update to 0.11.0

CVE-2019-18609.patch

@@ -1,47 +0,0 @@
-From fc85be7123050b91b054e45b91c78d3241a5047a Mon Sep 17 00:00:00 2001
-From: Alan Antonuk <alan.antonuk@gmail.com>
-Date: Sun, 3 Nov 2019 23:50:07 -0800
-Subject: [PATCH] lib: check frame_size is >= INT32_MAX
-
-When parsing a frame header, validate that the frame_size is less than
-or equal to INT32_MAX. Given frame_max is limited between 0 and
-INT32_MAX in amqp_login and friends, this does not change the API.
-
-This prevents a potential buffer overflow when a malicious client sends
-a frame_size that is close to UINT32_MAX, in which causes an overflow
-when computing state->target_size resulting in a small value there. A
-buffer is then allocated with the small amount, then memcopy copies the
-frame_size writing to memory beyond the end of the buffer.
----
- librabbitmq/amqp_connection.c | 15 ++++++++++++---
- 1 file changed, 12 insertions(+), 3 deletions(-)
-
-diff --git a/librabbitmq/amqp_connection.c b/librabbitmq/amqp_connection.c
-index 034b2e96..b106f70a 100644
---- a/librabbitmq/amqp_connection.c
-+++ b/librabbitmq/amqp_connection.c
-@@ -287,12 +287,21 @@ int amqp_handle_input(amqp_connection_state_t state, amqp_bytes_t received_data,
-     case CONNECTION_STATE_HEADER: {
-       amqp_channel_t channel;
-       amqp_pool_t *channel_pool;
--      /* frame length is 3 bytes in */
-+      uint32_t frame_size;
-+
-       channel = amqp_d16(amqp_offset(raw_frame, 1));
- 
--      state->target_size =
--          amqp_d32(amqp_offset(raw_frame, 3)) + HEADER_SIZE + FOOTER_SIZE;
-+      /* frame length is 3 bytes in */
-+      frame_size = amqp_d32(amqp_offset(raw_frame, 3));
-+      /* To prevent the target_size calculation below from overflowing, check
-+       * that the stated frame_size is smaller than a signed 32-bit. Given
-+       * the library only allows configuring frame_max as an int32_t, and
-+       * frame_size is uint32_t, the math below is safe from overflow. */
-+      if (frame_size >= INT32_MAX) {
-+        return AMQP_STATUS_BAD_AMQP_DATA;
-+      }
- 
-+      state->target_size = frame_size + HEADER_SIZE + FOOTER_SIZE;
-       if ((size_t)state->frame_max < state->target_size) {
-         return AMQP_STATUS_BAD_AMQP_DATA;
-       }

backport-0001-Fix-instructions-for-default-build.patch

@@ -1,26 +0,0 @@
-From 1fa5f63e6ba34d6d29fea7db62fde1b2bf96d914 Mon Sep 17 00:00:00 2001
-From: Ross Cousens <rcousens@users.noreply.github.com>
-Date: Mon, 16 Jul 2018 10:18:04 +1000
-Subject: [PATCH] Fix instructions for default build
-
-The order of arguments were incorrect, --build must directly specify the directory afterwards.
----
- README.md | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/README.md b/README.md
-index 5255315..b7776c6 100644
---- a/README.md
-+++ b/README.md
-@@ -52,7 +52,7 @@ systems are:
- 
-     mkdir build && cd build
-     cmake ..
--    cmake --build [--config Release] .
-+    cmake --build . [--config Release]
- 
- The --config Release flag should be used in multi-configuration generators e.g.,
- Visual Studio or XCode.
--- 
-2.37.3.windows.1
-

backport-0001-OpenSSL-should-ignore-missing-config-file.patch

@@ -1,32 +0,0 @@
-From 23c8fd736abda6331e38ca045735d636390336f5 Mon Sep 17 00:00:00 2001
-From: Alan Antonuk <alan.antonuk@gmail.com>
-Date: Sat, 8 Sep 2018 11:48:35 -0700
-Subject: [PATCH] OpenSSL should ignore missing config file
-
-When initializing OpenSSL in v1.1.0 or later, tell OpenSSL to ignore
-missing openssl.cnf.
-
-Fixes #523
----
- librabbitmq/amqp_openssl.c | 5 +++--
- 1 file changed, 3 insertions(+), 2 deletions(-)
-
-diff --git a/librabbitmq/amqp_openssl.c b/librabbitmq/amqp_openssl.c
-index bcd5ba5..1fac25d 100644
---- a/librabbitmq/amqp_openssl.c
-+++ b/librabbitmq/amqp_openssl.c
-@@ -584,8 +584,9 @@ static int setup_openssl(void) {
-   CRYPTO_set_locking_callback(ssl_locking_callback);
- 
- #ifdef AMQP_OPENSSL_V110
--  if (CONF_modules_load_file(NULL, "rabbitmq-c", CONF_MFLAGS_DEFAULT_SECTION) <=
--      0) {
-+  if (CONF_modules_load_file(
-+          NULL, "rabbitmq-c",
-+          CONF_MFLAGS_DEFAULT_SECTION | CONF_MFLAGS_IGNORE_MISSING_FILE) <= 0) {
-     status = AMQP_STATUS_SSL_ERROR;
-     goto out;
-   }
--- 
-2.37.3.windows.1
-

librabbitmq.spec

@@ -1,19 +1,17 @@
-%global git_commit 77e3805d1662034339c3c19bcdaaa62a56c1fa7e
+%global git_commit a64c08c68aff34d49a2ac152f04988cd921084f9
 %global git_short_commit %(tmp=%{git_commit}; echo ${tmp:0:7})
 %global project_name rabbitmq-c
 
 Name:      librabbitmq
-Version:   0.9.0
-Release:   8
+
+Version:   0.11.0
+Release:   1
+
 Summary:   The AMQP client library
 License:   MIT
 URL:       https://github.com/alanxz/rabbitmq-c
 
 Source0:   https://github.com/alanxz/%{project_name}/archive/%{git_commit}/%{project_name}-%{version}-%{git_short_commit}.tar.gz
-Patch0000: CVE-2019-18609.patch
-
-Patch6000: backport-0001-Fix-instructions-for-default-build.patch
-Patch6001: backport-0001-OpenSSL-should-ignore-missing-config-file.patch
 
 BuildRequires:	cmake > 2.8
 BuildRequires:	popt-devel > 1.14
@@ -58,6 +56,7 @@ make test
 %doc THANKS TODO *.md
 %{_libdir}/%{name}.so.4*
 %{_bindir}/amqp-*
+%{_libdir}/cmake/rabbitmq-c/*
 
 %files devel
 %{_libdir}/%{name}.so
@@ -68,8 +67,10 @@ make test
 %doc %{_mandir}/man1/amqp-*.1*
 %doc %{_mandir}/man7/librabbitmq-tools.7*
 
-
 %changelog
+* Mon Jan 16 2023 dan <fzhang@zhixundn.com> 0.11.0-1
+- update to 0.11.0
+
 * Sat Jan 7 2023 mengwenhua <mengwenhua@xfusion.com> - 0.9.0-8
 - OpenSSL should ignore missing config file