- update to 1.17.2:

Security:
  * When building c-ares with CMake, the RANDOM_FILE would not be set
    and therefore downgrade to the less secure random number generator
  * If ares_getaddrinfo() was terminated by an ares_destroy(),
    it would cause a crash
  * Crash in sortaddrinfo() if the list size equals 0 due to
    an unexpected DNS response
  * Expand number of escaped characters in DNS replies as per
    RFC1035 5.1 to prevent spoofing follow-up
    (bsc#1188881, CVE-2021-3672)
  * Perform validation on hostnames to prevent possible XSS
    due to applications not performing valiation themselves 
  Changes:
  * ares_malloc(0) is now defined behavior (returns NULL) rather than system-specific to catch edge cases 
  Bug fixes:
  * Building tests should not force building of static libraries except on Windows
  * Relative headers must use double quotes to prevent pulling in a system library
for details see,
https://c-ares.haxx.se/changelog.html#1_17_2

OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/c-ares?expand=0&rev=37

c-ares-1.17.1.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:d73dd0f6de824afd407ce10750ea081af47eba52b8a6cb307d220131ad93fc40
-size 1518701

c-ares-1.17.1.tar.gz.asc

@@ -1,11 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQEzBAABCgAdFiEEJ+3q8i86vOtQ25oSXMkI/bceEsIFAl+2n+oACgkQXMkI/bce
-EsIMuQf/aWfEbS3LtGc7BhK2o/YGkrF29sgort4oANMMrvbF9eKezYER2FOG+UW4
-4MGhAORCPNZF5arF/6ctEOSgWFuKIPD+tdirX+zX+io6yCIARGAqXQrjUA7TbwUu
-9jb8ose5PXUfkh8zeU3xLjcWeq4GUKp4HRypP94EbkzzpHOfgJulJPd6QzSpn7Gd
-uNNw9dRwhyM4N47QXdCLZyJzuOqcLX7SDbMbRNH7Li093ReqYhxOY9qzJITvfmfq
-NMHvshlsdnK/Rw+v6TQS5PbHdx7y4bTQjYwgENxC+EIPLJ2lYRAaHFKlgFdgfX5x
-UkNOhAMltsnTjfIz8RGDk12Wd0Vssw==
-=iWz7
------END PGP SIGNATURE-----

c-ares-1.17.2.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:4803c844ce20ce510ef0eb83f8ea41fa24ecaae9d280c468c582d2bb25b3913d
+size 1538276

c-ares-1.17.2.tar.gz.asc

@@ -0,0 +1,11 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQEzBAABCgAdFiEEJ+3q8i86vOtQ25oSXMkI/bceEsIFAmESGOwACgkQXMkI/bce
+EsIyCwf/aKIZjd/ziFBwGNwLpk5DH62e5tr1sL7BwW8F7TiGjKnvglScxxauraM8
+qCVYP6rkCV3aeSg2yEfYI8slrllek6J8iciIN0Y7a7Vd9epVWfSMLq1GNeR+NPB/
+aAFak21vIk2QaLYZk+z4s4pmWN2bvwWJxGG3Tdohr9/W5f3kdbYVrdCE3nWFgCQ6
+/vqG0SACZufgjiEG6vYf2Mhmit9MY+I1LmuR3LrGO2iLMfS69z7GzBS6d015mAHP
+Gm2qLdNBdWyfoMBi7vEMef0/C336UQ1mNyxThw9vHVXr/Fao+ZSL0NJgiZ0ggtKi
+ojAIChIOwOGMcTy8TBmEyNxf7OIsFA==
+=/P5j
+-----END PGP SIGNATURE-----

c-ares.changes

@@ -1,3 +1,30 @@
+-------------------------------------------------------------------
+Thu Aug 12 13:59:07 UTC 2021 - Adam Majer <adam.majer@suse.de>
+
+- update to 1.17.2:
+  Security:
+  * When building c-ares with CMake, the RANDOM_FILE would not be set
+    and therefore downgrade to the less secure random number generator
+  * If ares_getaddrinfo() was terminated by an ares_destroy(),
+    it would cause a crash
+  * Crash in sortaddrinfo() if the list size equals 0 due to
+    an unexpected DNS response
+  * Expand number of escaped characters in DNS replies as per
+    RFC1035 5.1 to prevent spoofing follow-up
+    (bsc#1188881, CVE-2021-3672)
+  * Perform validation on hostnames to prevent possible XSS
+    due to applications not performing valiation themselves 
+
+  Changes:
+  * ares_malloc(0) is now defined behavior (returns NULL) rather than system-specific to catch edge cases 
+
+  Bug fixes:
+  * Building tests should not force building of static libraries except on Windows
+  * Relative headers must use double quotes to prevent pulling in a system library
+
+for details see,
+https://c-ares.haxx.se/changelog.html#1_17_2
+
 -------------------------------------------------------------------
 Sat Jan 16 15:05:28 UTC 2021 - Dirk Müller <dmueller@suse.com>
 

c-ares.spec

@@ -41,7 +41,7 @@ ExclusiveArch:  do_not_build
 %endif
 
 Name:           %{pname}
-Version:        1.17.1
+Version:        1.17.2
 Release:        0
 Summary:        Library for asynchronous name resolves
 License:        MIT