Compare commits
No commits in common. "c8s" and "c9-beta" have entirely different histories.
|
@ -1 +1 @@
|
|||
dde50284cc3d505fb2463ff6276e61d5531b1d68 SOURCES/c-ares-1.13.0.tar.gz
|
||||
99566278e4ed4b261891aa62c8b88227bf1a2823 SOURCES/c-ares-1.19.1.tar.gz
|
||||
|
|
|
@ -1 +1 @@
|
|||
SOURCES/c-ares-1.13.0.tar.gz
|
||||
SOURCES/c-ares-1.19.1.tar.gz
|
||||
|
|
|
@ -1,198 +0,0 @@
|
|||
From 4bde615c5fa2a6a6f61ca533e46a062691d83f45 Mon Sep 17 00:00:00 2001
|
||||
From: bradh352 <brad@brad-house.com>
|
||||
Date: Fri, 11 Jun 2021 11:27:45 -0400
|
||||
Subject: [PATCH 1/2] ares_expand_name() should escape more characters
|
||||
|
||||
RFC1035 5.1 specifies some reserved characters and escaping sequences
|
||||
that are allowed to be specified. Expand the list of reserved characters
|
||||
and also escape non-printable characters using the \DDD format as
|
||||
specified in the RFC.
|
||||
|
||||
Bug Reported By: philipp.jeitner@sit.fraunhofer.de
|
||||
Fix By: Brad House (@bradh352)
|
||||
---
|
||||
ares_expand_name.c | 41 ++++++++++++++++++++++++++++++++++++++---
|
||||
1 file changed, 38 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/ares_expand_name.c b/ares_expand_name.c
|
||||
index 3a38e67..8604543 100644
|
||||
--- a/ares_expand_name.c
|
||||
+++ b/ares_expand_name.c
|
||||
@@ -38,6 +38,26 @@
|
||||
static int name_length(const unsigned char *encoded, const unsigned char *abuf,
|
||||
int alen);
|
||||
|
||||
+/* Reserved characters for names that need to be escaped */
|
||||
+static int is_reservedch(int ch)
|
||||
+{
|
||||
+ switch (ch) {
|
||||
+ case '"':
|
||||
+ case '.':
|
||||
+ case ';':
|
||||
+ case '\\':
|
||||
+ case '(':
|
||||
+ case ')':
|
||||
+ case '@':
|
||||
+ case '$':
|
||||
+ return 1;
|
||||
+ default:
|
||||
+ break;
|
||||
+ }
|
||||
+
|
||||
+ return 0;
|
||||
+}
|
||||
+
|
||||
/* Expand an RFC1035-encoded domain name given by encoded. The
|
||||
* containing message is given by abuf and alen. The result given by
|
||||
* *s, which is set to a NUL-terminated allocated buffer. *enclen is
|
||||
@@ -117,9 +137,18 @@ int ares_expand_name(const unsigned char *encoded, const unsigned char *abuf,
|
||||
p++;
|
||||
while (len--)
|
||||
{
|
||||
- if (*p == '.' || *p == '\\')
|
||||
+ if (!isprint(*p)) {
|
||||
+ /* Output as \DDD for consistency with RFC1035 5.1 */
|
||||
+ *q++ = '\\';
|
||||
+ *q++ = '0' + *p / 100;
|
||||
+ *q++ = '0' + (*p % 100) / 10;
|
||||
+ *q++ = '0' + (*p % 10);
|
||||
+ } else if (is_reservedch(*p)) {
|
||||
*q++ = '\\';
|
||||
- *q++ = *p;
|
||||
+ *q++ = *p;
|
||||
+ } else {
|
||||
+ *q++ = *p;
|
||||
+ }
|
||||
p++;
|
||||
}
|
||||
*q++ = '.';
|
||||
@@ -177,7 +206,13 @@ static int name_length(const unsigned char *encoded, const unsigned char *abuf,
|
||||
encoded++;
|
||||
while (offset--)
|
||||
{
|
||||
- n += (*encoded == '.' || *encoded == '\\') ? 2 : 1;
|
||||
+ if (!isprint(*encoded)) {
|
||||
+ n += 4;
|
||||
+ } else if (is_reservedch(*encoded)) {
|
||||
+ n += 2;
|
||||
+ } else {
|
||||
+ n += 1;
|
||||
+ }
|
||||
encoded++;
|
||||
}
|
||||
n++;
|
||||
--
|
||||
2.26.3
|
||||
|
||||
|
||||
From 86cc9241f89c1155111b992ccc03bf76d8ae634a Mon Sep 17 00:00:00 2001
|
||||
From: bradh352 <brad@brad-house.com>
|
||||
Date: Fri, 11 Jun 2021 12:39:24 -0400
|
||||
Subject: [PATCH 2/2] ares_expand_name(): fix formatting and handling of root
|
||||
name response
|
||||
|
||||
Fixes issue introduced in prior commit with formatting and handling
|
||||
of parsing a root name response which should not be escaped.
|
||||
|
||||
Fix By: Brad House
|
||||
---
|
||||
ares_expand_name.c | 62 ++++++++++++++++++++++++++++++----------------
|
||||
1 file changed, 40 insertions(+), 22 deletions(-)
|
||||
|
||||
diff --git a/ares_expand_name.c b/ares_expand_name.c
|
||||
index 8604543..f89ee3f 100644
|
||||
--- a/ares_expand_name.c
|
||||
+++ b/ares_expand_name.c
|
||||
@@ -133,27 +133,37 @@ int ares_expand_name(const unsigned char *encoded, const unsigned char *abuf,
|
||||
}
|
||||
else
|
||||
{
|
||||
- len = *p;
|
||||
+ int name_len = *p;
|
||||
+ len = name_len;
|
||||
p++;
|
||||
+
|
||||
while (len--)
|
||||
{
|
||||
- if (!isprint(*p)) {
|
||||
- /* Output as \DDD for consistency with RFC1035 5.1 */
|
||||
- *q++ = '\\';
|
||||
- *q++ = '0' + *p / 100;
|
||||
- *q++ = '0' + (*p % 100) / 10;
|
||||
- *q++ = '0' + (*p % 10);
|
||||
- } else if (is_reservedch(*p)) {
|
||||
- *q++ = '\\';
|
||||
- *q++ = *p;
|
||||
- } else {
|
||||
- *q++ = *p;
|
||||
- }
|
||||
+ /* Output as \DDD for consistency with RFC1035 5.1, except
|
||||
+ * for the special case of a root name response */
|
||||
+ if (!isprint(*p) && !(name_len == 1 && *p == 0))
|
||||
+ {
|
||||
+
|
||||
+ *q++ = '\\';
|
||||
+ *q++ = '0' + *p / 100;
|
||||
+ *q++ = '0' + (*p % 100) / 10;
|
||||
+ *q++ = '0' + (*p % 10);
|
||||
+ }
|
||||
+ else if (is_reservedch(*p))
|
||||
+ {
|
||||
+ *q++ = '\\';
|
||||
+ *q++ = *p;
|
||||
+ }
|
||||
+ else
|
||||
+ {
|
||||
+ *q++ = *p;
|
||||
+ }
|
||||
p++;
|
||||
}
|
||||
*q++ = '.';
|
||||
}
|
||||
- }
|
||||
+ }
|
||||
+
|
||||
if (!indir)
|
||||
*enclen = aresx_uztosl(p + 1U - encoded);
|
||||
|
||||
@@ -200,21 +210,29 @@ static int name_length(const unsigned char *encoded, const unsigned char *abuf,
|
||||
}
|
||||
else if (top == 0x00)
|
||||
{
|
||||
- offset = *encoded;
|
||||
+ int name_len = *encoded;
|
||||
+ offset = name_len;
|
||||
if (encoded + offset + 1 >= abuf + alen)
|
||||
return -1;
|
||||
encoded++;
|
||||
+
|
||||
while (offset--)
|
||||
{
|
||||
- if (!isprint(*encoded)) {
|
||||
- n += 4;
|
||||
- } else if (is_reservedch(*encoded)) {
|
||||
- n += 2;
|
||||
- } else {
|
||||
- n += 1;
|
||||
- }
|
||||
+ if (!isprint(*encoded) && !(name_len == 1 && *encoded == 0))
|
||||
+ {
|
||||
+ n += 4;
|
||||
+ }
|
||||
+ else if (is_reservedch(*encoded))
|
||||
+ {
|
||||
+ n += 2;
|
||||
+ }
|
||||
+ else
|
||||
+ {
|
||||
+ n += 1;
|
||||
+ }
|
||||
encoded++;
|
||||
}
|
||||
+
|
||||
n++;
|
||||
}
|
||||
else
|
||||
--
|
||||
2.26.3
|
||||
|
|
@ -1,84 +1,152 @@
|
|||
%global use_cmake 1
|
||||
|
||||
Summary: A library that performs asynchronous DNS operations
|
||||
Name: c-ares
|
||||
Version: 1.13.0
|
||||
Release: 6%{?dist}
|
||||
Version: 1.19.1
|
||||
Release: 1%{?dist}
|
||||
License: MIT
|
||||
Group: System Environment/Libraries
|
||||
URL: http://c-ares.haxx.se/
|
||||
Source0: http://c-ares.haxx.se/download/%{name}-%{version}.tar.gz
|
||||
URL: http://c-ares.org/
|
||||
Source0: http://c-ares.org/download/%{name}-%{version}.tar.gz
|
||||
# The license can be obtained at http://c-ares.haxx.se/license.html
|
||||
Source1: LICENSE
|
||||
Patch0: 0001-Use-RPM-compiler-options.patch
|
||||
Patch1: 0002-fix-CVE-2021-3672.patch
|
||||
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
|
||||
|
||||
BuildRequires: gcc
|
||||
%if %{use_cmake}
|
||||
BuildRequires: cmake
|
||||
%else
|
||||
BuildRequires: autoconf
|
||||
BuildRequires: automake
|
||||
BuildRequires: libtool
|
||||
%endif
|
||||
BuildRequires: make
|
||||
|
||||
%description
|
||||
c-ares is a C library that performs DNS requests and name resolves
|
||||
asynchronously. c-ares is a fork of the library named 'ares', written
|
||||
c-ares is a C library that performs DNS requests and name resolves
|
||||
asynchronously. c-ares is a fork of the library named 'ares', written
|
||||
by Greg Hudson at MIT.
|
||||
|
||||
%package devel
|
||||
Summary: Development files for c-ares
|
||||
Group: Development/Libraries
|
||||
Requires: %{name} = %{version}-%{release}
|
||||
Requires: pkgconfig
|
||||
Requires: %{name}%{?_isa} = %{version}-%{release}
|
||||
|
||||
%description devel
|
||||
This package contains the header files and libraries needed to
|
||||
compile applications or shared objects that use c-ares.
|
||||
|
||||
%prep
|
||||
%setup -q
|
||||
%patch0 -p1 -b .optflags
|
||||
%patch1 -p1 -b .dns
|
||||
%autosetup -p1
|
||||
|
||||
cp %{SOURCE1} .
|
||||
f=CHANGES ; iconv -f iso-8859-1 -t utf-8 $f -o $f.utf8 ; mv $f.utf8 $f
|
||||
|
||||
%build
|
||||
# autoreconf -if
|
||||
# %%configure --enable-shared --disable-static \
|
||||
# --disable-dependency-tracking
|
||||
%if %{use_cmake}
|
||||
%{cmake} -DCMAKE_INSTALL_LIBDIR:PATH="%{_libdir}" -DCARES_BUILD_TOOLS:BOOL=OFF
|
||||
%cmake_build
|
||||
%else
|
||||
autoreconf -if
|
||||
%configure --enable-shared --disable-static \
|
||||
--disable-dependency-tracking
|
||||
%{__make} %{?_smp_mflags}
|
||||
%endif
|
||||
|
||||
%install
|
||||
rm -rf $RPM_BUILD_ROOT
|
||||
make DESTDIR=$RPM_BUILD_ROOT install
|
||||
%if %{use_cmake}
|
||||
%cmake_install
|
||||
%else
|
||||
%make_install
|
||||
rm -f $RPM_BUILD_ROOT/%{_libdir}/libcares.la
|
||||
%endif
|
||||
|
||||
%clean
|
||||
rm -rf $RPM_BUILD_ROOT
|
||||
|
||||
%post -p /sbin/ldconfig
|
||||
%postun -p /sbin/ldconfig
|
||||
%ldconfig_scriptlets
|
||||
|
||||
%files
|
||||
%defattr(-, root, root)
|
||||
%doc README.cares CHANGES NEWS LICENSE
|
||||
%license LICENSE
|
||||
%doc README.cares CHANGES NEWS
|
||||
%{_libdir}/*.so.*
|
||||
|
||||
%files devel
|
||||
%defattr(-, root, root, 0755)
|
||||
%{_includedir}/ares.h
|
||||
%{_includedir}/ares_build.h
|
||||
%{_includedir}/ares_dns.h
|
||||
%{_includedir}/ares_nameser.h
|
||||
%{_includedir}/ares_rules.h
|
||||
%{_includedir}/ares_version.h
|
||||
%{_libdir}/*.so
|
||||
%if %{use_cmake}
|
||||
%{_libdir}/cmake/c-ares/
|
||||
%endif
|
||||
%{_libdir}/pkgconfig/libcares.pc
|
||||
%{_mandir}/man3/ares_*
|
||||
|
||||
%changelog
|
||||
* Fri Oct 15 2021 Alexey Tikhonov <atikhono@redhat.com> - 1.13.0-6
|
||||
- Resolves: rhbz#1989425 - CVE-2021-3672 c-ares: missing input validation of host names may lead to Domain Hijacking [rhel-8]
|
||||
* Fri May 26 2023 Alexey Tikhonov <atikhono@redhat.com> - 1.19.1-1
|
||||
- Resolves: rhbz#2209564 - CVE-2023-31124 c-ares: AutoTools does not set CARES_RANDOM_FILE during cross compilation [rhel-9]
|
||||
- Resolves: rhbz#2209556 - CVE-2023-31130 c-ares: Buffer Underwrite in ares_inet_net_pton() [rhel-9]
|
||||
- Resolves: rhbz#2209550 - CVE-2023-31147 c-ares: Insufficient randomness in generation of DNS query IDs [rhel-9]
|
||||
- Resolves: rhbz#2209520 - CVE-2023-32067 c-ares: 0-byte UDP payload Denial of Service [rhel-9.3.0]
|
||||
- Resolves: rhbz#2210370 - Rebase c-ares for RHEL 9.3
|
||||
|
||||
* Mon Aug 13 2018 Jakub Hrozek <jhrozek@redhat.com> - 1.13.0-5
|
||||
- Drop an unused patch
|
||||
* Fri May 12 2023 Alexey Tikhonov <atikhono@redhat.com> - 1.17.1-6
|
||||
- Resolves: rhbz#2170868 - c-ares: buffer overflow in config_sortlist() due to missing string length check [rhel-9]
|
||||
|
||||
* Fri Nov 26 2021 Alexey Tikhonov <atikhono@redhat.com> - 1.17.1-5
|
||||
- Resolves: rhbz#2014523 - c-ares: missing input validation of host names may lead to Domain Hijacking [rhel-9]
|
||||
|
||||
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 1.17.1-4
|
||||
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
|
||||
Related: rhbz#1991688
|
||||
|
||||
* Thu Apr 15 2021 Mohan Boddu <mboddu@redhat.com> - 1.17.1-3
|
||||
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
|
||||
|
||||
* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.17.1-2
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
|
||||
|
||||
* Fri Nov 20 2020 Tom Callaway <spot@fedoraproject.org> - 1.17.1-1
|
||||
- update to 1.17.1
|
||||
|
||||
* Tue Nov 17 2020 Tom Callaway <spot@fedoraproject.org> - 1.17.0-1
|
||||
- update to 1.17.0
|
||||
|
||||
* Mon Jul 27 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.16.1-3
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
|
||||
|
||||
* Mon Jul 13 2020 Tom Stellard <tstellar@redhat.com> - 1.16.1-2
|
||||
- Use make macros
|
||||
- https://fedoraproject.org/wiki/Changes/UseMakeBuildInstallMacro
|
||||
|
||||
* Mon May 11 2020 Tom Callaway <spot@fedoraproject.org> - 1.16.1-1
|
||||
- update to 1.16.1
|
||||
|
||||
* Fri Mar 13 2020 Tom Callaway <spot@fedoraproject.org> - 1.16.0-1
|
||||
- update to 1.16.0
|
||||
|
||||
* Tue Jan 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.15.0-5
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
|
||||
|
||||
* Wed Jul 24 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.15.0-4
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
|
||||
|
||||
* Tue Mar 12 2019 Tom Callaway <spot@fedoraproject.org> - 1.15.0-3
|
||||
- use cmake to build so we get cmake helpers (bz1687844)
|
||||
|
||||
* Thu Jan 31 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.15.0-2
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
|
||||
|
||||
* Tue Nov 13 2018 Jakub Hrozek <jhrozek@redhat.com> - 1.16.0-1
|
||||
- Update to the latest upstream
|
||||
|
||||
* Mon Sep 3 2018 Jakub Hrozek <jhrozek@redhat.com> - 1.14.0-1
|
||||
- Update to the latest upstream
|
||||
- Resolves: rhbz#1624499 - RFE: New c-ares release 1.14.0 available
|
||||
|
||||
* Thu Jul 12 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.13.0-5
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
|
||||
|
||||
* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.13.0-4
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
|
||||
|
|
Loading…
Reference in New Issue