diff options
author | robot-contrib <robot-contrib@yandex-team.com> | 2024-11-12 04:41:48 +0300 |
---|---|---|
committer | robot-contrib <robot-contrib@yandex-team.com> | 2024-11-12 04:53:58 +0300 |
commit | 18b18c79e00cbe11bf0ec82039f1bddbb2c19681 (patch) | |
tree | 1b6cebe27d564b429744a96cb8842e306a5d79d0 /contrib/libs/c-ares | |
parent | 9632e4fecfdc42cd6b3cb58f05676e3a5dbcf043 (diff) | |
download | ydb-18b18c79e00cbe11bf0ec82039f1bddbb2c19681.tar.gz |
Update contrib/libs/c-ares to 1.34.3
commit_hash:a4dc6127c1976aed745669af6ede1483b05f9686
Diffstat (limited to 'contrib/libs/c-ares')
-rw-r--r-- | contrib/libs/c-ares/.yandex_meta/override.nix | 4 | ||||
-rw-r--r-- | contrib/libs/c-ares/RELEASE-NOTES.md | 31 | ||||
-rw-r--r-- | contrib/libs/c-ares/RELEASE-PROCEDURE.md | 23 | ||||
-rw-r--r-- | contrib/libs/c-ares/include/ares_version.h | 4 | ||||
-rw-r--r-- | contrib/libs/c-ares/src/lib/ares_getaddrinfo.c | 34 | ||||
-rw-r--r-- | contrib/libs/c-ares/src/lib/ares_process.c | 55 | ||||
-rw-r--r-- | contrib/libs/c-ares/src/lib/ares_send.c | 5 | ||||
-rw-r--r-- | contrib/libs/c-ares/src/lib/event/ares_event_thread.c | 8 | ||||
-rw-r--r-- | contrib/libs/c-ares/ya.make | 4 |
9 files changed, 138 insertions, 30 deletions
diff --git a/contrib/libs/c-ares/.yandex_meta/override.nix b/contrib/libs/c-ares/.yandex_meta/override.nix index 5b0c26de95..2707dd05f6 100644 --- a/contrib/libs/c-ares/.yandex_meta/override.nix +++ b/contrib/libs/c-ares/.yandex_meta/override.nix @@ -1,11 +1,11 @@ pkgs: attrs: with pkgs; with attrs; rec { - version = "1.34.2"; + version = "1.34.3"; src = fetchFromGitHub { owner = "c-ares"; repo = "c-ares"; rev= "v${version}"; - hash = "sha256-KGNOc3l+bWifWFnBOLtL0ASJTuYayBOAE6g6gNsl5xk="; + hash = "sha256-vCVS0kr/l6iRVWRnRM+J8aWheDEqEVVekjF8f4Naj/0="; }; patches = []; diff --git a/contrib/libs/c-ares/RELEASE-NOTES.md b/contrib/libs/c-ares/RELEASE-NOTES.md index cbd4788600..f9d58d2784 100644 --- a/contrib/libs/c-ares/RELEASE-NOTES.md +++ b/contrib/libs/c-ares/RELEASE-NOTES.md @@ -1,3 +1,34 @@ +## c-ares version 1.34.3 - November 9 2024 + +This is a bugfix release. + +Changes: +* Build the release package in an automated way so we can provide + provenance as per [SLSA3](https://slsa.dev/). + [PR #906](https://github.com/c-ares/c-ares/pull/906) + +Bugfixes: +* Some upstream servers are non-compliant with EDNS options, resend queries + without EDNS. [Issue #911](https://github.com/c-ares/c-ares/issues/911) +* Android: <=7 needs sys/system_properties.h + [a70637c](https://github.com/c-ares/c-ares/commit/a70637c) +* Android: CMake needs `-D_GNU_SOURCE` and others. + [PR #915](https://github.com/c-ares/c-ares/pull/914) +* TSAN warns on missing lock, but lock isn't actually necessary. + [PR #915](https://github.com/c-ares/c-ares/pull/915) +* `ares_getaddrinfo()` for `AF_UNSPEC` should retry IPv4 if only IPv6 is + received. [765d558](https://github.com/c-ares/c-ares/commit/765d558) +* `ares_send()` shouldn't return `ARES_EBADRESP`, its `ARES_EBADQUERY`. + [91519e7](https://github.com/c-ares/c-ares/commit/91519e7) +* Fix typos in man pages. [PR #905](https://github.com/c-ares/c-ares/pull/905) + +Thanks go to these friendly people for their efforts and contributions for this +release: + +* Brad House (@bradh352) +* Jiwoo Park (@jimmy-park) + + ## c-ares version 1.34.2 - October 15 2024 This release contains a fix for downstream packages detecting the c-ares diff --git a/contrib/libs/c-ares/RELEASE-PROCEDURE.md b/contrib/libs/c-ares/RELEASE-PROCEDURE.md index c686a9f97b..eb6d17958e 100644 --- a/contrib/libs/c-ares/RELEASE-PROCEDURE.md +++ b/contrib/libs/c-ares/RELEASE-PROCEDURE.md @@ -17,7 +17,7 @@ in the source code repo not a commit which may be shared across this branch and `main`. Create the branch like: ``` -BRANCH=1.32 +BRANCH=1.35 git pull && \ git checkout main && \ git checkout -b v${BRANCH} main && \ @@ -29,23 +29,18 @@ git push -u origin v${BRANCH} Major version number, `Y` is the minor version number, and `Z` is the release. This tag needs to be created from the release branch, for example: ``` -BRANCH=1.32 -RELEASE=1.32.0 +BRANCH=1.35 +RELEASE=1.35.0 git checkout v${BRANCH} && \ git pull && \ git tag -s v${RELEASE} -m 'c-ares release v${RELEASE}' v${BRANCH} && \ git push origin --tags ``` -- Create the release tarball using `make dist`, it is best to check out the - specific tag fresh and build from that: +- When a tag is created, it will spawn off a github action to generate a new + draft release based on this workflow: [package.yml](https://github.com/c-ares/c-ares/blob/main/.github/workflows/package.yml). + Wait for this workflow to complete then fetch the generated source tarball: ``` -RELEASE=1.32.0 -git clone --depth 1 --branch v${RELEASE} https://github.com/c-ares/c-ares c-ares-${RELEASE} && \ -cd c-ares-${RELEASE} && \ -autoreconf -fi && \ -./configure && \ -make && \ -make dist VERSION=${RELEASE} +wget https://github.com/c-ares/c-ares/releases/download/v${RELEASE}/c-ares-${RELEASE}.tar.gz ``` - GPG sign the release with a detached signature. Valid signing keys are currently: - Daniel Stenberg <daniel@haxx.se> - 27EDEAF22F3ABCEB50DB9A125CC908FDB71E12C2 @@ -53,8 +48,8 @@ make dist VERSION=${RELEASE} ``` gpg -ab c-ares-${RELEASE}.tar.gz ``` -- Create a new release on GitHub using the `RELEASE-NOTES.md` as the body. - Upload the generated tarball and signature as an artifact. +- Upload the generated `c-ares-${RELEASE}.tar.gz.asc` signature as a release + asset, then unmark the release as being a draft. in the c-ares-www repo ---------------------- diff --git a/contrib/libs/c-ares/include/ares_version.h b/contrib/libs/c-ares/include/ares_version.h index d7a9c9e61e..9cb8084dd5 100644 --- a/contrib/libs/c-ares/include/ares_version.h +++ b/contrib/libs/c-ares/include/ares_version.h @@ -32,8 +32,8 @@ #define ARES_VERSION_MAJOR 1 #define ARES_VERSION_MINOR 34 -#define ARES_VERSION_PATCH 2 -#define ARES_VERSION_STR "1.34.2" +#define ARES_VERSION_PATCH 3 +#define ARES_VERSION_STR "1.34.3" /* NOTE: We cannot make the version string a C preprocessor stringify operation * due to assumptions made by integrators that aren't properly using diff --git a/contrib/libs/c-ares/src/lib/ares_getaddrinfo.c b/contrib/libs/c-ares/src/lib/ares_getaddrinfo.c index 09d34d3378..32791dc37d 100644 --- a/contrib/libs/c-ares/src/lib/ares_getaddrinfo.c +++ b/contrib/libs/c-ares/src/lib/ares_getaddrinfo.c @@ -481,6 +481,18 @@ static void terminate_retries(const struct host_query *hquery, query->no_retries = ARES_TRUE; } +static ares_bool_t ai_has_ipv4(struct ares_addrinfo *ai) +{ + struct ares_addrinfo_node *node; + + for (node = ai->nodes; node != NULL; node = node->ai_next) { + if (node->ai_family == AF_INET) { + return ARES_TRUE; + } + } + return ARES_FALSE; +} + static void host_callback(void *arg, ares_status_t status, size_t timeouts, const ares_dns_record_t *dnsrec) { @@ -496,7 +508,27 @@ static void host_callback(void *arg, ares_status_t status, size_t timeouts, addinfostatus = ares_parse_into_addrinfo(dnsrec, ARES_TRUE, hquery->port, hquery->ai); } - if (addinfostatus == ARES_SUCCESS) { + + /* We sent out ipv4 and ipv6 requests simultaneously. If we got a + * successful ipv4 response, we want to go ahead and tell the ipv6 request + * that if it fails or times out to not try again since we have the data + * we need. + * + * Our initial implementation of this would terminate retries if we got any + * successful response (ipv4 _or_ ipv6). But we did get some user-reported + * issues with this that had bad system configs and odd behavior: + * https://github.com/alpinelinux/docker-alpine/issues/366 + * + * Essentially the ipv6 query succeeded but the ipv4 query failed or timed + * out, and so we only returned the ipv6 address, but the host couldn't + * use ipv6. If we continued to allow ipv4 retries it would have found a + * server that worked and returned both address classes (this is clearly + * unexpected behavior). + * + * At some point down the road if ipv6 actually becomes required and + * reliable we can drop this ipv4 check. + */ + if (addinfostatus == ARES_SUCCESS && ai_has_ipv4(hquery->ai)) { terminate_retries(hquery, ares_dns_record_get_id(dnsrec)); } } diff --git a/contrib/libs/c-ares/src/lib/ares_process.c b/contrib/libs/c-ares/src/lib/ares_process.c index 62a6ae1dda..3d186ea9d5 100644 --- a/contrib/libs/c-ares/src/lib/ares_process.c +++ b/contrib/libs/c-ares/src/lib/ares_process.c @@ -650,6 +650,51 @@ done: return status; } +static ares_bool_t issue_might_be_edns(const ares_dns_record_t *req, + const ares_dns_record_t *rsp) +{ + const ares_dns_rr_t *rr; + + /* If we use EDNS and server answers with FORMERR without an OPT RR, the + * protocol extension is not understood by the responder. We must retry the + * query without EDNS enabled. */ + if (ares_dns_record_get_rcode(rsp) != ARES_RCODE_FORMERR) { + return ARES_FALSE; + } + + rr = ares_dns_get_opt_rr_const(req); + if (rr == NULL) { + /* We didn't send EDNS */ + return ARES_FALSE; + } + + if (ares_dns_get_opt_rr_const(rsp) == NULL) { + /* Spec says EDNS won't be echo'd back on non-supporting servers, so + * retry without EDNS */ + return ARES_TRUE; + } + + /* As per issue #911 some non-compliant servers that do indeed support EDNS + * but don't support unrecognized option codes exist. At this point we + * expect them to have also returned an EDNS opt record, but we may remove + * that check in the future. Lets detect this situation if we're sending + * option codes */ + if (ares_dns_rr_get_opt_cnt(rr, ARES_RR_OPT_OPTIONS) == 0) { + /* We didn't send any option codes */ + return ARES_FALSE; + } + + if (ares_dns_get_opt_rr_const(rsp) != NULL) { + /* At this time we're requiring the server to respond with EDNS opt + * records since that's what has been observed in the field. We might + * find in the future we have to remove this, who knows. Lets go + * ahead and force a retry without EDNS*/ + return ARES_TRUE; + } + + return ARES_FALSE; +} + /* Handle an answer from a server. This must NEVER cleanup the * server connection! Return something other than ARES_SUCCESS to cause * the connection to be terminated after this call. */ @@ -713,12 +758,10 @@ static ares_status_t process_answer(ares_channel_t *channel, ares_llist_node_destroy(query->node_queries_to_conn); query->node_queries_to_conn = NULL; - /* If we use EDNS and server answers with FORMERR without an OPT RR, the - * protocol extension is not understood by the responder. We must retry the - * query without EDNS enabled. */ - if (ares_dns_record_get_rcode(rdnsrec) == ARES_RCODE_FORMERR && - ares_dns_get_opt_rr_const(query->query) != NULL && - ares_dns_get_opt_rr_const(rdnsrec) == NULL) { + /* There are old servers that don't understand EDNS at all, then some servers + * that have non-compliant implementations. Lets try to detect this sort + * of thing. */ + if (issue_might_be_edns(query->query, rdnsrec)) { status = rewrite_without_edns(query); if (status != ARES_SUCCESS) { end_query(channel, server, query, status, NULL); diff --git a/contrib/libs/c-ares/src/lib/ares_send.c b/contrib/libs/c-ares/src/lib/ares_send.c index ca178a1741..6efa9580b2 100644 --- a/contrib/libs/c-ares/src/lib/ares_send.c +++ b/contrib/libs/c-ares/src/lib/ares_send.c @@ -153,6 +153,11 @@ ares_status_t ares_send_nolock(ares_channel_t *channel, ares_server_t *server, /* Duplicate Query */ status = ares_dns_record_duplicate_ex(&query->query, dnsrec); if (status != ARES_SUCCESS) { + /* Sometimes we might get a EBADRESP response from duplicate due to + * the way it works (write and parse), rewrite it to EBADQUERY. */ + if (status == ARES_EBADRESP) { + status = ARES_EBADQUERY; + } ares_free(query); callback(arg, status, 0, NULL); return status; diff --git a/contrib/libs/c-ares/src/lib/event/ares_event_thread.c b/contrib/libs/c-ares/src/lib/event/ares_event_thread.c index 24b55d6945..d59b7880a4 100644 --- a/contrib/libs/c-ares/src/lib/event/ares_event_thread.c +++ b/contrib/libs/c-ares/src/lib/event/ares_event_thread.c @@ -354,14 +354,16 @@ static void *ares_event_thread(void *arg) ares_process_pending_write(e->channel); } + /* Relock before we loop again */ + ares_thread_mutex_lock(e->mutex); + /* Each iteration should do timeout processing and any other cleanup * that may not have been performed */ if (e->isup) { + ares_thread_mutex_unlock(e->mutex); ares_process_fds(e->channel, NULL, 0, ARES_PROCESS_FLAG_NONE); + ares_thread_mutex_lock(e->mutex); } - - /* Relock before we loop again */ - ares_thread_mutex_lock(e->mutex); } /* Lets cleanup while we're in the thread itself */ diff --git a/contrib/libs/c-ares/ya.make b/contrib/libs/c-ares/ya.make index 80562018e2..563e13e08e 100644 --- a/contrib/libs/c-ares/ya.make +++ b/contrib/libs/c-ares/ya.make @@ -12,9 +12,9 @@ LICENSE( LICENSE_TEXTS(.yandex_meta/licenses.list.txt) -VERSION(1.34.2) +VERSION(1.34.3) -ORIGINAL_SOURCE(https://github.com/c-ares/c-ares/archive/v1.34.2.tar.gz) +ORIGINAL_SOURCE(https://github.com/c-ares/c-ares/archive/v1.34.3.tar.gz) PEERDIR( contrib/libs/libc_compat |