From c4930223e51d0e3dbfd8b2a814f4be2e269e2a9d Mon Sep 17 00:00:00 2001
From: Brad House <brad@brad-house.com>
Date: Sun, 30 Apr 2023 14:53:34 -0400
Subject: [PATCH] Merge pull request from GHSA-54xr-f67r-4pc4

* CARES_RANDOM_FILE should always default to /dev/urandom

During cross-compilation, CARES_RANDOM_FILE may not be able to be appropriately
detected, therefore we should always set it to /dev/urandom and allow the
entity requesting compilation override the value.  The code does appropriately
fall back if CARES_RANDOM_FILE cannot be opened.

* use set not option

Conflict: remove: "find_file(CARES_RANDOM_FILE urandom /dev)" and "find_file(CARES_RANDOM_FILE urandom /dev)"
rename: CARES_RANDOM_FILE -> RANDOM_FILE
Reference: https://github.com/c-ares/c-ares/commit/c4930223e51d0e3dbfd8b2a814f4be2e269e2a9d
---
 CMakeLists.txt |  2 ++
 configure.ac   | 12 +-----------
 2 files changed, 3 insertions(+), 11 deletions(-)

diff --git a/CMakeLists.txt b/CMakeLists.txt
index ddab7ae..2ddb1bf 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -36,6 +36,8 @@ OPTION (CARES_STATIC_PIC "Build the static library as PIC (position independent)
 OPTION (CARES_BUILD_TESTS "Build and run tests"                                                  OFF)
 OPTION (CARES_BUILD_CONTAINER_TESTS "Build and run container tests (implies CARES_BUILD_TESTS, Linux only)" OFF)
 OPTION (CARES_BUILD_TOOLS "Build tools"                                                          ON)
+SET    (RANDOM_FILE "/dev/urandom" CACHE STRING "Suitable File / Device Path for entropy, such as /dev/urandom")
+
 
 # Tests require static to be enabled
 IF (CARES_BUILD_TESTS)
diff --git a/configure.ac b/configure.ac
index 201abdf..496414b 100644
--- a/configure.ac
+++ b/configure.ac
@@ -821,17 +821,7 @@ AC_ARG_WITH(random,
 AC_HELP_STRING([--with-random=FILE],
                [read randomness from FILE (default=/dev/urandom)]),
     [ RANDOM_FILE="$withval" ],
-    [
-        dnl Check for random device.  If we're cross compiling, we can't
-        dnl check, and it's better to assume it doesn't exist than it is
-        dnl to fail on AC_CHECK_FILE or later.
-        if test "$cross_compiling" = "no"; then
-          AC_CHECK_FILE("/dev/urandom", [ RANDOM_FILE="/dev/urandom"] )
-        else
-          AC_MSG_WARN([cannot check for /dev/urandom while cross compiling; assuming none])
-        fi
-        
-    ]
+    [ RANDOM_FILE="/dev/urandom" ]
 )
 if test -n "$RANDOM_FILE" && test X"$RANDOM_FILE" != Xno ; then
         AC_SUBST(RANDOM_FILE)
-- 
2.27.0