diff --git a/0001-Use-RPM-compiler-options.patch b/0000-Use-RPM-compiler-options.patch similarity index 100% rename from 0001-Use-RPM-compiler-options.patch rename to 0000-Use-RPM-compiler-options.patch diff --git a/0001-Fix-invalid-read-in-ares_parse_soa_reply.patch b/0001-Fix-invalid-read-in-ares_parse_soa_reply.patch new file mode 100644 index 0000000000000000000000000000000000000000..00968b2c6843eb117ff1a91a9e06b196ccc604d7 --- /dev/null +++ b/0001-Fix-invalid-read-in-ares_parse_soa_reply.patch @@ -0,0 +1,25 @@ +commit 1b98172b141fe874ad43e679e67506f9b2139043 +Author: lutianxiong <50396812+ltx2018@users.noreply.github.com> +Date: Fri May 22 20:02:21 2020 +0800 + + avoid read-heap-buffer-overflow (#332) + + Fix invalid read in ares_parse_soa_reply.c found during fuzzing + + Fixes Bug: #333 + Fix By: lutianxiong (@ltx2018) + +diff --git a/ares_parse_soa_reply.c b/ares_parse_soa_reply.c +index 2a2cac8..7cfaed2 100644 +--- a/ares_parse_soa_reply.c ++++ b/ares_parse_soa_reply.c +@@ -69,6 +69,9 @@ ares_parse_soa_reply(const unsigned char *abuf, int alen, + status = ares__expand_name_for_response(aptr, abuf, alen, &qname, &len); + if (status != ARES_SUCCESS) + goto failed_stat; ++ ++ if (alen <= len + HFIXEDSZ + 1) ++ goto failed; + aptr += len; + + qclass = DNS_QUESTION_TYPE(aptr); diff --git a/0002-Fix-sizeof-sizeof-addr.saX-sizeof-addr.saX-in-readad.patch b/0002-Fix-sizeof-sizeof-addr.saX-sizeof-addr.saX-in-readad.patch new file mode 100644 index 0000000000000000000000000000000000000000..3065431db04ba2c8bfbf53da55aa2fe835cbad01 --- /dev/null +++ b/0002-Fix-sizeof-sizeof-addr.saX-sizeof-addr.saX-in-readad.patch @@ -0,0 +1,38 @@ +From 4c02944ef1cedb9460825d28b4e5c27988d04dba Mon Sep 17 00:00:00 2001 +From: Ivan Baidakou +Date: Tue, 12 May 2020 14:22:33 +0300 +Subject: [PATCH] Fix: sizeof(sizeof(addr.saX)) -> sizeof(addr.saX) in + readaddrinfo (#331) + +Looks like a sed-gone-wrong, a sizeof inside of a sizeof. + +Fix By: Ivan Baidakou (@basiliscos) +--- + ares__readaddrinfo.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/ares__readaddrinfo.c b/ares__readaddrinfo.c +index dd3abe2..89fea83 100644 +--- a/ares__readaddrinfo.c ++++ b/ares__readaddrinfo.c +@@ -179,7 +179,7 @@ int ares__readaddrinfo(FILE *fp, + } + + node->ai_family = addr.sa.sa_family = AF_INET; +- node->ai_addrlen = sizeof(sizeof(addr.sa4)); ++ node->ai_addrlen = sizeof(addr.sa4); + node->ai_addr = ares_malloc(sizeof(addr.sa4)); + if (!node->ai_addr) + { +@@ -200,7 +200,7 @@ int ares__readaddrinfo(FILE *fp, + } + + node->ai_family = addr.sa.sa_family = AF_INET6; +- node->ai_addrlen = sizeof(sizeof(addr.sa6)); ++ node->ai_addrlen = sizeof(addr.sa6); + node->ai_addr = ares_malloc(sizeof(addr.sa6)); + if (!node->ai_addr) + { +-- +1.8.3.1 + diff --git a/0003-Avoid-buffer-overflow-in-RC4-loop-comparison-336.patch b/0003-Avoid-buffer-overflow-in-RC4-loop-comparison-336.patch new file mode 100644 index 0000000000000000000000000000000000000000..8c61298d56a1b9d7a69c5eb0eb87dd83bfe3ac87 --- /dev/null +++ b/0003-Avoid-buffer-overflow-in-RC4-loop-comparison-336.patch @@ -0,0 +1,38 @@ +From 6d6cd5daf63b812734343bd020677829b13db2ac Mon Sep 17 00:00:00 2001 +From: Fionn Fitzmaurice <1897918+fionn@users.noreply.github.com> +Date: Fri, 3 Jul 2020 07:39:54 +0800 +Subject: [PATCH] Avoid buffer overflow in RC4 loop comparison (#336) + +The rc4 function iterates over a buffer of size buffer_len who's maximum +value is INT_MAX with a counter of type short that is not guaranteed to +have maximum size INT_MAX. + +In circumstances where short is narrower than int and where buffer_len +is larger than the maximum value of a short, it may be possible to loop +infinitely as counter will overflow and never be greater than or equal +to buffer_len. + +The solution is to make the comparison be between types of equal width. +This commit defines counter as an int. + +Fix By: Fionn Fitzmaurice (@fionn) +--- + ares_query.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/ares_query.c b/ares_query.c +index b38b8a6..5bbb2f5 100644 +--- a/ares_query.c ++++ b/ares_query.c +@@ -45,7 +45,7 @@ static void rc4(rc4_key* key, unsigned char *buffer_ptr, int buffer_len) + unsigned char y; + unsigned char* state; + unsigned char xorIndex; +- short counter; ++ int counter; + + x = key->x; + y = key->y; +-- +1.8.3.1 + diff --git a/c-ares-1.15.0.tar.gz b/c-ares-1.15.0.tar.gz deleted file mode 100644 index e39bf4ca90745cf5e3237fd5516e03703ccb0447..0000000000000000000000000000000000000000 Binary files a/c-ares-1.15.0.tar.gz and /dev/null differ diff --git a/c-ares-1.16.1.tar.gz b/c-ares-1.16.1.tar.gz new file mode 100644 index 0000000000000000000000000000000000000000..50b5f3d5097d593e37d964864f00faf544fa23b6 Binary files /dev/null and b/c-ares-1.16.1.tar.gz differ diff --git a/c-ares.spec b/c-ares.spec index 182dcb7aa20bf0bfb91bc44abea2edd21cf3466c..35dcd8c917adb1e905459ad7cb9ecf10e55848c4 100644 --- a/c-ares.spec +++ b/c-ares.spec @@ -1,5 +1,5 @@ Name: c-ares -Version: 1.15.0 +Version: 1.16.1 Release: 1 Summary: A C library for asynchronous DNS requests @@ -9,7 +9,10 @@ Source0: https://github.com/c-ares/c-ares/releases/tag/%{name}-%{version} BuildRequires: gcc autoconf automake libtool # Patch0 from Redhat is applied for stopping overriding AC_CONFIG_MACRO_DIR -Patch0: 0001-Use-RPM-compiler-options.patch +Patch0000: 0000-Use-RPM-compiler-options.patch +Patch0001: 0001-Fix-invalid-read-in-ares_parse_soa_reply.patch +Patch0002: 0002-Fix-sizeof-sizeof-addr.saX-sizeof-addr.saX-in-readad.patch +Patch0003: 0003-Avoid-buffer-overflow-in-RC4-loop-comparison-336.patch %description This is c-ares, an asynchronous resolver library. It is intended for applications which need to perform DNS queries without blocking, or need to perform multiple @@ -39,8 +42,7 @@ make %{?_smp_mflags} %files %doc CHANGES LICENSE.md -%{_libdir}/libcares.so.2.3.0 -%{_libdir}/libcares.so.2 +%{_libdir}/*.so.* %files devel %{_libdir}/pkgconfig/*.pc @@ -53,5 +55,11 @@ make %{?_smp_mflags} %{_mandir}/man3/* %changelog +* Wed Jul 22 2020 gaihuiying - 1.16.1-1 +- Type:requirement +- ID:NA +- SUG:NA +- DESC:update c-ares version to 1.16.1 + * Mon Sep 09 2019 openEuler Buildteam - 1.15.0-1 - Package Init