diff --git a/0001-Fix-invalid-read-in-ares_parse_soa_reply.patch b/0001-Fix-invalid-read-in-ares_parse_soa_reply.patch deleted file mode 100644 index 00968b2c6843eb117ff1a91a9e06b196ccc604d7..0000000000000000000000000000000000000000 --- a/0001-Fix-invalid-read-in-ares_parse_soa_reply.patch +++ /dev/null @@ -1,25 +0,0 @@ -commit 1b98172b141fe874ad43e679e67506f9b2139043 -Author: lutianxiong <50396812+ltx2018@users.noreply.github.com> -Date: Fri May 22 20:02:21 2020 +0800 - - avoid read-heap-buffer-overflow (#332) - - Fix invalid read in ares_parse_soa_reply.c found during fuzzing - - Fixes Bug: #333 - Fix By: lutianxiong (@ltx2018) - -diff --git a/ares_parse_soa_reply.c b/ares_parse_soa_reply.c -index 2a2cac8..7cfaed2 100644 ---- a/ares_parse_soa_reply.c -+++ b/ares_parse_soa_reply.c -@@ -69,6 +69,9 @@ ares_parse_soa_reply(const unsigned char *abuf, int alen, - status = ares__expand_name_for_response(aptr, abuf, alen, &qname, &len); - if (status != ARES_SUCCESS) - goto failed_stat; -+ -+ if (alen <= len + HFIXEDSZ + 1) -+ goto failed; - aptr += len; - - qclass = DNS_QUESTION_TYPE(aptr); diff --git a/0002-Fix-sizeof-sizeof-addr.saX-sizeof-addr.saX-in-readad.patch b/0002-Fix-sizeof-sizeof-addr.saX-sizeof-addr.saX-in-readad.patch deleted file mode 100644 index 3065431db04ba2c8bfbf53da55aa2fe835cbad01..0000000000000000000000000000000000000000 --- a/0002-Fix-sizeof-sizeof-addr.saX-sizeof-addr.saX-in-readad.patch +++ /dev/null @@ -1,38 +0,0 @@ -From 4c02944ef1cedb9460825d28b4e5c27988d04dba Mon Sep 17 00:00:00 2001 -From: Ivan Baidakou -Date: Tue, 12 May 2020 14:22:33 +0300 -Subject: [PATCH] Fix: sizeof(sizeof(addr.saX)) -> sizeof(addr.saX) in - readaddrinfo (#331) - -Looks like a sed-gone-wrong, a sizeof inside of a sizeof. - -Fix By: Ivan Baidakou (@basiliscos) ---- - ares__readaddrinfo.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/ares__readaddrinfo.c b/ares__readaddrinfo.c -index dd3abe2..89fea83 100644 ---- a/ares__readaddrinfo.c -+++ b/ares__readaddrinfo.c -@@ -179,7 +179,7 @@ int ares__readaddrinfo(FILE *fp, - } - - node->ai_family = addr.sa.sa_family = AF_INET; -- node->ai_addrlen = sizeof(sizeof(addr.sa4)); -+ node->ai_addrlen = sizeof(addr.sa4); - node->ai_addr = ares_malloc(sizeof(addr.sa4)); - if (!node->ai_addr) - { -@@ -200,7 +200,7 @@ int ares__readaddrinfo(FILE *fp, - } - - node->ai_family = addr.sa.sa_family = AF_INET6; -- node->ai_addrlen = sizeof(sizeof(addr.sa6)); -+ node->ai_addrlen = sizeof(addr.sa6); - node->ai_addr = ares_malloc(sizeof(addr.sa6)); - if (!node->ai_addr) - { --- -1.8.3.1 - diff --git a/0003-Avoid-buffer-overflow-in-RC4-loop-comparison-336.patch b/0003-Avoid-buffer-overflow-in-RC4-loop-comparison-336.patch deleted file mode 100644 index 8c61298d56a1b9d7a69c5eb0eb87dd83bfe3ac87..0000000000000000000000000000000000000000 --- a/0003-Avoid-buffer-overflow-in-RC4-loop-comparison-336.patch +++ /dev/null @@ -1,38 +0,0 @@ -From 6d6cd5daf63b812734343bd020677829b13db2ac Mon Sep 17 00:00:00 2001 -From: Fionn Fitzmaurice <1897918+fionn@users.noreply.github.com> -Date: Fri, 3 Jul 2020 07:39:54 +0800 -Subject: [PATCH] Avoid buffer overflow in RC4 loop comparison (#336) - -The rc4 function iterates over a buffer of size buffer_len who's maximum -value is INT_MAX with a counter of type short that is not guaranteed to -have maximum size INT_MAX. - -In circumstances where short is narrower than int and where buffer_len -is larger than the maximum value of a short, it may be possible to loop -infinitely as counter will overflow and never be greater than or equal -to buffer_len. - -The solution is to make the comparison be between types of equal width. -This commit defines counter as an int. - -Fix By: Fionn Fitzmaurice (@fionn) ---- - ares_query.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/ares_query.c b/ares_query.c -index b38b8a6..5bbb2f5 100644 ---- a/ares_query.c -+++ b/ares_query.c -@@ -45,7 +45,7 @@ static void rc4(rc4_key* key, unsigned char *buffer_ptr, int buffer_len) - unsigned char y; - unsigned char* state; - unsigned char xorIndex; -- short counter; -+ int counter; - - x = key->x; - y = key->y; --- -1.8.3.1 - diff --git a/c-ares-1.16.1.tar.gz b/c-ares-1.16.1.tar.gz deleted file mode 100644 index 50b5f3d5097d593e37d964864f00faf544fa23b6..0000000000000000000000000000000000000000 Binary files a/c-ares-1.16.1.tar.gz and /dev/null differ diff --git a/c-ares-1.17.1.tar.gz b/c-ares-1.17.1.tar.gz new file mode 100644 index 0000000000000000000000000000000000000000..b59d17abcbdc06ea85014fdad36d5ec445262a5f Binary files /dev/null and b/c-ares-1.17.1.tar.gz differ diff --git a/c-ares.spec b/c-ares.spec index f6d1cecb36267b7c3ea62ee0d4bb96e0e7b2e97e..d12b42550dd05ba97dd16b3e47fa277c5c0f138f 100644 --- a/c-ares.spec +++ b/c-ares.spec @@ -1,18 +1,15 @@ Name: c-ares -Version: 1.16.1 -Release: 2 +Version: 1.17.1 +Release: 1 Summary: A C library for asynchronous DNS requests License: MIT URL: https://github.com/c-ares/c-ares -Source0: https://github.com/c-ares/c-ares/releases/download/cares-1_16_1/c-ares-1.16.1.tar.gz +Source0: https://github.com/c-ares/c-ares/releases/download/cares-1_17_1/%{name}-%{version}.tar.gz BuildRequires: gcc autoconf automake libtool # Patch0 from Redhat is applied for stopping overriding AC_CONFIG_MACRO_DIR Patch0000: 0000-Use-RPM-compiler-options.patch -Patch0001: 0001-Fix-invalid-read-in-ares_parse_soa_reply.patch -Patch0002: 0002-Fix-sizeof-sizeof-addr.saX-sizeof-addr.saX-in-readad.patch -Patch0003: 0003-Avoid-buffer-overflow-in-RC4-loop-comparison-336.patch %description This is c-ares, an asynchronous resolver library. It is intended for applications which need to perform DNS queries without blocking, or need to perform multiple @@ -55,6 +52,12 @@ make %{?_smp_mflags} %{_mandir}/man3/* %changelog +* Sat Jan 30 2021 xihaochen - 1.17.1-1 +- Type:requirements +- Id:NA +- SUG:NA +- DESC:update c-ares to 1.17.1 + * Tue Sep 8 2020 lunankun - 1.16.1-2 - Type:bugfix - ID:NA