- Update to version 1.19.1

Security:
  * CVE-2023-32067. High. 0-byte UDP payload causes Denial of Service
    (bsc#1211604)
  * CVE-2023-31147 Moderate. Insufficient randomness in generation
    of DNS query IDs (bsc#1211605)
  * CVE-2023-31130. Moderate. Buffer Underwrite in
    ares_inet_net_pton() (bsc#1211606)
  * CVE-2023-31124. Low. AutoTools does not set CARES_RANDOM_FILE
    during cross compilation (bsc#1211607)
  Bug fixes:
  * Fix uninitialized memory warning in test
  * ares_getaddrinfo() should allow a port of 0
  * Fix memory leak in ares_send() on error
  * Fix comment style in ares_data.h
  * Fix typo in ares_init_options.3
  * Sync ax_pthread.m4 with upstream
  * Sync ax_cxx_compile_stdcxx_11.m4 with upstream to fix uclibc support

OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/c-ares?expand=0&rev=50

c-ares-1.19.0.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:bfceba37e23fd531293829002cac0401ef49a6dc55923f7f92236585b7ad1dd3
-size 1572210

c-ares-1.19.0.tar.gz.asc

@@ -1,11 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQEzBAABCgAdFiEEJ+3q8i86vOtQ25oSXMkI/bceEsIFAmPVjzMACgkQXMkI/bce
-EsKcWQf/UfT56Om5KDRDDrPkqwQ/jW3fIg2XCr3sI0UWYTeA8pSuMBIqCshVPc9k
-OWKDjS3rBHYRO2TVl5z/diAvzyEpjC2SpI1NS13i4lPvP3fDNHPpVyavIbCr9rGI
-u+njUCVpEtS1H8zdYMN54sp4NtN9Md0A2Tp3o+4OxMZfFFR7+XiXg2MgEx04pnHO
-5guPDrgzwGKM9s3pdyw0I8YbA25gDXrffFG5Ezs4sLsBOmhkUSbH9wuqubqHnBZ/
-1V4KKeeNLHR5fWthOEQ7yQ8zKac8DCsmW54t7wD7rdDVSMxSSS0i2oq4ZDqEJooA
-NMrQRjBlISiAghwE8sIp/fmeSCmJ4A==
-=q9oj
------END PGP SIGNATURE-----

c-ares-1.19.1.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:321700399b72ed0e037d0074c629e7741f6b2ec2dda92956abe3e9671d3e268e
+size 1579100

c-ares-1.19.1.tar.gz.asc

@@ -0,0 +1,11 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQEzBAABCgAdFiEEJ+3q8i86vOtQ25oSXMkI/bceEsIFAmRrXuwACgkQXMkI/bce
+EsKdGgf9EP41uA/RWuaXGaRhUjlUasGGwUFntEkcOjLtxZNwLXkdE2d3NOIVeiVR
+HG6Dto+20ygqorDsHnLHH8iOyER3g/aRDtzY95uE6t4UBA69NOcWhO0H28t5NG1y
+q+OUI4zcbLn78UddF5vMNoUrVt5eZf5x+EgnpPldn86cAmT8+2KZ1+LiI3XpzEbK
+L4+VpkqrSEdSVMN4qqzzQCsC2jxgQuDgZe6as+cf4Bsf6upQT6iH4f+O9+cPFObM
+p0LvdyTWDOXiosjyWuWoYat0LdEcExYjNFEh9V3+drkjUNXJ3HvcyBottQQBUsNV
+PGGrIY76CXzqOYv+j/0us7400RQD9A==
+=J2nY
+-----END PGP SIGNATURE-----

c-ares.changes

@@ -1,3 +1,26 @@
+-------------------------------------------------------------------
+Mon May 22 13:56:59 UTC 2023 - Adam Majer <adam.majer@suse.de>
+
+- Update to version 1.19.1
+  Security:
+  * CVE-2023-32067. High. 0-byte UDP payload causes Denial of Service
+    (bsc#1211604)
+  * CVE-2023-31147 Moderate. Insufficient randomness in generation
+    of DNS query IDs (bsc#1211605)
+  * CVE-2023-31130. Moderate. Buffer Underwrite in
+    ares_inet_net_pton() (bsc#1211606)
+  * CVE-2023-31124. Low. AutoTools does not set CARES_RANDOM_FILE
+    during cross compilation (bsc#1211607)
+
+  Bug fixes:
+  * Fix uninitialized memory warning in test
+  * ares_getaddrinfo() should allow a port of 0
+  * Fix memory leak in ares_send() on error
+  * Fix comment style in ares_data.h
+  * Fix typo in ares_init_options.3
+  * Sync ax_pthread.m4 with upstream
+  * Sync ax_cxx_compile_stdcxx_11.m4 with upstream to fix uclibc support 
+
 -------------------------------------------------------------------
 Sun Jan 29 09:31:00 UTC 2023 - Martin Hauke <mardnh@gmx.de>
 

c-ares.spec

@@ -22,7 +22,7 @@
 %define cmake_build make -O VERBOSE=1 %{?_smp_mflags}
 %endif
 Name:           c-ares
-Version:        1.19.0
+Version:        1.19.1
 Release:        0
 Summary:        Library for asynchronous name resolves
 License:        MIT