Blame SPECS/http-parser.spec

89295e
# we use the upstream version from http_parser.h as the SONAME
89295e
%global somajor 2
89295e
%global sominor 7
89295e
%global sopoint 1
89295e
89295e
Name:           http-parser
89295e
Version:        %{somajor}.%{sominor}.%{sopoint}
0b1276
Release:        9%{?dist}
89295e
Summary:        HTTP request/response parser for C
89295e
89295e
License:        MIT
89295e
URL:            https://github.com/nodejs/http-parser
89295e
Source0:        %{url}/archive/v%{version}/%{name}-%{version}.tar.gz
89295e
89295e
# https://github.com/nodejs/http-parser/commit/335850f6b868d3411968cbf5a4d59fe619dee36f
89295e
Patch0001:      %{name}-0001-parser-HTTP_STATUS_MAP-XX-and-enum-http_status.patch
89295e
Patch0002:      CVE-2018-12121-backport.patch
89295e
Patch0003:      CVE-2018-7159-reject-interior-blanks-in-Content-Length-backport.patch
89295e
Patch0004:      CVE-2018-7159-Fix-Content-Lenght-with-obsolete-line-folding-backport.patch
89295e
Patch0005:      CVE-2018-7159-Dissallow-empty-Content-Length.patch
89295e
Patch0006:      cve-tests-backport.patch
0b1276
Patch0007:      CVE-2019-15605-HTTP-request-smuggling.patch
89295e
89295e
BuildRequires:  gcc
89295e
BuildRequires:  cmake
89295e
89295e
%description
89295e
This is a parser for HTTP messages written in C. It parses both requests and
89295e
responses. The parser is designed to be used in performance HTTP applications.
89295e
It does not make any syscalls nor allocations, it does not buffer data, it can
89295e
be interrupted at anytime. Depending on your architecture, it only requires
89295e
about 40 bytes of data per message stream (in a web server that is per
89295e
connection).
89295e
89295e
%package devel
89295e
Summary:        Development headers and libraries for http-parser
89295e
Requires:       %{name}%{?_isa} = %{?epoch:%{epoch}:}%{version}-%{release}
89295e
89295e
%description devel
89295e
Development headers and libraries for http-parser.
89295e
89295e
%prep
89295e
%autosetup -p1
89295e
# TODO: try to send upstream?
89295e
cat > CMakeLists.txt << EOF
89295e
cmake_minimum_required (VERSION 2.8.5)
89295e
project (http-parser C)
89295e
include (GNUInstallDirs)
89295e
89295e
set (SRCS http_parser.c)
89295e
set (HDRS http_parser.h)
89295e
set (TEST_SRCS test.c)
89295e
89295e
# Non-Strict version
89295e
add_library (http_parser \${SRCS})
89295e
target_compile_definitions (http_parser
89295e
                            PUBLIC -DHTTP_PARSER_STRICT=0)
89295e
add_executable (test-nonstrict \${TEST_SRCS})
89295e
target_link_libraries (test-nonstrict http_parser)
89295e
# Strict version
89295e
add_library (http_parser_strict \${SRCS})
89295e
target_compile_definitions (http_parser_strict
89295e
                            PUBLIC -DHTTP_PARSER_STRICT=1)
89295e
add_executable (test-strict \${TEST_SRCS})
89295e
target_link_libraries (test-strict http_parser_strict)
89295e
89295e
set_target_properties (http_parser http_parser_strict
89295e
                       PROPERTIES
89295e
                           SOVERSION %{somajor}
89295e
                           VERSION %{version})
89295e
89295e
install (TARGETS http_parser http_parser_strict
89295e
         LIBRARY DESTINATION \${CMAKE_INSTALL_LIBDIR})
89295e
install (FILES \${HDRS}
89295e
         DESTINATION \${CMAKE_INSTALL_INCLUDEDIR})
89295e
89295e
enable_testing ()
89295e
add_test (NAME test-nonstrict COMMAND test-nonstrict)
89295e
add_test (NAME test-strict COMMAND test-strict)
89295e
EOF
89295e
89295e
%build
89295e
mkdir %{_target_platform}
89295e
pushd %{_target_platform}
89295e
  %cmake .. -DCMAKE_BUILD_TYPE=RelWithDebInfo
89295e
popd
89295e
%make_build -C %{_target_platform}
89295e
89295e
%install
89295e
%make_install -C %{_target_platform}
89295e
89295e
%check
89295e
make test -C %{_target_platform}
89295e
89295e
%post -p /sbin/ldconfig
89295e
%postun -p /sbin/ldconfig
89295e
89295e
%files
89295e
%{_libdir}/libhttp_parser.so.*
89295e
%{_libdir}/libhttp_parser_strict.so.*
89295e
%doc AUTHORS README.md
89295e
%license LICENSE-MIT
89295e
89295e
%files devel
89295e
%{_includedir}/http_parser.h
89295e
%{_libdir}/libhttp_parser.so
89295e
%{_libdir}/libhttp_parser_strict.so
89295e
89295e
%changelog
0b1276
* Thu Mar 26 2020 Sergio Correia <scorreia@redhat.com> - 2.7.1-9
0b1276
- Do not break ABI with CVE-2019-15605 fix
0b1276
0b1276
* Fri Feb 21 2020 Sergio Corrreia <scorreia@redhat.com> - 2.7.1-8.1
0b1276
- Resolves: CVE-2019-15605 http-parser: nodejs: HTTP request
0b1276
                           smuggling using malformed Transfer-Encoding header
0b1276
89295e
* Mon Apr  1 2019 Jakub Hrozek <jhrozek@redhat.com> - 2.7.1-8
89295e
- Backport needed test fixes
89295e
- Related: rhbz#1666024 - CVE-2018-7159 http-parser: nodejs: HTTP parser
89295e
                          allowed for spaces inside Content-Length header
89295e
                          values [rhel-7]
89295e
89295e
* Sat Mar 23 2019 Jakub Hrozek <jhrozek@redhat.com> - 2.7.1-7
89295e
- Resolves: rhbz#1666024 - CVE-2018-7159 http-parser: nodejs: HTTP parser
89295e
                           allowed for spaces inside Content-Length header
89295e
                           values [rhel-7]
89295e
89295e
* Fri Mar 22 2019 Jakub Hrozek <jhrozek@redhat.com> - 2.7.1-6
89295e
- Resolves: rhbz#1666381 - CVE-2018-12121 http-parser: nodejs: Denial of
89295e
                           Service with large HTTP headers [rhel-7]
89295e
89295e
* Thu Aug 10 2017 Fabiano FidĂȘncio <fidencio@redhat.com> - 2.7.1-5
89295e
- Bump http-parser release number to avoid people pulling EPEL package instead
89295e
  of RHEL package
89295e
  Resolves: rhbz#1479471
89295e
89295e
* Wed Feb 01 2017 Fabiano FidĂȘncio <fidencio@redhat.com> - 2.7.1-1
89295e
- Import spec file and patches from latest fc25 package
89295e
  Resolves: rhbz#1393819