Missing input validation of host names returned by Domain Name Servers
in the c-ares library can lead to output of wrong hostnames (leading to
Domain Hijacking).
I've just taken patch from the advisory[1] and rebased it onto 1.15.0
version.
1. 809d5e8..44c009b.patch
Fixes: CVE-2021-3672
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Full changelog at https://c-ares.haxx.se/changelog.html
Of interest:
* fixes warnings with modern gcc
* reports not found for onion addresses per RFC7686
Signed-off-by: Karl Palsson <karlp@etactica.com>
Changelog at: https://c-ares.haxx.se/changelog.html
mostly android and windows fixes, but some minor fixes for all systems.
Signed-off-by: Karl Palsson <karlp@tweak.net.au>
Full changelog available at:
https://c-ares.haxx.se/changelog.html#1_12_0
Mostly minor bugfixes and documentation improvements
Signed-off-by: Karl Palsson <karlp@etactica.com>
Signed-off-by: Karl Palsson <karlp@remake.is>
When fortify source is enabled, the c-ares configure script will abort with:
configure: CFLAGS error: CFLAGS may only be used to specify C compiler flags, not macro definitions. Use CPPFLAGS for: -D_FORTIFY_SOURCE=1
Change the OpenWrt Makefile to move any -D flags from TARGET_CFLAGS to
TARGET_CPPFLAGS in order to satisfy `configure`.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
libcares is a dependency of mosquitto, at least.
Imported existing packages makefile, updated from 1.7.4 to 1.10.0
Added License and Maintainer information
Signed-off-by: Karl Palsson <karlp@remake.is>
