diff --git a/.gitignore b/.gitignore index 28e43af..c67a568 100644 --- a/.gitignore +++ b/.gitignore @@ -17,3 +17,4 @@ clog /rabbitmq-c-0.11.0-a64c08c.tar.gz /rabbitmq-c-0.12.0-675afc2.tar.gz /rabbitmq-c-0.13.0-974d71a.tar.gz +/rabbitmq-c-0.14.0-124722b.tar.gz diff --git a/gating.yaml b/gating.yaml new file mode 100644 index 0000000..b6a106b --- /dev/null +++ b/gating.yaml @@ -0,0 +1,7 @@ +#gating rhel +--- !Policy +product_versions: + - rhel-* +decision_context: osci_compose_gate +rules: + - !PassingTestCaseRule {test_case_name: baseos-ci.brew-build.tier1.functional} diff --git a/librabbitmq.spec b/librabbitmq.spec index cc9688d..710c4f1 100644 --- a/librabbitmq.spec +++ b/librabbitmq.spec @@ -9,7 +9,7 @@ %bcond_without tests -%global gh_commit 974d71adceae6d742ae20a4c880d99c131f1460a +%global gh_commit 124722b5045baa41a24ce2e2d7c52a47467e7ac0 %global gh_short %(c=%{gh_commit}; echo ${c:0:7}) %global gh_owner alanxz %global gh_project rabbitmq-c @@ -18,22 +18,18 @@ Name: %{libname} Summary: Client library for AMQP -Version: 0.13.0 -Release: 6%{?dist} +Version: 0.14.0 +Release: 1%{?dist} License: MIT URL: https://github.com/alanxz/rabbitmq-c Source0: https://github.com/%{gh_owner}/%{gh_project}/archive/%{gh_commit}/%{gh_project}-%{version}-%{gh_short}.tar.gz -# CVE-2023-35789, https://github.com/alanxz/rabbitmq-c/pull/781 -Patch0: rabbitmq-c-CVE-2023-35789.patch -Patch1: rabbitmq-c-conditionally_enable_ssl_engine_apis.patch - BuildRequires: gcc -BuildRequires: cmake > 3.12 +BuildRequires: cmake >= 3.12 BuildRequires: openssl-devel >= 1.1.1 # For tools -BuildRequires: popt-devel > 1.14 +BuildRequires: popt-devel >= 1.14 # For man page BuildRequires: xmlto BuildRequires: make @@ -55,7 +51,7 @@ for %{name}. %package tools Summary: Example tools built using the librabbitmq package -Requires: %{name}%{?_isa} = %{version} +Requires: %{name}%{?_isa} = %{version}-%{release} %description tools This package contains example tools built using %{name}. @@ -70,8 +66,6 @@ amqp-publish Publish a message on an AMQP server %prep %setup -q -n %{gh_project}-%{gh_commit} -%patch -P0 -p1 -%patch -P1 -p1 # Copy sources to be included in -devel docs. cp -pr examples Examples @@ -151,6 +145,13 @@ make test %changelog +* Wed Apr 03 2024 Than Ngo - 0.14.0-1 +- update to 0.14.0 +- fix rpminspect rpmdeps +- fix gating-yaml-checks + +Related: RHEL-31259 + * Tue Apr 02 2024 Than Ngo - 0.13.0-6 - Resolves: RHEL-31259, Conditionally enable SSL engine APIs diff --git a/rabbitmq-c-CVE-2023-35789.patch b/rabbitmq-c-CVE-2023-35789.patch deleted file mode 100644 index 71f8ba9..0000000 --- a/rabbitmq-c-CVE-2023-35789.patch +++ /dev/null @@ -1,125 +0,0 @@ -commit 463054383fbeef889b409a7f843df5365288e2a0 -Author: Christian Kastner -Date: Tue Jun 13 14:21:52 2023 +0200 - - Add option to read username/password from file (#781) - - * Add option to read username/password from file - -diff --git a/tools/common.c b/tools/common.c -index 73b47e2..7efe557 100644 ---- a/tools/common.c -+++ b/tools/common.c -@@ -18,6 +18,11 @@ - #include "compat.h" - #endif - -+/* For when reading auth data from a file */ -+#define MAXAUTHTOKENLEN 128 -+#define USERNAMEPREFIX "username:" -+#define PASSWORDPREFIX "password:" -+ - void die(const char *fmt, ...) { - va_list ap; - va_start(ap, fmt); -@@ -125,6 +130,7 @@ static char *amqp_vhost; - static char *amqp_username; - static char *amqp_password; - static int amqp_heartbeat = 0; -+static char *amqp_authfile; - #ifdef WITH_SSL - static int amqp_ssl = 0; - static char *amqp_cacert = "/etc/ssl/certs/cacert.pem"; -@@ -147,6 +153,8 @@ struct poptOption connect_options[] = { - "the password to login with", "password"}, - {"heartbeat", 0, POPT_ARG_INT, &amqp_heartbeat, 0, - "heartbeat interval, set to 0 to disable", "heartbeat"}, -+ {"authfile", 0, POPT_ARG_STRING, &amqp_authfile, 0, -+ "path to file containing username/password for authentication", "file"}, - #ifdef WITH_SSL - {"ssl", 0, POPT_ARG_NONE, &amqp_ssl, 0, "connect over SSL/TLS", NULL}, - {"cacert", 0, POPT_ARG_STRING, &amqp_cacert, 0, -@@ -158,6 +166,50 @@ struct poptOption connect_options[] = { - #endif /* WITH_SSL */ - {NULL, '\0', 0, NULL, 0, NULL, NULL}}; - -+void read_authfile(const char *path) { -+ size_t n; -+ FILE *fp = NULL; -+ char token[MAXAUTHTOKENLEN]; -+ -+ if ((amqp_username = malloc(MAXAUTHTOKENLEN)) == NULL || -+ (amqp_password = malloc(MAXAUTHTOKENLEN)) == NULL) { -+ die("Out of memory"); -+ } else if ((fp = fopen(path, "r")) == NULL) { -+ die("Could not read auth data file %s", path); -+ } -+ -+ if (fgets(token, MAXAUTHTOKENLEN, fp) == NULL || -+ strncmp(token, USERNAMEPREFIX, strlen(USERNAMEPREFIX))) { -+ die("Malformed auth file (missing username)"); -+ } -+ strncpy(amqp_username, &token[strlen(USERNAMEPREFIX)], MAXAUTHTOKENLEN); -+ /* Missing newline means token was cut off */ -+ n = strlen(amqp_username); -+ if (amqp_username[n - 1] != '\n') { -+ die("Username too long"); -+ } else { -+ amqp_username[n - 1] = '\0'; -+ } -+ -+ if (fgets(token, MAXAUTHTOKENLEN, fp) == NULL || -+ strncmp(token, PASSWORDPREFIX, strlen(PASSWORDPREFIX))) { -+ die("Malformed auth file (missing password)"); -+ } -+ strncpy(amqp_password, &token[strlen(PASSWORDPREFIX)], MAXAUTHTOKENLEN); -+ /* Missing newline means token was cut off */ -+ n = strlen(amqp_password); -+ if (amqp_password[n - 1] != '\n') { -+ die("Password too long"); -+ } else { -+ amqp_password[n - 1] = '\0'; -+ } -+ -+ (void)fgetc(fp); -+ if (!feof(fp)) { -+ die("Malformed auth file (trailing data)"); -+ } -+} -+ - static void init_connection_info(struct amqp_connection_info *ci) { - ci->user = NULL; - ci->password = NULL; -@@ -237,6 +289,8 @@ static void init_connection_info(struct amqp_connection_info *ci) { - if (amqp_username) { - if (amqp_url) { - die("--username and --url options cannot be used at the same time"); -+ } else if (amqp_authfile) { -+ die("--username and --authfile options cannot be used at the same time"); - } - - ci->user = amqp_username; -@@ -245,11 +299,23 @@ static void init_connection_info(struct amqp_connection_info *ci) { - if (amqp_password) { - if (amqp_url) { - die("--password and --url options cannot be used at the same time"); -+ } else if (amqp_authfile) { -+ die("--password and --authfile options cannot be used at the same time"); - } - - ci->password = amqp_password; - } - -+ if (amqp_authfile) { -+ if (amqp_url) { -+ die("--authfile and --url options cannot be used at the same time"); -+ } -+ -+ read_authfile(amqp_authfile); -+ ci->user = amqp_username; -+ ci->password = amqp_password; -+ } -+ - if (amqp_vhost) { - if (amqp_url) { - die("--vhost and --url options cannot be used at the same time"); diff --git a/rabbitmq-c-conditionally_enable_ssl_engine_apis.patch b/rabbitmq-c-conditionally_enable_ssl_engine_apis.patch deleted file mode 100644 index 6f40a46..0000000 --- a/rabbitmq-c-conditionally_enable_ssl_engine_apis.patch +++ /dev/null @@ -1,152 +0,0 @@ -diff -up rabbitmq-c-974d71adceae6d742ae20a4c880d99c131f1460a/cmake/config.h.in.orig rabbitmq-c-974d71adceae6d742ae20a4c880d99c131f1460a/cmake/config.h.in ---- rabbitmq-c-974d71adceae6d742ae20a4c880d99c131f1460a/cmake/config.h.in.orig 2023-02-06 01:31:11.000000000 +0100 -+++ rabbitmq-c-974d71adceae6d742ae20a4c880d99c131f1460a/cmake/config.h.in 2024-03-05 15:42:21.611143615 +0100 -@@ -7,4 +7,6 @@ - - #define AMQ_PLATFORM "@CMAKE_SYSTEM_NAME@" - -+#cmakedefine ENABLE_SSL_ENGINE_API -+ - #endif /* CONFIG_H */ -diff -up rabbitmq-c-974d71adceae6d742ae20a4c880d99c131f1460a/CMakeLists.txt.orig rabbitmq-c-974d71adceae6d742ae20a4c880d99c131f1460a/CMakeLists.txt ---- rabbitmq-c-974d71adceae6d742ae20a4c880d99c131f1460a/CMakeLists.txt.orig 2023-02-06 01:31:11.000000000 +0100 -+++ rabbitmq-c-974d71adceae6d742ae20a4c880d99c131f1460a/CMakeLists.txt 2024-03-05 15:42:21.610143596 +0100 -@@ -42,6 +42,7 @@ endif() - - include(CheckSymbolExists) - include(CheckLibraryExists) -+include(CMakeDependentOption) - include(CMakePushCheckState) - include(GNUInstallDirs) - -@@ -119,14 +120,19 @@ if (ENABLE_SSL_SUPPORT) - set(THREADS_PREFER_PTHREAD_FLAG ON) - find_package(Threads REQUIRED) - cmake_pop_check_state() -+ -+ cmake_push_check_state() -+ set(CMAKE_REQUIRED_LIBRARIES OpenSSL::SSL) -+ check_symbol_exists(ENGINE_new openssl/engine.h HAS_OPENSSL_ENGINE) -+ cmake_pop_check_state() -+ -+ cmake_dependent_option(ENABLE_SSL_ENGINE_API "Enable support for deprecated OpenSSL ENGINE feature" ON "HAS_OPENSSL_ENGINE" OFF) - endif() - - if(CMAKE_PROJECT_NAME STREQUAL PROJECT_NAME) - include(CTest) - endif() - --include(CMakeDependentOption) -- - option(BUILD_SHARED_LIBS "Build rabbitmq-c as a shared library" ON) - option(BUILD_STATIC_LIBS "Build rabbitmq-c as a static library" ON) - option(INSTALL_STATIC_LIBS "Install rabbitmq-c static library" ON) -diff -up rabbitmq-c-974d71adceae6d742ae20a4c880d99c131f1460a/include/rabbitmq-c/amqp.h.orig rabbitmq-c-974d71adceae6d742ae20a4c880d99c131f1460a/include/rabbitmq-c/amqp.h ---- rabbitmq-c-974d71adceae6d742ae20a4c880d99c131f1460a/include/rabbitmq-c/amqp.h.orig 2023-02-06 01:31:11.000000000 +0100 -+++ rabbitmq-c-974d71adceae6d742ae20a4c880d99c131f1460a/include/rabbitmq-c/amqp.h 2024-03-05 15:42:21.612143634 +0100 -@@ -670,7 +670,8 @@ typedef enum amqp_status_enum_ { - certificate failed. */ - AMQP_STATUS_SSL_CONNECTION_FAILED = -0x0203, /**< SSL handshake failed. */ - AMQP_STATUS_SSL_SET_ENGINE_FAILED = -0x0204, /**< SSL setting engine failed */ -- _AMQP_STATUS_SSL_NEXT_VALUE = -0x0205 /**< Internal value */ -+ AMQP_STATUS_SSL_UNIMPLEMENTED = -0x0205, /**< SSL API is not implemented. */ -+ _AMQP_STATUS_SSL_NEXT_VALUE = -0x0206 /**< Internal value */ - } amqp_status_enum; - - /** -diff -up rabbitmq-c-974d71adceae6d742ae20a4c880d99c131f1460a/include/rabbitmq-c/ssl_socket.h.orig rabbitmq-c-974d71adceae6d742ae20a4c880d99c131f1460a/include/rabbitmq-c/ssl_socket.h ---- rabbitmq-c-974d71adceae6d742ae20a4c880d99c131f1460a/include/rabbitmq-c/ssl_socket.h.orig 2023-02-06 01:31:11.000000000 +0100 -+++ rabbitmq-c-974d71adceae6d742ae20a4c880d99c131f1460a/include/rabbitmq-c/ssl_socket.h 2024-03-05 15:42:21.612143634 +0100 -@@ -102,7 +102,8 @@ int AMQP_CALL amqp_ssl_socket_set_key(am - * \param [in] the key ID. - * - * \return \ref AMQP_STATUS_OK on success an \ref amqp_status_enum value on -- * failure. -+ * failure. May return \ref AMQP_STATUS_SSL_UNIMPLEMENTED if OpenSSL does -+ * not support the ENGINE API. - * - * \since v0.11.0 - */ -@@ -262,7 +263,8 @@ int AMQP_CALL amqp_initialize_ssl_librar - * has been called. - * - * \param [in] engine the engine ID -- * \return AMQP_STATUS_OK on success. -+ * \return AMQP_STATUS_OK on success. May return \ref AMQP_STATUS_SSL_UNIMPLEMENTED -+ * if OpenSSL does not support the ENGINE API. - * - * \since v0.11.0 - */ -diff -up rabbitmq-c-974d71adceae6d742ae20a4c880d99c131f1460a/librabbitmq/amqp_api.c.orig rabbitmq-c-974d71adceae6d742ae20a4c880d99c131f1460a/librabbitmq/amqp_api.c ---- rabbitmq-c-974d71adceae6d742ae20a4c880d99c131f1460a/librabbitmq/amqp_api.c.orig 2023-02-06 01:31:11.000000000 +0100 -+++ rabbitmq-c-974d71adceae6d742ae20a4c880d99c131f1460a/librabbitmq/amqp_api.c 2024-03-05 15:42:21.612143634 +0100 -@@ -85,7 +85,9 @@ static const char *ssl_error_strings[] = - /* AMQP_STATUS_SSL_CONNECTION_FAILED -0x0203 */ - "SSL handshake failed", - /* AMQP_STATUS_SSL_SET_ENGINE_FAILED -0x0204 */ -- "SSL setting engine failed"}; -+ "SSL setting engine failed", -+ /* AMQP_STATUS_SSL_UNIMPLEMENTED -0x0204 */ -+ "SSL API is not implemented"}; - - static const char *unknown_error_string = "(unknown error)"; - -diff -up rabbitmq-c-974d71adceae6d742ae20a4c880d99c131f1460a/librabbitmq/amqp_openssl.c.orig rabbitmq-c-974d71adceae6d742ae20a4c880d99c131f1460a/librabbitmq/amqp_openssl.c ---- rabbitmq-c-974d71adceae6d742ae20a4c880d99c131f1460a/librabbitmq/amqp_openssl.c.orig 2023-02-06 01:31:11.000000000 +0100 -+++ rabbitmq-c-974d71adceae6d742ae20a4c880d99c131f1460a/librabbitmq/amqp_openssl.c 2024-03-05 15:42:21.613143653 +0100 -@@ -23,7 +23,9 @@ - #include - #include - #include -+#ifdef ENABLE_SSL_ENGINE_API - #include -+#endif - #include - #include - #include -@@ -36,7 +38,9 @@ static int decrement_ssl_connections(voi - static pthread_mutex_t openssl_init_mutex = PTHREAD_MUTEX_INITIALIZER; - static amqp_boolean_t openssl_bio_initialized = 0; - static int openssl_connections = 0; -+#ifdef ENABLE_SSL_ENGINE_API - static ENGINE *openssl_engine = NULL; -+#endif - - #define CHECK_SUCCESS(condition) \ - do { \ -@@ -391,6 +395,7 @@ int amqp_ssl_socket_set_key(amqp_socket_ - - int amqp_ssl_socket_set_key_engine(amqp_socket_t *base, const char *cert, - const char *key) { -+#ifdef ENABLE_SSL_ENGINE_API - int status; - struct amqp_ssl_socket_t *self; - EVP_PKEY *pkey = NULL; -@@ -415,6 +420,9 @@ int amqp_ssl_socket_set_key_engine(amqp_ - return AMQP_STATUS_SSL_ERROR; - } - return AMQP_STATUS_OK; -+#else -+ return AMQP_STATUS_SSL_UNIMPLEMENTED; -+#endif - } - - static int password_cb(AMQP_UNUSED char *buffer, AMQP_UNUSED int length, -@@ -580,6 +588,7 @@ void amqp_set_initialize_ssl_library(amq - int amqp_initialize_ssl_library(void) { return AMQP_STATUS_OK; } - - int amqp_set_ssl_engine(const char *engine) { -+#ifdef ENABLE_SSL_ENGINE_API - int status = AMQP_STATUS_OK; - CHECK_SUCCESS(pthread_mutex_lock(&openssl_init_mutex)); - -@@ -609,6 +618,9 @@ int amqp_set_ssl_engine(const char *engi - out: - CHECK_SUCCESS(pthread_mutex_unlock(&openssl_init_mutex)); - return status; -+#else -+ return AMQP_STATUS_SSL_UNIMPLEMENTED; -+#endif - } - - static int initialize_ssl_and_increment_connections() { diff --git a/sources b/sources index d9fada3..a650cbf 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (rabbitmq-c-0.13.0-974d71a.tar.gz) = 58b3ca777a971ac451edb75afb2446d4bf7611134387db6dadcc95ff1f44257eb1812ff665f658544e03e14622ccc6aacc26d03d1b30a16470ccb1977275bf34 +SHA512 (rabbitmq-c-0.14.0-124722b.tar.gz) = 167f340002d96769e19b5ea7e567d397f6702b0c212cbcf771f2e8ea16531221046747f9d70315869f696587a9e0922d922362efcc45bb1401420e9558b63acc