Compare commits

...

No commits in common. "c8" and "c10s-private-than" have entirely different histories.

11 changed files with 302 additions and 185 deletions

21
.gitignore vendored
View File

@ -1 +1,20 @@
SOURCES/v0.9.0.tar.gz
clog
/6fb87d6eb01b.tar.bz2
/fb6fca832fd2.tar.bz2
/alanxz-rabbitmq-c-0.2-69-g2059570.tar.gz
/db13342f2443.tar.bz2
/rabbitmq-c-v0.3.0.tar.gz
/rabbitmq-c-0.4.1.tar.gz
/rabbitmq-c-0.5.0.tar.gz
/rabbitmq-c-0.5.1.tar.gz
/rabbitmq-c-0.5.2.tar.gz
/rabbitmq-c-0.6.0.tar.gz
/rabbitmq-c-0.7.0-4dde30c.tar.gz
/rabbitmq-c-0.7.1-a536516.tar.gz
/rabbitmq-c-0.8.0-caad0ef.tar.gz
/rabbitmq-c-0.9.0-77e3805.tar.gz
/rabbitmq-c-0.10.0-ffe918a.tar.gz
/rabbitmq-c-0.11.0-a64c08c.tar.gz
/rabbitmq-c-0.12.0-675afc2.tar.gz
/rabbitmq-c-0.13.0-974d71a.tar.gz
/rabbitmq-c-0.14.0-124722b.tar.gz

View File

@ -1 +0,0 @@
0709ef3c9906bd13158d3f9b11f1666bb3903f1d SOURCES/v0.9.0.tar.gz

View File

@ -1,28 +0,0 @@
diff -up rabbitmq-c-0.9.0/librabbitmq/amqp_connection.c.CVE-2019-18609 rabbitmq-c-0.9.0/librabbitmq/amqp_connection.c
--- rabbitmq-c-0.9.0/librabbitmq/amqp_connection.c.CVE-2019-18609 2020-04-06 15:10:07.002386201 +0200
+++ rabbitmq-c-0.9.0/librabbitmq/amqp_connection.c 2020-04-06 15:17:03.624425371 +0200
@@ -287,12 +287,21 @@ int amqp_handle_input(amqp_connection_st
case CONNECTION_STATE_HEADER: {
amqp_channel_t channel;
amqp_pool_t *channel_pool;
- /* frame length is 3 bytes in */
+ uint32_t frame_size;
+
channel = amqp_d16(amqp_offset(raw_frame, 1));
- state->target_size =
- amqp_d32(amqp_offset(raw_frame, 3)) + HEADER_SIZE + FOOTER_SIZE;
+ /* frame length is 3 bytes in */
+ frame_size = amqp_d32(amqp_offset(raw_frame, 3));
+ /* To prevent the target_size calculation below from overflowing, check
+ * that the stated frame_size is smaller than a signed 32-bit. Given
+ * the library only allows configuring frame_max as an int32_t, and
+ * frame_size is uint32_t, the math below is safe from overflow. */
+ if (frame_size >= INT32_MAX) {
+ return AMQP_STATUS_BAD_AMQP_DATA;
+ }
+ state->target_size = frame_size + HEADER_SIZE + FOOTER_SIZE;
if ((size_t)state->frame_max < state->target_size) {
return AMQP_STATUS_BAD_AMQP_DATA;
}

View File

@ -1,125 +0,0 @@
commit 463054383fbeef889b409a7f843df5365288e2a0
Author: Christian Kastner <ckk@kvr.at>
Date: Tue Jun 13 14:21:52 2023 +0200
Add option to read username/password from file (#781)
* Add option to read username/password from file
diff --git a/tools/common.c b/tools/common.c
index 73b47e2..7efe557 100644
--- a/tools/common.c
+++ b/tools/common.c
@@ -18,6 +18,11 @@
#include "compat.h"
#endif
+/* For when reading auth data from a file */
+#define MAXAUTHTOKENLEN 128
+#define USERNAMEPREFIX "username:"
+#define PASSWORDPREFIX "password:"
+
void die(const char *fmt, ...) {
va_list ap;
va_start(ap, fmt);
@@ -125,6 +130,7 @@ static char *amqp_vhost;
static char *amqp_username;
static char *amqp_password;
static int amqp_heartbeat = 0;
+static char *amqp_authfile;
#ifdef WITH_SSL
static int amqp_ssl = 0;
static char *amqp_cacert = "/etc/ssl/certs/cacert.pem";
@@ -147,6 +153,8 @@ struct poptOption connect_options[] = {
"the password to login with", "password"},
{"heartbeat", 0, POPT_ARG_INT, &amqp_heartbeat, 0,
"heartbeat interval, set to 0 to disable", "heartbeat"},
+ {"authfile", 0, POPT_ARG_STRING, &amqp_authfile, 0,
+ "path to file containing username/password for authentication", "file"},
#ifdef WITH_SSL
{"ssl", 0, POPT_ARG_NONE, &amqp_ssl, 0, "connect over SSL/TLS", NULL},
{"cacert", 0, POPT_ARG_STRING, &amqp_cacert, 0,
@@ -158,6 +166,50 @@ struct poptOption connect_options[] = {
#endif /* WITH_SSL */
{NULL, '\0', 0, NULL, 0, NULL, NULL}};
+void read_authfile(const char *path) {
+ size_t n;
+ FILE *fp = NULL;
+ char token[MAXAUTHTOKENLEN];
+
+ if ((amqp_username = malloc(MAXAUTHTOKENLEN)) == NULL ||
+ (amqp_password = malloc(MAXAUTHTOKENLEN)) == NULL) {
+ die("Out of memory");
+ } else if ((fp = fopen(path, "r")) == NULL) {
+ die("Could not read auth data file %s", path);
+ }
+
+ if (fgets(token, MAXAUTHTOKENLEN, fp) == NULL ||
+ strncmp(token, USERNAMEPREFIX, strlen(USERNAMEPREFIX))) {
+ die("Malformed auth file (missing username)");
+ }
+ strncpy(amqp_username, &token[strlen(USERNAMEPREFIX)], MAXAUTHTOKENLEN);
+ /* Missing newline means token was cut off */
+ n = strlen(amqp_username);
+ if (amqp_username[n - 1] != '\n') {
+ die("Username too long");
+ } else {
+ amqp_username[n - 1] = '\0';
+ }
+
+ if (fgets(token, MAXAUTHTOKENLEN, fp) == NULL ||
+ strncmp(token, PASSWORDPREFIX, strlen(PASSWORDPREFIX))) {
+ die("Malformed auth file (missing password)");
+ }
+ strncpy(amqp_password, &token[strlen(PASSWORDPREFIX)], MAXAUTHTOKENLEN);
+ /* Missing newline means token was cut off */
+ n = strlen(amqp_password);
+ if (amqp_password[n - 1] != '\n') {
+ die("Password too long");
+ } else {
+ amqp_password[n - 1] = '\0';
+ }
+
+ (void)fgetc(fp);
+ if (!feof(fp)) {
+ die("Malformed auth file (trailing data)");
+ }
+}
+
static void init_connection_info(struct amqp_connection_info *ci) {
ci->user = NULL;
ci->password = NULL;
@@ -237,6 +289,8 @@ static void init_connection_info(struct amqp_connection_info *ci) {
if (amqp_username) {
if (amqp_url) {
die("--username and --url options cannot be used at the same time");
+ } else if (amqp_authfile) {
+ die("--username and --authfile options cannot be used at the same time");
}
ci->user = amqp_username;
@@ -245,11 +299,23 @@ static void init_connection_info(struct amqp_connection_info *ci) {
if (amqp_password) {
if (amqp_url) {
die("--password and --url options cannot be used at the same time");
+ } else if (amqp_authfile) {
+ die("--password and --authfile options cannot be used at the same time");
}
ci->password = amqp_password;
}
+ if (amqp_authfile) {
+ if (amqp_url) {
+ die("--authfile and --url options cannot be used at the same time");
+ }
+
+ read_authfile(amqp_authfile);
+ ci->user = amqp_username;
+ ci->password = amqp_password;
+ }
+
if (amqp_vhost) {
if (amqp_url) {
die("--vhost and --url options cannot be used at the same time");

7
gating.yaml Normal file
View File

@ -0,0 +1,7 @@
#gating rhel
--- !Policy
product_versions:
- rhel-*
decision_context: osci_compose_gate
rules:
- !PassingTestCaseRule {test_case_name: baseos-ci.brew-build.tier1.functional}

View File

@ -1,29 +1,38 @@
# Fedora spec file for librabbitmq
#
# Copyright (c) 2012-2018 Remi Collet
# License: CC-BY-SA
# Copyright (c) 2012-2023 Remi Collet
# License: CC-BY-SA-4.0
# http://creativecommons.org/licenses/by-sa/4.0/
#
# Please, preserve the changelog entries
#
Name: librabbitmq
%bcond_without tests
%global gh_commit 124722b5045baa41a24ce2e2d7c52a47467e7ac0
%global gh_short %(c=%{gh_commit}; echo ${c:0:7})
%global gh_owner alanxz
%global gh_project rabbitmq-c
%global libname librabbitmq
%global soname 4
Name: %{libname}
Summary: Client library for AMQP
Version: 0.9.0
Release: 4%{?dist}
Version: 0.14.0
Release: 1%{?dist}
License: MIT
URL: https://github.com/alanxz/rabbitmq-c
Source0: https://github.com/alanxz/rabbitmq-c/archive/v%{version}.tar.gz
Patch0: rabbitmq-c-0.9.0-CVE-2019-18609.patch
Patch1: rabbitmq-c-CVE-2023-35789.patch
Source0: https://github.com/%{gh_owner}/%{gh_project}/archive/%{gh_commit}/%{gh_project}-%{version}-%{gh_short}.tar.gz
BuildRequires: gcc
BuildRequires: cmake > 2.8
BuildRequires: openssl-devel
BuildRequires: cmake >= 3.12
BuildRequires: openssl-devel >= 1.1.1
# For tools
BuildRequires: popt-devel
BuildRequires: popt-devel >= 1.14
# For man page
BuildRequires: xmlto
BuildRequires: make
%description
@ -56,9 +65,7 @@ amqp-publish Publish a message on an AMQP server
%prep
%setup -q -n rabbitmq-c-%{version}
%patch0 -p1 -b .CVE-2019-18609
%patch1 -p1 -b .CVE-2023-35789
%setup -q -n %{gh_project}-%{gh_commit}
# Copy sources to be included in -devel docs.
cp -pr examples Examples
@ -66,40 +73,70 @@ cp -pr examples Examples
# This test requires a running server
sed -e '/test_basic/d' -i tests/CMakeLists.txt
%build
# static lib required for tests
%cmake \
-DBUILD_TOOLS:BOOL=ON \
-DBUILD_TOOLS_DOCS:BOOL=ON \
-DBUILD_STATIC_LIBS:BOOL=ON
-DENABLE_SSL_ENGINE_API:BOOL=OFF \
%if %{with tests}
-DINSTALL_STATIC_LIBS:BOOL=OFF \
%else
-DBUILD_TESTING:BOOL=OFF \
-DBUILD_STATIC_LIBS:BOOL=OFF \
%endif
-S .
%if 0%{?cmake_build:1}
%cmake_build
%else
make %{_smp_mflags}
%endif
%install
%if 0%{?cmake_install:1}
%cmake_install
%else
make install DESTDIR="%{buildroot}"
rm %{buildroot}%{_libdir}/%{name}.a
%endif
%check
: check .pc is usable
grep @ %{buildroot}%{_libdir}/pkgconfig/%{name}.pc && exit 1
grep @ %{buildroot}%{_libdir}/pkgconfig/librabbitmq.pc && exit 1
grep %{version} %{buildroot}%{_libdir}/pkgconfig/librabbitmq.pc || exit 1
: check cmake files are usable
grep static %{buildroot}%{_libdir}/cmake/rabbitmq-c/*.cmake && exit 1
%if %{with tests}
: upstream tests
%if 0%{?ctest:1}
%ctest
%else
make test
%endif
%else
: Tests disabled
%endif
%files
%license LICENSE-MIT
%{_libdir}/%{name}.so.*
%license LICENSE
%{_libdir}/%{libname}.so.%{soname}
%{_libdir}/%{libname}.so.%{version}
%files devel
%doc AUTHORS THANKS TODO *.md
%doc AUTHORS THANKS *.md
%doc Examples
%{_libdir}/%{name}.so
%{_libdir}/%{libname}.so
%{_includedir}/amqp*
%{_libdir}/pkgconfig/%{name}.pc
%{_includedir}/rabbitmq-c
%{_libdir}/pkgconfig/%{libname}.pc
%{_libdir}/cmake/rabbitmq-c
%files tools
%{_bindir}/amqp-*
@ -108,16 +145,88 @@ make test
%changelog
* Fri Jun 23 2023 Than Ngo <than@redhat.com> - 0.9.0-4
- Resolves: #2215765, insecure credentials submission
* Wed Apr 03 2024 Than Ngo <than@redhat.com> - 0.14.0-1
- update to 0.14.0
- fix rpminspect rpmdeps
- fix gating-yaml-checks
* Tue Sep 29 2020 Than Ngo <than@redhat.com> - 0.9.0-3
- Resolves: #1857831, rpmdiff
Related: RHEL-31259
* Mon Apr 06 2020 Than Ngo <than@redhat.com> - 0.9.0-2
- Resolves: #1809992, CVE-2019-18609
* Tue Apr 02 2024 Than Ngo <than@redhat.com> - 0.13.0-6
- Resolves: RHEL-31259, Conditionally enable SSL engine APIs
* Thu Jun 28 2018 Than Ngo <than@redhat.com> - 0.9.0-1
* Thu Jan 25 2024 Fedora Release Engineering <releng@fedoraproject.org> - 0.13.0-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Sun Jan 21 2024 Fedora Release Engineering <releng@fedoraproject.org> - 0.13.0-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Thu Jul 20 2023 Fedora Release Engineering <releng@fedoraproject.org> - 0.13.0-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Thu Jun 29 2023 Than Ngo <than@redhat.com> - 0.13.0-2
- fix security issue, CVE-2023-35789
* Mon Feb 6 2023 Remi Collet <remi@remirepo.net> - 0.13.0-1
- update to 0.13.0
- drop patches merged upstream
* Wed Feb 1 2023 Remi Collet <remi@remirepo.net> - 0.12.0-1
- update to 0.12.0
- add patch to not install the static library, from
https://github.com/alanxz/rabbitmq-c/pull/749
- add patch to fix version in pkgconfig file, from
https://github.com/alanxz/rabbitmq-c/pull/751
* Thu Jan 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 0.11.0-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Thu Jul 21 2022 Fedora Release Engineering <releng@fedoraproject.org> - 0.11.0-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Thu Jan 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 0.11.0-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
* Tue Sep 14 2021 Sahana Prasad <sahana@redhat.com> - 0.11.0-4
- Rebuilt with OpenSSL 3.0.0
* Thu Jul 22 2021 Fedora Release Engineering <releng@fedoraproject.org> - 0.11.0-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
* Thu Apr 1 2021 Remi Collet <remi@remirepo.net> - 0.11.0-2
- add patch to fix version in cmake file from
https://github.com/alanxz/rabbitmq-c/pull/667
* Thu Apr 1 2021 Remi Collet <remi@remirepo.net> - 0.11.0-1
- update to 0.11.0
- add patch to not install the static library, from
https://github.com/alanxz/rabbitmq-c/pull/665
* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 0.10.0-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Thu Aug 13 2020 Remi Collet <remi@remirepo.net> - 0.10.0-3
- fix cmake macros usage, FTBFS #1863670
* Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.10.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Mon Dec 2 2019 Remi Collet <remi@remirepo.net> - 0.10.0-1
- update to 0.10.0
* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0.9.0-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Mon Feb 4 2019 Remi Collet <remi@remirepo.net> - 0.9.0-3
- fix cmake invocation and FTBFS
* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0.9.0-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.9.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Tue May 15 2018 Remi Collet <remi@remirepo.net> - 0.9.0-1
- update to 0.9.0
* Tue Feb 20 2018 Remi Collet <remi@remirepo.net> - 0.8.0-7

1
sources Normal file
View File

@ -0,0 +1 @@
SHA512 (rabbitmq-c-0.14.0-124722b.tar.gz) = 167f340002d96769e19b5ea7e567d397f6702b0c212cbcf771f2e8ea16531221046747f9d70315869f696587a9e0922d922362efcc45bb1401420e9558b63acc

View File

@ -0,0 +1,63 @@
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# Makefile of /CoreOS/librabbitmq/Sanity/Sanity-test-for-librabbitmq
# Description: Tests the sanity of librabbitmq
# Author: Than Ngo <than@redhat.com>
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# Copyright (c) 2019 Red Hat, Inc.
#
# This copyrighted material is made available to anyone wishing
# to use, modify, copy, or redistribute it subject to the terms
# and conditions of the GNU General Public License version 2.
#
# This program is distributed in the hope that it will be
# useful, but WITHOUT ANY WARRANTY; without even the implied
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
# PURPOSE. See the GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public
# License along with this program; if not, write to the Free
# Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
# Boston, MA 02110-1301, USA.
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
export TEST=/CoreOS/librabbitmq/Sanity/Sanity-test-for-librabbitmq
export TESTVERSION=1.0
BUILT_FILES=
FILES=$(METADATA) runtest.sh Makefile PURPOSE
.PHONY: all install download clean
run: $(FILES) build
./runtest.sh
build: $(BUILT_FILES)
test -x runtest.sh || chmod a+x runtest.sh
clean:
rm -f *~ $(BUILT_FILES)
include /usr/share/rhts/lib/rhts-make.include
$(METADATA): Makefile
@echo "Owner: Than Ngo <than@redhat.com>" > $(METADATA)
@echo "Name: $(TEST)" >> $(METADATA)
@echo "TestVersion: $(TESTVERSION)" >> $(METADATA)
@echo "Path: $(TEST_DIR)" >> $(METADATA)
@echo "Description: tests basic functionality" >> $(METADATA)
@echo "Type: Sanity" >> $(METADATA)
@echo "TestTime: 5m" >> $(METADATA)
@echo "RunFor: librabbitmq" >> $(METADATA)
@echo "Requires: librabbitmq librabbitmq-devel" >> $(METADATA)
@echo "Priority: Normal" >> $(METADATA)
@echo "License: MIT" >> $(METADATA)
@echo "Confidential: no" >> $(METADATA)
@echo "Destructive: no" >> $(METADATA)
rhts-lint $(METADATA)

View File

@ -0,0 +1,3 @@
PURPOSE of /CoreOS/librabbitmq/Sanity/Sanity-test-for-librabbitmq
Description: Tests the sanity
Author: Than Ngo <than@redhat.com>

View File

@ -0,0 +1,58 @@
#!/bin/bash
# vim: dict+=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# runtest.sh of /CoreOS/librabbitmq/Sanity/Sanity-test-for-librabbitmq
# Description: Tests the sanity
# Author: Than Ngo <than@redhat.com>, Brock Organ <borgan@redhat.com>
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# Copyright (c) 2019 Red Hat, Inc.
#
# This copyrighted material is made available to anyone wishing
# to use, modify, copy, or redistribute it subject to the terms
# and conditions of the GNU General Public License version 2.
#
# This program is distributed in the hope that it will be
# useful, but WITHOUT ANY WARRANTY; without even the implied
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
# PURPOSE. See the GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public
# License along with this program; if not, write to the Free
# Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
# Boston, MA 02110-1301, USA.
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
PACKAGES="librabbitmq librabbitmq-devel"
# source the test script helpers
. /usr/bin/rhts-environment.sh || exit 1
. /usr/share/beakerlib/beakerlib.sh || exit 1
rlJournalStart
rlPhaseStartSetup
for p in $PACKAGES ; do
rlAssertRpm $p
done
rlRun "TmpDir=\$(mktemp -d)" 0 "Creating tmp directory"
rlRun "pushd $TmpDir"
rlPhaseEnd
rlPhaseStartTest "Smoke, sanity and function tests"
for o in $(ls -1 /usr/lib64/librabbitmq.so*) ; do
rlRun "ldd $o" 0 "validate the shared objects"
rlRun "objdump -T $o" 0 "validate the shared objects"
done
rlRun "head /usr/share/doc/librabbitmq-devel/README.md" 0 "correct form for doc file"
rlRun "head /usr/share/licenses/librabbitmq/LICENSE-MIT" 0 "correct form for doc file"
rlPhaseEnd
rlPhaseStartCleanup
rlRun "popd"
rlRun "rm -fr $TmpDir" 0 "Removing tmp directory"
rlPhaseEnd
rlJournalPrintText
rlJournalEnd

11
tests/tests.yml Normal file
View File

@ -0,0 +1,11 @@
---
# Run tests in all contexts
- hosts: localhost
tags:
- classic
roles:
- role: standard-test-beakerlib
tests:
- Sanity
required_packages:
- librabbitmq