c-ares: Fix CVEs
cherry-picks from OpenWrt 22.03 branch
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┓
commit 0abbfe1e1041cb5dec3b5f6bec6e3390136bdfd8 ┃
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┻━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
Author: Hirokazu MORIKAWA <morikw2@gmail.com>
Date: Thu Jun 15 15:49:25 2023 +0900
c-ares: bump to 1.19.1
This is a security and bugfix release.
Security
o CVE-2023-32067. High. 0-byte UDP payload causes Denial of Service
o CVE-2023-31147. Moderate. Insufficient randomness in generation of DNS<U+2028>query IDs
o CVE-2023-31130. Moderate. Buffer Underwrite in ares_inet_net_pton()
o CVE-2023-31124. Low. AutoTools does not set CARES_RANDOM_FILE during cross<U+2028>compilation
Fixing libcares.pc
The pkg-config file libcares.pc in version 1.19.1 has been changed to be unsuitable for OpenWrt
and causes build errors with Openwrt packages that use libcares.
For this reason, libcares.pc was replaced.
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
(cherry picked from commit 4c4d3b900197785292ef92055effcccd7f3b805b)
(cherry picked from commit e061716ae08e57e825cb50a07ba3e2afc833617d)
Signed-off-by: Andreas Gnau <andreas.gnau@iopsys.eu>
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┓
commit 9ce2c27bc7805f8061ca871624c617fbf7f101a7 ┃
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┻━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
Author: Karl Palsson <karlp@etactica.com>
Date: Tue Nov 9 09:16:59 2021 +0000
c-ares: bump to 1.18.1
Changelog: https://lists.haxx.se/pipermail/c-ares/2021-October/000002.html
This includes the update to the domain name, made upstream, ref: https://lists.haxx.se/pipermail/>
Signed-off-by: Karl Palsson <karlp@etactica.com>
(cherry picked from commit 60e60fc38f26ef3397411488dfe4a1117f04592a)
Signed-off-by: Andreas Gnau <andreas.gnau@iopsys.eu>Edited by Andreas Gnau