diff --git a/c-ares-1.15.0-20200117.tar.gz b/c-ares-1.15.0-20200117.tar.gz deleted file mode 100644 index 516d29b..0000000 --- a/c-ares-1.15.0-20200117.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:86a99c9750698356ffde22cb42e2a18bb4c2baf424d31ba988c4e6f6fc18ba89 -size 1332073 diff --git a/c-ares-1.16.1.tar.gz b/c-ares-1.16.1.tar.gz new file mode 100644 index 0000000..96d769d --- /dev/null +++ b/c-ares-1.16.1.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:d08312d0ecc3bd48eee0a4cc0d2137c9f194e0a28de2028928c0f6cae85f86ce +size 1374637 diff --git a/c-ares-1.16.1.tar.gz.asc b/c-ares-1.16.1.tar.gz.asc new file mode 100644 index 0000000..b439f7a --- /dev/null +++ b/c-ares-1.16.1.tar.gz.asc @@ -0,0 +1,11 @@ +-----BEGIN PGP SIGNATURE----- + +iQEzBAABCgAdFiEEJ+3q8i86vOtQ25oSXMkI/bceEsIFAl65kRoACgkQXMkI/bce +EsLoxwgAkIUACrGgrcLwqPUt6+JZoqWgTMjQTuGyZ+5kB8O93U40GSHH8YDm5Ntj +iTADAQMNo8EJfRBwH+tpQ7VFXDIAz/8dNuwx4VmnadaqoQU7j7v2u5IhltBmtof1 +SkRwwdpma4FoteF91cPDoFH/sdaUGlhFo/fS4gJPeWJqqqCok78j5mS9ZIwzyc4B +JKP2PMEt1XX1hmLOc+4jI7Mv0N0egN6cvCTiyW8jq0maEALiUBm3U9T+g6yDLp5J +KnbtLkcwTU+lj4BdMcJ+ADrW4ELFIY1Jd1qOWhLOLEwyvbDFiJ1x53+U3Vzht7n0 +Yv/3aL0xtfcRXkILjnNlNCSgO34PTg== +=LOfS +-----END PGP SIGNATURE----- diff --git a/c-ares.changes b/c-ares.changes index 44e3437..0827c06 100644 --- a/c-ares.changes +++ b/c-ares.changes @@ -1,3 +1,58 @@ +------------------------------------------------------------------- +Wed Jul 8 20:35:17 UTC 2020 - Matthias Eliasson + +- Version update to 1.16.1 + Security: + * Prevent possible use-after-free and double-free in ares_getaddrinfo() if + ares_destroy() is called prior to ares_getaddrinfo() completing. + Reported by Jann Horn at Google Project Zero. + Changes: + * Allow TXT records on CHAOS qclass. Used for retriving things like + version.bind, version.server, authoris.bind, hostname.bind, and id.server. [3] + Bug fixes: + * Fix Windows Unicode incompatibilities with ares_getaddrinfo() [1] + * Silence false cast-align compiler warnings due to valid casts of struct + sockaddr to struct sockaddr_in and struct sockaddr_in6. + * MacOS should use libresolv for retrieving DNS servers, like iOS + * CMake build system should populate the INCLUDE_DIRECTORIES property of + installed targets [2] + * Correct macros in use for the ares_getaddrinfo.3 man page +- Changes in version 1.16.0 + Changes: + * Introduction of ares_getaddrinfo() API which provides similar output + (including proper sorting as per RFC 6724) to the system native API, but + utilizes different data structures in order to provide additional + information such as TTLs and all aliases. Please reference the respective + man pages for usage details. + * Parse SOA records from ns_t_any response + * CMake: Provide c-ares version in package export file + * CMake: Add CPACK functionality for DEB and RPM + * CMake: Generate PDB files during build + * CMake: Support manpage installation + Bug fixes: + * Fix bad expectation in IPv6 localhost test. + * AutoTools: use XC_CHECK_BUILD_FLAGS instead of XC_CHECK_USER_FLAGS to + prevent complaints about CPPFLAGS in CFLAGS. + * Fix .onion handling + * Command line usage was out of date for adig and ahost. + * Typos in manpages + * If ares_getenv is defined, it must return a value on all platforms + * If /etc/resolv.conf has invalid lookup values, use the defaults. + * Tests: Separate live tests from SetServers* tests as only live tests + should require internet access. + * ares_gethostbyname() should return ENODATA if no valid A or AAAA record + is found, but a CNAME was found. + * CMake: Rework library function checking to prevent unintended linking + with system libraries that aren't needed. + * Due to use of inet_addr() it was not possible to return 255.255.255.255 + from ares_gethostbyname(). + * CMake: Fix building of tests on Windows +- Drop regression.patch which have been fixed upstream +- Refresh disable-live-tests.patch +- Remove static lib since its required when doing tests and we dont want it + included in package +- Run spec-cleaner + ------------------------------------------------------------------- Mon Feb 3 15:17:24 UTC 2020 - Adam Majer diff --git a/c-ares.spec b/c-ares.spec index 2e89537..f677457 100644 --- a/c-ares.spec +++ b/c-ares.spec @@ -1,7 +1,7 @@ # # spec file for package c-ares # -# Copyright (c) 2020 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2020 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -18,22 +18,18 @@ %define sonum 2 %define libname libcares%{sonum} -%define realver 1.15.0-20200117 Name: c-ares -Version: 1.15.0+20200117 +Version: 1.16.1 Release: 0 Summary: Library for asynchronous name resolves License: MIT URL: https://c-ares.haxx.se/ -#Source0: https://c-ares.haxx.se/daily-snapshot/c-ares-%{realver}.tar.gz -Source0: c-ares-%{realver}.tar.gz -#Source0: http://c-ares.haxx.se/download/%{name}-%{version}.tar.gz -#Source1: http://c-ares.haxx.se/download/%{name}-%{version}.tar.gz.asc +Source0: http://c-ares.haxx.se/download/%{name}-%{version}.tar.gz +Source1: http://c-ares.haxx.se/download/%{name}-%{version}.tar.gz.asc Source3: %{name}.keyring Source4: baselibs.conf Patch0: 0001-Use-RPM-compiler-options.patch Patch1: disable-live-tests.patch -Patch2: regression.patch BuildRequires: cmake BuildRequires: gcc-c++ BuildRequires: libtool @@ -56,7 +52,6 @@ by Greg Hudson at MIT. This package provides some tools that make use of c-ares. - %package -n %{libname} Summary: Library for asynchronous name resolves # Needed for getservbyport_r function to work properly. @@ -69,7 +64,6 @@ by Greg Hudson at MIT. This package provides the shared libraries for c-ares. - %package devel Summary: Development files for %{name} Requires: %{libname} = %{version} @@ -85,9 +79,8 @@ by Greg Hudson at MIT. This package provides the development libraries and headers needed to build packages that depend on c-ares. - %prep -%autosetup -p1 -n %{name}-%{realver} +%autosetup -p1 -n %{name}-%{version} # Remove bogus cflags checking sed -i -e '/XC_CHECK_BUILD_FLAGS/d' configure.ac @@ -100,17 +93,18 @@ sed -i -e '/XC_CHECK_USER_FLAGS/d' m4/xc-cc-check.m4 -DCARES_INSTALL:BOOL=ON \ -DCARES_BUILD_TESTS:BOOL=ON \ -DCARES_BUILD_TOOLS:BOOL=ON -make %{?_smp_mflags} +%make_build %install %cmake_install install -m 644 -Dt %{buildroot}%{_mandir}/man1/ *.1 install -m 644 -Dt %{buildroot}%{_mandir}/man3/ *.3 -find %{buildroot} -type f -name "*.la" -delete -print +# Tests require static lib so lets remove it so it does not get in package +find %{buildroot} -type f \( -name "*.la" -o -name "*.a" \) -delete -print %check pushd build -make -C test %{?_smp_mflags} +%make_build -C test export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:./lib ./bin/arestest @@ -122,9 +116,9 @@ export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:./lib %{_bindir}/acountry %{_bindir}/adig %{_bindir}/ahost -%{_mandir}/man1/acountry.1%{ext_man} -%{_mandir}/man1/adig.1%{ext_man} -%{_mandir}/man1/ahost.1%{ext_man} +%{_mandir}/man1/acountry.1%{?ext_man} +%{_mandir}/man1/adig.1%{?ext_man} +%{_mandir}/man1/ahost.1%{?ext_man} %files -n %{libname} %license LICENSE.md @@ -134,7 +128,7 @@ export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:./lib %license LICENSE.md %{_libdir}/libcares.so %{_includedir}/*.h -%{_mandir}/man3/ares_*.3%{ext_man} +%{_mandir}/man3/ares_*.3%{?ext_man} %{_libdir}/pkgconfig/libcares.pc %{_libdir}/cmake/c-ares/ diff --git a/disable-live-tests.patch b/disable-live-tests.patch index cb4e17b..61b8a6c 100644 --- a/disable-live-tests.patch +++ b/disable-live-tests.patch @@ -1,8 +1,7 @@ -Index: c-ares-1.15.0-20200117/test/Makefile.inc -=================================================================== ---- c-ares-1.15.0-20200117.orig/test/Makefile.inc -+++ c-ares-1.15.0-20200117/test/Makefile.inc -@@ -13,7 +13,6 @@ TESTSOURCES = ares-test-main.cc \ +diff -Naur c-ares-1.16.1.orig/test/Makefile.inc c-ares-1.16.1/test/Makefile.inc +--- c-ares-1.16.1.orig/test/Makefile.inc 2020-07-08 22:15:36.667605939 +0200 ++++ c-ares-1.16.1/test/Makefile.inc 2020-07-08 22:16:25.407171729 +0200 +@@ -14,7 +14,6 @@ ares-test-parse-srv.cc \ ares-test-parse-txt.cc \ ares-test-misc.cc \ @@ -10,47 +9,3 @@ Index: c-ares-1.15.0-20200117/test/Makefile.inc ares-test-mock.cc \ ares-test-mock-ai.cc \ ares-test-internal.cc \ -Index: c-ares-1.15.0-20200117/test/ares-test-misc.cc -=================================================================== ---- c-ares-1.15.0-20200117.orig/test/ares-test-misc.cc -+++ c-ares-1.15.0-20200117/test/ares-test-misc.cc -@@ -47,10 +47,12 @@ TEST_F(DefaultChannelTest, SetServers) { - EXPECT_EQ(expected, GetNameServers(channel_)); - - // Change not allowed while request is pending -+ /* - HostResult result; - ares_gethostbyname(channel_, "www.google.com.", AF_INET, HostCallback, &result); - EXPECT_EQ(ARES_ENOTIMP, ares_set_servers(channel_, &server1)); - ares_cancel(channel_); -+ */ - } - - TEST_F(DefaultChannelTest, SetServersPorts) { -@@ -77,10 +79,12 @@ TEST_F(DefaultChannelTest, SetServersPor - EXPECT_EQ(expected, GetNameServers(channel_)); - - // Change not allowed while request is pending -+ /* - HostResult result; - ares_gethostbyname(channel_, "www.google.com.", AF_INET, HostCallback, &result); - EXPECT_EQ(ARES_ENOTIMP, ares_set_servers_ports(channel_, &server1)); - ares_cancel(channel_); -+ */ - } - - TEST_F(DefaultChannelTest, SetServersCSV) { -@@ -109,11 +113,13 @@ TEST_F(DefaultChannelTest, SetServersCSV - EXPECT_EQ(expected2, GetNameServers(channel_)); - - // Change not allowed while request is pending -+ /* - HostResult result; - ares_gethostbyname(channel_, "www.google.com.", AF_INET, HostCallback, &result); - EXPECT_EQ(ARES_ENOTIMP, ares_set_servers_csv(channel_, "1.2.3.4,2.3.4.5")); - EXPECT_EQ(ARES_ENOTIMP, ares_set_servers_ports_csv(channel_, "1.2.3.4:56,2.3.4.5:67")); - ares_cancel(channel_); -+ */ - - // Should survive duplication - ares_channel channel2; diff --git a/regression.patch b/regression.patch deleted file mode 100644 index 46765e3..0000000 --- a/regression.patch +++ /dev/null @@ -1,106 +0,0 @@ -commit 9413d54ff43d18cedf0d4531408aabc7c2c102a2 -Author: Adam Majer -Date: Mon Feb 3 15:19:08 2020 +0100 - - Only count valid addresses when response parsing - - When ares_parse_a_reply or ares_parse_aaaa_reply is called in case - where another AAAA and A responses exist, the resulting ares_addrttl - count is invalid and the structure points to gibberish. - - This is a regression since 1.15. - - PR: https://github.com/c-ares/c-ares/pull/302 - -diff --git a/ares_parse_a_reply.c b/ares_parse_a_reply.c -index b506f72..920ba24 100644 ---- a/ares_parse_a_reply.c -+++ b/ares_parse_a_reply.c -@@ -86,7 +86,10 @@ int ares_parse_a_reply(const unsigned char *abuf, int alen, - next = ai.nodes; - while (next) - { -- ++naddrs; -+ if (next->ai_family == AF_INET) -+ { -+ ++naddrs; -+ } - next = next->ai_next; - } - -diff --git a/ares_parse_aaaa_reply.c b/ares_parse_aaaa_reply.c -index aca3f00..d39e138 100644 ---- a/ares_parse_aaaa_reply.c -+++ b/ares_parse_aaaa_reply.c -@@ -88,7 +88,10 @@ int ares_parse_aaaa_reply(const unsigned char *abuf, int alen, - next = ai.nodes; - while (next) - { -- ++naddrs; -+ if(next->ai_family == AF_INET6) -+ { -+ ++naddrs; -+ } - next = next->ai_next; - } - -diff --git a/test/ares-test-parse-a.cc b/test/ares-test-parse-a.cc -index 77d9591..0741c0d 100644 ---- a/test/ares-test-parse-a.cc -+++ b/test/ares-test-parse-a.cc -@@ -11,13 +11,14 @@ TEST_F(LibraryTest, ParseAReplyOK) { - DNSPacket pkt; - pkt.set_qid(0x1234).set_response().set_aa() - .add_question(new DNSQuestion("example.com", ns_t_a)) -- .add_answer(new DNSARR("example.com", 0x01020304, {2,3,4,5})); -+ .add_answer(new DNSARR("example.com", 0x01020304, {2,3,4,5})) -+ .add_answer(new DNSAaaaRR("example.com", 0x01020304, {0,0,0,0,0,0,0,0,0,0,0,0,2,3,4,5})); - std::vector data = { - 0x12, 0x34, // qid - 0x84, // response + query + AA + not-TC + not-RD - 0x00, // not-RA + not-Z + not-AD + not-CD + rc=NoError - 0x00, 0x01, // num questions -- 0x00, 0x01, // num answer RRs -+ 0x00, 0x02, // num answer RRs - 0x00, 0x00, // num authority RRs - 0x00, 0x00, // num additional RRs - // Question -@@ -35,6 +36,15 @@ TEST_F(LibraryTest, ParseAReplyOK) { - 0x01, 0x02, 0x03, 0x04, // TTL - 0x00, 0x04, // rdata length - 0x02, 0x03, 0x04, 0x05, -+ // Answer 2 -+ 0x07, 'e', 'x', 'a', 'm', 'p', 'l', 'e', -+ 0x03, 'c', 'o', 'm', -+ 0x00, -+ 0x00, 0x1c, // RR type -+ 0x00, 0x01, // class IN -+ 0x01, 0x02, 0x03, 0x04, // TTL -+ 0x00, 0x10, // rdata length -+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x03, 0x04, 0x05, - }; - EXPECT_EQ(data, pkt.data()); - struct hostent *host = nullptr; -@@ -68,7 +78,7 @@ TEST_F(LibraryTest, ParseMalformedAReply) { - 0x84, // [2] response + query + AA + not-TC + not-RD - 0x00, // [3] not-RA + not-Z + not-AD + not-CD + rc=NoError - 0x00, 0x01, // [4:6) num questions -- 0x00, 0x01, // [6:8) num answer RRs -+ 0x00, 0x02, // [6:8) num answer RRs - 0x00, 0x00, // [8:10) num authority RRs - 0x00, 0x00, // [10:12) num additional RRs - // Question -diff --git a/test/ares-test-parse-aaaa.cc b/test/ares-test-parse-aaaa.cc -index 9d0457e..1314c83 100644 ---- a/test/ares-test-parse-aaaa.cc -+++ b/test/ares-test-parse-aaaa.cc -@@ -13,7 +13,8 @@ TEST_F(LibraryTest, ParseAaaaReplyOK) { - .add_question(new DNSQuestion("example.com", ns_t_aaaa)) - .add_answer(new DNSAaaaRR("example.com", 100, - {0x01, 0x01, 0x01, 0x01, 0x02, 0x02, 0x02, 0x02, -- 0x03, 0x03, 0x03, 0x03, 0x04, 0x04, 0x04, 0x04})); -+ 0x03, 0x03, 0x03, 0x03, 0x04, 0x04, 0x04, 0x04})) -+ .add_answer(new DNSARR("example.com", 0x01020304, {2,3,4,5})); - std::vector data = pkt.data(); - struct hostent *host = nullptr; - struct ares_addr6ttl info[5];