packages/zeromq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!18 Upgrade to 4.3.4 for fix CVE-2020-15166 and CVE-2021-20236

Browse Source 
From: @starlet-dx 
Reviewed-by: @wk333 
Signed-off-by: @wk333
This commit is contained in:
openeuler-ci-bot 2024-02-04 09:25:22 +00:00 committed by Gitee
commit 41c16077fd
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
5 changed files with 16 additions and 63 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
HPUX-build-and-gmake-check-issues-solve.patch
View File

@ -1,27 +0,0 @@
From 25a50ca0d5d3ea076c63c23692e4cb9868bfb55d Mon Sep 17 00:00:00 2001
From: KIU Shueng Chuan <nixchuan@gmail.com>
Date: Tue, 8 Sep 2015 17:26:31 +0800
Subject: [PATCH] avoid dereferencing uint32_t on unaligned address
---
src/socket_base.cpp | 21 +++++----------------
1 file changed, 5 insertions(+), 16 deletions(-)
diff --git a/src/socket_base.cpp b/src/socket_base.cpp
index a980015fc..ea178a868 100644
--- a/src/socket_base.cpp
+++ b/src/socket_base.cpp
@@ -1361,8 +1361,11 @@ void zmq::socket_base_t::monitor_event (int event_, int value_, const std::strin
zmq_msg_t msg;
zmq_msg_init_size (&msg, 6);
uint8_t *data = (uint8_t *) zmq_msg_data (&msg);
- *(uint16_t *) (data + 0) = (uint16_t) event_;
- *(uint32_t *) (data + 2) = (uint32_t) value_;
+ // Avoid dereferencing uint32_t on unaligned address
+ uint16_t event = (uint16_t) event_;
+ uint32_t value = (uint32_t) value_;
+ memcpy (data + 0, &event, sizeof(event));
+ memcpy (data + 2, &value, sizeof(value));
zmq_sendmsg (monitor_socket, &msg, ZMQ_SNDMORE);
// Send address in second frame

BIN
libzmq-4.3.4.tar.gz Normal file
View File

Binary file not shown.

25
lt-test_many_sockets-and-lt-test_filter_ipc-fail-in-Docker-container-environment.patch
View File

@ -1,25 +0,0 @@
From 32b2d3034b04a54118bc95c3f83ea5af78f9de41 Mon Sep 17 00:00:00 2001
From: Nikolay Amiantov <ab@fmap.me>
Date: Thu, 20 Nov 2014 05:08:45 +0300
Subject: [PATCH] Fix test_filter_ipc for cleared supplementary groups
This should fix part of [https://github.com/zeromq/libzmq/issues/1129].
---
tests/test_filter_ipc.cpp | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/tests/test_filter_ipc.cpp b/tests/test_filter_ipc.cpp
index 00518f710..83035949b 100644
--- a/tests/test_filter_ipc.cpp
+++ b/tests/test_filter_ipc.cpp
@@ -122,8 +122,8 @@ int main (void)
// Get the group and supplimental groups of the process owner
gid_t groups[100];
int ngroups = getgroups(100, groups);
- assert (ngroups != -1 && ngroups != 0);
- gid_t group = getgid(), supgroup = groups[0], notgroup = groups[ngroups - 1] + 1;
+ assert (ngroups != -1);
+ gid_t group = getgid(), supgroup = group, notgroup = group + 1;
for (int i = 0; i < ngroups; i++) {
if (supgroup == group && group != groups[i])
supgroup = groups[i];

BIN
zeromq-4.1.7.tar.gz
View File

Binary file not shown.

27
zeromq.spec
View File

@ -1,20 +1,17 @@
%global build_test 0 %global build_test 0
Name: zeromq Name: zeromq
Version: 4.1.7 Version: 4.3.4
Release: 2 Release: 1
Summary: An open-source universal messaging library Summary: An open-source universal messaging library
License: LGPLv3+ License: LGPLv3+
URL: http://www.zeromq.org URL: http://www.zeromq.org
Source0: https://github.com/zeromq/zeromq4-1/releases/download/v%{version}/zeromq-%{version}.tar.gz Source0: https://github.com/%{name}/libzmq/archive/v%{version}/libzmq-%{version}.tar.gz
Source1: https://raw.githubusercontent.com/zeromq/cppzmq/master/zmq.hpp Source1: https://raw.githubusercontent.com/zeromq/cppzmq/master/zmq.hpp
Source2: https://raw.githubusercontent.com/zeromq/cppzmq/master/LICENSE Source2: https://raw.githubusercontent.com/zeromq/cppzmq/master/LICENSE
#Fix https://github.com/zeromq/libzmq/issues/1129
Patch0001: lt-test_many_sockets-and-lt-test_filter_ipc-fail-in-Docker-container-environment.patch
#Fix https://github.com/zeromq/libzmq/issues/1412
Patch0002: HPUX-build-and-gmake-check-issues-solve.patch
BuildRequires: autoconf automake libtool libsodium-devel gcc-c++ BuildRequires: autoconf automake libtool libsodium-devel gcc-c++
BuildRequires: glib2-devel libuuid-devel openpgm-devel krb5-devel BuildRequires: glib2-devel libuuid-devel openpgm-devel krb5-devel
BuildRequires: make asciidoc xmlto libunwind-devel
%description %description
ZeroMQ (also spelled ØMQ, 0MQ or ZMQ) is a high-performance asynchronous messaging library, ZeroMQ (also spelled ØMQ, 0MQ or ZMQ) is a high-performance asynchronous messaging library,
@ -44,10 +41,14 @@ Summary: Help documentation for zeromq
Help documentation for zeromq. Help documentation for zeromq.
%prep %prep
%autosetup -n %{name}-%{version} -p1 %autosetup -n libzmq-%{version} -p1
cp -a %{SOURCE2} . cp -a %{SOURCE2} .
sed -i "s/libzmq_werror=\"yes\"/libzmq_werror=\"no\"/g" configure.ac sed -i "s/libzmq_werror=\"yes\"/libzmq_werror=\"no\"/g" configure.ac
rm -rf external/wepoll
chmod -x src/xsub.hpp
%build %build
autoreconf -fi autoreconf -fi
%configure --with-pgm --with-libgssapi_krb5 --disable-static %configure --with-pgm --with-libgssapi_krb5 --disable-static
@ -81,10 +82,14 @@ make check V=1 || ( cat test-suite.log && exit 1 )
%{_includedir}/zmq.hpp %{_includedir}/zmq.hpp
%files help %files help
%doc ChangeLog MAINTAINERS NEWS %doc NEWS README.md
%{_mandir}/man3/*.3* %{_mandir}/man3/zmq_*
%{_mandir}/man7/*.7* %{_mandir}/man7/zmq_*
%{_mandir}/man7/zmq.*
%changelog %changelog
* Sun Feb 04 2024 yaoxin <yao_xin001@hoperun.com> - 4.3.4-1
- Upgrade to 4.3.4 for fix CVE-2020-15166 and CVE-2021-20236
* Fri Mar 6 2020 shijian <shijian16@huawei.com> - 4.1.7-2 * Fri Mar 6 2020 shijian <shijian16@huawei.com> - 4.1.7-2
- Package init - Package init