rpms/librabbitmq
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Auto sync2gitlab import of librabbitmq-0.9.0-3.el8.src.rpm

Browse Source
This commit is contained in:
James Antill 2022-05-26 10:51:23 -04:00
parent 21616556e3
commit 3dbcc7e239
5 changed files with 248 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored Normal file
View File

@ -0,0 +1 @@
/v0.9.0.tar.gz

1
EMPTY
View File

@ -1 +0,0 @@

218
librabbitmq.spec Normal file
View File

@ -0,0 +1,218 @@
# Fedora spec file for librabbitmq
#
# Copyright (c) 2012-2018 Remi Collet
# License: CC-BY-SA
# http://creativecommons.org/licenses/by-sa/4.0/
#
# Please, preserve the changelog entries
#
Name: librabbitmq
Summary: Client library for AMQP
Version: 0.9.0
Release: 3%{?dist}
License: MIT
URL: https://github.com/alanxz/rabbitmq-c
Source0: https://github.com/alanxz/rabbitmq-c/archive/v%{version}.tar.gz
Patch0: rabbitmq-c-0.9.0-CVE-2019-18609.patch
BuildRequires: gcc
BuildRequires: cmake > 2.8
BuildRequires: openssl-devel
# For tools
BuildRequires: popt-devel
# For man page
BuildRequires: xmlto
%description
This is a C-language AMQP client library for use with AMQP servers
speaking protocol versions 0-9-1.
%package devel
Summary: Header files and development libraries for %{name}
Requires: %{name}%{?_isa} = %{version}-%{release}
%description devel
This package contains the header files and development libraries
for %{name}.
%package tools
Summary: Example tools built using the librabbitmq package
Requires: %{name}%{?_isa} = %{version}-%{release}
%description tools
This package contains example tools built using %{name}.
It provides:
amqp-consume Consume messages from a queue on an AMQP server
amqp-declare-queue Declare a queue on an AMQP server
amqp-delete-queue Delete a queue from an AMQP server
amqp-get Get a message from a queue on an AMQP server
amqp-publish Publish a message on an AMQP server
%prep
%setup -q -n rabbitmq-c-%{version}
%patch0 -p1 -b .CVE-2019-18609
# Copy sources to be included in -devel docs.
cp -pr examples Examples
# This test requires a running server
sed -e '/test_basic/d' -i tests/CMakeLists.txt
%build
# static lib required for tests
%cmake \
-DBUILD_TOOLS_DOCS:BOOL=ON \
-DBUILD_STATIC_LIBS:BOOL=ON
make %{_smp_mflags}
%install
make install DESTDIR="%{buildroot}"
rm %{buildroot}%{_libdir}/%{name}.a
%check
: check .pc is usable
grep @ %{buildroot}%{_libdir}/pkgconfig/%{name}.pc && exit 1
: upstream tests
make test
%files
%license LICENSE-MIT
%{_libdir}/%{name}.so.*
%files devel
%doc AUTHORS THANKS TODO *.md
%doc Examples
%{_libdir}/%{name}.so
%{_includedir}/amqp*
%{_libdir}/pkgconfig/%{name}.pc
%files tools
%{_bindir}/amqp-*
%doc %{_mandir}/man1/amqp-*.1*
%doc %{_mandir}/man7/librabbitmq-tools.7*
%changelog
* Tue Sep 29 2020 Than Ngo <than@redhat.com> - 0.9.0-3
- Resolves: #1857831, rpmdiff
* Mon Apr 06 2020 Than Ngo <than@redhat.com> - 0.9.0-2
- Resolves: #1809992, CVE-2019-18609
* Thu Jun 28 2018 Than Ngo <than@redhat.com> - 0.9.0-1
- update to 0.9.0
* Tue Feb 20 2018 Remi Collet <remi@remirepo.net> - 0.8.0-7
- missing BR on C compiler
* Thu Feb 15 2018 Remi Collet <remi@remirepo.net> - 0.8.0-6
- drop ldconfig scriptlets
* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.8.0-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
* Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.8.0-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
* Wed Jul 26 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.8.0-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
* Fri Feb 10 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.8.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
* Tue Apr 12 2016 Remi Collet <remi@fedoraproject.org> - 0.8.0-1
- update to 0.8.0
* Thu Feb 04 2016 Fedora Release Engineering <releng@fedoraproject.org> - 0.7.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
* Tue Oct 13 2015 Remi Collet <remi@fedoraproject.org> - 0.7.1-1
- update to 0.7.1
* Fri Jul 3 2015 Remi Collet <remi@fedoraproject.org> - 0.7.0-1
- update to 0.7.0
- swicth to cmake
- switch from upstream tarball to github sources
* Wed Jun 17 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.6.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
* Mon Apr 20 2015 Remi Collet <remi@fedoraproject.org> - 0.6.0-1
- update to 0.6.0
- soname changed to .4
* Mon Sep 15 2014 Remi Collet <remi@fedoraproject.org> - 0.5.2-1
- update to 0.5.2
* Sun Aug 17 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.5.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Wed Aug 13 2014 Remi Collet <remi@fedoraproject.org> - 0.5.1-1
- update to 0.5.1
- fix license handling
- move all documentation in devel subpackage
* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.5.0-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Tue Apr 15 2014 Remi Collet <remi@fedoraproject.org> - 0.5.0-2
- upstream patch for missing function
* Mon Feb 17 2014 Remi Collet <remi@fedoraproject.org> - 0.5.0-1
- update to 0.5.0
- open https://github.com/alanxz/rabbitmq-c/issues/169 (version is 0.5.1-pre)
- open https://github.com/alanxz/rabbitmq-c/issues/170 (amqp_get_server_properties)
* Mon Jan 13 2014 Remi Collet <remi@fedoraproject.org> - 0.4.1-4
- drop BR python-simplejson
* Tue Jan 7 2014 Remi Collet <remi@fedoraproject.org> - 0.4.1-3
- fix broken librabbitmq.pc, #1039555
- add check for usable librabbitmq.pc
* Thu Jan 2 2014 Remi Collet <remi@fedoraproject.org> - 0.4.1-2
- fix Source0 URL
* Sat Sep 28 2013 Remi Collet <remi@fedoraproject.org> - 0.4.1-1
- update to 0.4.1
- add ssl support
* Thu Aug 1 2013 Remi Collet <remi@fedoraproject.org> - 0.3.0-3
- cleanups
* Wed Mar 13 2013 Remi Collet <remi@fedoraproject.org> - 0.3.0-2
- remove tools from main package
* Wed Mar 13 2013 Remi Collet <remi@fedoraproject.org> - 0.3.0-1
- update to 0.3.0
- create sub-package for tools
* Thu Feb 14 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.2-0.2.git2059570
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
* Wed Aug 01 2012 Remi Collet <remi@fedoraproject.org> - 0.2-0.1.git2059570
- update to latest snapshot (version 0.2, moved to github)
- License is now MIT
* Thu Jul 19 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.1-0.3.hgfb6fca832fd2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
* Sun Mar 11 2012 Remi Collet <remi@fedoraproject.org> - 0.1-0.2.hgfb6fca832fd2
- add %%check (per review comment)
* Sat Mar 10 2012 Remi Collet <remi@fedoraproject.org> - 0.1-0.1.hgfb6fca832fd2
- Initial RPM

28
rabbitmq-c-0.9.0-CVE-2019-18609.patch Normal file
View File

@ -0,0 +1,28 @@
diff -up rabbitmq-c-0.9.0/librabbitmq/amqp_connection.c.CVE-2019-18609 rabbitmq-c-0.9.0/librabbitmq/amqp_connection.c
--- rabbitmq-c-0.9.0/librabbitmq/amqp_connection.c.CVE-2019-18609 2020-04-06 15:10:07.002386201 +0200
+++ rabbitmq-c-0.9.0/librabbitmq/amqp_connection.c 2020-04-06 15:17:03.624425371 +0200
@@ -287,12 +287,21 @@ int amqp_handle_input(amqp_connection_st
case CONNECTION_STATE_HEADER: {
amqp_channel_t channel;
amqp_pool_t *channel_pool;
- /* frame length is 3 bytes in */
+ uint32_t frame_size;
+
channel = amqp_d16(amqp_offset(raw_frame, 1));
- state->target_size =
- amqp_d32(amqp_offset(raw_frame, 3)) + HEADER_SIZE + FOOTER_SIZE;
+ /* frame length is 3 bytes in */
+ frame_size = amqp_d32(amqp_offset(raw_frame, 3));
+ /* To prevent the target_size calculation below from overflowing, check
+ * that the stated frame_size is smaller than a signed 32-bit. Given
+ * the library only allows configuring frame_max as an int32_t, and
+ * frame_size is uint32_t, the math below is safe from overflow. */
+ if (frame_size >= INT32_MAX) {
+ return AMQP_STATUS_BAD_AMQP_DATA;
+ }
+ state->target_size = frame_size + HEADER_SIZE + FOOTER_SIZE;
if ((size_t)state->frame_max < state->target_size) {
return AMQP_STATUS_BAD_AMQP_DATA;
}

1
sources Normal file
View File

@ -0,0 +1 @@
SHA512 (v0.9.0.tar.gz) = a63fe267a3ec112a5e9456a03066132b91f897181947fba18ea3efb14ca0a69996d7dfaecda61a0dd360e03a4e56569e70592e1674b75d20b937a118e1acfc64