Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package rabbitmq-c for openSUSE:Factory
checked in at 2024-04-15 20:18:03
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/rabbitmq-c (Old)
and /work/SRC/openSUSE:Factory/.rabbitmq-c.new.26366 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "rabbitmq-c"
Mon Apr 15 20:18:03 2024 rev:10 rq:1167750 version:0.14.0
Changes:
--------
--- /work/SRC/openSUSE:Factory/rabbitmq-c/rabbitmq-c.changes 2023-06-28
21:33:27.205893238 +0200
+++ /work/SRC/openSUSE:Factory/.rabbitmq-c.new.26366/rabbitmq-c.changes
2024-04-15 20:24:08.665181286 +0200
@@ -1,0 +2,23 @@
+Wed Apr 3 11:31:37 UTC 2024 - pgaj...@suse.com
+
+- version update to 0.14.0
+ ## v0.14.0 - 2024-03-18
+ ## Fixed
+ - Fix potential stackoverflow in decoding table and array
+ - Fix issue with Mach-O version (#758)
+ - Make dependency on OpenSSL in rabbitmq-c.cmake match what is built (#725)
+ - Fix pkg-config generation when CMAKE_INSTALL_DIR is absolute (#733)
+ - Fix issue with amqp_basic_publish blocking in non-blocking mode (#780)
+ - Fix SSL hostname check (#784)
+ - Fix bug in amqp-consume documentation #791
+ ## Changed
+ - CMake minimum version is now 3.22
+ - OpenSSL minimum version is now 1.1.1
+ - Minimum TLS version supported is v1.2 (v1.3 is also supported).
+ - OpenSSL ENGINE APIs are conditionally enabled based on availability
+ ## Added
+ - Add option to read username/password from file in tools (#781)
+ - Add amqp_ssl_socket_enable_default_verify_paths API to allow loading from
default certification paths
+ - rabbitmq-c can be compiled against BoringSSL (#814)
+
+-------------------------------------------------------------------
Old:
----
rabbitmq-c-0.13.0.tar.gz
New:
----
rabbitmq-c-0.14.0.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ rabbitmq-c.spec ++++++
--- /var/tmp/diff_new_pack.NIDlLW/_old 2024-04-15 20:24:09.097197193 +0200
+++ /var/tmp/diff_new_pack.NIDlLW/_new 2024-04-15 20:24:09.101197339 +0200
@@ -1,7 +1,7 @@
#
# spec file for package rabbitmq-c
#
-# Copyright (c) 2023 SUSE LLC
+# Copyright (c) 2024 SUSE LLC
# Copyright (c) 2012-2015 Remi Collet
#
# All modifications and additions to the file contributed by third parties
@@ -20,7 +20,7 @@
%global libname librabbitmq
%global majsonum 4
Name: rabbitmq-c
-Version: 0.13.0
+Version: 0.14.0
Release: 0
Summary: Client library for AMQP
License: MIT
++++++ rabbitmq-c-0.13.0.tar.gz -> rabbitmq-c-0.14.0.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/rabbitmq-c-0.13.0/.devcontainer/Dockerfile
new/rabbitmq-c-0.14.0/.devcontainer/Dockerfile
--- old/rabbitmq-c-0.13.0/.devcontainer/Dockerfile 1970-01-01
01:00:00.000000000 +0100
+++ new/rabbitmq-c-0.14.0/.devcontainer/Dockerfile 2024-03-23
20:23:35.000000000 +0100
@@ -0,0 +1,18 @@
+FROM mcr.microsoft.com/devcontainers/cpp:1-debian-12
+
+ARG REINSTALL_CMAKE_VERSION_FROM_SOURCE="3.28.1"
+
+# Optionally install the cmake for vcpkg
+COPY ./reinstall-cmake.sh /tmp/
+
+RUN if [ "${REINSTALL_CMAKE_VERSION_FROM_SOURCE}" != "none" ]; then \
+ chmod +x /tmp/reinstall-cmake.sh && /tmp/reinstall-cmake.sh
${REINSTALL_CMAKE_VERSION_FROM_SOURCE}; \
+ fi \
+ && rm -f /tmp/reinstall-cmake.sh
+
+# [Optional] Uncomment this section to install additional vcpkg ports.
+# RUN su vscode -c "${VCPKG_ROOT}/vcpkg install <your-port-name-here>"
+
+# [Optional] Uncomment this section to install additional packages.
+RUN apt-get update && export DEBIAN_FRONTEND=noninteractive \
+ && apt-get -y install --no-install-recommends libssl-dev libpopt-dev
clang-format clangd xmlto doxygen
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/rabbitmq-c-0.13.0/.devcontainer/devcontainer.json
new/rabbitmq-c-0.14.0/.devcontainer/devcontainer.json
--- old/rabbitmq-c-0.13.0/.devcontainer/devcontainer.json 1970-01-01
01:00:00.000000000 +0100
+++ new/rabbitmq-c-0.14.0/.devcontainer/devcontainer.json 2024-03-23
20:23:35.000000000 +0100
@@ -0,0 +1,26 @@
+// For format details, see https://aka.ms/devcontainer.json. For config
options, see the
+// README at: https://github.com/devcontainers/templates/tree/main/src/cpp
+{
+ "name": "C++",
+ "build": {
+ "dockerfile": "Dockerfile"
+ },
+ "features": {
+ "ghcr.io/itsmechlark/features/rabbitmq-server:1": {}
+ }
+
+ // Features to add to the dev container. More info:
https://containers.dev/features.
+ // "features": {},
+
+ // Use 'forwardPorts' to make a list of ports inside the container
available locally.
+ // "forwardPorts": [],
+
+ // Use 'postCreateCommand' to run commands after the container is
created.
+ // "postCreateCommand": "gcc -v",
+
+ // Configure tool-specific properties.
+ // "customizations": {},
+
+ // Uncomment to connect as root instead. More info:
https://aka.ms/dev-containers-non-root.
+ // "remoteUser": "root"
+}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/rabbitmq-c-0.13.0/.devcontainer/reinstall-cmake.sh
new/rabbitmq-c-0.14.0/.devcontainer/reinstall-cmake.sh
--- old/rabbitmq-c-0.13.0/.devcontainer/reinstall-cmake.sh 1970-01-01
01:00:00.000000000 +0100
+++ new/rabbitmq-c-0.14.0/.devcontainer/reinstall-cmake.sh 2024-03-23
20:23:35.000000000 +0100
@@ -0,0 +1,59 @@
+#!/usr/bin/env bash
+#-------------------------------------------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See
https://go.microsoft.com/fwlink/?linkid=2090316 for license information.
+#-------------------------------------------------------------------------------------------------------------
+#
+set -e
+
+CMAKE_VERSION=${1:-"none"}
+
+if [ "${CMAKE_VERSION}" = "none" ]; then
+ echo "No CMake version specified, skipping CMake reinstallation"
+ exit 0
+fi
+
+# Cleanup temporary directory and associated files when exiting the script.
+cleanup() {
+ EXIT_CODE=$?
+ set +e
+ if [[ -n "${TMP_DIR}" ]]; then
+ echo "Executing cleanup of tmp files"
+ rm -Rf "${TMP_DIR}"
+ fi
+ exit $EXIT_CODE
+}
+trap cleanup EXIT
+
+
+echo "Installing CMake..."
+apt-get -y purge --auto-remove cmake
+mkdir -p /opt/cmake
+
+architecture=$(dpkg --print-architecture)
+case "${architecture}" in
+ arm64)
+ ARCH=aarch64 ;;
+ amd64)
+ ARCH=x86_64 ;;
+ *)
+ echo "Unsupported architecture ${architecture}."
+ exit 1
+ ;;
+esac
+
+CMAKE_BINARY_NAME="cmake-${CMAKE_VERSION}-linux-${ARCH}.sh"
+CMAKE_CHECKSUM_NAME="cmake-${CMAKE_VERSION}-SHA-256.txt"
+TMP_DIR=$(mktemp -d -t cmake-XXXXXXXXXX)
+
+echo "${TMP_DIR}"
+cd "${TMP_DIR}"
+
+curl -sSL
"https://github.com/Kitware/CMake/releases/download/v${CMAKE_VERSION}/${CMAKE_BINARY_NAME}";
-O
+curl -sSL
"https://github.com/Kitware/CMake/releases/download/v${CMAKE_VERSION}/${CMAKE_CHECKSUM_NAME}";
-O
+
+sha256sum -c --ignore-missing "${CMAKE_CHECKSUM_NAME}"
+sh "${TMP_DIR}/${CMAKE_BINARY_NAME}" --prefix=/opt/cmake --skip-license
+
+ln -s /opt/cmake/bin/cmake /usr/local/bin/cmake
+ln -s /opt/cmake/bin/ctest /usr/local/bin/ctest
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/rabbitmq-c-0.13.0/.github/workflows/ci.yml
new/rabbitmq-c-0.14.0/.github/workflows/ci.yml
--- old/rabbitmq-c-0.13.0/.github/workflows/ci.yml 2023-02-06
01:31:11.000000000 +0100
+++ new/rabbitmq-c-0.14.0/.github/workflows/ci.yml 2024-03-23
20:23:35.000000000 +0100
@@ -37,7 +37,9 @@
submodules: true
- name: Install Prerequisites
shell: bash
- run: sudo apt install -y ninja-build libpopt-dev
+ run: |
+ sudo apt update
+ sudo apt install -y ninja-build libpopt-dev
- name: Configure Build & Test
shell: bash
@@ -65,8 +67,6 @@
- uses: actions/checkout@v2
with:
submodules: true
- - name: Install Prerequisites
- run: choco install openssl
- name: Configure Build & Test
shell: bash
run: |
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/rabbitmq-c-0.13.0/.github/workflows/cifuzz.yml
new/rabbitmq-c-0.14.0/.github/workflows/cifuzz.yml
--- old/rabbitmq-c-0.13.0/.github/workflows/cifuzz.yml 1970-01-01
01:00:00.000000000 +0100
+++ new/rabbitmq-c-0.14.0/.github/workflows/cifuzz.yml 2024-03-23
20:23:35.000000000 +0100
@@ -0,0 +1,32 @@
+name: CIFuzz
+on: [pull_request]
+jobs:
+ Fuzzing:
+ runs-on: ubuntu-latest
+ strategy:
+ fail-fast: false
+ matrix:
+ sanitizer: [address, undefined, memory]
+ steps:
+ - name: Build Fuzzers (${{ matrix.sanitizer }})
+ id: build
+ uses: google/oss-fuzz/infra/cifuzz/actions/build_fuzzers@master
+ with:
+ oss-fuzz-project-name: 'rabbitmq-c'
+ dry-run: false
+ language: c
+ sanitizer: ${{ matrix.sanitizer }}
+ - name: Run Fuzzers (${{ matrix.sanitizer }})
+ uses: google/oss-fuzz/infra/cifuzz/actions/run_fuzzers@master
+ with:
+ oss-fuzz-project-name: 'rabbitmq-c'
+ dry-run: false
+ language: c
+ fuzz-seconds: 300
+ sanitizer: ${{ matrix.sanitizer }}
+ - name: Upload Crash
+ uses: actions/upload-artifact@v1
+ if: failure() && steps.build.outcome == 'success'
+ with:
+ name: ${{ matrix.sanitizer }}-artifacts
+ path: ./out/artifacts
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/rabbitmq-c-0.13.0/.github/workflows/codeql-analysis.yml
new/rabbitmq-c-0.14.0/.github/workflows/codeql-analysis.yml
--- old/rabbitmq-c-0.13.0/.github/workflows/codeql-analysis.yml 2023-02-06
01:31:11.000000000 +0100
+++ new/rabbitmq-c-0.14.0/.github/workflows/codeql-analysis.yml 2024-03-23
20:23:35.000000000 +0100
@@ -28,7 +28,7 @@
uses: actions/checkout@v2
- name: Initialize CodeQL
- uses: github/codeql-action/init@v1
+ uses: github/codeql-action/init@v2
with:
languages: ${{ matrix.language }}
@@ -47,4 +47,4 @@
cmake --build build
- name: Perform CodeQL Analysis
- uses: github/codeql-action/analyze@v1
+ uses: github/codeql-action/analyze@v2
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/rabbitmq-c-0.13.0/CMakeLists.txt
new/rabbitmq-c-0.14.0/CMakeLists.txt
--- old/rabbitmq-c-0.13.0/CMakeLists.txt 2023-02-06 01:31:11.000000000
+0100
+++ new/rabbitmq-c-0.14.0/CMakeLists.txt 2024-03-23 20:23:35.000000000
+0100
@@ -1,7 +1,7 @@
# Copyright 2007 - 2021, Alan Antonuk and the rabbitmq-c contributors.
# SPDX-License-Identifier: mit
-cmake_minimum_required(VERSION 3.12...3.18)
+cmake_minimum_required(VERSION 3.22...3.26)
set(CMAKE_MODULE_PATH ${CMAKE_MODULE_PATH} ${CMAKE_CURRENT_SOURCE_DIR}/cmake)
@@ -13,9 +13,9 @@
# 3. If any interfaces have been added since the last public release, then
increment age.
# 4. If any interfaces have been removed since the last public release, then
set age to 0.
-set(RMQ_SOVERSION_CURRENT 9)
-set(RMQ_SOVERSION_REVISION 4)
-set(RMQ_SOVERSION_AGE 5)
+set(RMQ_SOVERSION_CURRENT 10)
+set(RMQ_SOVERSION_REVISION 0)
+set(RMQ_SOVERSION_AGE 6)
include(VersionFunctions)
get_library_version(RMQ_VERSION)
@@ -42,6 +42,7 @@
include(CheckSymbolExists)
include(CheckLibraryExists)
+include(CMakeDependentOption)
include(CMakePushCheckState)
include(GNUInstallDirs)
@@ -113,20 +114,32 @@
option(ENABLE_SSL_SUPPORT "Enable SSL support" ON)
if (ENABLE_SSL_SUPPORT)
- find_package(OpenSSL 1.1.1 REQUIRED)
+ # Manually check OpenSSL version because BoringSSL doesn't support version
checking via find_package
+ set(RMQ_OPENSSL_MIN_VERSION 1.1.1)
+ find_package(OpenSSL REQUIRED)
+ if(OPENSSL_VERSION) # Will be empty for BoringSSL
+ if(OPENSSL_VERSION VERSION_LESS RMQ_OPENSSL_MIN_VERSION)
+ MESSAGE(FATAL_ERROR "Found OpenSSL version ${OPENSSL_VERSION} but
${RMQ_OPENSSL_MIN_VERSION} or later is required")
+ endif()
+ endif()
cmake_push_check_state()
set(THREADS_PREFER_PTHREAD_FLAG ON)
find_package(Threads REQUIRED)
cmake_pop_check_state()
+
+ cmake_push_check_state()
+ set(CMAKE_REQUIRED_LIBRARIES OpenSSL::SSL)
+ check_symbol_exists(ENGINE_new openssl/engine.h HAS_OPENSSL_ENGINE)
+ cmake_pop_check_state()
+
+ cmake_dependent_option(ENABLE_SSL_ENGINE_API "Enable support for deprecated
OpenSSL ENGINE feature" ON "HAS_OPENSSL_ENGINE" OFF)
endif()
-if(CMAKE_PROJECT_NAME STREQUAL PROJECT_NAME)
+if(PROJECT_IS_TOP_LEVEL)
include(CTest)
endif()
-include(CMakeDependentOption)
-
option(BUILD_SHARED_LIBS "Build rabbitmq-c as a shared library" ON)
option(BUILD_STATIC_LIBS "Build rabbitmq-c as a static library" ON)
option(INSTALL_STATIC_LIBS "Install rabbitmq-c static library" ON)
@@ -144,14 +157,6 @@
set(targets_export_name rabbitmq-targets)
-if(BUILD_OSSFUZZ)
- if (NOT BUILD_STATIC_LIBS)
- message(FATAL_ERROR "OSS-FUZZ can only be built against static libraries "
"(set BUILD_STATIC_LIBS=ON)")
- endif ()
- SET(CMAKE_C_FLAGS "${CMAKE_C_FLAGS}")
- SET(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS}")
-endif ()
-
add_subdirectory(librabbitmq)
if(BUILD_EXAMPLES)
@@ -169,7 +174,7 @@
add_subdirectory(tools)
endif()
-if(CMAKE_PROJECT_NAME STREQUAL PROJECT_NAME AND BUILD_TESTING)
+if(PROJECT_IS_TOP_LEVEL AND BUILD_TESTING)
if (NOT BUILD_STATIC_LIBS)
message(FATAL_ERROR
"Tests can only be built against static libraries "
@@ -179,6 +184,9 @@
endif ()
if(BUILD_OSSFUZZ)
+ if (NOT BUILD_STATIC_LIBS)
+ message(FATAL_ERROR "OSS-FUZZ can only be built against static libraries "
"(set BUILD_STATIC_LIBS=ON)")
+ endif ()
add_subdirectory(fuzz)
endif ()
@@ -206,8 +214,8 @@
set(prefix ${CMAKE_INSTALL_PREFIX})
set(exec_prefix "\${prefix}")
-set(libdir "\${exec_prefix}/${CMAKE_INSTALL_LIBDIR}")
-set(includedir "\${prefix}/${CMAKE_INSTALL_INCLUDEDIR}")
+cmake_path(APPEND libdir "\${exec_prefix}" "${CMAKE_INSTALL_LIBDIR}")
+cmake_path(APPEND includedir "\${prefix}" "${CMAKE_INSTALL_INCLUDEDIR}")
configure_file(cmake/config.h.in
${CMAKE_CURRENT_BINARY_DIR}/librabbitmq/config.h)
configure_file(librabbitmq.pc.in ${CMAKE_CURRENT_BINARY_DIR}/librabbitmq.pc
@ONLY)
@@ -220,7 +228,7 @@
write_basic_package_version_file(
"${version_config}"
VERSION ${RMQ_VERSION}
- COMPATIBILITY AnyNewerVersion)
+ COMPATIBILITY SameMajorVersion)
configure_package_config_file(
"${CMAKE_CURRENT_SOURCE_DIR}/cmake/rabbitmq-c-config.cmake.in"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/rabbitmq-c-0.13.0/ChangeLog.md
new/rabbitmq-c-0.14.0/ChangeLog.md
--- old/rabbitmq-c-0.13.0/ChangeLog.md 2023-02-06 01:31:11.000000000 +0100
+++ new/rabbitmq-c-0.14.0/ChangeLog.md 2024-03-23 20:23:35.000000000 +0100
@@ -1,4 +1,25 @@
# Change Log
+## v0.14.0 - 2024-03-18
+## Fixed
+- Fix potential stackoverflow in decoding table and array
+- Fix issue with Mach-O version (#758)
+- Make dependency on OpenSSL in rabbitmq-c.cmake match what is built (#725)
+- Fix pkg-config generation when CMAKE_INSTALL_DIR is absolute (#733)
+- Fix issue with amqp_basic_publish blocking in non-blocking mode (#780)
+- Fix SSL hostname check (#784)
+- Fix bug in amqp-consume documentation #791
+
+## Changed
+- CMake minimum version is now 3.22
+- OpenSSL minimum version is now 1.1.1
+- Minimum TLS version supported is v1.2 (v1.3 is also supported).
+- OpenSSL ENGINE APIs are conditionally enabled based on availability
+
+## Added
+- Add option to read username/password from file in tools (#781)
+- Add amqp_ssl_socket_enable_default_verify_paths API to allow loading from
default certification paths
+- rabbitmq-c can be compiled against BoringSSL (#814)
+
## v0.13.0 - 2023-02-05
## Fixed
- Fixed missing option to not install static library (#665)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/rabbitmq-c-0.13.0/README.md
new/rabbitmq-c-0.14.0/README.md
--- old/rabbitmq-c-0.13.0/README.md 2023-02-06 01:31:11.000000000 +0100
+++ new/rabbitmq-c-0.14.0/README.md 2024-03-23 20:23:35.000000000 +0100
@@ -4,6 +4,10 @@
[](https://coveralls.io/github/alanxz/rabbitmq-c?branch=master)
+[](https://oss-fuzz-build-logs.storage.googleapis.com/index.html#rabbitmq-c)
+
+[](https://www.bestpractices.dev/projects/7001)
+
## Introduction
This is a C-language AMQP client library for use with v2.0+ of the
@@ -34,7 +38,7 @@
### Building and installing
#### Prereqs:
-- [CMake v3.12 or better](http://www.cmake.org/)
+- [CMake v3.22 or better](http://www.cmake.org/)
- A C compiler (GCC 4.4+, clang, and MSVC are test. Other compilers may also
work)
- *Optionally* [OpenSSL](http://www.openssl.org/) v1.1.1+ to enable support for
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/rabbitmq-c-0.13.0/cmake/config.h.in
new/rabbitmq-c-0.14.0/cmake/config.h.in
--- old/rabbitmq-c-0.13.0/cmake/config.h.in 2023-02-06 01:31:11.000000000
+0100
+++ new/rabbitmq-c-0.14.0/cmake/config.h.in 2024-03-23 20:23:35.000000000
+0100
@@ -7,4 +7,6 @@
#define AMQ_PLATFORM "@CMAKE_SYSTEM_NAME@"
+#cmakedefine ENABLE_SSL_ENGINE_API
+
#endif /* CONFIG_H */
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/rabbitmq-c-0.13.0/cmake/rabbitmq-c-config.cmake.in
new/rabbitmq-c-0.14.0/cmake/rabbitmq-c-config.cmake.in
--- old/rabbitmq-c-0.13.0/cmake/rabbitmq-c-config.cmake.in 2023-02-06
01:31:11.000000000 +0100
+++ new/rabbitmq-c-0.14.0/cmake/rabbitmq-c-config.cmake.in 2024-03-23
20:23:35.000000000 +0100
@@ -1,4 +1,17 @@
@PACKAGE_INIT@
+set(RMQ_USES_OPENSSL @ENABLE_SSL_SUPPORT@)
+
+include(CMakeFindDependencyMacro)
+
+if (RMQ_USES_OPENSSL)
+ find_dependency(OpenSSL REQUIRED)
+ if(OPENSSL_VERSION)
+ if(OPENSSL_VERSION VERSION_LESS RMQ_OPENSSL_MIN_VERSION)
+ MESSAGE(FATAL_ERROR "Found OpenSSL version @OPENSSL_VERSION@ but
@RMQ_OPENSSL_MIN_VERSION@ or later is required")
+ endif()
+ endif()
+endif ()
+
include(${CMAKE_CURRENT_LIST_DIR}/@targets_export_name@.cmake)
check_required_components(rabbitmq-c)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/rabbitmq-c-0.13.0/fuzz/fuzz_server.c
new/rabbitmq-c-0.14.0/fuzz/fuzz_server.c
--- old/rabbitmq-c-0.13.0/fuzz/fuzz_server.c 2023-02-06 01:31:11.000000000
+0100
+++ new/rabbitmq-c-0.14.0/fuzz/fuzz_server.c 2024-03-23 20:23:35.000000000
+0100
@@ -2,6 +2,7 @@
// SPDX-License-Identifier: mit
#include <arpa/inet.h>
+#include <errno.h>
#include <netinet/in.h>
#include <pthread.h>
#include <stdint.h>
@@ -24,45 +25,75 @@
};
typedef struct Fuzzer Fuzzer;
-#define PORT 8080
-#define kMinInputLength 9
+#define PORT 5672
+#define kMinInputLength 8
#define kMaxInputLength 1024
void client(Fuzzer *fuzzer);
void fuzzinit(Fuzzer *fuzzer) {
struct sockaddr_in server_addr;
+ int res;
fuzzer->socket = socket(AF_INET, SOCK_STREAM, 0);
+ if (fuzzer->socket == -1) {
+ fprintf(stderr, "socket failed %s\n", strerror(errno));
+ exit(1);
+ }
+ memset(&server_addr, 0, sizeof(server_addr));
server_addr.sin_family = AF_INET;
server_addr.sin_port = htons(fuzzer->port);
server_addr.sin_addr.s_addr = inet_addr("127.0.0.1");
- setsockopt(fuzzer->socket, SOL_SOCKET, SO_REUSEADDR, &(int){1}, sizeof(int));
- bind(fuzzer->socket, (struct sockaddr *)&server_addr, sizeof(server_addr));
- listen(fuzzer->socket, 1);
+ res = setsockopt(fuzzer->socket, SOL_SOCKET, SO_REUSEADDR, &(int){1},
sizeof(int));
+ if (res) {
+ fprintf(stderr, "setsockopt failed: %s\n", strerror(errno));
+ exit(1);
+ }
+
+ res = bind(fuzzer->socket, (struct sockaddr *)&server_addr,
sizeof(server_addr));
+ if (res) {
+ fprintf(stderr, "bind failed: %s\n", strerror(errno));
+ exit(1);
+ }
+ res = listen(fuzzer->socket, 1);
+ if (res) {
+ fprintf(stderr, "listen failed: %s\n", strerror(errno));
+ exit(1);
+ }
}
void *Server(void *args) {
Fuzzer *fuzzer = (Fuzzer *)args;
int client;
+ int res;
char clientData[10240];
- struct sockaddr_in clientAddr;
- uint32_t clientSZ = sizeof(clientAddr);
- client = accept(fuzzer->socket, (struct sockaddr *)&clientAddr, &clientSZ);
+ client = accept(fuzzer->socket, NULL, NULL);
+ if (client == -1) {
+ fprintf(stderr, "accept failed: %s\n", strerror(errno));
+ exit(1);
+ }
- recv(client, clientData, sizeof(clientData), 0);
- send(client, fuzzer->buffer, fuzzer->size, 0);
+ res = recv(client, clientData, sizeof(clientData), 0);
+ if (res == -1) {
+ fprintf(stderr, "recv failed: %s\n", strerror(errno));
+ exit(1);
+ }
+ res = send(client, fuzzer->buffer, fuzzer->size, 0);
+ if (res == -1) {
+ fprintf(stderr, "send failed: %s\n", strerror(errno));
+ exit(1);
+ }
- shutdown(client, SHUT_RDWR);
+ res = shutdown(client, SHUT_RDWR);
close(client);
-
- pthread_exit(NULL);
+ return NULL;
}
void clean(Fuzzer *fuzzer) {
shutdown(fuzzer->socket, SHUT_RDWR);
close(fuzzer->socket);
+ free(fuzzer->buffer);
free(fuzzer);
}
@@ -75,6 +106,10 @@
Fuzzer *fuzzer = (Fuzzer *)malloc(sizeof(Fuzzer));
fuzzer->port = PORT;
+ fuzzer->size = size;
+ fuzzer->buffer = malloc(fuzzer->size);
+ memcpy(fuzzer->buffer, data, size);
+
fuzzinit(fuzzer);
pthread_create(&fuzzer->thread, NULL, Server, fuzzer);
@@ -94,7 +129,7 @@
amqp_socket_t *socket = NULL;
amqp_connection_state_t conn;
- hostname = "localhost";
+ hostname = "127.0.0.1";
conn = amqp_new_connection();
@@ -104,7 +139,10 @@
}
status = amqp_socket_open(socket, hostname, fuzzer->port);
- if (status) {
+ if (status != AMQP_STATUS_OK) {
+ int sav_errno = errno;
+ fprintf(stderr, "amqp_socket_open failed: %s\n",
amqp_error_string2(status));
+ fprintf(stderr, "amqp_socket_open errno: %d: %s\n", sav_errno,
strerror(sav_errno));
exit(1);
}
@@ -112,4 +150,3 @@
amqp_destroy_connection(conn);
}
-
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/rabbitmq-c-0.13.0/fuzz/fuzz_table.c
new/rabbitmq-c-0.14.0/fuzz/fuzz_table.c
--- old/rabbitmq-c-0.13.0/fuzz/fuzz_table.c 2023-02-06 01:31:11.000000000
+0100
+++ new/rabbitmq-c-0.14.0/fuzz/fuzz_table.c 2024-03-23 20:23:35.000000000
+0100
@@ -13,7 +13,7 @@
extern int LLVMFuzzerTestOneInput(const char *data, size_t size) {
- int result;
+ int unused_result;
amqp_pool_t pool;
init_amqp_pool(&pool, 4096);
@@ -24,8 +24,9 @@
decoding_bytes.len = size;
decoding_bytes.bytes = (uint8_t *)data;
- result =
+ unused_result =
amqp_decode_table(decoding_bytes, &pool, &decoded, &decoding_offset);
}
- return result;
+ empty_amqp_pool(&pool);
+ return 0;
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/rabbitmq-c-0.13.0/fuzz/fuzz_url.c
new/rabbitmq-c-0.14.0/fuzz/fuzz_url.c
--- old/rabbitmq-c-0.13.0/fuzz/fuzz_url.c 2023-02-06 01:31:11.000000000
+0100
+++ new/rabbitmq-c-0.14.0/fuzz/fuzz_url.c 2024-03-23 20:23:35.000000000
+0100
@@ -4,14 +4,21 @@
#include <inttypes.h>
#include <stddef.h>
#include <stdint.h>
+#include <stdlib.h>
#include <string.h>
#include <rabbitmq-c/amqp.h>
extern int LLVMFuzzerTestOneInput(const char *data, size_t size) {
+ // amqp_parse_url expects null-terminated string that it can modify,
+ // LLVMFuzzer expects that data will not be modified and won't necessarily
+ // null terminate the string, so do that here.
+ char* in = malloc(size + 1);
+ memcpy(in, data, size);
+ in[size] = '\0';
struct amqp_connection_info ci;
- int res;
- res = amqp_parse_url((char *)data, &ci);
- return res;
+ amqp_parse_url(in, &ci);
+ free(in);
+ return 0;
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/rabbitmq-c-0.13.0/include/amqp.h
new/rabbitmq-c-0.14.0/include/amqp.h
--- old/rabbitmq-c-0.13.0/include/amqp.h 2023-02-06 01:31:11.000000000
+0100
+++ new/rabbitmq-c-0.14.0/include/amqp.h 2024-03-23 20:23:35.000000000
+0100
@@ -4,7 +4,11 @@
#ifndef AMQP_H
#define AMQP_H
-#warning "amqp.h is deprecated, use rabbitmq-c/amqp.h instead."
+#ifdef _MSC_VER
+# pragma message("warning: amqp.h is deprecated, use rabbitmq-c/amqp.h
instead.")
+#else
+# warning "amqp.h is deprecated, use rabbitmq-c/amqp.h instead."
+#endif
#include <rabbitmq-c/amqp.h>
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/rabbitmq-c-0.13.0/include/amqp_framing.h
new/rabbitmq-c-0.14.0/include/amqp_framing.h
--- old/rabbitmq-c-0.13.0/include/amqp_framing.h 2023-02-06
01:31:11.000000000 +0100
+++ new/rabbitmq-c-0.14.0/include/amqp_framing.h 2024-03-23
20:23:35.000000000 +0100
@@ -5,7 +5,11 @@
#ifndef AMQP_FRAMING_H
#define AMQP_FRAMING_H
-#warning "amqp_framing.h is deprecated, use rabbitmq-c/framing.h instead.
+#ifdef _MSC_VER
+# pragma message("warning: amqp_framing.h is deprecated, use
rabbitmq-c/framing.h instead.")
+#else
+# warning "amqp_framing.h is deprecated, use rabbitmq-c/framing.h instead."
+#endif
#include <rabbitmq-c/framing.h>
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/rabbitmq-c-0.13.0/include/amqp_ssl_socket.h
new/rabbitmq-c-0.14.0/include/amqp_ssl_socket.h
--- old/rabbitmq-c-0.13.0/include/amqp_ssl_socket.h 2023-02-06
01:31:11.000000000 +0100
+++ new/rabbitmq-c-0.14.0/include/amqp_ssl_socket.h 2024-03-23
20:23:35.000000000 +0100
@@ -6,7 +6,11 @@
#ifndef AMQP_SSL_H
#define AMQP_SSL_H
-#warning "amqp_ssl_socket.h is deprecated, use rabbitmq-c/ssl_socket.h instead.
+#ifdef _MSC_VER
+# pragma message("warning: amqp_ssl_socket.h is deprecated, use
rabbitmq-c/ssl_socket.h instead.")
+#else
+# warning "amqp_ssl_socket.h is deprecated, use rabbitmq-c/ssl_socket.h
instead."
+#endif
#include <rabbitmq-c/ssl_socket.h>
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/rabbitmq-c-0.13.0/include/amqp_tcp_socket.h
new/rabbitmq-c-0.14.0/include/amqp_tcp_socket.h
--- old/rabbitmq-c-0.13.0/include/amqp_tcp_socket.h 2023-02-06
01:31:11.000000000 +0100
+++ new/rabbitmq-c-0.14.0/include/amqp_tcp_socket.h 2024-03-23
20:23:35.000000000 +0100
@@ -4,7 +4,11 @@
#ifndef AMQP_TCP_SOCKET_H
#define AMQP_TCP_SOCKET_H
-#warning "amqp_tcp_socket.h is deprecated, use rabbitmq-c/tcp_socket.h
instead."
+#ifdef _MSC_VER
+# pragma message("warning: amqp_tcp_socket.h is deprecated, use
rabbitmq-c/tcp_socket.h instead.")
+#else
+# warning "amqp_tcp_socket.h is deprecated, use rabbitmq-c/tcp_socket.h
instead."
+#endif
#include <rabbitmq-c/tcp_socket.h>
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/rabbitmq-c-0.13.0/include/rabbitmq-c/amqp.h
new/rabbitmq-c-0.14.0/include/rabbitmq-c/amqp.h
--- old/rabbitmq-c-0.13.0/include/rabbitmq-c/amqp.h 2023-02-06
01:31:11.000000000 +0100
+++ new/rabbitmq-c-0.14.0/include/rabbitmq-c/amqp.h 2024-03-23
20:23:35.000000000 +0100
@@ -118,7 +118,7 @@
*/
#define AMQP_VERSION_MAJOR 0
-#define AMQP_VERSION_MINOR 13
+#define AMQP_VERSION_MINOR 14
#define AMQP_VERSION_PATCH 0
#define AMQP_VERSION_IS_RELEASE 1
@@ -670,7 +670,8 @@
certificate failed. */
AMQP_STATUS_SSL_CONNECTION_FAILED = -0x0203, /**< SSL handshake failed. */
AMQP_STATUS_SSL_SET_ENGINE_FAILED = -0x0204, /**< SSL setting engine failed
*/
- _AMQP_STATUS_SSL_NEXT_VALUE = -0x0205 /**< Internal value */
+ AMQP_STATUS_SSL_UNIMPLEMENTED = -0x0205, /**< SSL API is not implemented. */
+ _AMQP_STATUS_SSL_NEXT_VALUE = -0x0206 /**< Internal value */
} amqp_status_enum;
/**
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/rabbitmq-c-0.13.0/include/rabbitmq-c/ssl_socket.h
new/rabbitmq-c-0.14.0/include/rabbitmq-c/ssl_socket.h
--- old/rabbitmq-c-0.13.0/include/rabbitmq-c/ssl_socket.h 2023-02-06
01:31:11.000000000 +0100
+++ new/rabbitmq-c-0.14.0/include/rabbitmq-c/ssl_socket.h 2024-03-23
20:23:35.000000000 +0100
@@ -50,6 +50,19 @@
void *AMQP_CALL amqp_ssl_socket_get_context(amqp_socket_t *self);
/**
+ * Enable loading of the CA certificates from the default location.
+ *
+ * \param [in,out] self An SSL/TLS socket object.
+ *
+ * \return \ref AMQP_STATUS_OK on success an \ref amqp_status_enum value on
+ * failure.
+ *
+ * \since v0.14.0
+ */
+AMQP_EXPORT
+int AMQP_CALL amqp_ssl_socket_enable_default_verify_paths(amqp_socket_t *self);
+
+/**
* Set the CA certificate.
*
* \param [in,out] self An SSL/TLS socket object.
@@ -102,7 +115,8 @@
* \param [in] the key ID.
*
* \return \ref AMQP_STATUS_OK on success an \ref amqp_status_enum value on
- * failure.
+ * failure. May return \ref AMQP_STATUS_SSL_UNIMPLEMENTED if OpenSSL does
+ * not support the ENGINE API.
*
* \since v0.11.0
*/
@@ -189,6 +203,9 @@
* connecting to the broker. Set min == max to restrict to just that
* version.
*
+ * As of v0.14.0 the defaults are TLS v1.2 and TLS v1.3. TLS v1.1 and lower are
+ * no longer supported.
+ *
* \param [in,out] self An SSL/TLS socket object.
* \param [in] min the minimum acceptable TLS version
* \param [in] max the maxmium acceptable TLS version
@@ -262,7 +279,8 @@
* has been called.
*
* \param [in] engine the engine ID
- * \return AMQP_STATUS_OK on success.
+ * \return AMQP_STATUS_OK on success. May return \ref
AMQP_STATUS_SSL_UNIMPLEMENTED
+ * if OpenSSL does not support the ENGINE API.
*
* \since v0.11.0
*/
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/rabbitmq-c-0.13.0/librabbitmq/CMakeLists.txt
new/rabbitmq-c-0.14.0/librabbitmq/CMakeLists.txt
--- old/rabbitmq-c-0.13.0/librabbitmq/CMakeLists.txt 2023-02-06
01:31:11.000000000 +0100
+++ new/rabbitmq-c-0.14.0/librabbitmq/CMakeLists.txt 2024-03-23
20:23:35.000000000 +0100
@@ -90,6 +90,13 @@
SOVERSION ${RMQ_SOVERSION}
)
+ if (APPLE)
+ set_target_properties(rabbitmq PROPERTIES
+ MACHO_CURRENT_VERSION
${RMQ_SOVERSION}.${RMQ_SOVERSION_AGE}.${RMQ_SOVERSION_REVISION}
+ MACHO_COMPATIBILITY_VERSION ${RMQ_SOVERSION}
+ )
+ endif()
+
if (WIN32)
set_target_properties(rabbitmq PROPERTIES OUTPUT_NAME
rabbitmq.${RMQ_SOVERSION})
endif()
@@ -99,7 +106,7 @@
COMPONENT rabbitmq-c-runtime
LIBRARY DESTINATION ${CMAKE_INSTALL_LIBDIR}
COMPONENT rabbitmq-c-runtime
- NAMELINK_COMPONENT runtime-c-development
+ NAMELINK_COMPONENT rabbitmq-c-development
ARCHIVE DESTINATION ${CMAKE_INSTALL_LIBDIR}
COMPONENT rabbitmq-c-development
)
@@ -129,7 +136,15 @@
set_target_properties(rabbitmq-static PROPERTIES
VERSION ${RMQ_VERSION}
- SOVERSION ${RMQ_SOVERSION})
+ SOVERSION ${RMQ_SOVERSION}
+ )
+
+ if (APPLE)
+ set_target_properties(rabbitmq-static PROPERTIES
+ MACHO_CURRENT_VERSION
${RMQ_SOVERSION}.${RMQ_SOVERSION_AGE}.${RMQ_SOVERSION_REVISION}
+ MACHO_COMPATIBILITY_VERSION ${RMQ_SOVERSION}
+ )
+ endif()
if (WIN32)
set_target_properties(rabbitmq-static PROPERTIES OUTPUT_NAME
librabbitmq.${RMQ_SOVERSION})
@@ -137,11 +152,6 @@
set_target_properties(rabbitmq-static PROPERTIES OUTPUT_NAME rabbitmq)
endif()
- if(MSVC)
- # Embed debugging info in the library itself instead of generating a .pdb
file.
- set_target_properties(rabbitmq-static PROPERTIES COMPILE_OPTIONS "/Z7")
- endif()
-
if(INSTALL_STATIC_LIBS)
install(TARGETS rabbitmq-static EXPORT "${targets_export_name}"
ARCHIVE DESTINATION ${CMAKE_INSTALL_LIBDIR}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/rabbitmq-c-0.13.0/librabbitmq/amqp_api.c
new/rabbitmq-c-0.14.0/librabbitmq/amqp_api.c
--- old/rabbitmq-c-0.13.0/librabbitmq/amqp_api.c 2023-02-06
01:31:11.000000000 +0100
+++ new/rabbitmq-c-0.14.0/librabbitmq/amqp_api.c 2024-03-23
20:23:35.000000000 +0100
@@ -85,7 +85,9 @@
/* AMQP_STATUS_SSL_CONNECTION_FAILED -0x0203 */
"SSL handshake failed",
/* AMQP_STATUS_SSL_SET_ENGINE_FAILED -0x0204 */
- "SSL setting engine failed"};
+ "SSL setting engine failed",
+ /* AMQP_STATUS_SSL_UNIMPLEMENTED -0x0204 */
+ "SSL API is not implemented"};
static const char *unknown_error_string = "(unknown error)";
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/rabbitmq-c-0.13.0/librabbitmq/amqp_openssl.c
new/rabbitmq-c-0.14.0/librabbitmq/amqp_openssl.c
--- old/rabbitmq-c-0.13.0/librabbitmq/amqp_openssl.c 2023-02-06
01:31:11.000000000 +0100
+++ new/rabbitmq-c-0.14.0/librabbitmq/amqp_openssl.c 2024-03-23
20:23:35.000000000 +0100
@@ -9,8 +9,8 @@
#define _CRT_SECURE_NO_WARNINGS
#endif
-// Use OpenSSL v1.1.0 API.
-#define OPENSSL_API_COMPAT 10100
+// Use OpenSSL v1.1.1 API.
+#define OPENSSL_API_COMPAT 10101
#include "amqp_openssl_bio.h"
#include "amqp_private.h"
@@ -23,8 +23,11 @@
#include <limits.h>
#include <openssl/bio.h>
#include <openssl/conf.h>
+#ifdef ENABLE_SSL_ENGINE_API
#include <openssl/engine.h>
+#endif
#include <openssl/err.h>
+#include <openssl/rsa.h>
#include <openssl/ssl.h>
#include <openssl/x509v3.h>
#include <stdlib.h>
@@ -36,7 +39,9 @@
static pthread_mutex_t openssl_init_mutex = PTHREAD_MUTEX_INITIALIZER;
static amqp_boolean_t openssl_bio_initialized = 0;
static int openssl_connections = 0;
+#ifdef ENABLE_SSL_ENGINE_API
static ENGINE *openssl_engine = NULL;
+#endif
#define CHECK_SUCCESS(condition) \
do { \
@@ -233,7 +238,7 @@
goto error_out3;
}
- if (1 != X509_check_host(cert, host, 0,
+ if (1 != X509_check_host(cert, host, strlen(host),
X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS, NULL)) {
self->internal_error = 0;
status = AMQP_STATUS_SSL_HOSTNAME_VERIFY_FAILED;
@@ -327,14 +332,15 @@
goto error;
}
- self->ctx = SSL_CTX_new(SSLv23_client_method());
+ self->ctx = SSL_CTX_new(TLS_client_method());
if (!self->ctx) {
goto error;
}
- /* Disable SSLv2 and SSLv3 */
- SSL_CTX_set_options(self->ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3);
- amqp_ssl_socket_set_ssl_versions((amqp_socket_t *)self, AMQP_TLSv1_2,
- AMQP_TLSvLATEST);
+ status = amqp_ssl_socket_set_ssl_versions((amqp_socket_t *)self,
AMQP_TLSv1_2,
+ AMQP_TLSvLATEST);
+ if (status != AMQP_STATUS_OK) {
+ goto error;
+ }
SSL_CTX_set_mode(self->ctx, SSL_MODE_ENABLE_PARTIAL_WRITE);
/* OpenSSL v1.1.1 turns this on by default, which makes the non-blocking
@@ -356,6 +362,20 @@
return ((struct amqp_ssl_socket_t *)base)->ctx;
}
+int amqp_ssl_socket_enable_default_verify_paths(amqp_socket_t *base) {
+ int status;
+ struct amqp_ssl_socket_t *self;
+ if (base->klass != &amqp_ssl_socket_class) {
+ amqp_abort("<%p> is not of type amqp_ssl_socket_t", base);
+ }
+ self = (struct amqp_ssl_socket_t *)base;
+ status = SSL_CTX_set_default_verify_paths(self->ctx);
+ if (1 != status) {
+ return AMQP_STATUS_SSL_ERROR;
+ }
+ return AMQP_STATUS_OK;
+}
+
int amqp_ssl_socket_set_cacert(amqp_socket_t *base, const char *cacert) {
int status;
struct amqp_ssl_socket_t *self;
@@ -391,6 +411,7 @@
int amqp_ssl_socket_set_key_engine(amqp_socket_t *base, const char *cert,
const char *key) {
+#ifdef ENABLE_SSL_ENGINE_API
int status;
struct amqp_ssl_socket_t *self;
EVP_PKEY *pkey = NULL;
@@ -415,6 +436,9 @@
return AMQP_STATUS_SSL_ERROR;
}
return AMQP_STATUS_OK;
+#else
+ return AMQP_STATUS_SSL_UNIMPLEMENTED;
+#endif
}
static int password_cb(AMQP_UNUSED char *buffer, AMQP_UNUSED int length,
@@ -509,64 +533,52 @@
self->verify_hostname = verify;
}
+static int get_tls_version(amqp_tls_version_t ver, int *tls_version) {
+ switch (ver) {
+ case AMQP_TLSv1_2:
+ *tls_version = TLS1_2_VERSION;
+ break;
+ case AMQP_TLSv1_3:
+ case AMQP_TLSvLATEST:
+ *tls_version = TLS1_3_VERSION;
+ break;
+ default:
+ return AMQP_STATUS_UNSUPPORTED;
+ }
+ return AMQP_STATUS_OK;
+}
+
int amqp_ssl_socket_set_ssl_versions(amqp_socket_t *base,
amqp_tls_version_t min,
amqp_tls_version_t max) {
struct amqp_ssl_socket_t *self;
+ int min_ver;
+ int max_ver;
+ int status;
if (base->klass != &amqp_ssl_socket_class) {
amqp_abort("<%p> is not of type amqp_ssl_socket_t", base);
}
self = (struct amqp_ssl_socket_t *)base;
- {
- long clear_options;
- long set_options = 0;
-#if defined(SSL_OP_NO_TLSv1_3)
- amqp_tls_version_t max_supported = AMQP_TLSv1_3;
- clear_options = SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2 |
- SSL_OP_NO_TLSv1_3;
-#elif defined(SSL_OP_NO_TLSv1_2)
- amqp_tls_version_t max_supported = AMQP_TLSv1_2;
- clear_options = SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2;
-#else
-#error "Need a version of OpenSSL that can support TLSv1.2 or greater."
-#endif
-
- if (AMQP_TLSvLATEST == max) {
- max = max_supported;
- }
- if (AMQP_TLSvLATEST == min) {
- min = max_supported;
- }
+ if (max < min) {
+ return AMQP_STATUS_INVALID_PARAMETER;
+ }
- if (min > max) {
- return AMQP_STATUS_INVALID_PARAMETER;
- }
+ status = get_tls_version(min, &min_ver);
+ if (status != AMQP_STATUS_OK) {
+ return status;
+ }
- if (max > max_supported || min > max_supported) {
- return AMQP_STATUS_UNSUPPORTED;
- }
+ status = get_tls_version(max, &max_ver);
+ if (status != AMQP_STATUS_OK) {
+ return status;
+ }
- if (min > AMQP_TLSv1) {
- set_options |= SSL_OP_NO_TLSv1;
- }
-#ifdef SSL_OP_NO_TLSv1_1
- if (min > AMQP_TLSv1_1 || max < AMQP_TLSv1_1) {
- set_options |= SSL_OP_NO_TLSv1_1;
- }
-#endif
-#ifdef SSL_OP_NO_TLSv1_2
- if (max < AMQP_TLSv1_2) {
- set_options |= SSL_OP_NO_TLSv1_2;
- }
-#endif
-#ifdef SSL_OP_NO_TLSv1_3
- if (max < AMQP_TLSv1_3) {
- set_options |= SSL_OP_NO_TLSv1_3;
- }
-#endif
- SSL_CTX_clear_options(self->ctx, clear_options);
- SSL_CTX_set_options(self->ctx, set_options);
+ if (!SSL_CTX_set_min_proto_version(self->ctx, min_ver)) {
+ return AMQP_STATUS_INVALID_PARAMETER;
+ }
+ if (!SSL_CTX_set_max_proto_version(self->ctx, max_ver)) {
+ return AMQP_STATUS_INVALID_PARAMETER;
}
return AMQP_STATUS_OK;
@@ -580,6 +592,7 @@
int amqp_initialize_ssl_library(void) { return AMQP_STATUS_OK; }
int amqp_set_ssl_engine(const char *engine) {
+#ifdef ENABLE_SSL_ENGINE_API
int status = AMQP_STATUS_OK;
CHECK_SUCCESS(pthread_mutex_lock(&openssl_init_mutex));
@@ -609,6 +622,9 @@
out:
CHECK_SUCCESS(pthread_mutex_unlock(&openssl_init_mutex));
return status;
+#else
+ return AMQP_STATUS_SSL_UNIMPLEMENTED;
+#endif
}
static int initialize_ssl_and_increment_connections() {
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/rabbitmq-c-0.13.0/librabbitmq/amqp_openssl_bio.c
new/rabbitmq-c-0.14.0/librabbitmq/amqp_openssl_bio.c
--- old/rabbitmq-c-0.13.0/librabbitmq/amqp_openssl_bio.c 2023-02-06
01:31:11.000000000 +0100
+++ new/rabbitmq-c-0.14.0/librabbitmq/amqp_openssl_bio.c 2024-03-23
20:23:35.000000000 +0100
@@ -108,7 +108,15 @@
if (!(amqp_bio_method = BIO_meth_new(BIO_TYPE_SOCKET, "amqp_bio_method"))) {
return AMQP_STATUS_NO_MEMORY;
}
-
+#ifdef OPENSSL_IS_BORINGSSL
+ BIO_meth_set_create(amqp_bio_method, BIO_s_socket()->create);
+ BIO_meth_set_destroy(amqp_bio_method, BIO_s_socket()->destroy);
+ BIO_meth_set_ctrl(amqp_bio_method, BIO_s_socket()->ctrl);
+ BIO_meth_set_read(amqp_bio_method, BIO_s_socket()->bread);
+ BIO_meth_set_write(amqp_bio_method, BIO_s_socket()->bwrite);
+ BIO_meth_set_gets(amqp_bio_method, BIO_s_socket()->bgets);
+ BIO_meth_set_puts(amqp_bio_method, BIO_s_socket()->bputs);
+#else
BIO_meth_set_create(amqp_bio_method, BIO_meth_get_create(BIO_s_socket()));
BIO_meth_set_destroy(amqp_bio_method, BIO_meth_get_destroy(BIO_s_socket()));
BIO_meth_set_ctrl(amqp_bio_method, BIO_meth_get_ctrl(BIO_s_socket()));
@@ -118,6 +126,7 @@
BIO_meth_set_write(amqp_bio_method, BIO_meth_get_write(BIO_s_socket()));
BIO_meth_set_gets(amqp_bio_method, BIO_meth_get_gets(BIO_s_socket()));
BIO_meth_set_puts(amqp_bio_method, BIO_meth_get_puts(BIO_s_socket()));
+#endif
BIO_meth_set_write(amqp_bio_method, amqp_openssl_bio_write);
BIO_meth_set_read(amqp_bio_method, amqp_openssl_bio_read);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/rabbitmq-c-0.13.0/librabbitmq/amqp_openssl_bio.h
new/rabbitmq-c-0.14.0/librabbitmq/amqp_openssl_bio.h
--- old/rabbitmq-c-0.13.0/librabbitmq/amqp_openssl_bio.h 2023-02-06
01:31:11.000000000 +0100
+++ new/rabbitmq-c-0.14.0/librabbitmq/amqp_openssl_bio.h 2024-03-23
20:23:35.000000000 +0100
@@ -4,8 +4,8 @@
#ifndef AMQP_OPENSSL_BIO
#define AMQP_OPENSSL_BIO
-// Use OpenSSL v1.1.0 API.
-#define OPENSSL_API_COMPAT 10100
+// Use OpenSSL v1.1.1 API.
+#define OPENSSL_API_COMPAT 10101
#include <openssl/bio.h>
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/rabbitmq-c-0.13.0/librabbitmq/amqp_socket.c
new/rabbitmq-c-0.14.0/librabbitmq/amqp_socket.c
--- old/rabbitmq-c-0.13.0/librabbitmq/amqp_socket.c 2023-02-06
01:31:11.000000000 +0100
+++ new/rabbitmq-c-0.14.0/librabbitmq/amqp_socket.c 2024-03-23
20:23:35.000000000 +0100
@@ -729,7 +729,7 @@
state->last_queued_frame = link;
}
}
- res = amqp_time_s_from_now(&timeout, 0);
+ res = amqp_time_from_now(&timeout, &(struct timeval){0});
if (AMQP_STATUS_OK != res) {
return res;
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/rabbitmq-c-0.13.0/librabbitmq/amqp_table.c
new/rabbitmq-c-0.14.0/librabbitmq/amqp_table.c
--- old/rabbitmq-c-0.13.0/librabbitmq/amqp_table.c 2023-02-06
01:31:11.000000000 +0100
+++ new/rabbitmq-c-0.14.0/librabbitmq/amqp_table.c 2024-03-23
20:23:35.000000000 +0100
@@ -15,9 +15,11 @@
#define INITIAL_ARRAY_SIZE 16
#define INITIAL_TABLE_SIZE 16
+#define TABLE_DEPTH_LIMIT 100
static int amqp_decode_field_value(amqp_bytes_t encoded, amqp_pool_t *pool,
- amqp_field_value_t *entry, size_t *offset);
+ amqp_field_value_t *entry, size_t *offset,
+ int depth);
static int amqp_encode_field_value(amqp_bytes_t encoded,
amqp_field_value_t *entry, size_t *offset);
@@ -25,7 +27,7 @@
/*---------------------------------------------------------------------------*/
static int amqp_decode_array(amqp_bytes_t encoded, amqp_pool_t *pool,
- amqp_array_t *output, size_t *offset) {
+ amqp_array_t *output, size_t *offset, int depth) {
uint32_t arraysize;
int num_entries = 0;
int allocated_entries = INITIAL_ARRAY_SIZE;
@@ -61,7 +63,8 @@
entries = newentries;
}
- res = amqp_decode_field_value(encoded, pool, &entries[num_entries],
offset);
+ res = amqp_decode_field_value(encoded, pool, &entries[num_entries], offset,
+ depth);
if (res < 0) {
goto out;
}
@@ -90,8 +93,9 @@
return res;
}
-int amqp_decode_table(amqp_bytes_t encoded, amqp_pool_t *pool,
- amqp_table_t *output, size_t *offset) {
+static int amqp_decode_table_internal(amqp_bytes_t encoded, amqp_pool_t *pool,
+ amqp_table_t *output, size_t *offset,
+ int depth) {
uint32_t tablesize;
int num_entries = 0;
amqp_table_entry_t *entries;
@@ -141,7 +145,7 @@
}
res = amqp_decode_field_value(encoded, pool, &entries[num_entries].value,
- offset);
+ offset, depth);
if (res < 0) {
goto out;
}
@@ -170,10 +174,20 @@
return res;
}
+int amqp_decode_table(amqp_bytes_t encoded, amqp_pool_t *pool,
+ amqp_table_t *output, size_t *offset) {
+ return amqp_decode_table_internal(encoded, pool, output, offset, 0);
+}
+
static int amqp_decode_field_value(amqp_bytes_t encoded, amqp_pool_t *pool,
- amqp_field_value_t *entry, size_t *offset) {
+ amqp_field_value_t *entry, size_t *offset,
+ int depth) {
int res = AMQP_STATUS_BAD_AMQP_DATA;
+ if (depth > TABLE_DEPTH_LIMIT) {
+ return AMQP_STATUS_BAD_AMQP_DATA;
+ }
+
if (!amqp_decode_8(encoded, offset, &entry->kind)) {
goto out;
}
@@ -242,14 +256,16 @@
}
case AMQP_FIELD_KIND_ARRAY:
- res = amqp_decode_array(encoded, pool, &(entry->value.array), offset);
+ res = amqp_decode_array(encoded, pool, &(entry->value.array), offset,
+ depth + 1);
goto out;
case AMQP_FIELD_KIND_TIMESTAMP:
TRIVIAL_FIELD_DECODER(64);
case AMQP_FIELD_KIND_TABLE:
- res = amqp_decode_table(encoded, pool, &(entry->value.table), offset);
+ res = amqp_decode_table_internal(encoded, pool, &(entry->value.table),
+ offset, depth + 1);
goto out;
case AMQP_FIELD_KIND_VOID:
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/rabbitmq-c-0.13.0/tools/common.c
new/rabbitmq-c-0.14.0/tools/common.c
--- old/rabbitmq-c-0.13.0/tools/common.c 2023-02-06 01:31:11.000000000
+0100
+++ new/rabbitmq-c-0.14.0/tools/common.c 2024-03-23 20:23:35.000000000
+0100
@@ -18,6 +18,11 @@
#include "compat.h"
#endif
+/* For when reading auth data from a file */
+#define MAXAUTHTOKENLEN 128
+#define USERNAMEPREFIX "username:"
+#define PASSWORDPREFIX "password:"
+
void die(const char *fmt, ...) {
va_list ap;
va_start(ap, fmt);
@@ -125,6 +130,7 @@
static char *amqp_username;
static char *amqp_password;
static int amqp_heartbeat = 0;
+static char *amqp_authfile;
#ifdef WITH_SSL
static int amqp_ssl = 0;
static char *amqp_cacert = "/etc/ssl/certs/cacert.pem";
@@ -147,6 +153,8 @@
"the password to login with", "password"},
{"heartbeat", 0, POPT_ARG_INT, &amqp_heartbeat, 0,
"heartbeat interval, set to 0 to disable", "heartbeat"},
+ {"authfile", 0, POPT_ARG_STRING, &amqp_authfile, 0,
+ "path to file containing username/password for authentication", "file"},
#ifdef WITH_SSL
{"ssl", 0, POPT_ARG_NONE, &amqp_ssl, 0, "connect over SSL/TLS", NULL},
{"cacert", 0, POPT_ARG_STRING, &amqp_cacert, 0,
@@ -158,6 +166,50 @@
#endif /* WITH_SSL */
{NULL, '\0', 0, NULL, 0, NULL, NULL}};
+void read_authfile(const char *path) {
+ size_t n;
+ FILE *fp = NULL;
+ char token[MAXAUTHTOKENLEN];
+
+ if ((amqp_username = malloc(MAXAUTHTOKENLEN)) == NULL ||
+ (amqp_password = malloc(MAXAUTHTOKENLEN)) == NULL) {
+ die("Out of memory");
+ } else if ((fp = fopen(path, "r")) == NULL) {
+ die("Could not read auth data file %s", path);
+ }
+
+ if (fgets(token, MAXAUTHTOKENLEN, fp) == NULL ||
+ strncmp(token, USERNAMEPREFIX, strlen(USERNAMEPREFIX))) {
+ die("Malformed auth file (missing username)");
+ }
+ strncpy(amqp_username, &token[strlen(USERNAMEPREFIX)], MAXAUTHTOKENLEN);
+ /* Missing newline means token was cut off */
+ n = strlen(amqp_username);
+ if (amqp_username[n - 1] != '\n') {
+ die("Username too long");
+ } else {
+ amqp_username[n - 1] = '\0';
+ }
+
+ if (fgets(token, MAXAUTHTOKENLEN, fp) == NULL ||
+ strncmp(token, PASSWORDPREFIX, strlen(PASSWORDPREFIX))) {
+ die("Malformed auth file (missing password)");
+ }
+ strncpy(amqp_password, &token[strlen(PASSWORDPREFIX)], MAXAUTHTOKENLEN);
+ /* Missing newline means token was cut off */
+ n = strlen(amqp_password);
+ if (amqp_password[n - 1] != '\n') {
+ die("Password too long");
+ } else {
+ amqp_password[n - 1] = '\0';
+ }
+
+ (void)fgetc(fp);
+ if (!feof(fp)) {
+ die("Malformed auth file (trailing data)");
+ }
+}
+
static void init_connection_info(struct amqp_connection_info *ci) {
ci->user = NULL;
ci->password = NULL;
@@ -237,6 +289,8 @@
if (amqp_username) {
if (amqp_url) {
die("--username and --url options cannot be used at the same time");
+ } else if (amqp_authfile) {
+ die("--username and --authfile options cannot be used at the same time");
}
ci->user = amqp_username;
@@ -245,11 +299,23 @@
if (amqp_password) {
if (amqp_url) {
die("--password and --url options cannot be used at the same time");
+ } else if (amqp_authfile) {
+ die("--password and --authfile options cannot be used at the same time");
}
ci->password = amqp_password;
}
+ if (amqp_authfile) {
+ if (amqp_url) {
+ die("--authfile and --url options cannot be used at the same time");
+ }
+
+ read_authfile(amqp_authfile);
+ ci->user = amqp_username;
+ ci->password = amqp_password;
+ }
+
if (amqp_vhost) {
if (amqp_url) {
die("--vhost and --url options cannot be used at the same time");
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/rabbitmq-c-0.13.0/tools/doc/amqp-consume.xml
new/rabbitmq-c-0.14.0/tools/doc/amqp-consume.xml
--- old/rabbitmq-c-0.13.0/tools/doc/amqp-consume.xml 2023-02-06
01:31:11.000000000 +0100
+++ new/rabbitmq-c-0.14.0/tools/doc/amqp-consume.xml 2024-03-23
20:23:35.000000000 +0100
@@ -194,7 +194,7 @@
output the message bodies on standard output via
<command>cat</command>:</term>
<listitem>
- <screen><prompt>$ </prompt><userinput>amqp-publish -q
myqueue cat</userinput></screen>
+ <screen><prompt>$ </prompt><userinput>amqp-consume -q
myqueue cat</userinput></screen>
</listitem>
</varlistentry>
