All of lore.kernel.org
 help / color / mirror / Atom feed
* [Buildroot] [git commit branch/2021.02.x] package/c-ares: security bump to version 1.17.2
@ 2021-09-07 13:53 Peter Korsgaard
  0 siblings, 0 replies; only message in thread
From: Peter Korsgaard @ 2021-09-07 13:53 UTC (permalink / raw)
  To: buildroot

commit: https://git.buildroot.net/buildroot/commit/?id=1d18c730bb6084b2158f6cc8d185f4b3cd9b527f
branch: https://git.buildroot.net/buildroot/commit/?id=refs/heads/2021.02.x

- NodeJS passes NULL for addr and 0 for addrlen to
  ares_parse_ptr_reply() on systems where malloc(0) returns NULL. This
  would cause a crash.
- If ares_getaddrinfo() was terminated by an ares_destroy(), it would
  cause a crash
- Crash in sortaddrinfo() if the list size equals 0 due to an unexpected
  DNS response
- Expand number of escaped characters in DNS replies as per RFC1035 5.1
  to prevent spoofing follow-up
- Perform validation on hostnames to prevent possible XSS due to
  applications not performing valiation themselves

https://c-ares.haxx.se/changelog.html#1_17_2

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 6be5219c4122e7844f842205f343f9006a2146ab)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
 package/c-ares/c-ares.hash | 2 +-
 package/c-ares/c-ares.mk   | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/package/c-ares/c-ares.hash b/package/c-ares/c-ares.hash
index 235b7dbc66..28657645df 100644
--- a/package/c-ares/c-ares.hash
+++ b/package/c-ares/c-ares.hash
@@ -1,5 +1,5 @@
 # Locally calculated after checking pgp signature
-sha256  d73dd0f6de824afd407ce10750ea081af47eba52b8a6cb307d220131ad93fc40  c-ares-1.17.1.tar.gz
+sha256  4803c844ce20ce510ef0eb83f8ea41fa24ecaae9d280c468c582d2bb25b3913d  c-ares-1.17.2.tar.gz
 
 # Hash for license file
 sha256  db4eb63fe09daebdf57d3f79b091bb5ee5070c0d761040e83264e648d307af4c  LICENSE.md
diff --git a/package/c-ares/c-ares.mk b/package/c-ares/c-ares.mk
index 8f200237cf..3a7c6e0298 100644
--- a/package/c-ares/c-ares.mk
+++ b/package/c-ares/c-ares.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-C_ARES_VERSION = 1.17.1
+C_ARES_VERSION = 1.17.2
 C_ARES_SITE = http://c-ares.haxx.se/download
 C_ARES_INSTALL_STAGING = YES
 C_ARES_CONF_OPTS = --with-random=/dev/urandom
_______________________________________________
buildroot mailing list
buildroot@lists.buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

^ permalink raw reply related	[flat|nested] only message in thread
only message in thread, other threads:[~2021-09-07 13:56 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-09-07 13:53 [Buildroot] [git commit branch/2021.02.x] package/c-ares: security bump to version 1.17.2 Peter Korsgaard

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.