.c-ares.metadata

@@ -0,0 +1 @@
+dde50284cc3d505fb2463ff6276e61d5531b1d68 SOURCES/c-ares-1.13.0.tar.gz

.gitignore

@@ -1,2 +1 @@
 SOURCES/c-ares-1.13.0.tar.gz
-/c-ares-1.13.0.tar.gz

0007-Merge-pull-request-from-GHSA-mg26-v6qh-x48q.patch

@@ -1,33 +0,0 @@
-From 5fdda1a5891f8828075225975fbdef1d3e87fb57 Mon Sep 17 00:00:00 2001
-From: Alexey Tikhonov <atikhono@redhat.com>
-Date: Mon, 11 Mar 2024 20:46:09 +0100
-Subject: [PATCH] Merge pull request from GHSA-mg26-v6qh-x48q
-
-Backported from
-https://github.com/c-ares/c-ares/commit/a804c04ddc8245fc8adf0e92368709639125e183
----
- ares__read_line.c | 8 ++++++++
- 1 file changed, 8 insertions(+)
-
-diff --git a/ares__read_line.c b/ares__read_line.c
-index c62ad2a..d6625a3 100644
---- a/ares__read_line.c
-+++ b/ares__read_line.c
-@@ -49,6 +49,14 @@ int ares__read_line(FILE *fp, char **buf, size_t *bufsize)
-       if (!fgets(*buf + offset, bytestoread, fp))
-         return (offset != 0) ? 0 : (ferror(fp)) ? ARES_EFILE : ARES_EOF;
-       len = offset + strlen(*buf + offset);
-+
-+      /* Probably means there was an embedded NULL as the first character in
-+       * the line, throw away line */
-+      if (len == 0) {
-+        offset = 0;
-+        continue;
-+      }
-+
-       if ((*buf)[len - 1] == '\n')
-         {
-           (*buf)[len - 1] = 0;
--- 
-2.42.0
-

SPECS/c-ares.spec

@@ -1,7 +1,7 @@
 Summary: A library that performs asynchronous DNS operations
 Name: c-ares
 Version: 1.13.0
-Release: 11%{?dist}
+Release: 10%{?dist}
 License: MIT
 Group: System Environment/Libraries
 URL: http://c-ares.haxx.se/
@@ -14,7 +14,6 @@ Patch2: 0003-Add-str-len-check-in-config_sortlist-to-avoid-stack-.patch
 Patch3: 0004-Merge-pull-request-from-GHSA-9g78-jv2r-p7vc.patch
 Patch4: 0005-avoid-read-heap-buffer-overflow-332.patch
 Patch5: 0006-Merge-pull-request-from-GHSA-x6mf-cxr9-8q6v.patch
-Patch6: 0007-Merge-pull-request-from-GHSA-mg26-v6qh-x48q.patch
 
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 
@@ -45,7 +44,6 @@ compile applications or shared objects that use c-ares.
 %patch3 -p1 -b .udp
 %patch4 -p1 -b .buffer
 %patch5 -p1 -b .underwrite
-%patch6 -p1 -b .bounds
 
 cp %{SOURCE1} .
 f=CHANGES ; iconv -f iso-8859-1 -t utf-8 $f -o $f.utf8 ; mv $f.utf8 $f
@@ -84,9 +82,6 @@ rm -rf $RPM_BUILD_ROOT
 %{_mandir}/man3/ares_*
 
 %changelog
-* Tue Mar 12 2024 Alexey Tikhonov <atikhono@redhat.com> - 1.13.0-11
-- Resolves: RHEL-26525 - c-ares: Out of bounds read in ares__read_line() [rhel-8]
-
 * Wed Oct  4 2023 Alexey Tikhonov <atikhono@redhat.com> - 1.13.0-10
 - Resolves: RHEL-7853 - Buffer Underwrite in ares_inet_net_pton() [rhel-8]
 

gating.yaml

@@ -1,7 +0,0 @@
-# recipients: sssd-qe
---- !Policy
-product_versions:
-  - rhel-8
-decision_context: osci_compose_gate
-rules:
-  - !PassingTestCaseRule {test_case_name: idm-ci.brew-build.tier0.revdep}

sources

@@ -1 +0,0 @@
-SHA512 (c-ares-1.13.0.tar.gz) = 4a7942e754673f5b8d55a7471e31b0f390e8324b14c12077580c956147fad4d165c7fe8a3190199b1add95c710ceeb1a7957706d4f0d6299d39c5dddc719bd9d