CVE-2019-18609.patch

@@ -0,0 +1,47 @@
+From fc85be7123050b91b054e45b91c78d3241a5047a Mon Sep 17 00:00:00 2001
+From: Alan Antonuk <alan.antonuk@gmail.com>
+Date: Sun, 3 Nov 2019 23:50:07 -0800
+Subject: [PATCH] lib: check frame_size is >= INT32_MAX
+
+When parsing a frame header, validate that the frame_size is less than
+or equal to INT32_MAX. Given frame_max is limited between 0 and
+INT32_MAX in amqp_login and friends, this does not change the API.
+
+This prevents a potential buffer overflow when a malicious client sends
+a frame_size that is close to UINT32_MAX, in which causes an overflow
+when computing state->target_size resulting in a small value there. A
+buffer is then allocated with the small amount, then memcopy copies the
+frame_size writing to memory beyond the end of the buffer.
+---
+ librabbitmq/amqp_connection.c | 15 ++++++++++++---
+ 1 file changed, 12 insertions(+), 3 deletions(-)
+
+diff --git a/librabbitmq/amqp_connection.c b/librabbitmq/amqp_connection.c
+index 034b2e96..b106f70a 100644
+--- a/librabbitmq/amqp_connection.c
++++ b/librabbitmq/amqp_connection.c
+@@ -287,12 +287,21 @@ int amqp_handle_input(amqp_connection_state_t state, amqp_bytes_t received_data,
+     case CONNECTION_STATE_HEADER: {
+       amqp_channel_t channel;
+       amqp_pool_t *channel_pool;
+-      /* frame length is 3 bytes in */
++      uint32_t frame_size;
++
+       channel = amqp_d16(amqp_offset(raw_frame, 1));
+ 
+-      state->target_size =
+-          amqp_d32(amqp_offset(raw_frame, 3)) + HEADER_SIZE + FOOTER_SIZE;
++      /* frame length is 3 bytes in */
++      frame_size = amqp_d32(amqp_offset(raw_frame, 3));
++      /* To prevent the target_size calculation below from overflowing, check
++       * that the stated frame_size is smaller than a signed 32-bit. Given
++       * the library only allows configuring frame_max as an int32_t, and
++       * frame_size is uint32_t, the math below is safe from overflow. */
++      if (frame_size >= INT32_MAX) {
++        return AMQP_STATUS_BAD_AMQP_DATA;
++      }
+ 
++      state->target_size = frame_size + HEADER_SIZE + FOOTER_SIZE;
+       if ((size_t)state->frame_max < state->target_size) {
+         return AMQP_STATUS_BAD_AMQP_DATA;
+       }

CVE-2023-35789.patch

@@ -1,127 +0,0 @@
-From 463054383fbeef889b409a7f843df5365288e2a0 Mon Sep 17 00:00:00 2001
-From: Christian Kastner <ckk@kvr.at>
-Date: Tue, 13 Jun 2023 14:21:52 +0200
-Subject: [PATCH] Add option to read username/password from file (#781)
-
-* Add option to read username/password from file
----
- tools/common.c | 66 ++++++++++++++++++++++++++++++++++++++++++++++++++
- 1 file changed, 66 insertions(+)
-
-diff --git a/tools/common.c b/tools/common.c
-index 73b47e25..7efe557b 100644
---- a/tools/common.c
-+++ b/tools/common.c
-@@ -18,6 +18,11 @@
- #include "compat.h"
- #endif
- 
-+/* For when reading auth data from a file */
-+#define MAXAUTHTOKENLEN 128
-+#define USERNAMEPREFIX "username:"
-+#define PASSWORDPREFIX "password:"
-+
- void die(const char *fmt, ...) {
-   va_list ap;
-   va_start(ap, fmt);
-@@ -125,6 +130,7 @@ static char *amqp_vhost;
- static char *amqp_username;
- static char *amqp_password;
- static int amqp_heartbeat = 0;
-+static char *amqp_authfile;
- #ifdef WITH_SSL
- static int amqp_ssl = 0;
- static char *amqp_cacert = "/etc/ssl/certs/cacert.pem";
-@@ -147,6 +153,8 @@ struct poptOption connect_options[] = {
-      "the password to login with", "password"},
-     {"heartbeat", 0, POPT_ARG_INT, &amqp_heartbeat, 0,
-      "heartbeat interval, set to 0 to disable", "heartbeat"},
-+    {"authfile", 0, POPT_ARG_STRING, &amqp_authfile, 0,
-+     "path to file containing username/password for authentication", "file"},
- #ifdef WITH_SSL
-     {"ssl", 0, POPT_ARG_NONE, &amqp_ssl, 0, "connect over SSL/TLS", NULL},
-     {"cacert", 0, POPT_ARG_STRING, &amqp_cacert, 0,
-@@ -158,6 +166,50 @@ struct poptOption connect_options[] = {
- #endif /* WITH_SSL */
-     {NULL, '\0', 0, NULL, 0, NULL, NULL}};
- 
-+void read_authfile(const char *path) {
-+  size_t n;
-+  FILE *fp = NULL;
-+  char token[MAXAUTHTOKENLEN];
-+
-+  if ((amqp_username = malloc(MAXAUTHTOKENLEN)) == NULL ||
-+      (amqp_password = malloc(MAXAUTHTOKENLEN)) == NULL) {
-+    die("Out of memory");
-+  } else if ((fp = fopen(path, "r")) == NULL) {
-+    die("Could not read auth data file %s", path);
-+  }
-+
-+  if (fgets(token, MAXAUTHTOKENLEN, fp) == NULL ||
-+      strncmp(token, USERNAMEPREFIX, strlen(USERNAMEPREFIX))) {
-+    die("Malformed auth file (missing username)");
-+  }
-+  strncpy(amqp_username, &token[strlen(USERNAMEPREFIX)], MAXAUTHTOKENLEN);
-+  /* Missing newline means token was cut off */
-+  n = strlen(amqp_username);
-+  if (amqp_username[n - 1] != '\n') {
-+    die("Username too long");
-+  } else {
-+    amqp_username[n - 1] = '\0';
-+  }
-+
-+  if (fgets(token, MAXAUTHTOKENLEN, fp) == NULL ||
-+      strncmp(token, PASSWORDPREFIX, strlen(PASSWORDPREFIX))) {
-+    die("Malformed auth file (missing password)");
-+  }
-+  strncpy(amqp_password, &token[strlen(PASSWORDPREFIX)], MAXAUTHTOKENLEN);
-+  /* Missing newline means token was cut off */
-+  n = strlen(amqp_password);
-+  if (amqp_password[n - 1] != '\n') {
-+    die("Password too long");
-+  } else {
-+    amqp_password[n - 1] = '\0';
-+  }
-+
-+  (void)fgetc(fp);
-+  if (!feof(fp)) {
-+    die("Malformed auth file (trailing data)");
-+  }
-+}
-+
- static void init_connection_info(struct amqp_connection_info *ci) {
-   ci->user = NULL;
-   ci->password = NULL;
-@@ -237,6 +289,8 @@ static void init_connection_info(struct amqp_connection_info *ci) {
-   if (amqp_username) {
-     if (amqp_url) {
-       die("--username and --url options cannot be used at the same time");
-+    } else if (amqp_authfile) {
-+      die("--username and --authfile options cannot be used at the same time");
-     }
- 
-     ci->user = amqp_username;
-@@ -245,11 +299,23 @@ static void init_connection_info(struct amqp_connection_info *ci) {
-   if (amqp_password) {
-     if (amqp_url) {
-       die("--password and --url options cannot be used at the same time");
-+    } else if (amqp_authfile) {
-+      die("--password and --authfile options cannot be used at the same time");
-     }
- 
-     ci->password = amqp_password;
-   }
- 
-+  if (amqp_authfile) {
-+    if (amqp_url) {
-+      die("--authfile and --url options cannot be used at the same time");
-+    }
-+
-+    read_authfile(amqp_authfile);
-+    ci->user = amqp_username;
-+    ci->password = amqp_password;
-+  }
-+
-   if (amqp_vhost) {
-     if (amqp_url) {
-       die("--vhost and --url options cannot be used at the same time");

backport-0001-Fix-instructions-for-default-build.patch

@@ -0,0 +1,26 @@
+From 1fa5f63e6ba34d6d29fea7db62fde1b2bf96d914 Mon Sep 17 00:00:00 2001
+From: Ross Cousens <rcousens@users.noreply.github.com>
+Date: Mon, 16 Jul 2018 10:18:04 +1000
+Subject: [PATCH] Fix instructions for default build
+
+The order of arguments were incorrect, --build must directly specify the directory afterwards.
+---
+ README.md | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/README.md b/README.md
+index 5255315..b7776c6 100644
+--- a/README.md
++++ b/README.md
+@@ -52,7 +52,7 @@ systems are:
+ 
+     mkdir build && cd build
+     cmake ..
+-    cmake --build [--config Release] .
++    cmake --build . [--config Release]
+ 
+ The --config Release flag should be used in multi-configuration generators e.g.,
+ Visual Studio or XCode.
+-- 
+2.37.3.windows.1
+

librabbitmq.spec

@@ -1,19 +1,20 @@
+%global git_commit 77e3805d1662034339c3c19bcdaaa62a56c1fa7e
+%global git_short_commit %(tmp=%{git_commit}; echo ${tmp:0:7})
 %global project_name rabbitmq-c
 
 Name:      librabbitmq
-
-Version:   0.13.0
-Release:   2
-
+Version:   0.9.0
+Release:   7
 Summary:   The AMQP client library
 License:   MIT
 URL:       https://github.com/alanxz/rabbitmq-c
 
-Source0:   https://github.com/alanxz/%{project_name}/archive/refs/tags/v%{version}.tar.gz
+Source0:   https://github.com/alanxz/%{project_name}/archive/%{git_commit}/%{project_name}-%{version}-%{git_short_commit}.tar.gz
+Patch0000: CVE-2019-18609.patch
 
-Patch0:    CVE-2023-35789.patch
+Patch6000: backport-0001-Fix-instructions-for-default-build.patch
 
-BuildRequires:	cmake > 3.12
+BuildRequires:	cmake > 2.8
 BuildRequires:	popt-devel > 1.14
 BuildRequires:	openssl-devel xmlto gcc
 Provides:		%{name}-tools
@@ -29,14 +30,18 @@ Requires:   %{name} = %{version}-%{release}
 %description devel
 Libraries and header files of %{name} are all in the %{name}-devel package.
 
-%package_help
+%package	help
+Summary:	Help manual for %{name}
+
+%description	help
+The %{name}-help package conatins man manual etc
 
 %prep
-%autosetup -n %{project_name}-%{version} -p1
+%autosetup -n %{project_name}-%{git_commit} -p1
 sed -e '/test_basic/d' -i tests/CMakeLists.txt
 
 %build
-%cmake -DBUILD_TOOLS:BOOL=ON -DBUILD_TOOLS_DOCS:BOOL=ON -DBUILD_STATIC_LIBS:BOOL=ON
+%cmake -DBUILD_TOOLS_DOCS:BOOL=ON -DBUILD_STATIC_LIBS:BOOL=ON
 %make_build
 
 %install
@@ -48,39 +53,22 @@ grep @ %{buildroot}%{_libdir}/pkgconfig/librabbitmq.pc && exit 1
 make test
 
 %files
-%license LICENSE AUTHORS
-%doc THANKS *.md
+%license LICENSE-MIT AUTHORS
+%doc THANKS TODO *.md
 %{_libdir}/%{name}.so.4*
-%{_libdir}/%{name}.so.%{version}
 %{_bindir}/amqp-*
-%{_libdir}/cmake/rabbitmq-c/*
 
 %files devel
 %{_libdir}/%{name}.so
 %{_includedir}/amqp*
-%{_includedir}/%{project_name}/*.h
 %{_libdir}/pkgconfig/%{name}.pc
 
 %files help
 %doc %{_mandir}/man1/amqp-*.1*
 %doc %{_mandir}/man7/librabbitmq-tools.7*
 
+
 %changelog
-* Mon Aug 19 2024 Zhenshu Dong <dongzhenshu@cqsoftware.com.cn> - 0.13.0-2
-- Replaced  declaration of help subpackage with the 'package_help' macro.
-
-* Thu Oct 12 2023 Ge Wang <wang__ge@126.com> - 0.13.0-1
-- Update to version 0.13.0
-
-* Fri Jun 30 2023 yaoxin <yao_xin001@hoperun.com> - 0.11.0-2
-- Fix CVE-2023-35789
-
-* Mon Jan 16 2023 dan <fzhang@zhixundn.com> 0.11.0-1
-- update to 0.11.0
-
-* Sat Jan 7 2023 mengwenhua <mengwenhua@xfusion.com> - 0.9.0-8
-- OpenSSL should ignore missing config file
-
 * Fri Jan 6 2023 mengwenhua <mengwenhua@xfusion.com> - 0.9.0-7
 - Type:bugfix
 - CVE:NA