rabbitmq-c: update to 0.10.0

2020-11-19 16:22:25 -06:00 · 2020-11-19 16:22:25 -06:00 · 67a91596e8
parent 7f41d405d0
commit 67a91596e8
3 changed files with 96 additions and 53 deletions
--- a/srcpkgs/rabbitmq-c/patches/CVE-2019-18609.patch
+++ b/srcpkgs/rabbitmq-c/patches/CVE-2019-18609.patch
@ -1,47 +0,0 @@
 From fc85be7123050b91b054e45b91c78d3241a5047a Mon Sep 17 00:00:00 2001
 From: Alan Antonuk <alan.antonuk@gmail.com>
 Date: Sun, 3 Nov 2019 23:50:07 -0800
 Subject: [PATCH] lib: check frame_size is >= INT32_MAX
 When parsing a frame header, validate that the frame_size is less than
 or equal to INT32_MAX. Given frame_max is limited between 0 and
 INT32_MAX in amqp_login and friends, this does not change the API.
 This prevents a potential buffer overflow when a malicious client sends
 a frame_size that is close to UINT32_MAX, in which causes an overflow
 when computing state->target_size resulting in a small value there. A
 buffer is then allocated with the small amount, then memcopy copies the
 frame_size writing to memory beyond the end of the buffer.
 ---
 librabbitmq/amqp_connection.c | 15 ++++++++++++---
 1 file changed, 12 insertions(+), 3 deletions(-)
 diff --git librabbitmq/amqp_connection.c librabbitmq/amqp_connection.c
 index 034b2e96..b106f70a 100644
 --- librabbitmq/amqp_connection.c
 +++ librabbitmq/amqp_connection.c
@@ -287,12 +287,21 @@ int amqp_handle_input(amqp_connection_state_t state, amqp_bytes_t received_data,
     case CONNECTION_STATE_HEADER: {
       amqp_channel_t channel;
       amqp_pool_t *channel_pool;
 -      /* frame length is 3 bytes in */
 +      uint32_t frame_size;
 +
       channel = amqp_d16(amqp_offset(raw_frame, 1));
 -      state->target_size =
 -          amqp_d32(amqp_offset(raw_frame, 3)) + HEADER_SIZE + FOOTER_SIZE;
 +      /* frame length is 3 bytes in */
 +      frame_size = amqp_d32(amqp_offset(raw_frame, 3));
 +      /* To prevent the target_size calculation below from overflowing, check
 +       * that the stated frame_size is smaller than a signed 32-bit. Given
 +       * the library only allows configuring frame_max as an int32_t, and
 +       * frame_size is uint32_t, the math below is safe from overflow. */
 +      if (frame_size >= INT32_MAX) {
 +        return AMQP_STATUS_BAD_AMQP_DATA;
 +      }
 +      state->target_size = frame_size + HEADER_SIZE + FOOTER_SIZE;
       if ((size_t)state->frame_max < state->target_size) {
         return AMQP_STATUS_BAD_AMQP_DATA;
       }
--- a/srcpkgs/rabbitmq-c/patches/test.patch
+++ b/srcpkgs/rabbitmq-c/patches/test.patch
@ -0,0 +1,89 @@
 From 26ecf6d3012be81f5dfb8a2d822c722e916a86cb Mon Sep 17 00:00:00 2001
 From: Simon Lepasteur <simon.lepasteur@swissdotnet.ch>
 Date: Wed, 11 Mar 2020 15:13:29 +0100
 Subject: [PATCH] Add option to run system tests (disabled by default).
 System tests require a RabbitMQ or other AMQP server to be running on
 `localhost` at TCP port number 5672 and therefore fails if no such
 server is running on the build machine.
 This is surprising for everyone running the standard `make test`
 to ensure the library is built correctly.
 ---
 .travis.yml          | 2 +-
 CMakeLists.txt       | 1 +
 README.md            | 2 ++
 appveyor.yml         | 2 +-
 tests/CMakeLists.txt | 8 +++++---
 5 files changed, 10 insertions(+), 5 deletions(-)
 diff --git .travis.yml .travis.yml
 index 52a66b9c..5f56cb03 100644
 --- .travis.yml
 +++ .travis.yml
@@ -19,7 +19,7 @@ addons:
       name: "alanxz/rabbitmq-c"
       description: "C AMQP client for RabbitMQ"
     notification_email: alan.antonuk@gmail.com
 -    build_command_prepend: mkdir build && pushd build && cmake .. && popd
 +    build_command_prepend: mkdir build && pushd build && cmake .. -DRUN_SYSTEM_TESTS=ON && popd
     build_command: cmake --build ./build
     branch_pattern: coverity_scan
 diff --git CMakeLists.txt CMakeLists.txt
 index f620ddc8..a39645f4 100644
 --- CMakeLists.txt
 +++ CMakeLists.txt
@@ -266,6 +266,7 @@ option(BUILD_TOOLS "Build Tools (requires POPT Library)" ${POPT_FOUND})
 option(BUILD_TOOLS_DOCS "Build man pages for Tools (requires xmlto)" ${DO_DOCS})
 option(BUILD_TESTS "Build tests (run tests with make test)" ON)
 option(BUILD_API_DOCS "Build Doxygen API docs" ${DOXYGEN_FOUND})
 +option(RUN_SYSTEM_TESTS "Run system tests (i.e. tests requiring an accessible RabbitMQ server instance on localhost)" OFF)
 if (NOT BUILD_SHARED_LIBS AND NOT BUILD_STATIC_LIBS)
     message(FATAL_ERROR "One or both of BUILD_SHARED_LIBS or BUILD_STATIC_LIBS must be set to ON to build")
 diff --git README.md README.md
 index b7776c65..31347b15 100644
 --- README.md
 +++ README.md
@@ -84,6 +84,8 @@ Other interesting flags that can be passed to CMake:
    default this is ON if the OpenSSL headers and library can be found.
 * `BUILD_API_DOCS=ON/OFF` - toggles building the Doxygen API documentation, by
    default this is OFF
 +* `RUN_SYSTEM_TESTS=ON/OFF` toggles building the system tests (i.e. tests requiring 
 +   an accessible RabbitMQ server instance on localhost), by default this is OFF
 ## Running the examples
 diff --git appveyor.yml appveyor.yml
 index 7e41c099..af315227 100644
 --- appveyor.yml
 +++ appveyor.yml
@@ -30,7 +30,7 @@ install:
   - "Win%BITS%OpenSSL-%OPENSSL_VER%.exe /SP- /SILENT /SUPPRESSMSGBOXES /NORESTART"
 before_build:
 -  - cmake -DBUILD_SHARED_LIBS=ON -DBUILD_STATIC_LIBS=ON -DBUILD_TESTS=ON -DENABLE_SSL_SUPPORT=True -G"%GENERATOR%" .
 +  - cmake -DBUILD_SHARED_LIBS=ON -DBUILD_STATIC_LIBS=ON -DBUILD_TESTS=ON -DRUN_SYSTEM_TESTS=ON -DENABLE_SSL_SUPPORT=True -G"%GENERATOR%" .
 build:
   project: ALL_BUILD.vcxproj
 diff --git tests/CMakeLists.txt tests/CMakeLists.txt
 index cf042b04..320a73d7 100644
 --- tests/CMakeLists.txt
 +++ tests/CMakeLists.txt
@@ -33,9 +33,11 @@ add_executable(test_basic
                test_basic.c)
 target_link_libraries(test_basic rabbitmq-static)
 -if (NOT APPLE)
 -  add_test(basic test_basic)
 -endif()
 +if (RUN_SYSTEM_TESTS)
 +  if (NOT APPLE)
 +    add_test(basic test_basic)
 +  endif()
 +endif(RUN_SYSTEM_TESTS)
 add_executable(test_sasl_mechanism test_sasl_mechanism.c)
 target_link_libraries(test_sasl_mechanism rabbitmq-static)
--- a/srcpkgs/rabbitmq-c/template
+++ b/srcpkgs/rabbitmq-c/template
@ -1,8 +1,9 @@
 # Template file for 'rabbitmq-c'
 pkgname=rabbitmq-c
-version=0.9.0
+version=0.10.0
-revision=3
+revision=1
 build_style=cmake
 make_check_target=test
 hostmakedepends="popt xmlto doxygen"
 makedepends="libressl-devel"
 short_desc="RabbitMQ C client"
@ -10,10 +11,10 @@ maintainer="Hans-J. Schmid <knock@myopendoor.de>"
 license="MIT"
 homepage="https://github.com/alanxz/rabbitmq-c"
 distfiles="https://github.com/alanxz/${pkgname}/archive/v${version}.tar.gz"
-checksum=316c0d156452b488124806911a62e0c2aa8a546d38fc8324719cd29aaa493024
+checksum=6455efbaebad8891c59f274a852b75b5cc51f4d669dfc78d2ae7e6cc97fcd8c0
 post_install() {
-	vlicense LICENSE-MIT
+	vlicense LICENSE-MIT LICENSE
 }
 rabbitmq-c-devel_package() {
@ -22,7 +23,7 @@ rabbitmq-c-devel_package() {
 	pkg_install() {
 		vmove usr/include
 		vmove usr/lib/pkgconfig
-		vmove usr/lib/*.a
+		vmove "usr/lib/*.a"
-		vmove usr/lib/*.so
+		vmove "usr/lib/*.so"
 	}
 }