Blame SPECS/http-parser.spec

63cc65
# we use the upstream version from http_parser.h as the SONAME
63cc65
%global somajor 2
63cc65
%global sominor 7
63cc65
%global sopoint 1
63cc65
63cc65
Name:           http-parser
63cc65
Version:        %{somajor}.%{sominor}.%{sopoint}
97452b
Release:        9%{?dist}
63cc65
Summary:        HTTP request/response parser for C
63cc65
63cc65
License:        MIT
63cc65
URL:            https://github.com/nodejs/http-parser
63cc65
Source0:        %{url}/archive/v%{version}/%{name}-%{version}.tar.gz
63cc65
63cc65
# https://github.com/nodejs/http-parser/commit/335850f6b868d3411968cbf5a4d59fe619dee36f
63cc65
Patch0001:      %{name}-0001-parser-HTTP_STATUS_MAP-XX-and-enum-http_status.patch
93e6fe
Patch0002:      CVE-2018-12121-backport.patch
93e6fe
Patch0003:      CVE-2018-7159-reject-interior-blanks-in-Content-Length-backport.patch
93e6fe
Patch0004:      CVE-2018-7159-Fix-Content-Lenght-with-obsolete-line-folding-backport.patch
93e6fe
Patch0005:      CVE-2018-7159-Dissallow-empty-Content-Length.patch
93e6fe
Patch0006:      cve-tests-backport.patch
ff68be
Patch0007:      CVE-2019-15605-HTTP-request-smuggling.patch
63cc65
63cc65
BuildRequires:  gcc
63cc65
BuildRequires:  cmake
63cc65
63cc65
%description
63cc65
This is a parser for HTTP messages written in C. It parses both requests and
63cc65
responses. The parser is designed to be used in performance HTTP applications.
63cc65
It does not make any syscalls nor allocations, it does not buffer data, it can
63cc65
be interrupted at anytime. Depending on your architecture, it only requires
63cc65
about 40 bytes of data per message stream (in a web server that is per
63cc65
connection).
63cc65
63cc65
%package devel
63cc65
Summary:        Development headers and libraries for http-parser
63cc65
Requires:       %{name}%{?_isa} = %{?epoch:%{epoch}:}%{version}-%{release}
63cc65
63cc65
%description devel
63cc65
Development headers and libraries for http-parser.
63cc65
63cc65
%prep
63cc65
%autosetup -p1
63cc65
# TODO: try to send upstream?
63cc65
cat > CMakeLists.txt << EOF
63cc65
cmake_minimum_required (VERSION 2.8.5)
63cc65
project (http-parser C)
63cc65
include (GNUInstallDirs)
63cc65
63cc65
set (SRCS http_parser.c)
63cc65
set (HDRS http_parser.h)
63cc65
set (TEST_SRCS test.c)
63cc65
63cc65
# Non-Strict version
63cc65
add_library (http_parser \${SRCS})
63cc65
target_compile_definitions (http_parser
63cc65
                            PUBLIC -DHTTP_PARSER_STRICT=0)
63cc65
add_executable (test-nonstrict \${TEST_SRCS})
63cc65
target_link_libraries (test-nonstrict http_parser)
63cc65
# Strict version
63cc65
add_library (http_parser_strict \${SRCS})
63cc65
target_compile_definitions (http_parser_strict
63cc65
                            PUBLIC -DHTTP_PARSER_STRICT=1)
63cc65
add_executable (test-strict \${TEST_SRCS})
63cc65
target_link_libraries (test-strict http_parser_strict)
63cc65
63cc65
set_target_properties (http_parser http_parser_strict
63cc65
                       PROPERTIES
63cc65
                           SOVERSION %{somajor}
63cc65
                           VERSION %{version})
63cc65
63cc65
install (TARGETS http_parser http_parser_strict
63cc65
         LIBRARY DESTINATION \${CMAKE_INSTALL_LIBDIR})
63cc65
install (FILES \${HDRS}
63cc65
         DESTINATION \${CMAKE_INSTALL_INCLUDEDIR})
63cc65
63cc65
enable_testing ()
63cc65
add_test (NAME test-nonstrict COMMAND test-nonstrict)
63cc65
add_test (NAME test-strict COMMAND test-strict)
63cc65
EOF
63cc65
63cc65
%build
63cc65
mkdir %{_target_platform}
63cc65
pushd %{_target_platform}
63cc65
  %cmake .. -DCMAKE_BUILD_TYPE=RelWithDebInfo
63cc65
popd
63cc65
%make_build -C %{_target_platform}
63cc65
63cc65
%install
63cc65
%make_install -C %{_target_platform}
63cc65
63cc65
%check
63cc65
make test -C %{_target_platform}
63cc65
63cc65
%post -p /sbin/ldconfig
63cc65
%postun -p /sbin/ldconfig
63cc65
63cc65
%files
63cc65
%{_libdir}/libhttp_parser.so.*
63cc65
%{_libdir}/libhttp_parser_strict.so.*
63cc65
%doc AUTHORS README.md
63cc65
%license LICENSE-MIT
63cc65
63cc65
%files devel
63cc65
%{_includedir}/http_parser.h
63cc65
%{_libdir}/libhttp_parser.so
63cc65
%{_libdir}/libhttp_parser_strict.so
63cc65
63cc65
%changelog
97452b
* Thu Mar 26 2020 Sergio Correia <scorreia@redhat.com> - 2.7.1-9
ff68be
- Do not break ABI with CVE-2019-15605 fix
ff68be
97452b
* Fri Feb 21 2020 Sergio Corrreia <scorreia@redhat.com> - 2.7.1-8.1
ff68be
- Resolves: CVE-2019-15605 http-parser: nodejs: HTTP request
ff68be
                           smuggling using malformed Transfer-Encoding header
ff68be
93e6fe
* Mon Apr  1 2019 Jakub Hrozek <jhrozek@redhat.com> - 2.7.1-8
93e6fe
- Backport needed test fixes
93e6fe
- Related: rhbz#1666024 - CVE-2018-7159 http-parser: nodejs: HTTP parser
93e6fe
                          allowed for spaces inside Content-Length header
93e6fe
                          values [rhel-7]
93e6fe
93e6fe
* Sat Mar 23 2019 Jakub Hrozek <jhrozek@redhat.com> - 2.7.1-7
93e6fe
- Resolves: rhbz#1666024 - CVE-2018-7159 http-parser: nodejs: HTTP parser
93e6fe
                           allowed for spaces inside Content-Length header
93e6fe
                           values [rhel-7]
93e6fe
93e6fe
* Fri Mar 22 2019 Jakub Hrozek <jhrozek@redhat.com> - 2.7.1-6
93e6fe
- Resolves: rhbz#1666381 - CVE-2018-12121 http-parser: nodejs: Denial of
93e6fe
                           Service with large HTTP headers [rhel-7]
93e6fe
6d471b
* Thu Aug 10 2017 Fabiano FidĂȘncio <fidencio@redhat.com> - 2.7.1-5
6d471b
- Bump http-parser release number to avoid people pulling EPEL package instead
6d471b
  of RHEL package
93e6fe
  Resolves: rhbz#1479471
6d471b
63cc65
* Wed Feb 01 2017 Fabiano FidĂȘncio <fidencio@redhat.com> - 2.7.1-1
63cc65
- Import spec file and patches from latest fc25 package
63cc65
  Resolves: rhbz#1393819