2011-09-27 09:39:43 +02:00
|
|
|
#
|
2012-01-28 22:42:15 +01:00
|
|
|
# spec file for package zeromq
|
2011-09-27 09:39:43 +02:00
|
|
|
#
|
- New upstream version 4.3.3:
* Denial-of-Service on CURVE/ZAP-protected servers by
unauthenticated clients. (CVE-2020-15166, bsc#1176116)
If a raw TCP socket is opened and connected to an endpoint that is fully
configured with CURVE/ZAP, legitimate clients will not be able to exchange
any message. Handshakes complete successfully, and messages are delivered to
the library, but the server application never receives them.
For more information see the security advisory:
https://github.com/zeromq/libzmq/security/advisories/GHSA-25wp-cf8g-938m
* Stack overflow on server running PUB/XPUB socket (CURVE disabled).
The PUB/XPUB subscription store (mtrie) is traversed using recursive
function calls. In the remove (unsubscription) case, the recursive calls are
NOT tail calls, so even with optimizations the stack grows linearly with the
length of a subscription topic. Topics are under the control of remote
clients - they can send a subscription to arbitrary length topics. An
attacker can thus cause a server to create an mtrie sufficiently large such
that, when unsubscribing, traversal will cause a stack overflow.
For more information see the security advisory:
https://github.com/zeromq/libzmq/security/advisories/GHSA-qq65-x72m-9wr8
* Memory leak in PUB server induced by malicious client(s) without CURVE/ZAP.
Messages with metadata are never processed by PUB sockets, but the metadata
is kept referenced in the PUB object and never freed.
For more information see the security advisory:
https://github.com/zeromq/libzmq/security/advisories/GHSA-4p5v-h92w-6wxw
* Memory leak in client induced by malicious server(s) without CURVE/ZAP.
When a pipe processes a delimiter and is already not in active state but
still has an unfinished message, the message is leaked.
For more information see the security advisory:
https://github.com/zeromq/libzmq/security/advisories/GHSA-wfr2-29gj-5w87
* Heap overflow when receiving malformed ZMTP v1 packets (CURVE disabled).
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/zeromq?expand=0&rev=74
2020-09-07 19:11:05 +02:00
|
|
|
# Copyright (c) 2020 SUSE LLC
|
2011-09-27 09:39:43 +02:00
|
|
|
#
|
|
|
|
|
# All modifications and additions to the file contributed by third parties
|
|
|
|
|
# remain the property of their copyright owners, unless otherwise agreed
|
|
|
|
|
# upon. The license for this file, and modifications and additions to the
|
|
|
|
|
# file, is the same license as for the pristine package itself (unless the
|
|
|
|
|
# license for the pristine package is not an Open Source License, in which
|
|
|
|
|
# case the license is the MIT License). An "Open Source License" is a
|
|
|
|
|
# license that conforms to the Open Source Definition (Version 1.9)
|
|
|
|
|
# published by the Open Source Initiative.
|
2012-01-28 22:42:15 +01:00
|
|
|
|
2019-07-12 08:23:33 +02:00
|
|
|
# Please submit bugfixes or comments via https://bugs.opensuse.org/
|
2011-09-27 09:39:43 +02:00
|
|
|
#
|
|
|
|
|
|
2012-01-28 22:42:15 +01:00
|
|
|
|
2015-07-14 10:42:28 +02:00
|
|
|
%define lib_name libzmq5
|
2014-05-12 12:47:34 +02:00
|
|
|
%ifarch %ix86 x86_64
|
2017-01-02 09:54:09 +01:00
|
|
|
%bcond_without pgm
|
|
|
|
|
%else
|
|
|
|
|
%bcond_with pgm
|
2014-05-12 12:47:34 +02:00
|
|
|
%endif
|
2011-09-27 09:39:43 +02:00
|
|
|
Name: zeromq
|
- New upstream version 4.3.3:
* Denial-of-Service on CURVE/ZAP-protected servers by
unauthenticated clients. (CVE-2020-15166, bsc#1176116)
If a raw TCP socket is opened and connected to an endpoint that is fully
configured with CURVE/ZAP, legitimate clients will not be able to exchange
any message. Handshakes complete successfully, and messages are delivered to
the library, but the server application never receives them.
For more information see the security advisory:
https://github.com/zeromq/libzmq/security/advisories/GHSA-25wp-cf8g-938m
* Stack overflow on server running PUB/XPUB socket (CURVE disabled).
The PUB/XPUB subscription store (mtrie) is traversed using recursive
function calls. In the remove (unsubscription) case, the recursive calls are
NOT tail calls, so even with optimizations the stack grows linearly with the
length of a subscription topic. Topics are under the control of remote
clients - they can send a subscription to arbitrary length topics. An
attacker can thus cause a server to create an mtrie sufficiently large such
that, when unsubscribing, traversal will cause a stack overflow.
For more information see the security advisory:
https://github.com/zeromq/libzmq/security/advisories/GHSA-qq65-x72m-9wr8
* Memory leak in PUB server induced by malicious client(s) without CURVE/ZAP.
Messages with metadata are never processed by PUB sockets, but the metadata
is kept referenced in the PUB object and never freed.
For more information see the security advisory:
https://github.com/zeromq/libzmq/security/advisories/GHSA-4p5v-h92w-6wxw
* Memory leak in client induced by malicious server(s) without CURVE/ZAP.
When a pipe processes a delimiter and is already not in active state but
still has an unfinished message, the message is leaked.
For more information see the security advisory:
https://github.com/zeromq/libzmq/security/advisories/GHSA-wfr2-29gj-5w87
* Heap overflow when receiving malformed ZMTP v1 packets (CURVE disabled).
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/zeromq?expand=0&rev=74
2020-09-07 19:11:05 +02:00
|
|
|
Version: 4.3.3
|
2011-09-27 09:39:43 +02:00
|
|
|
Release: 0
|
|
|
|
|
Summary: Lightweight messaging kernel
|
2018-03-23 10:27:20 +01:00
|
|
|
License: LGPL-3.0-or-later
|
2011-09-27 09:39:43 +02:00
|
|
|
Group: Productivity/Networking/Web/Servers
|
2018-07-10 14:25:12 +02:00
|
|
|
URL: http://www.zeromq.org/
|
2016-11-08 08:43:16 +01:00
|
|
|
Source: https://github.com/zeromq/libzmq/releases/download/v%{version}/zeromq-%{version}.tar.gz
|
2018-07-10 14:25:12 +02:00
|
|
|
Source99: baselibs.conf
|
2015-06-08 09:04:16 +02:00
|
|
|
BuildRequires: asciidoc
|
2011-09-27 09:39:43 +02:00
|
|
|
BuildRequires: gcc-c++
|
2016-11-08 08:43:16 +01:00
|
|
|
BuildRequires: libunwind-devel
|
2015-06-16 08:11:40 +02:00
|
|
|
BuildRequires: pkgconfig
|
2015-06-08 09:04:16 +02:00
|
|
|
BuildRequires: xmlto
|
2015-09-22 15:14:38 +02:00
|
|
|
%if 0%{?suse_version} && 0%{?suse_version} <= 1110
|
|
|
|
|
BuildRequires: libsodium-devel
|
|
|
|
|
BuildRequires: libuuid-devel
|
|
|
|
|
%else
|
2015-06-16 08:11:40 +02:00
|
|
|
BuildRequires: pkgconfig(libsodium)
|
|
|
|
|
BuildRequires: pkgconfig(uuid)
|
2015-09-22 15:14:38 +02:00
|
|
|
%endif
|
2017-01-02 09:54:09 +01:00
|
|
|
%if %{with pgm}
|
2018-07-10 14:25:12 +02:00
|
|
|
BuildRequires: openpgm-devel >= 5.1
|
|
|
|
|
BuildRequires: python
|
2015-09-22 15:14:38 +02:00
|
|
|
%if 0%{?suse_version} && 0%{?suse_version} <= 1110
|
|
|
|
|
BuildRequires: glib2-devel >= 2.8
|
2015-09-22 15:32:24 +02:00
|
|
|
%else
|
|
|
|
|
BuildRequires: pkgconfig(glib-2.0) >= 2.8
|
2015-09-22 15:14:38 +02:00
|
|
|
%endif
|
2017-01-02 09:54:09 +01:00
|
|
|
%endif # with pgm
|
2011-09-27 09:39:43 +02:00
|
|
|
|
|
|
|
|
%description
|
2017-02-07 13:12:22 +01:00
|
|
|
The ZeroMQ messaging kernel is a library extending the standard
|
|
|
|
|
socket interfaces with an abstraction of asynchronous message queues,
|
|
|
|
|
multiple messaging patterns, message filtering (subscriptions) and
|
|
|
|
|
seamless access to multiple transport protocols.
|
2011-09-27 09:39:43 +02:00
|
|
|
|
|
|
|
|
%package -n %{lib_name}
|
|
|
|
|
Summary: Shared Library for ZeroMQ
|
|
|
|
|
Group: Productivity/Networking/Web/Servers
|
2014-11-28 12:41:15 +01:00
|
|
|
Recommends: %{name}-tools = %{version}
|
2011-09-27 09:39:43 +02:00
|
|
|
|
|
|
|
|
%description -n %{lib_name}
|
2017-02-07 13:12:22 +01:00
|
|
|
The ZeroMQ messaging kernel is a library extending the standard
|
|
|
|
|
socket interfaces with an abstraction of asynchronous message queues,
|
|
|
|
|
multiple messaging patterns, message filtering (subscriptions) and
|
|
|
|
|
seamless access to multiple transport protocols.
|
2011-09-27 09:39:43 +02:00
|
|
|
|
|
|
|
|
This package holds the shared library part of the ZeroMQ package.
|
|
|
|
|
|
2014-11-28 12:41:15 +01:00
|
|
|
%package tools
|
|
|
|
|
Summary: Tools to work with ZeroMQ
|
2017-03-21 15:42:55 +01:00
|
|
|
# Conflict old libraries as we collide with them
|
Accepting request 556904 from home:adamm:branches:devel:libraries:c_c++
- New upstream version 4.2.3
* API change: previously ZMQ_POLLOUT on a ZMQ_ROUTER socket
returned always true due to how the type works. When
ZMQ_ROUTER_MANDATORY is set, sending fails when the peer is
not available, but ZMQ_POLLOUT always returns true anyway,
which does not make sense. Now when ZMQ_ROUTER_MANDATORY is
set, ZMQ_POLLOUT on a ZMQ_ROUTER will return true only if
at least one peer is available.
Given ZMQ_POLLOUT with ZMQ_ROUTER was not usable at all
previously, we do not consider this a breakage warranting a
major or minor version increase.
* ZMQ_IDENTITY has been renamed to ZMQ_ROUTING_ID and
ZMQ_CONNECT_RID has been renamed to ZMQ_CONNTECT_ROUTING_ID
to disambiguate. ZMQ_IDENTITY and ZMQ_CONNECT_RID are still
available to keep backward compatibility, and will be
removed in a future release after further advance notice.
* DRAFT API change: zmq_poller_wait, zmq_poller_wait_all and
zmq_poller_poll have been changed to be inline with other
existing APIs that have a timeout to return EAGAIN instead
of ETIMEDOUT as the errno value.
* Existing non-DRAFT socket types ZMQ_REP/REQ, ZMQ_ROUTER/DEALER
and ZMQPUB/SUB, that were previously declared deprecated, have
been reinstated as stable and supported
* Curve: all remaining traces of debug output to console are now
removed, and new DRAFT events are available to properly debug
CURVE, PLAIN, GSSAPI and ZAP events and failures.
* for compelete changelog see
https://github.com/zeromq/libzmq/releases/tag/v4.2.3
- drop remove_werror.patch: can now be disabled at configure time,
if needed.
OBS-URL: https://build.opensuse.org/request/show/556904
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/zeromq?expand=0&rev=62
2017-12-15 09:54:39 +01:00
|
|
|
Group: Productivity/Networking/Web/Servers
|
2014-11-28 12:41:15 +01:00
|
|
|
Conflicts: libzmq1
|
|
|
|
|
Conflicts: libzmq2
|
|
|
|
|
Conflicts: libzmq3
|
|
|
|
|
|
|
|
|
|
%description tools
|
2017-02-07 13:12:22 +01:00
|
|
|
The ZeroMQ messaging kernel is a library extending the standard
|
|
|
|
|
socket interfaces with an abstraction of asynchronous message queues,
|
|
|
|
|
multiple messaging patterns, message filtering (subscriptions) and
|
|
|
|
|
seamless access to multiple transport protocols.
|
2014-11-28 12:41:15 +01:00
|
|
|
|
2017-02-07 13:12:22 +01:00
|
|
|
This package contains the utilities to work with ZeroMQ library.
|
2014-11-28 12:41:15 +01:00
|
|
|
|
2011-09-27 09:39:43 +02:00
|
|
|
%package devel
|
|
|
|
|
Summary: Development files for ZeroMQ
|
|
|
|
|
Group: Development/Languages/C and C++
|
|
|
|
|
Requires: %{lib_name} = %{version}
|
|
|
|
|
Provides: libzmq-devel = %{version}
|
|
|
|
|
|
|
|
|
|
%description devel
|
2017-02-07 13:12:22 +01:00
|
|
|
The ZeroMQ messaging kernel is a library extending the standard
|
|
|
|
|
socket interfaces with an abstraction of asynchronous message queues,
|
|
|
|
|
multiple messaging patterns, message filtering (subscriptions) and
|
|
|
|
|
seamless access to multiple transport protocols.
|
2011-09-27 09:39:43 +02:00
|
|
|
|
|
|
|
|
This package holds the development files for ZeroMQ.
|
|
|
|
|
|
|
|
|
|
%prep
|
|
|
|
|
%setup -q
|
|
|
|
|
|
|
|
|
|
%build
|
2016-11-08 08:43:16 +01:00
|
|
|
export LIBS=-ldl
|
2011-09-27 09:39:43 +02:00
|
|
|
%configure \
|
2016-11-08 08:43:16 +01:00
|
|
|
--with-libsodium \
|
|
|
|
|
--enable-curve \
|
2017-01-02 09:54:09 +01:00
|
|
|
%if %{with pgm}
|
2011-09-27 09:39:43 +02:00
|
|
|
--with-pgm \
|
|
|
|
|
%endif
|
|
|
|
|
--disable-static \
|
2017-06-01 15:07:15 +02:00
|
|
|
--disable-dependency-tracking \
|
Accepting request 556904 from home:adamm:branches:devel:libraries:c_c++
- New upstream version 4.2.3
* API change: previously ZMQ_POLLOUT on a ZMQ_ROUTER socket
returned always true due to how the type works. When
ZMQ_ROUTER_MANDATORY is set, sending fails when the peer is
not available, but ZMQ_POLLOUT always returns true anyway,
which does not make sense. Now when ZMQ_ROUTER_MANDATORY is
set, ZMQ_POLLOUT on a ZMQ_ROUTER will return true only if
at least one peer is available.
Given ZMQ_POLLOUT with ZMQ_ROUTER was not usable at all
previously, we do not consider this a breakage warranting a
major or minor version increase.
* ZMQ_IDENTITY has been renamed to ZMQ_ROUTING_ID and
ZMQ_CONNECT_RID has been renamed to ZMQ_CONNTECT_ROUTING_ID
to disambiguate. ZMQ_IDENTITY and ZMQ_CONNECT_RID are still
available to keep backward compatibility, and will be
removed in a future release after further advance notice.
* DRAFT API change: zmq_poller_wait, zmq_poller_wait_all and
zmq_poller_poll have been changed to be inline with other
existing APIs that have a timeout to return EAGAIN instead
of ETIMEDOUT as the errno value.
* Existing non-DRAFT socket types ZMQ_REP/REQ, ZMQ_ROUTER/DEALER
and ZMQPUB/SUB, that were previously declared deprecated, have
been reinstated as stable and supported
* Curve: all remaining traces of debug output to console are now
removed, and new DRAFT events are available to properly debug
CURVE, PLAIN, GSSAPI and ZAP events and failures.
* for compelete changelog see
https://github.com/zeromq/libzmq/releases/tag/v4.2.3
- drop remove_werror.patch: can now be disabled at configure time,
if needed.
OBS-URL: https://build.opensuse.org/request/show/556904
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/zeromq?expand=0&rev=62
2017-12-15 09:54:39 +01:00
|
|
|
--disable-silent-rules \
|
|
|
|
|
--disable-Werror
|
2014-05-12 12:47:34 +02:00
|
|
|
make %{?_smp_mflags}
|
2011-09-27 09:39:43 +02:00
|
|
|
|
|
|
|
|
%install
|
2014-05-12 12:47:34 +02:00
|
|
|
make DESTDIR=%{buildroot} install %{?_smp_mflags}
|
|
|
|
|
find %{buildroot} -type f -name "*.la" -delete -print
|
|
|
|
|
|
|
|
|
|
%check
|
2016-06-28 17:31:03 +02:00
|
|
|
%if ! 0%{?qemu_user_space_build}
|
2016-05-31 15:39:40 +02:00
|
|
|
# Tests don't run well concurrently and some are flaky, hence 3x before fail
|
|
|
|
|
make check %{?_smp_mflags} || make check || make check || make check || (cat ./test-suite.log && false)
|
2016-06-28 17:31:03 +02:00
|
|
|
%endif
|
2011-09-27 09:39:43 +02:00
|
|
|
|
2014-05-12 12:47:34 +02:00
|
|
|
%post -n %{lib_name} -p /sbin/ldconfig
|
2011-09-27 09:39:43 +02:00
|
|
|
%postun -n %{lib_name} -p /sbin/ldconfig
|
|
|
|
|
|
|
|
|
|
%files -n %{lib_name}
|
|
|
|
|
%defattr(-,root,root,-)
|
2018-03-23 10:27:20 +01:00
|
|
|
%license COPYING COPYING.LESSER
|
2011-09-27 09:39:43 +02:00
|
|
|
%{_libdir}/libzmq.so.*
|
2014-11-28 12:41:15 +01:00
|
|
|
|
|
|
|
|
%files tools
|
|
|
|
|
%defattr(-,root,root)
|
2018-03-23 10:27:20 +01:00
|
|
|
%license COPYING COPYING.LESSER
|
2014-11-28 12:41:15 +01:00
|
|
|
%defattr(-,root,root,-)
|
2014-05-12 12:47:34 +02:00
|
|
|
%{_bindir}/curve_keygen
|
2011-09-27 09:39:43 +02:00
|
|
|
|
|
|
|
|
%files devel
|
|
|
|
|
%defattr(-,root,root,-)
|
2018-03-23 10:27:20 +01:00
|
|
|
%doc AUTHORS ChangeLog NEWS
|
|
|
|
|
%license COPYING COPYING.LESSER
|
2011-09-27 09:39:43 +02:00
|
|
|
%{_includedir}/zmq*
|
|
|
|
|
%{_libdir}/libzmq.so
|
|
|
|
|
%{_libdir}/pkgconfig/libzmq.pc
|
|
|
|
|
%{_mandir}/man3/zmq*.3*
|
|
|
|
|
%{_mandir}/man7/zmq*.7*
|
|
|
|
|
|
|
|
|
|
%changelog
|
