From 8d6af64c0bb2a4e61c636b6b796821f1ceb24492 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Nov 03 2020 11:43:31 +0000 Subject: import librabbitmq-0.9.0-2.el8 --- diff --git a/SOURCES/rabbitmq-c-0.9.0-CVE-2019-18609.patch b/SOURCES/rabbitmq-c-0.9.0-CVE-2019-18609.patch new file mode 100644 index 0000000..9524be8 --- /dev/null +++ b/SOURCES/rabbitmq-c-0.9.0-CVE-2019-18609.patch @@ -0,0 +1,28 @@ +diff -up rabbitmq-c-0.9.0/librabbitmq/amqp_connection.c.CVE-2019-18609 rabbitmq-c-0.9.0/librabbitmq/amqp_connection.c +--- rabbitmq-c-0.9.0/librabbitmq/amqp_connection.c.CVE-2019-18609 2020-04-06 15:10:07.002386201 +0200 ++++ rabbitmq-c-0.9.0/librabbitmq/amqp_connection.c 2020-04-06 15:17:03.624425371 +0200 +@@ -287,12 +287,21 @@ int amqp_handle_input(amqp_connection_st + case CONNECTION_STATE_HEADER: { + amqp_channel_t channel; + amqp_pool_t *channel_pool; +- /* frame length is 3 bytes in */ ++ uint32_t frame_size; ++ + channel = amqp_d16(amqp_offset(raw_frame, 1)); + +- state->target_size = +- amqp_d32(amqp_offset(raw_frame, 3)) + HEADER_SIZE + FOOTER_SIZE; ++ /* frame length is 3 bytes in */ ++ frame_size = amqp_d32(amqp_offset(raw_frame, 3)); ++ /* To prevent the target_size calculation below from overflowing, check ++ * that the stated frame_size is smaller than a signed 32-bit. Given ++ * the library only allows configuring frame_max as an int32_t, and ++ * frame_size is uint32_t, the math below is safe from overflow. */ ++ if (frame_size >= INT32_MAX) { ++ return AMQP_STATUS_BAD_AMQP_DATA; ++ } + ++ state->target_size = frame_size + HEADER_SIZE + FOOTER_SIZE; + if ((size_t)state->frame_max < state->target_size) { + return AMQP_STATUS_BAD_AMQP_DATA; + } diff --git a/SPECS/librabbitmq.spec b/SPECS/librabbitmq.spec index b509462..2d9749a 100644 --- a/SPECS/librabbitmq.spec +++ b/SPECS/librabbitmq.spec @@ -10,10 +10,11 @@ Name: librabbitmq Summary: Client library for AMQP Version: 0.9.0 -Release: 1%{?dist} +Release: 2%{?dist} License: MIT URL: https://github.com/alanxz/rabbitmq-c Source0: https://github.com/alanxz/rabbitmq-c/archive/v%{version}.tar.gz +Patch0: rabbitmq-c-0.9.0-CVE-2019-18609.patch BuildRequires: gcc BuildRequires: cmake > 2.8 @@ -55,6 +56,7 @@ amqp-publish Publish a message on an AMQP server %prep %setup -q -n rabbitmq-c-%{version} +%patch0 -p1 -b .CVE-2019-18609 # Copy sources to be included in -devel docs. cp -pr examples Examples @@ -104,6 +106,9 @@ make test %changelog +* Mon Apr 06 2020 Than Ngo - 0.9.0-2 +- Resolves: #1809992, CVE-2019-18609 + * Thu Jun 28 2018 Than Ngo - 0.9.0-1 - update to 0.9.0