SLFO-pool/python-pycares
SHA256
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: SLFO-pool:main
Branches Tags
SLFO-pool:main SLFO-pool:1.1
..
compare: SLFO-pool:1.1
Branches Tags
SLFO-pool:main SLFO-pool:1.1

1 Commits
main ... 1.1

Author SHA256 Message Date
Adrian Schröter
1171dcaa2d Sync from SUSE:SLFO:1.1 python-pycares revision 6652fb0548e32f7cd2c656fa1256b72c 2025-04-16 01:48:32 +02:00
5 changed files with 16 additions and 362 deletions
Expand all files Collapse all files

277
CVE-2025-48945.patch
View File

@@ -1,277 +0,0 @@
From c3c931f5608da23a196b216edfcc2af5b626fc9a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Sa=C3=BAl=20Ibarra=20Corretg=C3=A9?= <s@saghul.net>
Date: Mon, 4 Aug 2025 10:27:07 +0200
Subject: [PATCH] Refactor channel destruction logic
- Use ares_queue_wait_empty to wait for queries to be complete before
destruction
- Make sure NO queries are cancelled as side effects on __del__
- Start the destruction thread early, as soon as a channel is created
Cancelling pending queries while in a query callback seemingly causes
heap corruption or double-free bugs, so delay the operation until no
Python code if using the channel anymore, that is, the destructor
thread.
Fixes: https://github.com/aio-libs/aiodns/issues/175
Fixes: https://github.com/saghul/pycares/issues/248
---
docs/channel.rst | 13 ------
src/_cffi_src/build_cares.py | 78 +++++++++++++++++++++++-------------
src/pycares/__init__.py | 61 ++++++++++++----------------
3 files changed, 76 insertions(+), 76 deletions(-)
Index: pycares-4.9.0/docs/channel.rst
===================================================================
--- pycares-4.9.0.orig/docs/channel.rst
+++ pycares-4.9.0/docs/channel.rst
@@ -77,25 +77,6 @@
While channels will attempt automatic cleanup during garbage collection, explicit
closing is safer as it gives you control over when resources are released.
- .. warning::
- The channel destruction mechanism has a limited throughput of 60 channels per minute
- (one channel per second) to ensure thread safety and prevent use-after-free errors
- in c-ares. This means:
-
- - Avoid creating transient channels for individual queries
- - Reuse channel instances whenever possible
- - For applications with high query volume, use a single long-lived channel
- - If you must create multiple channels, consider pooling them
-
- Creating and destroying channels rapidly will result in a backlog as the destruction
- queue processes channels sequentially with a 1-second delay between each.
-
- The Channel class supports the context manager protocol for automatic cleanup::
-
- with pycares.Channel() as channel:
- channel.query('example.com', pycares.QUERY_TYPE_A, callback)
- # Channel is automatically closed when exiting the context
-
.. py:method:: getaddrinfo(host, port, callback, family=0, type=0, proto=0, flags=0)
:param string host: Hostname to resolve.
Index: pycares-4.9.0/src/_cffi_src/build_cares.py
===================================================================
--- pycares-4.9.0.orig/src/_cffi_src/build_cares.py
+++ pycares-4.9.0/src/_cffi_src/build_cares.py
@@ -90,34 +90,6 @@ struct sockaddr_in6 {
typedef int... ares_socket_t;
typedef int... ares_socklen_t;
-#define ARES_SUCCESS ...
-
-#define ARES_ENODATA ...
-#define ARES_EFORMERR ...
-#define ARES_ESERVFAIL ...
-#define ARES_ENOTFOUND ...
-#define ARES_ENOTIMP ...
-#define ARES_EREFUSED ...
-#define ARES_EBADQUERY ...
-#define ARES_EBADNAME ...
-#define ARES_EBADFAMILY ...
-#define ARES_EBADRESP ...
-#define ARES_ECONNREFUSED ...
-#define ARES_ETIMEOUT ...
-#define ARES_EOF ...
-#define ARES_EFILE ...
-#define ARES_ENOMEM ...
-#define ARES_EDESTRUCTION ...
-#define ARES_EBADSTR ...
-#define ARES_EBADFLAGS ...
-#define ARES_ENONAME ...
-#define ARES_EBADHINTS ...
-#define ARES_ENOTINITIALIZED ...
-#define ARES_ELOADIPHLPAPI ...
-#define ARES_EADDRGETNETWORKPARAMS ...
-#define ARES_ECANCELLED ...
-#define ARES_ESERVICE ...
-
#define ARES_FLAG_USEVC ...
#define ARES_FLAG_PRIMARY ...
#define ARES_FLAG_IGNTC ...
@@ -229,6 +201,54 @@ struct ares_server_failover_options {
size_t retry_delay;
};
+typedef enum {
+ ARES_SUCCESS = 0,
+
+ /* Server error codes (ARES_ENODATA indicates no relevant answer) */
+ ARES_ENODATA = 1,
+ ARES_EFORMERR = 2,
+ ARES_ESERVFAIL = 3,
+ ARES_ENOTFOUND = 4,
+ ARES_ENOTIMP = 5,
+ ARES_EREFUSED = 6,
+
+ /* Locally generated error codes */
+ ARES_EBADQUERY = 7,
+ ARES_EBADNAME = 8,
+ ARES_EBADFAMILY = 9,
+ ARES_EBADRESP = 10,
+ ARES_ECONNREFUSED = 11,
+ ARES_ETIMEOUT = 12,
+ ARES_EOF = 13,
+ ARES_EFILE = 14,
+ ARES_ENOMEM = 15,
+ ARES_EDESTRUCTION = 16,
+ ARES_EBADSTR = 17,
+
+ /* ares_getnameinfo error codes */
+ ARES_EBADFLAGS = 18,
+
+ /* ares_getaddrinfo error codes */
+ ARES_ENONAME = 19,
+ ARES_EBADHINTS = 20,
+
+ /* Uninitialized library error code */
+ ARES_ENOTINITIALIZED = 21, /* introduced in 1.7.0 */
+
+ /* ares_library_init error codes */
+ ARES_ELOADIPHLPAPI = 22, /* introduced in 1.7.0 */
+ ARES_EADDRGETNETWORKPARAMS = 23, /* introduced in 1.7.0 */
+
+ /* More error codes */
+ ARES_ECANCELLED = 24, /* introduced in 1.7.0 */
+
+ /* More ares_getaddrinfo error codes */
+ ARES_ESERVICE = 25, /* ares_getaddrinfo() was passed a text service name that
+ * is not recognized. introduced in 1.16.0 */
+
+ ARES_ENOSERVER = 26 /* No DNS servers were configured */
+} ares_status_t;
+
/*! Values for ARES_OPT_EVENT_THREAD */
typedef enum {
/*! Default (best choice) event system */
@@ -597,6 +617,8 @@ const char *ares_inet_ntop(int af, const
int ares_inet_pton(int af, const char *src, void *dst);
ares_bool_t ares_threadsafety(void);
+
+ares_status_t ares_queue_wait_empty(ares_channel channel, int timeout_ms);
"""
CALLBACKS = """
Index: pycares-4.9.0/src/pycares/__init__.py
===================================================================
--- pycares-4.9.0.orig/src/pycares/__init__.py
+++ pycares-4.9.0/src/pycares/__init__.py
@@ -12,10 +12,8 @@ from ._version import __version__
import socket
import math
import threading
-import time
import weakref
from collections.abc import Callable, Iterable
-from contextlib import suppress
from typing import Any, Callable, Optional, Dict, Union
from queue import SimpleQueue
@@ -344,7 +342,7 @@ class _ChannelShutdownManager:
def __init__(self) -> None:
self._queue: SimpleQueue = SimpleQueue()
self._thread: Optional[threading.Thread] = None
- self._thread_started = False
+ self._start_lock = threading.Lock()
def _run_safe_shutdown_loop(self) -> None:
"""Process channel destruction requests from the queue."""
@@ -352,16 +350,27 @@ class _ChannelShutdownManager:
# Block forever until we get a channel to destroy
channel = self._queue.get()
- # Sleep for 1 second to ensure c-ares has finished processing
- # Its important that c-ares is past this critcial section
- # so we use a delay to ensure it has time to finish processing
- # https://github.com/c-ares/c-ares/blob/4f42928848e8b73d322b15ecbe3e8d753bf8734e/src/lib/ares_process.c#L1422
- time.sleep(1.0)
+ # Cancel all pending queries - this will trigger callbacks with ARES_ECANCELLED
+ _lib.ares_cancel(channel[0])
+
+ # Wait for all queries to finish
+ _lib.ares_queue_wait_empty(channel[0], -1)
# Destroy the channel
if _lib is not None and channel is not None:
_lib.ares_destroy(channel[0])
+ def start(self) -> None:
+ """Start the background thread if not already started."""
+ if self._thread is not None:
+ return
+ with self._start_lock:
+ if self._thread is not None:
+ # Started by another thread while waiting for the lock
+ return
+ self._thread = threading.Thread(target=self._run_safe_shutdown_loop, daemon=True)
+ self._thread.start()
+
def destroy_channel(self, channel) -> None:
"""
Schedule channel destruction on the background thread with a safety delay.
@@ -369,17 +378,10 @@ class _ChannelShutdownManager:
Thread Safety and Synchronization:
This method uses SimpleQueue which is thread-safe for putting items
from multiple threads. The background thread processes channels
- sequentially with a 1-second delay before each destruction.
+ sequentially waiting for queries to end before each destruction.
"""
- # Put the channel in the queue
self._queue.put(channel)
- # Start the background thread if not already started
- if not self._thread_started:
- self._thread_started = True
- self._thread = threading.Thread(target=self._run_safe_shutdown_loop, daemon=True)
- self._thread.start()
-
# Global shutdown manager instance
_shutdown_manager = _ChannelShutdownManager()
@@ -516,11 +518,12 @@ class Channel:
self.close()
return False
+ # Ensure the shutdown thread is started
+ _shutdown_manager.start()
+
def __del__(self) -> None:
"""Ensure the channel is destroyed when the object is deleted."""
- if self._channel is not None:
- # Schedule channel destruction using the global shutdown manager
- self._schedule_destruction()
+ self.close()
def _create_callback_handle(self, callback_data):
"""
@@ -764,24 +767,12 @@ class Channel:
# Already destroyed
return
- # Cancel all pending queries - this will trigger callbacks with ARES_ECANCELLED
- self.cancel()
+ # NB: don't cancel queries here, it may lead to problem if done from a
+ # query callback.
# Schedule channel destruction
- self._schedule_destruction()
-
- def _schedule_destruction(self) -> None:
- """Schedule channel destruction using the global shutdown manager."""
- if self._channel is None:
- return
- channel = self._channel
- self._channel = None
- # Can't start threads during interpreter shutdown
- # The channel will be cleaned up by the OS
- # TODO: Change to PythonFinalizationError when Python 3.12 support is dropped
- with suppress(RuntimeError):
- _shutdown_manager.destroy_channel(channel)
-
+ channel, self._channel = self._channel, None
+ _shutdown_manager.destroy_channel(channel)
class AresResult:

BIN
pycares-4.3.0.tar.gz (Stored with Git LFS) Normal file
View File

Binary file not shown.

BIN
pycares-4.9.0.tar.gz (Stored with Git LFS)
View File

Binary file not shown.

75
python-pycares.changes
View File

@@ -1,70 +1,3 @@
-------------------------------------------------------------------
Fri Aug 8 13:15:12 UTC 2025 - Nico Krapp <nico.krapp@suse.com>
- Add CVE-2025-48945.patch to actually fix CVE-2025-48945 (bsc#1244691)
-------------------------------------------------------------------
Wed Jun 18 12:58:39 UTC 2025 - Nico Krapp <nico.krapp@suse.com>
- Update to 4.9.0 (fixes CVE-2025-48945, bsc#1244691)
* Create dependabot configuration by @bdraco in #226
* build(deps): bump pypa/cibuildwheel from 2.22.0 to 2.23.3
by @dependabot in #227
* Pin Python version to 3.13.3 to avoid Windows build error by @saghul in #235
* Fix shutdown race by @bdraco in #236
* Add support for windows arm64 by @finnagin in #233
- Update to 4.8.0
* Cancel previous CI jobs on pull request update by @bdraco in #222
* Update bundled c-ares to v1.34.5 by @bdraco in #221
* Add ARES_FLAG_NO_DFLT_SVR and ARES_FLAG_EDNS to API by @bdraco in #224
- Update to 4.7.0
* Update c-ares to 1.29.0 to add reinit support to Channel by @bdraco in #219
* Add event thread support by @bdraco in #220
-------------------------------------------------------------------
Mon Apr 28 16:43:05 UTC 2025 - Dirk Müller <dmueller@suse.com>
- update to 4.6.1:
* Fix missing attribute type information for errno
-------------------------------------------------------------------
Fri Apr 11 07:18:09 UTC 2025 - Matej Cepl <mcepl@cepl.eu>
- Clean up the SPEC file.
-------------------------------------------------------------------
Thu Apr 10 12:28:57 UTC 2025 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
- Update to 4.6.0
* Swap out is_all_ascii for built-in str.isascii by @bdraco in (#209)
* Fixup tests by @saghul in (#214)
* Add initial type annotations by @Dreamsorcerer in (#212)
* Fix module has no attribute type errors by @Dreamsorcerer in (#211)
-------------------------------------------------------------------
Fri Jan 10 09:20:14 UTC 2025 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
- Update to 4.5.0
* Test data updates to fix test failures
* Update test_idna_encoding_query_a with
new errno to align to new c-ares version
* Do not define HAVE_GETSERVBYPORT_R for
platforms Android, Cygwin, Darwin
* Drop distutils
* build(deps): bump actions/download-artifact
from 3 to 4.1.7 in /.github/workflows
* Add 3.13 support, remove 3.8
* chore(ci): fix upload & add more platforms to cibuildwheel
* Test building release wheels on PRs
* Fix building sdist
* Fixup CI
-------------------------------------------------------------------
Mon Dec 11 08:24:45 UTC 2023 - Dirk Müller <dmueller@suse.com>
- update to 4.4.0:
* Add support for 3.12, drop EOL 3.7
-------------------------------------------------------------------
Fri Apr 21 12:30:27 UTC 2023 - Dirk Müller <dmueller@suse.com>
@@ -78,7 +11,7 @@ Thu Apr 13 22:43:34 UTC 2023 - Matej Cepl <mcepl@suse.com>
-------------------------------------------------------------------
Tue Dec 13 16:24:44 UTC 2022 - Yogalakshmi Arunachalam <yarunachalam@suse.com>
- Update to version 4.3.0
- Update to version 4.3.0
* Bump cibuildwheel to build for Python 3.11 + CI total time speedups by @Jackenmen in #174
Fix tests that depended on external sites by @Jackenmen in #180
Complete the Python 3.11 support by @Jackenmen in #179
@@ -95,7 +28,7 @@ Thu Dec 8 22:21:16 UTC 2022 - Matej Cepl <mcepl@suse.com>
-------------------------------------------------------------------
Tue Oct 4 23:59:04 UTC 2022 - Yogalakshmi Arunachalam <yarunachalam@suse.com>
- Update to version 4.2.2
- Update to version 4.2.2
no changelog
-------------------------------------------------------------------
@@ -161,8 +94,8 @@ Thu Mar 21 13:59:43 UTC 2019 - Ondřej Súkup <mimi.vx@gmail.com>
- update to 3.0.0
* first stable version in 3.0 series
-------------------------------------------------------------------
Fri Mar 1 07:55:18 UTC 2019 - Ondřej Súkup <mimi.vx@gmail.com>
- initial commit
- initial commit

20
python-pycares.spec
View File

@@ -1,7 +1,7 @@
#
# spec file for package python-pycares
#
# Copyright (c) 2025 SUSE LLC
# Copyright (c) 2023 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -16,9 +16,11 @@
#
%{?!python_module:%define python_module() python-%{**} python3-%{**}}
%define skip_python2 1
%{?sle15_python_module_pythons}
Name: python-pycares
Version: 4.9.0
Version: 4.3.0
Release: 0
Summary: Python interface for c-ares
License: MIT
@@ -28,14 +30,9 @@ Source: https://files.pythonhosted.org/packages/source/p/pycares/pycares
# PATCH-FIX-UPSTREAM cleanup_tests.patch bsc#[0-9]+ mcepl@suse.com
# Make the test suite slightly more normal
Patch0: cleanup_tests.patch
# PATCH-FIX-UPSTREAM CVE-2025-48945.patch actually fixes CVE-2025-48945
# taken from https://github.com/saghul/pycares/commit/c3c931f5608da23a196b216edfcc2af5b626fc9a
Patch1: CVE-2025-48945.patch
BuildRequires: %{python_module cffi}
BuildRequires: %{python_module devel}
BuildRequires: %{python_module pip}
BuildRequires: %{python_module setuptools}
BuildRequires: %{python_module wheel}
BuildRequires: c-ares-devel
BuildRequires: fdupes
BuildRequires: gcc
@@ -52,11 +49,13 @@ resolutions asynchronously
%prep
%autosetup -p1 -n pycares-%{version}
rm -Rf
%build
%pyproject_wheel
%python_build
%install
%pyproject_install
%python_install
%python_expand %fdupes %{buildroot}%{$python_sitearch}
%check
@@ -67,7 +66,6 @@ resolutions asynchronously
%files %{python_files}
%license LICENSE
%doc ChangeLog README.rst
%{python_sitearch}/pycares
%{python_sitearch}/pycares-%{version}*-info
%{python_sitearch}/*
%changelog