq-c-0.9.0/librabbitmq/amqp_connection.c
+--- rabbitmq-c-0.9.0/librabbitmq/amqp_connection.c.CVE-2019-18609	2020-04-06 15:10:07.002386201 +0200
+++ rabbitmq-c-0.9.0/librabbitmq/amqp_connection.c	2020-04-06 15:17:03.624425371 +0200
+@@ -287,12 +287,21 @@ int amqp_handle_input(amqp_connection_st
+     case CONNECTION_STATE_HEADER: {
+       amqp_channel_t channel;
+       amqp_pool_t *channel_pool;
+-      /* frame length is 3 bytes in */
+      uint32_t frame_size;
+
+       channel = amqp_d16(amqp_offset(raw_frame, 1));
+ 
+-      state->target_size =
+-          amqp_d32(amqp_offset(raw_frame, 3)) + HEADER_SIZE + FOOTER_SIZE;
+      /* frame length is 3 bytes in */
+      frame_size = amqp_d32(amqp_offset(raw_frame, 3));
+      /* To prevent the target_size calculation below from overflowing, check
+       * that the stated frame_size is smaller than a signed 32-bit. Given
+       * the library only allows configuring frame_max as an int32_t, and
+       * frame_size is uint32_t, the math below is safe from overflow. */
+      if (frame_size >= INT32_MAX) {
+        return AMQP_STATUS_BAD_AMQP_DATA;
+      }
+ 
+      state->target_size = frame_size + HEADER_SIZE + FOOTER_SIZE;
+       if ((size_t)state->frame_max < state->target_size) {
+         return AMQP_STATUS_BAD_AMQP_DATA;
+       }
--- a/SPECS/librabbitmq.spec
+++ b/SPECS/librabbitmq.spec
@ -0,0 +1,215 @@
+# Fedora spec file for librabbitmq
+#
+# Copyright (c) 2012-2018 Remi Collet
+# License: CC-BY-SA
+# http://creativecommons.org/licenses/by-sa/4.0/
+#
+# Please, preserve the changelog entries
+#
+
+Name:      librabbitmq
+Summary:   Client library for AMQP
+Version:   0.9.0
+Release:   2%{?dist}
+License:   MIT
+URL:       https://github.com/alanxz/rabbitmq-c
+Source0:   https://github.com/alanxz/rabbitmq-c/archive/v%{version}.tar.gz
+Patch0:    rabbitmq-c-0.9.0-CVE-2019-18609.patch
+
+BuildRequires: gcc
+BuildRequires: cmake > 2.8
+BuildRequires: openssl-devel
+# For tools
+BuildRequires: popt-devel
+# For man page
+BuildRequires: xmlto
+
+
+%description
+This is a C-language AMQP client library for use with AMQP servers
+speaking protocol versions 0-9-1.
+
+
+%package devel
+Summary:    Header files and development libraries for %{name}
+Requires:   %{name}%{?_isa} = %{version}-%{release}
+
+%description devel
+This package contains the header files and development libraries
+for %{name}.
+
+
+%package tools
+Summary:    Example tools built using the librabbitmq package
+Requires:   %{name}%{?_isa} = %{version}
+
+%description tools
+This package contains example tools built using %{name}.
+
+It provides:
+amqp-consume        Consume messages from a queue on an AMQP server
+amqp-declare-queue  Declare a queue on an AMQP server
+amqp-delete-queue   Delete a queue from an AMQP server
+amqp-get            Get a message from a queue on an AMQP server
+amqp-publish        Publish a message on an AMQP server
+
+
+%prep
+%setup -q -n rabbitmq-c-%{version}
+%patch0 -p1 -b .CVE-2019-18609
+
+# Copy sources to be included in -devel docs.
+cp -pr examples Examples
+
+# This test requires a running server
+sed -e '/test_basic/d' -i tests/CMakeLists.txt
+
+%build
+# static lib required for tests
+%cmake \
+  -DBUILD_TOOLS_DOCS:BOOL=ON \
+  -DBUILD_STATIC_LIBS:BOOL=ON
+
+make %{_smp_mflags}
+
+
+%install
+make install  DESTDIR="%{buildroot}"
+
+rm %{buildroot}%{_libdir}/%{name}.a
+
+
+%check
+: check .pc is usable
+grep @ %{buildroot}%{_libdir}/pkgconfig/%{name}.pc && exit 1
+
+: upstream tests
+make test
+
+
+%files
+%license LICENSE-MIT
+%{_libdir}/%{name}.so.*
+
+
+%files devel
+%doc AUTHORS THANKS TODO *.md
+%doc Examples
+%{_libdir}/%{name}.so
+%{_includedir}/amqp*
+%{_libdir}/pkgconfig/%{name}.pc
+
+%files tools
+%{_bindir}/amqp-*
+%doc %{_mandir}/man1/amqp-*.1*
+%doc %{_mandir}/man7/librabbitmq-tools.7*
+
+
+%changelog
+* Mon Apr 06 2020 Than Ngo <than@redhat.com> - 0.9.0-2
+- Resolves: #1809992, CVE-2019-18609
+
+* Thu Jun 28 2018 Than Ngo <than@redhat.com> - 0.9.0-1
+- update to 0.9.0
+
+* Tue Feb 20 2018 Remi Collet <remi@remirepo.net> - 0.8.0-7
+- missing BR on C compiler
+
+* Thu Feb 15 2018 Remi Collet <remi@remirepo.net> - 0.8.0-6
+- drop ldconfig scriptlets
+
+* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.8.0-5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
+
+* Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.8.0-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
+
+* Wed Jul 26 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.8.0-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
+
+* Fri Feb 10 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.8.0-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
+
+* Tue Apr 12 2016 Remi Collet <remi@fedoraproject.org> - 0.8.0-1
+- update to 0.8.0
+
+* Thu Feb 04 2016 Fedora Release Engineering <releng@fedoraproject.org> - 0.7.1-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
+
+* Tue Oct 13 2015 Remi Collet <remi@fedoraproject.org> - 0.7.1-1
+- update to 0.7.1
+
+* Fri Jul  3 2015 Remi Collet <remi@fedoraproject.org> - 0.7.0-1
+- update to 0.7.0
+- swicth to cmake
+- switch from upstream tarball to github sources
+
+* Wed Jun 17 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.6.0-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
+
+* Mon Apr 20 2015 Remi Collet <remi@fedoraproject.org> - 0.6.0-1
+- update to 0.6.0
+- soname changed to .4
+
+* Mon Sep 15 2014 Remi Collet <remi@fedoraproject.org> - 0.5.2-1
+- update to 0.5.2
+
+* Sun Aug 17 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.5.1-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
+
+* Wed Aug 13 2014 Remi Collet <remi@fedoraproject.org> - 0.5.1-1
+- update to 0.5.1
+- fix license handling
+- move all documentation in devel subpackage
+
+* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.5.0-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
+
+* Tue Apr 15 2014 Remi Collet <remi@fedoraproject.org> - 0.5.0-2
+- upstream patch for missing function
+
+* Mon Feb 17 2014 Remi Collet <remi@fedoraproject.org> - 0.5.0-1
+- update to 0.5.0
+- open https://github.com/alanxz/rabbitmq-c/issues/169 (version is 0.5.1-pre)
+- open https://github.com/alanxz/rabbitmq-c/issues/170 (amqp_get_server_properties)
+
+* Mon Jan 13 2014 Remi Collet <remi@fedoraproject.org> - 0.4.1-4
+- drop BR python-simplejson
+
+* Tue Jan  7 2014 Remi Collet <remi@fedoraproject.org> - 0.4.1-3
+- fix broken librabbitmq.pc, #1039555
+- add check for usable librabbitmq.pc
+
+* Thu Jan  2 2014 Remi Collet <remi@fedoraproject.org> - 0.4.1-2
+- fix Source0 URL
+
+* Sat Sep 28 2013 Remi Collet <remi@fedoraproject.org> - 0.4.1-1
+- update to 0.4.1
+- add ssl support
+
+* Thu Aug  1 2013 Remi Collet <remi@fedoraproject.org> - 0.3.0-3
+- cleanups
+
+* Wed Mar 13 2013 Remi Collet <remi@fedoraproject.org> - 0.3.0-2
+- remove tools from main package
+
+* Wed Mar 13 2013 Remi Collet <remi@fedoraproject.org> - 0.3.0-1
+- update to 0.3.0
+- create sub-package for tools
+
+* Thu Feb 14 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.2-0.2.git2059570
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
+
+* Wed Aug 01 2012 Remi Collet <remi@fedoraproject.org> - 0.2-0.1.git2059570
+- update to latest snapshot (version 0.2, moved to github)
+- License is now MIT
+
+* Thu Jul 19 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.1-0.3.hgfb6fca832fd2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
+
+* Sun Mar 11 2012 Remi Collet <remi@fedoraproject.org> - 0.1-0.2.hgfb6fca832fd2
+- add %%check (per review comment)
+
+* Sat Mar 10 2012 Remi Collet <remi@fedoraproject.org> - 0.1-0.1.hgfb6fca832fd2
+- Initial RPM
+
				`@ -0,0 +1 @@`
				`0709ef3c9906bd13158d3f9b11f1666bb3903f1d SOURCES/v0.9.0.tar.gz`