Accepting request 849356 from devel:libraries:c_c++

- ares_dns.h, missing_header.patch: re-add missing header in last release

- Version update to 1.17.0
  Security:
  * avoid read-heap-buffer-overflow in ares_parse_soa_reply found during
    fuzzing
  * Avoid theoretical buffer overflow in RC4 loop comparison
  * Empty hquery->name could lead to invalid memory access
  * ares_parse_{a,aaaa}_reply() could return a larger *naddrttls than was
    passed in (bsc#1178882, CVE-2020-8277)
  Changes:
  * Update help information for adig, acountry, and ahost
  * Test Suite now uses dynamic system-assigned ports rather than hardcoded
    ports to prevent failures in containers
  * Detect remote DNS server does not support EDNS using rules from RFC 6891
  * Source tree has been reorganized to use a more modern layout
  * Allow parsing of CAA Resource Record
  Bug fixes:
  * readaddrinfo bad sizeof()
  * Test cases should honor HAVE_WRITEV flag, not depend on WIN32
  * FQDN with trailing period should be queried first
  * ares_getaddrinfo() was returning members of the struct as garbage values if
    unset, and was not honoring ai_socktype and ai_protocol hints.
  * ares_gethostbyname() with AF_UNSPEC and an ip address would fail
  * Properly document ares_set_local_ip4() uses host byte order
For details, see https://c-ares.haxx.se/changelog.html
- add missing upstream sources, to be removed for next release
- remove unnecessary BuildRequires
- fix building on SLE12 systems

OBS-URL: https://build.opensuse.org/request/show/849356
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/c-ares?expand=0&rev=10

_multibuild

@@ -1,3 +1,4 @@
 <multibuild>
+  <package>main</package>
   <package>tests</package>
 </multibuild>

ares_dns.h

@@ -0,0 +1,112 @@
+#ifndef HEADER_CARES_DNS_H
+#define HEADER_CARES_DNS_H
+
+/* Copyright 1998, 2011 by the Massachusetts Institute of Technology.
+ *
+ * Permission to use, copy, modify, and distribute this
+ * software and its documentation for any purpose and without
+ * fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright
+ * notice and this permission notice appear in supporting
+ * documentation, and that the name of M.I.T. not be used in
+ * advertising or publicity pertaining to distribution of the
+ * software without specific, written prior permission.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is"
+ * without express or implied warranty.
+ */
+
+/*
+ * NOTE TO INTEGRATORS:
+ *
+ * This header is made public due to legacy projects relying on it.
+ * Please do not use the macros within this header, or include this
+ * header in your project as it may be removed in the future.
+ */
+
+
+/*
+ * Macro DNS__16BIT reads a network short (16 bit) given in network
+ * byte order, and returns its value as an unsigned short.
+ */
+#define DNS__16BIT(p)  ((unsigned short)((unsigned int) 0xffff & \
+                         (((unsigned int)((unsigned char)(p)[0]) << 8U) | \
+                          ((unsigned int)((unsigned char)(p)[1])))))
+
+/*
+ * Macro DNS__32BIT reads a network long (32 bit) given in network
+ * byte order, and returns its value as an unsigned int.
+ */
+#define DNS__32BIT(p)  ((unsigned int) \
+                         (((unsigned int)((unsigned char)(p)[0]) << 24U) | \
+                          ((unsigned int)((unsigned char)(p)[1]) << 16U) | \
+                          ((unsigned int)((unsigned char)(p)[2]) <<  8U) | \
+                          ((unsigned int)((unsigned char)(p)[3]))))
+
+#define DNS__SET16BIT(p, v)  (((p)[0] = (unsigned char)(((v) >> 8) & 0xff)), \
+                              ((p)[1] = (unsigned char)((v) & 0xff)))
+#define DNS__SET32BIT(p, v)  (((p)[0] = (unsigned char)(((v) >> 24) & 0xff)), \
+                              ((p)[1] = (unsigned char)(((v) >> 16) & 0xff)), \
+                              ((p)[2] = (unsigned char)(((v) >> 8) & 0xff)), \
+                              ((p)[3] = (unsigned char)((v) & 0xff)))
+
+#if 0
+/* we cannot use this approach on systems where we can't access 16/32 bit
+   data on un-aligned addresses */
+#define DNS__16BIT(p)                   ntohs(*(unsigned short*)(p))
+#define DNS__32BIT(p)                   ntohl(*(unsigned long*)(p))
+#define DNS__SET16BIT(p, v)             *(unsigned short*)(p) = htons(v)
+#define DNS__SET32BIT(p, v)             *(unsigned long*)(p) = htonl(v)
+#endif
+
+/* Macros for parsing a DNS header */
+#define DNS_HEADER_QID(h)               DNS__16BIT(h)
+#define DNS_HEADER_QR(h)                (((h)[2] >> 7) & 0x1)
+#define DNS_HEADER_OPCODE(h)            (((h)[2] >> 3) & 0xf)
+#define DNS_HEADER_AA(h)                (((h)[2] >> 2) & 0x1)
+#define DNS_HEADER_TC(h)                (((h)[2] >> 1) & 0x1)
+#define DNS_HEADER_RD(h)                ((h)[2] & 0x1)
+#define DNS_HEADER_RA(h)                (((h)[3] >> 7) & 0x1)
+#define DNS_HEADER_Z(h)                 (((h)[3] >> 4) & 0x7)
+#define DNS_HEADER_RCODE(h)             ((h)[3] & 0xf)
+#define DNS_HEADER_QDCOUNT(h)           DNS__16BIT((h) + 4)
+#define DNS_HEADER_ANCOUNT(h)           DNS__16BIT((h) + 6)
+#define DNS_HEADER_NSCOUNT(h)           DNS__16BIT((h) + 8)
+#define DNS_HEADER_ARCOUNT(h)           DNS__16BIT((h) + 10)
+
+/* Macros for constructing a DNS header */
+#define DNS_HEADER_SET_QID(h, v)      DNS__SET16BIT(h, v)
+#define DNS_HEADER_SET_QR(h, v)       ((h)[2] |= (unsigned char)(((v) & 0x1) << 7))
+#define DNS_HEADER_SET_OPCODE(h, v)   ((h)[2] |= (unsigned char)(((v) & 0xf) << 3))
+#define DNS_HEADER_SET_AA(h, v)       ((h)[2] |= (unsigned char)(((v) & 0x1) << 2))
+#define DNS_HEADER_SET_TC(h, v)       ((h)[2] |= (unsigned char)(((v) & 0x1) << 1))
+#define DNS_HEADER_SET_RD(h, v)       ((h)[2] |= (unsigned char)((v) & 0x1))
+#define DNS_HEADER_SET_RA(h, v)       ((h)[3] |= (unsigned char)(((v) & 0x1) << 7))
+#define DNS_HEADER_SET_Z(h, v)        ((h)[3] |= (unsigned char)(((v) & 0x7) << 4))
+#define DNS_HEADER_SET_RCODE(h, v)    ((h)[3] |= (unsigned char)((v) & 0xf))
+#define DNS_HEADER_SET_QDCOUNT(h, v)  DNS__SET16BIT((h) + 4, v)
+#define DNS_HEADER_SET_ANCOUNT(h, v)  DNS__SET16BIT((h) + 6, v)
+#define DNS_HEADER_SET_NSCOUNT(h, v)  DNS__SET16BIT((h) + 8, v)
+#define DNS_HEADER_SET_ARCOUNT(h, v)  DNS__SET16BIT((h) + 10, v)
+
+/* Macros for parsing the fixed part of a DNS question */
+#define DNS_QUESTION_TYPE(q)            DNS__16BIT(q)
+#define DNS_QUESTION_CLASS(q)           DNS__16BIT((q) + 2)
+
+/* Macros for constructing the fixed part of a DNS question */
+#define DNS_QUESTION_SET_TYPE(q, v)     DNS__SET16BIT(q, v)
+#define DNS_QUESTION_SET_CLASS(q, v)    DNS__SET16BIT((q) + 2, v)
+
+/* Macros for parsing the fixed part of a DNS resource record */
+#define DNS_RR_TYPE(r)                  DNS__16BIT(r)
+#define DNS_RR_CLASS(r)                 DNS__16BIT((r) + 2)
+#define DNS_RR_TTL(r)                   DNS__32BIT((r) + 4)
+#define DNS_RR_LEN(r)                   DNS__16BIT((r) + 8)
+
+/* Macros for constructing the fixed part of a DNS resource record */
+#define DNS_RR_SET_TYPE(r, v)           DNS__SET16BIT(r, v)
+#define DNS_RR_SET_CLASS(r, v)          DNS__SET16BIT((r) + 2, v)
+#define DNS_RR_SET_TTL(r, v)            DNS__SET32BIT((r) + 4, v)
+#define DNS_RR_SET_LEN(r, v)            DNS__SET16BIT((r) + 8, v)
+
+#endif /* HEADER_CARES_DNS_H */

c-ares-1.16.1.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:d08312d0ecc3bd48eee0a4cc0d2137c9f194e0a28de2028928c0f6cae85f86ce
-size 1374637

c-ares-1.16.1.tar.gz.asc

@@ -1,11 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQEzBAABCgAdFiEEJ+3q8i86vOtQ25oSXMkI/bceEsIFAl65kRoACgkQXMkI/bce
-EsLoxwgAkIUACrGgrcLwqPUt6+JZoqWgTMjQTuGyZ+5kB8O93U40GSHH8YDm5Ntj
-iTADAQMNo8EJfRBwH+tpQ7VFXDIAz/8dNuwx4VmnadaqoQU7j7v2u5IhltBmtof1
-SkRwwdpma4FoteF91cPDoFH/sdaUGlhFo/fS4gJPeWJqqqCok78j5mS9ZIwzyc4B
-JKP2PMEt1XX1hmLOc+4jI7Mv0N0egN6cvCTiyW8jq0maEALiUBm3U9T+g6yDLp5J
-KnbtLkcwTU+lj4BdMcJ+ADrW4ELFIY1Jd1qOWhLOLEwyvbDFiJ1x53+U3Vzht7n0
-Yv/3aL0xtfcRXkILjnNlNCSgO34PTg==
-=LOfS
------END PGP SIGNATURE-----

c-ares-1.17.0.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:1cecd5dbe21306c7263f8649aa6e9a37aecb985995a3489f487d98df2b40757d
+size 1396682

c-ares-1.17.0.tar.gz.asc

@@ -0,0 +1,11 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQEzBAABCgAdFiEEJ+3q8i86vOtQ25oSXMkI/bceEsIFAl+y9H8ACgkQXMkI/bce
+EsKfbAgAhqNNHmxmcHf8i5BqHMDpJwlnBxeX2A0VFJU5iBm5v3MF1NI6LOKlzJb1
+4xfJ4XcqwZQTK7bmcyX28/Rl71uG+0AhKy9X20fAUdWfzOr2rfmdzv7KDm3FimlN
+8k1iAvcwSoRg/YOmiZrkefKMx0TrE7MjFfds4FtL54Y+qFkYCvdRlHpCtzBkQLjd
+8JCD8dTKd0zrLVcoSVaAgOvKp67e5aOkhLsxpQNm7IFldzzePK4Go77toPKGZ8Q4
+VQ97iFyvop5eN7+ItnR+8CC1/7d/1p1J5k62lygiYVK7M5uD+4ioj/mW4h9ykFha
+b47/5W/AER3PRTgD3cLWcj0gb9AOAw==
+=jz6s
+-----END PGP SIGNATURE-----

c-ares-config.cmake.in

@@ -0,0 +1,21 @@
+@PACKAGE_INIT@
+
+set_and_check(c-ares_INCLUDE_DIR "@PACKAGE_CMAKE_INSTALL_INCLUDEDIR@")
+
+include("${CMAKE_CURRENT_LIST_DIR}/c-ares-config-version.cmake")
+include("${CMAKE_CURRENT_LIST_DIR}/c-ares-targets.cmake")
+
+set(c-ares_LIBRARY c-ares::cares)
+
+if(@CARES_SHARED@)
+	add_library(c-ares::cares_shared INTERFACE IMPORTED)
+	set_target_properties(c-ares::cares_shared PROPERTIES INTERFACE_LINK_LIBRARIES "c-ares::cares")
+	set(c-ares_SHARED_LIBRARY c-ares::cares_shared)
+elseif(@CARES_STATIC@)
+	add_library(c-ares::cares_static INTERFACE IMPORTED)
+	set_target_properties(c-ares::cares_static PROPERTIES INTERFACE_LINK_LIBRARIES "c-ares::cares")
+endif()
+
+if(@CARES_STATIC@)
+	set(c-ares_STATIC_LIBRARY c-ares::cares_static)
+endif()

c-ares.changes

@@ -1,3 +1,43 @@
+-------------------------------------------------------------------
+Thu Nov 19 09:51:18 UTC 2020 - Adam Majer <adam.majer@suse.de>
+
+- ares_dns.h, missing_header.patch: re-add missing header in last release
+
+-------------------------------------------------------------------
+Tue Nov 17 12:07:22 UTC 2020 - Adam Majer <adam.majer@suse.de>
+
+- Version update to 1.17.0
+  Security:
+  * avoid read-heap-buffer-overflow in ares_parse_soa_reply found during
+    fuzzing
+  * Avoid theoretical buffer overflow in RC4 loop comparison
+  * Empty hquery->name could lead to invalid memory access
+  * ares_parse_{a,aaaa}_reply() could return a larger *naddrttls than was
+    passed in (bsc#1178882, CVE-2020-8277)
+
+  Changes:
+  * Update help information for adig, acountry, and ahost
+  * Test Suite now uses dynamic system-assigned ports rather than hardcoded
+    ports to prevent failures in containers
+  * Detect remote DNS server does not support EDNS using rules from RFC 6891
+  * Source tree has been reorganized to use a more modern layout
+  * Allow parsing of CAA Resource Record
+
+  Bug fixes:
+  * readaddrinfo bad sizeof()
+  * Test cases should honor HAVE_WRITEV flag, not depend on WIN32
+  * FQDN with trailing period should be queried first
+  * ares_getaddrinfo() was returning members of the struct as garbage values if
+    unset, and was not honoring ai_socktype and ai_protocol hints.
+  * ares_gethostbyname() with AF_UNSPEC and an ip address would fail
+  * Properly document ares_set_local_ip4() uses host byte order
+
+For details, see https://c-ares.haxx.se/changelog.html
+
+- add missing upstream sources, to be removed for next release
+- remove unnecessary BuildRequires
+- fix building on SLE12 systems
+
 -------------------------------------------------------------------
 Fri Sep 11 07:54:10 UTC 2020 - Tomáš Chvátal <tchvatal@suse.com>
 

c-ares.spec

@@ -17,33 +17,52 @@
 
 
 %global flavor @BUILD_FLAVOR@%{nil}
-%if "%{flavor}" == "tests"
-%define psuffix -tests
-%bcond_without tests
-%else
-%bcond_with tests
+
+%if "%{flavor}" == "%{nil}"
+ExclusiveArch:  do_not_build
+%define pname   c-ares
 %endif
-%define pname c-ares
+
+%if "%{flavor}" == "tests"
+%define pname   c-ares-tests
+%bcond_without  tests
+%endif
+
+%if "%{flavor}" == "main"
+%define pname   c-ares
+%bcond_with     tests
+%endif
+
 %define sonum   2
 %define libname libcares%{sonum}
-Name:           %{pname}%{?psuffix}
-Version:        1.16.1
+
+%if 0%{!?cmake_build:1}
+%define cmake_build make -O VERBOSE=1 %{?_smp_mflags}
+%endif
+
+Name:           %{pname}
+Version:        1.17.0
 Release:        0
 Summary:        Library for asynchronous name resolves
 License:        MIT
 URL:            https://c-ares.haxx.se/
-Source0:        http://c-ares.haxx.se/download/%{pname}-%{version}.tar.gz
-Source1:        http://c-ares.haxx.se/download/%{pname}-%{version}.tar.gz.asc
-Source3:        %{pname}.keyring
+Source0:        http://c-ares.haxx.se/download/c-ares-%{version}.tar.gz
+Source1:        http://c-ares.haxx.se/download/c-ares-%{version}.tar.gz.asc
+Source3:        c-ares.keyring
 Source4:        baselibs.conf
+### REMOVE when upstream fixes https://github.com/c-ares/c-ares/issues/373
+Source5:        libcares.pc.cmake
+Source6:        c-ares-config.cmake.in
+Source7:        ares_dns.h
 Patch0:         0001-Use-RPM-compiler-options.patch
 Patch1:         disable-live-tests.patch
+Patch2:         missing_header.patch
 BuildRequires:  cmake
 BuildRequires:  gcc-c++
-BuildRequires:  libtool
+%if %{with tests}
 # Needed for getservbyport_r function to work properly.
 BuildRequires:  netcfg
-BuildRequires:  pkgconfig
+%endif
 
 %description
 c-ares is a C library that performs DNS requests and name resolves
@@ -87,21 +106,17 @@ by Greg Hudson at MIT.
 This package provides the development libraries and headers needed
 to build packages that depend on c-ares.
 
-%prep
-%autosetup -p1 -n %{pname}-%{version}
 
-# Remove bogus cflags checking
-sed -i -e '/XC_CHECK_BUILD_FLAGS/d' configure.ac
-sed -i -e '/XC_CHECK_USER_FLAGS/d' m4/xc-cc-check.m4
+%prep
+%autosetup -p1 -n c-ares-%{version}
+
+cp %{S:5} %{S:6} .
+cp %{S:7} include
 
 %build
+
 %cmake \
-    -DCARES_STATIC:BOOL=OFF \
-    -DCARES_SHARED:BOOL=ON \
-    -DCARES_INSTALL:BOOL=ON \
-    -DCARES_BUILD_TOOLS:BOOL=ON \
 %if %{with tests}
-    -DCARES_STATIC:BOOL=ON \
     -DCARES_BUILD_TESTS:BOOL=ON \
 %endif
     %{nil}
@@ -110,21 +125,17 @@ sed -i -e '/XC_CHECK_USER_FLAGS/d' m4/xc-cc-check.m4
 %install
 %if !%{with tests}
 %cmake_install
-install -m 644 -Dt %{buildroot}%{_mandir}/man1/ *.1
-install -m 644 -Dt %{buildroot}%{_mandir}/man3/ *.3
-# Tests require static lib so lets remove it so it does not get in package
-find %{buildroot} -type f \( -name "*.la" -o -name "*.a" \) -delete -print
 %endif
 
 %if %{with tests}
 %check
 pushd build
-%make_build -C test
-export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:./lib
+%cmake_build -C test
 ./bin/arestest
 %endif
 
 %if !%{with tests}
+
 %post   -n %{libname} -p /sbin/ldconfig
 %postun -n %{libname} -p /sbin/ldconfig
 
@@ -139,7 +150,7 @@ export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:./lib
 
 %files -n %{libname}
 %license LICENSE.md
-%{_libdir}/libcares.so.2*
+%{_libdir}/libcares.so.%{sonum}*
 
 %files devel
 %license LICENSE.md
@@ -148,6 +159,7 @@ export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:./lib
 %{_mandir}/man3/ares_*.3%{?ext_man}
 %{_libdir}/pkgconfig/libcares.pc
 %{_libdir}/cmake/c-ares/
+
 %endif
 
 %changelog

libcares.pc.cmake

@@ -0,0 +1,20 @@
+#***************************************************************************
+# Project        ___       __ _ _ __ ___  ___ 
+#               / __|____ / _` | '__/ _ \/ __|
+#              | (_|_____| (_| | | |  __/\__ \
+#               \___|     \__,_|_|  \___||___/
+#
+prefix=@CMAKE_INSTALL_PREFIX@
+exec_prefix=${prefix}/@CMAKE_INSTALL_BINDIR@
+libdir=${prefix}/@CMAKE_INSTALL_LIBDIR@
+includedir=${prefix}/@CMAKE_INSTALL_INCLUDEDIR@
+
+Name: c-ares
+URL: https://c-ares.haxx.se/
+Description: asynchronous DNS lookup library
+Version: @CARES_VERSION@
+Requires: 
+Requires.private: 
+Cflags: -I${includedir} @CPPFLAG_CARES_STATICLIB@
+Libs: -L${libdir} -lcares
+Libs.private: @CARES_PRIVATE_LIBS@

missing_header.patch

@@ -0,0 +1,12 @@
+Index: c-ares-1.17.0/include/CMakeLists.txt
+===================================================================
+--- c-ares-1.17.0.orig/include/CMakeLists.txt
++++ c-ares-1.17.0/include/CMakeLists.txt
+@@ -3,6 +3,6 @@ CONFIGURE_FILE (ares_build.h.cmake ${PRO
+ 
+ # Headers installation target
+ IF (CARES_INSTALL)
+-	SET (CARES_HEADERS ares.h ares_version.h "${PROJECT_BINARY_DIR}/ares_build.h" ares_rules.h)
++	SET (CARES_HEADERS ares.h ares_version.h "${PROJECT_BINARY_DIR}/ares_build.h" ares_rules.h ares_dns.h)
+ 	INSTALL (FILES ${CARES_HEADERS} COMPONENT Devel DESTINATION ${CMAKE_INSTALL_INCLUDEDIR})
+ ENDIF ()