Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

c-ares: bump to 1.19.1 #21374

Merged
merged 1 commit into from
Jun 22, 2023
Merged

c-ares: bump to 1.19.1 #21374

merged 1 commit into from
Jun 22, 2023

Conversation

nxhack
Copy link
Contributor

@nxhack nxhack commented Jun 15, 2023
edited
Loading

Maintainer: @karlp
Compile tested: head, aarch64, arm, i386, mipsel, x86_64
Run tested: aarch64 (qemu 8.0.2)

Description:
This is a security and bugfix release.

Security
o CVE-2023-32067. High. 0-byte UDP payload causes Denial of Service
o CVE-2023-31147. Moderate. Insufficient randomness in generation of DNS
query IDs
o CVE-2023-31130. Moderate. Buffer Underwrite in ares_inet_net_pton()
o CVE-2023-31124. Low. AutoTools does not set CARES_RANDOM_FILE during cross
compilation

Fixing libcares.pc
The pkg-config file libcares.pc in version 1.19.1 has been changed to be unsuitable for OpenWrt
and causes build errors with Openwrt packages that use libcares.
For this reason, libcares.pc was replaced.

@nxhack
c-ares: bump to 1.19.1
180aac2 
This is a security and bugfix release.

Security
o CVE-2023-32067. High. 0-byte UDP payload causes Denial of Service
o CVE-2023-31147. Moderate. Insufficient randomness in generation of DNS
query IDs
o CVE-2023-31130. Moderate. Buffer Underwrite in ares_inet_net_pton()
o CVE-2023-31124. Low. AutoTools does not set CARES_RANDOM_FILE during cross
compilation

Fixing libcares.pc
 The pkg-config file libcares.pc in version 1.19.1 has been changed to be unsuitable for OpenWrt
 and causes build errors with Openwrt packages that use libcares.
 For this reason, libcares.pc was replaced.

Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
@1715173329
Copy link
Member

ping @karlp

@karlp
Copy link
Contributor

karlp commented Jun 21, 2023

I'm between roles right now, earliest I'll get to my earlier process of run testing c-ares updates is early next week, I'd hoped sooner. If it builds, and someone has run tested it, it's fine by me. (I only tangentially maintain this as a dependency of mosquitto)

@1715173329
Copy link
Member

@nxhack tested it already so maybe it's fine to merge.

@nxhack
Copy link
Contributor Author

nxhack commented Jun 21, 2023

@karlp @1715173329
I have confirmed that mosquitto and node.js can be built successfully and that it works.

@BKPepe BKPepe merged commit 4c4d3b9 into openwrt:master Jun 22, 2023
@nxhack nxhack deleted the cares-1191 branch June 24, 2023 05:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@1715173329 1715173329 1715173329 approved these changes

@BKPepe BKPepe BKPepe approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@nxhack @1715173329 @karlp @BKPepe