Accepting request 814724 from home:kstreitova:branches:devel:libraries:c_c++

- Update to 1.6.0
- Changes in 1.6.0:
  * Bugfixes
    * adnshost: Support --reverse in -f mode input stream
    * timeout robustness against clock skew: track query start time and
      duration.  Clock instability may now only cause spurious timeouts
      rather than indefinite hangs or even assertion failures.
  * New features:
    * adnshost: Offer ability to set adns checkc flags
    * adnslogres: Honour --checkc-freq (if it comes first)
    * adnsresfilter: Honour --checkc-freq and --checkc-entex
    * time handling: Support use of CLOCK_MONOTONIC via an init flag.
    * adns_str* etc.: Improve robustness; more allowable inputs values.
  * Internal changes:
    * adnshost: adh-opts.c: Whitespace adjustments to option table
  * Build system and tests improvements
- Changes in 1.5.2
  * Important security fixes:
    CVE-2017-9103 CVE-2017-9104 CVE-2017-9105 CVE-2017-9109:
      Vulnerable applications: all adns callers.
      Exploitable by: the local recursive resolver.
      Likely worst case: Remote code execution.
    CVE-2017-9106:
      Vulnerable applications: those that make SOA queries.
      Exploitable by: upstream DNS data sources.
      Likely worst case: DoS (crash of the adns-using application)
    CVE-2017-9107:
      Vulnerable applications: those that use adns_qf_quoteok_query.
      Exploitable by: sources of query domain names.
      Likely worst case: DoS (crash of the adns-using application)

OBS-URL: https://build.opensuse.org/request/show/814724
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/adns?expand=0&rev=29

adns-1.5.1-gcc10.patch

@@ -1,15 +0,0 @@
-diff -up adns-1.5.1/src/event.c.me adns-1.5.1/src/event.c
-diff -up adns-1.5.1/src/internal.h.me adns-1.5.1/src/internal.h
---- adns-1.5.1/src/internal.h.me	2020-02-18 13:54:38.578415675 +0100
-+++ adns-1.5.1/src/internal.h	2020-02-18 14:00:26.398198338 +0100
-@@ -246,7 +246,9 @@ union maxalign {
-   void *p;
-   void (*fp)(void);
-   union maxalign *up;
--} data;
-+};
-+
-+extern union maxalign data;
- 
- struct adns__query {
-   adns_state ads;

adns-1.5.1.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:5b1026f18b8274be869245ed63427bf8ddac0739c67be12c4a769ac948824eeb
-size 319774

adns-1.6.0.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:fb427265a981e033d1548f2b117cc021073dc8be2eaf2c45fd64ab7b00ed20de
+size 323474

adns-visibility.patch

@@ -24,8 +24,8 @@ Index: src/internal.h
 +#pragma GCC visibility push(hidden)
  /* Configuration and constants */
  
- #define MAXSERVERS 5
+ #define MAXSERVERS 5 /* do not increase beyond no. of bits in `unsigned'! */
-@@ -944,4 +945,5 @@ static inline int errno_resources(int e)
+@@ -960,4 +961,5 @@ static inline int errno_resources(int e)
  		       (tv)|=GETIL_B(cb),		\
  		       (tv) )
  

adns.changes

@@ -1,3 +1,61 @@
+-------------------------------------------------------------------
+Mon Jun 15 12:40:37 UTC 2020 - Kristyna Streitova <kstreitova@suse.com>
+
+- Update to 1.6.0
+- Changes in 1.6.0:
+  * Bugfixes
+    * adnshost: Support --reverse in -f mode input stream
+    * timeout robustness against clock skew: track query start time and
+      duration.  Clock instability may now only cause spurious timeouts
+      rather than indefinite hangs or even assertion failures.
+  * New features:
+    * adnshost: Offer ability to set adns checkc flags
+    * adnslogres: Honour --checkc-freq (if it comes first)
+    * adnsresfilter: Honour --checkc-freq and --checkc-entex
+    * time handling: Support use of CLOCK_MONOTONIC via an init flag.
+    * adns_str* etc.: Improve robustness; more allowable inputs values.
+  * Internal changes:
+    * adnshost: adh-opts.c: Whitespace adjustments to option table
+  * Build system and tests improvements
+- Changes in 1.5.2
+  * Important security fixes:
+    CVE-2017-9103 CVE-2017-9104 CVE-2017-9105 CVE-2017-9109:
+      Vulnerable applications: all adns callers.
+      Exploitable by: the local recursive resolver.
+      Likely worst case: Remote code execution.
+    CVE-2017-9106:
+      Vulnerable applications: those that make SOA queries.
+      Exploitable by: upstream DNS data sources.
+      Likely worst case: DoS (crash of the adns-using application)
+    CVE-2017-9107:
+      Vulnerable applications: those that use adns_qf_quoteok_query.
+      Exploitable by: sources of query domain names.
+      Likely worst case: DoS (crash of the adns-using application)
+    CVE-2017-9108:
+      Vulnerable applications: adnshost.
+      Exploitable by: code responsible for framing the input.
+      Likely worst case: DoS (adnshost crashes at EOF).
+  * Bugfixes:
+    * Do not include spurious external symbol `data' (fixes GCC10 build).
+    * If server sends TC flag over TCP, bail rather than retrying.
+    * Do not crash on certain strange resolv.conf contents.
+    * Fix various crashes if a global system failure occurs, or
+      adns_finish is called with outstanding queries.
+    * Correct a parsing error message very slightly.
+    * DNS packet parsing: Slight fix when packet is truncated.
+    * Fix ABI compatibility in string conversion of certain RR types.
+    * internal.h: Use `unsigned' for nextid; fixes theoretical C UB.
+  * Portability fix:
+    * common.make.in: add -Wno-unused-value.  Fixes build with GCC9.
+  * Internal changes:
+    * Additional comments describing some internal code restrions.
+    * Robustness assert() against malfunctioning write() system call.
+- It fixes the following CVEs [bsc#1172265]
+  CVE-2017-9103, CVE-2017-9104, CVE-2017-9105, CVE-2017-9106,
+  CVE-2017-9107, CVE-2017-9108, CVE-2017-9109
+- refresh adns-visibility.patch
+- drop adns-1.5.1-gcc10.patch that is no longer needed 
+
 -------------------------------------------------------------------
 Tue Jun  2 12:48:11 UTC 2020 - Kristyna Streitova <kstreitova@suse.com>
 

adns.spec

@@ -18,7 +18,7 @@
 
 %define lname	libadns1
 Name:           adns
-Version:        1.5.1
+Version:        1.6.0
 Release:        0
 Summary:        Advanced Easy-to-Use Asynchronous-Capable DNS Utilities
 License:        GPL-2.0-or-later
@@ -32,7 +32,6 @@ Source4:        baselibs.conf
 Patch0:         adns-1.4-destdir.patch
 Patch1:         adns-1.4-configure.patch
 Patch2:         adns-visibility.patch
-Patch3:         adns-1.5.1-gcc10.patch
 BuildRequires:  autoconf
 
 %description
@@ -64,7 +63,6 @@ programs with libads support.
 %patch0
 %patch1
 %patch2
-%patch3 -p1
 cp %{SOURCE3} .
 
 %build
@@ -73,7 +71,12 @@ autoreconf -fiv
 %make_build all
 
 %install
-%make_install
+make install \
+    prefix=%{buildroot}%{_prefix} \
+    bindir=%{buildroot}%{_bindir} \
+    includedir=%{buildroot}%{_includedir} \
+    libdir=%{buildroot}%{_libdir} \
+
 # FIXME: --disable-static not available
 rm %{buildroot}%{_libdir}/*.a