rpms
/
c-ares
20
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: rpms:c9
Branches Tags
rpms:i10c-beta
rpms:c10-beta
rpms:i10cs
rpms:cs10
rpms:i8c
rpms:c8
rpms:i9c
rpms:c9
rpms:i8c-beta
rpms:c8-beta
rpms:i9c-beta
rpms:c9-beta
..
compare: rpms:c10-beta
Branches Tags
rpms:i10c-beta
rpms:c10-beta
rpms:i10cs
rpms:cs10
rpms:i8c
rpms:c8
rpms:i9c
rpms:c9
rpms:i8c-beta
rpms:c8-beta
rpms:i9c-beta
rpms:c9-beta

No commits in common. 'c9' and 'c10-beta' have entirely different histories.
c9 ... c10-beta

7 changed files with 77 additions and 114 deletions
Show Stats

2
.c-ares.metadata
Unescape View File

@ -1 +1 @@
99566278e4ed4b261891aa62c8b88227bf1a2823 SOURCES/c-ares-1.19.1.tar.gz
6991c4a00d2690c317d0cf7c35cd6e85b398589f SOURCES/c-ares-1.25.0.tar.gz

2
.gitignore vendored
Unescape View File

@ -1 +1 @@
SOURCES/c-ares-1.19.1.tar.gz
SOURCES/c-ares-1.25.0.tar.gz

31
SOURCES/0001-Merge-pull-request-from-GHSA-mg26-v6qh-x48q.patch
Unescape View File

@ -0,0 +1,31 @@
From a804c04ddc8245fc8adf0e92368709639125e183 Mon Sep 17 00:00:00 2001
From: Brad House <brad@brad-house.com>
Date: Thu, 22 Feb 2024 16:23:33 -0500
Subject: [PATCH] Merge pull request from GHSA-mg26-v6qh-x48q
---
src/lib/ares__read_line.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/src/lib/ares__read_line.c b/src/lib/ares__read_line.c
index d65ac1f..018f55e 100644
--- a/src/lib/ares__read_line.c
+++ b/src/lib/ares__read_line.c
@@ -59,6 +59,14 @@ ares_status_t ares__read_line(FILE *fp, char **buf, size_t *bufsize)
return (offset != 0) ? 0 : (ferror(fp)) ? ARES_EFILE : ARES_EOF;
}
len = offset + ares_strlen(*buf + offset);
+
+ /* Probably means there was an embedded NULL as the first character in
+ * the line, throw away line */
+ if (len == 0) {
+ offset = 0;
+ continue;
+ }
+
if ((*buf)[len - 1] == '\n') {
(*buf)[len - 1] = 0;
break;
--
2.42.0

41
SOURCES/0001-Use-RPM-compiler-options.patch
Unescape View File

@ -1,41 +0,0 @@
From 7dada62a77e061c752123e672e844386ff3b01ea Mon Sep 17 00:00:00 2001
From: Stephen Gallagher <sgallagh@redhat.com>
Date: Wed, 10 Apr 2013 12:32:44 -0400
Subject: [PATCH] Use RPM compiler options
---
m4/cares-compilers.m4 | 19 ++++++-------------
1 file changed, 6 insertions(+), 13 deletions(-)
diff --git a/m4/cares-compilers.m4 b/m4/cares-compilers.m4
index 7ee8e0dbe741c1a64149a0d20b826f507b3ec620..d7708230fb5628ae80fbf1052da0d2c78ebbc160 100644
--- a/m4/cares-compilers.m4
+++ b/m4/cares-compilers.m4
@@ -143,19 +143,12 @@ AC_DEFUN([CARES_CHECK_COMPILER_GNU_C], [
gccvhi=`echo $gccver | cut -d . -f1`
gccvlo=`echo $gccver | cut -d . -f2`
compiler_num=`(expr $gccvhi "*" 100 + $gccvlo) 2>/dev/null`
- flags_dbg_all="-g -g0 -g1 -g2 -g3"
- flags_dbg_all="$flags_dbg_all -ggdb"
- flags_dbg_all="$flags_dbg_all -gstabs"
- flags_dbg_all="$flags_dbg_all -gstabs+"
- flags_dbg_all="$flags_dbg_all -gcoff"
- flags_dbg_all="$flags_dbg_all -gxcoff"
- flags_dbg_all="$flags_dbg_all -gdwarf-2"
- flags_dbg_all="$flags_dbg_all -gvms"
- flags_dbg_yes="-g"
- flags_dbg_off="-g0"
- flags_opt_all="-O -O0 -O1 -O2 -O3 -Os"
- flags_opt_yes="-O2"
- flags_opt_off="-O0"
+ flags_dbg_all=""
+ flags_dbg_yes=""
+ flags_dbg_off=""
+ flags_opt_all=""
+ flags_opt_yes=""
+ flags_opt_off=""
CURL_CHECK_DEF([_WIN32], [], [silent])
else
AC_MSG_RESULT([no])
--
1.8.1.4

33
SOURCES/0002-Merge-pull-request-from-GHSA-mg26-v6qh-x48q.patch
Unescape View File

@ -1,33 +0,0 @@
From a59618566446044c1fa7f35ed349a273c48176fb Mon Sep 17 00:00:00 2001
From: Alexey Tikhonov <atikhono@redhat.com>
Date: Mon, 11 Mar 2024 20:46:09 +0100
Subject: [PATCH] Merge pull request from GHSA-mg26-v6qh-x48q
Backported from
https://github.com/c-ares/c-ares/commit/a804c04ddc8245fc8adf0e92368709639125e183
---
src/lib/ares__read_line.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/src/lib/ares__read_line.c b/src/lib/ares__read_line.c
index c62ad2a..d6625a3 100644
--- a/src/lib/ares__read_line.c
+++ b/src/lib/ares__read_line.c
@@ -49,6 +49,14 @@ int ares__read_line(FILE *fp, char **buf, size_t *bufsize)
if (!fgets(*buf + offset, bytestoread, fp))
return (offset != 0) ? 0 : (ferror(fp)) ? ARES_EFILE : ARES_EOF;
len = offset + strlen(*buf + offset);
+
+ /* Probably means there was an embedded NULL as the first character in
+ * the line, throw away line */
+ if (len == 0) {
+ offset = 0;
+ continue;
+ }
+
if ((*buf)[len - 1] == '\n')
{
(*buf)[len - 1] = 0;
--
2.42.0

12
SOURCES/LICENSE
Unescape View File

@ -1,12 +0,0 @@
Copyright (C) 2004 by Daniel Stenberg et al
Permission to use, copy, modify, and distribute this software and its
documentation for any purpose and without fee is hereby granted, provided
that the above copyright notice appear in all copies and that both that
copyright notice and this permission notice appear in supporting
documentation, and that the name of M.I.T. not be used in advertising or
publicity pertaining to distribution of the software without specific,
written prior permission. M.I.T. makes no representations about the
suitability of this software for any purpose. It is provided "as is"
without express or implied warranty.

70
SPECS/c-ares.spec
Unescape View File

@ -2,16 +2,12 @@
Summary: A library that performs asynchronous DNS operations
Name: c-ares
Version: 1.19.1
Release: 2%{?dist}
Version: 1.25.0
Release: 5%{?dist}
License: MIT
URL: http://c-ares.org/
Source0: http://c-ares.org/download/%{name}-%{version}.tar.gz
# The license can be obtained at http://c-ares.haxx.se/license.html
Source1: LICENSE
Patch0: 0001-Use-RPM-compiler-options.patch
Patch1: 0002-Merge-pull-request-from-GHSA-mg26-v6qh-x48q.patch
Patch0: 0001-Merge-pull-request-from-GHSA-mg26-v6qh-x48q.patch
BuildRequires: gcc
%if %{use_cmake}
BuildRequires: cmake
@ -38,7 +34,6 @@ compile applications or shared objects that use c-ares.
%prep
%autosetup -p1
cp %{SOURCE1} .
f=CHANGES ; iconv -f iso-8859-1 -t utf-8 $f -o $f.utf8 ; mv $f.utf8 $f
%build
@ -66,7 +61,7 @@ rm -f $RPM_BUILD_ROOT/%{_libdir}/libcares.la
%ldconfig_scriptlets
%files
%license LICENSE
%license LICENSE.md
%doc README.cares CHANGES NEWS
%{_libdir}/*.so.*
@ -74,6 +69,7 @@ rm -f $RPM_BUILD_ROOT/%{_libdir}/libcares.la
%{_includedir}/ares.h
%{_includedir}/ares_build.h
%{_includedir}/ares_dns.h
%{_includedir}/ares_dns_record.h
%{_includedir}/ares_nameser.h
%{_includedir}/ares_rules.h
%{_includedir}/ares_version.h
@ -85,28 +81,50 @@ rm -f $RPM_BUILD_ROOT/%{_libdir}/libcares.la
%{_mandir}/man3/ares_*
%changelog
* Mon Mar 11 2024 Alexey Tikhonov <atikhono@redhat.com> - 1.19.1-2
- Resolves: RHEL-26529 - Out of bounds read in ares__read_line() [rhel-9]
* Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com> - 1.25.0-5
- Bump release for June 2024 mass rebuild
* Tue Mar 26 2024 Alexey Tikhonov <atikhono@redhat.com> - 1.25.0-4
- Resolves: RHEL-30025 - Out of bounds read in ares__read_line() [rhel-10.0]
* Tue Jan 23 2024 Fedora Release Engineering <releng@fedoraproject.org> - 1.25.0-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Fri Jan 19 2024 Fedora Release Engineering <releng@fedoraproject.org> - 1.25.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Wed Jan 10 2024 Tom Callaway <spot@fedoraproject.org> - 1.25.0-1
- update to 1.25.0
* Tue Nov 21 2023 Tom Callaway <spot@fedoraproject.org> - 1.22.1-1
- update to 1.22.1
* Sun Nov 5 2023 Tom Callaway <spot@fedoraproject.org> - 1.21.0-1
- update to 1.21.0
* Wed May 24 2023 Tom Callaway <spot@fedoraproject.org> - 1.19.1-1
- update to 1.19.1
- fixes CVE-2023-32067
* Fri Feb 17 2023 Tom Callaway <spot@fedoraproject.org> - 1.19.0-1
- update to 1.19.0
- fixes CVE-2022-4904
* Fri May 26 2023 Alexey Tikhonov <atikhono@redhat.com> - 1.19.1-1
- Resolves: rhbz#2209564 - CVE-2023-31124 c-ares: AutoTools does not set CARES_RANDOM_FILE during cross compilation [rhel-9]
- Resolves: rhbz#2209556 - CVE-2023-31130 c-ares: Buffer Underwrite in ares_inet_net_pton() [rhel-9]
- Resolves: rhbz#2209550 - CVE-2023-31147 c-ares: Insufficient randomness in generation of DNS query IDs [rhel-9]
- Resolves: rhbz#2209520 - CVE-2023-32067 c-ares: 0-byte UDP payload Denial of Service [rhel-9.3.0]
- Resolves: rhbz#2210370 - Rebase c-ares for RHEL 9.3
* Wed Jan 18 2023 Fedora Release Engineering <releng@fedoraproject.org> - 1.17.2-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Fri May 12 2023 Alexey Tikhonov <atikhono@redhat.com> - 1.17.1-6
- Resolves: rhbz#2170868 - c-ares: buffer overflow in config_sortlist() due to missing string length check [rhel-9]
* Wed Jul 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 1.17.2-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Fri Nov 26 2021 Alexey Tikhonov <atikhono@redhat.com> - 1.17.1-5
- Resolves: rhbz#2014523 - c-ares: missing input validation of host names may lead to Domain Hijacking [rhel-9]
* Wed Jan 19 2022 Fedora Release Engineering <releng@fedoraproject.org> - 1.17.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 1.17.1-4
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1991688
* Mon Aug 16 2021 Tom Callaway <spot@fedoraproject.org> - 1.17.2-1
- update to 1.17.2
- fixes multiple security issues including CVE-2021-3672
* Thu Apr 15 2021 Mohan Boddu <mboddu@redhat.com> - 1.17.1-3
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
* Wed Jul 21 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.17.1-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.17.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild

Write Preview
Loading…
Cancel
Save