| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
c-ares is a C library for asynchronous DNS requests.
`ares__read_line()` is used to parse local configuration
files such as `/etc/resolv.conf`, `/etc/nsswitch.conf`,
the `HOSTALIASES` file, and if using a c-ares version
prior to 1.27.0, the `/etc/hosts` file. If any of these
configuration files has an embedded `NULL` character as
the first character in a new line, it can lead to
attempting to read memory prior to the start of the given
buffer which may result in a crash. This issue is fixed
in c-ares 1.27.0. No known workarounds exist.
References:
https://nvd.nist.gov/vuln/detail/CVE-2024-25629
https://github.com/c-ares/c-ares/security/advisories/GHSA-mg26-v6qh-x48q
https://security-tracker.debian.org/tracker/CVE-2024-25629
Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
- The c-ares commit https://github.com/c-ares/c-ares/commit/9903253c347f
(Add str len check in config_sortlist to avoid stack overflow),
fixes the CVE-2022-4904 instead of CVE-2022-4415
https://security-tracker.debian.org/tracker/CVE-2022-4904
- CVE-ID inside the CVE-2022-4904.patch is wrong
in the OE commit[092e125f44f6]
- Hence corrected the CVE-ID in CVE-2022-4904.patch
Signed-off-by: Shinu Chandran <shinucha@cisco.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
| |
Backported from https://github.com/c-ares/c-ares/commit/823df3b989e59465d17b0a2eb1239a5fc048b4e5
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
CVE-2023-31124 applies only when cross-compiling using autotools.
Yocto cross-compiles via cmake which is also listed as official workaround.
See:
* https://nvd.nist.gov/vuln/detail/CVE-2023-31124
* https://github.com/c-ares/c-ares/security/advisories/GHSA-54xr-f67r-4pc4
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
Fix below CVE:
1)CVE-2023-32067 c-ares: 0-byte UDP payload Denial of Service.
2)CVE-2023-31130 c-ares: Buffer Underwrite in ares_inet_net_pton().
Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
| |
Backport based on https://github.com/c-ares/c-ares/issues/496
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
This patch updates SRC_URIs using git to include branch=master if no branch is set
and also to use protocol=https for github urls as generated by the conversion script
in OE-Core.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
c-ares version 1.18.1 - Oct 27 2021
Bug fixes:
ares_getaddrinfo() would return ai_addrlen of 16 for ipv6 adddresses
rather than the sizeof(struct sockaddr_in6)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Current patch is breaking the library dependencies added by cmake
especially when you are static linking.
Applications need the ws2_32 library to be linked for mingw32
and with the existing patch this is not getting passed to the users.
Current patch seems to address this issue:
https://github.com/c-ares/c-ares/issues/373
Both issues are resolved in 1.17.2:
1.17.2-r0/git $ find . | grep c-ares-config.cmake.in
./c-ares-config.cmake.in
1.17.2-r0/git $ find . | grep libcares.pc.cmake
./libcares.pc.cmake
Signed-off-by: Sinan Kaya <okaya@kernel.org>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
This is the result of automated script (0.9.1) conversion:
oe-core/scripts/contrib/convert-overrides.py .
converting the metadata to use ":" as the override character instead of "_".
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
| |
|
|
|
|
|
| |
Forward port cmake-install-libcares.pc.patch, drop the need to install
pkgconfig files as its already being done by main Makefile
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
add 0001-fix-configure-error-mv-libcares.pc.cmakein-to-libcar.patch
to fix error of do_configure
refresh cmake-install-libcares.pc.patch
Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
|
* nodejs from meta-oe depends on this since:
commit 76dd3dac1f1e67a5c44ad732b8e827cc36ded641
Author: André Draszik <git@andred.net>
Date: Tue Oct 29 16:42:24 2019 +0000
nodejs: allow use of system c-ares (and make default)
Use system c-ares via PACKAGECONFIG by default. So far,
nodejs had been built using its embedded copy of c-ares,
which we generally try to avoid, for the known reasons
(independent updates, cve & license checks, etc).
Notes:
* otherwise nodejs uses its bundled version of c-ares
* the PACKAGECONFIG variable is 'ares' so as to be in
line with other uses of this (wget & curl recipes in
OE core)
Signed-off-by: André Draszik <git@andred.net>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
