packages/c-ares
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
c-ares/backport-CVE-2023-31124.patch
xinghe 5e7a75f74c fix CVE-2023-31130 CVE-2023-31124 CVE-2023-31147 
(cherry picked from commit ee7b9f0233249789e5736ddeec69ed70cd6e5452)
2023-06-12 13:37:18 +08:00

62 lines
2.5 KiB
Diff
Raw Permalink Blame History

From c4930223e51d0e3dbfd8b2a814f4be2e269e2a9d Mon Sep 17 00:00:00 2001
From: Brad House <brad@brad-house.com>
Date: Sun, 30 Apr 2023 14:53:34 -0400
Subject: [PATCH] Merge pull request from GHSA-54xr-f67r-4pc4
* CARES_RANDOM_FILE should always default to /dev/urandom
During cross-compilation, CARES_RANDOM_FILE may not be able to be appropriately
detected, therefore we should always set it to /dev/urandom and allow the
entity requesting compilation override the value. The code does appropriately
fall back if CARES_RANDOM_FILE cannot be opened.
* use set not option
Conflict: remove: "find_file(CARES_RANDOM_FILE urandom /dev)" and "find_file(CARES_RANDOM_FILE urandom /dev)"
rename: CARES_RANDOM_FILE -> RANDOM_FILE
Reference: https://github.com/c-ares/c-ares/commit/c4930223e51d0e3dbfd8b2a814f4be2e269e2a9d
---
CMakeLists.txt | 2 ++
configure.ac | 12 +-----------
2 files changed, 3 insertions(+), 11 deletions(-)
diff --git a/CMakeLists.txt b/CMakeLists.txt
index ddab7ae..2ddb1bf 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -36,6 +36,8 @@ OPTION (CARES_STATIC_PIC "Build the static library as PIC (position independent)
OPTION (CARES_BUILD_TESTS "Build and run tests" OFF)
OPTION (CARES_BUILD_CONTAINER_TESTS "Build and run container tests (implies CARES_BUILD_TESTS, Linux only)" OFF)
OPTION (CARES_BUILD_TOOLS "Build tools" ON)
+SET (RANDOM_FILE "/dev/urandom" CACHE STRING "Suitable File / Device Path for entropy, such as /dev/urandom")
+
# Tests require static to be enabled
IF (CARES_BUILD_TESTS)
diff --git a/configure.ac b/configure.ac
index 201abdf..496414b 100644
--- a/configure.ac
+++ b/configure.ac
@@ -821,17 +821,7 @@ AC_ARG_WITH(random,
AC_HELP_STRING([--with-random=FILE],
[read randomness from FILE (default=/dev/urandom)]),
[ RANDOM_FILE="$withval" ],
- [
- dnl Check for random device. If we're cross compiling, we can't
- dnl check, and it's better to assume it doesn't exist than it is
- dnl to fail on AC_CHECK_FILE or later.
- if test "$cross_compiling" = "no"; then
- AC_CHECK_FILE("/dev/urandom", [ RANDOM_FILE="/dev/urandom"] )
- else
- AC_MSG_WARN([cannot check for /dev/urandom while cross compiling; assuming none])
- fi
-
- ]
+ [ RANDOM_FILE="/dev/urandom" ]
)
if test -n "$RANDOM_FILE" && test X"$RANDOM_FILE" != Xno ; then
AC_SUBST(RANDOM_FILE)
--
2.27.0
Reference in New Issue View Git Blame Copy Permalink