diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..ded71a5 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +/c-ares-1.13.0.tar.gz diff --git a/0001-Use-RPM-compiler-options.patch b/0001-Use-RPM-compiler-options.patch new file mode 100644 index 0000000..721b713 --- /dev/null +++ b/0001-Use-RPM-compiler-options.patch @@ -0,0 +1,41 @@ +From 7dada62a77e061c752123e672e844386ff3b01ea Mon Sep 17 00:00:00 2001 +From: Stephen Gallagher +Date: Wed, 10 Apr 2013 12:32:44 -0400 +Subject: [PATCH] Use RPM compiler options + +--- + m4/cares-compilers.m4 | 19 ++++++------------- + 1 file changed, 6 insertions(+), 13 deletions(-) + +diff --git a/m4/cares-compilers.m4 b/m4/cares-compilers.m4 +index 7ee8e0dbe741c1a64149a0d20b826f507b3ec620..d7708230fb5628ae80fbf1052da0d2c78ebbc160 100644 +--- a/m4/cares-compilers.m4 ++++ b/m4/cares-compilers.m4 +@@ -143,19 +143,12 @@ AC_DEFUN([CARES_CHECK_COMPILER_GNU_C], [ + gccvhi=`echo $gccver | cut -d . -f1` + gccvlo=`echo $gccver | cut -d . -f2` + compiler_num=`(expr $gccvhi "*" 100 + $gccvlo) 2>/dev/null` +- flags_dbg_all="-g -g0 -g1 -g2 -g3" +- flags_dbg_all="$flags_dbg_all -ggdb" +- flags_dbg_all="$flags_dbg_all -gstabs" +- flags_dbg_all="$flags_dbg_all -gstabs+" +- flags_dbg_all="$flags_dbg_all -gcoff" +- flags_dbg_all="$flags_dbg_all -gxcoff" +- flags_dbg_all="$flags_dbg_all -gdwarf-2" +- flags_dbg_all="$flags_dbg_all -gvms" +- flags_dbg_yes="-g" +- flags_dbg_off="-g0" +- flags_opt_all="-O -O0 -O1 -O2 -O3 -Os" +- flags_opt_yes="-O2" +- flags_opt_off="-O0" ++ flags_dbg_all="" ++ flags_dbg_yes="" ++ flags_dbg_off="" ++ flags_opt_all="" ++ flags_opt_yes="" ++ flags_opt_off="" + CURL_CHECK_DEF([_WIN32], [], [silent]) + else + AC_MSG_RESULT([no]) +-- +1.8.1.4 diff --git a/0002-fix-CVE-2021-3672.patch b/0002-fix-CVE-2021-3672.patch new file mode 100644 index 0000000..9dc7f31 --- /dev/null +++ b/0002-fix-CVE-2021-3672.patch @@ -0,0 +1,198 @@ +From 4bde615c5fa2a6a6f61ca533e46a062691d83f45 Mon Sep 17 00:00:00 2001 +From: bradh352 +Date: Fri, 11 Jun 2021 11:27:45 -0400 +Subject: [PATCH 1/2] ares_expand_name() should escape more characters + +RFC1035 5.1 specifies some reserved characters and escaping sequences +that are allowed to be specified. Expand the list of reserved characters +and also escape non-printable characters using the \DDD format as +specified in the RFC. + +Bug Reported By: philipp.jeitner@sit.fraunhofer.de +Fix By: Brad House (@bradh352) +--- + ares_expand_name.c | 41 ++++++++++++++++++++++++++++++++++++++--- + 1 file changed, 38 insertions(+), 3 deletions(-) + +diff --git a/ares_expand_name.c b/ares_expand_name.c +index 3a38e67..8604543 100644 +--- a/ares_expand_name.c ++++ b/ares_expand_name.c +@@ -38,6 +38,26 @@ + static int name_length(const unsigned char *encoded, const unsigned char *abuf, + int alen); + ++/* Reserved characters for names that need to be escaped */ ++static int is_reservedch(int ch) ++{ ++ switch (ch) { ++ case '"': ++ case '.': ++ case ';': ++ case '\\': ++ case '(': ++ case ')': ++ case '@': ++ case '$': ++ return 1; ++ default: ++ break; ++ } ++ ++ return 0; ++} ++ + /* Expand an RFC1035-encoded domain name given by encoded. The + * containing message is given by abuf and alen. The result given by + * *s, which is set to a NUL-terminated allocated buffer. *enclen is +@@ -117,9 +137,18 @@ int ares_expand_name(const unsigned char *encoded, const unsigned char *abuf, + p++; + while (len--) + { +- if (*p == '.' || *p == '\\') ++ if (!isprint(*p)) { ++ /* Output as \DDD for consistency with RFC1035 5.1 */ ++ *q++ = '\\'; ++ *q++ = '0' + *p / 100; ++ *q++ = '0' + (*p % 100) / 10; ++ *q++ = '0' + (*p % 10); ++ } else if (is_reservedch(*p)) { + *q++ = '\\'; +- *q++ = *p; ++ *q++ = *p; ++ } else { ++ *q++ = *p; ++ } + p++; + } + *q++ = '.'; +@@ -177,7 +206,13 @@ static int name_length(const unsigned char *encoded, const unsigned char *abuf, + encoded++; + while (offset--) + { +- n += (*encoded == '.' || *encoded == '\\') ? 2 : 1; ++ if (!isprint(*encoded)) { ++ n += 4; ++ } else if (is_reservedch(*encoded)) { ++ n += 2; ++ } else { ++ n += 1; ++ } + encoded++; + } + n++; +-- +2.26.3 + + +From 86cc9241f89c1155111b992ccc03bf76d8ae634a Mon Sep 17 00:00:00 2001 +From: bradh352 +Date: Fri, 11 Jun 2021 12:39:24 -0400 +Subject: [PATCH 2/2] ares_expand_name(): fix formatting and handling of root + name response + +Fixes issue introduced in prior commit with formatting and handling +of parsing a root name response which should not be escaped. + +Fix By: Brad House +--- + ares_expand_name.c | 62 ++++++++++++++++++++++++++++++---------------- + 1 file changed, 40 insertions(+), 22 deletions(-) + +diff --git a/ares_expand_name.c b/ares_expand_name.c +index 8604543..f89ee3f 100644 +--- a/ares_expand_name.c ++++ b/ares_expand_name.c +@@ -133,27 +133,37 @@ int ares_expand_name(const unsigned char *encoded, const unsigned char *abuf, + } + else + { +- len = *p; ++ int name_len = *p; ++ len = name_len; + p++; ++ + while (len--) + { +- if (!isprint(*p)) { +- /* Output as \DDD for consistency with RFC1035 5.1 */ +- *q++ = '\\'; +- *q++ = '0' + *p / 100; +- *q++ = '0' + (*p % 100) / 10; +- *q++ = '0' + (*p % 10); +- } else if (is_reservedch(*p)) { +- *q++ = '\\'; +- *q++ = *p; +- } else { +- *q++ = *p; +- } ++ /* Output as \DDD for consistency with RFC1035 5.1, except ++ * for the special case of a root name response */ ++ if (!isprint(*p) && !(name_len == 1 && *p == 0)) ++ { ++ ++ *q++ = '\\'; ++ *q++ = '0' + *p / 100; ++ *q++ = '0' + (*p % 100) / 10; ++ *q++ = '0' + (*p % 10); ++ } ++ else if (is_reservedch(*p)) ++ { ++ *q++ = '\\'; ++ *q++ = *p; ++ } ++ else ++ { ++ *q++ = *p; ++ } + p++; + } + *q++ = '.'; + } +- } ++ } ++ + if (!indir) + *enclen = aresx_uztosl(p + 1U - encoded); + +@@ -200,21 +210,29 @@ static int name_length(const unsigned char *encoded, const unsigned char *abuf, + } + else if (top == 0x00) + { +- offset = *encoded; ++ int name_len = *encoded; ++ offset = name_len; + if (encoded + offset + 1 >= abuf + alen) + return -1; + encoded++; ++ + while (offset--) + { +- if (!isprint(*encoded)) { +- n += 4; +- } else if (is_reservedch(*encoded)) { +- n += 2; +- } else { +- n += 1; +- } ++ if (!isprint(*encoded) && !(name_len == 1 && *encoded == 0)) ++ { ++ n += 4; ++ } ++ else if (is_reservedch(*encoded)) ++ { ++ n += 2; ++ } ++ else ++ { ++ n += 1; ++ } + encoded++; + } ++ + n++; + } + else +-- +2.26.3 + diff --git a/EMPTY b/EMPTY deleted file mode 100644 index 0519ecb..0000000 --- a/EMPTY +++ /dev/null @@ -1 +0,0 @@ - \ No newline at end of file diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..4c1423a --- /dev/null +++ b/LICENSE @@ -0,0 +1,12 @@ +Copyright (C) 2004 by Daniel Stenberg et al + +Permission to use, copy, modify, and distribute this software and its +documentation for any purpose and without fee is hereby granted, provided +that the above copyright notice appear in all copies and that both that +copyright notice and this permission notice appear in supporting +documentation, and that the name of M.I.T. not be used in advertising or +publicity pertaining to distribution of the software without specific, +written prior permission. M.I.T. makes no representations about the +suitability of this software for any purpose. It is provided "as is" +without express or implied warranty. + diff --git a/c-ares.spec b/c-ares.spec new file mode 100644 index 0000000..0a692cf --- /dev/null +++ b/c-ares.spec @@ -0,0 +1,254 @@ +Summary: A library that performs asynchronous DNS operations +Name: c-ares +Version: 1.13.0 +Release: 6%{?dist} +License: MIT +Group: System Environment/Libraries +URL: http://c-ares.haxx.se/ +Source0: http://c-ares.haxx.se/download/%{name}-%{version}.tar.gz +# The license can be obtained at http://c-ares.haxx.se/license.html +Source1: LICENSE +Patch0: 0001-Use-RPM-compiler-options.patch +Patch1: 0002-fix-CVE-2021-3672.patch + +BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) + +BuildRequires: autoconf +BuildRequires: automake +BuildRequires: libtool + +%description +c-ares is a C library that performs DNS requests and name resolves +asynchronously. c-ares is a fork of the library named 'ares', written +by Greg Hudson at MIT. + +%package devel +Summary: Development files for c-ares +Group: Development/Libraries +Requires: %{name} = %{version}-%{release} +Requires: pkgconfig + +%description devel +This package contains the header files and libraries needed to +compile applications or shared objects that use c-ares. + +%prep +%setup -q +%patch0 -p1 -b .optflags +%patch1 -p1 -b .dns + +cp %{SOURCE1} . +f=CHANGES ; iconv -f iso-8859-1 -t utf-8 $f -o $f.utf8 ; mv $f.utf8 $f + +%build +autoreconf -if +%configure --enable-shared --disable-static \ + --disable-dependency-tracking +%{__make} %{?_smp_mflags} + +%install +rm -rf $RPM_BUILD_ROOT +make DESTDIR=$RPM_BUILD_ROOT install +rm -f $RPM_BUILD_ROOT/%{_libdir}/libcares.la + +%clean +rm -rf $RPM_BUILD_ROOT + +%post -p /sbin/ldconfig +%postun -p /sbin/ldconfig + +%files +%defattr(-, root, root) +%doc README.cares CHANGES NEWS LICENSE +%{_libdir}/*.so.* + +%files devel +%defattr(-, root, root, 0755) +%{_includedir}/ares.h +%{_includedir}/ares_build.h +%{_includedir}/ares_dns.h +%{_includedir}/ares_rules.h +%{_includedir}/ares_version.h +%{_libdir}/*.so +%{_libdir}/pkgconfig/libcares.pc +%{_mandir}/man3/ares_* + +%changelog +* Fri Oct 15 2021 Alexey Tikhonov - 1.13.0-6 +- Resolves: rhbz#1989425 - CVE-2021-3672 c-ares: missing input validation of host names may lead to Domain Hijacking [rhel-8] + +* Mon Aug 13 2018 Jakub Hrozek - 1.13.0-5 +- Drop an unused patch + +* Wed Feb 07 2018 Fedora Release Engineering - 1.13.0-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild + +* Wed Aug 02 2017 Fedora Release Engineering - 1.13.0-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild + +* Wed Jul 26 2017 Fedora Release Engineering - 1.13.0-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild + +* Tue Jun 20 2017 Jakub Hrozek - 1.13.0-1 +- update to 1.13.0 + +* Fri Feb 10 2017 Fedora Release Engineering - 1.12.0-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild + +* Thu Sep 29 2016 Tom Callaway - 1.12.0-1 +- update to 1.12.0 + +* Fri Feb 19 2016 Jakub Hrozek - 1.11.0 +- New upstream version 1.11.0 + +* Wed Feb 03 2016 Fedora Release Engineering - 1.10.0-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild + +* Wed Jun 17 2015 Fedora Release Engineering - 1.10.0-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild + +* Fri Aug 15 2014 Fedora Release Engineering - 1.10.0-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild + +* Sat Jun 07 2014 Fedora Release Engineering - 1.10.0-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild + +* Sat Aug 03 2013 Fedora Release Engineering - 1.10.0-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild + +* Mon May 13 2013 Jakub Hrozek - 1.10.1-1 +- New upstream release 1.10 +- Obsolete upstreamed patches +- Amend the multilib patch, there's no need to patch configure since we + are running autoreconf anyways +- https://raw.github.com/bagder/c-ares/cares-1_10_0/RELEASE-NOTES + +* Thu Apr 11 2013 Jakub Hrozek - 1.9.1-6 +- Apply an upstream patch to override AC_CONFIG_MACRO_DIR only conditionally + +* Thu Apr 11 2013 Jakub Hrozek - 1.9.1-5 +- Apply a patch by Stephen Gallagher to patch autoconf, not configure to + allow optflags to be passed in by build environment +- Run autoreconf before configure +- git rm obsolete patches +- Apply upstream patch to stop overriding AC_CONFIG_MACRO_DIR + +* Wed Feb 13 2013 Fedora Release Engineering - 1.9.1-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild + +* Wed Aug 8 2012 Jakub Hrozek - 1.9.1-3 +- Include URL to the license text + +* Wed Jul 18 2012 Fedora Release Engineering - 1.9.1-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + +* Mon Jun 25 2012 Tom Callaway - 1.9.1-1 +- update to 1.9.1 + +* Sat Apr 28 2012 Tom Callaway - 1.8.0-1 +- update to 1.8.0 +- fix multilib patch (thanks to Paul Howarth) + +* Thu Jan 12 2012 Fedora Release Engineering - 1.7.5-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild + +* Wed Aug 17 2011 Jakub Hrozek - 1.7.5-1 +- New upstream release 1.7.5 +- Obsoletes patch #2 +- Rebase patch #1 (optflags) to match the 1.7.5 code +- Fixed Source0 URL to point at the upstream tarball + +* Mon Apr 11 2011 Jakub Hrozek - 1.7.4-3 +- Apply upstream patch to fix rhbz#695424 + +* Tue Feb 08 2011 Fedora Release Engineering - 1.7.4-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild + +* Fri Dec 10 2010 Tom "spot" Callaway - 1.7.4-1 +- update to 1.7.4 + +* Wed Aug 25 2010 Jakub Hrozek - 1.7.3-3 +- Actually apply the patches + +* Wed Aug 25 2010 Jakub Hrozek - 1.7.3-2 +- apply couple of patches from upstream + +* Tue Jun 15 2010 Jakub Hrozek - 1.7.3-1 +- Upgrade to new upstream release 1.7.3 (obsoletes search/domain patch) +- Fix conflict of -devel packages on multilib architectures (#602880) + +* Thu Jun 3 2010 Jakub Hrozek - 1.7.1-2 +- Use last instance of search/domain, not the first one (#597286) + +* Tue Mar 23 2010 Jakub Hrozek - 1.7.1-1 +- update to 1.7.1 which contains the IPv6 nameserver patch + +* Sun Mar 7 2010 Jakub Hrozek - 1.7.0-3 +- Change IPv6 nameserver patch according to upstream changes + (upstream revisions 1199,1201,1202) + +* Wed Mar 3 2010 Jakub Hrozek - 1.7.0-2 +- Add a patch to allow usage of IPv6 nameservers + +* Tue Dec 1 2009 Tom "spot" Callaway - 1.7.0-1 +- update to 1.7.0 + +* Sat Jul 25 2009 Ville Skyttä - 1.6.0-3 +- Patch to make upstream build system honor our CFLAGS and friends. +- Don't bother building throwaway static libs. +- Disable autotools dependency tracking for cleaner build logs and possible + slight build speedup. +- Convert docs to UTF-8. +- Update URLs. + +* Fri Jul 24 2009 Fedora Release Engineering - 1.6.0-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild + +* Wed Jul 22 2009 Tom "spot" Callaway - 1.6.0-1 +- update to 1.6.0 + +* Mon Feb 23 2009 Fedora Release Engineering - 1.5.3-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild + +* Fri Sep 12 2008 Tom "spot" Callaway - 1.5.3-1 +- update to 1.5.3 + +* Tue Feb 19 2008 Fedora Release Engineering - 1.5.1-2 +- Autorebuild for GCC 4.3 + +* Tue Feb 19 2008 Tom "spot" Callaway 1.5.1-1 +- update to 1.5.1 + +* Thu Aug 23 2007 Tom "spot" Callaway 1.4.0-2 +- rebuild for ppc32 + +* Wed Jun 27 2007 Tom "spot" Callaway 1.4.0-1 +- bump to 1.4.0 (resolves bugzilla 243591) +- get rid of static library (.a) + +* Wed Jan 17 2007 Tom "spot" Callaway 1.3.2-1 +- bump to 1.3.2 + +* Mon Sep 11 2006 Tom "spot" Callaway 1.3.1-2 +- FC-6 bump + +* Mon Jul 10 2006 Tom "spot" Callaway 1.3.1-1 +- bump to 1.3.1 + +* Tue Feb 28 2006 Tom "spot" Callaway 1.3.0-2 +- bump for FC-5 rebuild + +* Sun Sep 4 2005 Tom "spot" Callaway 1.3.0-1 +- include LICENSE text +- bump to 1.3.0 + +* Tue May 31 2005 Tom "spot" Callaway 1.2.1-4 +- use dist tag to prevent EVR overlap + +* Fri Apr 22 2005 Tom "spot" Callaway 1.2.1-2 +- fix license (MIT, not LGPL) +- get rid of libcares.la + +* Fri Apr 22 2005 Tom "spot" Callaway 1.2.1-1 +- initial package creation + diff --git a/sources b/sources new file mode 100644 index 0000000..0fa3384 --- /dev/null +++ b/sources @@ -0,0 +1 @@ +SHA512 (c-ares-1.13.0.tar.gz) = 4a7942e754673f5b8d55a7471e31b0f390e8324b14c12077580c956147fad4d165c7fe8a3190199b1add95c710ceeb1a7957706d4f0d6299d39c5dddc719bd9d