Auto sync2gitlab import of librabbitmq-0.9.0-3.el8.src.rpm
This commit is contained in:
parent
21616556e3
commit
3dbcc7e239
1
.gitignore
vendored
Normal file
1
.gitignore
vendored
Normal file
@ -0,0 +1 @@
|
||||
/v0.9.0.tar.gz
|
218
librabbitmq.spec
Normal file
218
librabbitmq.spec
Normal file
@ -0,0 +1,218 @@
|
||||
# Fedora spec file for librabbitmq
|
||||
#
|
||||
# Copyright (c) 2012-2018 Remi Collet
|
||||
# License: CC-BY-SA
|
||||
# http://creativecommons.org/licenses/by-sa/4.0/
|
||||
#
|
||||
# Please, preserve the changelog entries
|
||||
#
|
||||
|
||||
Name: librabbitmq
|
||||
Summary: Client library for AMQP
|
||||
Version: 0.9.0
|
||||
Release: 3%{?dist}
|
||||
License: MIT
|
||||
URL: https://github.com/alanxz/rabbitmq-c
|
||||
Source0: https://github.com/alanxz/rabbitmq-c/archive/v%{version}.tar.gz
|
||||
Patch0: rabbitmq-c-0.9.0-CVE-2019-18609.patch
|
||||
|
||||
BuildRequires: gcc
|
||||
BuildRequires: cmake > 2.8
|
||||
BuildRequires: openssl-devel
|
||||
# For tools
|
||||
BuildRequires: popt-devel
|
||||
# For man page
|
||||
BuildRequires: xmlto
|
||||
|
||||
|
||||
%description
|
||||
This is a C-language AMQP client library for use with AMQP servers
|
||||
speaking protocol versions 0-9-1.
|
||||
|
||||
|
||||
%package devel
|
||||
Summary: Header files and development libraries for %{name}
|
||||
Requires: %{name}%{?_isa} = %{version}-%{release}
|
||||
|
||||
%description devel
|
||||
This package contains the header files and development libraries
|
||||
for %{name}.
|
||||
|
||||
|
||||
%package tools
|
||||
Summary: Example tools built using the librabbitmq package
|
||||
Requires: %{name}%{?_isa} = %{version}-%{release}
|
||||
|
||||
%description tools
|
||||
This package contains example tools built using %{name}.
|
||||
|
||||
It provides:
|
||||
amqp-consume Consume messages from a queue on an AMQP server
|
||||
amqp-declare-queue Declare a queue on an AMQP server
|
||||
amqp-delete-queue Delete a queue from an AMQP server
|
||||
amqp-get Get a message from a queue on an AMQP server
|
||||
amqp-publish Publish a message on an AMQP server
|
||||
|
||||
|
||||
%prep
|
||||
%setup -q -n rabbitmq-c-%{version}
|
||||
%patch0 -p1 -b .CVE-2019-18609
|
||||
|
||||
# Copy sources to be included in -devel docs.
|
||||
cp -pr examples Examples
|
||||
|
||||
# This test requires a running server
|
||||
sed -e '/test_basic/d' -i tests/CMakeLists.txt
|
||||
|
||||
%build
|
||||
# static lib required for tests
|
||||
%cmake \
|
||||
-DBUILD_TOOLS_DOCS:BOOL=ON \
|
||||
-DBUILD_STATIC_LIBS:BOOL=ON
|
||||
|
||||
make %{_smp_mflags}
|
||||
|
||||
|
||||
%install
|
||||
make install DESTDIR="%{buildroot}"
|
||||
|
||||
rm %{buildroot}%{_libdir}/%{name}.a
|
||||
|
||||
|
||||
%check
|
||||
: check .pc is usable
|
||||
grep @ %{buildroot}%{_libdir}/pkgconfig/%{name}.pc && exit 1
|
||||
|
||||
: upstream tests
|
||||
make test
|
||||
|
||||
|
||||
%files
|
||||
%license LICENSE-MIT
|
||||
%{_libdir}/%{name}.so.*
|
||||
|
||||
|
||||
%files devel
|
||||
%doc AUTHORS THANKS TODO *.md
|
||||
%doc Examples
|
||||
%{_libdir}/%{name}.so
|
||||
%{_includedir}/amqp*
|
||||
%{_libdir}/pkgconfig/%{name}.pc
|
||||
|
||||
%files tools
|
||||
%{_bindir}/amqp-*
|
||||
%doc %{_mandir}/man1/amqp-*.1*
|
||||
%doc %{_mandir}/man7/librabbitmq-tools.7*
|
||||
|
||||
|
||||
%changelog
|
||||
* Tue Sep 29 2020 Than Ngo <than@redhat.com> - 0.9.0-3
|
||||
- Resolves: #1857831, rpmdiff
|
||||
|
||||
* Mon Apr 06 2020 Than Ngo <than@redhat.com> - 0.9.0-2
|
||||
- Resolves: #1809992, CVE-2019-18609
|
||||
|
||||
* Thu Jun 28 2018 Than Ngo <than@redhat.com> - 0.9.0-1
|
||||
- update to 0.9.0
|
||||
|
||||
* Tue Feb 20 2018 Remi Collet <remi@remirepo.net> - 0.8.0-7
|
||||
- missing BR on C compiler
|
||||
|
||||
* Thu Feb 15 2018 Remi Collet <remi@remirepo.net> - 0.8.0-6
|
||||
- drop ldconfig scriptlets
|
||||
|
||||
* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.8.0-5
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
|
||||
|
||||
* Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.8.0-4
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
|
||||
|
||||
* Wed Jul 26 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.8.0-3
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
|
||||
|
||||
* Fri Feb 10 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.8.0-2
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
|
||||
|
||||
* Tue Apr 12 2016 Remi Collet <remi@fedoraproject.org> - 0.8.0-1
|
||||
- update to 0.8.0
|
||||
|
||||
* Thu Feb 04 2016 Fedora Release Engineering <releng@fedoraproject.org> - 0.7.1-2
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
|
||||
|
||||
* Tue Oct 13 2015 Remi Collet <remi@fedoraproject.org> - 0.7.1-1
|
||||
- update to 0.7.1
|
||||
|
||||
* Fri Jul 3 2015 Remi Collet <remi@fedoraproject.org> - 0.7.0-1
|
||||
- update to 0.7.0
|
||||
- swicth to cmake
|
||||
- switch from upstream tarball to github sources
|
||||
|
||||
* Wed Jun 17 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.6.0-2
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
|
||||
|
||||
* Mon Apr 20 2015 Remi Collet <remi@fedoraproject.org> - 0.6.0-1
|
||||
- update to 0.6.0
|
||||
- soname changed to .4
|
||||
|
||||
* Mon Sep 15 2014 Remi Collet <remi@fedoraproject.org> - 0.5.2-1
|
||||
- update to 0.5.2
|
||||
|
||||
* Sun Aug 17 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.5.1-2
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
|
||||
|
||||
* Wed Aug 13 2014 Remi Collet <remi@fedoraproject.org> - 0.5.1-1
|
||||
- update to 0.5.1
|
||||
- fix license handling
|
||||
- move all documentation in devel subpackage
|
||||
|
||||
* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.5.0-3
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
|
||||
|
||||
* Tue Apr 15 2014 Remi Collet <remi@fedoraproject.org> - 0.5.0-2
|
||||
- upstream patch for missing function
|
||||
|
||||
* Mon Feb 17 2014 Remi Collet <remi@fedoraproject.org> - 0.5.0-1
|
||||
- update to 0.5.0
|
||||
- open https://github.com/alanxz/rabbitmq-c/issues/169 (version is 0.5.1-pre)
|
||||
- open https://github.com/alanxz/rabbitmq-c/issues/170 (amqp_get_server_properties)
|
||||
|
||||
* Mon Jan 13 2014 Remi Collet <remi@fedoraproject.org> - 0.4.1-4
|
||||
- drop BR python-simplejson
|
||||
|
||||
* Tue Jan 7 2014 Remi Collet <remi@fedoraproject.org> - 0.4.1-3
|
||||
- fix broken librabbitmq.pc, #1039555
|
||||
- add check for usable librabbitmq.pc
|
||||
|
||||
* Thu Jan 2 2014 Remi Collet <remi@fedoraproject.org> - 0.4.1-2
|
||||
- fix Source0 URL
|
||||
|
||||
* Sat Sep 28 2013 Remi Collet <remi@fedoraproject.org> - 0.4.1-1
|
||||
- update to 0.4.1
|
||||
- add ssl support
|
||||
|
||||
* Thu Aug 1 2013 Remi Collet <remi@fedoraproject.org> - 0.3.0-3
|
||||
- cleanups
|
||||
|
||||
* Wed Mar 13 2013 Remi Collet <remi@fedoraproject.org> - 0.3.0-2
|
||||
- remove tools from main package
|
||||
|
||||
* Wed Mar 13 2013 Remi Collet <remi@fedoraproject.org> - 0.3.0-1
|
||||
- update to 0.3.0
|
||||
- create sub-package for tools
|
||||
|
||||
* Thu Feb 14 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.2-0.2.git2059570
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
|
||||
|
||||
* Wed Aug 01 2012 Remi Collet <remi@fedoraproject.org> - 0.2-0.1.git2059570
|
||||
- update to latest snapshot (version 0.2, moved to github)
|
||||
- License is now MIT
|
||||
|
||||
* Thu Jul 19 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.1-0.3.hgfb6fca832fd2
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
|
||||
|
||||
* Sun Mar 11 2012 Remi Collet <remi@fedoraproject.org> - 0.1-0.2.hgfb6fca832fd2
|
||||
- add %%check (per review comment)
|
||||
|
||||
* Sat Mar 10 2012 Remi Collet <remi@fedoraproject.org> - 0.1-0.1.hgfb6fca832fd2
|
||||
- Initial RPM
|
||||
|
28
rabbitmq-c-0.9.0-CVE-2019-18609.patch
Normal file
28
rabbitmq-c-0.9.0-CVE-2019-18609.patch
Normal file
@ -0,0 +1,28 @@
|
||||
diff -up rabbitmq-c-0.9.0/librabbitmq/amqp_connection.c.CVE-2019-18609 rabbitmq-c-0.9.0/librabbitmq/amqp_connection.c
|
||||
--- rabbitmq-c-0.9.0/librabbitmq/amqp_connection.c.CVE-2019-18609 2020-04-06 15:10:07.002386201 +0200
|
||||
+++ rabbitmq-c-0.9.0/librabbitmq/amqp_connection.c 2020-04-06 15:17:03.624425371 +0200
|
||||
@@ -287,12 +287,21 @@ int amqp_handle_input(amqp_connection_st
|
||||
case CONNECTION_STATE_HEADER: {
|
||||
amqp_channel_t channel;
|
||||
amqp_pool_t *channel_pool;
|
||||
- /* frame length is 3 bytes in */
|
||||
+ uint32_t frame_size;
|
||||
+
|
||||
channel = amqp_d16(amqp_offset(raw_frame, 1));
|
||||
|
||||
- state->target_size =
|
||||
- amqp_d32(amqp_offset(raw_frame, 3)) + HEADER_SIZE + FOOTER_SIZE;
|
||||
+ /* frame length is 3 bytes in */
|
||||
+ frame_size = amqp_d32(amqp_offset(raw_frame, 3));
|
||||
+ /* To prevent the target_size calculation below from overflowing, check
|
||||
+ * that the stated frame_size is smaller than a signed 32-bit. Given
|
||||
+ * the library only allows configuring frame_max as an int32_t, and
|
||||
+ * frame_size is uint32_t, the math below is safe from overflow. */
|
||||
+ if (frame_size >= INT32_MAX) {
|
||||
+ return AMQP_STATUS_BAD_AMQP_DATA;
|
||||
+ }
|
||||
|
||||
+ state->target_size = frame_size + HEADER_SIZE + FOOTER_SIZE;
|
||||
if ((size_t)state->frame_max < state->target_size) {
|
||||
return AMQP_STATUS_BAD_AMQP_DATA;
|
||||
}
|
Loading…
Reference in New Issue
Block a user