Accepting request 814724 from home:kstreitova:branches:devel:libraries:c_c++

- Update to 1.6.0 - Changes in 1.6.0: * Bugfixes * adnshost: Support --reverse in -f mode input stream * timeout robustness against clock skew: track query start time and duration. Clock instability may now only cause spurious timeouts rather than indefinite hangs or even assertion failures. * New features: * adnshost: Offer ability to set adns checkc flags * adnslogres: Honour --checkc-freq (if it comes first) * adnsresfilter: Honour --checkc-freq and --checkc-entex * time handling: Support use of CLOCK_MONOTONIC via an init flag. * adns_str* etc.: Improve robustness; more allowable inputs values. * Internal changes: * adnshost: adh-opts.c: Whitespace adjustments to option table * Build system and tests improvements - Changes in 1.5.2 * Important security fixes: CVE-2017-9103 CVE-2017-9104 CVE-2017-9105 CVE-2017-9109: Vulnerable applications: all adns callers. Exploitable by: the local recursive resolver. Likely worst case: Remote code execution. CVE-2017-9106: Vulnerable applications: those that make SOA queries. Exploitable by: upstream DNS data sources. Likely worst case: DoS (crash of the adns-using application) CVE-2017-9107: Vulnerable applications: those that use adns_qf_quoteok_query. Exploitable by: sources of query domain names. Likely worst case: DoS (crash of the adns-using application) OBS-URL: https://build.opensuse.org/request/show/814724 OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/adns?expand=0&rev=29
2020-06-15 15:25:03 +00:00 · 2020-06-15 15:25:03 +00:00 · 037df42bc1
commit 037df42bc1
parent e2dc92ffeb
8 changed files with 70 additions and 24 deletions
--- a/adns-1.5.1-gcc10.patch
+++ b/adns-1.5.1-gcc10.patch
@ -1,15 +0,0 @@
-diff -up adns-1.5.1/src/event.c.me adns-1.5.1/src/event.c
-diff -up adns-1.5.1/src/internal.h.me adns-1.5.1/src/internal.h
--- adns-1.5.1/src/internal.h.me	2020-02-18 13:54:38.578415675 +0100
-+++ adns-1.5.1/src/internal.h	2020-02-18 14:00:26.398198338 +0100
-@@ -246,7 +246,9 @@ union maxalign {
-   void *p;
-   void (*fp)(void);
-   union maxalign *up;
-} data;
-+};
-+
-+extern union maxalign data;
- 
- struct adns__query {
-   adns_state ads;
--- a/adns-1.5.1.tar.gz
+++ b/adns-1.5.1.tar.gz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:5b1026f18b8274be869245ed63427bf8ddac0739c67be12c4a769ac948824eeb
-size 319774
--- a/adns-1.5.1.tar.gz.sig
+++ b/adns-1.5.1.tar.gz.sig
--- a/adns-1.6.0.tar.gz
+++ b/adns-1.6.0.tar.gz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:fb427265a981e033d1548f2b117cc021073dc8be2eaf2c45fd64ab7b00ed20de
+size 323474
--- a/adns-1.6.0.tar.gz.sig
+++ b/adns-1.6.0.tar.gz.sig
--- a/adns-visibility.patch
+++ b/adns-visibility.patch
@ -24,8 +24,8 @@ Index: src/internal.h
 +#pragma GCC visibility push(hidden)
 /* Configuration and constants */
 
- #define MAXSERVERS 5
-@@ -944,4 +945,5 @@ static inline int errno_resources(int e)
+ #define MAXSERVERS 5 /* do not increase beyond no. of bits in `unsigned'! */
+@@ -960,4 +961,5 @@ static inline int errno_resources(int e)
 		       (tv)|=GETIL_B(cb),		\
 		       (tv) )
 
--- a/adns.changes
+++ b/adns.changes
@ -1,3 +1,61 @@
+-------------------------------------------------------------------
+Mon Jun 15 12:40:37 UTC 2020 - Kristyna Streitova <kstreitova@suse.com>
+
+- Update to 1.6.0
+- Changes in 1.6.0:
+  * Bugfixes
+    * adnshost: Support --reverse in -f mode input stream
+    * timeout robustness against clock skew: track query start time and
+      duration.  Clock instability may now only cause spurious timeouts
+      rather than indefinite hangs or even assertion failures.
+  * New features:
+    * adnshost: Offer ability to set adns checkc flags
+    * adnslogres: Honour --checkc-freq (if it comes first)
+    * adnsresfilter: Honour --checkc-freq and --checkc-entex
+    * time handling: Support use of CLOCK_MONOTONIC via an init flag.
+    * adns_str* etc.: Improve robustness; more allowable inputs values.
+  * Internal changes:
+    * adnshost: adh-opts.c: Whitespace adjustments to option table
+  * Build system and tests improvements
+- Changes in 1.5.2
+  * Important security fixes:
+    CVE-2017-9103 CVE-2017-9104 CVE-2017-9105 CVE-2017-9109:
+      Vulnerable applications: all adns callers.
+      Exploitable by: the local recursive resolver.
+      Likely worst case: Remote code execution.
+    CVE-2017-9106:
+      Vulnerable applications: those that make SOA queries.
+      Exploitable by: upstream DNS data sources.
+      Likely worst case: DoS (crash of the adns-using application)
+    CVE-2017-9107:
+      Vulnerable applications: those that use adns_qf_quoteok_query.
+      Exploitable by: sources of query domain names.
+      Likely worst case: DoS (crash of the adns-using application)
+    CVE-2017-9108:
+      Vulnerable applications: adnshost.
+      Exploitable by: code responsible for framing the input.
+      Likely worst case: DoS (adnshost crashes at EOF).
+  * Bugfixes:
+    * Do not include spurious external symbol `data' (fixes GCC10 build).
+    * If server sends TC flag over TCP, bail rather than retrying.
+    * Do not crash on certain strange resolv.conf contents.
+    * Fix various crashes if a global system failure occurs, or
+      adns_finish is called with outstanding queries.
+    * Correct a parsing error message very slightly.
+    * DNS packet parsing: Slight fix when packet is truncated.
+    * Fix ABI compatibility in string conversion of certain RR types.
+    * internal.h: Use `unsigned' for nextid; fixes theoretical C UB.
+  * Portability fix:
+    * common.make.in: add -Wno-unused-value.  Fixes build with GCC9.
+  * Internal changes:
+    * Additional comments describing some internal code restrions.
+    * Robustness assert() against malfunctioning write() system call.
+- It fixes the following CVEs [bsc#1172265]
+  CVE-2017-9103, CVE-2017-9104, CVE-2017-9105, CVE-2017-9106,
+  CVE-2017-9107, CVE-2017-9108, CVE-2017-9109
+- refresh adns-visibility.patch
+- drop adns-1.5.1-gcc10.patch that is no longer needed 
+
 -------------------------------------------------------------------
 Tue Jun  2 12:48:11 UTC 2020 - Kristyna Streitova <kstreitova@suse.com>

--- a/adns.spec
+++ b/adns.spec
@ -18,7 +18,7 @@

 %define lname	libadns1
 Name:           adns
-Version:        1.5.1
+Version:        1.6.0
 Release:        0
 Summary:        Advanced Easy-to-Use Asynchronous-Capable DNS Utilities
 License:        GPL-2.0-or-later
@ -32,7 +32,6 @@ Source4:        baselibs.conf
 Patch0:         adns-1.4-destdir.patch
 Patch1:         adns-1.4-configure.patch
 Patch2:         adns-visibility.patch
-Patch3:         adns-1.5.1-gcc10.patch
 BuildRequires:  autoconf

 %description
@ -64,7 +63,6 @@ programs with libads support.
 %patch0
 %patch1
 %patch2
-%patch3 -p1
 cp %{SOURCE3} .

 %build
@ -73,7 +71,12 @@ autoreconf -fiv
 %make_build all

 %install
-%make_install
+make install \
+    prefix=%{buildroot}%{_prefix} \
+    bindir=%{buildroot}%{_bindir} \
+    includedir=%{buildroot}%{_includedir} \
+    libdir=%{buildroot}%{_libdir} \
+
 # FIXME: --disable-static not available
 rm %{buildroot}%{_libdir}/*.a