commit 284d8fb8f5cda2f06a83464f77c4e35e8211ddeb Author: CentOS Sources Date: Fri Apr 24 03:19:23 2020 +0000 import librabbitmq-0.9.0-2.el8 diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..91ec6bf --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +SOURCES/v0.9.0.tar.gz diff --git a/.librabbitmq.metadata b/.librabbitmq.metadata new file mode 100644 index 0000000..e3a4539 --- /dev/null +++ b/.librabbitmq.metadata @@ -0,0 +1 @@ +0709ef3c9906bd13158d3f9b11f1666bb3903f1d SOURCES/v0.9.0.tar.gz diff --git a/SOURCES/rabbitmq-c-0.9.0-CVE-2019-18609.patch b/SOURCES/rabbitmq-c-0.9.0-CVE-2019-18609.patch new file mode 100644 index 0000000..9524be8 --- /dev/null +++ b/SOURCES/rabbitmq-c-0.9.0-CVE-2019-18609.patch @@ -0,0 +1,28 @@ +diff -up rabbitmq-c-0.9.0/librabbitmq/amqp_connection.c.CVE-2019-18609 rabbitmq-c-0.9.0/librabbitmq/amqp_connection.c +--- rabbitmq-c-0.9.0/librabbitmq/amqp_connection.c.CVE-2019-18609 2020-04-06 15:10:07.002386201 +0200 ++++ rabbitmq-c-0.9.0/librabbitmq/amqp_connection.c 2020-04-06 15:17:03.624425371 +0200 +@@ -287,12 +287,21 @@ int amqp_handle_input(amqp_connection_st + case CONNECTION_STATE_HEADER: { + amqp_channel_t channel; + amqp_pool_t *channel_pool; +- /* frame length is 3 bytes in */ ++ uint32_t frame_size; ++ + channel = amqp_d16(amqp_offset(raw_frame, 1)); + +- state->target_size = +- amqp_d32(amqp_offset(raw_frame, 3)) + HEADER_SIZE + FOOTER_SIZE; ++ /* frame length is 3 bytes in */ ++ frame_size = amqp_d32(amqp_offset(raw_frame, 3)); ++ /* To prevent the target_size calculation below from overflowing, check ++ * that the stated frame_size is smaller than a signed 32-bit. Given ++ * the library only allows configuring frame_max as an int32_t, and ++ * frame_size is uint32_t, the math below is safe from overflow. */ ++ if (frame_size >= INT32_MAX) { ++ return AMQP_STATUS_BAD_AMQP_DATA; ++ } + ++ state->target_size = frame_size + HEADER_SIZE + FOOTER_SIZE; + if ((size_t)state->frame_max < state->target_size) { + return AMQP_STATUS_BAD_AMQP_DATA; + } diff --git a/SPECS/librabbitmq.spec b/SPECS/librabbitmq.spec new file mode 100644 index 0000000..2d9749a --- /dev/null +++ b/SPECS/librabbitmq.spec @@ -0,0 +1,215 @@ +# Fedora spec file for librabbitmq +# +# Copyright (c) 2012-2018 Remi Collet +# License: CC-BY-SA +# http://creativecommons.org/licenses/by-sa/4.0/ +# +# Please, preserve the changelog entries +# + +Name: librabbitmq +Summary: Client library for AMQP +Version: 0.9.0 +Release: 2%{?dist} +License: MIT +URL: https://github.com/alanxz/rabbitmq-c +Source0: https://github.com/alanxz/rabbitmq-c/archive/v%{version}.tar.gz +Patch0: rabbitmq-c-0.9.0-CVE-2019-18609.patch + +BuildRequires: gcc +BuildRequires: cmake > 2.8 +BuildRequires: openssl-devel +# For tools +BuildRequires: popt-devel +# For man page +BuildRequires: xmlto + + +%description +This is a C-language AMQP client library for use with AMQP servers +speaking protocol versions 0-9-1. + + +%package devel +Summary: Header files and development libraries for %{name} +Requires: %{name}%{?_isa} = %{version}-%{release} + +%description devel +This package contains the header files and development libraries +for %{name}. + + +%package tools +Summary: Example tools built using the librabbitmq package +Requires: %{name}%{?_isa} = %{version} + +%description tools +This package contains example tools built using %{name}. + +It provides: +amqp-consume Consume messages from a queue on an AMQP server +amqp-declare-queue Declare a queue on an AMQP server +amqp-delete-queue Delete a queue from an AMQP server +amqp-get Get a message from a queue on an AMQP server +amqp-publish Publish a message on an AMQP server + + +%prep +%setup -q -n rabbitmq-c-%{version} +%patch0 -p1 -b .CVE-2019-18609 + +# Copy sources to be included in -devel docs. +cp -pr examples Examples + +# This test requires a running server +sed -e '/test_basic/d' -i tests/CMakeLists.txt + +%build +# static lib required for tests +%cmake \ + -DBUILD_TOOLS_DOCS:BOOL=ON \ + -DBUILD_STATIC_LIBS:BOOL=ON + +make %{_smp_mflags} + + +%install +make install DESTDIR="%{buildroot}" + +rm %{buildroot}%{_libdir}/%{name}.a + + +%check +: check .pc is usable +grep @ %{buildroot}%{_libdir}/pkgconfig/%{name}.pc && exit 1 + +: upstream tests +make test + + +%files +%license LICENSE-MIT +%{_libdir}/%{name}.so.* + + +%files devel +%doc AUTHORS THANKS TODO *.md +%doc Examples +%{_libdir}/%{name}.so +%{_includedir}/amqp* +%{_libdir}/pkgconfig/%{name}.pc + +%files tools +%{_bindir}/amqp-* +%doc %{_mandir}/man1/amqp-*.1* +%doc %{_mandir}/man7/librabbitmq-tools.7* + + +%changelog +* Mon Apr 06 2020 Than Ngo - 0.9.0-2 +- Resolves: #1809992, CVE-2019-18609 + +* Thu Jun 28 2018 Than Ngo - 0.9.0-1 +- update to 0.9.0 + +* Tue Feb 20 2018 Remi Collet - 0.8.0-7 +- missing BR on C compiler + +* Thu Feb 15 2018 Remi Collet - 0.8.0-6 +- drop ldconfig scriptlets + +* Wed Feb 07 2018 Fedora Release Engineering - 0.8.0-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild + +* Thu Aug 03 2017 Fedora Release Engineering - 0.8.0-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild + +* Wed Jul 26 2017 Fedora Release Engineering - 0.8.0-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild + +* Fri Feb 10 2017 Fedora Release Engineering - 0.8.0-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild + +* Tue Apr 12 2016 Remi Collet - 0.8.0-1 +- update to 0.8.0 + +* Thu Feb 04 2016 Fedora Release Engineering - 0.7.1-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild + +* Tue Oct 13 2015 Remi Collet - 0.7.1-1 +- update to 0.7.1 + +* Fri Jul 3 2015 Remi Collet - 0.7.0-1 +- update to 0.7.0 +- swicth to cmake +- switch from upstream tarball to github sources + +* Wed Jun 17 2015 Fedora Release Engineering - 0.6.0-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild + +* Mon Apr 20 2015 Remi Collet - 0.6.0-1 +- update to 0.6.0 +- soname changed to .4 + +* Mon Sep 15 2014 Remi Collet - 0.5.2-1 +- update to 0.5.2 + +* Sun Aug 17 2014 Fedora Release Engineering - 0.5.1-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild + +* Wed Aug 13 2014 Remi Collet - 0.5.1-1 +- update to 0.5.1 +- fix license handling +- move all documentation in devel subpackage + +* Sat Jun 07 2014 Fedora Release Engineering - 0.5.0-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild + +* Tue Apr 15 2014 Remi Collet - 0.5.0-2 +- upstream patch for missing function + +* Mon Feb 17 2014 Remi Collet - 0.5.0-1 +- update to 0.5.0 +- open https://github.com/alanxz/rabbitmq-c/issues/169 (version is 0.5.1-pre) +- open https://github.com/alanxz/rabbitmq-c/issues/170 (amqp_get_server_properties) + +* Mon Jan 13 2014 Remi Collet - 0.4.1-4 +- drop BR python-simplejson + +* Tue Jan 7 2014 Remi Collet - 0.4.1-3 +- fix broken librabbitmq.pc, #1039555 +- add check for usable librabbitmq.pc + +* Thu Jan 2 2014 Remi Collet - 0.4.1-2 +- fix Source0 URL + +* Sat Sep 28 2013 Remi Collet - 0.4.1-1 +- update to 0.4.1 +- add ssl support + +* Thu Aug 1 2013 Remi Collet - 0.3.0-3 +- cleanups + +* Wed Mar 13 2013 Remi Collet - 0.3.0-2 +- remove tools from main package + +* Wed Mar 13 2013 Remi Collet - 0.3.0-1 +- update to 0.3.0 +- create sub-package for tools + +* Thu Feb 14 2013 Fedora Release Engineering - 0.2-0.2.git2059570 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild + +* Wed Aug 01 2012 Remi Collet - 0.2-0.1.git2059570 +- update to latest snapshot (version 0.2, moved to github) +- License is now MIT + +* Thu Jul 19 2012 Fedora Release Engineering - 0.1-0.3.hgfb6fca832fd2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + +* Sun Mar 11 2012 Remi Collet - 0.1-0.2.hgfb6fca832fd2 +- add %%check (per review comment) + +* Sat Mar 10 2012 Remi Collet - 0.1-0.1.hgfb6fca832fd2 +- Initial RPM +