Re: RC4 usage as a PRNG

On 3/16/21 3:57 PM, Alexey Tikhonov wrote: Hello, commit [1] introduced an embedded implementation of RC4 cipher to generate secure transaction IDs: ``` the implementation to use a more secure way of generating unique IDs. It starts by obtaining a key with reasonable entropy which is used with

Re: Nameserver address which responded to query

up socket state?  If only one fd is returned, can we potentially use getpeername() on the sockfd to fetch nameserver? On Tue, Jan 5, 2021 at 6:41 AM Brad House <mailto:b...@brad-house.com>> wrote: No, that information is not available in the callback. On 1/5/21 3:14 A

Re: Nameserver address which responded to query

No, that information is not available in the callback. On 1/5/21 3:14 AM, Manish Mehra wrote: Hi, In case of primary and secondary DNS nameservers, is there a way to retrieve DNS server address which responded to DNS query? Our application would like to gather this information for telemetry

Re: c-ares 1.17.1 and Solaris 11.3

On 1/1/21 10:30 PM, Jeffrey Walton wrote: In your case, it sounds like /etc/hosts on both systems is not configured appropriately for resolving localhost. So it is a system config issue on the system running the tests. I doubt it. Can you provide the /etc/hosts file from the respective

Re: c-ares 1.17.1 and Solaris 11.3

It is not unusual at all for live tests to fail on build systems or containers which may not be configured as typical production environments. In your case, it sounds like /etc/hosts on both systems is not configured appropriately for resolving localhost.  So it is a system config issue on

Re: Pending patch release

On 11/18/20 5:33 AM, eugeny gladkih wrote: there are more problems:   CCLD libcares.la Making all in tools gmake[3]: ../.././install-sh: Permission denied gmake[3]: *** [Makefile:447: ../lib/.dirstamp] Error 127 gmake[3]: ../.././install-sh: Permission denied gmake[3]:

Re: 1.17.0 compilation errors with cmake

Tracking in https://github.com/c-ares/c-ares/issues/373 On 11/17/20 7:22 AM, Adam Majer wrote: Hi, CMake Error: File /home/abuild/rpmbuild/BUILD/c-ares-1.17.0/c-ares-config.cmake.in does not exist. CMake Error at /usr/share/cmake/Modules/CMakePackageConfigHelpers.cmake:330

Re: --enable-tests configure option?

We are doing OSX on travis but the other systems aren't available on travis. They offer arm64, ppc64le and s390x in "alpha stage":   https://docs.travis-ci.com/user/multi-cpu-architectures/ Nice, maybe I'll try adding it to the travis build matrix then.

Re: --enable-tests configure option?

The problem is c-ares, though a C library, relies on gmock, a C++11 testing framework. We cannot guarantee there is a C++ compiler or that it supports C++11 or higher. I don't have experience with gmock. I think you need some sort of testing. Right now, I cannot test with Asan, UBSan,

Re: --enable-tests configure option?

The problem is c-ares, though a C library, relies on gmock, a C++11 testing framework. We cannot guarantee there is a C++ compiler or that it supports C++11 or higher. I don't have experience with gmock. I think you need some sort of testing. Right now, I cannot test with Asan, UBSan,

Re: How to enable OpenSSL?

c-ares doesn't use openssl. I'm not sure why Makefile.dj has openssl listed at all. My guess is someone copied it from some project that did require openssl. Makefile.dj is not used at all when building except on DOS ... Thanks Brad. Maybe we have stale information. Did c-ares use

Re: --enable-tests configure option?

The problem is c-ares, though a C library, relies on gmock, a C++11 testing framework.  We cannot guarantee there is a C++ compiler or that it supports C++11 or higher. On 7/30/20 9:19 PM, Jeffrey Walton wrote: Hi Everyone, I'm building c-ares 1.16.1 from sources. This caught my eye: $

Re: How to enable OpenSSL?

c-ares doesn't use openssl.  I'm not sure why Makefile.dj has openssl listed at all.  My guess is someone copied it from some project that did require openssl.  Makefile.dj is not used at all when building except on DOS ... On 7/30/20 9:03 PM, Jeffrey Walton wrote: Hi Everyone, I'm trying to

Re: GCC 10 analyzer findings

I'm testing on Fedora 32, which provides GCC 10.1. GCC 10 offers an analyzer. You can engage the analyzer with -fanalyzer. I didn't actually try to understand these exact issues but just want to emphasize that these are still early days for the -fanalyzer option. I spent significant time

Re: ares_init.c:1614: error: 'for' loop initial declaration used outside C99 mode

I was not sure what Daniel is aiming for - c89 or c99. I always aimed for c89 to remain functional even for the most stubborn legacy compilers, as that's where we draw the line for curl and I've always wanted c-ares to be a viable option for curl builds on all platforms curl can build on.

Re: [c-ares] reinit implementation thoughts and questions

Correct, any patch should take other OS's into account.  Even MacOS doesn't use resolv.conf these days.  A linux-only solution is a non-starter.  That said, I'd think at least initially any focus should be on an externally-callable re-init.  Some systems, like android, have notifications for

Re: [RELEASE] c-ares 1.16.0

On 3/13/20 8:12 AM, Daniel Stenberg wrote: On Fri, 13 Mar 2020, Brad House wrote: Any chance you could sync one more time. I fixed another man2html issue ... As of now, the site pulls the source and git repos every hour and updates the site accordingly. Perfect, thanks :)

Re: [RELEASE] c-ares 1.16.0

On 3/13/20 8:02 AM, Daniel Stenberg wrote: On Fri, 13 Mar 2020, Brad House wrote: Also, it seems that the man2html isn't honoring the .PP macro so things don't render nicely.  I committed a change for that just now but doesn't explain why it pulled in an older man page that is wrong

Re: [RELEASE] c-ares 1.16.0

On 3/13/20 7:57 AM, Brad House wrote: On 3/13/20 7:41 AM, Daniel Stenberg wrote: On Fri, 13 Mar 2020, Brad House wrote: Hmm, the ares_getaddrinfo man pages didn't make it onto https://c-ares.haxx.se/docs.html ... what's necessary to do that ? I justed needed to update the git repo

Re: [RELEASE] c-ares 1.16.0

On 3/13/20 7:41 AM, Daniel Stenberg wrote: On Fri, 13 Mar 2020, Brad House wrote: Hmm, the ares_getaddrinfo man pages didn't make it onto https://c-ares.haxx.se/docs.html ... what's necessary to do that ? I justed needed to update the git repo on the site and run make: https://c

Re: [RELEASE] c-ares 1.16.0

),  Andrew Selivanov (@ki11roy), Ben Noordhuis (@bnoordhuis),  Brad House (@bradh352), Christian Ammer (@ChristianAmmer), Dan Noé (@dnoe),  Daniel Stenberg (@bagder), Darrin Cullop (@dwcullop),  Dron Rathore (@DronRathore), Fabrice Fontaine (@ffontaine),  Gregor Jasny (@gjasny), @kedixa, Khaidi Chu

Re: Intended CNAME query behaviour

Replying on #303 on GitHub. On 2/24/20 6:38 PM, Thomas Walton wrote: Hello, I have created https://github.com/c-ares/c-ares/issues/303 because c-ares returns a SUCCESS status when it just receives a CNAME in response to a query (with no A or name provided).  I consider this to be a bug,

Re: How about a c-ares 1.16 release?

I'll need to look at outstanding PRs a little harder.  And I also need to review the getaddrinfo to see how hard it would be to enable parallel queries for ipv4+ipv6.  I've just been slammed lately with work and personal life stuff to really give it the review I need to.  The primary concern is

Re: How about a c-ares 1.16 release?

I'll need to look at outstanding PRs a little harder.  And I also need to review the getaddrinfo to see how hard it would be to enable parallel queries for ipv4+ipv6.  I've just been slammed lately with work and personal life stuff to really give it the review I need to.  The primary concern is

Re: C-Ares testing

Information on running tests is here: https://github.com/c-ares/c-ares/blob/master/test/README.md This is how our auto-tests are run for every commit: https://github.com/c-ares/c-ares/blob/master/travis/test.sh On 5/13/19 4:36 PM, Jeffrey Walton wrote: Hi Everyone, I've got a really lame

Re: [RELEASE] c-ares 1.15.0

Distribute ares_android.h [11]  o ares_set_servers_csv() on failure should not leave channel in a bad state    [12]  o Add missing docs to distribution Thanks go to these friendly people for their efforts and contributions:   @afalin, Andi Schnebinger, Ben Noordhuis, Brad House, Brad Spencer,   David Hotham

Re: Time for a c-ares 1.15.0 release? (Was 1.14.1)

On 10/23/18 9:41 AM, Daniel Stenberg wrote: On Tue, 23 Oct 2018, Brad House wrote: Ok, I've done some release prep.  @Daniel Stenberg, want to verify and push? On another note, I see a new PR https://github.com/c-ares/c-ares/pull/228 recently came in,  in the last 24hrs related to bug

Re: Time for a c-ares 1.15.0 release? (Was 1.14.1)

and include it too. -Brad On 10/23/18 5:55 AM, Brad House wrote: Heh, sorry, I sent this email then we moved into our new house so time got away from me. I'll work on the release notes, and we'll go ahead and make it 1.15.0.  I should be able to get to that today or tomorrow. -Brad On 10

Re: Time for a c-ares 1.14.1 release?

not?! - but if it's to be cut from the current master then I'd prefer it to be 1.15.0. On 10/10/2018 22:21, Daniel Stenberg wrote: On Wed, 10 Oct 2018, Brad House wrote: Its been about 8 months since our last release and I think we've accumulated some good bugfixes that would justify a 1.14.1

Re: 1.14.0 release bundle doesn't contain ares_android.h

Definitely an oversight.  I also noticed that the man page for ares_library_init_android wasn't distributed.  Relevant commits: https://github.com/c-ares/c-ares/commit/cc6cd17df854530ec90f5d305c6ceb1278900736 https://github.com/c-ares/c-ares/commit/5786f6d99a3760dd5094a67eff0b6c01eaf882f4 On

Re: Wrong handling on badly formatted strings passed to set_servers_csv

-To: *c-ares hacking <c-ares@cool.haxx.se> *Date: *Sunday, 11 March 2018 at 08:29 *To: *c-ares hacking <c-ares@cool.haxx.se> *Subject: *Re: Wrong handling on badly formatted strings passed to set_servers_csv On Sat, Mar 10, 2018 at 1:03 PM, Brad House <b...@mains

Re: Wrong handling on badly formatted strings passed to set_servers_csv

Did ares_set_servers_csv() return ARES_EBADSTR as it should?  It does appear when it does that, it leaves the channel in a "bad" state since existing servers are cleared before parse. I'm not sure of any other instances where a channel might have no servers, as even in the case where it can't

Re: commit message template

No problem, I'll use that template. -Brad On 2/16/18 2:52 AM, Daniel Stenberg wrote: Hi team, I would like to propose a stricter approach on how to write commit messages in this project. I'm personally very happy with the format we use in the curl project and that's where the template below

Re: Time for a new c-ares release yet?

On 2/10/18 1:49 PM, Daniel Stenberg wrote: On Fri, 9 Feb 2018, Brad House wrote: Any thoughts on actually pushing out a new release? I'm up for it. I can do the necessary tricks to push it out the door and upload it to the site etc. How about we do it on February 15 to give everyone a few

Re: Time for a new c-ares release yet?

Alright, think all the PRs and Issues that can be addressed in short order have been. Any thoughts on actually pushing out a new release? Thanks! -Brad On 2/5/18 9:44 AM, Brad House wrote: It seems like there's been a lot of fixes for Windows and Android since our last official release.  I

Re: Time for a new c-ares release yet?

myself, the rest I'll need feedback from other devs on. On 05/02/2018 14:44, Brad House wrote: It seems like there's been a lot of fixes for Windows and Android since our last official release.  I think it might be a good idea to start release planning for another release.  Any thoughts on this or any P

Time for a new c-ares release yet?

It seems like there's been a lot of fixes for Windows and Android since our last official release.  I think it might be a good idea to start release planning for another release.  Any thoughts on this or any PRs that should be addressed first?  I think it might be good to see gjasny finish up

Re: PR: Fix computation of IPv6 blacklist mask for values of netmask > 8

those addresses definitely shouldn't be legitimate. -Brad House On 12/20/2017 12:15 PM, Brad Spencer wrote: > I've posted a pull request on GitHub to fix how the > ares_ipv6_subnet_matches() function computes its netmask. > (I've posted this notice to the mailing list as suggested by t

Re: Let's plan a new release

Sounds good to me, we've been running a snapshot of master in production which fixed a bunch of windows issues. I'll review some of the pull requests, I know I was looking at one regarding the Windows search domains earlier. Otherwise I think master is in pretty good shape. -Brad On 05/23/2017

Re: [PATCH] Portability build fix on master (not all systems have socklen_t)

Pull request made: https://github.com/c-ares/c-ares/pull/92 On 3/14/17 8:16 AM, Brad House via c-ares wrote: Sure, I've got a couple of meetings this morning, I'll do it this afternoon probably. -Brad On 3/14/17 8:07 AM, David Drysdale wrote: Hi Brad, Actually, a pull request might

Re: [PATCH] Portability build fix on master (not all systems have socklen_t)

, 2017 at 10:50 AM, Brad House via c-ares <c-ares@cool.haxx.se <mailto:c-ares@cool.haxx.se>> wrote: I didn't think this would be worthwhile for a pull request since its such a trivial patch, but there are a few places where socklen_t is used instead of ares_socklen_t

Re: reached select() limit

Why is 16 too few? Do you have more than 8-16 name servers configured? Remember, it is one fd per nameserver (or possibly 2 if it has to fall back to TCP), NOT one fd per query, as my original reply stated. The ares_getsock is what you'd use, and yes, it does have a limit of 16 fds. -Brad On

Re: reached select() limit

rlimits are already set correctly. -Brad On 1/24/17 9:16 PM, Daniel Hardman wrote: Your program should call setrlimit on startup to change the number of file descriptors. See http://unix.stackexchange.com/a/29579. On Tue, Jan 24, 2017 at 5:14 PM, Brad House via c-ares <c-ares@cool.haxx

Re: reached select() limit

I'm pretty sure c-ares just uses a single socket per nameserver, so to have more than 16 socks, you'd have to have more than 8 DNS servers (I'm assuming here that each server tries both UDP, then due to response overflow has to retry via TCP). I use c-ares with an event based system where we use

Re: [PATCH] Cmake-ify c-ares -- v2

On 10/03/2016 02:03 PM, Brad House via c-ares wrote: > On 10/03/2016 05:23 AM, Gregor Jasny wrote: >> On 29/09/2016 21:34, Gregor Jasny wrote: >>> On 29/09/2016 14:34, David Drysdale wrote: >>>> >>>> Gregor / Daniel, did you have any thoughts on th

Re: [PATCH] Cmake-ify c-ares -- v2

On 10/03/2016 05:23 AM, Gregor Jasny wrote: > On 29/09/2016 21:34, Gregor Jasny wrote: >> On 29/09/2016 14:34, David Drysdale wrote: >>> >>> Gregor / Daniel, did you have any thoughts on the CMake change? >> >> Yes, I'm reviewing it but the CVE took most of my spare time. > > I think as soon as

Re: [PATCH] Cmake-ify c-ares -- v2

On 9/30/16 3:05 PM, Daniel Stenberg wrote: On Fri, 30 Sep 2016, Brad House via c-ares wrote: Anyone have thoughts on this? It would mean less to maintain for sure with multiple build systems, with the caveat of it being hard to fix if it doesn't work in the future for some reason

Re: [PATCH] Cmake-ify c-ares -- v2

t; > Thought maybe it could help. No worries either way, > > Brady > > > > > On 9/29/16 6:14 AM, Brad House via c-ares wrote: >> On 9/28/16 9:19 AM, Brad House via c-ares wrote: >>> On 9/28/16 7:40 AM, David Drysdale wrote: >>>> Any

Re: [PATCH] Cmake-ify c-ares -- v2

On 9/28/16 7:40 AM, David Drysdale wrote: On Wed, Sep 28, 2016 at 1:09 AM, Brad House <b...@mainstreetsoftworks.com> wrote: On 9/27/16 10:26 AM, David Drysdale via c-ares wrote: On Tue, Sep 27, 2016 at 2:52 PM, Gregor Jasny via c-ares <c-ares@cool.haxx.se> wrote: Hi Brad, On 2

Re: [PATCH] Cmake-ify c-ares -- v2

On 9/27/16 9:52 AM, Gregor Jasny via c-ares wrote: Hi Brad, On 27/09/2016 13:44, Brad House via c-ares wrote: I've attached v2 of my CMake patch for c-ares. The changes are: * Sync with master (no configure-time type size checks) * Support iOS multi-arch building * Require only CMake v2.8

Re: [PATCH] Cmake-ify c-ares -- v2

On 9/27/16 10:26 AM, David Drysdale via c-ares wrote: On Tue, Sep 27, 2016 at 2:52 PM, Gregor Jasny via c-ares <c-ares@cool.haxx.se> wrote: Hi Brad, On 27/09/2016 13:44, Brad House via c-ares wrote: I've attached v2 of my CMake patch for c-ares. The changes are: * Sync with

Re: [PATCH] Cmake-ify c-ares -- v2

++). That said, I don't know if that is a show-stopper for an experimental build system distributed in parallel with the primary autotools build system. -Brad On 6/28/16 8:42 AM, Brad House wrote: I've just confirmed CMake 2.8 (tested 2.8.12.2 on Ubuntu 14.04) works fine, it doesn't appear I'm

Re: Release coming up!

On 9/25/16 12:43 PM, Daniel Stenberg wrote: On Sun, 25 Sep 2016, Brad House wrote: I should also-recap the GOAL of the patch. The goal is for MacOSX and iOS to allow multi-arch building. Right, and I'm looking beyond MacOSX and I want to completely remove the need to double compile

Re: Release coming up!

On 9/25/16 9:46 AM, Daniel Stenberg wrote: On Sun, 25 Sep 2016, Brad House wrote: The *type* detection was not modified in any way what-so-ever by my patch set. That's what I'm saying. And until we introduce a way to figure out that type in the public header, we can't remove the build-time

Re: Release coming up!

On 9/25/16 9:30 AM, Daniel Stenberg wrote: On Sat, 24 Sep 2016, Brad House wrote: The 'ares_socklen_t' seems to be a particular problem in the current ares_build.h file that sticks out. How does your suggested replacement look for that that? Can you elaborate? CARES_SIZEOF_ARES_SOCKLEN_T

Re: Release coming up!

On 09/23/2016 05:35 PM, Daniel Stenberg wrote: > On Fri, 23 Sep 2016, Brad House via c-ares wrote: > >> I'd like to re-open the discussion of the last patch I sent via this mailing >> list: "[PATCH] remove configure-time type size checks" >> >> This fixe

Re: Release coming up!

I'd like to re-open the discussion of the last patch I sent via this mailing list: "[PATCH] remove configure-time type size checks" This fixes multi-arch building for iOS and MacOSX (without requiring separate builds and using lipo to join them), and has been tested across a large number of

Re: [PATCH] remove configure-time type size checks

So, is this patch being rejected then? -Brad On 9/1/16 6:54 PM, Brad House via c-ares wrote: Hi Daniel, Based on your reply, I'm thinking you maybe didn't realize I attached a patch on the original email :) Most of the attached patch is just removal of unused defines, so if you did see

Re: [PATCH] remove configure-time type size checks

spbian arm On 9/1/16 5:39 PM, Daniel Stenberg wrote: On Thu, 1 Sep 2016, Brad House via c-ares wrote: Configure-time type size checks are a really bad idea, especially for things like Apple (MacOS, iOS) where you could be building multi-arch, where you run configure once, but the compiler,

Re: [PATCH] Cmake-ify c-ares

I've just confirmed CMake 2.8 (tested 2.8.12.2 on Ubuntu 14.04) works fine, it doesn't appear I'm depending on any v3 features, so it is safe to reduce the minimum version. -Brad On 6/28/16 7:56 AM, Brad House via c-ares wrote: Commenting below ... On 6/28/16 6:42 AM, David Drysdale via c

Re: [PATCH] Cmake-ify c-ares

Commenting below ... On 6/28/16 6:42 AM, David Drysdale via c-ares wrote: > Hi Brad, > > This seems to run pretty well -- as you say, it's vastly faster than > the ./configure variant! :) > My main concern would be that having 2 parallel build systems adds a > bit more friction to the

c-ares 1.11.0 autoconf/libtool issue

It appears there was some change made from 1.10.0 to 1.11.0 that makes c-ares incompatible with running autoreconf -iv in order to generate the configure scripts, etc. It appears you can only successfully do that by running the "buildconf" script included with c-ares now. Anyone know why

[PATCH] Fixes for disabling tests properly

The patch in master for disabling tests is not a good solution because it forces you to pass --disable-tests, rather than auto-detect if your system can support the tests in the first place. Many (most?) systems do not have C++11. This also causes issues when chain-building c-ares, the hosting

[PATCH] Disable tests at build time?

I'm trying to do some testing of c-ares. I checked out the GIT tag for the 1.11.0 release, and am testing against various OS's. However a *lot* of these do not support C++11 and it appears this is required for building, even though c-ares itself does not have any such requirement. At this

Re: Patch for fixing the slow DNS lookup issue

On 5/22/14, 1:43 AM, Lei Shi wrote: Hello, everyone This patch include two major change groups. one is fixing the dns lookup issue due to dummy dns information of a disconnected adapter(in my case is a bluetooth adapter). I changed the dns lookup policy to try GetNetworkParams first because

Re: c-ares 1.5.3 build issues/resolutions

It appears as though a manual check for AR is being performed which is infact causing issues if you want to use a different AR than exists in your path, it's always overwriting it without ever checking for the variable to have already been set. Issues? Which ones? Specifically, it did _NOT_

Re: [PATCH] Security: Validate response address, possibly related to CVE-2008-1447

An initial effort for a proper 'sreadfrom' macro was done. it outcomed that there is much more work involved than I initially estimated (HPUX main culprit). And as I already had something 'more time consuming' that should be completed before next libcurl release release (the curl_off_t stuff) I

Re: DNS Cache Poisoning vulnerability (CVE-2008-1447, VU#800113)

If I'm not mistaken, that issue was corrected in v1.4.0: Initial Patch submitted here: http://daniel.haxx.se/projects/c-ares/mail/c-ares-archive-2007-05/0013.shtml Vulnerability Announcement: http://daniel.haxx.se/projects/c-ares/mail/c-ares-archive-2007-06/0011.shtml -Brad Ravi S wrote:

Re: DNS Cache Poisoning vulnerability (CVE-2008-1447, VU#800113)

My understanding was that this particular CERT was due to a predictable source port. So the TXID being random is good, but the source port being non-random (or pseudo-random) is the problem. Right, but c-ares isn't setting the source port to anything AFAIK so it uses the random port provided