import CS librabbitmq-0.11.0-7.el9
This commit is contained in:
parent
887a9212a3
commit
71ae6ec1a2
125
SOURCES/rabbitmq-c-CVE-2023-35789.patch
Normal file
125
SOURCES/rabbitmq-c-CVE-2023-35789.patch
Normal file
@ -0,0 +1,125 @@
|
||||
commit 463054383fbeef889b409a7f843df5365288e2a0
|
||||
Author: Christian Kastner <ckk@kvr.at>
|
||||
Date: Tue Jun 13 14:21:52 2023 +0200
|
||||
|
||||
Add option to read username/password from file (#781)
|
||||
|
||||
* Add option to read username/password from file
|
||||
|
||||
diff --git a/tools/common.c b/tools/common.c
|
||||
index 73b47e2..7efe557 100644
|
||||
--- a/tools/common.c
|
||||
+++ b/tools/common.c
|
||||
@@ -18,6 +18,11 @@
|
||||
#include "compat.h"
|
||||
#endif
|
||||
|
||||
+/* For when reading auth data from a file */
|
||||
+#define MAXAUTHTOKENLEN 128
|
||||
+#define USERNAMEPREFIX "username:"
|
||||
+#define PASSWORDPREFIX "password:"
|
||||
+
|
||||
void die(const char *fmt, ...) {
|
||||
va_list ap;
|
||||
va_start(ap, fmt);
|
||||
@@ -125,6 +130,7 @@ static char *amqp_vhost;
|
||||
static char *amqp_username;
|
||||
static char *amqp_password;
|
||||
static int amqp_heartbeat = 0;
|
||||
+static char *amqp_authfile;
|
||||
#ifdef WITH_SSL
|
||||
static int amqp_ssl = 0;
|
||||
static char *amqp_cacert = "/etc/ssl/certs/cacert.pem";
|
||||
@@ -147,6 +153,8 @@ struct poptOption connect_options[] = {
|
||||
"the password to login with", "password"},
|
||||
{"heartbeat", 0, POPT_ARG_INT, &amqp_heartbeat, 0,
|
||||
"heartbeat interval, set to 0 to disable", "heartbeat"},
|
||||
+ {"authfile", 0, POPT_ARG_STRING, &amqp_authfile, 0,
|
||||
+ "path to file containing username/password for authentication", "file"},
|
||||
#ifdef WITH_SSL
|
||||
{"ssl", 0, POPT_ARG_NONE, &amqp_ssl, 0, "connect over SSL/TLS", NULL},
|
||||
{"cacert", 0, POPT_ARG_STRING, &amqp_cacert, 0,
|
||||
@@ -158,6 +166,50 @@ struct poptOption connect_options[] = {
|
||||
#endif /* WITH_SSL */
|
||||
{NULL, '\0', 0, NULL, 0, NULL, NULL}};
|
||||
|
||||
+void read_authfile(const char *path) {
|
||||
+ size_t n;
|
||||
+ FILE *fp = NULL;
|
||||
+ char token[MAXAUTHTOKENLEN];
|
||||
+
|
||||
+ if ((amqp_username = malloc(MAXAUTHTOKENLEN)) == NULL ||
|
||||
+ (amqp_password = malloc(MAXAUTHTOKENLEN)) == NULL) {
|
||||
+ die("Out of memory");
|
||||
+ } else if ((fp = fopen(path, "r")) == NULL) {
|
||||
+ die("Could not read auth data file %s", path);
|
||||
+ }
|
||||
+
|
||||
+ if (fgets(token, MAXAUTHTOKENLEN, fp) == NULL ||
|
||||
+ strncmp(token, USERNAMEPREFIX, strlen(USERNAMEPREFIX))) {
|
||||
+ die("Malformed auth file (missing username)");
|
||||
+ }
|
||||
+ strncpy(amqp_username, &token[strlen(USERNAMEPREFIX)], MAXAUTHTOKENLEN);
|
||||
+ /* Missing newline means token was cut off */
|
||||
+ n = strlen(amqp_username);
|
||||
+ if (amqp_username[n - 1] != '\n') {
|
||||
+ die("Username too long");
|
||||
+ } else {
|
||||
+ amqp_username[n - 1] = '\0';
|
||||
+ }
|
||||
+
|
||||
+ if (fgets(token, MAXAUTHTOKENLEN, fp) == NULL ||
|
||||
+ strncmp(token, PASSWORDPREFIX, strlen(PASSWORDPREFIX))) {
|
||||
+ die("Malformed auth file (missing password)");
|
||||
+ }
|
||||
+ strncpy(amqp_password, &token[strlen(PASSWORDPREFIX)], MAXAUTHTOKENLEN);
|
||||
+ /* Missing newline means token was cut off */
|
||||
+ n = strlen(amqp_password);
|
||||
+ if (amqp_password[n - 1] != '\n') {
|
||||
+ die("Password too long");
|
||||
+ } else {
|
||||
+ amqp_password[n - 1] = '\0';
|
||||
+ }
|
||||
+
|
||||
+ (void)fgetc(fp);
|
||||
+ if (!feof(fp)) {
|
||||
+ die("Malformed auth file (trailing data)");
|
||||
+ }
|
||||
+}
|
||||
+
|
||||
static void init_connection_info(struct amqp_connection_info *ci) {
|
||||
ci->user = NULL;
|
||||
ci->password = NULL;
|
||||
@@ -237,6 +289,8 @@ static void init_connection_info(struct amqp_connection_info *ci) {
|
||||
if (amqp_username) {
|
||||
if (amqp_url) {
|
||||
die("--username and --url options cannot be used at the same time");
|
||||
+ } else if (amqp_authfile) {
|
||||
+ die("--username and --authfile options cannot be used at the same time");
|
||||
}
|
||||
|
||||
ci->user = amqp_username;
|
||||
@@ -245,11 +299,23 @@ static void init_connection_info(struct amqp_connection_info *ci) {
|
||||
if (amqp_password) {
|
||||
if (amqp_url) {
|
||||
die("--password and --url options cannot be used at the same time");
|
||||
+ } else if (amqp_authfile) {
|
||||
+ die("--password and --authfile options cannot be used at the same time");
|
||||
}
|
||||
|
||||
ci->password = amqp_password;
|
||||
}
|
||||
|
||||
+ if (amqp_authfile) {
|
||||
+ if (amqp_url) {
|
||||
+ die("--authfile and --url options cannot be used at the same time");
|
||||
+ }
|
||||
+
|
||||
+ read_authfile(amqp_authfile);
|
||||
+ ci->user = amqp_username;
|
||||
+ ci->password = amqp_password;
|
||||
+ }
|
||||
+
|
||||
if (amqp_vhost) {
|
||||
if (amqp_url) {
|
||||
die("--vhost and --url options cannot be used at the same time");
|
@ -19,7 +19,7 @@
|
||||
Name: %{libname}
|
||||
Summary: Client library for AMQP
|
||||
Version: 0.11.0
|
||||
Release: 5%{?dist}
|
||||
Release: 7%{?dist}
|
||||
License: MIT
|
||||
URL: https://github.com/alanxz/rabbitmq-c
|
||||
|
||||
@ -29,6 +29,8 @@ Source0: https://github.com/%{gh_owner}/%{gh_project}/archive/%{gh_commit}/%{g
|
||||
Patch0: %{gh_project}-static.patch
|
||||
# fix version for cmake module
|
||||
Patch1: %{gh_project}-version.patch
|
||||
# CVE-2023-35789
|
||||
Patch2: rabbitmq-c-CVE-2023-35789.patch
|
||||
|
||||
BuildRequires: gcc
|
||||
BuildRequires: cmake > 2.8
|
||||
@ -56,7 +58,7 @@ for %{name}.
|
||||
|
||||
%package tools
|
||||
Summary: Example tools built using the librabbitmq package
|
||||
Requires: %{name}%{?_isa} = %{version}
|
||||
Requires: %{name}%{?_isa} = %{version}-%{release}
|
||||
|
||||
%description tools
|
||||
This package contains example tools built using %{name}.
|
||||
@ -71,8 +73,9 @@ amqp-publish Publish a message on an AMQP server
|
||||
|
||||
%prep
|
||||
%setup -q -n %{gh_project}-%{gh_commit}
|
||||
%patch0 -p1
|
||||
%patch1 -p1
|
||||
%patch -P0 -p1
|
||||
%patch -P1 -p1
|
||||
%patch -P2 -p1
|
||||
|
||||
# Copy sources to be included in -devel docs.
|
||||
cp -pr examples Examples
|
||||
@ -146,6 +149,14 @@ make test
|
||||
|
||||
|
||||
%changelog
|
||||
* Fri Jun 23 2023 Than Ngo <than@redhat.com> - 0.11.0-7
|
||||
- add missing gating.yaml
|
||||
- fix rpminspect issue
|
||||
Related: #2215766
|
||||
|
||||
* Fri Jun 23 2023 Than Ngo <than@redhat.com> - 0.11.0-6
|
||||
- Resolves: #2215766, insecure credentials submission
|
||||
|
||||
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 0.11.0-5
|
||||
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
|
||||
Related: rhbz#1991688
|
||||
|
Loading…
Reference in New Issue
Block a user