- update to 1.10.0:

* The reader can now lookup records on a database with a search
    tree that is greater than 4 gigabytes without sometimes
    returning erroneous results due to an integer overflow.

  * Four additional fields were added to the end of the
    MMDB_search_node_s struct returned by MMDB_read_node. These
    making undocumented assumptions about how this library works
    internally and without knowing the specific details of the database
  * Previously, reading a database with a pointer in the metadata would
    cause an MMDB_INVALID_METADATA_ERROR to be returned. This was due to
    an invalid offset being used when calculating the pointer. The
    data_section and metadata_section fields now both point to the
    beginning of the data section. Previously, data_section pointed
    to the beginning of the data separator. This will not affect
  * MMDB_lookup_sockaddr will set mmdb_error to
    MMDB_IPV6_LOOKUP_IN_IPV4_DATABASE_ERROR if an IPv6 sockaddr is
    looked up in an IPv4-only database. Previously only
  * When resolving an address, this library now relies on getaddrinfo
  * Packaging fixes. The 1.1.3 tarball release contained a lot of extra
    past the end of the databases's data section. GitHub #103
  * When searching for the database metadata, there was a bug that caused
    the code to think it had found valid metadata when none existed. In
    database entirely. Finally, if there are multiple metadata markers
    in the database, we treat the final one as the start of the metdata,
  * Don't attempt to mmap a file that is too large to be mmapped on the system.
  * Added a missing out of memory check when reading a file's metadata.
  * Added several additional checks to make sure that we never attempt
    to malloc more than SIZE_MAX memory, which would lead to integer
    overflow. This could only happen with pathological databases.

OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libmaxminddb?expand=0&rev=31
This commit is contained in:
Marcus Meissner 2024-07-20 18:04:46 +00:00 committed by Git OBS Bridge
commit b007a8c992
7 changed files with 390 additions and 0 deletions

23
.gitattributes vendored Normal file
View File

@ -0,0 +1,23 @@
## Default LFS
*.7z filter=lfs diff=lfs merge=lfs -text
*.bsp filter=lfs diff=lfs merge=lfs -text
*.bz2 filter=lfs diff=lfs merge=lfs -text
*.gem filter=lfs diff=lfs merge=lfs -text
*.gz filter=lfs diff=lfs merge=lfs -text
*.jar filter=lfs diff=lfs merge=lfs -text
*.lz filter=lfs diff=lfs merge=lfs -text
*.lzma filter=lfs diff=lfs merge=lfs -text
*.obscpio filter=lfs diff=lfs merge=lfs -text
*.oxt filter=lfs diff=lfs merge=lfs -text
*.pdf filter=lfs diff=lfs merge=lfs -text
*.png filter=lfs diff=lfs merge=lfs -text
*.rpm filter=lfs diff=lfs merge=lfs -text
*.tbz filter=lfs diff=lfs merge=lfs -text
*.tbz2 filter=lfs diff=lfs merge=lfs -text
*.tgz filter=lfs diff=lfs merge=lfs -text
*.ttf filter=lfs diff=lfs merge=lfs -text
*.txz filter=lfs diff=lfs merge=lfs -text
*.whl filter=lfs diff=lfs merge=lfs -text
*.xz filter=lfs diff=lfs merge=lfs -text
*.zip filter=lfs diff=lfs merge=lfs -text
*.zst filter=lfs diff=lfs merge=lfs -text

1
.gitignore vendored Normal file
View File

@ -0,0 +1 @@
.osc

1
baselibs.conf Normal file
View File

@ -0,0 +1 @@
libmaxminddb0

View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:5e6db72df423ae225bfe8897069f6def40faa8931f456b99d79b8b4d664c6671
size 727713

View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:a80682a89d915fdf60b35d316232fb04ebf36fff27fda9bd39fe8a38d3cd3f12
size 612652

249
libmaxminddb.changes Normal file
View File

@ -0,0 +1,249 @@
-------------------------------------------------------------------
Thu Jul 18 15:54:35 UTC 2024 - Dirk Müller <dmueller@suse.com>
- update to 1.10.0:
* The reader can now lookup records on a database with a search
tree that is greater than 4 gigabytes without sometimes
returning erroneous results due to an integer overflow.
-------------------------------------------------------------------
Wed Jan 10 08:53:07 UTC 2024 - Andreas Stieger <andreas.stieger@gmx.de>
- libmaxminddb 1.9.1:
* On very large databases, the calculation to determine the search
tree size could overflow. This was fixed and several additional
guards against overflows were added
* build system tweaks
-------------------------------------------------------------------
Tue Nov 7 21:58:11 UTC 2023 - Andreas Stieger <andreas.stieger@gmx.de>
- libmaxminddb 1.8.0:
* PACKAGE_VERSION is now a private compile definition when
building with CMake.
* The feature test macro _POSIX_C_SOURCE is no longer set by
maxminddb.h
* assert() is no longer used outside test code
-------------------------------------------------------------------
Sat Oct 1 08:04:49 UTC 2022 - Andreas Stieger <andreas.stieger@gmx.de>
- libmaxminddb 1.7.1:
* FD_CLOEXEC is now set on platforms that do not support O_CLOEXEC
* File size check now correctly compares the size to SSIZE_MAX
* developer visible changes
-------------------------------------------------------------------
Fri Apr 30 09:15:18 UTC 2021 - Andreas Stieger <andreas.stieger@gmx.de>
- libmaxminddb 1.6.0:
* CMake build system fixes, not in use in this package
-------------------------------------------------------------------
Tue Mar 2 00:07:58 UTC 2021 - Dirk Müller <dmueller@suse.com>
- update to 1.5.2:
* With `libmaxminddb` on Windows and `mmdblookup` generally, there were
instances where the return value of `calloc` was not checked, which could
lead to issues in low memory situations or when resource limits had been
set.
* The formatting of the manpages has been improved and the script that
generates them now supports `lowdown` in addition to `pandoc`.
-------------------------------------------------------------------
Thu Jan 7 12:46:45 UTC 2021 - Andreas Stieger <andreas.stieger@gmx.de>
- libmaxminddb 1.5.0:
* build system changes for other platforms only
-------------------------------------------------------------------
Fri Aug 7 16:14:00 UTC 2020 - Andreas Stieger <andreas.stieger@gmx.de>
- update to 1.4.3:
* Use of uninitialized memory in dump_entry_data_list() could have
cause a heap buffer flow in mmdblookup [bsc#1175006]
-------------------------------------------------------------------
Wed Nov 20 13:46:56 UTC 2019 - Dominique Leuenberger <dimstar@opensuse.org>
- Add baselibs.conf: build libmaxminddb0-32bit, which is required
by libdns1310-32bit (new dependency gained).
-------------------------------------------------------------------
Sun Nov 3 16:56:13 UTC 2019 - Andreas Stieger <andreas.stieger@gmx.de>
- update to 1.4.2:
* negative array index for MMDB_*get_value specifies the last element
* Fix a memory leak when using custom databases without languages
defined in the metadata
* mmdblookup now displays the prefix length for the record when
using the verbose flag
-------------------------------------------------------------------
Thu May 17 13:37:24 UTC 2018 - jweberhofer@weberhofer.at
- Run tests
- Packaged LICENSE
- Update to version 1.3.2
* Allocate memory for MMDB_entry_data_list_s structs in separate chunks
rather than one large chunk. This simplifies accessing memory in
MMDB_get_entry_data_list() and increases performance. It builds on the
changes in 1.3.0 and 1.3.1.
* We no longer export data_pool_* symbols. These are internal functions
but we were previously exporting them. Pull request by Faidon Liambotis.
gh#maxmind/libmaxminddb#162.
* Build with POSIX.1-2008 by default if the system supports it. This allows
use of open() with O_CLOEXEC. We retain support for systems that
provide only POSIX.1-2001.
Open the database with the O_CLOEXEC flag if the system provides it.
* This avoids cases where we could leak fds when called in multi-threaded
programs that fork() and exec(). Original report and PR by Brandon L
Black.
* Added a test to ensure we export only intended symbols (e.g. MMDB_*).
- Update to version 1.3.1
* Fix build problems related to rpl_malloc(). Pull request by Rainer
Gerhards. gh#maxmind/libmaxminddb
* Fix a race to set and read data in a field on the MMDB_s struct
(ipv4_start_node). gh#maxmind/libmaxminddb#153.
* Fix cases of invalid memory access when using
MMDB_get_entry_data_list(). This was introduced in 1.3.0 and occurred
when performing large lookups. gh#maxmind/libmaxminddb#153.
- Update to version 1.3.0
* Perform fewer memory allocations in MMDB_get_entry_data_list(). This
significantly improves its performance. gh#maxmind/libmaxminddb#147.
* Fix mmdblookup's build epoch reporting on some systems. Big endian
systems with a 32-bit time_t no longer show a database build date of
1970-01-01 00:00:00. Pull request by Rainer Jung. gh#maxmind/libmaxminddb#143.
- Update to version 1.2.1
* Use autoconf to check the system's endianness rather than trying to do this
with compiler-defined macros like __BYTE_ORDER__. Apparently this didn't
work properly on a Sparc system. gh#maxmind/libmaxminddb#120.
* Several compiler warnings on Visual C++ were fixed. Pull request by Marcel
Raad. gh#maxmind/libmaxminddb#130.
* Fix segmentation faults found in MMDB_open() using afl-fuzz. This
occurred on corrupt databases that had a data pointer large enough to
cause an integer overflow when doing bound checking. Reported by Ryan
Whitworth. gh#maxmind/libmaxminddb#140.
* Add --disable-tests option to configure. Pull request by Fabrice
Fontaine. gh#maxmind/libmaxminddb#136.
-------------------------------------------------------------------
Tue Apr 12 13:48:56 UTC 2016 - p.drouand@gmail.com
- Update to version 1.2.0
* Four additional fields were added to the end of the
MMDB_search_node_s struct returned by MMDB_read_node. These
fields allow the user to iterate through the search tree without
making undocumented assumptions about how this library works
internally and without knowing the specific details of the database
format. GitHub #110 (https://github.com/maxmind/libmaxminddb/issues/110)
- Changes from version 1.1.5
* Previously, reading a database with a pointer in the metadata would
cause an MMDB_INVALID_METADATA_ERROR to be returned. This was due to
an invalid offset being used when calculating the pointer. The
data_section and metadata_section fields now both point to the
beginning of the data section. Previously, data_section pointed
to the beginning of the data separator. This will not affect
anyone using only documented fields from MMDB_s.
* MMDB_lookup_sockaddr will set mmdb_error to
MMDB_IPV6_LOOKUP_IN_IPV4_DATABASE_ERROR if an IPv6 sockaddr is
looked up in an IPv4-only database. Previously only
MMDB_lookup_string would set this error code.
* When resolving an address, this library now relies on getaddrinfo
to determine the address family rather than trying to guess it itself.
- Changes from version 1.1.4
* Packaging fixes. The 1.1.3 tarball release contained a lot of extra
junk in the t/ directory.
- Changes from version 1.1.3
* Added several additional checks to make sure that we don't attempt to read
past the end of the databases's data section. GitHub #103
(https://github.com/maxmind/libmaxminddb/pull/103).
* When searching for the database metadata, there was a bug that caused
the code to think it had found valid metadata when none existed. In
addition, this could lead to an attempt to read past the end of the
database entirely. Finally, if there are multiple metadata markers
in the database, we treat the final one as the start of the metdata,
instead of the first. GitHub #102 (https://github.com/maxmind/libmaxminddb/pull/102)
* Don't attempt to mmap a file that is too large to be mmapped on the system.
GitHub #101 (https://github.com/maxmind/libmaxminddb/pull/101).
* Added a missing out of memory check when reading a file's metadata.
GitHub #101 (https://github.com/maxmind/libmaxminddb/pull/101).
* Added several additional checks to make sure that we never attempt
to malloc more than SIZE_MAX memory, which would lead to integer
overflow. This could only happen with pathological databases.
GitHub #101 (https://github.com/maxmind/libmaxminddb/pull/101).
-------------------------------------------------------------------
Wed Nov 18 15:15:37 UTC 2015 - p.drouand@gmail.com
- Update to version 1.1.2
* IMPORTANT: This release includes a number of important security
fixes. Among these fixes is improved validation of the database
metadata. Unfortunately, MaxMind GeoIP2 and GeoLite2 databases
created earlier than January 28, 2014, had an invalid data type
for the record_size in the metadata. Previously these databases
worked on little endian machines with libmaxminddb but did not
work on big endian machines. Due to increased safety checks when
reading the file, these databases will no longer work on any
platform. If you are using one of these databases, we recommend
that you upgrade to the latest GeoLite2 or GeoIP2 database
* Added pkg-config support.
* Several segmentation faults found with afl-fuzz were fixed. These
were caused by missing bounds checking and missing verification
of data type.
MMDB_get_entry_data_list will now fail on data structures with a
depth greater than 512 and data structures that are cyclic. This
should not affect any known MaxMind DB in production. All databases
produced by MaxMind have a depth of less than five.
- Add a build dependency to pkg-config
-------------------------------------------------------------------
Sun Jul 26 13:48:17 UTC 2015 - p.drouand@gmail.com
- Update to version 1.1.1
* Added `maxminddb-compat-util.h` as a source file to dist.
- Changes from version 1.1.0
* Previously, when there was an error in `MMDB_open()`, `errno` would
generally be overwritten during cleanup, preventing a useful value from
being returned to the caller. This was changed so that the `errno` value
from the function call that caused the error is restored before returning to
the caller. In particular, this is important for `MMDB_IO_ERROR` errors as
checking `errno` is often the only way to determine what actually failed.
* If `mmap()` fails due to running out of memory space, an
`MMDB_OUT_OF_MEMORY_ERROR` is now returned from `MMDB_open` rather than an
`MMDB_IO_ERROR`.
* On Windows, the `CreateFileMappingA()` handle was not properly closed if
opening the database succeeded. Fixed by Bly Hostetler. GitHub #75 & #76.
* On Windows, we were not checking the return value of `CreateFileMappingA()`
properly for errors. Fixed by Bly Hotetler. GitHub #78.
* Several warnings from Clang's scan-build were fixed. GitHub #86.
* All headers are now installed in `$(includedir)`. GitHub #89.
* We no longer install `maxminddb-compat-util.h`. This header was intended for
internal use only.
-------------------------------------------------------------------
Wed Jan 21 14:03:32 UTC 2015 - p.drouand@gmail.com
- Update to version 1.0.4
* If you used a non-integer string as an array index when doing a
lookup with MMDB_get_value, MMDB_vget_value, or MMDB_aget_value,
the first element of the array would be returned rather than an
error. A MMDB_LOOKUP_PATH_DOES_NOT_MATCH_DATA_ERROR error will
now be returned. GitHub #61.
* If a number larger than LONG_MAX was used in the same functions,
LONG_MAX would have been used in the lookup. Now a
MMDB_INVALID_LOOKUP_PATH_ERROR error will be returned.
* Visual Studio build files were added for unit tests and some
compatibility issues with the tests were fixed.
* Visual Studio project was updated to use property pages. GitHub #69.
* A test failure in t/compile_c++_t.pl on new installs was fixed.
-------------------------------------------------------------------
Sun Dec 21 15:13:41 UTC 2014 - p.drouand@gmail.com
- Initial release (version 1.0.3)

110
libmaxminddb.spec Normal file
View File

@ -0,0 +1,110 @@
#
# spec file for package libmaxminddb
#
# Copyright (c) 2024 SUSE LLC
# Copyright (c) 2023 Andreas Stieger <Andreas.Stieger@gmx.de>
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
%define lname libmaxminddb0
Name: libmaxminddb
Version: 1.10.0
Release: 0
Summary: C library for the MaxMind DB file format
License: Apache-2.0
URL: https://dev.maxmind.com/
Source: https://github.com/maxmind/libmaxminddb/releases/download/%{version}/%{name}-%{version}.tar.gz
Source99: baselibs.conf
BuildRequires: fdupes
BuildRequires: gcc-c++
BuildRequires: pkgconfig
%description
The libmaxminddb library provides a C library for reading MaxMind DB
files, including the GeoIP2 databases from MaxMind. This is a
custom binary format designed to facilitate fast lookups of IP
addresses while allowing for great flexibility in the type of
data associated with an address.
%package -n %{lname}
Summary: C library for the MaxMind DB file format
%description -n %{lname}
The libmaxminddb library provides a C library for reading MaxMind DB
files, including the GeoIP2 databases from MaxMind. This is a
custom binary format designed to facilitate fast lookups of IP
addresses while allowing for great flexibility in the type of
data associated with an address.
%package -n mmdblookup
Summary: An utility to look up an IP address in a MaxMind DB file
%description -n mmdblookup
The libmaxminddb library provides a C library for reading MaxMind DB
files, including the GeoIP2 databases from MaxMind. This is a
custom binary format designed to facilitate fast lookups of IP
addresses while allowing for great flexibility in the type of
data associated with an address.
This package contains the mmdblookup binary.
%package devel
Summary: Development files for the MaxMind DB file format library
Requires: %{lname} = %{version}
%description devel
The libmaxminddb library provides a C library for reading MaxMind DB
files, including the GeoIP2 databases from MaxMind. This is a
custom binary format designed to facilitate fast lookups of IP
addresses while allowing for great flexibility in the type of
data associated with an address.
This package contains the development files for %{name}.
%prep
%autosetup -p1
%build
%configure --disable-static
%make_build
%check
%make_build check
%install
%make_install
find %{buildroot} -type f -name "*.la" -delete -print
%fdupes -s %{buildroot}/%{_prefix}
%ldconfig_scriptlets -n %{lname}
%files -n %{lname}
%license LICENSE
%{_libdir}/%{name}.so.*
%files -n mmdblookup
%license LICENSE
%doc doc/mmdblookup.md
%{_bindir}/mmdblookup
%{_mandir}/man1/mmdblookup.*
%files devel
%doc Changes.md NOTICE README.md doc/mmdblookup.md doc/libmaxminddb.md
%license LICENSE
%{_includedir}/*
%{_libdir}/%{name}.so
%{_libdir}/pkgconfig/%{name}.pc
%{_mandir}/man3/*
%changelog