Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package c-ares for openSUSE:Factory checked in at 2021-08-16 10:08:59 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/c-ares (Old) and /work/SRC/openSUSE:Factory/.c-ares.new.1899 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "c-ares" Mon Aug 16 10:08:59 2021 rev:13 rq:911845 version:1.17.2 Changes: -------- --- /work/SRC/openSUSE:Factory/c-ares/c-ares.changes 2021-01-19 16:00:39.955241349 +0100 +++ /work/SRC/openSUSE:Factory/.c-ares.new.1899/c-ares.changes 2021-08-16 10:13:53.234933252 +0200 @@ -1,0 +2,27 @@ +Thu Aug 12 13:59:07 UTC 2021 - Adam Majer <adam.ma...@suse.de> + +- update to 1.17.2: + Security: + * When building c-ares with CMake, the RANDOM_FILE would not be set + and therefore downgrade to the less secure random number generator + * If ares_getaddrinfo() was terminated by an ares_destroy(), + it would cause a crash + * Crash in sortaddrinfo() if the list size equals 0 due to + an unexpected DNS response + * Expand number of escaped characters in DNS replies as per + RFC1035 5.1 to prevent spoofing follow-up + (bsc#1188881, CVE-2021-3672) + * Perform validation on hostnames to prevent possible XSS + due to applications not performing valiation themselves + + Changes: + * ares_malloc(0) is now defined behavior (returns NULL) rather than system-specific to catch edge cases + + Bug fixes: + * Building tests should not force building of static libraries except on Windows + * Relative headers must use double quotes to prevent pulling in a system library + +for details see, +https://c-ares.haxx.se/changelog.html#1_17_2 + +------------------------------------------------------------------- Old: ---- c-ares-1.17.1.tar.gz c-ares-1.17.1.tar.gz.asc New: ---- c-ares-1.17.2.tar.gz c-ares-1.17.2.tar.gz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ c-ares.spec ++++++ --- /var/tmp/diff_new_pack.vM9Ga3/_old 2021-08-16 10:13:53.662932706 +0200 +++ /var/tmp/diff_new_pack.vM9Ga3/_new 2021-08-16 10:13:53.666932701 +0200 @@ -41,7 +41,7 @@ %endif Name: %{pname} -Version: 1.17.1 +Version: 1.17.2 Release: 0 Summary: Library for asynchronous name resolves License: MIT @@ -131,7 +131,7 @@ %check pushd build %cmake_build -C test -./bin/arestest +LD_LIBRARY_PATH=.%_libdir:./%_lib ./bin/arestest %endif %if !%{with tests} ++++++ c-ares-1.17.1.tar.gz -> c-ares-1.17.2.tar.gz ++++++ ++++ 6952 lines of diff (skipped)
