From bcf827bec7a2ca6db74d3246d80fbcab5a652f26 Mon Sep 17 00:00:00 2001 From: MSVSphere Packaging Team Date: Fri, 29 Mar 2024 15:20:53 +0300 Subject: [PATCH] import c-ares-1.13.0-10.el8 --- .c-ares.metadata | 1 + .gitignore | 1 + SOURCES/0001-Use-RPM-compiler-options.patch | 41 +++ SOURCES/0002-fix-CVE-2021-3672.patch | 198 ++++++++++++ ...k-in-config_sortlist-to-avoid-stack-.patch | 64 ++++ ...ull-request-from-GHSA-9g78-jv2r-p7vc.patch | 82 +++++ ...-avoid-read-heap-buffer-overflow-332.patch | 30 ++ ...ull-request-from-GHSA-x6mf-cxr9-8q6v.patch | 294 ++++++++++++++++++ SOURCES/LICENSE | 12 + SPECS/c-ares.spec | 277 +++++++++++++++++ 10 files changed, 1000 insertions(+) create mode 100644 .c-ares.metadata create mode 100644 .gitignore create mode 100644 SOURCES/0001-Use-RPM-compiler-options.patch create mode 100644 SOURCES/0002-fix-CVE-2021-3672.patch create mode 100644 SOURCES/0003-Add-str-len-check-in-config_sortlist-to-avoid-stack-.patch create mode 100644 SOURCES/0004-Merge-pull-request-from-GHSA-9g78-jv2r-p7vc.patch create mode 100644 SOURCES/0005-avoid-read-heap-buffer-overflow-332.patch create mode 100644 SOURCES/0006-Merge-pull-request-from-GHSA-x6mf-cxr9-8q6v.patch create mode 100644 SOURCES/LICENSE create mode 100644 SPECS/c-ares.spec diff --git a/.c-ares.metadata b/.c-ares.metadata new file mode 100644 index 0000000..9f07a3d --- /dev/null +++ b/.c-ares.metadata @@ -0,0 +1 @@ +dde50284cc3d505fb2463ff6276e61d5531b1d68 SOURCES/c-ares-1.13.0.tar.gz diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..32e00a1 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +SOURCES/c-ares-1.13.0.tar.gz diff --git a/SOURCES/0001-Use-RPM-compiler-options.patch b/SOURCES/0001-Use-RPM-compiler-options.patch new file mode 100644 index 0000000..721b713 --- /dev/null +++ b/SOURCES/0001-Use-RPM-compiler-options.patch @@ -0,0 +1,41 @@ +From 7dada62a77e061c752123e672e844386ff3b01ea Mon Sep 17 00:00:00 2001 +From: Stephen Gallagher +Date: Wed, 10 Apr 2013 12:32:44 -0400 +Subject: [PATCH] Use RPM compiler options + +--- + m4/cares-compilers.m4 | 19 ++++++------------- + 1 file changed, 6 insertions(+), 13 deletions(-) + +diff --git a/m4/cares-compilers.m4 b/m4/cares-compilers.m4 +index 7ee8e0dbe741c1a64149a0d20b826f507b3ec620..d7708230fb5628ae80fbf1052da0d2c78ebbc160 100644 +--- a/m4/cares-compilers.m4 ++++ b/m4/cares-compilers.m4 +@@ -143,19 +143,12 @@ AC_DEFUN([CARES_CHECK_COMPILER_GNU_C], [ + gccvhi=`echo $gccver | cut -d . -f1` + gccvlo=`echo $gccver | cut -d . -f2` + compiler_num=`(expr $gccvhi "*" 100 + $gccvlo) 2>/dev/null` +- flags_dbg_all="-g -g0 -g1 -g2 -g3" +- flags_dbg_all="$flags_dbg_all -ggdb" +- flags_dbg_all="$flags_dbg_all -gstabs" +- flags_dbg_all="$flags_dbg_all -gstabs+" +- flags_dbg_all="$flags_dbg_all -gcoff" +- flags_dbg_all="$flags_dbg_all -gxcoff" +- flags_dbg_all="$flags_dbg_all -gdwarf-2" +- flags_dbg_all="$flags_dbg_all -gvms" +- flags_dbg_yes="-g" +- flags_dbg_off="-g0" +- flags_opt_all="-O -O0 -O1 -O2 -O3 -Os" +- flags_opt_yes="-O2" +- flags_opt_off="-O0" ++ flags_dbg_all="" ++ flags_dbg_yes="" ++ flags_dbg_off="" ++ flags_opt_all="" ++ flags_opt_yes="" ++ flags_opt_off="" + CURL_CHECK_DEF([_WIN32], [], [silent]) + else + AC_MSG_RESULT([no]) +-- +1.8.1.4 diff --git a/SOURCES/0002-fix-CVE-2021-3672.patch b/SOURCES/0002-fix-CVE-2021-3672.patch new file mode 100644 index 0000000..9dc7f31 --- /dev/null +++ b/SOURCES/0002-fix-CVE-2021-3672.patch @@ -0,0 +1,198 @@ +From 4bde615c5fa2a6a6f61ca533e46a062691d83f45 Mon Sep 17 00:00:00 2001 +From: bradh352 +Date: Fri, 11 Jun 2021 11:27:45 -0400 +Subject: [PATCH 1/2] ares_expand_name() should escape more characters + +RFC1035 5.1 specifies some reserved characters and escaping sequences +that are allowed to be specified. Expand the list of reserved characters +and also escape non-printable characters using the \DDD format as +specified in the RFC. + +Bug Reported By: philipp.jeitner@sit.fraunhofer.de +Fix By: Brad House (@bradh352) +--- + ares_expand_name.c | 41 ++++++++++++++++++++++++++++++++++++++--- + 1 file changed, 38 insertions(+), 3 deletions(-) + +diff --git a/ares_expand_name.c b/ares_expand_name.c +index 3a38e67..8604543 100644 +--- a/ares_expand_name.c ++++ b/ares_expand_name.c +@@ -38,6 +38,26 @@ + static int name_length(const unsigned char *encoded, const unsigned char *abuf, + int alen); + ++/* Reserved characters for names that need to be escaped */ ++static int is_reservedch(int ch) ++{ ++ switch (ch) { ++ case '"': ++ case '.': ++ case ';': ++ case '\\': ++ case '(': ++ case ')': ++ case '@': ++ case '$': ++ return 1; ++ default: ++ break; ++ } ++ ++ return 0; ++} ++ + /* Expand an RFC1035-encoded domain name given by encoded. The + * containing message is given by abuf and alen. The result given by + * *s, which is set to a NUL-terminated allocated buffer. *enclen is +@@ -117,9 +137,18 @@ int ares_expand_name(const unsigned char *encoded, const unsigned char *abuf, + p++; + while (len--) + { +- if (*p == '.' || *p == '\\') ++ if (!isprint(*p)) { ++ /* Output as \DDD for consistency with RFC1035 5.1 */ ++ *q++ = '\\'; ++ *q++ = '0' + *p / 100; ++ *q++ = '0' + (*p % 100) / 10; ++ *q++ = '0' + (*p % 10); ++ } else if (is_reservedch(*p)) { + *q++ = '\\'; +- *q++ = *p; ++ *q++ = *p; ++ } else { ++ *q++ = *p; ++ } + p++; + } + *q++ = '.'; +@@ -177,7 +206,13 @@ static int name_length(const unsigned char *encoded, const unsigned char *abuf, + encoded++; + while (offset--) + { +- n += (*encoded == '.' || *encoded == '\\') ? 2 : 1; ++ if (!isprint(*encoded)) { ++ n += 4; ++ } else if (is_reservedch(*encoded)) { ++ n += 2; ++ } else { ++ n += 1; ++ } + encoded++; + } + n++; +-- +2.26.3 + + +From 86cc9241f89c1155111b992ccc03bf76d8ae634a Mon Sep 17 00:00:00 2001 +From: bradh352 +Date: Fri, 11 Jun 2021 12:39:24 -0400 +Subject: [PATCH 2/2] ares_expand_name(): fix formatting and handling of root + name response + +Fixes issue introduced in prior commit with formatting and handling +of parsing a root name response which should not be escaped. + +Fix By: Brad House +--- + ares_expand_name.c | 62 ++++++++++++++++++++++++++++++---------------- + 1 file changed, 40 insertions(+), 22 deletions(-) + +diff --git a/ares_expand_name.c b/ares_expand_name.c +index 8604543..f89ee3f 100644 +--- a/ares_expand_name.c ++++ b/ares_expand_name.c +@@ -133,27 +133,37 @@ int ares_expand_name(const unsigned char *encoded, const unsigned char *abuf, + } + else + { +- len = *p; ++ int name_len = *p; ++ len = name_len; + p++; ++ + while (len--) + { +- if (!isprint(*p)) { +- /* Output as \DDD for consistency with RFC1035 5.1 */ +- *q++ = '\\'; +- *q++ = '0' + *p / 100; +- *q++ = '0' + (*p % 100) / 10; +- *q++ = '0' + (*p % 10); +- } else if (is_reservedch(*p)) { +- *q++ = '\\'; +- *q++ = *p; +- } else { +- *q++ = *p; +- } ++ /* Output as \DDD for consistency with RFC1035 5.1, except ++ * for the special case of a root name response */ ++ if (!isprint(*p) && !(name_len == 1 && *p == 0)) ++ { ++ ++ *q++ = '\\'; ++ *q++ = '0' + *p / 100; ++ *q++ = '0' + (*p % 100) / 10; ++ *q++ = '0' + (*p % 10); ++ } ++ else if (is_reservedch(*p)) ++ { ++ *q++ = '\\'; ++ *q++ = *p; ++ } ++ else ++ { ++ *q++ = *p; ++ } + p++; + } + *q++ = '.'; + } +- } ++ } ++ + if (!indir) + *enclen = aresx_uztosl(p + 1U - encoded); + +@@ -200,21 +210,29 @@ static int name_length(const unsigned char *encoded, const unsigned char *abuf, + } + else if (top == 0x00) + { +- offset = *encoded; ++ int name_len = *encoded; ++ offset = name_len; + if (encoded + offset + 1 >= abuf + alen) + return -1; + encoded++; ++ + while (offset--) + { +- if (!isprint(*encoded)) { +- n += 4; +- } else if (is_reservedch(*encoded)) { +- n += 2; +- } else { +- n += 1; +- } ++ if (!isprint(*encoded) && !(name_len == 1 && *encoded == 0)) ++ { ++ n += 4; ++ } ++ else if (is_reservedch(*encoded)) ++ { ++ n += 2; ++ } ++ else ++ { ++ n += 1; ++ } + encoded++; + } ++ + n++; + } + else +-- +2.26.3 + diff --git a/SOURCES/0003-Add-str-len-check-in-config_sortlist-to-avoid-stack-.patch b/SOURCES/0003-Add-str-len-check-in-config_sortlist-to-avoid-stack-.patch new file mode 100644 index 0000000..ed2edf9 --- /dev/null +++ b/SOURCES/0003-Add-str-len-check-in-config_sortlist-to-avoid-stack-.patch @@ -0,0 +1,64 @@ +From 9903253c347f9e0bffd285ae3829aef251cc852d Mon Sep 17 00:00:00 2001 +From: hopper-vul <118949689+hopper-vul@users.noreply.github.com> +Date: Wed, 18 Jan 2023 22:14:26 +0800 +Subject: [PATCH] Add str len check in config_sortlist to avoid stack overflow + (#497) + +In ares_set_sortlist, it calls config_sortlist(..., sortstr) to parse +the input str and initialize a sortlist configuration. + +However, ares_set_sortlist has not any checks about the validity of the input str. +It is very easy to create an arbitrary length stack overflow with the unchecked +`memcpy(ipbuf, str, q-str);` and `memcpy(ipbufpfx, str, q-str);` +statements in the config_sortlist call, which could potentially cause severe +security impact in practical programs. + +This commit add necessary check for `ipbuf` and `ipbufpfx` which avoid the +potential stack overflows. + +fixes #496 + +Fix By: @hopper-vul +--- + ares_init.c | 4 ++++ + test/ares-test-init.cc | 2 ++ + 2 files changed, 6 insertions(+) + +diff --git a/ares_init.c b/ares_init.c +index f7b700b..5aad7c8 100644 +--- a/ares_init.c ++++ b/ares_init.c +@@ -2065,6 +2065,8 @@ static int config_sortlist(struct apattern **sortlist, int *nsort, + q = str; + while (*q && *q != '/' && *q != ';' && !ISSPACE(*q)) + q++; ++ if (q-str >= 16) ++ return ARES_EBADSTR; + memcpy(ipbuf, str, q-str); + ipbuf[q-str] = '\0'; + /* Find the prefix */ +@@ -2073,6 +2075,8 @@ static int config_sortlist(struct apattern **sortlist, int *nsort, + const char *str2 = q+1; + while (*q && *q != ';' && !ISSPACE(*q)) + q++; ++ if (q-str >= 32) ++ return ARES_EBADSTR; + memcpy(ipbufpfx, str, q-str); + ipbufpfx[q-str] = '\0'; + str = str2; +diff --git a/test/ares-test-init.cc b/test/ares-test-init.cc +index 63c6a22..ee84518 100644 +--- a/test/ares-test-init.cc ++++ b/test/ares-test-init.cc +@@ -275,6 +275,8 @@ TEST_F(DefaultChannelTest, SetAddresses) { + + TEST_F(DefaultChannelTest, SetSortlistFailures) { + EXPECT_EQ(ARES_ENODATA, ares_set_sortlist(nullptr, "1.2.3.4")); ++ EXPECT_EQ(ARES_EBADSTR, ares_set_sortlist(channel_, "111.111.111.111*/16")); ++ EXPECT_EQ(ARES_EBADSTR, ares_set_sortlist(channel_, "111.111.111.111/255.255.255.240*")); + EXPECT_EQ(ARES_SUCCESS, ares_set_sortlist(channel_, "xyzzy ; lwk")); + EXPECT_EQ(ARES_SUCCESS, ares_set_sortlist(channel_, "xyzzy ; 0x123")); + } +-- +2.37.3 + diff --git a/SOURCES/0004-Merge-pull-request-from-GHSA-9g78-jv2r-p7vc.patch b/SOURCES/0004-Merge-pull-request-from-GHSA-9g78-jv2r-p7vc.patch new file mode 100644 index 0000000..70f7e36 --- /dev/null +++ b/SOURCES/0004-Merge-pull-request-from-GHSA-9g78-jv2r-p7vc.patch @@ -0,0 +1,82 @@ +From b9b8413cfdb70a3f99e1573333b23052d57ec1ae Mon Sep 17 00:00:00 2001 +From: Brad House +Date: Mon, 22 May 2023 06:51:49 -0400 +Subject: [PATCH] Merge pull request from GHSA-9g78-jv2r-p7vc + +--- + ares_process.c | 41 +++++++++++++++++++++++++---------------- + 1 file changed, 25 insertions(+), 16 deletions(-) + +diff --git a/ares_process.c b/ares_process.c +index bf0cde4..6cac0a9 100644 +--- a/ares_process.c ++++ b/ares_process.c +@@ -470,7 +470,7 @@ static void read_udp_packets(ares_channel channel, fd_set *read_fds, + { + struct server_state *server; + int i; +- ares_ssize_t count; ++ ares_ssize_t read_len; + unsigned char buf[MAXENDSSZ + 1]; + #ifdef HAVE_RECVFROM + ares_socklen_t fromlen; +@@ -513,32 +513,41 @@ static void read_udp_packets(ares_channel channel, fd_set *read_fds, + /* To reduce event loop overhead, read and process as many + * packets as we can. */ + do { +- if (server->udp_socket == ARES_SOCKET_BAD) +- count = 0; +- +- else { +- if (server->addr.family == AF_INET) ++ if (server->udp_socket == ARES_SOCKET_BAD) { ++ read_len = -1; ++ } else { ++ if (server->addr.family == AF_INET) { + fromlen = sizeof(from.sa4); +- else ++ } else { + fromlen = sizeof(from.sa6); +- count = socket_recvfrom(channel, server->udp_socket, (void *)buf, +- sizeof(buf), 0, &from.sa, &fromlen); ++ } ++ read_len = socket_recvfrom(channel, server->udp_socket, (void *)buf, ++ sizeof(buf), 0, &from.sa, &fromlen); + } + +- if (count == -1 && try_again(SOCKERRNO)) ++ if (read_len == 0) { ++ /* UDP is connectionless, so result code of 0 is a 0-length UDP ++ * packet, and not an indication the connection is closed like on ++ * tcp */ + continue; +- else if (count <= 0) ++ } else if (read_len < 0) { ++ if (try_again(SOCKERRNO)) ++ continue; ++ + handle_error(channel, i, now); ++ + #ifdef HAVE_RECVFROM +- else if (!same_address(&from.sa, &server->addr)) ++ } else if (!same_address(&from.sa, &server->addr)) { + /* The address the response comes from does not match the address we + * sent the request to. Someone may be attempting to perform a cache + * poisoning attack. */ +- break; ++ continue; + #endif +- else +- process_answer(channel, buf, (int)count, i, 0, now); +- } while (count > 0); ++ ++ } else { ++ process_answer(channel, buf, (int)read_len, i, 0, now); ++ } ++ } while (read_len >= 0); + } + } + +-- +2.38.1 + diff --git a/SOURCES/0005-avoid-read-heap-buffer-overflow-332.patch b/SOURCES/0005-avoid-read-heap-buffer-overflow-332.patch new file mode 100644 index 0000000..36d399f --- /dev/null +++ b/SOURCES/0005-avoid-read-heap-buffer-overflow-332.patch @@ -0,0 +1,30 @@ +From 65f83b8bf15a128524ef5fe26e1f1e219ee9b872 Mon Sep 17 00:00:00 2001 +From: Alexey Tikhonov +Date: Fri, 1 Sep 2023 20:00:12 +0200 +Subject: [PATCH] avoid read-heap-buffer-overflow (#332) + +Fix invalid read in ares_parse_soa_reply.c found during fuzzing + +Fixes Bug: #333 +Fix By: lutianxiong (@ltx2018) +--- + ares_parse_soa_reply.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/ares_parse_soa_reply.c b/ares_parse_soa_reply.c +index 35af0a7..5924bbc 100644 +--- a/ares_parse_soa_reply.c ++++ b/ares_parse_soa_reply.c +@@ -65,6 +65,9 @@ ares_parse_soa_reply(const unsigned char *abuf, int alen, + status = ares__expand_name_for_response(aptr, abuf, alen, &qname, &len); + if (status != ARES_SUCCESS) + goto failed_stat; ++ ++ if (alen <= len + HFIXEDSZ + 1) ++ goto failed; + aptr += len; + + /* skip qtype & qclass */ +-- +2.38.1 + diff --git a/SOURCES/0006-Merge-pull-request-from-GHSA-x6mf-cxr9-8q6v.patch b/SOURCES/0006-Merge-pull-request-from-GHSA-x6mf-cxr9-8q6v.patch new file mode 100644 index 0000000..3877b9e --- /dev/null +++ b/SOURCES/0006-Merge-pull-request-from-GHSA-x6mf-cxr9-8q6v.patch @@ -0,0 +1,294 @@ +From f22cc01039b6473b736d3bf438f56a2654cdf2b2 Mon Sep 17 00:00:00 2001 +From: Brad House +Date: Mon, 22 May 2023 06:51:34 -0400 +Subject: [PATCH] Merge pull request from GHSA-x6mf-cxr9-8q6v + +* Merged latest OpenBSD changes for inet_net_pton_ipv6() into c-ares. +* Always use our own IP conversion functions now, do not delegate to OS + so we can have consistency in testing and fuzzing. + +Fix By: Brad House (@bradh352) +--- + inet_net_pton.c | 155 ++++++++++++++++++++----------------- + +diff --git a/inet_net_pton.c b/inet_net_pton.c +index 840de50..fc50425 100644 +--- a/inet_net_pton.c ++++ b/inet_net_pton.c +@@ -1,19 +1,20 @@ + + /* +- * Copyright (c) 2004 by Internet Systems Consortium, Inc. ("ISC") ++ * Copyright (c) 2012 by Gilles Chehade + * Copyright (c) 1996,1999 by Internet Software Consortium. + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * +- * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES +- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR +- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT +- * OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. ++ * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS ++ * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES ++ * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE ++ * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL ++ * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR ++ * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ++ * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS ++ * SOFTWARE. + */ + + #include "ares_setup.h" +@@ -35,9 +36,6 @@ + + const struct ares_in6_addr ares_in6addr_any = { { { 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 } } }; + +- +-#ifndef HAVE_INET_NET_PTON +- + /* + * static int + * inet_net_pton_ipv4(src, dst, size) +@@ -60,7 +58,7 @@ const struct ares_in6_addr ares_in6addr_any = { { { 0,0,0,0,0,0,0,0,0,0,0,0,0,0, + * Paul Vixie (ISC), June 1996 + */ + static int +-inet_net_pton_ipv4(const char *src, unsigned char *dst, size_t size) ++ares_inet_net_pton_ipv4(const char *src, unsigned char *dst, size_t size) + { + static const char xdigits[] = "0123456789abcdef"; + static const char digits[] = "0123456789"; +@@ -261,19 +259,14 @@ getv4(const char *src, unsigned char *dst, int *bitsp) + } + + static int +-inet_net_pton_ipv6(const char *src, unsigned char *dst, size_t size) ++ares_inet_pton6(const char *src, unsigned char *dst) + { + static const char xdigits_l[] = "0123456789abcdef", +- xdigits_u[] = "0123456789ABCDEF"; ++ xdigits_u[] = "0123456789ABCDEF"; + unsigned char tmp[NS_IN6ADDRSZ], *tp, *endp, *colonp; + const char *xdigits, *curtok; +- int ch, saw_xdigit; ++ int ch, saw_xdigit, count_xdigit; + unsigned int val; +- int digits; +- int bits; +- size_t bytes; +- int words; +- int ipv4; + + memset((tp = tmp), '\0', NS_IN6ADDRSZ); + endp = tp + NS_IN6ADDRSZ; +@@ -283,22 +276,22 @@ inet_net_pton_ipv6(const char *src, unsigned char *dst, size_t size) + if (*++src != ':') + goto enoent; + curtok = src; +- saw_xdigit = 0; ++ saw_xdigit = count_xdigit = 0; + val = 0; +- digits = 0; +- bits = -1; +- ipv4 = 0; + while ((ch = *src++) != '\0') { + const char *pch; + + if ((pch = strchr((xdigits = xdigits_l), ch)) == NULL) + pch = strchr((xdigits = xdigits_u), ch); + if (pch != NULL) { ++ if (count_xdigit >= 4) ++ goto enoent; + val <<= 4; +- val |= aresx_sztoui(pch - xdigits); +- if (++digits > 4) ++ val |= (pch - xdigits); ++ if (val > 0xffff) + goto enoent; + saw_xdigit = 1; ++ count_xdigit++; + continue; + } + if (ch == ':') { +@@ -308,78 +301,107 @@ inet_net_pton_ipv6(const char *src, unsigned char *dst, size_t size) + goto enoent; + colonp = tp; + continue; +- } else if (*src == '\0') ++ } else if (*src == '\0') { + goto enoent; ++ } + if (tp + NS_INT16SZ > endp) +- return (0); +- *tp++ = (unsigned char)((val >> 8) & 0xff); +- *tp++ = (unsigned char)(val & 0xff); ++ goto enoent; ++ *tp++ = (unsigned char) (val >> 8) & 0xff; ++ *tp++ = (unsigned char) val & 0xff; + saw_xdigit = 0; +- digits = 0; ++ count_xdigit = 0; + val = 0; + continue; + } + if (ch == '.' && ((tp + NS_INADDRSZ) <= endp) && +- getv4(curtok, tp, &bits) > 0) { +- tp += NS_INADDRSZ; ++ ares_inet_net_pton_ipv4(curtok, tp, INADDRSZ) > 0) { ++ tp += INADDRSZ; + saw_xdigit = 0; +- ipv4 = 1; ++ count_xdigit = 0; + break; /* '\0' was seen by inet_pton4(). */ + } +- if (ch == '/' && getbits(src, &bits) > 0) +- break; + goto enoent; + } + if (saw_xdigit) { + if (tp + NS_INT16SZ > endp) + goto enoent; +- *tp++ = (unsigned char)((val >> 8) & 0xff); +- *tp++ = (unsigned char)(val & 0xff); ++ *tp++ = (unsigned char) (val >> 8) & 0xff; ++ *tp++ = (unsigned char) val & 0xff; + } +- if (bits == -1) +- bits = 128; +- +- words = (bits + 15) / 16; +- if (words < 2) +- words = 2; +- if (ipv4) +- words = 8; +- endp = tmp + 2 * words; +- + if (colonp != NULL) { + /* + * Since some memmove()'s erroneously fail to handle + * overlapping regions, we'll do the shift by hand. + */ +- const ares_ssize_t n = tp - colonp; +- ares_ssize_t i; ++ const int n = tp - colonp; ++ int i; + + if (tp == endp) + goto enoent; + for (i = 1; i <= n; i++) { +- *(endp - i) = *(colonp + n - i); +- *(colonp + n - i) = 0; ++ endp[- i] = colonp[n - i]; ++ colonp[n - i] = 0; + } + tp = endp; + } + if (tp != endp) + goto enoent; + +- bytes = (bits + 7) / 8; +- if (bytes > size) +- goto emsgsize; +- memcpy(dst, tmp, bytes); +- return (bits); ++ memcpy(dst, tmp, NS_IN6ADDRSZ); ++ return (1); + +- enoent: ++enoent: + SET_ERRNO(ENOENT); + return (-1); + +- emsgsize: ++emsgsize: + SET_ERRNO(EMSGSIZE); + return (-1); + } + ++static int ++ares_inet_net_pton_ipv6(const char *src, unsigned char *dst, size_t size) ++{ ++ struct ares_in6_addr in6; ++ int ret; ++ int bits; ++ size_t bytes; ++ char buf[INET6_ADDRSTRLEN + sizeof("/128")]; ++ char *sep; ++ const char *errstr; ++ ++ if (strlen(src) >= sizeof buf) { ++ SET_ERRNO(EMSGSIZE); ++ return (-1); ++ } ++ strncpy(buf, src, sizeof buf); ++ ++ sep = strchr(buf, '/'); ++ if (sep != NULL) ++ *sep++ = '\0'; ++ ++ ret = ares_inet_pton6(buf, (unsigned char *)&in6); ++ if (ret != 1) ++ return (-1); ++ ++ if (sep == NULL) ++ bits = 128; ++ else { ++ if (!getbits(sep, &bits)) { ++ SET_ERRNO(ENOENT); ++ return (-1); ++ } ++ } ++ ++ bytes = (bits + 7) / 8; ++ if (bytes > size) { ++ SET_ERRNO(EMSGSIZE); ++ return (-1); ++ } ++ memcpy(dst, &in6, bytes); ++ return (bits); ++} ++ + /* + * int + * inet_net_pton(af, src, dst, size) +@@ -403,18 +425,15 @@ ares_inet_net_pton(int af, const char *src, void *dst, size_t size) + { + switch (af) { + case AF_INET: +- return (inet_net_pton_ipv4(src, dst, size)); ++ return (ares_inet_net_pton_ipv4(src, dst, size)); + case AF_INET6: +- return (inet_net_pton_ipv6(src, dst, size)); ++ return (ares_inet_net_pton_ipv6(src, dst, size)); + default: + SET_ERRNO(EAFNOSUPPORT); + return (-1); + } + } + +-#endif /* HAVE_INET_NET_PTON */ +- +-#ifndef HAVE_INET_PTON + int ares_inet_pton(int af, const char *src, void *dst) + { + int result; +@@ -434,11 +453,3 @@ int ares_inet_pton(int af, const char *src, void *dst) + return 0; + return (result > -1 ? 1 : -1); + } +-#else /* HAVE_INET_PTON */ +-int ares_inet_pton(int af, const char *src, void *dst) +-{ +- /* just relay this to the underlying function */ +- return inet_pton(af, src, dst); +-} +- +-#endif +-- +2.41.0 + diff --git a/SOURCES/LICENSE b/SOURCES/LICENSE new file mode 100644 index 0000000..4c1423a --- /dev/null +++ b/SOURCES/LICENSE @@ -0,0 +1,12 @@ +Copyright (C) 2004 by Daniel Stenberg et al + +Permission to use, copy, modify, and distribute this software and its +documentation for any purpose and without fee is hereby granted, provided +that the above copyright notice appear in all copies and that both that +copyright notice and this permission notice appear in supporting +documentation, and that the name of M.I.T. not be used in advertising or +publicity pertaining to distribution of the software without specific, +written prior permission. M.I.T. makes no representations about the +suitability of this software for any purpose. It is provided "as is" +without express or implied warranty. + diff --git a/SPECS/c-ares.spec b/SPECS/c-ares.spec new file mode 100644 index 0000000..5dee5e8 --- /dev/null +++ b/SPECS/c-ares.spec @@ -0,0 +1,277 @@ +Summary: A library that performs asynchronous DNS operations +Name: c-ares +Version: 1.13.0 +Release: 10%{?dist} +License: MIT +Group: System Environment/Libraries +URL: http://c-ares.haxx.se/ +Source0: http://c-ares.haxx.se/download/%{name}-%{version}.tar.gz +# The license can be obtained at http://c-ares.haxx.se/license.html +Source1: LICENSE +Patch0: 0001-Use-RPM-compiler-options.patch +Patch1: 0002-fix-CVE-2021-3672.patch +Patch2: 0003-Add-str-len-check-in-config_sortlist-to-avoid-stack-.patch +Patch3: 0004-Merge-pull-request-from-GHSA-9g78-jv2r-p7vc.patch +Patch4: 0005-avoid-read-heap-buffer-overflow-332.patch +Patch5: 0006-Merge-pull-request-from-GHSA-x6mf-cxr9-8q6v.patch + +BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) + +BuildRequires: autoconf +BuildRequires: automake +BuildRequires: libtool + +%description +c-ares is a C library that performs DNS requests and name resolves +asynchronously. c-ares is a fork of the library named 'ares', written +by Greg Hudson at MIT. + +%package devel +Summary: Development files for c-ares +Group: Development/Libraries +Requires: %{name} = %{version}-%{release} +Requires: pkgconfig + +%description devel +This package contains the header files and libraries needed to +compile applications or shared objects that use c-ares. + +%prep +%setup -q +%patch0 -p1 -b .optflags +%patch1 -p1 -b .dns +%patch2 -p1 -b .sortlist +%patch3 -p1 -b .udp +%patch4 -p1 -b .buffer +%patch5 -p1 -b .underwrite + +cp %{SOURCE1} . +f=CHANGES ; iconv -f iso-8859-1 -t utf-8 $f -o $f.utf8 ; mv $f.utf8 $f + +%build +autoreconf -if +%configure --enable-shared --disable-static \ + --disable-dependency-tracking +%{__make} %{?_smp_mflags} + +%install +rm -rf $RPM_BUILD_ROOT +make DESTDIR=$RPM_BUILD_ROOT install +rm -f $RPM_BUILD_ROOT/%{_libdir}/libcares.la + +%clean +rm -rf $RPM_BUILD_ROOT + +%post -p /sbin/ldconfig +%postun -p /sbin/ldconfig + +%files +%defattr(-, root, root) +%doc README.cares CHANGES NEWS LICENSE +%{_libdir}/*.so.* + +%files devel +%defattr(-, root, root, 0755) +%{_includedir}/ares.h +%{_includedir}/ares_build.h +%{_includedir}/ares_dns.h +%{_includedir}/ares_rules.h +%{_includedir}/ares_version.h +%{_libdir}/*.so +%{_libdir}/pkgconfig/libcares.pc +%{_mandir}/man3/ares_* + +%changelog +* Fri Mar 29 2024 MSVSphere Packaging Team - 1.13.0-10 +- Rebuilt for MSVSphere 8.10 beta + +* Wed Oct 4 2023 Alexey Tikhonov - 1.13.0-10 +- Resolves: RHEL-7853 - Buffer Underwrite in ares_inet_net_pton() [rhel-8] + +* Fri Sep 8 2023 Alexey Tikhonov - 1.13.0-9 +- Resolves: rhbz#2235805 - read-heap-buffer-overflow in ares_parse_soa_reply [rhel-8] + +* Mon May 29 2023 Alexey Tikhonov - 1.13.0-8 +- Resolves: rhbz#2209517 - CVE-2023-32067 c-ares: 0-byte UDP payload Denial of Service [rhel-8.9.0] + +* Fri May 12 2023 Alexey Tikhonov - 1.13.0-7 +- Resolves: rhbz#2170867 - c-ares: buffer overflow in config_sortlist() due to missing string length check [rhel-8] + +* Fri Oct 15 2021 Alexey Tikhonov - 1.13.0-6 +- Resolves: rhbz#1989425 - CVE-2021-3672 c-ares: missing input validation of host names may lead to Domain Hijacking [rhel-8] + +* Mon Aug 13 2018 Jakub Hrozek - 1.13.0-5 +- Drop an unused patch + +* Wed Feb 07 2018 Fedora Release Engineering - 1.13.0-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild + +* Wed Aug 02 2017 Fedora Release Engineering - 1.13.0-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild + +* Wed Jul 26 2017 Fedora Release Engineering - 1.13.0-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild + +* Tue Jun 20 2017 Jakub Hrozek - 1.13.0-1 +- update to 1.13.0 + +* Fri Feb 10 2017 Fedora Release Engineering - 1.12.0-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild + +* Thu Sep 29 2016 Tom Callaway - 1.12.0-1 +- update to 1.12.0 + +* Fri Feb 19 2016 Jakub Hrozek - 1.11.0 +- New upstream version 1.11.0 + +* Wed Feb 03 2016 Fedora Release Engineering - 1.10.0-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild + +* Wed Jun 17 2015 Fedora Release Engineering - 1.10.0-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild + +* Fri Aug 15 2014 Fedora Release Engineering - 1.10.0-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild + +* Sat Jun 07 2014 Fedora Release Engineering - 1.10.0-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild + +* Sat Aug 03 2013 Fedora Release Engineering - 1.10.0-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild + +* Mon May 13 2013 Jakub Hrozek - 1.10.1-1 +- New upstream release 1.10 +- Obsolete upstreamed patches +- Amend the multilib patch, there's no need to patch configure since we + are running autoreconf anyways +- https://raw.github.com/bagder/c-ares/cares-1_10_0/RELEASE-NOTES + +* Thu Apr 11 2013 Jakub Hrozek - 1.9.1-6 +- Apply an upstream patch to override AC_CONFIG_MACRO_DIR only conditionally + +* Thu Apr 11 2013 Jakub Hrozek - 1.9.1-5 +- Apply a patch by Stephen Gallagher to patch autoconf, not configure to + allow optflags to be passed in by build environment +- Run autoreconf before configure +- git rm obsolete patches +- Apply upstream patch to stop overriding AC_CONFIG_MACRO_DIR + +* Wed Feb 13 2013 Fedora Release Engineering - 1.9.1-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild + +* Wed Aug 8 2012 Jakub Hrozek - 1.9.1-3 +- Include URL to the license text + +* Wed Jul 18 2012 Fedora Release Engineering - 1.9.1-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + +* Mon Jun 25 2012 Tom Callaway - 1.9.1-1 +- update to 1.9.1 + +* Sat Apr 28 2012 Tom Callaway - 1.8.0-1 +- update to 1.8.0 +- fix multilib patch (thanks to Paul Howarth) + +* Thu Jan 12 2012 Fedora Release Engineering - 1.7.5-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild + +* Wed Aug 17 2011 Jakub Hrozek - 1.7.5-1 +- New upstream release 1.7.5 +- Obsoletes patch #2 +- Rebase patch #1 (optflags) to match the 1.7.5 code +- Fixed Source0 URL to point at the upstream tarball + +* Mon Apr 11 2011 Jakub Hrozek - 1.7.4-3 +- Apply upstream patch to fix rhbz#695424 + +* Tue Feb 08 2011 Fedora Release Engineering - 1.7.4-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild + +* Fri Dec 10 2010 Tom "spot" Callaway - 1.7.4-1 +- update to 1.7.4 + +* Wed Aug 25 2010 Jakub Hrozek - 1.7.3-3 +- Actually apply the patches + +* Wed Aug 25 2010 Jakub Hrozek - 1.7.3-2 +- apply couple of patches from upstream + +* Tue Jun 15 2010 Jakub Hrozek - 1.7.3-1 +- Upgrade to new upstream release 1.7.3 (obsoletes search/domain patch) +- Fix conflict of -devel packages on multilib architectures (#602880) + +* Thu Jun 3 2010 Jakub Hrozek - 1.7.1-2 +- Use last instance of search/domain, not the first one (#597286) + +* Tue Mar 23 2010 Jakub Hrozek - 1.7.1-1 +- update to 1.7.1 which contains the IPv6 nameserver patch + +* Sun Mar 7 2010 Jakub Hrozek - 1.7.0-3 +- Change IPv6 nameserver patch according to upstream changes + (upstream revisions 1199,1201,1202) + +* Wed Mar 3 2010 Jakub Hrozek - 1.7.0-2 +- Add a patch to allow usage of IPv6 nameservers + +* Tue Dec 1 2009 Tom "spot" Callaway - 1.7.0-1 +- update to 1.7.0 + +* Sat Jul 25 2009 Ville Skyttä - 1.6.0-3 +- Patch to make upstream build system honor our CFLAGS and friends. +- Don't bother building throwaway static libs. +- Disable autotools dependency tracking for cleaner build logs and possible + slight build speedup. +- Convert docs to UTF-8. +- Update URLs. + +* Fri Jul 24 2009 Fedora Release Engineering - 1.6.0-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild + +* Wed Jul 22 2009 Tom "spot" Callaway - 1.6.0-1 +- update to 1.6.0 + +* Mon Feb 23 2009 Fedora Release Engineering - 1.5.3-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild + +* Fri Sep 12 2008 Tom "spot" Callaway - 1.5.3-1 +- update to 1.5.3 + +* Tue Feb 19 2008 Fedora Release Engineering - 1.5.1-2 +- Autorebuild for GCC 4.3 + +* Tue Feb 19 2008 Tom "spot" Callaway 1.5.1-1 +- update to 1.5.1 + +* Thu Aug 23 2007 Tom "spot" Callaway 1.4.0-2 +- rebuild for ppc32 + +* Wed Jun 27 2007 Tom "spot" Callaway 1.4.0-1 +- bump to 1.4.0 (resolves bugzilla 243591) +- get rid of static library (.a) + +* Wed Jan 17 2007 Tom "spot" Callaway 1.3.2-1 +- bump to 1.3.2 + +* Mon Sep 11 2006 Tom "spot" Callaway 1.3.1-2 +- FC-6 bump + +* Mon Jul 10 2006 Tom "spot" Callaway 1.3.1-1 +- bump to 1.3.1 + +* Tue Feb 28 2006 Tom "spot" Callaway 1.3.0-2 +- bump for FC-5 rebuild + +* Sun Sep 4 2005 Tom "spot" Callaway 1.3.0-1 +- include LICENSE text +- bump to 1.3.0 + +* Tue May 31 2005 Tom "spot" Callaway 1.2.1-4 +- use dist tag to prevent EVR overlap + +* Fri Apr 22 2005 Tom "spot" Callaway 1.2.1-2 +- fix license (MIT, not LGPL) +- get rid of libcares.la + +* Fri Apr 22 2005 Tom "spot" Callaway 1.2.1-1 +- initial package creation +