rpms
/
c-ares
20
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

merge into: rpms:c9
Branches Tags
rpms:i10c-beta
rpms:c10-beta
rpms:i10cs
rpms:cs10
rpms:i8c
rpms:c8
rpms:i9c
rpms:c9
rpms:i8c-beta
rpms:c8-beta
rpms:i9c-beta
rpms:c9-beta
...
pull from: rpms:i9c-beta
Branches Tags
rpms:i10c-beta
rpms:c10-beta
rpms:i10cs
rpms:cs10
rpms:i8c
rpms:c8
rpms:i9c
rpms:c9
rpms:i8c-beta
rpms:c8-beta
rpms:i9c-beta
rpms:c9-beta

No commits in common. 'c9' and 'i9c-beta' have entirely different histories.
c9 ... i9c-beta

2 changed files with 3 additions and 37 deletions
Show Stats

33
SOURCES/0002-Merge-pull-request-from-GHSA-mg26-v6qh-x48q.patch
Unescape View File

@ -1,33 +0,0 @@
From a59618566446044c1fa7f35ed349a273c48176fb Mon Sep 17 00:00:00 2001
From: Alexey Tikhonov <atikhono@redhat.com>
Date: Mon, 11 Mar 2024 20:46:09 +0100
Subject: [PATCH] Merge pull request from GHSA-mg26-v6qh-x48q
Backported from
https://github.com/c-ares/c-ares/commit/a804c04ddc8245fc8adf0e92368709639125e183
---
src/lib/ares__read_line.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/src/lib/ares__read_line.c b/src/lib/ares__read_line.c
index c62ad2a..d6625a3 100644
--- a/src/lib/ares__read_line.c
+++ b/src/lib/ares__read_line.c
@@ -49,6 +49,14 @@ int ares__read_line(FILE *fp, char **buf, size_t *bufsize)
if (!fgets(*buf + offset, bytestoread, fp))
return (offset != 0) ? 0 : (ferror(fp)) ? ARES_EFILE : ARES_EOF;
len = offset + strlen(*buf + offset);
+
+ /* Probably means there was an embedded NULL as the first character in
+ * the line, throw away line */
+ if (len == 0) {
+ offset = 0;
+ continue;
+ }
+
if ((*buf)[len - 1] == '\n')
{
(*buf)[len - 1] = 0;
--
2.42.0

7
SPECS/c-ares.spec
Unescape View File

@ -3,14 +3,13 @@
Summary: A library that performs asynchronous DNS operations
Name: c-ares
Version: 1.19.1
Release: 2%{?dist}
Release: 1%{?dist}
License: MIT
URL: http://c-ares.org/
Source0: http://c-ares.org/download/%{name}-%{version}.tar.gz
# The license can be obtained at http://c-ares.haxx.se/license.html
Source1: LICENSE
Patch0: 0001-Use-RPM-compiler-options.patch
Patch1: 0002-Merge-pull-request-from-GHSA-mg26-v6qh-x48q.patch
BuildRequires: gcc
%if %{use_cmake}
@ -85,8 +84,8 @@ rm -f $RPM_BUILD_ROOT/%{_libdir}/libcares.la
%{_mandir}/man3/ares_*
%changelog
* Mon Mar 11 2024 Alexey Tikhonov <atikhono@redhat.com> - 1.19.1-2
- Resolves: RHEL-26529 - Out of bounds read in ares__read_line() [rhel-9]
* Fri Sep 22 2023 MSVSphere Packaging Team <packager@msvsphere-os.ru> - 1.19.1-1
- Rebuilt for MSVSphere 9.3 beta
* Fri May 26 2023 Alexey Tikhonov <atikhono@redhat.com> - 1.19.1-1
- Resolves: rhbz#2209564 - CVE-2023-31124 c-ares: AutoTools does not set CARES_RANDOM_FILE during cross compilation [rhel-9]

Write Preview
Loading…
Cancel
Save