From 9ed35f5f07e561477ee09873dd3a76627af271dd Mon Sep 17 00:00:00 2001 From: Toshaan Bharvani Date: Tue, 26 Nov 2024 00:25:00 +0100 Subject: [PATCH] initial package creation Signed-off-by: Toshaan Bharvani --- SOURCES/0001-Use-RPM-compiler-options.patch | 41 +++ ...ull-request-from-GHSA-mg26-v6qh-x48q.patch | 33 ++ SOURCES/LICENSE | 12 + SPECS/c-ares.spec | 326 ++++++++++++++++++ 4 files changed, 412 insertions(+) create mode 100644 SOURCES/0001-Use-RPM-compiler-options.patch create mode 100644 SOURCES/0002-Merge-pull-request-from-GHSA-mg26-v6qh-x48q.patch create mode 100644 SOURCES/LICENSE create mode 100644 SPECS/c-ares.spec diff --git a/SOURCES/0001-Use-RPM-compiler-options.patch b/SOURCES/0001-Use-RPM-compiler-options.patch new file mode 100644 index 0000000..721b713 --- /dev/null +++ b/SOURCES/0001-Use-RPM-compiler-options.patch @@ -0,0 +1,41 @@ +From 7dada62a77e061c752123e672e844386ff3b01ea Mon Sep 17 00:00:00 2001 +From: Stephen Gallagher +Date: Wed, 10 Apr 2013 12:32:44 -0400 +Subject: [PATCH] Use RPM compiler options + +--- + m4/cares-compilers.m4 | 19 ++++++------------- + 1 file changed, 6 insertions(+), 13 deletions(-) + +diff --git a/m4/cares-compilers.m4 b/m4/cares-compilers.m4 +index 7ee8e0dbe741c1a64149a0d20b826f507b3ec620..d7708230fb5628ae80fbf1052da0d2c78ebbc160 100644 +--- a/m4/cares-compilers.m4 ++++ b/m4/cares-compilers.m4 +@@ -143,19 +143,12 @@ AC_DEFUN([CARES_CHECK_COMPILER_GNU_C], [ + gccvhi=`echo $gccver | cut -d . -f1` + gccvlo=`echo $gccver | cut -d . -f2` + compiler_num=`(expr $gccvhi "*" 100 + $gccvlo) 2>/dev/null` +- flags_dbg_all="-g -g0 -g1 -g2 -g3" +- flags_dbg_all="$flags_dbg_all -ggdb" +- flags_dbg_all="$flags_dbg_all -gstabs" +- flags_dbg_all="$flags_dbg_all -gstabs+" +- flags_dbg_all="$flags_dbg_all -gcoff" +- flags_dbg_all="$flags_dbg_all -gxcoff" +- flags_dbg_all="$flags_dbg_all -gdwarf-2" +- flags_dbg_all="$flags_dbg_all -gvms" +- flags_dbg_yes="-g" +- flags_dbg_off="-g0" +- flags_opt_all="-O -O0 -O1 -O2 -O3 -Os" +- flags_opt_yes="-O2" +- flags_opt_off="-O0" ++ flags_dbg_all="" ++ flags_dbg_yes="" ++ flags_dbg_off="" ++ flags_opt_all="" ++ flags_opt_yes="" ++ flags_opt_off="" + CURL_CHECK_DEF([_WIN32], [], [silent]) + else + AC_MSG_RESULT([no]) +-- +1.8.1.4 diff --git a/SOURCES/0002-Merge-pull-request-from-GHSA-mg26-v6qh-x48q.patch b/SOURCES/0002-Merge-pull-request-from-GHSA-mg26-v6qh-x48q.patch new file mode 100644 index 0000000..011022f --- /dev/null +++ b/SOURCES/0002-Merge-pull-request-from-GHSA-mg26-v6qh-x48q.patch @@ -0,0 +1,33 @@ +From a59618566446044c1fa7f35ed349a273c48176fb Mon Sep 17 00:00:00 2001 +From: Alexey Tikhonov +Date: Mon, 11 Mar 2024 20:46:09 +0100 +Subject: [PATCH] Merge pull request from GHSA-mg26-v6qh-x48q + +Backported from +https://github.com/c-ares/c-ares/commit/a804c04ddc8245fc8adf0e92368709639125e183 +--- + src/lib/ares__read_line.c | 8 ++++++++ + 1 file changed, 8 insertions(+) + +diff --git a/src/lib/ares__read_line.c b/src/lib/ares__read_line.c +index c62ad2a..d6625a3 100644 +--- a/src/lib/ares__read_line.c ++++ b/src/lib/ares__read_line.c +@@ -49,6 +49,14 @@ int ares__read_line(FILE *fp, char **buf, size_t *bufsize) + if (!fgets(*buf + offset, bytestoread, fp)) + return (offset != 0) ? 0 : (ferror(fp)) ? ARES_EFILE : ARES_EOF; + len = offset + strlen(*buf + offset); ++ ++ /* Probably means there was an embedded NULL as the first character in ++ * the line, throw away line */ ++ if (len == 0) { ++ offset = 0; ++ continue; ++ } ++ + if ((*buf)[len - 1] == '\n') + { + (*buf)[len - 1] = 0; +-- +2.42.0 + diff --git a/SOURCES/LICENSE b/SOURCES/LICENSE new file mode 100644 index 0000000..4c1423a --- /dev/null +++ b/SOURCES/LICENSE @@ -0,0 +1,12 @@ +Copyright (C) 2004 by Daniel Stenberg et al + +Permission to use, copy, modify, and distribute this software and its +documentation for any purpose and without fee is hereby granted, provided +that the above copyright notice appear in all copies and that both that +copyright notice and this permission notice appear in supporting +documentation, and that the name of M.I.T. not be used in advertising or +publicity pertaining to distribution of the software without specific, +written prior permission. M.I.T. makes no representations about the +suitability of this software for any purpose. It is provided "as is" +without express or implied warranty. + diff --git a/SPECS/c-ares.spec b/SPECS/c-ares.spec new file mode 100644 index 0000000..6a0d763 --- /dev/null +++ b/SPECS/c-ares.spec @@ -0,0 +1,326 @@ +%global use_cmake 1 + +Summary: A library that performs asynchronous DNS operations +Name: c-ares +Version: 1.19.1 +Release: 2%{?dist} +License: MIT +URL: http://c-ares.org/ +Source0: http://c-ares.org/download/%{name}-%{version}.tar.gz +# The license can be obtained at http://c-ares.haxx.se/license.html +Source1: LICENSE +Patch0: 0001-Use-RPM-compiler-options.patch +Patch1: 0002-Merge-pull-request-from-GHSA-mg26-v6qh-x48q.patch + +BuildRequires: gcc +%if %{use_cmake} +BuildRequires: cmake +%else +BuildRequires: autoconf +BuildRequires: automake +BuildRequires: libtool +%endif +BuildRequires: make + +%description +c-ares is a C library that performs DNS requests and name resolves +asynchronously. c-ares is a fork of the library named 'ares', written +by Greg Hudson at MIT. + +%package devel +Summary: Development files for c-ares +Requires: %{name}%{?_isa} = %{version}-%{release} + +%description devel +This package contains the header files and libraries needed to +compile applications or shared objects that use c-ares. + +%prep +%autosetup -p1 + +cp %{SOURCE1} . +f=CHANGES ; iconv -f iso-8859-1 -t utf-8 $f -o $f.utf8 ; mv $f.utf8 $f + +%build +# autoreconf -if +# %%configure --enable-shared --disable-static \ +# --disable-dependency-tracking +%if %{use_cmake} +%{cmake} -DCMAKE_INSTALL_LIBDIR:PATH="%{_libdir}" -DCARES_BUILD_TOOLS:BOOL=OFF +%cmake_build +%else +autoreconf -if +%configure --enable-shared --disable-static \ + --disable-dependency-tracking +%{__make} %{?_smp_mflags} +%endif + +%install +%if %{use_cmake} +%cmake_install +%else +%make_install +rm -f $RPM_BUILD_ROOT/%{_libdir}/libcares.la +%endif + +%ldconfig_scriptlets + +%files +%license LICENSE +%doc README.cares CHANGES NEWS +%{_libdir}/*.so.* + +%files devel +%{_includedir}/ares.h +%{_includedir}/ares_build.h +%{_includedir}/ares_dns.h +%{_includedir}/ares_nameser.h +%{_includedir}/ares_rules.h +%{_includedir}/ares_version.h +%{_libdir}/*.so +%if %{use_cmake} +%{_libdir}/cmake/c-ares/ +%endif +%{_libdir}/pkgconfig/libcares.pc +%{_mandir}/man3/ares_* + +%changelog +* Mon Mar 11 2024 Alexey Tikhonov - 1.19.1-2 +- Resolves: RHEL-26529 - Out of bounds read in ares__read_line() [rhel-9] + +* Fri May 26 2023 Alexey Tikhonov - 1.19.1-1 +- Resolves: rhbz#2209564 - CVE-2023-31124 c-ares: AutoTools does not set CARES_RANDOM_FILE during cross compilation [rhel-9] +- Resolves: rhbz#2209556 - CVE-2023-31130 c-ares: Buffer Underwrite in ares_inet_net_pton() [rhel-9] +- Resolves: rhbz#2209550 - CVE-2023-31147 c-ares: Insufficient randomness in generation of DNS query IDs [rhel-9] +- Resolves: rhbz#2209520 - CVE-2023-32067 c-ares: 0-byte UDP payload Denial of Service [rhel-9.3.0] +- Resolves: rhbz#2210370 - Rebase c-ares for RHEL 9.3 + +* Fri May 12 2023 Alexey Tikhonov - 1.17.1-6 +- Resolves: rhbz#2170868 - c-ares: buffer overflow in config_sortlist() due to missing string length check [rhel-9] + +* Fri Nov 26 2021 Alexey Tikhonov - 1.17.1-5 +- Resolves: rhbz#2014523 - c-ares: missing input validation of host names may lead to Domain Hijacking [rhel-9] + +* Mon Aug 09 2021 Mohan Boddu - 1.17.1-4 +- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags + Related: rhbz#1991688 + +* Thu Apr 15 2021 Mohan Boddu - 1.17.1-3 +- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 + +* Tue Jan 26 2021 Fedora Release Engineering - 1.17.1-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + +* Fri Nov 20 2020 Tom Callaway - 1.17.1-1 +- update to 1.17.1 + +* Tue Nov 17 2020 Tom Callaway - 1.17.0-1 +- update to 1.17.0 + +* Mon Jul 27 2020 Fedora Release Engineering - 1.16.1-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + +* Mon Jul 13 2020 Tom Stellard - 1.16.1-2 +- Use make macros +- https://fedoraproject.org/wiki/Changes/UseMakeBuildInstallMacro + +* Mon May 11 2020 Tom Callaway - 1.16.1-1 +- update to 1.16.1 + +* Fri Mar 13 2020 Tom Callaway - 1.16.0-1 +- update to 1.16.0 + +* Tue Jan 28 2020 Fedora Release Engineering - 1.15.0-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild + +* Wed Jul 24 2019 Fedora Release Engineering - 1.15.0-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild + +* Tue Mar 12 2019 Tom Callaway - 1.15.0-3 +- use cmake to build so we get cmake helpers (bz1687844) + +* Thu Jan 31 2019 Fedora Release Engineering - 1.15.0-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild + +* Tue Nov 13 2018 Jakub Hrozek - 1.16.0-1 +- Update to the latest upstream + +* Mon Sep 3 2018 Jakub Hrozek - 1.14.0-1 +- Update to the latest upstream +- Resolves: rhbz#1624499 - RFE: New c-ares release 1.14.0 available + +* Thu Jul 12 2018 Fedora Release Engineering - 1.13.0-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild + +* Wed Feb 07 2018 Fedora Release Engineering - 1.13.0-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild + +* Wed Aug 02 2017 Fedora Release Engineering - 1.13.0-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild + +* Wed Jul 26 2017 Fedora Release Engineering - 1.13.0-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild + +* Tue Jun 20 2017 Jakub Hrozek - 1.13.0-1 +- update to 1.13.0 + +* Fri Feb 10 2017 Fedora Release Engineering - 1.12.0-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild + +* Thu Sep 29 2016 Tom Callaway - 1.12.0-1 +- update to 1.12.0 + +* Fri Feb 19 2016 Jakub Hrozek - 1.11.0 +- New upstream version 1.11.0 + +* Wed Feb 03 2016 Fedora Release Engineering - 1.10.0-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild + +* Wed Jun 17 2015 Fedora Release Engineering - 1.10.0-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild + +* Fri Aug 15 2014 Fedora Release Engineering - 1.10.0-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild + +* Sat Jun 07 2014 Fedora Release Engineering - 1.10.0-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild + +* Sat Aug 03 2013 Fedora Release Engineering - 1.10.0-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild + +* Mon May 13 2013 Jakub Hrozek - 1.10.1-1 +- New upstream release 1.10 +- Obsolete upstreamed patches +- Amend the multilib patch, there's no need to patch configure since we + are running autoreconf anyways +- https://raw.github.com/bagder/c-ares/cares-1_10_0/RELEASE-NOTES + +* Thu Apr 11 2013 Jakub Hrozek - 1.9.1-6 +- Apply an upstream patch to override AC_CONFIG_MACRO_DIR only conditionally + +* Thu Apr 11 2013 Jakub Hrozek - 1.9.1-5 +- Apply a patch by Stephen Gallagher to patch autoconf, not configure to + allow optflags to be passed in by build environment +- Run autoreconf before configure +- git rm obsolete patches +- Apply upstream patch to stop overriding AC_CONFIG_MACRO_DIR + +* Wed Feb 13 2013 Fedora Release Engineering - 1.9.1-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild + +* Wed Aug 8 2012 Jakub Hrozek - 1.9.1-3 +- Include URL to the license text + +* Wed Jul 18 2012 Fedora Release Engineering - 1.9.1-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + +* Mon Jun 25 2012 Tom Callaway - 1.9.1-1 +- update to 1.9.1 + +* Sat Apr 28 2012 Tom Callaway - 1.8.0-1 +- update to 1.8.0 +- fix multilib patch (thanks to Paul Howarth) + +* Thu Jan 12 2012 Fedora Release Engineering - 1.7.5-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild + +* Wed Aug 17 2011 Jakub Hrozek - 1.7.5-1 +- New upstream release 1.7.5 +- Obsoletes patch #2 +- Rebase patch #1 (optflags) to match the 1.7.5 code +- Fixed Source0 URL to point at the upstream tarball + +* Mon Apr 11 2011 Jakub Hrozek - 1.7.4-3 +- Apply upstream patch to fix rhbz#695424 + +* Tue Feb 08 2011 Fedora Release Engineering - 1.7.4-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild + +* Fri Dec 10 2010 Tom "spot" Callaway - 1.7.4-1 +- update to 1.7.4 + +* Wed Aug 25 2010 Jakub Hrozek - 1.7.3-3 +- Actually apply the patches + +* Wed Aug 25 2010 Jakub Hrozek - 1.7.3-2 +- apply couple of patches from upstream + +* Tue Jun 15 2010 Jakub Hrozek - 1.7.3-1 +- Upgrade to new upstream release 1.7.3 (obsoletes search/domain patch) +- Fix conflict of -devel packages on multilib architectures (#602880) + +* Thu Jun 3 2010 Jakub Hrozek - 1.7.1-2 +- Use last instance of search/domain, not the first one (#597286) + +* Tue Mar 23 2010 Jakub Hrozek - 1.7.1-1 +- update to 1.7.1 which contains the IPv6 nameserver patch + +* Sun Mar 7 2010 Jakub Hrozek - 1.7.0-3 +- Change IPv6 nameserver patch according to upstream changes + (upstream revisions 1199,1201,1202) + +* Wed Mar 3 2010 Jakub Hrozek - 1.7.0-2 +- Add a patch to allow usage of IPv6 nameservers + +* Tue Dec 1 2009 Tom "spot" Callaway - 1.7.0-1 +- update to 1.7.0 + +* Sat Jul 25 2009 Ville Skyttä - 1.6.0-3 +- Patch to make upstream build system honor our CFLAGS and friends. +- Don't bother building throwaway static libs. +- Disable autotools dependency tracking for cleaner build logs and possible + slight build speedup. +- Convert docs to UTF-8. +- Update URLs. + +* Fri Jul 24 2009 Fedora Release Engineering - 1.6.0-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild + +* Wed Jul 22 2009 Tom "spot" Callaway - 1.6.0-1 +- update to 1.6.0 + +* Mon Feb 23 2009 Fedora Release Engineering - 1.5.3-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild + +* Fri Sep 12 2008 Tom "spot" Callaway - 1.5.3-1 +- update to 1.5.3 + +* Tue Feb 19 2008 Fedora Release Engineering - 1.5.1-2 +- Autorebuild for GCC 4.3 + +* Tue Feb 19 2008 Tom "spot" Callaway 1.5.1-1 +- update to 1.5.1 + +* Thu Aug 23 2007 Tom "spot" Callaway 1.4.0-2 +- rebuild for ppc32 + +* Wed Jun 27 2007 Tom "spot" Callaway 1.4.0-1 +- bump to 1.4.0 (resolves bugzilla 243591) +- get rid of static library (.a) + +* Wed Jan 17 2007 Tom "spot" Callaway 1.3.2-1 +- bump to 1.3.2 + +* Mon Sep 11 2006 Tom "spot" Callaway 1.3.1-2 +- FC-6 bump + +* Mon Jul 10 2006 Tom "spot" Callaway 1.3.1-1 +- bump to 1.3.1 + +* Tue Feb 28 2006 Tom "spot" Callaway 1.3.0-2 +- bump for FC-5 rebuild + +* Sun Sep 4 2005 Tom "spot" Callaway 1.3.0-1 +- include LICENSE text +- bump to 1.3.0 + +* Tue May 31 2005 Tom "spot" Callaway 1.2.1-4 +- use dist tag to prevent EVR overlap + +* Fri Apr 22 2005 Tom "spot" Callaway 1.2.1-2 +- fix license (MIT, not LGPL) +- get rid of libcares.la + +* Fri Apr 22 2005 Tom "spot" Callaway 1.2.1-1 +- initial package creation +