Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package c-ares for openSUSE:Factory checked
in at 2021-09-13 16:24:22
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/c-ares (Old)
and /work/SRC/openSUSE:Factory/.c-ares.new.1899 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "c-ares"
Mon Sep 13 16:24:22 2021 rev:14 rq:917731 version:1.17.2
Changes:
--------
--- /work/SRC/openSUSE:Factory/c-ares/c-ares.changes 2021-08-16
10:13:53.234933252 +0200
+++ /work/SRC/openSUSE:Factory/.c-ares.new.1899/c-ares.changes 2021-09-13
16:24:53.326769517 +0200
@@ -1,0 +2,15 @@
+Thu Sep 9 12:15:01 UTC 2021 - Adam Majer <adam.ma...@suse.de>
+
+- new upstream website
+- drop multibuild - tests do not require static library anymore
+- spec file cleanup
+- drop sources that were re-added to upstream distibution
+ (c-ares-config.cmake.in ares_dns.h libcares.pc.cmake)
+
+-------------------------------------------------------------------
+Wed Sep 8 14:07:34 UTC 2021 - Adam Majer <adam.ma...@suse.de>
+
+- 5c995d5.patch: augment input validation on hostnames to allow _
+ as part of DNS response (bsc#1190225)
+
+-------------------------------------------------------------------
Old:
----
_multibuild
ares_dns.h
c-ares-config.cmake.in
libcares.pc.cmake
New:
----
5c995d5.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ c-ares.spec ++++++
--- /var/tmp/diff_new_pack.SrENBB/_old 2021-09-13 16:24:53.830770100 +0200
+++ /var/tmp/diff_new_pack.SrENBB/_new 2021-09-13 16:24:53.834770105 +0200
@@ -16,23 +16,6 @@
#
-%global flavor @BUILD_FLAVOR@%{nil}
-
-%if "%{flavor}" == "%{nil}"
-ExclusiveArch: do_not_build
-%define pname c-ares
-%endif
-
-%if "%{flavor}" == "tests"
-%define pname c-ares-tests
-%bcond_without tests
-%endif
-
-%if "%{flavor}" == "main"
-%define pname c-ares
-%bcond_with tests
-%endif
-
%define sonum 2
%define libname libcares%{sonum}
@@ -40,29 +23,24 @@
%define cmake_build make -O VERBOSE=1 %{?_smp_mflags}
%endif
-Name: %{pname}
+Name: c-ares
Version: 1.17.2
Release: 0
Summary: Library for asynchronous name resolves
License: MIT
-URL: https://c-ares.haxx.se/
-Source0: http://c-ares.haxx.se/download/c-ares-%{version}.tar.gz
-Source1: http://c-ares.haxx.se/download/c-ares-%{version}.tar.gz.asc
+URL: https://c-ares.org/
+Source0: https://c-ares.org/download/c-ares-%{version}.tar.gz
+Source1: https://c-ares.org/download/c-ares-%{version}.tar.gz.asc
Source3: c-ares.keyring
Source4: baselibs.conf
-### REMOVE when upstream fixes https://github.com/c-ares/c-ares/issues/373
-Source5: libcares.pc.cmake
-Source6: c-ares-config.cmake.in
-Source7: ares_dns.h
Patch0: 0001-Use-RPM-compiler-options.patch
Patch1: disable-live-tests.patch
+Patch2: https://github.com/c-ares/c-ares/commit/5c995d5.patch
BuildRequires: cmake
BuildRequires: gcc-c++
-%if %{with tests}
+BuildRequires: pkg-config
# Needed for getservbyport_r function to work properly.
BuildRequires: netcfg
-%endif
-BuildRequires: pkg-config
%description
c-ares is a C library that performs DNS requests and name resolves
@@ -106,35 +84,20 @@
This package provides the development libraries and headers needed
to build packages that depend on c-ares.
-
%prep
%autosetup -p1 -n c-ares-%{version}
-cp %{S:5} %{S:6} .
-cp %{S:7} include
-
%build
-
-%cmake \
-%if %{with tests}
- -DCARES_BUILD_TESTS:BOOL=ON \
-%endif
- %{nil}
+%cmake -DCARES_BUILD_TESTS:BOOL=ON
%cmake_build
%install
-%if !%{with tests}
%cmake_install
-%endif
-%if %{with tests}
%check
pushd build
%cmake_build -C test
LD_LIBRARY_PATH=.%_libdir:./%_lib ./bin/arestest
-%endif
-
-%if !%{with tests}
%post -n %{libname} -p /sbin/ldconfig
%postun -n %{libname} -p /sbin/ldconfig
@@ -160,6 +123,4 @@
%{_libdir}/pkgconfig/libcares.pc
%{_libdir}/cmake/c-ares/
-%endif
-
%changelog
++++++ 5c995d5.patch ++++++
>From 5c995d50b05a2c374ae021012afa6f8f4cf2957e Mon Sep 17 00:00:00 2001
From: bradh352 <b...@brad-house.com>
Date: Wed, 8 Sep 2021 07:38:44 -0400
Subject: [PATCH] ares_expand_name should allow underscores (_) as SRV records
legitimately use them
c-ares 1.17.2 introduced response validation to prevent a security issue,
however
it did not have (_) listed as a valid character for domain name responses which
caused issues when a CNAME referenced a SRV record which contained underscores.
While RFC2181 section 11 does explicitly state not to do validation, that
applies
to servers not clients.
Fixes: #424
Fix By: Brad House (@bradh352)
---
src/lib/ares_expand_name.c | 12 +++++++++---
1 file changed, 9 insertions(+), 3 deletions(-)
diff --git a/src/lib/ares_expand_name.c b/src/lib/ares_expand_name.c
index a62c982e..db262ab4 100644
--- a/src/lib/ares_expand_name.c
+++ b/src/lib/ares_expand_name.c
@@ -59,10 +59,16 @@ static int ares__isprint(int ch)
return 0;
}
-/* Character set allowed by hostnames */
+/* Character set allowed by hostnames. This is to include the normal
+ * domain name character set plus underscores which are used in SRV
+ * records. While RFC 2181 section 11 does state not to do validation,
+ * that applies to servers, not clients. Vulnerabilities have been
+ * reported when this validation is not performed. Security is more
+ * important than edge-case compatibility (which is probably invalid
+ * anyhow). */
static int is_hostnamech(int ch)
{
- /* [A-Za-z0-9-.]
+ /* [A-Za-z0-9-._]
* Don't use isalnum() as it is locale-specific
*/
if (ch >= 'A' && ch <= 'Z')
@@ -71,7 +77,7 @@ static int is_hostnamech(int ch)
return 1;
if (ch >= '0' && ch <= '9')
return 1;
- if (ch == '-' || ch == '.')
+ if (ch == '-' || ch == '.' || ch == '_')
return 1;
return 0;
