|
|
89295e |
# we use the upstream version from http_parser.h as the SONAME
|
|
|
89295e |
%global somajor 2
|
|
|
89295e |
%global sominor 7
|
|
|
89295e |
%global sopoint 1
|
|
|
89295e |
|
|
|
89295e |
Name: http-parser
|
|
|
89295e |
Version: %{somajor}.%{sominor}.%{sopoint}
|
|
|
0b1276 |
Release: 9%{?dist}
|
|
|
89295e |
Summary: HTTP request/response parser for C
|
|
|
89295e |
|
|
|
89295e |
License: MIT
|
|
|
89295e |
URL: https://github.com/nodejs/http-parser
|
|
|
89295e |
Source0: %{url}/archive/v%{version}/%{name}-%{version}.tar.gz
|
|
|
89295e |
|
|
|
89295e |
# https://github.com/nodejs/http-parser/commit/335850f6b868d3411968cbf5a4d59fe619dee36f
|
|
|
89295e |
Patch0001: %{name}-0001-parser-HTTP_STATUS_MAP-XX-and-enum-http_status.patch
|
|
|
89295e |
Patch0002: CVE-2018-12121-backport.patch
|
|
|
89295e |
Patch0003: CVE-2018-7159-reject-interior-blanks-in-Content-Length-backport.patch
|
|
|
89295e |
Patch0004: CVE-2018-7159-Fix-Content-Lenght-with-obsolete-line-folding-backport.patch
|
|
|
89295e |
Patch0005: CVE-2018-7159-Dissallow-empty-Content-Length.patch
|
|
|
89295e |
Patch0006: cve-tests-backport.patch
|
|
|
0b1276 |
Patch0007: CVE-2019-15605-HTTP-request-smuggling.patch
|
|
|
89295e |
|
|
|
89295e |
BuildRequires: gcc
|
|
|
89295e |
BuildRequires: cmake
|
|
|
89295e |
|
|
|
89295e |
%description
|
|
|
89295e |
This is a parser for HTTP messages written in C. It parses both requests and
|
|
|
89295e |
responses. The parser is designed to be used in performance HTTP applications.
|
|
|
89295e |
It does not make any syscalls nor allocations, it does not buffer data, it can
|
|
|
89295e |
be interrupted at anytime. Depending on your architecture, it only requires
|
|
|
89295e |
about 40 bytes of data per message stream (in a web server that is per
|
|
|
89295e |
connection).
|
|
|
89295e |
|
|
|
89295e |
%package devel
|
|
|
89295e |
Summary: Development headers and libraries for http-parser
|
|
|
89295e |
Requires: %{name}%{?_isa} = %{?epoch:%{epoch}:}%{version}-%{release}
|
|
|
89295e |
|
|
|
89295e |
%description devel
|
|
|
89295e |
Development headers and libraries for http-parser.
|
|
|
89295e |
|
|
|
89295e |
%prep
|
|
|
89295e |
%autosetup -p1
|
|
|
89295e |
# TODO: try to send upstream?
|
|
|
89295e |
cat > CMakeLists.txt << EOF
|
|
|
89295e |
cmake_minimum_required (VERSION 2.8.5)
|
|
|
89295e |
project (http-parser C)
|
|
|
89295e |
include (GNUInstallDirs)
|
|
|
89295e |
|
|
|
89295e |
set (SRCS http_parser.c)
|
|
|
89295e |
set (HDRS http_parser.h)
|
|
|
89295e |
set (TEST_SRCS test.c)
|
|
|
89295e |
|
|
|
89295e |
# Non-Strict version
|
|
|
89295e |
add_library (http_parser \${SRCS})
|
|
|
89295e |
target_compile_definitions (http_parser
|
|
|
89295e |
PUBLIC -DHTTP_PARSER_STRICT=0)
|
|
|
89295e |
add_executable (test-nonstrict \${TEST_SRCS})
|
|
|
89295e |
target_link_libraries (test-nonstrict http_parser)
|
|
|
89295e |
# Strict version
|
|
|
89295e |
add_library (http_parser_strict \${SRCS})
|
|
|
89295e |
target_compile_definitions (http_parser_strict
|
|
|
89295e |
PUBLIC -DHTTP_PARSER_STRICT=1)
|
|
|
89295e |
add_executable (test-strict \${TEST_SRCS})
|
|
|
89295e |
target_link_libraries (test-strict http_parser_strict)
|
|
|
89295e |
|
|
|
89295e |
set_target_properties (http_parser http_parser_strict
|
|
|
89295e |
PROPERTIES
|
|
|
89295e |
SOVERSION %{somajor}
|
|
|
89295e |
VERSION %{version})
|
|
|
89295e |
|
|
|
89295e |
install (TARGETS http_parser http_parser_strict
|
|
|
89295e |
LIBRARY DESTINATION \${CMAKE_INSTALL_LIBDIR})
|
|
|
89295e |
install (FILES \${HDRS}
|
|
|
89295e |
DESTINATION \${CMAKE_INSTALL_INCLUDEDIR})
|
|
|
89295e |
|
|
|
89295e |
enable_testing ()
|
|
|
89295e |
add_test (NAME test-nonstrict COMMAND test-nonstrict)
|
|
|
89295e |
add_test (NAME test-strict COMMAND test-strict)
|
|
|
89295e |
EOF
|
|
|
89295e |
|
|
|
89295e |
%build
|
|
|
89295e |
mkdir %{_target_platform}
|
|
|
89295e |
pushd %{_target_platform}
|
|
|
89295e |
%cmake .. -DCMAKE_BUILD_TYPE=RelWithDebInfo
|
|
|
89295e |
popd
|
|
|
89295e |
%make_build -C %{_target_platform}
|
|
|
89295e |
|
|
|
89295e |
%install
|
|
|
89295e |
%make_install -C %{_target_platform}
|
|
|
89295e |
|
|
|
89295e |
%check
|
|
|
89295e |
make test -C %{_target_platform}
|
|
|
89295e |
|
|
|
89295e |
%post -p /sbin/ldconfig
|
|
|
89295e |
%postun -p /sbin/ldconfig
|
|
|
89295e |
|
|
|
89295e |
%files
|
|
|
89295e |
%{_libdir}/libhttp_parser.so.*
|
|
|
89295e |
%{_libdir}/libhttp_parser_strict.so.*
|
|
|
89295e |
%doc AUTHORS README.md
|
|
|
89295e |
%license LICENSE-MIT
|
|
|
89295e |
|
|
|
89295e |
%files devel
|
|
|
89295e |
%{_includedir}/http_parser.h
|
|
|
89295e |
%{_libdir}/libhttp_parser.so
|
|
|
89295e |
%{_libdir}/libhttp_parser_strict.so
|
|
|
89295e |
|
|
|
89295e |
%changelog
|
|
|
0b1276 |
* Thu Mar 26 2020 Sergio Correia <scorreia@redhat.com> - 2.7.1-9
|
|
|
0b1276 |
- Do not break ABI with CVE-2019-15605 fix
|
|
|
0b1276 |
|
|
|
0b1276 |
* Fri Feb 21 2020 Sergio Corrreia <scorreia@redhat.com> - 2.7.1-8.1
|
|
|
0b1276 |
- Resolves: CVE-2019-15605 http-parser: nodejs: HTTP request
|
|
|
0b1276 |
smuggling using malformed Transfer-Encoding header
|
|
|
0b1276 |
|
|
|
89295e |
* Mon Apr 1 2019 Jakub Hrozek <jhrozek@redhat.com> - 2.7.1-8
|
|
|
89295e |
- Backport needed test fixes
|
|
|
89295e |
- Related: rhbz#1666024 - CVE-2018-7159 http-parser: nodejs: HTTP parser
|
|
|
89295e |
allowed for spaces inside Content-Length header
|
|
|
89295e |
values [rhel-7]
|
|
|
89295e |
|
|
|
89295e |
* Sat Mar 23 2019 Jakub Hrozek <jhrozek@redhat.com> - 2.7.1-7
|
|
|
89295e |
- Resolves: rhbz#1666024 - CVE-2018-7159 http-parser: nodejs: HTTP parser
|
|
|
89295e |
allowed for spaces inside Content-Length header
|
|
|
89295e |
values [rhel-7]
|
|
|
89295e |
|
|
|
89295e |
* Fri Mar 22 2019 Jakub Hrozek <jhrozek@redhat.com> - 2.7.1-6
|
|
|
89295e |
- Resolves: rhbz#1666381 - CVE-2018-12121 http-parser: nodejs: Denial of
|
|
|
89295e |
Service with large HTTP headers [rhel-7]
|
|
|
89295e |
|
|
|
89295e |
* Thu Aug 10 2017 Fabiano FidĂȘncio <fidencio@redhat.com> - 2.7.1-5
|
|
|
89295e |
- Bump http-parser release number to avoid people pulling EPEL package instead
|
|
|
89295e |
of RHEL package
|
|
|
89295e |
Resolves: rhbz#1479471
|
|
|
89295e |
|
|
|
89295e |
* Wed Feb 01 2017 Fabiano FidĂȘncio <fidencio@redhat.com> - 2.7.1-1
|
|
|
89295e |
- Import spec file and patches from latest fc25 package
|
|
|
89295e |
Resolves: rhbz#1393819
|