Skip to content

[Backport staging-25.11] c-ares: 1.34.5 -> 1.34.6#472260

Merged
mweinelt merged 1 commit intostaging-25.11from
backport-469130-to-staging-25.11
Dec 21, 2025
Merged

[Backport staging-25.11] c-ares: 1.34.5 -> 1.34.6#472260
mweinelt merged 1 commit intostaging-25.11from
backport-469130-to-staging-25.11

Conversation

@nixpkgs-ci
Copy link
Contributor

@nixpkgs-ci nixpkgs-ci bot commented Dec 19, 2025

Bot-based backport to staging-25.11, triggered by a label in #469130.

Before merging, ensure that this backport is acceptable for the release.

Even as a non-committer, if you find that it is not acceptable, leave a comment.

Tip

If you maintain all packages touched by this pull request, and they are all located under pkgs/by-name/*, you can comment @NixOS/nixpkgs-merge-bot merge to automatically merge this PR using the nixpkgs-merge-bot.

@nixpkgs-ci nixpkgs-ci bot added the 1.severity: security Issues which raise a security issue, or PRs that fix one label Dec 19, 2025
@nixpkgs-ci nixpkgs-ci bot mentioned this pull request Dec 19, 2025
13 tasks
Copy link
Contributor

@github-actions github-actions bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This report is automatically generated by the PR / Check / cherry-pick CI workflow.

Some of the commits in this PR require the author's and reviewer's attention.

Sometimes it is not possible to cherry-pick exactly the same patch.
This most frequently happens when resolving merge conflicts.
The range-diff will help to review the resolution of conflicts.

If you need to merge this PR despite the warnings, please dismiss this review shortly before merging.

Warning

Difference between d3e1989 and original 9999bd5 may warrant inspection.

Show diff
@@ Commit message
     https://github.com/c-ares/c-ares/security/advisories/GHSA-jq53-42q6-pqr5
 
     Fixes: CVE-2025-62408
+    (cherry picked from commit 9999bd59d0785859cf4472900448f98ae533c634)
 
  ## pkgs/development/libraries/c-ares/default.nix ##
 @@
@@ pkgs/development/libraries/c-ares/default.nix
 +    hash = "sha256-kS3XzDs+innFL9f7nA9Ozwqqc+Re/aiAJmotbia4TvU=";
    };
  
--  patches = [
--    # Fix being unable to use Ipv6 link-local DNS servers. See: https://github.com/c-ares/c-ares/pull/997.
--    ./fix-link-local-dns-servers.patch
--  ];
--
    outputs = [
-     "out"
-     "dev"
-
- ## pkgs/development/libraries/c-ares/fix-link-local-dns-servers.patch (deleted) ##
-@@
--From 0fbeb87f65ad9e9e6cead10d778291db71489f34 Mon Sep 17 00:00:00 2001
--From: iucoen <[email protected]>
--Date: Thu, 5 Jun 2025 20:08:43 -0700
--Subject: [PATCH] Fix IPv6 link-local nameservers in /etc/resolv.conf (#997)
--
--There are two issues that broke link-local nameservers in resolv.conf
--1. channel->sock_funcs needs to be initialized before
--ares_init_by_sysconfig()
--2. The aif_nametoindex and aif_indextoname function pointers were not
--initlized at all.
-----
-- src/lib/ares_init.c                 | 4 ++--
-- src/lib/ares_set_socket_functions.c | 2 ++
-- 2 files changed, 4 insertions(+), 2 deletions(-)
--
--diff --git a/src/lib/ares_init.c b/src/lib/ares_init.c
--index ae78262a11..ce6181833c 100644
----- a/src/lib/ares_init.c
--+++ b/src/lib/ares_init.c
--@@ -271,6 +271,8 @@ int ares_init_options(ares_channel_t           **channelptr,
--     goto done;
--   }
-- 
--+  ares_set_socket_functions_def(channel);
--+
--   /* Initialize Server List */
--   channel->servers =
--     ares_slist_create(channel->rand_state, server_sort_cb, server_destroy_cb);
--@@ -346,8 +348,6 @@ int ares_init_options(ares_channel_t           **channelptr,
--     goto done;
--   }
-- 
---  ares_set_socket_functions_def(channel);
---
--   /* Initialize the event thread */
--   if (channel->optmask & ARES_OPT_EVENT_THREAD) {
--     ares_event_thread_t *e = NULL;
--diff --git a/src/lib/ares_set_socket_functions.c b/src/lib/ares_set_socket_functions.c
--index cfe434327d..9994e81df5 100644
----- a/src/lib/ares_set_socket_functions.c
--+++ b/src/lib/ares_set_socket_functions.c
--@@ -127,6 +127,8 @@ ares_status_t
--     channel->sock_funcs.asendto      = funcs->asendto;
--     channel->sock_funcs.agetsockname = funcs->agetsockname;
--     channel->sock_funcs.abind        = funcs->abind;
--+    channel->sock_funcs.aif_nametoindex = funcs->aif_nametoindex;
--+    channel->sock_funcs.aif_indextoname = funcs->aif_indextoname;
--   }
-- 
--   /* Implement newer versions here ...*/
- \ No newline at end of file

Hint: The full diffs are also available in the runner logs with slightly better highlighting.

@nixpkgs-ci nixpkgs-ci bot added 10.rebuild-linux: 501+ This PR causes many rebuilds on Linux and should normally target the staging branches. 10.rebuild-darwin: 501+ This PR causes many rebuilds on Darwin and should normally target the staging branches. 10.rebuild-darwin: 5001+ This PR causes many rebuilds on Darwin and must target the staging branches. 10.rebuild-linux: 5001+ This PR causes many rebuilds on Linux and must target the staging branches. 9.needs: reviewer This PR currently has no reviewers requested and needs attention. 4.workflow: backport This targets a stable branch labels Dec 19, 2025
@mweinelt mweinelt added this pull request to the merge queue Dec 21, 2025
Merged via the queue into staging-25.11 with commit c6a2ae6 Dec 21, 2025
35 of 37 checks passed
@mweinelt mweinelt deleted the backport-469130-to-staging-25.11 branch December 21, 2025 13:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

1.severity: security Issues which raise a security issue, or PRs that fix one 4.workflow: backport This targets a stable branch 9.needs: reviewer This PR currently has no reviewers requested and needs attention. 10.rebuild-darwin: 501+ This PR causes many rebuilds on Darwin and should normally target the staging branches. 10.rebuild-darwin: 5001+ This PR causes many rebuilds on Darwin and must target the staging branches. 10.rebuild-linux: 501+ This PR causes many rebuilds on Linux and should normally target the staging branches. 10.rebuild-linux: 5001+ This PR causes many rebuilds on Linux and must target the staging branches.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant