Cc: Maintainer
c-ares released version 1.19.1 yesterday, fixing
o CVE-2023-32067. High. 0-byte UDP payload causes Denial of Service [12]
o CVE-2023-31147. Moderate. Insufficient randomness in generation of DNS
query IDs [13]
o CVE-2023-31130. Moderate. Buffer Underwrite in ares_inet_net_pton() [14]
o CVE-2023-31124. Low. AutoTools does not set CARES_RANDOM_FILE during cross
compilation [15]
Full changelog:
https://c-ares.org/changelog.html
Most tests pass on amd64 with PRIVSEP enabled, failing tests appear to
be due to missing network access, see
https://github.com/c-ares/c-ares/issues/337
Index: Makefile
===================================================================
RCS file: /cvs/ports/net/libcares/Makefile,v
retrieving revision 1.24
diff -u -p -r1.24 Makefile
--- Makefile 9 Apr 2023 06:16:31 -0000 1.24
+++ Makefile 23 May 2023 19:38:11 -0000
@@ -1,12 +1,12 @@
COMMENT= asynchronous resolver library
-V= 1.19.0
+V= 1.19.1
DISTNAME= c-ares-${V}
PKGNAME= libcares-${V}
CATEGORIES= net devel
MASTER_SITES= ${HOMEPAGE}download/
-SHARED_LIBS += cares 3.3 # 6.3
+SHARED_LIBS += cares 3.4 # 8.1.6
HOMEPAGE= https://c-ares.haxx.se/
Index: distinfo
===================================================================
RCS file: /cvs/ports/net/libcares/distinfo,v
retrieving revision 1.13
diff -u -p -r1.13 distinfo
--- distinfo 9 Apr 2023 06:16:31 -0000 1.13
+++ distinfo 23 May 2023 19:38:11 -0000
@@ -1,2 +1,2 @@
-SHA256 (c-ares-1.19.0.tar.gz) = v866N+I/1TEpOCkALKwEAe9JptxVkj9/kiNlhbetHdM=
-SIZE (c-ares-1.19.0.tar.gz) = 1572210
+SHA256 (c-ares-1.19.1.tar.gz) = MhcAOZty7Q4DfQB0xinndB9rLsLdqSlWq+PpZx0+Jo4=
+SIZE (c-ares-1.19.1.tar.gz) = 1579100
