forked from pool/c-ares
- update to 1.18.1. Changes since 1.17.2:
* Allow '/' as a valid character for a returned name for
CNAME in-addr.arpa delegation
* no longer forwards requests for localhost resolution per RFC6761
* During a domain search, treat ARES_ENODATA as ARES_NXDOMAIN so
that the search process will continue to the next domain
in the search.
* Provide ares_nameser.h as a public interface as needed by NodeJS
* Add support for URI(Uniform Resource Identifier) records via
ares_parse_uri_reply()
- 5c995d5.patch: upstreamed
- disable-live-tests.patch: refreshed
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/c-ares?expand=0&rev=44
This commit is contained in:
Git OBS Bridge
parent
3dd76e76c5
commit
e7ba41e9de
@ -1,51 +0,0 @@
|
|||||||
From 5c995d50b05a2c374ae021012afa6f8f4cf2957e Mon Sep 17 00:00:00 2001
|
|
||||||
From: bradh352 <brad@brad-house.com>
|
|
||||||
Date: Wed, 8 Sep 2021 07:38:44 -0400
|
|
||||||
Subject: [PATCH] ares_expand_name should allow underscores (_) as SRV records
|
|
||||||
legitimately use them
|
|
||||||
|
|
||||||
c-ares 1.17.2 introduced response validation to prevent a security issue, however
|
|
||||||
it did not have (_) listed as a valid character for domain name responses which
|
|
||||||
caused issues when a CNAME referenced a SRV record which contained underscores.
|
|
||||||
|
|
||||||
While RFC2181 section 11 does explicitly state not to do validation, that applies
|
|
||||||
to servers not clients.
|
|
||||||
|
|
||||||
Fixes: #424
|
|
||||||
Fix By: Brad House (@bradh352)
|
|
||||||
---
|
|
||||||
src/lib/ares_expand_name.c | 12 +++++++++---
|
|
||||||
1 file changed, 9 insertions(+), 3 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/src/lib/ares_expand_name.c b/src/lib/ares_expand_name.c
|
|
||||||
index a62c982e..db262ab4 100644
|
|
||||||
--- a/src/lib/ares_expand_name.c
|
|
||||||
+++ b/src/lib/ares_expand_name.c
|
|
||||||
@@ -59,10 +59,16 @@ static int ares__isprint(int ch)
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
-/* Character set allowed by hostnames */
|
|
||||||
+/* Character set allowed by hostnames. This is to include the normal
|
|
||||||
+ * domain name character set plus underscores which are used in SRV
|
|
||||||
+ * records. While RFC 2181 section 11 does state not to do validation,
|
|
||||||
+ * that applies to servers, not clients. Vulnerabilities have been
|
|
||||||
+ * reported when this validation is not performed. Security is more
|
|
||||||
+ * important than edge-case compatibility (which is probably invalid
|
|
||||||
+ * anyhow). */
|
|
||||||
static int is_hostnamech(int ch)
|
|
||||||
{
|
|
||||||
- /* [A-Za-z0-9-.]
|
|
||||||
+ /* [A-Za-z0-9-._]
|
|
||||||
* Don't use isalnum() as it is locale-specific
|
|
||||||
*/
|
|
||||||
if (ch >= 'A' && ch <= 'Z')
|
|
||||||
@@ -71,7 +77,7 @@ static int is_hostnamech(int ch)
|
|
||||||
return 1;
|
|
||||||
if (ch >= '0' && ch <= '9')
|
|
||||||
return 1;
|
|
||||||
- if (ch == '-' || ch == '.')
|
|
||||||
+ if (ch == '-' || ch == '.' || ch == '_')
|
|
||||||
return 1;
|
|
||||||
|
|
||||||
return 0;
|
|
||||||
@ -1,3 +0,0 @@
|
|||||||
version https://git-lfs.github.com/spec/v1
|
|
||||||
oid sha256:4803c844ce20ce510ef0eb83f8ea41fa24ecaae9d280c468c582d2bb25b3913d
|
|
||||||
size 1538276
|
|
||||||
@ -1,11 +0,0 @@
|
|||||||
-----BEGIN PGP SIGNATURE-----
|
|
||||||
|
|
||||||
iQEzBAABCgAdFiEEJ+3q8i86vOtQ25oSXMkI/bceEsIFAmESGOwACgkQXMkI/bce
|
|
||||||
EsIyCwf/aKIZjd/ziFBwGNwLpk5DH62e5tr1sL7BwW8F7TiGjKnvglScxxauraM8
|
|
||||||
qCVYP6rkCV3aeSg2yEfYI8slrllek6J8iciIN0Y7a7Vd9epVWfSMLq1GNeR+NPB/
|
|
||||||
aAFak21vIk2QaLYZk+z4s4pmWN2bvwWJxGG3Tdohr9/W5f3kdbYVrdCE3nWFgCQ6
|
|
||||||
/vqG0SACZufgjiEG6vYf2Mhmit9MY+I1LmuR3LrGO2iLMfS69z7GzBS6d015mAHP
|
|
||||||
Gm2qLdNBdWyfoMBi7vEMef0/C336UQ1mNyxThw9vHVXr/Fao+ZSL0NJgiZ0ggtKi
|
|
||||||
ojAIChIOwOGMcTy8TBmEyNxf7OIsFA==
|
|
||||||
=/P5j
|
|
||||||
-----END PGP SIGNATURE-----
|
|
||||||
3
c-ares-1.18.1.tar.gz
Normal file
3
c-ares-1.18.1.tar.gz
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
version https://git-lfs.github.com/spec/v1
|
||||||
|
oid sha256:1a7d52a8a84a9fbffb1be9133c0f6e17217d91ea5a6fa61f6b4729cda78ebbcf
|
||||||
|
size 1560165
|
||||||
11
c-ares-1.18.1.tar.gz.asc
Normal file
11
c-ares-1.18.1.tar.gz.asc
Normal file
@ -0,0 +1,11 @@
|
|||||||
|
-----BEGIN PGP SIGNATURE-----
|
||||||
|
|
||||||
|
iQEzBAABCgAdFiEEJ+3q8i86vOtQ25oSXMkI/bceEsIFAmF47KIACgkQXMkI/bce
|
||||||
|
EsKuvwf9Ef0HL1yhrA80nUSxQvgGNFhYQO1eEeH5LzV/UPGydOOSXuoVU+YZKjnr
|
||||||
|
XUMCYcW8gCLACd4wBab/1gHBa9YeSVJpeJRdyrtIiAhiOPixmwSDCQMMixI526zd
|
||||||
|
q40YK+M/YROJgYyp4E1t6rK5UK+sSwkKePXLLPUW5IXjj3vyCNz6TANINv3KoQqC
|
||||||
|
mXVmUx0kr1U58fjzp0DB8jz1bixVllD7PpGPsR8pkFTCltVFZmKrvxRy4MHB7/Zs
|
||||||
|
5JAElYhR/H+NKY1+2S9A4pKPfN/orGkVyeZlw9A/XdMF+Tjr2YT5FDPair6DQuvI
|
||||||
|
Dp24pB2pYTFRfdjZj2b5l568UiujHQ==
|
||||||
|
=mcGJ
|
||||||
|
-----END PGP SIGNATURE-----
|
||||||
@ -1,3 +1,20 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Tue Dec 7 16:57:20 UTC 2021 - Adam Majer <adam.majer@suse.de>
|
||||||
|
|
||||||
|
- update to 1.18.1. Changes since 1.17.2:
|
||||||
|
* Allow '/' as a valid character for a returned name for
|
||||||
|
CNAME in-addr.arpa delegation
|
||||||
|
* no longer forwards requests for localhost resolution per RFC6761
|
||||||
|
* During a domain search, treat ARES_ENODATA as ARES_NXDOMAIN so
|
||||||
|
that the search process will continue to the next domain
|
||||||
|
in the search.
|
||||||
|
* Provide ares_nameser.h as a public interface as needed by NodeJS
|
||||||
|
* Add support for URI(Uniform Resource Identifier) records via
|
||||||
|
ares_parse_uri_reply()
|
||||||
|
|
||||||
|
- 5c995d5.patch: upstreamed
|
||||||
|
- disable-live-tests.patch: refreshed
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Thu Sep 9 12:15:01 UTC 2021 - Adam Majer <adam.majer@suse.de>
|
Thu Sep 9 12:15:01 UTC 2021 - Adam Majer <adam.majer@suse.de>
|
||||||
|
|
||||||
|
|||||||
@ -24,7 +24,7 @@
|
|||||||
%endif
|
%endif
|
||||||
|
|
||||||
Name: c-ares
|
Name: c-ares
|
||||||
Version: 1.17.2
|
Version: 1.18.1
|
||||||
Release: 0
|
Release: 0
|
||||||
Summary: Library for asynchronous name resolves
|
Summary: Library for asynchronous name resolves
|
||||||
License: MIT
|
License: MIT
|
||||||
@ -35,7 +35,6 @@ Source3: c-ares.keyring
|
|||||||
Source4: baselibs.conf
|
Source4: baselibs.conf
|
||||||
Patch0: 0001-Use-RPM-compiler-options.patch
|
Patch0: 0001-Use-RPM-compiler-options.patch
|
||||||
Patch1: disable-live-tests.patch
|
Patch1: disable-live-tests.patch
|
||||||
Patch2: https://github.com/c-ares/c-ares/commit/5c995d5.patch
|
|
||||||
BuildRequires: cmake
|
BuildRequires: cmake
|
||||||
BuildRequires: gcc-c++
|
BuildRequires: gcc-c++
|
||||||
BuildRequires: pkg-config
|
BuildRequires: pkg-config
|
||||||
|
|||||||
@ -1,9 +1,10 @@
|
|||||||
diff -Naur c-ares-1.16.1.orig/test/Makefile.inc c-ares-1.16.1/test/Makefile.inc
|
Index: c-ares-1.18.1/test/Makefile.inc
|
||||||
--- c-ares-1.16.1.orig/test/Makefile.inc 2020-07-08 22:15:36.667605939 +0200
|
===================================================================
|
||||||
+++ c-ares-1.16.1/test/Makefile.inc 2020-07-08 22:16:25.407171729 +0200
|
--- c-ares-1.18.1.orig/test/Makefile.inc
|
||||||
@@ -14,7 +14,6 @@
|
+++ c-ares-1.18.1/test/Makefile.inc
|
||||||
ares-test-parse-srv.cc \
|
@@ -16,7 +16,6 @@ TESTSOURCES = ares-test-main.cc \
|
||||||
ares-test-parse-txt.cc \
|
ares-test-parse-txt.cc \
|
||||||
|
ares-test-parse-uri.cc \
|
||||||
ares-test-misc.cc \
|
ares-test-misc.cc \
|
||||||
- ares-test-live.cc \
|
- ares-test-live.cc \
|
||||||
ares-test-mock.cc \
|
ares-test-mock.cc \
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user