From e7ba41e9de5b1aecff382dd6bb0e3a4d098cb050745b4d047ed19cbcf22bd6d0 Mon Sep 17 00:00:00 2001 From: Adam Majer Date: Wed, 8 Dec 2021 14:08:53 +0000 Subject: [PATCH] - update to 1.18.1. Changes since 1.17.2: * Allow '/' as a valid character for a returned name for CNAME in-addr.arpa delegation * no longer forwards requests for localhost resolution per RFC6761 * During a domain search, treat ARES_ENODATA as ARES_NXDOMAIN so that the search process will continue to the next domain in the search. * Provide ares_nameser.h as a public interface as needed by NodeJS * Add support for URI(Uniform Resource Identifier) records via ares_parse_uri_reply() - 5c995d5.patch: upstreamed - disable-live-tests.patch: refreshed OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/c-ares?expand=0&rev=44 --- 5c995d5.patch | 51 ---------------------------------------- c-ares-1.17.2.tar.gz | 3 --- c-ares-1.17.2.tar.gz.asc | 11 --------- c-ares-1.18.1.tar.gz | 3 +++ c-ares-1.18.1.tar.gz.asc | 11 +++++++++ c-ares.changes | 17 ++++++++++++++ c-ares.spec | 3 +-- disable-live-tests.patch | 11 +++++---- 8 files changed, 38 insertions(+), 72 deletions(-) delete mode 100644 5c995d5.patch delete mode 100644 c-ares-1.17.2.tar.gz delete mode 100644 c-ares-1.17.2.tar.gz.asc create mode 100644 c-ares-1.18.1.tar.gz create mode 100644 c-ares-1.18.1.tar.gz.asc diff --git a/5c995d5.patch b/5c995d5.patch deleted file mode 100644 index 32fc2bb..0000000 --- a/5c995d5.patch +++ /dev/null @@ -1,51 +0,0 @@ -From 5c995d50b05a2c374ae021012afa6f8f4cf2957e Mon Sep 17 00:00:00 2001 -From: bradh352 -Date: Wed, 8 Sep 2021 07:38:44 -0400 -Subject: [PATCH] ares_expand_name should allow underscores (_) as SRV records - legitimately use them - -c-ares 1.17.2 introduced response validation to prevent a security issue, however -it did not have (_) listed as a valid character for domain name responses which -caused issues when a CNAME referenced a SRV record which contained underscores. - -While RFC2181 section 11 does explicitly state not to do validation, that applies -to servers not clients. - -Fixes: #424 -Fix By: Brad House (@bradh352) ---- - src/lib/ares_expand_name.c | 12 +++++++++--- - 1 file changed, 9 insertions(+), 3 deletions(-) - -diff --git a/src/lib/ares_expand_name.c b/src/lib/ares_expand_name.c -index a62c982e..db262ab4 100644 ---- a/src/lib/ares_expand_name.c -+++ b/src/lib/ares_expand_name.c -@@ -59,10 +59,16 @@ static int ares__isprint(int ch) - return 0; - } - --/* Character set allowed by hostnames */ -+/* Character set allowed by hostnames. This is to include the normal -+ * domain name character set plus underscores which are used in SRV -+ * records. While RFC 2181 section 11 does state not to do validation, -+ * that applies to servers, not clients. Vulnerabilities have been -+ * reported when this validation is not performed. Security is more -+ * important than edge-case compatibility (which is probably invalid -+ * anyhow). */ - static int is_hostnamech(int ch) - { -- /* [A-Za-z0-9-.] -+ /* [A-Za-z0-9-._] - * Don't use isalnum() as it is locale-specific - */ - if (ch >= 'A' && ch <= 'Z') -@@ -71,7 +77,7 @@ static int is_hostnamech(int ch) - return 1; - if (ch >= '0' && ch <= '9') - return 1; -- if (ch == '-' || ch == '.') -+ if (ch == '-' || ch == '.' || ch == '_') - return 1; - - return 0; diff --git a/c-ares-1.17.2.tar.gz b/c-ares-1.17.2.tar.gz deleted file mode 100644 index 554acec..0000000 --- a/c-ares-1.17.2.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:4803c844ce20ce510ef0eb83f8ea41fa24ecaae9d280c468c582d2bb25b3913d -size 1538276 diff --git a/c-ares-1.17.2.tar.gz.asc b/c-ares-1.17.2.tar.gz.asc deleted file mode 100644 index 0779797..0000000 --- a/c-ares-1.17.2.tar.gz.asc +++ /dev/null @@ -1,11 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQEzBAABCgAdFiEEJ+3q8i86vOtQ25oSXMkI/bceEsIFAmESGOwACgkQXMkI/bce -EsIyCwf/aKIZjd/ziFBwGNwLpk5DH62e5tr1sL7BwW8F7TiGjKnvglScxxauraM8 -qCVYP6rkCV3aeSg2yEfYI8slrllek6J8iciIN0Y7a7Vd9epVWfSMLq1GNeR+NPB/ -aAFak21vIk2QaLYZk+z4s4pmWN2bvwWJxGG3Tdohr9/W5f3kdbYVrdCE3nWFgCQ6 -/vqG0SACZufgjiEG6vYf2Mhmit9MY+I1LmuR3LrGO2iLMfS69z7GzBS6d015mAHP -Gm2qLdNBdWyfoMBi7vEMef0/C336UQ1mNyxThw9vHVXr/Fao+ZSL0NJgiZ0ggtKi -ojAIChIOwOGMcTy8TBmEyNxf7OIsFA== -=/P5j ------END PGP SIGNATURE----- diff --git a/c-ares-1.18.1.tar.gz b/c-ares-1.18.1.tar.gz new file mode 100644 index 0000000..58bd31b --- /dev/null +++ b/c-ares-1.18.1.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:1a7d52a8a84a9fbffb1be9133c0f6e17217d91ea5a6fa61f6b4729cda78ebbcf +size 1560165 diff --git a/c-ares-1.18.1.tar.gz.asc b/c-ares-1.18.1.tar.gz.asc new file mode 100644 index 0000000..04fb8d7 --- /dev/null +++ b/c-ares-1.18.1.tar.gz.asc @@ -0,0 +1,11 @@ +-----BEGIN PGP SIGNATURE----- + +iQEzBAABCgAdFiEEJ+3q8i86vOtQ25oSXMkI/bceEsIFAmF47KIACgkQXMkI/bce +EsKuvwf9Ef0HL1yhrA80nUSxQvgGNFhYQO1eEeH5LzV/UPGydOOSXuoVU+YZKjnr +XUMCYcW8gCLACd4wBab/1gHBa9YeSVJpeJRdyrtIiAhiOPixmwSDCQMMixI526zd +q40YK+M/YROJgYyp4E1t6rK5UK+sSwkKePXLLPUW5IXjj3vyCNz6TANINv3KoQqC +mXVmUx0kr1U58fjzp0DB8jz1bixVllD7PpGPsR8pkFTCltVFZmKrvxRy4MHB7/Zs +5JAElYhR/H+NKY1+2S9A4pKPfN/orGkVyeZlw9A/XdMF+Tjr2YT5FDPair6DQuvI +Dp24pB2pYTFRfdjZj2b5l568UiujHQ== +=mcGJ +-----END PGP SIGNATURE----- diff --git a/c-ares.changes b/c-ares.changes index ae083ea..2debe42 100644 --- a/c-ares.changes +++ b/c-ares.changes @@ -1,3 +1,20 @@ +------------------------------------------------------------------- +Tue Dec 7 16:57:20 UTC 2021 - Adam Majer + +- update to 1.18.1. Changes since 1.17.2: + * Allow '/' as a valid character for a returned name for + CNAME in-addr.arpa delegation + * no longer forwards requests for localhost resolution per RFC6761 + * During a domain search, treat ARES_ENODATA as ARES_NXDOMAIN so + that the search process will continue to the next domain + in the search. + * Provide ares_nameser.h as a public interface as needed by NodeJS + * Add support for URI(Uniform Resource Identifier) records via + ares_parse_uri_reply() + +- 5c995d5.patch: upstreamed +- disable-live-tests.patch: refreshed + ------------------------------------------------------------------- Thu Sep 9 12:15:01 UTC 2021 - Adam Majer diff --git a/c-ares.spec b/c-ares.spec index 6604941..9ee3e66 100644 --- a/c-ares.spec +++ b/c-ares.spec @@ -24,7 +24,7 @@ %endif Name: c-ares -Version: 1.17.2 +Version: 1.18.1 Release: 0 Summary: Library for asynchronous name resolves License: MIT @@ -35,7 +35,6 @@ Source3: c-ares.keyring Source4: baselibs.conf Patch0: 0001-Use-RPM-compiler-options.patch Patch1: disable-live-tests.patch -Patch2: https://github.com/c-ares/c-ares/commit/5c995d5.patch BuildRequires: cmake BuildRequires: gcc-c++ BuildRequires: pkg-config diff --git a/disable-live-tests.patch b/disable-live-tests.patch index 61b8a6c..a5dd67d 100644 --- a/disable-live-tests.patch +++ b/disable-live-tests.patch @@ -1,9 +1,10 @@ -diff -Naur c-ares-1.16.1.orig/test/Makefile.inc c-ares-1.16.1/test/Makefile.inc ---- c-ares-1.16.1.orig/test/Makefile.inc 2020-07-08 22:15:36.667605939 +0200 -+++ c-ares-1.16.1/test/Makefile.inc 2020-07-08 22:16:25.407171729 +0200 -@@ -14,7 +14,6 @@ - ares-test-parse-srv.cc \ +Index: c-ares-1.18.1/test/Makefile.inc +=================================================================== +--- c-ares-1.18.1.orig/test/Makefile.inc ++++ c-ares-1.18.1/test/Makefile.inc +@@ -16,7 +16,6 @@ TESTSOURCES = ares-test-main.cc \ ares-test-parse-txt.cc \ + ares-test-parse-uri.cc \ ares-test-misc.cc \ - ares-test-live.cc \ ares-test-mock.cc \