diff --git a/.c-ares.metadata b/.c-ares.metadata new file mode 100644 index 0000000..7b39911 --- /dev/null +++ b/.c-ares.metadata @@ -0,0 +1 @@ +431d5ff705db752f5d25e610827b7cb3653fc7ff SOURCES/c-ares-1.17.1.tar.gz diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..15feab0 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +SOURCES/c-ares-1.17.1.tar.gz diff --git a/SOURCES/0001-Use-RPM-compiler-options.patch b/SOURCES/0001-Use-RPM-compiler-options.patch new file mode 100644 index 0000000..721b713 --- /dev/null +++ b/SOURCES/0001-Use-RPM-compiler-options.patch @@ -0,0 +1,41 @@ +From 7dada62a77e061c752123e672e844386ff3b01ea Mon Sep 17 00:00:00 2001 +From: Stephen Gallagher +Date: Wed, 10 Apr 2013 12:32:44 -0400 +Subject: [PATCH] Use RPM compiler options + +--- + m4/cares-compilers.m4 | 19 ++++++------------- + 1 file changed, 6 insertions(+), 13 deletions(-) + +diff --git a/m4/cares-compilers.m4 b/m4/cares-compilers.m4 +index 7ee8e0dbe741c1a64149a0d20b826f507b3ec620..d7708230fb5628ae80fbf1052da0d2c78ebbc160 100644 +--- a/m4/cares-compilers.m4 ++++ b/m4/cares-compilers.m4 +@@ -143,19 +143,12 @@ AC_DEFUN([CARES_CHECK_COMPILER_GNU_C], [ + gccvhi=`echo $gccver | cut -d . -f1` + gccvlo=`echo $gccver | cut -d . -f2` + compiler_num=`(expr $gccvhi "*" 100 + $gccvlo) 2>/dev/null` +- flags_dbg_all="-g -g0 -g1 -g2 -g3" +- flags_dbg_all="$flags_dbg_all -ggdb" +- flags_dbg_all="$flags_dbg_all -gstabs" +- flags_dbg_all="$flags_dbg_all -gstabs+" +- flags_dbg_all="$flags_dbg_all -gcoff" +- flags_dbg_all="$flags_dbg_all -gxcoff" +- flags_dbg_all="$flags_dbg_all -gdwarf-2" +- flags_dbg_all="$flags_dbg_all -gvms" +- flags_dbg_yes="-g" +- flags_dbg_off="-g0" +- flags_opt_all="-O -O0 -O1 -O2 -O3 -Os" +- flags_opt_yes="-O2" +- flags_opt_off="-O0" ++ flags_dbg_all="" ++ flags_dbg_yes="" ++ flags_dbg_off="" ++ flags_opt_all="" ++ flags_opt_yes="" ++ flags_opt_off="" + CURL_CHECK_DEF([_WIN32], [], [silent]) + else + AC_MSG_RESULT([no]) +-- +1.8.1.4 diff --git a/SOURCES/0002-fix-CVE-2021-3672.patch b/SOURCES/0002-fix-CVE-2021-3672.patch new file mode 100644 index 0000000..670f06e --- /dev/null +++ b/SOURCES/0002-fix-CVE-2021-3672.patch @@ -0,0 +1,192 @@ +From 362f91d807d293791008cdb7616d40f7784ece83 Mon Sep 17 00:00:00 2001 +From: bradh352 +Date: Fri, 11 Jun 2021 11:27:45 -0400 +Subject: [PATCH 1/2] ares_expand_name() should escape more characters + +RFC1035 5.1 specifies some reserved characters and escaping sequences +that are allowed to be specified. Expand the list of reserved characters +and also escape non-printable characters using the \DDD format as +specified in the RFC. + +Bug Reported By: philipp.jeitner@sit.fraunhofer.de +Fix By: Brad House (@bradh352) +--- + src/lib/ares_expand_name.c | 41 +++++++++++++++++++++++++++++++++++--- + 1 file changed, 38 insertions(+), 3 deletions(-) + +diff --git a/src/lib/ares_expand_name.c b/src/lib/ares_expand_name.c +index 407200ef..f1c874a9 100644 +--- a/src/lib/ares_expand_name.c ++++ b/src/lib/ares_expand_name.c +@@ -32,6 +32,26 @@ + static int name_length(const unsigned char *encoded, const unsigned char *abuf, + int alen); + ++/* Reserved characters for names that need to be escaped */ ++static int is_reservedch(int ch) ++{ ++ switch (ch) { ++ case '"': ++ case '.': ++ case ';': ++ case '\\': ++ case '(': ++ case ')': ++ case '@': ++ case '$': ++ return 1; ++ default: ++ break; ++ } ++ ++ return 0; ++} ++ + /* Expand an RFC1035-encoded domain name given by encoded. The + * containing message is given by abuf and alen. The result given by + * *s, which is set to a NUL-terminated allocated buffer. *enclen is +@@ -111,9 +131,18 @@ int ares_expand_name(const unsigned char *encoded, const unsigned char *abuf, + p++; + while (len--) + { +- if (*p == '.' || *p == '\\') ++ if (!isprint(*p)) { ++ /* Output as \DDD for consistency with RFC1035 5.1 */ ++ *q++ = '\\'; ++ *q++ = '0' + *p / 100; ++ *q++ = '0' + (*p % 100) / 10; ++ *q++ = '0' + (*p % 10); ++ } else if (is_reservedch(*p)) { + *q++ = '\\'; +- *q++ = *p; ++ *q++ = *p; ++ } else { ++ *q++ = *p; ++ } + p++; + } + *q++ = '.'; +@@ -171,7 +200,13 @@ static int name_length(const unsigned char *encoded, const unsigned char *abuf, + encoded++; + while (offset--) + { +- n += (*encoded == '.' || *encoded == '\\') ? 2 : 1; ++ if (!isprint(*encoded)) { ++ n += 4; ++ } else if (is_reservedch(*encoded)) { ++ n += 2; ++ } else { ++ n += 1; ++ } + encoded++; + } + n++; + +From 44c009b8e62ea1929de68e3f438181bea469ec14 Mon Sep 17 00:00:00 2001 +From: bradh352 +Date: Fri, 11 Jun 2021 12:39:24 -0400 +Subject: [PATCH 2/2] ares_expand_name(): fix formatting and handling of root + name response + +Fixes issue introduced in prior commit with formatting and handling +of parsing a root name response which should not be escaped. + +Fix By: Brad House +--- + src/lib/ares_expand_name.c | 62 ++++++++++++++++++++++++-------------- + 1 file changed, 40 insertions(+), 22 deletions(-) + +diff --git a/src/lib/ares_expand_name.c b/src/lib/ares_expand_name.c +index f1c874a9..eb9268c1 100644 +--- a/src/lib/ares_expand_name.c ++++ b/src/lib/ares_expand_name.c +@@ -127,27 +127,37 @@ int ares_expand_name(const unsigned char *encoded, const unsigned char *abuf, + } + else + { +- len = *p; ++ int name_len = *p; ++ len = name_len; + p++; ++ + while (len--) + { +- if (!isprint(*p)) { +- /* Output as \DDD for consistency with RFC1035 5.1 */ +- *q++ = '\\'; +- *q++ = '0' + *p / 100; +- *q++ = '0' + (*p % 100) / 10; +- *q++ = '0' + (*p % 10); +- } else if (is_reservedch(*p)) { +- *q++ = '\\'; +- *q++ = *p; +- } else { +- *q++ = *p; +- } ++ /* Output as \DDD for consistency with RFC1035 5.1, except ++ * for the special case of a root name response */ ++ if (!isprint(*p) && !(name_len == 1 && *p == 0)) ++ { ++ ++ *q++ = '\\'; ++ *q++ = '0' + *p / 100; ++ *q++ = '0' + (*p % 100) / 10; ++ *q++ = '0' + (*p % 10); ++ } ++ else if (is_reservedch(*p)) ++ { ++ *q++ = '\\'; ++ *q++ = *p; ++ } ++ else ++ { ++ *q++ = *p; ++ } + p++; + } + *q++ = '.'; + } +- } ++ } ++ + if (!indir) + *enclen = aresx_uztosl(p + 1U - encoded); + +@@ -194,21 +204,29 @@ static int name_length(const unsigned char *encoded, const unsigned char *abuf, + } + else if (top == 0x00) + { +- offset = *encoded; ++ int name_len = *encoded; ++ offset = name_len; + if (encoded + offset + 1 >= abuf + alen) + return -1; + encoded++; ++ + while (offset--) + { +- if (!isprint(*encoded)) { +- n += 4; +- } else if (is_reservedch(*encoded)) { +- n += 2; +- } else { +- n += 1; +- } ++ if (!isprint(*encoded) && !(name_len == 1 && *encoded == 0)) ++ { ++ n += 4; ++ } ++ else if (is_reservedch(*encoded)) ++ { ++ n += 2; ++ } ++ else ++ { ++ n += 1; ++ } + encoded++; + } ++ + n++; + } + else diff --git a/SOURCES/LICENSE b/SOURCES/LICENSE new file mode 100644 index 0000000..4c1423a --- /dev/null +++ b/SOURCES/LICENSE @@ -0,0 +1,12 @@ +Copyright (C) 2004 by Daniel Stenberg et al + +Permission to use, copy, modify, and distribute this software and its +documentation for any purpose and without fee is hereby granted, provided +that the above copyright notice appear in all copies and that both that +copyright notice and this permission notice appear in supporting +documentation, and that the name of M.I.T. not be used in advertising or +publicity pertaining to distribution of the software without specific, +written prior permission. M.I.T. makes no representations about the +suitability of this software for any purpose. It is provided "as is" +without express or implied warranty. + diff --git a/SPECS/c-ares.spec b/SPECS/c-ares.spec new file mode 100644 index 0000000..e5487c8 --- /dev/null +++ b/SPECS/c-ares.spec @@ -0,0 +1,311 @@ +%global use_cmake 1 + +Summary: A library that performs asynchronous DNS operations +Name: c-ares +Version: 1.17.1 +Release: 5%{?dist} +License: MIT +URL: http://c-ares.haxx.se/ +Source0: http://c-ares.haxx.se/download/%{name}-%{version}.tar.gz +# The license can be obtained at http://c-ares.haxx.se/license.html +Source1: LICENSE +Patch0: 0001-Use-RPM-compiler-options.patch +Patch1: 0002-fix-CVE-2021-3672.patch +BuildRequires: gcc +%if %{use_cmake} +BuildRequires: cmake +%else +BuildRequires: autoconf +BuildRequires: automake +BuildRequires: libtool +%endif +BuildRequires: make + +%description +c-ares is a C library that performs DNS requests and name resolves +asynchronously. c-ares is a fork of the library named 'ares', written +by Greg Hudson at MIT. + +%package devel +Summary: Development files for c-ares +Requires: %{name}%{?_isa} = %{version}-%{release} + +%description devel +This package contains the header files and libraries needed to +compile applications or shared objects that use c-ares. + +%prep +%autosetup -p1 + +cp %{SOURCE1} . +f=CHANGES ; iconv -f iso-8859-1 -t utf-8 $f -o $f.utf8 ; mv $f.utf8 $f + +%build +# autoreconf -if +# %%configure --enable-shared --disable-static \ +# --disable-dependency-tracking +%if %{use_cmake} +%{cmake} -DCMAKE_INSTALL_LIBDIR:PATH="%{_libdir}" -DCARES_BUILD_TOOLS:BOOL=OFF +%cmake_build +%else +autoreconf -if +%configure --enable-shared --disable-static \ + --disable-dependency-tracking +%{__make} %{?_smp_mflags} +%endif + +%install +%if %{use_cmake} +%cmake_install +%else +%make_install +rm -f $RPM_BUILD_ROOT/%{_libdir}/libcares.la +%endif + +%ldconfig_scriptlets + +%files +%license LICENSE +%doc README.cares CHANGES NEWS +%{_libdir}/*.so.* + +%files devel +%{_includedir}/ares.h +%{_includedir}/ares_build.h +%{_includedir}/ares_dns.h +%{_includedir}/ares_rules.h +%{_includedir}/ares_version.h +%{_libdir}/*.so +%if %{use_cmake} +%{_libdir}/cmake/c-ares/ +%endif +%{_libdir}/pkgconfig/libcares.pc +%{_mandir}/man3/ares_* + +%changelog +* Fri Nov 26 2021 Alexey Tikhonov - 1.17.1-5 +- Resolves: rhbz#2014523 - c-ares: missing input validation of host names may lead to Domain Hijacking [rhel-9] + +* Mon Aug 09 2021 Mohan Boddu - 1.17.1-4 +- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags + Related: rhbz#1991688 + +* Thu Apr 15 2021 Mohan Boddu - 1.17.1-3 +- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 + +* Tue Jan 26 2021 Fedora Release Engineering - 1.17.1-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + +* Fri Nov 20 2020 Tom Callaway - 1.17.1-1 +- update to 1.17.1 + +* Tue Nov 17 2020 Tom Callaway - 1.17.0-1 +- update to 1.17.0 + +* Mon Jul 27 2020 Fedora Release Engineering - 1.16.1-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + +* Mon Jul 13 2020 Tom Stellard - 1.16.1-2 +- Use make macros +- https://fedoraproject.org/wiki/Changes/UseMakeBuildInstallMacro + +* Mon May 11 2020 Tom Callaway - 1.16.1-1 +- update to 1.16.1 + +* Fri Mar 13 2020 Tom Callaway - 1.16.0-1 +- update to 1.16.0 + +* Tue Jan 28 2020 Fedora Release Engineering - 1.15.0-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild + +* Wed Jul 24 2019 Fedora Release Engineering - 1.15.0-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild + +* Tue Mar 12 2019 Tom Callaway - 1.15.0-3 +- use cmake to build so we get cmake helpers (bz1687844) + +* Thu Jan 31 2019 Fedora Release Engineering - 1.15.0-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild + +* Tue Nov 13 2018 Jakub Hrozek - 1.16.0-1 +- Update to the latest upstream + +* Mon Sep 3 2018 Jakub Hrozek - 1.14.0-1 +- Update to the latest upstream +- Resolves: rhbz#1624499 - RFE: New c-ares release 1.14.0 available + +* Thu Jul 12 2018 Fedora Release Engineering - 1.13.0-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild + +* Wed Feb 07 2018 Fedora Release Engineering - 1.13.0-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild + +* Wed Aug 02 2017 Fedora Release Engineering - 1.13.0-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild + +* Wed Jul 26 2017 Fedora Release Engineering - 1.13.0-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild + +* Tue Jun 20 2017 Jakub Hrozek - 1.13.0-1 +- update to 1.13.0 + +* Fri Feb 10 2017 Fedora Release Engineering - 1.12.0-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild + +* Thu Sep 29 2016 Tom Callaway - 1.12.0-1 +- update to 1.12.0 + +* Fri Feb 19 2016 Jakub Hrozek - 1.11.0 +- New upstream version 1.11.0 + +* Wed Feb 03 2016 Fedora Release Engineering - 1.10.0-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild + +* Wed Jun 17 2015 Fedora Release Engineering - 1.10.0-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild + +* Fri Aug 15 2014 Fedora Release Engineering - 1.10.0-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild + +* Sat Jun 07 2014 Fedora Release Engineering - 1.10.0-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild + +* Sat Aug 03 2013 Fedora Release Engineering - 1.10.0-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild + +* Mon May 13 2013 Jakub Hrozek - 1.10.1-1 +- New upstream release 1.10 +- Obsolete upstreamed patches +- Amend the multilib patch, there's no need to patch configure since we + are running autoreconf anyways +- https://raw.github.com/bagder/c-ares/cares-1_10_0/RELEASE-NOTES + +* Thu Apr 11 2013 Jakub Hrozek - 1.9.1-6 +- Apply an upstream patch to override AC_CONFIG_MACRO_DIR only conditionally + +* Thu Apr 11 2013 Jakub Hrozek - 1.9.1-5 +- Apply a patch by Stephen Gallagher to patch autoconf, not configure to + allow optflags to be passed in by build environment +- Run autoreconf before configure +- git rm obsolete patches +- Apply upstream patch to stop overriding AC_CONFIG_MACRO_DIR + +* Wed Feb 13 2013 Fedora Release Engineering - 1.9.1-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild + +* Wed Aug 8 2012 Jakub Hrozek - 1.9.1-3 +- Include URL to the license text + +* Wed Jul 18 2012 Fedora Release Engineering - 1.9.1-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + +* Mon Jun 25 2012 Tom Callaway - 1.9.1-1 +- update to 1.9.1 + +* Sat Apr 28 2012 Tom Callaway - 1.8.0-1 +- update to 1.8.0 +- fix multilib patch (thanks to Paul Howarth) + +* Thu Jan 12 2012 Fedora Release Engineering - 1.7.5-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild + +* Wed Aug 17 2011 Jakub Hrozek - 1.7.5-1 +- New upstream release 1.7.5 +- Obsoletes patch #2 +- Rebase patch #1 (optflags) to match the 1.7.5 code +- Fixed Source0 URL to point at the upstream tarball + +* Mon Apr 11 2011 Jakub Hrozek - 1.7.4-3 +- Apply upstream patch to fix rhbz#695424 + +* Tue Feb 08 2011 Fedora Release Engineering - 1.7.4-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild + +* Fri Dec 10 2010 Tom "spot" Callaway - 1.7.4-1 +- update to 1.7.4 + +* Wed Aug 25 2010 Jakub Hrozek - 1.7.3-3 +- Actually apply the patches + +* Wed Aug 25 2010 Jakub Hrozek - 1.7.3-2 +- apply couple of patches from upstream + +* Tue Jun 15 2010 Jakub Hrozek - 1.7.3-1 +- Upgrade to new upstream release 1.7.3 (obsoletes search/domain patch) +- Fix conflict of -devel packages on multilib architectures (#602880) + +* Thu Jun 3 2010 Jakub Hrozek - 1.7.1-2 +- Use last instance of search/domain, not the first one (#597286) + +* Tue Mar 23 2010 Jakub Hrozek - 1.7.1-1 +- update to 1.7.1 which contains the IPv6 nameserver patch + +* Sun Mar 7 2010 Jakub Hrozek - 1.7.0-3 +- Change IPv6 nameserver patch according to upstream changes + (upstream revisions 1199,1201,1202) + +* Wed Mar 3 2010 Jakub Hrozek - 1.7.0-2 +- Add a patch to allow usage of IPv6 nameservers + +* Tue Dec 1 2009 Tom "spot" Callaway - 1.7.0-1 +- update to 1.7.0 + +* Sat Jul 25 2009 Ville Skyttä - 1.6.0-3 +- Patch to make upstream build system honor our CFLAGS and friends. +- Don't bother building throwaway static libs. +- Disable autotools dependency tracking for cleaner build logs and possible + slight build speedup. +- Convert docs to UTF-8. +- Update URLs. + +* Fri Jul 24 2009 Fedora Release Engineering - 1.6.0-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild + +* Wed Jul 22 2009 Tom "spot" Callaway - 1.6.0-1 +- update to 1.6.0 + +* Mon Feb 23 2009 Fedora Release Engineering - 1.5.3-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild + +* Fri Sep 12 2008 Tom "spot" Callaway - 1.5.3-1 +- update to 1.5.3 + +* Tue Feb 19 2008 Fedora Release Engineering - 1.5.1-2 +- Autorebuild for GCC 4.3 + +* Tue Feb 19 2008 Tom "spot" Callaway 1.5.1-1 +- update to 1.5.1 + +* Thu Aug 23 2007 Tom "spot" Callaway 1.4.0-2 +- rebuild for ppc32 + +* Wed Jun 27 2007 Tom "spot" Callaway 1.4.0-1 +- bump to 1.4.0 (resolves bugzilla 243591) +- get rid of static library (.a) + +* Wed Jan 17 2007 Tom "spot" Callaway 1.3.2-1 +- bump to 1.3.2 + +* Mon Sep 11 2006 Tom "spot" Callaway 1.3.1-2 +- FC-6 bump + +* Mon Jul 10 2006 Tom "spot" Callaway 1.3.1-1 +- bump to 1.3.1 + +* Tue Feb 28 2006 Tom "spot" Callaway 1.3.0-2 +- bump for FC-5 rebuild + +* Sun Sep 4 2005 Tom "spot" Callaway 1.3.0-1 +- include LICENSE text +- bump to 1.3.0 + +* Tue May 31 2005 Tom "spot" Callaway 1.2.1-4 +- use dist tag to prevent EVR overlap + +* Fri Apr 22 2005 Tom "spot" Callaway 1.2.1-2 +- fix license (MIT, not LGPL) +- get rid of libcares.la + +* Fri Apr 22 2005 Tom "spot" Callaway 1.2.1-1 +- initial package creation +