From fcf38f067a69fce8ad727f8b914b93deb7dafef7d23783db07a6e85d922da46c Mon Sep 17 00:00:00 2001
From: Adam Majer <amajer@suse.com>
Date: Mon, 26 Feb 2024 13:29:07 +0000
Subject: [PATCH] - c-ares 1.27.0   Security:   * Moderate. CVE-2024-25629.
 Reading malformatted /etc/resolv.conf,     /etc/nsswitch.conf or the
 HOSTALIASES file could result in a crash.     GHSA-mg26-v6qh-x48q
 (CVE-2024-25629, bsc#1220279)   Features:   * New function
 ares_queue_active_queries() to retrieve number of in-flight     queries. PR
 #712   * New function ares_queue_wait_empty() to wait for the number of
 in-flight     queries to reach zero. PR #710   * New ARES_FLAG_NO_DEFLT_SVR
 for ares_init_options() to return a failure if     no DNS servers can be
 found rather than attempting to use 127.0.0.1. This     also introduces a new
 ares status code of ARES_ENOSERVER. PR #713   Changes:   * EDNS Packet size
 should be 1232 as per DNS Flag Day. PR #705   Bugfixes:   * Fix warning due
 to ignoring return code of write(). PR #709   * CMake: don't override target
 output locations if not top-level. Issue #708   * Fix building c-ares without
 thread support. PR #700

OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/c-ares?expand=0&rev=63
---
 c-ares-1.26.0.tar.gz     |  3 ---
 c-ares-1.26.0.tar.gz.asc | 11 -----------
 c-ares-1.27.0.tar.gz     |  3 +++
 c-ares-1.27.0.tar.gz.asc | 11 +++++++++++
 c-ares.changes           | 26 ++++++++++++++++++++++++++
 c-ares.spec              |  4 ++--
 6 files changed, 42 insertions(+), 16 deletions(-)
 delete mode 100644 c-ares-1.26.0.tar.gz
 delete mode 100644 c-ares-1.26.0.tar.gz.asc
 create mode 100644 c-ares-1.27.0.tar.gz
 create mode 100644 c-ares-1.27.0.tar.gz.asc

diff --git a/c-ares-1.26.0.tar.gz b/c-ares-1.26.0.tar.gz
deleted file mode 100644
index 0645e01..0000000
--- a/c-ares-1.26.0.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:bed58c4f02b009080ebda6c2467ba469722ac6aebbf4497dc44a83d8c6194e50
-size 1298394
diff --git a/c-ares-1.26.0.tar.gz.asc b/c-ares-1.26.0.tar.gz.asc
deleted file mode 100644
index 29c7dec..0000000
--- a/c-ares-1.26.0.tar.gz.asc
+++ /dev/null
@@ -1,11 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQEzBAABCgAdFiEEJ+3q8i86vOtQ25oSXMkI/bceEsIFAmWz2vAACgkQXMkI/bce
-EsIrrAgAtMIrhaPGkLiy74s3dITsCyExcgl3BjISFPDM9ghTfMqNH4oB0CW38uaS
-EcoE/l8GSLnnXwwISx4R8173RMwvCY1ADpHwYY7qlx1IX8M+M9OAgMUf9YAJo2Ui
-y2tIi77Hk6QELH0K+4D3uTqZ1de6cCTkNrVS7s80YayujD0xbInXwjEz6s5yVquM
-zb4P6wRZb+mzHCmp2w+dmajs5ePam8RhuqLzsr+7aj2GJE7mqpfA9dOdLYheYXXZ
-KcCmunHA6tDAZAdRpRiqfLxl9OK3p6j8DnwU/uQ7l1u67rk7erbhgilOFuvXYDsh
-hldY+esR0Ps0fDijLoi0AwDhre9O1A==
-=yPrc
------END PGP SIGNATURE-----
diff --git a/c-ares-1.27.0.tar.gz b/c-ares-1.27.0.tar.gz
new file mode 100644
index 0000000..f9b2cb6
--- /dev/null
+++ b/c-ares-1.27.0.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:0a72be66959955c43e2af2fbd03418e82a2bd5464604ec9a62147e37aceb420b
+size 1301440
diff --git a/c-ares-1.27.0.tar.gz.asc b/c-ares-1.27.0.tar.gz.asc
new file mode 100644
index 0000000..00415eb
--- /dev/null
+++ b/c-ares-1.27.0.tar.gz.asc
@@ -0,0 +1,11 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQEzBAABCgAdFiEEJ+3q8i86vOtQ25oSXMkI/bceEsIFAmXYSD0ACgkQXMkI/bce
+EsIrPAgAsE8zpviLmbuAS9TvBG+mRYhr/Q0Bix9ZpBke/V+4XUpGrlNPcyD5Y1wX
+KmTWRFxQWfj/wau8uI1pMYkIQlq7GxU1MaIWiyqEk+4GPEry945PA/YesLiQWuCo
+ny/1xA9FNdffCLDpH5OYQtTrKYhZ9wrU4Ae4bh2Mo0V5pwTkX2BviAj9R3SUtXnD
+sQi+kRAuhii/3aVPLDURw3MWgGYV1n1dRBWQr1yaeUey3PCn+aUfSsDRHCy6mBIy
+5rm2YiiWBaSF89u6PFqqEYI57xDHz7eJa6CYk/nwKktse43zTlWSY2NpAgYR3iW7
+mRCAt3/6KVx5pPyzeq3+ZGBmGY0qng==
+=hubf
+-----END PGP SIGNATURE-----
diff --git a/c-ares.changes b/c-ares.changes
index fe6fcf0..c0096b0 100644
--- a/c-ares.changes
+++ b/c-ares.changes
@@ -1,3 +1,29 @@
+-------------------------------------------------------------------
+Mon Feb 26 13:25:59 UTC 2024 - Adam Majer <adam.majer@suse.de>
+
+- c-ares 1.27.0
+  Security:
+  * Moderate. CVE-2024-25629. Reading malformatted /etc/resolv.conf,
+    /etc/nsswitch.conf or the HOSTALIASES file could result in a crash.
+    GHSA-mg26-v6qh-x48q (CVE-2024-25629, bsc#1220279)
+
+  Features:
+  * New function ares_queue_active_queries() to retrieve number of in-flight
+    queries. PR #712
+  * New function ares_queue_wait_empty() to wait for the number of in-flight
+    queries to reach zero. PR #710
+  * New ARES_FLAG_NO_DEFLT_SVR for ares_init_options() to return a failure if
+    no DNS servers can be found rather than attempting to use 127.0.0.1. This
+    also introduces a new ares status code of ARES_ENOSERVER. PR #713
+
+  Changes:
+  * EDNS Packet size should be 1232 as per DNS Flag Day. PR #705
+
+  Bugfixes:
+  * Fix warning due to ignoring return code of write(). PR #709
+  * CMake: don't override target output locations if not top-level. Issue #708
+  * Fix building c-ares without thread support. PR #700
+
 -------------------------------------------------------------------
 Fri Feb  9 07:35:39 UTC 2024 - Dominique Leuenberger <dimstar@opensuse.org>
 
diff --git a/c-ares.spec b/c-ares.spec
index af39394..320c08c 100644
--- a/c-ares.spec
+++ b/c-ares.spec
@@ -1,5 +1,5 @@
 #
-# spec file
+# spec file for package c-ares
 #
 # Copyright (c) 2024 SUSE LLC
 # Copyright (c) 2024 Andreas Stieger <Andreas.Stieger@gmx.de>
@@ -26,7 +26,7 @@
 %endif
 
 Name:           c-ares%pkg_suffix
-Version:        1.26.0
+Version:        1.27.0
 Release:        0
 Summary:        Library for asynchronous name resolves
 License:        MIT