277261 – dns/c-ares: upgrade to 1.27.0 required (moderate security issue)

Bug 277261 - dns/c-ares: upgrade to 1.27.0 required (moderate security issue)

Summary: dns/c-ares: upgrade to 1.27.0 required (moderate security issue)

Status:	Closed FIXED

Alias:	None

Product:	Ports & Packages
Classification:	Unclassified
Component:	Individual Port(s) (show other bugs)
Version:	Latest
Hardware:	Any Any

Importance:	--- Affects Many People
Assignee:	Rodrigo Osorio

URL:
Keywords:	patch, security

Depends on:
Blocks:

Reported:	2024-02-23 14:18 UTC by Rodrigo Osorio
Modified:	2024-02-23 22:54 UTC (History)
CC List:	0 users

See Also:

Flags:	zi: maintainer-feedback+

Attachments
update to 1.27.0 plus minor changes (1.65 KB, patch) 2024-02-23 14:31 UTC, Rodrigo Osorio	no flags	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Rodrigo Osorio freebsd_committer

2024-02-23 14:18:33 UTC

According with c-ares project there is an open CVE-2024-25629
who affect versions of c-ares before 1.27.0.

Reading a malformed /etc/resolv.conf, /etc/nsswitch.conf or
HOSTALIASES can crash the process.

The severity level is considered as moderate.

Comment 1 Rodrigo Osorio freebsd_committer

2024-02-23 14:31:14 UTC

Created attachment 248697 [details]
update to 1.27.0 plus minor changes

dns/c-ares: update to 1.27.0

Changelog: https://c-ares.org/changelog.html

Minor port change to make linters happy

Security: CVE-2024-25629

Comment 2 Ryan Steinmetz freebsd_committer

2024-02-23 14:52:06 UTC

Approved.

Comment 3 commit-hook freebsd_committer

2024-02-23 22:53:14 UTC

A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=c096345ca5a678101030fd373211c8ced5c644be

commit c096345ca5a678101030fd373211c8ced5c644be
Author:     Rodrigo Osorio <rodrigo@FreeBSD.org>
AuthorDate: 2024-02-23 22:04:51 +0000
Commit:     Rodrigo Osorio <rodrigo@FreeBSD.org>
CommitDate: 2024-02-23 22:51:42 +0000

    dns/c-ares: upgrade to 1.27.0

    Changelog: https://c-ares.org/changelog.html

    PR:             277261
    Approved by:    zi (maintainer)
    Security:       CVE-2024-25629

 dns/c-ares/Makefile  | 7 +++----
 dns/c-ares/distinfo  | 6 +++---
 dns/c-ares/pkg-plist | 2 +-
 3 files changed, 7 insertions(+), 8 deletions(-)

Comment 4 Rodrigo Osorio freebsd_committer

2024-02-23 22:54:04 UTC

committed, thanks