diff --git a/backport-001-CVE-2023-31130.patch b/backport-001-CVE-2023-31130.patch deleted file mode 100644 index b10d78ddb341df7183245304a8f11be6e85ef3e9..0000000000000000000000000000000000000000 --- a/backport-001-CVE-2023-31130.patch +++ /dev/null @@ -1,324 +0,0 @@ -From f22cc01039b6473b736d3bf438f56a2654cdf2b2 Mon Sep 17 00:00:00 2001 -From: Brad House -Date: Mon, 22 May 2023 06:51:34 -0400 -Subject: [PATCH] Merge pull request from GHSA-x6mf-cxr9-8q6v - -* Merged latest OpenBSD changes for inet_net_pton_ipv6() into c-ares. -* Always use our own IP conversion functions now, do not delegate to OS - so we can have consistency in testing and fuzzing. -* Removed bogus test cases that never should have passed. -* Add new test case for crash bug found. - -Fix By: Brad House (@bradh352) ---- - src/lib/inet_net_pton.c | 155 ++++++++++++++++++++----------------- - test/ares-test-internal.cc | 7 +- - 2 files changed, 86 insertions(+), 76 deletions(-) - -diff --git a/src/lib/inet_net_pton.c b/src/lib/inet_net_pton.c -index 840de50..fc50425 100644 ---- a/src/lib/inet_net_pton.c -+++ b/src/lib/inet_net_pton.c -@@ -1,19 +1,20 @@ - - /* -- * Copyright (c) 2004 by Internet Systems Consortium, Inc. ("ISC") -+ * Copyright (c) 2012 by Gilles Chehade - * Copyright (c) 1996,1999 by Internet Software Consortium. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * -- * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES -- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR -- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT -- * OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -+ * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS -+ * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES -+ * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE -+ * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL -+ * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR -+ * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS -+ * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS -+ * SOFTWARE. - */ - - #include "ares_setup.h" -@@ -35,9 +36,6 @@ - - const struct ares_in6_addr ares_in6addr_any = { { { 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 } } }; - -- --#ifndef HAVE_INET_NET_PTON -- - /* - * static int - * inet_net_pton_ipv4(src, dst, size) -@@ -60,7 +58,7 @@ const struct ares_in6_addr ares_in6addr_any = { { { 0,0,0,0,0,0,0,0,0,0,0,0,0,0, - * Paul Vixie (ISC), June 1996 - */ - static int --inet_net_pton_ipv4(const char *src, unsigned char *dst, size_t size) -+ares_inet_net_pton_ipv4(const char *src, unsigned char *dst, size_t size) - { - static const char xdigits[] = "0123456789abcdef"; - static const char digits[] = "0123456789"; -@@ -261,19 +259,14 @@ getv4(const char *src, unsigned char *dst, int *bitsp) - } - - static int --inet_net_pton_ipv6(const char *src, unsigned char *dst, size_t size) -+ares_inet_pton6(const char *src, unsigned char *dst) - { - static const char xdigits_l[] = "0123456789abcdef", -- xdigits_u[] = "0123456789ABCDEF"; -+ xdigits_u[] = "0123456789ABCDEF"; - unsigned char tmp[NS_IN6ADDRSZ], *tp, *endp, *colonp; - const char *xdigits, *curtok; -- int ch, saw_xdigit; -+ int ch, saw_xdigit, count_xdigit; - unsigned int val; -- int digits; -- int bits; -- size_t bytes; -- int words; -- int ipv4; - - memset((tp = tmp), '\0', NS_IN6ADDRSZ); - endp = tp + NS_IN6ADDRSZ; -@@ -283,22 +276,22 @@ inet_net_pton_ipv6(const char *src, unsigned char *dst, size_t size) - if (*++src != ':') - goto enoent; - curtok = src; -- saw_xdigit = 0; -+ saw_xdigit = count_xdigit = 0; - val = 0; -- digits = 0; -- bits = -1; -- ipv4 = 0; - while ((ch = *src++) != '\0') { - const char *pch; - - if ((pch = strchr((xdigits = xdigits_l), ch)) == NULL) - pch = strchr((xdigits = xdigits_u), ch); - if (pch != NULL) { -+ if (count_xdigit >= 4) -+ goto enoent; - val <<= 4; -- val |= aresx_sztoui(pch - xdigits); -- if (++digits > 4) -+ val |= (pch - xdigits); -+ if (val > 0xffff) - goto enoent; - saw_xdigit = 1; -+ count_xdigit++; - continue; - } - if (ch == ':') { -@@ -308,78 +301,107 @@ inet_net_pton_ipv6(const char *src, unsigned char *dst, size_t size) - goto enoent; - colonp = tp; - continue; -- } else if (*src == '\0') -+ } else if (*src == '\0') { - goto enoent; -+ } - if (tp + NS_INT16SZ > endp) -- return (0); -- *tp++ = (unsigned char)((val >> 8) & 0xff); -- *tp++ = (unsigned char)(val & 0xff); -+ goto enoent; -+ *tp++ = (unsigned char) (val >> 8) & 0xff; -+ *tp++ = (unsigned char) val & 0xff; - saw_xdigit = 0; -- digits = 0; -+ count_xdigit = 0; - val = 0; - continue; - } - if (ch == '.' && ((tp + NS_INADDRSZ) <= endp) && -- getv4(curtok, tp, &bits) > 0) { -- tp += NS_INADDRSZ; -+ ares_inet_net_pton_ipv4(curtok, tp, INADDRSZ) > 0) { -+ tp += INADDRSZ; - saw_xdigit = 0; -- ipv4 = 1; -+ count_xdigit = 0; - break; /* '\0' was seen by inet_pton4(). */ - } -- if (ch == '/' && getbits(src, &bits) > 0) -- break; - goto enoent; - } - if (saw_xdigit) { - if (tp + NS_INT16SZ > endp) - goto enoent; -- *tp++ = (unsigned char)((val >> 8) & 0xff); -- *tp++ = (unsigned char)(val & 0xff); -+ *tp++ = (unsigned char) (val >> 8) & 0xff; -+ *tp++ = (unsigned char) val & 0xff; - } -- if (bits == -1) -- bits = 128; -- -- words = (bits + 15) / 16; -- if (words < 2) -- words = 2; -- if (ipv4) -- words = 8; -- endp = tmp + 2 * words; -- - if (colonp != NULL) { - /* - * Since some memmove()'s erroneously fail to handle - * overlapping regions, we'll do the shift by hand. - */ -- const ares_ssize_t n = tp - colonp; -- ares_ssize_t i; -+ const int n = tp - colonp; -+ int i; - - if (tp == endp) - goto enoent; - for (i = 1; i <= n; i++) { -- *(endp - i) = *(colonp + n - i); -- *(colonp + n - i) = 0; -+ endp[- i] = colonp[n - i]; -+ colonp[n - i] = 0; - } - tp = endp; - } - if (tp != endp) - goto enoent; - -- bytes = (bits + 7) / 8; -- if (bytes > size) -- goto emsgsize; -- memcpy(dst, tmp, bytes); -- return (bits); -+ memcpy(dst, tmp, NS_IN6ADDRSZ); -+ return (1); - -- enoent: -+enoent: - SET_ERRNO(ENOENT); - return (-1); - -- emsgsize: -+emsgsize: - SET_ERRNO(EMSGSIZE); - return (-1); - } - -+static int -+ares_inet_net_pton_ipv6(const char *src, unsigned char *dst, size_t size) -+{ -+ struct ares_in6_addr in6; -+ int ret; -+ int bits; -+ size_t bytes; -+ char buf[INET6_ADDRSTRLEN + sizeof("/128")]; -+ char *sep; -+ const char *errstr; -+ -+ if (strlen(src) >= sizeof buf) { -+ SET_ERRNO(EMSGSIZE); -+ return (-1); -+ } -+ strncpy(buf, src, sizeof buf); -+ -+ sep = strchr(buf, '/'); -+ if (sep != NULL) -+ *sep++ = '\0'; -+ -+ ret = ares_inet_pton6(buf, (unsigned char *)&in6); -+ if (ret != 1) -+ return (-1); -+ -+ if (sep == NULL) -+ bits = 128; -+ else { -+ if (!getbits(sep, &bits)) { -+ SET_ERRNO(ENOENT); -+ return (-1); -+ } -+ } -+ -+ bytes = (bits + 7) / 8; -+ if (bytes > size) { -+ SET_ERRNO(EMSGSIZE); -+ return (-1); -+ } -+ memcpy(dst, &in6, bytes); -+ return (bits); -+} -+ - /* - * int - * inet_net_pton(af, src, dst, size) -@@ -403,18 +425,15 @@ ares_inet_net_pton(int af, const char *src, void *dst, size_t size) - { - switch (af) { - case AF_INET: -- return (inet_net_pton_ipv4(src, dst, size)); -+ return (ares_inet_net_pton_ipv4(src, dst, size)); - case AF_INET6: -- return (inet_net_pton_ipv6(src, dst, size)); -+ return (ares_inet_net_pton_ipv6(src, dst, size)); - default: - SET_ERRNO(EAFNOSUPPORT); - return (-1); - } - } - --#endif /* HAVE_INET_NET_PTON */ -- --#ifndef HAVE_INET_PTON - int ares_inet_pton(int af, const char *src, void *dst) - { - int result; -@@ -434,11 +453,3 @@ int ares_inet_pton(int af, const char *src, void *dst) - return 0; - return (result > -1 ? 1 : -1); - } --#else /* HAVE_INET_PTON */ --int ares_inet_pton(int af, const char *src, void *dst) --{ -- /* just relay this to the underlying function */ -- return inet_pton(af, src, dst); --} -- --#endif -diff --git a/test/ares-test-internal.cc b/test/ares-test-internal.cc -index 1cb7e42..40cc82b 100644 ---- a/test/ares-test-internal.cc -+++ b/test/ares-test-internal.cc -@@ -123,6 +123,7 @@ TEST_F(LibraryTest, InetPtoN) { - EXPECT_EQ(0, ares_inet_net_pton(AF_INET6, "12:34::ff/0", &a6, sizeof(a6))); - EXPECT_EQ(16 * 8, ares_inet_net_pton(AF_INET6, "12:34::ffff:0.2", &a6, sizeof(a6))); - EXPECT_EQ(16 * 8, ares_inet_net_pton(AF_INET6, "1234:1234:1234:1234:1234:1234:1234:1234", &a6, sizeof(a6))); -+ EXPECT_EQ(2, ares_inet_net_pton(AF_INET6, "0::00:00:00/2", &a6, sizeof(a6))); - - // Various malformed versions - EXPECT_EQ(-1, ares_inet_net_pton(AF_INET, "", &a4, sizeof(a4))); -@@ -160,11 +161,9 @@ TEST_F(LibraryTest, InetPtoN) { - EXPECT_EQ(-1, ares_inet_net_pton(AF_INET6, ":1234:1234:1234:1234:1234:1234:1234:1234", &a6, sizeof(a6))); - EXPECT_EQ(-1, ares_inet_net_pton(AF_INET6, ":1234:1234:1234:1234:1234:1234:1234:1234:", &a6, sizeof(a6))); - EXPECT_EQ(-1, ares_inet_net_pton(AF_INET6, "1234:1234:1234:1234:1234:1234:1234:1234:5678", &a6, sizeof(a6))); -- // TODO(drysdale): check whether the next two tests should give -1. -- EXPECT_EQ(0, ares_inet_net_pton(AF_INET6, "1234:1234:1234:1234:1234:1234:1234:1234:5678:5678", &a6, sizeof(a6))); -- EXPECT_EQ(0, ares_inet_net_pton(AF_INET6, "1234:1234:1234:1234:1234:1234:1234:1234:5678:5678:5678", &a6, sizeof(a6))); -+ EXPECT_EQ(-1, ares_inet_net_pton(AF_INET6, "1234:1234:1234:1234:1234:1234:1234:1234:5678:5678", &a6, sizeof(a6))); -+ EXPECT_EQ(-1, ares_inet_net_pton(AF_INET6, "1234:1234:1234:1234:1234:1234:1234:1234:5678:5678:5678", &a6, sizeof(a6))); - EXPECT_EQ(-1, ares_inet_net_pton(AF_INET6, "12:34::ffff:257.2.3.4", &a6, sizeof(a6))); -- EXPECT_EQ(-1, ares_inet_net_pton(AF_INET6, "12:34::ffff:002.2.3.4", &a6, sizeof(a6))); - EXPECT_EQ(-1, ares_inet_net_pton(AF_INET6, "12:34::ffff:1.2.3.4.5.6", &a6, sizeof(a6))); - EXPECT_EQ(-1, ares_inet_net_pton(AF_INET6, "12:34::ffff:1.2.3.4.5", &a6, sizeof(a6))); - EXPECT_EQ(-1, ares_inet_net_pton(AF_INET6, "12:34::ffff:1.2.3.z", &a6, sizeof(a6))); --- -2.27.0 - diff --git a/backport-001-CVE-2023-31147.patch b/backport-001-CVE-2023-31147.patch deleted file mode 100644 index 3be1fa153752412330f0132e7cad4702c2e8ee37..0000000000000000000000000000000000000000 --- a/backport-001-CVE-2023-31147.patch +++ /dev/null @@ -1,712 +0,0 @@ -From 823df3b989e59465d17b0a2eb1239a5fc048b4e5 Mon Sep 17 00:00:00 2001 -From: Brad House -Date: Mon, 22 May 2023 06:51:06 -0400 -Subject: [PATCH] Merge pull request from GHSA-8r8p-23f3-64c2 - -* segment random number generation into own file - -* abstract random code to make it more modular so we can have multiple backends - -* rand: add support for arc4random_buf() and also direct CARES_RANDOM_FILE reading - -* autotools: fix detection of arc4random_buf - -* rework initial rc4 seed for PRNG as last fallback - -* rc4: more proper implementation, simplified for clarity - -* clarifications - -Conflict:NA -Reference:https://github.com/c-ares/c-ares/commit/823df3b989e59465d17b0a2eb1239a5fc048b4e5 ---- - CMakeLists.txt | 2 + - configure.ac | 1 + - m4/cares-functions.m4 | 85 +++++++++++ - src/lib/Makefile.inc | 1 + - src/lib/ares_config.h.cmake | 3 + - src/lib/ares_destroy.c | 3 + - src/lib/ares_init.c | 89 ++---------- - src/lib/ares_private.h | 19 ++- - src/lib/ares_query.c | 36 +---- - src/lib/ares_rand.c | 274 ++++++++++++++++++++++++++++++++++++ - 10 files changed, 387 insertions(+), 126 deletions(-) - create mode 100644 src/lib/ares_rand.c - -diff --git a/CMakeLists.txt b/CMakeLists.txt -index 3987d0ab7..e2290af10 100644 ---- a/CMakeLists.txt -+++ b/CMakeLists.txt -@@ -393,6 +393,8 @@ CHECK_SYMBOL_EXISTS (strncasecmp "${CMAKE_EXTRA_INCLUDE_FILES}" HAVE_STRNCAS - CHECK_SYMBOL_EXISTS (strncmpi "${CMAKE_EXTRA_INCLUDE_FILES}" HAVE_STRNCMPI) - CHECK_SYMBOL_EXISTS (strnicmp "${CMAKE_EXTRA_INCLUDE_FILES}" HAVE_STRNICMP) - CHECK_SYMBOL_EXISTS (writev "${CMAKE_EXTRA_INCLUDE_FILES}" HAVE_WRITEV) -+CHECK_SYMBOL_EXISTS (arc4random_buf "${CMAKE_EXTRA_INCLUDE_FILES}" HAVE_ARC4RANDOM_BUF) -+ - - # On Android, the system headers may define __system_property_get(), but excluded - # from libc. We need to perform a link test instead of a header/symbol test. -diff --git a/configure.ac b/configure.ac -index 7884cbb26..54e79d6e2 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -683,6 +683,7 @@ CARES_CHECK_FUNC_STRNCASECMP - CARES_CHECK_FUNC_STRNCMPI - CARES_CHECK_FUNC_STRNICMP - CARES_CHECK_FUNC_WRITEV -+CARES_CHECK_FUNC_ARC4RANDOM_BUF - - - dnl check for AF_INET6 -diff --git a/m4/cares-functions.m4 b/m4/cares-functions.m4 -index 0f3992c7f..d4f4f994c 100644 ---- a/m4/cares-functions.m4 -+++ b/m4/cares-functions.m4 -@@ -3753,3 +3753,88 @@ AC_DEFUN([CARES_CHECK_FUNC_WRITEV], [ - ac_cv_func_writev="no" - fi - ]) -+ -+dnl CARES_CHECK_FUNC_ARC4RANDOM_BUF -+dnl ------------------------------------------------- -+dnl Verify if arc4random_buf is available, prototyped, and -+dnl can be compiled. If all of these are true, and -+dnl usage has not been previously disallowed with -+dnl shell variable cares_disallow_arc4random_buf, then -+dnl HAVE_ARC4RANDOM_BUF will be defined. -+ -+AC_DEFUN([CARES_CHECK_FUNC_ARC4RANDOM_BUF], [ -+ AC_REQUIRE([CARES_INCLUDES_STDLIB])dnl -+ # -+ tst_links_arc4random_buf="unknown" -+ tst_proto_arc4random_buf="unknown" -+ tst_compi_arc4random_buf="unknown" -+ tst_allow_arc4random_buf="unknown" -+ # -+ AC_MSG_CHECKING([if arc4random_buf can be linked]) -+ AC_LINK_IFELSE([ -+ AC_LANG_FUNC_LINK_TRY([arc4random_buf]) -+ ],[ -+ AC_MSG_RESULT([yes]) -+ tst_links_arc4random_buf="yes" -+ ],[ -+ AC_MSG_RESULT([no]) -+ tst_links_arc4random_buf="no" -+ ]) -+ # -+ if test "$tst_links_arc4random_buf" = "yes"; then -+ AC_MSG_CHECKING([if arc4random_buf is prototyped]) -+ AC_EGREP_CPP([arc4random_buf],[ -+ $cares_includes_stdlib -+ ],[ -+ AC_MSG_RESULT([yes]) -+ tst_proto_arc4random_buf="yes" -+ ],[ -+ AC_MSG_RESULT([no]) -+ tst_proto_arc4random_buf="no" -+ ]) -+ fi -+ # -+ if test "$tst_proto_arc4random_buf" = "yes"; then -+ AC_MSG_CHECKING([if arc4random_buf is compilable]) -+ AC_COMPILE_IFELSE([ -+ AC_LANG_PROGRAM([[ -+ $cares_includes_stdlib -+ ]],[[ -+ arc4random_buf(NULL, 0); -+ return 1; -+ ]]) -+ ],[ -+ AC_MSG_RESULT([yes]) -+ tst_compi_arc4random_buf="yes" -+ ],[ -+ AC_MSG_RESULT([no]) -+ tst_compi_arc4random_buf="no" -+ ]) -+ fi -+ # -+ if test "$tst_compi_arc4random_buf" = "yes"; then -+ AC_MSG_CHECKING([if arc4random_buf usage allowed]) -+ if test "x$cares_disallow_arc4random_buf" != "xyes"; then -+ AC_MSG_RESULT([yes]) -+ tst_allow_arc4random_buf="yes" -+ else -+ AC_MSG_RESULT([no]) -+ tst_allow_arc4random_buf="no" -+ fi -+ fi -+ # -+ AC_MSG_CHECKING([if arc4random_buf might be used]) -+ if test "$tst_links_arc4random_buf" = "yes" && -+ test "$tst_proto_arc4random_buf" = "yes" && -+ test "$tst_compi_arc4random_buf" = "yes" && -+ test "$tst_allow_arc4random_buf" = "yes"; then -+ AC_MSG_RESULT([yes]) -+ AC_DEFINE_UNQUOTED(HAVE_ARC4RANDOM_BUF, 1, -+ [Define to 1 if you have the arc4random_buf function.]) -+ ac_cv_func_arc4random_buf="yes" -+ else -+ AC_MSG_RESULT([no]) -+ ac_cv_func_arc4random_buf="no" -+ fi -+]) -+ -diff --git a/src/lib/Makefile.inc b/src/lib/Makefile.inc -index 140378d67..49bbe6016 100644 ---- a/src/lib/Makefile.inc -+++ b/src/lib/Makefile.inc -@@ -45,6 +45,7 @@ CSOURCES = ares__addrinfo2hostent.c \ - ares_platform.c \ - ares_process.c \ - ares_query.c \ -+ ares_rand.c \ - ares_search.c \ - ares_send.c \ - ares_strcasecmp.c \ -diff --git a/src/lib/ares_config.h.cmake b/src/lib/ares_config.h.cmake -index fddb78535..798820a3a 100644 ---- a/src/lib/ares_config.h.cmake -+++ b/src/lib/ares_config.h.cmake -@@ -346,6 +346,9 @@ - /* Define to 1 if you need the memory.h header file even with stdlib.h */ - #cmakedefine NEED_MEMORY_H - -+/* Define if have arc4random_buf() */ -+#cmakedefine HAVE_ARC4RANDOM_BUF -+ - /* a suitable file/device to read random data from */ - #cmakedefine CARES_RANDOM_FILE "@CARES_RANDOM_FILE@" - -diff --git a/src/lib/ares_destroy.c b/src/lib/ares_destroy.c -index 7ec2bde5a..62c899f82 100644 ---- a/src/lib/ares_destroy.c -+++ b/src/lib/ares_destroy.c -@@ -95,6 +95,9 @@ void ares_destroy(ares_channel channel) - if (channel->resolvconf_path) - ares_free(channel->resolvconf_path); - -+ if (channel->rand_state) -+ ares__destroy_rand_state(channel->rand_state); -+ - ares_free(channel); - } - -diff --git a/src/lib/ares_init.c b/src/lib/ares_init.c -index c7ca7af1b..0519f43e5 100644 ---- a/src/lib/ares_init.c -+++ b/src/lib/ares_init.c -@@ -87,7 +76,6 @@ static int config_nameserver(struct server_state **servers, int *nservers, - static int set_search(ares_channel channel, const char *str); - static int set_options(ares_channel channel, const char *str); - static const char *try_option(const char *p, const char *q, const char *opt); --static int init_id_key(rc4_key* key,int key_data_len); - - static int config_sortlist(struct apattern **sortlist, int *nsort, - const char *str); -@@ -165,6 +153,7 @@ int ares_init_options(ares_channel *channelptr, struct ares_options *options, - channel->sock_funcs = NULL; - channel->sock_func_cb_data = NULL; - channel->resolvconf_path = NULL; -+ channel->rand_state = NULL; - - channel->last_server = 0; - channel->last_timeout_processed = (time_t)now.tv_sec; -@@ -218,9 +207,13 @@ int ares_init_options(ares_channel *channelptr, struct ares_options *options, - /* Generate random key */ - - if (status == ARES_SUCCESS) { -- status = init_id_key(&channel->id_key, ARES_ID_KEY_LEN); -+ channel->rand_state = ares__init_rand_state(); -+ if (channel->rand_state == NULL) { -+ status = ARES_ENOMEM; -+ } -+ - if (status == ARES_SUCCESS) -- channel->next_id = ares__generate_new_id(&channel->id_key); -+ channel->next_id = ares__generate_new_id(channel->rand_state); - else - DEBUGF(fprintf(stderr, "Error: init_id_key failed: %s\n", - ares_strerror(status))); -@@ -242,6 +235,8 @@ int ares_init_options(ares_channel *channelptr, struct ares_options *options, - ares_free(channel->lookups); - if(channel->resolvconf_path) - ares_free(channel->resolvconf_path); -+ if (channel->rand_state) -+ ares__destroy_rand_state(channel->rand_state); - ares_free(channel); - return status; - } -@@ -2182,76 +2177,6 @@ static int sortlist_alloc(struct apattern **sortlist, int *nsort, - return 1; - } - --/* initialize an rc4 key. If possible a cryptographically secure random key -- is generated using a suitable function (for example win32's RtlGenRandom as -- described in -- http://blogs.msdn.com/michael_howard/archive/2005/01/14/353379.aspx -- otherwise the code defaults to cross-platform albeit less secure mechanism -- using rand --*/ --static void randomize_key(unsigned char* key,int key_data_len) --{ -- int randomized = 0; -- int counter=0; --#ifdef WIN32 -- BOOLEAN res; -- if (ares_fpSystemFunction036) -- { -- res = (*ares_fpSystemFunction036) (key, key_data_len); -- if (res) -- randomized = 1; -- } --#else /* !WIN32 */ --#ifdef CARES_RANDOM_FILE -- FILE *f = fopen(CARES_RANDOM_FILE, "rb"); -- if(f) { -- setvbuf(f, NULL, _IONBF, 0); -- counter = aresx_uztosi(fread(key, 1, key_data_len, f)); -- fclose(f); -- } --#endif --#endif /* WIN32 */ -- -- if (!randomized) { -- for (;counterstate[0]; -- for(counter = 0; counter < 256; counter++) -- /* unnecessary AND but it keeps some compilers happier */ -- state[counter] = (unsigned char)(counter & 0xff); -- randomize_key(key->state,key_data_len); -- key->x = 0; -- key->y = 0; -- index1 = 0; -- index2 = 0; -- for(counter = 0; counter < 256; counter++) -- { -- index2 = (unsigned char)((key_data_ptr[index1] + state[counter] + -- index2) % 256); -- ARES_SWAP_BYTE(&state[counter], &state[index2]); -- -- index1 = (unsigned char)((index1 + 1) % key_data_len); -- } -- ares_free(key_data_ptr); -- return ARES_SUCCESS; --} -- - void ares_set_local_ip4(ares_channel channel, unsigned int local_ip) - { - channel->local_ip4 = local_ip; -diff --git a/src/lib/ares_private.h b/src/lib/ares_private.h -index 53043a651..b6eab8a7d 100644 ---- a/src/lib/ares_private.h -+++ b/src/lib/ares_private.h -@@ -101,8 +101,6 @@ W32_FUNC const char *_w32_GetHostsFile (void); - - #endif - --#define ARES_ID_KEY_LEN 31 -- - #include "ares_ipv6.h" - #include "ares_llist.h" - -@@ -262,12 +260,8 @@ struct apattern { - unsigned short type; - }; - --typedef struct rc4_key --{ -- unsigned char state[256]; -- unsigned char x; -- unsigned char y; --} rc4_key; -+struct ares_rand_state; -+typedef struct ares_rand_state ares_rand_state; - - struct ares_channeldata { - /* Configuration data */ -@@ -302,8 +296,8 @@ struct ares_channeldata { - - /* ID to use for next query */ - unsigned short next_id; -- /* key to use when generating new ids */ -- rc4_key id_key; -+ /* random state to use when generating new ids */ -+ ares_rand_state *rand_state; - - /* Generation number to use for the next TCP socket open/close */ - int tcp_connection_generation; -@@ -362,7 +356,10 @@ void ares__close_sockets(ares_channel channel, struct server_state *server); - int ares__get_hostent(FILE *fp, int family, struct hostent **host); - int ares__read_line(FILE *fp, char **buf, size_t *bufsize); - void ares__free_query(struct query *query); --unsigned short ares__generate_new_id(rc4_key* key); -+ -+ares_rand_state *ares__init_rand_state(void); -+void ares__destroy_rand_state(ares_rand_state *state); -+unsigned short ares__generate_new_id(ares_rand_state *state); - struct timeval ares__tvnow(void); - int ares__expand_name_validated(const unsigned char *encoded, - const unsigned char *abuf, -diff --git a/src/lib/ares_query.c b/src/lib/ares_query.c -index 508274db3..42323bec5 100644 ---- a/src/lib/ares_query.c -+++ b/src/lib/ares_query.c -@@ -33,32 +33,6 @@ struct qquery { - - static void qcallback(void *arg, int status, int timeouts, unsigned char *abuf, int alen); - --static void rc4(rc4_key* key, unsigned char *buffer_ptr, int buffer_len) --{ -- unsigned char x; -- unsigned char y; -- unsigned char* state; -- unsigned char xorIndex; -- int counter; -- -- x = key->x; -- y = key->y; -- -- state = &key->state[0]; -- for(counter = 0; counter < buffer_len; counter ++) -- { -- x = (unsigned char)((x + 1) % 256); -- y = (unsigned char)((state[x] + y) % 256); -- ARES_SWAP_BYTE(&state[x], &state[y]); -- -- xorIndex = (unsigned char)((state[x] + state[y]) % 256); -- -- buffer_ptr[counter] = (unsigned char)(buffer_ptr[counter]^state[xorIndex]); -- } -- key->x = x; -- key->y = y; --} -- - static struct query* find_query_by_id(ares_channel channel, unsigned short id) - { - unsigned short qid; -@@ -78,7 +52,6 @@ static struct query* find_query_by_id(ares_channel channel, unsigned short id) - return NULL; - } - -- - /* a unique query id is generated using an rc4 key. Since the id may already - be used by a running query (as infrequent as it may be), a lookup is - performed per id generation. In practice this search should happen only -@@ -89,19 +62,12 @@ static unsigned short generate_unique_id(ares_channel channel) - unsigned short id; - - do { -- id = ares__generate_new_id(&channel->id_key); -+ id = ares__generate_new_id(channel->rand_state); - } while (find_query_by_id(channel, id)); - - return (unsigned short)id; - } - --unsigned short ares__generate_new_id(rc4_key* key) --{ -- unsigned short r=0; -- rc4(key, (unsigned char *)&r, sizeof(r)); -- return r; --} -- - void ares_query(ares_channel channel, const char *name, int dnsclass, - int type, ares_callback callback, void *arg) - { -diff --git a/src/lib/ares_rand.c b/src/lib/ares_rand.c -new file mode 100644 -index 000000000..a564bc236 ---- /dev/null -+++ b/src/lib/ares_rand.c -@@ -0,0 +1,274 @@ -+/* Copyright 1998 by the Massachusetts Institute of Technology. -+ * Copyright (C) 2007-2013 by Daniel Stenberg -+ * -+ * Permission to use, copy, modify, and distribute this -+ * software and its documentation for any purpose and without -+ * fee is hereby granted, provided that the above copyright -+ * notice appear in all copies and that both that copyright -+ * notice and this permission notice appear in supporting -+ * documentation, and that the name of M.I.T. not be used in -+ * advertising or publicity pertaining to distribution of the -+ * software without specific, written prior permission. -+ * M.I.T. makes no representations about the suitability of -+ * this software for any purpose. It is provided "as is" -+ * without express or implied warranty. -+ */ -+ -+#include "ares_setup.h" -+#include "ares.h" -+#include "ares_private.h" -+#include "ares_nowarn.h" -+#include -+ -+typedef enum { -+ ARES_RAND_OS = 1, /* OS-provided such as RtlGenRandom or arc4random */ -+ ARES_RAND_FILE = 2, /* OS file-backed random number generator */ -+ ARES_RAND_RC4 = 3 /* Internal RC4 based PRNG */ -+} ares_rand_backend; -+ -+typedef struct ares_rand_rc4 -+{ -+ unsigned char S[256]; -+ size_t i; -+ size_t j; -+} ares_rand_rc4; -+ -+struct ares_rand_state -+{ -+ ares_rand_backend type; -+ union { -+ FILE *rand_file; -+ ares_rand_rc4 rc4; -+ } state; -+}; -+ -+ -+/* Define RtlGenRandom = SystemFunction036. This is in advapi32.dll. There is -+ * no need to dynamically load this, other software used widely does not. -+ * http://blogs.msdn.com/michael_howard/archive/2005/01/14/353379.aspx -+ * https://docs.microsoft.com/en-us/windows/win32/api/ntsecapi/nf-ntsecapi-rtlgenrandom -+ */ -+#ifdef _WIN32 -+BOOLEAN WINAPI SystemFunction036(PVOID RandomBuffer, ULONG RandomBufferLength); -+# ifndef RtlGenRandom -+# define RtlGenRandom(a,b) SystemFunction036(a,b) -+# endif -+#endif -+ -+ -+#define ARES_RC4_KEY_LEN 32 /* 256 bits */ -+ -+static unsigned int ares_u32_from_ptr(void *addr) -+{ -+ if (sizeof(void *) == 8) { -+ return (unsigned int)((((size_t)addr >> 32) & 0xFFFFFFFF) | ((size_t)addr & 0xFFFFFFFF)); -+ } -+ return (unsigned int)((size_t)addr & 0xFFFFFFFF); -+} -+ -+ -+/* initialize an rc4 key as the last possible fallback. */ -+static void ares_rc4_generate_key(ares_rand_rc4 *rc4_state, unsigned char *key, size_t key_len) -+{ -+ size_t i; -+ size_t len = 0; -+ unsigned int data; -+ struct timeval tv; -+ -+ if (key_len != ARES_RC4_KEY_LEN) -+ return; -+ -+ /* Randomness is hard to come by. Maybe the system randomizes heap and stack addresses. -+ * Maybe the current timestamp give us some randomness. -+ * Use rc4_state (heap), &i (stack), and ares__tvnow() -+ */ -+ data = ares_u32_from_ptr(rc4_state); -+ memcpy(key + len, &data, sizeof(data)); -+ len += sizeof(data); -+ -+ data = ares_u32_from_ptr(&i); -+ memcpy(key + len, &data, sizeof(data)); -+ len += sizeof(data); -+ -+ tv = ares__tvnow(); -+ data = (unsigned int)((tv.tv_sec | tv.tv_usec) & 0xFFFFFFFF); -+ memcpy(key + len, &data, sizeof(data)); -+ len += sizeof(data); -+ -+ srand(ares_u32_from_ptr(rc4_state) | ares_u32_from_ptr(&i) | (unsigned int)((tv.tv_sec | tv.tv_usec) & 0xFFFFFFFF)); -+ -+ for (i=len; iS); i++) { -+ rc4_state->S[i] = i & 0xFF; -+ } -+ -+ for(i = 0, j = 0; i < 256; i++) { -+ j = (j + rc4_state->S[i] + key[i % sizeof(key)]) % 256; -+ ARES_SWAP_BYTE(&rc4_state->S[i], &rc4_state->S[j]); -+ } -+ -+ rc4_state->i = 0; -+ rc4_state->j = 0; -+} -+ -+/* Just outputs the key schedule, no need to XOR with any data since we have none */ -+static void ares_rc4_prng(ares_rand_rc4 *rc4_state, unsigned char *buf, int len) -+{ -+ unsigned char *S = rc4_state->S; -+ size_t i = rc4_state->i; -+ size_t j = rc4_state->j; -+ size_t cnt; -+ -+ for (cnt=0; cnti = i; -+ rc4_state->j = j; -+} -+ -+ -+static int ares__init_rand_engine(ares_rand_state *state) -+{ -+ memset(state, 0, sizeof(*state)); -+ -+#if defined(HAVE_ARC4RANDOM_BUF) || defined(_WIN32) -+ state->type = ARES_RAND_OS; -+ return 1; -+#elif defined(CARES_RANDOM_FILE) -+ state->type = ARES_RAND_FILE; -+ state->state.rand_file = fopen(CARES_RANDOM_FILE, "rb"); -+ if (state->state.rand_file) { -+ setvbuf(state->state.rand_file, NULL, _IONBF, 0); -+ return 1; -+ } -+ /* Fall-Thru on failure to RC4 */ -+#endif -+ -+ state->type = ARES_RAND_RC4; -+ ares_rc4_init(&state->state.rc4); -+ -+ /* Currently cannot fail */ -+ return 1; -+} -+ -+ -+ares_rand_state *ares__init_rand_state() -+{ -+ ares_rand_state *state = NULL; -+ -+ state = ares_malloc(sizeof(*state)); -+ if (!state) -+ return NULL; -+ -+ if (!ares__init_rand_engine(state)) { -+ ares_free(state); -+ return NULL; -+ } -+ -+ return state; -+} -+ -+ -+static void ares__clear_rand_state(ares_rand_state *state) -+{ -+ if (!state) -+ return; -+ -+ switch (state->type) { -+ case ARES_RAND_OS: -+ break; -+ case ARES_RAND_FILE: -+ fclose(state->state.rand_file); -+ break; -+ case ARES_RAND_RC4: -+ break; -+ } -+} -+ -+ -+static void ares__reinit_rand(ares_rand_state *state) -+{ -+ ares__clear_rand_state(state); -+ ares__init_rand_engine(state); -+} -+ -+ -+void ares__destroy_rand_state(ares_rand_state *state) -+{ -+ if (!state) -+ return; -+ -+ ares__clear_rand_state(state); -+ ares_free(state); -+} -+ -+ -+static void ares__rand_bytes(ares_rand_state *state, unsigned char *buf, size_t len) -+{ -+ -+ while (1) { -+ size_t rv; -+ size_t bytes_read = 0; -+ -+ switch (state->type) { -+ case ARES_RAND_OS: -+#ifdef _WIN32 -+ RtlGenRandom(buf, len); -+ return; -+#elif defined(HAVE_ARC4RANDOM_BUF) -+ arc4random_buf(buf, len); -+ return; -+#else -+ /* Shouldn't be possible to be here */ -+ break; -+#endif -+ -+ case ARES_RAND_FILE: -+ while (1) { -+ size_t rv = fread(buf + bytes_read, 1, len - bytes_read, state->state.rand_file); -+ if (rv == 0) -+ break; /* critical error, will reinit rand state */ -+ -+ bytes_read += rv; -+ if (bytes_read == len) -+ return; -+ } -+ break; -+ -+ case ARES_RAND_RC4: -+ ares_rc4_prng(&state->state.rc4, buf, len); -+ return; -+ } -+ -+ /* If we didn't return before we got here, that means we had a critical rand -+ * failure and need to reinitialized */ -+ ares__reinit_rand(state); -+ } -+} -+ -+unsigned short ares__generate_new_id(ares_rand_state *state) -+{ -+ unsigned short r=0; -+ -+ ares__rand_bytes(state, (unsigned char *)&r, sizeof(r)); -+ return r; -+} -+ diff --git a/backport-002-CVE-2023-31124_CVE-2023-31147.patch b/backport-002-CVE-2023-31124_CVE-2023-31147.patch deleted file mode 100644 index 14f5728f35f5023677b728a9e750e19c06da0aff..0000000000000000000000000000000000000000 --- a/backport-002-CVE-2023-31124_CVE-2023-31147.patch +++ /dev/null @@ -1,277 +0,0 @@ -From 69950390b2d8063b6540dc75941a30ea56d11918 Mon Sep 17 00:00:00 2001 -From: Ben Noordhuis -Date: Thu, 25 May 2023 21:31:33 +0200 -Subject: [PATCH] rand: add support for getrandom() (#526) - -glibc provides arc4random_buf() but musl does not and /dev/urandom is -not always available. - -Conflict: NA -Reference: https://github.com/c-ares/c-ares/commit/69950390b2d8063b6540dc75941a30ea56d11918 ---- - CMakeLists.txt | 6 +++ - configure.ac | 1 + - include/ares_build.h.cmake | 5 ++ - m4/cares-functions.m4 | 102 ++++++++++++++++++++++++++++++++++++ - src/lib/ares_config.h.cmake | 3 ++ - src/lib/ares_rand.c | 17 +++++- - src/lib/setup_once.h | 4 ++ - 7 files changed, 137 insertions(+), 1 deletion(-) - -diff --git a/CMakeLists.txt b/CMakeLists.txt -index e2290af10..0a403880a 100644 ---- a/CMakeLists.txt -+++ b/CMakeLists.txt -@@ -164,6 +164,7 @@ CARES_FUNCTION_IN_LIBRARY (clock_gettime rt HAVE_LIBRT) - - # Look for necessary includes - CHECK_INCLUDE_FILES (sys/types.h HAVE_SYS_TYPES_H) -+CHECK_INCLUDE_FILES (sys/random.h HAVE_SYS_RANDOM_H) - CHECK_INCLUDE_FILES (sys/socket.h HAVE_SYS_SOCKET_H) - CHECK_INCLUDE_FILES (sys/sockio.h HAVE_SYS_SOCKIO_H) - CHECK_INCLUDE_FILES (arpa/inet.h HAVE_ARPA_INET_H) -@@ -281,6 +282,7 @@ CARES_EXTRAINCLUDE_IFSET (HAVE_STDLIB_H stdlib.h) - CARES_EXTRAINCLUDE_IFSET (HAVE_STRING_H string.h) - CARES_EXTRAINCLUDE_IFSET (HAVE_STRINGS_H strings.h) - CARES_EXTRAINCLUDE_IFSET (HAVE_SYS_IOCTL_H sys/ioctl.h) -+CARES_EXTRAINCLUDE_IFSET (HAVE_SYS_RANDOM_H sys/random.h) - CARES_EXTRAINCLUDE_IFSET (HAVE_SYS_SELECT_H sys/select.h) - CARES_EXTRAINCLUDE_IFSET (HAVE_SYS_SOCKET_H sys/socket.h) - CARES_EXTRAINCLUDE_IFSET (HAVE_SYS_SOCKIO_H sys/sockio.h) -@@ -365,6 +367,7 @@ CHECK_SYMBOL_EXISTS (gethostbyaddr "${CMAKE_EXTRA_INCLUDE_FILES}" HAVE_GETHOST - CHECK_SYMBOL_EXISTS (gethostbyname "${CMAKE_EXTRA_INCLUDE_FILES}" HAVE_GETHOSTBYNAME) - CHECK_SYMBOL_EXISTS (gethostname "${CMAKE_EXTRA_INCLUDE_FILES}" HAVE_GETHOSTNAME) - CHECK_SYMBOL_EXISTS (getnameinfo "${CMAKE_EXTRA_INCLUDE_FILES}" HAVE_GETNAMEINFO) -+CHECK_SYMBOL_EXISTS (getrandom "${CMAKE_EXTRA_INCLUDE_FILES}" HAVE_GETRANDOM) - CHECK_SYMBOL_EXISTS (getservbyport_r "${CMAKE_EXTRA_INCLUDE_FILES}" HAVE_GETSERVBYPORT_R) - CHECK_SYMBOL_EXISTS (getservbyname_r "${CMAKE_EXTRA_INCLUDE_FILES}" HAVE_GETSERVBYNAME_R) - CHECK_SYMBOL_EXISTS (gettimeofday "${CMAKE_EXTRA_INCLUDE_FILES}" HAVE_GETTIMEOFDAY) -@@ -562,6 +565,9 @@ ENDIF () - IF (HAVE_SYS_TYPES_H) - SET (CARES_HAVE_SYS_TYPES_H 1) - ENDIF () -+IF (HAVE_SYS_RANDOM_H) -+ SET (CARES_HAVE_SYS_RANDOM_H 1) -+ENDIF() - IF (HAVE_SYS_SOCKET_H) - SET (CARES_HAVE_SYS_SOCKET_H 1) - ENDIF() -diff --git a/configure.ac b/configure.ac -index 54e79d6e2..2d65eb73c 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -666,6 +666,7 @@ CARES_CHECK_FUNC_GETENV - CARES_CHECK_FUNC_GETHOSTBYADDR - CARES_CHECK_FUNC_GETHOSTBYNAME - CARES_CHECK_FUNC_GETHOSTNAME -+CARES_CHECK_FUNC_GETRANDOM - CARES_CHECK_FUNC_GETSERVBYPORT_R - CARES_CHECK_FUNC_INET_NET_PTON - CARES_CHECK_FUNC_INET_NTOP -diff --git a/include/ares_build.h.cmake b/include/ares_build.h.cmake -index e847f17ea..6bad69a21 100644 ---- a/include/ares_build.h.cmake -+++ b/include/ares_build.h.cmake -@@ -8,6 +8,7 @@ - * files. We need to include some dependent headers that may be system specific - * for C-Ares */ - #cmakedefine CARES_HAVE_SYS_TYPES_H -+#cmakedefine CARES_HAVE_SYS_RANDOM_H - #cmakedefine CARES_HAVE_SYS_SOCKET_H - #cmakedefine CARES_HAVE_WINDOWS_H - #cmakedefine CARES_HAVE_WS2TCPIP_H -@@ -20,6 +21,10 @@ - # include - #endif - -+#ifdef CARES_HAVE_SYS_RANDOM_H -+# include -+#endif -+ - #ifdef CARES_HAVE_SYS_SOCKET_H - # include - #endif -diff --git a/m4/cares-functions.m4 b/m4/cares-functions.m4 -index d4f4f994c..ce8d2f908 100644 ---- a/m4/cares-functions.m4 -+++ b/m4/cares-functions.m4 -@@ -186,6 +186,24 @@ cares_includes_stropts="\ - ]) - - -+dnl CARES_INCLUDES_SYS_RANDOM -+dnl ------------------------------------------------- -+dnl Set up variable with list of headers that must be -+dnl included when sys/random.h is to be included. -+ -+AC_DEFUN([CARES_INCLUDES_SYS_RANDOM], [ -+cares_includes_sys_random="\ -+/* includes start */ -+#ifdef HAVE_SYS_RANDOM_H -+# include -+#endif -+/* includes end */" -+ AC_CHECK_HEADERS( -+ sys/random.h, -+ [], [], [$cares_includes_sys_random]) -+]) -+ -+ - dnl CARES_INCLUDES_SYS_SOCKET - dnl ------------------------------------------------- - dnl Set up variable with list of headers that must be -@@ -1520,6 +1538,90 @@ AC_DEFUN([CARES_CHECK_FUNC_GETHOSTNAME], [ - fi - ]) - -+dnl CARES_CHECK_FUNC_GETRANDOM -+dnl ------------------------------------------------- -+dnl Verify if getrandom is available, prototyped, and -+dnl can be compiled. If all of these are true, and -+dnl usage has not been previously disallowed with -+dnl shell variable cares_disallow_getrandom, then -+dnl HAVE_GETRANDOM will be defined. -+ -+AC_DEFUN([CARES_CHECK_FUNC_GETRANDOM], [ -+ AC_REQUIRE([CARES_INCLUDES_SYS_RANDOM])dnl -+ # -+ tst_links_getrandom="unknown" -+ tst_proto_getrandom="unknown" -+ tst_compi_getrandom="unknown" -+ tst_allow_getrandom="unknown" -+ # -+ AC_MSG_CHECKING([if getrandom can be linked]) -+ AC_LINK_IFELSE([ -+ AC_LANG_FUNC_LINK_TRY([getrandom]) -+ ],[ -+ AC_MSG_RESULT([yes]) -+ tst_links_getrandom="yes" -+ ],[ -+ AC_MSG_RESULT([no]) -+ tst_links_getrandom="no" -+ ]) -+ # -+ if test "$tst_links_getrandom" = "yes"; then -+ AC_MSG_CHECKING([if getrandom is prototyped]) -+ AC_EGREP_CPP([getrandom],[ -+ $cares_includes_sys_random -+ ],[ -+ AC_MSG_RESULT([yes]) -+ tst_proto_getrandom="yes" -+ ],[ -+ AC_MSG_RESULT([no]) -+ tst_proto_getrandom="no" -+ ]) -+ fi -+ # -+ if test "$tst_proto_getrandom" = "yes"; then -+ AC_MSG_CHECKING([if getrandom is compilable]) -+ AC_COMPILE_IFELSE([ -+ AC_LANG_PROGRAM([[ -+ $cares_includes_sys_random -+ ]],[[ -+ if(0 != getrandom(0, 0, 0)) -+ return 1; -+ ]]) -+ ],[ -+ AC_MSG_RESULT([yes]) -+ tst_compi_getrandom="yes" -+ ],[ -+ AC_MSG_RESULT([no]) -+ tst_compi_getrandom="no" -+ ]) -+ fi -+ # -+ if test "$tst_compi_getrandom" = "yes"; then -+ AC_MSG_CHECKING([if getrandom usage allowed]) -+ if test "x$cares_disallow_getrandom" != "xyes"; then -+ AC_MSG_RESULT([yes]) -+ tst_allow_getrandom="yes" -+ else -+ AC_MSG_RESULT([no]) -+ tst_allow_getrandom="no" -+ fi -+ fi -+ # -+ AC_MSG_CHECKING([if getrandom might be used]) -+ if test "$tst_links_getrandom" = "yes" && -+ test "$tst_proto_getrandom" = "yes" && -+ test "$tst_compi_getrandom" = "yes" && -+ test "$tst_allow_getrandom" = "yes"; then -+ AC_MSG_RESULT([yes]) -+ AC_DEFINE_UNQUOTED(HAVE_GETRANDOM, 1, -+ [Define to 1 if you have the getrandom function.]) -+ ac_cv_func_getrandom="yes" -+ else -+ AC_MSG_RESULT([no]) -+ ac_cv_func_getrandom="no" -+ fi -+]) -+ - - dnl CARES_CHECK_FUNC_GETSERVBYPORT_R - dnl ------------------------------------------------- -diff --git a/src/lib/ares_config.h.cmake b/src/lib/ares_config.h.cmake -index 798820a3a..db0dfe768 100644 ---- a/src/lib/ares_config.h.cmake -+++ b/src/lib/ares_config.h.cmake -@@ -123,6 +123,9 @@ - /* Define to 1 if you have the getnameinfo function. */ - #cmakedefine HAVE_GETNAMEINFO - -+/* Define to 1 if you have the getrandom function. */ -+#cmakedefine HAVE_GETRANDOM -+ - /* Define to 1 if you have the getservbyport_r function. */ - #cmakedefine HAVE_GETSERVBYPORT_R - -diff --git a/src/lib/ares_rand.c b/src/lib/ares_rand.c -index 766c1e6ea..f07d419d4 100644 ---- a/src/lib/ares_rand.c -+++ b/src/lib/ares_rand.c -@@ -155,7 +155,7 @@ static int ares__init_rand_engine(ares_rand_state *state) - { - memset(state, 0, sizeof(*state)); - --#if defined(HAVE_ARC4RANDOM_BUF) || defined(_WIN32) -+#if defined(HAVE_ARC4RANDOM_BUF) || defined(HAVE_GETRANDOM) || defined(_WIN32) - state->type = ARES_RAND_OS; - return 1; - #elif defined(CARES_RANDOM_FILE) -@@ -241,6 +241,21 @@ static void ares__rand_bytes(ares_rand_state *state, unsigned char *buf, size_t - #elif defined(HAVE_ARC4RANDOM_BUF) - arc4random_buf(buf, len); - return; -+#elif defined(HAVE_GETRANDOM) -+ while (1) { -+ size_t n = len - bytes_read; -+ /* getrandom() on Linux always succeeds and is never -+ * interrupted by a signal when requesting <= 256 bytes. -+ */ -+ ssize_t rv = getrandom(buf + bytes_read, n > 256 ? 256 : n, 0); -+ if (rv <= 0) -+ continue; /* Just retry. */ -+ -+ bytes_read += rv; -+ if (bytes_read == len) -+ return; -+ } -+ break; - #else - /* Shouldn't be possible to be here */ - break; -diff --git a/src/lib/setup_once.h b/src/lib/setup_once.h -index a8cfe6bec..4b0f9cec2 100644 ---- a/src/lib/setup_once.h -+++ b/src/lib/setup_once.h -@@ -91,6 +91,10 @@ - # endif - #endif - -+#ifdef HAVE_SYS_RANDOM_H -+#include -+#endif -+ - #ifdef HAVE_SYS_SOCKET_H - #include - #endif diff --git a/backport-002-CVE-2023-31130.patch b/backport-002-CVE-2023-31130.patch deleted file mode 100644 index e418b360688e6d3694494c7d1ab6f5dc03f26181..0000000000000000000000000000000000000000 --- a/backport-002-CVE-2023-31130.patch +++ /dev/null @@ -1,27 +0,0 @@ -From 424012216c40c8498015b942353e9bb7267e929b Mon Sep 17 00:00:00 2001 -From: bradh352 -Date: Mon, 22 May 2023 06:57:23 -0400 -Subject: [PATCH] windows build fix - ---- - src/lib/inet_net_pton.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/src/lib/inet_net_pton.c b/src/lib/inet_net_pton.c -index fc50425..d94a5f4 100644 ---- a/src/lib/inet_net_pton.c -+++ b/src/lib/inet_net_pton.c -@@ -314,8 +314,8 @@ ares_inet_pton6(const char *src, unsigned char *dst) - continue; - } - if (ch == '.' && ((tp + NS_INADDRSZ) <= endp) && -- ares_inet_net_pton_ipv4(curtok, tp, INADDRSZ) > 0) { -- tp += INADDRSZ; -+ ares_inet_net_pton_ipv4(curtok, tp, NS_INADDRSZ) > 0) { -+ tp += NS_INADDRSZ; - saw_xdigit = 0; - count_xdigit = 0; - break; /* '\0' was seen by inet_pton4(). */ --- -2.27.0 - diff --git a/backport-003-CVE-2023-31130.patch b/backport-003-CVE-2023-31130.patch deleted file mode 100644 index eb27daef1e7c152e87a53475740d23487be1db0c..0000000000000000000000000000000000000000 --- a/backport-003-CVE-2023-31130.patch +++ /dev/null @@ -1,111 +0,0 @@ -From fb79ae7bede940f0fef538472ff8a726df780f8f Mon Sep 17 00:00:00 2001 -From: bradh352 -Date: Mon, 22 May 2023 07:09:40 -0400 -Subject: [PATCH] minor CI issues fixes for imported inet_net_pton - ---- - src/lib/inet_net_pton.c | 53 ++--------------------------------------- - 1 file changed, 2 insertions(+), 51 deletions(-) - -diff --git a/src/lib/inet_net_pton.c b/src/lib/inet_net_pton.c -index d94a5f4..7130f0f 100644 ---- a/src/lib/inet_net_pton.c -+++ b/src/lib/inet_net_pton.c -@@ -214,49 +214,6 @@ getbits(const char *src, int *bitsp) - return (1); - } - --static int --getv4(const char *src, unsigned char *dst, int *bitsp) --{ -- static const char digits[] = "0123456789"; -- unsigned char *odst = dst; -- int n; -- unsigned int val; -- char ch; -- -- val = 0; -- n = 0; -- while ((ch = *src++) != '\0') { -- const char *pch; -- -- pch = strchr(digits, ch); -- if (pch != NULL) { -- if (n++ != 0 && val == 0) /* no leading zeros */ -- return (0); -- val *= 10; -- val += aresx_sztoui(pch - digits); -- if (val > 255) /* range */ -- return (0); -- continue; -- } -- if (ch == '.' || ch == '/') { -- if (dst - odst > 3) /* too many octets? */ -- return (0); -- *dst++ = (unsigned char)val; -- if (ch == '/') -- return (getbits(src, bitsp)); -- val = 0; -- n = 0; -- continue; -- } -- return (0); -- } -- if (n == 0) -- return (0); -- if (dst - odst > 3) /* too many octets? */ -- return (0); -- *dst = (unsigned char)val; -- return 1; --} - - static int - ares_inet_pton6(const char *src, unsigned char *dst) -@@ -287,7 +244,7 @@ ares_inet_pton6(const char *src, unsigned char *dst) - if (count_xdigit >= 4) - goto enoent; - val <<= 4; -- val |= (pch - xdigits); -+ val |= (unsigned int)(pch - xdigits); - if (val > 0xffff) - goto enoent; - saw_xdigit = 1; -@@ -317,7 +274,6 @@ ares_inet_pton6(const char *src, unsigned char *dst) - ares_inet_net_pton_ipv4(curtok, tp, NS_INADDRSZ) > 0) { - tp += NS_INADDRSZ; - saw_xdigit = 0; -- count_xdigit = 0; - break; /* '\0' was seen by inet_pton4(). */ - } - goto enoent; -@@ -333,7 +289,7 @@ ares_inet_pton6(const char *src, unsigned char *dst) - * Since some memmove()'s erroneously fail to handle - * overlapping regions, we'll do the shift by hand. - */ -- const int n = tp - colonp; -+ const int n = (int)(tp - colonp); - int i; - - if (tp == endp) -@@ -353,10 +309,6 @@ ares_inet_pton6(const char *src, unsigned char *dst) - enoent: - SET_ERRNO(ENOENT); - return (-1); -- --emsgsize: -- SET_ERRNO(EMSGSIZE); -- return (-1); - } - - static int -@@ -368,7 +320,6 @@ ares_inet_net_pton_ipv6(const char *src, unsigned char *dst, size_t size) - size_t bytes; - char buf[INET6_ADDRSTRLEN + sizeof("/128")]; - char *sep; -- const char *errstr; - - if (strlen(src) >= sizeof buf) { - SET_ERRNO(EMSGSIZE); --- -2.27.0 - diff --git a/backport-003-CVE-2023-31147.patch b/backport-003-CVE-2023-31147.patch deleted file mode 100644 index 07e1ce41051afd2edf7a6fd155fc20b63f07317a..0000000000000000000000000000000000000000 --- a/backport-003-CVE-2023-31147.patch +++ /dev/null @@ -1,32 +0,0 @@ -From 00f47ed830fc22775ffdc2bc2a691372684fae4f Mon Sep 17 00:00:00 2001 -From: bradh352 -Date: Mon, 22 May 2023 07:02:59 -0400 -Subject: [PATCH] ares_rand static analysis fixes from CI - -Conflict: NA -Reference: https://github.com/c-ares/c-ares/commit/00f47ed830fc22775ffdc2bc2a691372684fae4f ---- - src/lib/ares_rand.c | 3 +-- - 1 file changed, 1 insertion(+), 2 deletions(-) - -diff --git a/src/lib/ares_rand.c b/src/lib/ares_rand.c -index a564bc23..a55a90bf 100644 ---- a/src/lib/ares_rand.c -+++ b/src/lib/ares_rand.c -@@ -125,7 +125,7 @@ static void ares_rc4_init(ares_rand_rc4 *rc4_state) - } - - /* Just outputs the key schedule, no need to XOR with any data since we have none */ --static void ares_rc4_prng(ares_rand_rc4 *rc4_state, unsigned char *buf, int len) -+static void ares_rc4_prng(ares_rand_rc4 *rc4_state, unsigned char *buf, size_t len) - { - unsigned char *S = rc4_state->S; - size_t i = rc4_state->i; -@@ -225,7 +225,6 @@ static void ares__rand_bytes(ares_rand_state *state, unsigned char *buf, size_t - { - - while (1) { -- size_t rv; - size_t bytes_read = 0; - - switch (state->type) { diff --git a/backport-004-CVE-2023-31147.patch b/backport-004-CVE-2023-31147.patch deleted file mode 100644 index ecc98ff93ec3aba2a4801f7afc4dbeccd7b6cae9..0000000000000000000000000000000000000000 --- a/backport-004-CVE-2023-31147.patch +++ /dev/null @@ -1,33 +0,0 @@ -From 7da53555c284e896baabdaef441e883bf5245f11 Mon Sep 17 00:00:00 2001 -From: bradh352 -Date: Mon, 22 May 2023 07:37:38 -0400 -Subject: [PATCH] windows MSVC compiler fix on 32bit - -Conflict: NA -Reference: https://github.com/c-ares/c-ares/commit/7da53555c284e896baabdaef441e883bf5245f11 ---- - src/lib/ares_rand.c | 8 +++++++- - 1 file changed, 7 insertions(+), 1 deletion(-) - -diff --git a/src/lib/ares_rand.c b/src/lib/ares_rand.c -index a55a90bf..766c1e6e 100644 ---- a/src/lib/ares_rand.c -+++ b/src/lib/ares_rand.c -@@ -58,10 +58,16 @@ BOOLEAN WINAPI SystemFunction036(PVOID RandomBuffer, ULONG RandomBufferLength); - - #define ARES_RC4_KEY_LEN 32 /* 256 bits */ - -+#ifdef _MSC_VER -+typedef unsigned __int64 cares_u64; -+#else -+typedef unsigned long long cares_u64; -+#endif -+ - static unsigned int ares_u32_from_ptr(void *addr) - { - if (sizeof(void *) == 8) { -- return (unsigned int)((((size_t)addr >> 32) & 0xFFFFFFFF) | ((size_t)addr & 0xFFFFFFFF)); -+ return (unsigned int)((((cares_u64)addr >> 32) & 0xFFFFFFFF) | ((cares_u64)addr & 0xFFFFFFFF)); - } - return (unsigned int)((size_t)addr & 0xFFFFFFFF); - } diff --git a/backport-005-CVE-2023-31147.patch b/backport-005-CVE-2023-31147.patch deleted file mode 100644 index 7ab1b68d9368752aaf7b7e770ddceb74386a45cd..0000000000000000000000000000000000000000 --- a/backport-005-CVE-2023-31147.patch +++ /dev/null @@ -1,36 +0,0 @@ -From 6360e96b5cf8e5980c887ce58ef727e53d77243a Mon Sep 17 00:00:00 2001 -From: bradh352 -Date: Mon, 22 May 2023 08:01:38 -0400 -Subject: [PATCH] Makefile.inc Windows requires tabs not spaces for nmake - -Conflict: NA -Reference: https://github.com/c-ares/c-ares/commit/6360e96b5cf8e5980c887ce58ef727e53d77243a ---- - src/lib/Makefile.inc | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/src/lib/Makefile.inc b/src/lib/Makefile.inc -index 49bbe60..02d8d58 100644 ---- a/src/lib/Makefile.inc -+++ b/src/lib/Makefile.inc -@@ -45,7 +45,7 @@ CSOURCES = ares__addrinfo2hostent.c \ - ares_platform.c \ - ares_process.c \ - ares_query.c \ -- ares_rand.c \ -+ ares_rand.c \ - ares_search.c \ - ares_send.c \ - ares_strcasecmp.c \ -@@ -60,7 +60,7 @@ CSOURCES = ares__addrinfo2hostent.c \ - inet_ntop.c \ - windows_port.c - --HHEADERS = ares_android.h \ -+HHEADERS = ares_android.h \ - ares_data.h \ - ares_getenv.h \ - ares_inet_net_pton.h \ --- -2.33.0 - diff --git a/backport-CVE-2023-31124.patch b/backport-CVE-2023-31124.patch deleted file mode 100644 index 34431286d5570d053a2e78adf4f8bd5302846e58..0000000000000000000000000000000000000000 --- a/backport-CVE-2023-31124.patch +++ /dev/null @@ -1,71 +0,0 @@ -From c4930223e51d0e3dbfd8b2a814f4be2e269e2a9d Mon Sep 17 00:00:00 2001 -From: Brad House -Date: Sun, 30 Apr 2023 14:53:34 -0400 -Subject: [PATCH] Merge pull request from GHSA-54xr-f67r-4pc4 - -* CARES_RANDOM_FILE should always default to /dev/urandom - -During cross-compilation, CARES_RANDOM_FILE may not be able to be appropriately -detected, therefore we should always set it to /dev/urandom and allow the -entity requesting compilation override the value. The code does appropriately -fall back if CARES_RANDOM_FILE cannot be opened. - -* use set not option - -Conflict: NA -Reference: https://github.com/c-ares/c-ares/commit/c4930223e51d0e3dbfd8b2a814f4be2e269e2a9d ---- - CMakeLists.txt | 6 ++---- - configure.ac | 12 +----------- - 2 files changed, 3 insertions(+), 15 deletions(-) - -diff --git a/CMakeLists.txt b/CMakeLists.txt -index 7a29fef..0ec8d41 100644 ---- a/CMakeLists.txt -+++ b/CMakeLists.txt -@@ -36,6 +36,8 @@ OPTION (CARES_STATIC_PIC "Build the static library as PIC (position independent) - OPTION (CARES_BUILD_TESTS "Build and run tests" OFF) - OPTION (CARES_BUILD_CONTAINER_TESTS "Build and run container tests (implies CARES_BUILD_TESTS, Linux only)" OFF) - OPTION (CARES_BUILD_TOOLS "Build tools" ON) -+SET (CARES_RANDOM_FILE "/dev/urandom" CACHE STRING "Suitable File / Device Path for entropy, such as /dev/urandom") -+ - - # Tests require static to be enabled on Windows to be able to access otherwise hidden symbols - IF (CARES_BUILD_TESTS AND (NOT CARES_STATIC) AND WIN32) -@@ -402,10 +404,6 @@ SET (CMAKE_REQUIRED_DEFINITIONS) - SET (CMAKE_REQUIRED_LIBRARIES) - - --find_file(CARES_RANDOM_FILE urandom /dev) --mark_as_advanced(CARES_RANDOM_FILE) -- -- - ################################################################################ - # recv, recvfrom, send, getnameinfo, gethostname - # ARGUMENTS AND RETURN VALUES -diff --git a/configure.ac b/configure.ac -index 56a570b..f8ebd07 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -896,17 +896,7 @@ AC_ARG_WITH(random, - AS_HELP_STRING([--with-random=FILE], - [read randomness from FILE (default=/dev/urandom)]), - [ CARES_RANDOM_FILE="$withval" ], -- [ -- dnl Check for random device. If we're cross compiling, we can't -- dnl check, and it's better to assume it doesn't exist than it is -- dnl to fail on AC_CHECK_FILE or later. -- if test "$cross_compiling" = "no"; then -- AC_CHECK_FILE("/dev/urandom", [ CARES_RANDOM_FILE="/dev/urandom"] ) -- else -- AC_MSG_WARN([cannot check for /dev/urandom while cross compiling; assuming none]) -- fi -- -- ] -+ [ CARES_RANDOM_FILE="/dev/urandom" ] - ) - if test -n "$CARES_RANDOM_FILE" && test X"$CARES_RANDOM_FILE" != Xno ; then - AC_SUBST(CARES_RANDOM_FILE) --- -2.33.0 - diff --git a/backport-CVE-2023-32067.patch b/backport-CVE-2023-32067.patch deleted file mode 100644 index f10eed76ba2cddb8faf71e15a0a3930959cb17db..0000000000000000000000000000000000000000 --- a/backport-CVE-2023-32067.patch +++ /dev/null @@ -1,82 +0,0 @@ -From b9b8413cfdb70a3f99e1573333b23052d57ec1ae Mon Sep 17 00:00:00 2001 -From: Brad House -Date: Mon, 22 May 2023 06:51:49 -0400 -Subject: [PATCH] Merge pull request from GHSA-9g78-jv2r-p7vc - ---- - src/lib/ares_process.c | 41 +++++++++++++++++++++++++---------------- - 1 file changed, 25 insertions(+), 16 deletions(-) - -diff --git a/src/lib/ares_process.c b/src/lib/ares_process.c -index bf0cde4..6cac0a9 100644 ---- a/src/lib/ares_process.c -+++ b/src/lib/ares_process.c -@@ -470,7 +470,7 @@ static void read_udp_packets(ares_channel channel, fd_set *read_fds, - { - struct server_state *server; - int i; -- ares_ssize_t count; -+ ares_ssize_t read_len; - unsigned char buf[MAXENDSSZ + 1]; - #ifdef HAVE_RECVFROM - ares_socklen_t fromlen; -@@ -513,32 +513,41 @@ static void read_udp_packets(ares_channel channel, fd_set *read_fds, - /* To reduce event loop overhead, read and process as many - * packets as we can. */ - do { -- if (server->udp_socket == ARES_SOCKET_BAD) -- count = 0; -- -- else { -- if (server->addr.family == AF_INET) -+ if (server->udp_socket == ARES_SOCKET_BAD) { -+ read_len = -1; -+ } else { -+ if (server->addr.family == AF_INET) { - fromlen = sizeof(from.sa4); -- else -+ } else { - fromlen = sizeof(from.sa6); -- count = socket_recvfrom(channel, server->udp_socket, (void *)buf, -- sizeof(buf), 0, &from.sa, &fromlen); -+ } -+ read_len = socket_recvfrom(channel, server->udp_socket, (void *)buf, -+ sizeof(buf), 0, &from.sa, &fromlen); - } - -- if (count == -1 && try_again(SOCKERRNO)) -+ if (read_len == 0) { -+ /* UDP is connectionless, so result code of 0 is a 0-length UDP -+ * packet, and not an indication the connection is closed like on -+ * tcp */ - continue; -- else if (count <= 0) -+ } else if (read_len < 0) { -+ if (try_again(SOCKERRNO)) -+ continue; -+ - handle_error(channel, i, now); -+ - #ifdef HAVE_RECVFROM -- else if (!same_address(&from.sa, &server->addr)) -+ } else if (!same_address(&from.sa, &server->addr)) { - /* The address the response comes from does not match the address we - * sent the request to. Someone may be attempting to perform a cache - * poisoning attack. */ -- break; -+ continue; - #endif -- else -- process_answer(channel, buf, (int)count, i, 0, now); -- } while (count > 0); -+ -+ } else { -+ process_answer(channel, buf, (int)read_len, i, 0, now); -+ } -+ } while (read_len >= 0); - } - } - --- -2.27.0 - diff --git a/backport-add-str-len-check-in-config_sortlist-to-avoid-stack-overflow.patch b/backport-add-str-len-check-in-config_sortlist-to-avoid-stack-overflow.patch deleted file mode 100644 index 99599a4d4c74a76a67fff7e4cc11eb78eb139cbc..0000000000000000000000000000000000000000 --- a/backport-add-str-len-check-in-config_sortlist-to-avoid-stack-overflow.patch +++ /dev/null @@ -1,62 +0,0 @@ -From ac596026e77244481fd68736ae7f15855803a08a Mon Sep 17 00:00:00 2001 -From: hopper-vul -Date: Tue, 13 Dec 2022 19:54:21 +0800 -Subject: [PATCH] Add str len check in config_sortlist to avoid stack overflow - -In ares_set_sortlist, it calls config_sortlist(..., sortstr) to parse -the input str and initialize a sortlist configuration. - -However, ares_set_sortlist has not any checks about the validity of the input str. -It is very easy to create an arbitrary length stack overflow with the unchecked -`memcpy(ipbuf, str, q-str);` and `memcpy(ipbufpfx, str, q-str);` -statements in the config_sortlist call, which could potentially cause severe -security impact in practical programs. - -This commit add necessary check for `ipbuf` and `ipbufpfx` which avoid the -potential stack overflows. - -fixes #496 - -Signed-off-by: hopper-vul ---- - src/lib/ares_init.c | 4 ++++ - test/ares-test-init.cc | 2 ++ - 2 files changed, 6 insertions(+) - -diff --git a/src/lib/ares_init.c b/src/lib/ares_init.c -index de5d86c..d5858f6 100644 ---- a/src/lib/ares_init.c -+++ b/src/lib/ares_init.c -@@ -2243,6 +2243,8 @@ static int config_sortlist(struct apattern **sortlist, int *nsort, - q = str; - while (*q && *q != '/' && *q != ';' && !ISSPACE(*q)) - q++; -+ if (q-str >= 16) -+ return ARES_EBADSTR; - memcpy(ipbuf, str, q-str); - ipbuf[q-str] = '\0'; - /* Find the prefix */ -@@ -2251,6 +2253,8 @@ static int config_sortlist(struct apattern **sortlist, int *nsort, - const char *str2 = q+1; - while (*q && *q != ';' && !ISSPACE(*q)) - q++; -+ if (q-str >= 32) -+ return ARES_EBADSTR; - memcpy(ipbufpfx, str, q-str); - ipbufpfx[q-str] = '\0'; - str = str2; -diff --git a/test/ares-test-init.cc b/test/ares-test-init.cc -index ff6c6c6..c3cb948 100644 ---- a/test/ares-test-init.cc -+++ b/test/ares-test-init.cc -@@ -270,6 +270,8 @@ TEST_F(DefaultChannelTest, SetAddresses) { - - TEST_F(DefaultChannelTest, SetSortlistFailures) { - EXPECT_EQ(ARES_ENODATA, ares_set_sortlist(nullptr, "1.2.3.4")); -+ EXPECT_EQ(ARES_EBADSTR, ares_set_sortlist(channel_, "111.111.111.111*/16")); -+ EXPECT_EQ(ARES_EBADSTR, ares_set_sortlist(channel_, "111.111.111.111/255.255.255.240*")); - EXPECT_EQ(ARES_SUCCESS, ares_set_sortlist(channel_, "xyzzy ; lwk")); - EXPECT_EQ(ARES_SUCCESS, ares_set_sortlist(channel_, "xyzzy ; 0x123")); - } --- -2.33.0 diff --git a/c-ares-1.18.1.tar.gz b/c-ares-1.18.1.tar.gz deleted file mode 100644 index 7523b17dd47f8be70b70d3db6b9367ede5f9fbdf..0000000000000000000000000000000000000000 Binary files a/c-ares-1.18.1.tar.gz and /dev/null differ diff --git a/c-ares-1.19.1.tar.gz b/c-ares-1.19.1.tar.gz new file mode 100644 index 0000000000000000000000000000000000000000..4237a53f7a5dc1cfb4d04a6b6374f8674c32e271 Binary files /dev/null and b/c-ares-1.19.1.tar.gz differ diff --git a/c-ares.spec b/c-ares.spec index 168e3ce4b4ac017cf2e772b195bf20035d6d0dc6..ed33f28c7e681e25034c7e7ddc2b42d36a74ebec 100644 --- a/c-ares.spec +++ b/c-ares.spec @@ -1,27 +1,16 @@ Name: c-ares -Version: 1.18.1 -Release: 6 +Version: 1.19.1 +Release: 1 Summary: A C library for asynchronous DNS requests License: MIT -URL: https://github.com/c-ares/c-ares -Source0: https://github.com/c-ares/c-ares/releases/download/cares-1_18_1/%{name}-%{version}.tar.gz +URL: https://c-ares.org/ +Source0: https://c-ares.org/download/%{name}-%{version}.tar.gz BuildRequires: gcc autoconf automake libtool g++ # Patch0 from Redhat is applied for stopping overriding AC_CONFIG_MACRO_DIR Patch0: 0000-Use-RPM-compiler-options.patch Patch1: backport-disable-live-tests.patch -Patch2: backport-add-str-len-check-in-config_sortlist-to-avoid-stack-overflow.patch -Patch3: backport-CVE-2023-32067.patch -Patch4: backport-001-CVE-2023-31130.patch -Patch5: backport-002-CVE-2023-31130.patch -Patch6: backport-003-CVE-2023-31130.patch -Patch7: backport-001-CVE-2023-31147.patch -Patch8: backport-002-CVE-2023-31124_CVE-2023-31147.patch -Patch9: backport-003-CVE-2023-31147.patch -Patch10: backport-004-CVE-2023-31147.patch -Patch11: backport-005-CVE-2023-31147.patch -Patch12: backport-CVE-2023-31124.patch %description This is c-ares, an asynchronous resolver library. It is intended for applications @@ -71,6 +60,12 @@ cd ../ %{_mandir}/man3/* %changelog +* Tue Jul 25 2023 xinghe - 1.19.1-1 +- Type:requirements +- ID:NA +- SUG:NA +- DESC:update c-ares to 1.19.1 + * Thu Jun 01 2023 xinghe - 1.18.1-6 - Type:CVE - CVE:CVE-2023-31124 CVE-2023-31147