Update c-ares to 1.34.6 (security release) #3

Merged

sbelikov merged 1 commit from update-c-ares-1.34.6 into niceos-5.2 2026-04-28 17:09:17 +03:00

Conversation 0 Commits 1 Files changed 1 +6 -1

sbelikov commented 2026-04-28 17:07:43 +03:00

Owner

Copy link

This PR updates c-ares from 1.34.5 to 1.34.6.

Security:

• Fixes CVE-2025-62408: use-after-free bug in read_answers() introduced in v1.32.3.

Other changes:

• Ignores Windows IDN Search Domains until proper IDN support is added.
• Fixes event thread stalling on bad connections.
• Fixes invalid service to port number conversion.
• Fixes memory leak in ares_uri.
• Various build fixes (Clang on Windows, MidnightBSD, IPv6 link-local nameservers).

See upstream release notes: https://github.com/c-ares/c-ares/releases/tag/v1.34.6

Issue: #2

This PR updates c-ares from 1.34.5 to 1.34.6. **Security**: - Fixes CVE-2025-62408: use-after-free bug in `read_answers()` introduced in v1.32.3. **Other changes**: - Ignores Windows IDN Search Domains until proper IDN support is added. - Fixes event thread stalling on bad connections. - Fixes invalid service to port number conversion. - Fixes memory leak in `ares_uri`. - Various build fixes (Clang on Windows, MidnightBSD, IPv6 link-local nameservers). See upstream release notes: https://github.com/c-ares/c-ares/releases/tag/v1.34.6 **Issue**: https://specs.niceos.ru/rpms/c-ares/issues/2

sbelikov added 1 commit 2026-04-28 17:07:43 +03:00

Update c-ares to 1.34.6 (security fix CVE-2025-62408) d0d3d37a84

sbelikov merged commit 2b2e98441c into niceos-5.2 2026-04-28 17:09:17 +03:00

sbelikov referenced this pull request from a commit 2026-04-28 17:09:19 +03:00

Merge pull request 'Update c-ares to 1.34.6 (security release)' (#3) from update-c-ares-1.34.6 into niceos-5.2

Sign in to join this conversation.

Reviewers

No reviewers

Labels

Clear labels   

ai-summary

Issue contains local NiceSOFT AI generated preliminary analysis

  

bot

Created by automation

  

needs-build

Needs build verification

  

needs-triage

Needs maintainer triage

  

priority/high

High priority

  

security-release

Release notes mention security fixes or CVE

  

update/patch

Patch-level update

  

upstream-update

New upstream version is available

  

upstream/github

GitHub upstream

No labels

ai-summary

bot

needs-build

needs-triage

priority/high

security-release

update/patch

upstream-update

upstream/github

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

rpms/c-ares!3

No description provided.