[Buildroot] [git commit branch/2023.05.x] package/c-ares: security bump to version 1.19.1

Thu Jul 6 11:32:17 UTC 2023

commit: https://git.buildroot.net/buildroot/commit/?id=4e2d157c72775a5df68b57e50afd825d2fc46233
branch: https://git.buildroot.net/buildroot/commit/?id=refs/heads/2023.05.x

Fixes the following security issues:

- CVE-2023-32067: High.  0-byte UDP payload causes Denial of Service
- CVE-2023-31147 Moderate.  Insufficient randomness in generation of DNS
  query IDs
- CVE-2023-31130.  Moderate.  Buffer Underwrite in ares_inet_net_pton()
- CVE-2023-31124.  Low.  AutoTools does not set CARES_RANDOM_FILE during
  cross compilation

Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
Signed-off-by: Arnout Vandecappelle <arnout at mind.be>
(cherry picked from commit 0afcfe5a48bd0cb33b1431bb92a5b43ba1109270)
Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
---
 package/c-ares/c-ares.hash | 2 +-
 package/c-ares/c-ares.mk   | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/package/c-ares/c-ares.hash b/package/c-ares/c-ares.hash
index edf891674b..3e1573f2cf 100644
--- a/package/c-ares/c-ares.hash
+++ b/package/c-ares/c-ares.hash
@@ -1,5 +1,5 @@
 # Locally calculated after checking pgp signature
-sha256  bfceba37e23fd531293829002cac0401ef49a6dc55923f7f92236585b7ad1dd3  c-ares-1.19.0.tar.gz
+sha256  321700399b72ed0e037d0074c629e7741f6b2ec2dda92956abe3e9671d3e268e  c-ares-1.19.1.tar.gz
 
 # Hash for license file
 sha256  db4eb63fe09daebdf57d3f79b091bb5ee5070c0d761040e83264e648d307af4c  LICENSE.md
diff --git a/package/c-ares/c-ares.mk b/package/c-ares/c-ares.mk
index 4332fc6919..46b8acd673 100644
--- a/package/c-ares/c-ares.mk
+++ b/package/c-ares/c-ares.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-C_ARES_VERSION = 1.19.0
+C_ARES_VERSION = 1.19.1
 C_ARES_SITE = http://c-ares.haxx.se/download
 C_ARES_INSTALL_STAGING = YES
 C_ARES_CONF_OPTS = --with-random=/dev/urandom

