Overview

File CVE-2023-31124.patch of Package libcares2.29101

ported from

commit c4930223e51d0e3dbfd8b2a814f4be2e269e2a9d
Author: Brad House <brad@brad-house.com>
Date:   Sun Apr 30 14:53:34 2023 -0400

    Merge pull request from GHSA-54xr-f67r-4pc4
    
    * CARES_RANDOM_FILE should always default to /dev/urandom
    
    During cross-compilation, CARES_RANDOM_FILE may not be able to be appropriately
    detected, therefore we should always set it to /dev/urandom and allow the
    entity requesting compilation override the value.  The code does appropriately
    fall back if CARES_RANDOM_FILE cannot be opened.
    
    * use set not option

Index: c-ares-1.9.1/configure.ac
===================================================================
--- c-ares-1.9.1.orig/configure.ac
+++ c-ares-1.9.1/configure.ac
@@ -815,17 +815,7 @@ AC_ARG_WITH(random,
 AC_HELP_STRING([--with-random=FILE],
                [read randomness from FILE (default=/dev/urandom)]),
     [ RANDOM_FILE="$withval" ],
-    [
-        dnl Check for random device.  If we're cross compiling, we can't
-        dnl check, and it's better to assume it doesn't exist than it is
-        dnl to fail on AC_CHECK_FILE or later.
-        if test "$cross_compiling" = "no"; then
-          AC_CHECK_FILE("/dev/urandom", [ RANDOM_FILE="/dev/urandom"] )
-        else
-          AC_MSG_WARN([cannot check for /dev/urandom while cross compiling; assuming none])
-        fi
-        
-    ]
+    [ RANDOM_FILE="/dev/urandom" ]
 )
 if test -n "$RANDOM_FILE" && test X"$RANDOM_FILE" != Xno ; then
         AC_SUBST(RANDOM_FILE)
openSUSE Build Service is sponsored by
Places