%bcond_without check Name: http-parser Version: 2.8.0 Release: 5%{?dist}.2 Summary: HTTP request/response parser for C License: MIT URL: https://github.com/nodejs/http-parser Source0: %{url}/archive/v%{version}/%{name}-%{version}.tar.gz BuildRequires: meson BuildRequires: gcc Patch01: CVE-2018-7159.patch Patch02: CVE-2018-12121.patch Patch03: remove-unused-functions-from-test-runner.patch Patch04: CVE-2019-15605-HTTP-request-smuggling.patch %description This is a parser for HTTP messages written in C. It parses both requests and responses. The parser is designed to be used in performance HTTP applications. It does not make any syscalls nor allocations, it does not buffer data, it can be interrupted at anytime. Depending on your architecture, it only requires about 40 bytes of data per message stream (in a web server that is per connection). %package devel Summary: Development headers and libraries for http-parser Requires: %{name}%{?_isa} = %{?epoch:%{epoch}:}%{version}-%{release} %description devel Development headers and libraries for http-parser. %prep %setup -q %patch01 -p3 %patch02 -p1 %patch03 -p1 %patch04 -p1 # TODO: try to send upstream? cat > meson.build << EOF project('%{name}', 'c', version : '%{version}') install_headers('http_parser.h') foreach x : [['http_parser', ['-DHTTP_PARSER_STRICT=0']], ['http_parser_strict', ['-DHTTP_PARSER_STRICT=1']]] lib = library(x.get(0), 'http_parser.c', c_args : x.get(1), version : '%{version}', install : true) test('test-@0@'.format(x.get(0)), executable('test-@0@'.format(x.get(0)), 'test.c', c_args : x.get(1), link_with : lib), timeout : 60) endforeach EOF %build %meson %meson_build %install %meson_install %if %{with check} %check %meson_test %endif %ldconfig_scriptlets %files %license LICENSE-MIT %doc AUTHORS README.md %{_libdir}/libhttp_parser.so.* %{_libdir}/libhttp_parser_strict.so.* %files devel %{_includedir}/http_parser.h %{_libdir}/libhttp_parser.so %{_libdir}/libhttp_parser_strict.so %changelog * Wed Feb 26 2020 Sergio Correia - 2.8.0-5.2 - Do not break ABI with CVE-2019-15605 fix * Thu Feb 20 2020 Sergio Correia - 2.8.0-5.1 - Resolves: CVE-2019-15605 http-parser: nodejs: HTTP request smuggling using malformed Transfer-Encoding header * Mon Aug 12 2019 Sergio Correia - 2.8.0-5 - Resolves: rhbz#1686488: 'make test' fails with stringop-overflow error * Thu Aug 08 2019 Sergio Correia - 2.8.0-4 - Resolves: rhbz#1666382: CVE-2018-12121 http-parser: nodejs: Denial of Service with large HTTP headers [rhel-8] * Thu Apr 11 2019 Daniel Kopecek - 2.8.0-3 - spec: make the check phase conditional * Mon Dec 3 2018 Jakub Hrozek - 2.8.0-2 - Resolves: #rhbz1654223: CVE-2018-7159 http-parser: nodejs: HTTP parser allowed for spaces inside Content-Length header values [rhel-8] * Sat Feb 10 2018 Igor Gnatenko - 2.8.0-1 - Update to 2.8.0 - Switch to meson buildsystem * Wed Feb 07 2018 Fedora Release Engineering - 2.7.1-9 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild * Sat Feb 03 2018 Igor Gnatenko - 2.7.1-8 - Switch to %%ldconfig_scriptlets * Wed Aug 02 2017 Fedora Release Engineering - 2.7.1-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild * Wed Jul 26 2017 Fedora Release Engineering - 2.7.1-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild * Fri Feb 10 2017 Fedora Release Engineering - 2.7.1-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild * Mon Nov 21 2016 Igor Gnatenko - 2.7.1-4 - Use CMake buildsystem * Tue Oct 25 2016 Nathaniel McCallum - 2.7.1-3 - Add (upstreamed) status code patch * Tue Aug 16 2016 Stephen Gallagher - 2.7.1-2 - Upgrade to version 2.7.1 * Wed Feb 03 2016 Fedora Release Engineering - 2.6.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild * Tue Dec 01 2015 Stephen Gallagher 2.6.0-1 - Upgrade to version 2.6.0 - Change to new upstream at https://github.com/nodejs/http-parser/ * Wed Jun 17 2015 Fedora Release Engineering - 2.0-9.20121128gitcd01361 - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild * Sat May 02 2015 Kalev Lember - 2.0-8.20121128gitcd01361 - Rebuilt for GCC 5 C++11 ABI change * Sat Aug 16 2014 Fedora Release Engineering - 2.0-7.20121128gitcd01361 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild * Sat Jun 07 2014 Fedora Release Engineering - 2.0-6.20121128gitcd01361 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild * Sat Aug 03 2013 Fedora Release Engineering - 2.0-5.20121128gitcd01361 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild * Thu Feb 14 2013 Fedora Release Engineering - 2.0-4.20121128gitcd01361 - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild * Sun Dec 02 2012 T.C. Hollingsworth - 2.0-3.20121128gitcd01361 - latest git snapshot - fixes buffer overflow in tests * Tue Nov 27 2012 T.C. Hollingsworth - 2.0-2.20121110git245f6f0 - latest git snapshot - fixes tests - use SMP make flags - build as Release instead of Debug - ship new strict variant * Sat Oct 13 2012 T.C. Hollingsworth - 2.0-1 - new upstream release 2.0 - migrate to GYP buildsystem * Thu Jul 19 2012 Fedora Release Engineering - 1.0-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild * Fri Jan 13 2012 Fedora Release Engineering - 1.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild * Mon Aug 22 2011 T.C. Hollingsworth - 1.0-1 - New upstream release 1.0 - Remove patches, no longer needed for nodejs - Fix typo in -devel description - use github tarball instead of checkout * Wed Feb 09 2011 Fedora Release Engineering - 0.3-6.20100911git - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild * Tue Jan 11 2011 Lubomir Rintel - 0.3-5.20100911git - Add support for methods used by node.js * Thu Nov 4 2010 Dan Horák - 0.3-4.20100911git - build with -fsigned-char * Wed Sep 29 2010 jkeating - 0.3-3.20100911git - Rebuilt for gcc bug 634757 * Mon Sep 20 2010 Lubomir Rintel - 0.3-2.20100911git - Call ldconfig (Peter Lemenkov) * Fri Sep 17 2010 Lubomir Rintel - 0.3-1.20100911git - Initial packaging