Tuesday 10th August 2021
Fedora Project
Updated perl-Apache-Session-Browseable to 1.3.9 in Rawhide:
Return number of deleted rows when called in array context (https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2428)
Local Packages
Updated c-ares to 1.17.2:
- Security:
NodeJS passes NULL for addr and 0 for addrlen to ares_parse_ptr_reply() on systems where malloc(0) returns NULL, which would cause a crash
When building c-ares with CMake, the RANDOM_FILE would not be set and therefore downgrade to the less secure random number generator
If ares_getaddrinfo() was terminated by an ares_destroy(), it would cause a crash
Crash in sortaddrinfo() if the list size equals 0 due to an unexpected DNS response
- Expand number of escaped characters in DNS replies as per RFC1035 5.1 to prevent spoofing
- Perform validation on hostnames to prevent possible XSS due to applications not performing validation themselves
- Changes:
Use non-blocking /dev/urandom for random data to prevent early startup performance issues
- z/OS port
ares_malloc(0) is now defined behaviour (returns NULL) rather than system-specific to catch edge cases
- Bug fixes:
- Fuzz testing files were not distributed with official archives
- Building tests should not force building of static libraries except on Windows
Windows builds of the tools would fail if built as static due to a missing CARES_STATICLIB definition
- Relative headers must use double quotes to prevent pulling in a system library
Fix OpenBSD building by implementing portability updates for including arpa/nameser.h
- Fix building out-of-tree for autotools
make install on MacOS/iOS with CMake was missing the bundle destination so libraries weren't actually installed
- Fix retrieving DNS server configuration on MacOS and iOS if the configuration did not include search domains
ares_parse_a_reply and ares_parse_aaaa_reply were erroneously using strdup() instead of ares_strdup()
Updated perl-Search-Elasticsearch to 7.714:
- Stable release for Elasticsearch 7.14