From a4815457d34e4c9be4de9383823db8ac3cebd80fafbb167cf91b776747d6106e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tom=C3=A1=C5=A1=20Chv=C3=A1tal?= Date: Thu, 9 Jul 2020 06:43:45 +0000 Subject: [PATCH] Accepting request 819608 from home:elimat:branches:devel:libraries:c_c++ - Version update to 1.16.1 Security: * Prevent possible use-after-free and double-free in ares_getaddrinfo() if ares_destroy() is called prior to ares_getaddrinfo() completing. Reported by Jann Horn at Google Project Zero. Changes: * Allow TXT records on CHAOS qclass. Used for retriving things like version.bind, version.server, authoris.bind, hostname.bind, and id.server. [3] Bug fixes: * Fix Windows Unicode incompatibilities with ares_getaddrinfo() [1] * Silence false cast-align compiler warnings due to valid casts of struct sockaddr to struct sockaddr_in and struct sockaddr_in6. * MacOS should use libresolv for retrieving DNS servers, like iOS * CMake build system should populate the INCLUDE_DIRECTORIES property of installed targets [2] * Correct macros in use for the ares_getaddrinfo.3 man page - Changes in version 1.16.0 Changes: * Introduction of ares_getaddrinfo() API which provides similar output (including proper sorting as per RFC 6724) to the system native API, but utilizes different data structures in order to provide additional information such as TTLs and all aliases. Please reference the respective man pages for usage details. * Parse SOA records from ns_t_any response * CMake: Provide c-ares version in package export file * CMake: Add CPACK functionality for DEB and RPM * CMake: Generate PDB files during build * CMake: Support manpage installation Bug fixes: * Fix bad expectation in IPv6 localhost test. * AutoTools: use XC_CHECK_BUILD_FLAGS instead of XC_CHECK_USER_FLAGS to prevent complaints about CPPFLAGS in CFLAGS. * Fix .onion handling * Command line usage was out of date for adig and ahost. * Typos in manpages * If ares_getenv is defined, it must return a value on all platforms * If /etc/resolv.conf has invalid lookup values, use the defaults. * Tests: Separate live tests from SetServers* tests as only live tests should require internet access. * ares_gethostbyname() should return ENODATA if no valid A or AAAA record is found, but a CNAME was found. * CMake: Rework library function checking to prevent unintended linking with system libraries that aren't needed. * Due to use of inet_addr() it was not possible to return 255.255.255.255 from ares_gethostbyname(). * CMake: Fix building of tests on Windows - Drop regression.patch which have been fixed upstream - Refresh disable-live-tests.patch - Remove static lib since its required when doing tests and we dont want it included in package - Run spec-cleaner OBS-URL: https://build.opensuse.org/request/show/819608 OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/c-ares?expand=0&rev=18 --- c-ares-1.15.0-20200117.tar.gz | 3 - c-ares-1.16.1.tar.gz | 3 + c-ares-1.16.1.tar.gz.asc | 11 ++++ c-ares.changes | 55 ++++++++++++++++++ c-ares.spec | 32 +++++----- disable-live-tests.patch | 53 ++--------------- regression.patch | 106 ---------------------------------- 7 files changed, 86 insertions(+), 177 deletions(-) delete mode 100644 c-ares-1.15.0-20200117.tar.gz create mode 100644 c-ares-1.16.1.tar.gz create mode 100644 c-ares-1.16.1.tar.gz.asc delete mode 100644 regression.patch diff --git a/c-ares-1.15.0-20200117.tar.gz b/c-ares-1.15.0-20200117.tar.gz deleted file mode 100644 index 516d29b..0000000 --- a/c-ares-1.15.0-20200117.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:86a99c9750698356ffde22cb42e2a18bb4c2baf424d31ba988c4e6f6fc18ba89 -size 1332073 diff --git a/c-ares-1.16.1.tar.gz b/c-ares-1.16.1.tar.gz new file mode 100644 index 0000000..96d769d --- /dev/null +++ b/c-ares-1.16.1.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:d08312d0ecc3bd48eee0a4cc0d2137c9f194e0a28de2028928c0f6cae85f86ce +size 1374637 diff --git a/c-ares-1.16.1.tar.gz.asc b/c-ares-1.16.1.tar.gz.asc new file mode 100644 index 0000000..b439f7a --- /dev/null +++ b/c-ares-1.16.1.tar.gz.asc @@ -0,0 +1,11 @@ +-----BEGIN PGP SIGNATURE----- + +iQEzBAABCgAdFiEEJ+3q8i86vOtQ25oSXMkI/bceEsIFAl65kRoACgkQXMkI/bce +EsLoxwgAkIUACrGgrcLwqPUt6+JZoqWgTMjQTuGyZ+5kB8O93U40GSHH8YDm5Ntj +iTADAQMNo8EJfRBwH+tpQ7VFXDIAz/8dNuwx4VmnadaqoQU7j7v2u5IhltBmtof1 +SkRwwdpma4FoteF91cPDoFH/sdaUGlhFo/fS4gJPeWJqqqCok78j5mS9ZIwzyc4B +JKP2PMEt1XX1hmLOc+4jI7Mv0N0egN6cvCTiyW8jq0maEALiUBm3U9T+g6yDLp5J +KnbtLkcwTU+lj4BdMcJ+ADrW4ELFIY1Jd1qOWhLOLEwyvbDFiJ1x53+U3Vzht7n0 +Yv/3aL0xtfcRXkILjnNlNCSgO34PTg== +=LOfS +-----END PGP SIGNATURE----- diff --git a/c-ares.changes b/c-ares.changes index 44e3437..0827c06 100644 --- a/c-ares.changes +++ b/c-ares.changes @@ -1,3 +1,58 @@ +------------------------------------------------------------------- +Wed Jul 8 20:35:17 UTC 2020 - Matthias Eliasson + +- Version update to 1.16.1 + Security: + * Prevent possible use-after-free and double-free in ares_getaddrinfo() if + ares_destroy() is called prior to ares_getaddrinfo() completing. + Reported by Jann Horn at Google Project Zero. + Changes: + * Allow TXT records on CHAOS qclass. Used for retriving things like + version.bind, version.server, authoris.bind, hostname.bind, and id.server. [3] + Bug fixes: + * Fix Windows Unicode incompatibilities with ares_getaddrinfo() [1] + * Silence false cast-align compiler warnings due to valid casts of struct + sockaddr to struct sockaddr_in and struct sockaddr_in6. + * MacOS should use libresolv for retrieving DNS servers, like iOS + * CMake build system should populate the INCLUDE_DIRECTORIES property of + installed targets [2] + * Correct macros in use for the ares_getaddrinfo.3 man page +- Changes in version 1.16.0 + Changes: + * Introduction of ares_getaddrinfo() API which provides similar output + (including proper sorting as per RFC 6724) to the system native API, but + utilizes different data structures in order to provide additional + information such as TTLs and all aliases. Please reference the respective + man pages for usage details. + * Parse SOA records from ns_t_any response + * CMake: Provide c-ares version in package export file + * CMake: Add CPACK functionality for DEB and RPM + * CMake: Generate PDB files during build + * CMake: Support manpage installation + Bug fixes: + * Fix bad expectation in IPv6 localhost test. + * AutoTools: use XC_CHECK_BUILD_FLAGS instead of XC_CHECK_USER_FLAGS to + prevent complaints about CPPFLAGS in CFLAGS. + * Fix .onion handling + * Command line usage was out of date for adig and ahost. + * Typos in manpages + * If ares_getenv is defined, it must return a value on all platforms + * If /etc/resolv.conf has invalid lookup values, use the defaults. + * Tests: Separate live tests from SetServers* tests as only live tests + should require internet access. + * ares_gethostbyname() should return ENODATA if no valid A or AAAA record + is found, but a CNAME was found. + * CMake: Rework library function checking to prevent unintended linking + with system libraries that aren't needed. + * Due to use of inet_addr() it was not possible to return 255.255.255.255 + from ares_gethostbyname(). + * CMake: Fix building of tests on Windows +- Drop regression.patch which have been fixed upstream +- Refresh disable-live-tests.patch +- Remove static lib since its required when doing tests and we dont want it + included in package +- Run spec-cleaner + ------------------------------------------------------------------- Mon Feb 3 15:17:24 UTC 2020 - Adam Majer diff --git a/c-ares.spec b/c-ares.spec index 2e89537..f677457 100644 --- a/c-ares.spec +++ b/c-ares.spec @@ -1,7 +1,7 @@ # # spec file for package c-ares # -# Copyright (c) 2020 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2020 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -18,22 +18,18 @@ %define sonum 2 %define libname libcares%{sonum} -%define realver 1.15.0-20200117 Name: c-ares -Version: 1.15.0+20200117 +Version: 1.16.1 Release: 0 Summary: Library for asynchronous name resolves License: MIT URL: https://c-ares.haxx.se/ -#Source0: https://c-ares.haxx.se/daily-snapshot/c-ares-%{realver}.tar.gz -Source0: c-ares-%{realver}.tar.gz -#Source0: http://c-ares.haxx.se/download/%{name}-%{version}.tar.gz -#Source1: http://c-ares.haxx.se/download/%{name}-%{version}.tar.gz.asc +Source0: http://c-ares.haxx.se/download/%{name}-%{version}.tar.gz +Source1: http://c-ares.haxx.se/download/%{name}-%{version}.tar.gz.asc Source3: %{name}.keyring Source4: baselibs.conf Patch0: 0001-Use-RPM-compiler-options.patch Patch1: disable-live-tests.patch -Patch2: regression.patch BuildRequires: cmake BuildRequires: gcc-c++ BuildRequires: libtool @@ -56,7 +52,6 @@ by Greg Hudson at MIT. This package provides some tools that make use of c-ares. - %package -n %{libname} Summary: Library for asynchronous name resolves # Needed for getservbyport_r function to work properly. @@ -69,7 +64,6 @@ by Greg Hudson at MIT. This package provides the shared libraries for c-ares. - %package devel Summary: Development files for %{name} Requires: %{libname} = %{version} @@ -85,9 +79,8 @@ by Greg Hudson at MIT. This package provides the development libraries and headers needed to build packages that depend on c-ares. - %prep -%autosetup -p1 -n %{name}-%{realver} +%autosetup -p1 -n %{name}-%{version} # Remove bogus cflags checking sed -i -e '/XC_CHECK_BUILD_FLAGS/d' configure.ac @@ -100,17 +93,18 @@ sed -i -e '/XC_CHECK_USER_FLAGS/d' m4/xc-cc-check.m4 -DCARES_INSTALL:BOOL=ON \ -DCARES_BUILD_TESTS:BOOL=ON \ -DCARES_BUILD_TOOLS:BOOL=ON -make %{?_smp_mflags} +%make_build %install %cmake_install install -m 644 -Dt %{buildroot}%{_mandir}/man1/ *.1 install -m 644 -Dt %{buildroot}%{_mandir}/man3/ *.3 -find %{buildroot} -type f -name "*.la" -delete -print +# Tests require static lib so lets remove it so it does not get in package +find %{buildroot} -type f \( -name "*.la" -o -name "*.a" \) -delete -print %check pushd build -make -C test %{?_smp_mflags} +%make_build -C test export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:./lib ./bin/arestest @@ -122,9 +116,9 @@ export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:./lib %{_bindir}/acountry %{_bindir}/adig %{_bindir}/ahost -%{_mandir}/man1/acountry.1%{ext_man} -%{_mandir}/man1/adig.1%{ext_man} -%{_mandir}/man1/ahost.1%{ext_man} +%{_mandir}/man1/acountry.1%{?ext_man} +%{_mandir}/man1/adig.1%{?ext_man} +%{_mandir}/man1/ahost.1%{?ext_man} %files -n %{libname} %license LICENSE.md @@ -134,7 +128,7 @@ export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:./lib %license LICENSE.md %{_libdir}/libcares.so %{_includedir}/*.h -%{_mandir}/man3/ares_*.3%{ext_man} +%{_mandir}/man3/ares_*.3%{?ext_man} %{_libdir}/pkgconfig/libcares.pc %{_libdir}/cmake/c-ares/ diff --git a/disable-live-tests.patch b/disable-live-tests.patch index cb4e17b..61b8a6c 100644 --- a/disable-live-tests.patch +++ b/disable-live-tests.patch @@ -1,8 +1,7 @@ -Index: c-ares-1.15.0-20200117/test/Makefile.inc -=================================================================== ---- c-ares-1.15.0-20200117.orig/test/Makefile.inc -+++ c-ares-1.15.0-20200117/test/Makefile.inc -@@ -13,7 +13,6 @@ TESTSOURCES = ares-test-main.cc \ +diff -Naur c-ares-1.16.1.orig/test/Makefile.inc c-ares-1.16.1/test/Makefile.inc +--- c-ares-1.16.1.orig/test/Makefile.inc 2020-07-08 22:15:36.667605939 +0200 ++++ c-ares-1.16.1/test/Makefile.inc 2020-07-08 22:16:25.407171729 +0200 +@@ -14,7 +14,6 @@ ares-test-parse-srv.cc \ ares-test-parse-txt.cc \ ares-test-misc.cc \ @@ -10,47 +9,3 @@ Index: c-ares-1.15.0-20200117/test/Makefile.inc ares-test-mock.cc \ ares-test-mock-ai.cc \ ares-test-internal.cc \ -Index: c-ares-1.15.0-20200117/test/ares-test-misc.cc -=================================================================== ---- c-ares-1.15.0-20200117.orig/test/ares-test-misc.cc -+++ c-ares-1.15.0-20200117/test/ares-test-misc.cc -@@ -47,10 +47,12 @@ TEST_F(DefaultChannelTest, SetServers) { - EXPECT_EQ(expected, GetNameServers(channel_)); - - // Change not allowed while request is pending -+ /* - HostResult result; - ares_gethostbyname(channel_, "www.google.com.", AF_INET, HostCallback, &result); - EXPECT_EQ(ARES_ENOTIMP, ares_set_servers(channel_, &server1)); - ares_cancel(channel_); -+ */ - } - - TEST_F(DefaultChannelTest, SetServersPorts) { -@@ -77,10 +79,12 @@ TEST_F(DefaultChannelTest, SetServersPor - EXPECT_EQ(expected, GetNameServers(channel_)); - - // Change not allowed while request is pending -+ /* - HostResult result; - ares_gethostbyname(channel_, "www.google.com.", AF_INET, HostCallback, &result); - EXPECT_EQ(ARES_ENOTIMP, ares_set_servers_ports(channel_, &server1)); - ares_cancel(channel_); -+ */ - } - - TEST_F(DefaultChannelTest, SetServersCSV) { -@@ -109,11 +113,13 @@ TEST_F(DefaultChannelTest, SetServersCSV - EXPECT_EQ(expected2, GetNameServers(channel_)); - - // Change not allowed while request is pending -+ /* - HostResult result; - ares_gethostbyname(channel_, "www.google.com.", AF_INET, HostCallback, &result); - EXPECT_EQ(ARES_ENOTIMP, ares_set_servers_csv(channel_, "1.2.3.4,2.3.4.5")); - EXPECT_EQ(ARES_ENOTIMP, ares_set_servers_ports_csv(channel_, "1.2.3.4:56,2.3.4.5:67")); - ares_cancel(channel_); -+ */ - - // Should survive duplication - ares_channel channel2; diff --git a/regression.patch b/regression.patch deleted file mode 100644 index 46765e3..0000000 --- a/regression.patch +++ /dev/null @@ -1,106 +0,0 @@ -commit 9413d54ff43d18cedf0d4531408aabc7c2c102a2 -Author: Adam Majer -Date: Mon Feb 3 15:19:08 2020 +0100 - - Only count valid addresses when response parsing - - When ares_parse_a_reply or ares_parse_aaaa_reply is called in case - where another AAAA and A responses exist, the resulting ares_addrttl - count is invalid and the structure points to gibberish. - - This is a regression since 1.15. - - PR: https://github.com/c-ares/c-ares/pull/302 - -diff --git a/ares_parse_a_reply.c b/ares_parse_a_reply.c -index b506f72..920ba24 100644 ---- a/ares_parse_a_reply.c -+++ b/ares_parse_a_reply.c -@@ -86,7 +86,10 @@ int ares_parse_a_reply(const unsigned char *abuf, int alen, - next = ai.nodes; - while (next) - { -- ++naddrs; -+ if (next->ai_family == AF_INET) -+ { -+ ++naddrs; -+ } - next = next->ai_next; - } - -diff --git a/ares_parse_aaaa_reply.c b/ares_parse_aaaa_reply.c -index aca3f00..d39e138 100644 ---- a/ares_parse_aaaa_reply.c -+++ b/ares_parse_aaaa_reply.c -@@ -88,7 +88,10 @@ int ares_parse_aaaa_reply(const unsigned char *abuf, int alen, - next = ai.nodes; - while (next) - { -- ++naddrs; -+ if(next->ai_family == AF_INET6) -+ { -+ ++naddrs; -+ } - next = next->ai_next; - } - -diff --git a/test/ares-test-parse-a.cc b/test/ares-test-parse-a.cc -index 77d9591..0741c0d 100644 ---- a/test/ares-test-parse-a.cc -+++ b/test/ares-test-parse-a.cc -@@ -11,13 +11,14 @@ TEST_F(LibraryTest, ParseAReplyOK) { - DNSPacket pkt; - pkt.set_qid(0x1234).set_response().set_aa() - .add_question(new DNSQuestion("example.com", ns_t_a)) -- .add_answer(new DNSARR("example.com", 0x01020304, {2,3,4,5})); -+ .add_answer(new DNSARR("example.com", 0x01020304, {2,3,4,5})) -+ .add_answer(new DNSAaaaRR("example.com", 0x01020304, {0,0,0,0,0,0,0,0,0,0,0,0,2,3,4,5})); - std::vector data = { - 0x12, 0x34, // qid - 0x84, // response + query + AA + not-TC + not-RD - 0x00, // not-RA + not-Z + not-AD + not-CD + rc=NoError - 0x00, 0x01, // num questions -- 0x00, 0x01, // num answer RRs -+ 0x00, 0x02, // num answer RRs - 0x00, 0x00, // num authority RRs - 0x00, 0x00, // num additional RRs - // Question -@@ -35,6 +36,15 @@ TEST_F(LibraryTest, ParseAReplyOK) { - 0x01, 0x02, 0x03, 0x04, // TTL - 0x00, 0x04, // rdata length - 0x02, 0x03, 0x04, 0x05, -+ // Answer 2 -+ 0x07, 'e', 'x', 'a', 'm', 'p', 'l', 'e', -+ 0x03, 'c', 'o', 'm', -+ 0x00, -+ 0x00, 0x1c, // RR type -+ 0x00, 0x01, // class IN -+ 0x01, 0x02, 0x03, 0x04, // TTL -+ 0x00, 0x10, // rdata length -+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x03, 0x04, 0x05, - }; - EXPECT_EQ(data, pkt.data()); - struct hostent *host = nullptr; -@@ -68,7 +78,7 @@ TEST_F(LibraryTest, ParseMalformedAReply) { - 0x84, // [2] response + query + AA + not-TC + not-RD - 0x00, // [3] not-RA + not-Z + not-AD + not-CD + rc=NoError - 0x00, 0x01, // [4:6) num questions -- 0x00, 0x01, // [6:8) num answer RRs -+ 0x00, 0x02, // [6:8) num answer RRs - 0x00, 0x00, // [8:10) num authority RRs - 0x00, 0x00, // [10:12) num additional RRs - // Question -diff --git a/test/ares-test-parse-aaaa.cc b/test/ares-test-parse-aaaa.cc -index 9d0457e..1314c83 100644 ---- a/test/ares-test-parse-aaaa.cc -+++ b/test/ares-test-parse-aaaa.cc -@@ -13,7 +13,8 @@ TEST_F(LibraryTest, ParseAaaaReplyOK) { - .add_question(new DNSQuestion("example.com", ns_t_aaaa)) - .add_answer(new DNSAaaaRR("example.com", 100, - {0x01, 0x01, 0x01, 0x01, 0x02, 0x02, 0x02, 0x02, -- 0x03, 0x03, 0x03, 0x03, 0x04, 0x04, 0x04, 0x04})); -+ 0x03, 0x03, 0x03, 0x03, 0x04, 0x04, 0x04, 0x04})) -+ .add_answer(new DNSARR("example.com", 0x01020304, {2,3,4,5})); - std::vector data = pkt.data(); - struct hostent *host = nullptr; - struct ares_addr6ttl info[5];