[Backport staging-25.11] c-ares: 1.34.5 -> 1.34.6#472260
Merged
mweinelt merged 1 commit intostaging-25.11from Dec 21, 2025
Merged
[Backport staging-25.11] c-ares: 1.34.5 -> 1.34.6#472260mweinelt merged 1 commit intostaging-25.11from
mweinelt merged 1 commit intostaging-25.11from
Conversation
https://c-ares.org/changelog.html#1_34_6 GHSA-jq53-42q6-pqr5 Fixes: CVE-2025-62408 (cherry picked from commit 9999bd5)
nixpkgs-ci
bot
added
the
1.severity: security
13 tasks
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
This report is automatically generated by the PR / Check / cherry-pick CI workflow.
Some of the commits in this PR require the author's and reviewer's attention.
Sometimes it is not possible to cherry-pick exactly the same patch.
This most frequently happens when resolving merge conflicts.
The range-diff will help to review the resolution of conflicts.
If you need to merge this PR despite the warnings, please dismiss this review shortly before merging.
Warning
Difference between d3e1989 and original 9999bd5 may warrant inspection.
Show diff
@@ Commit message
https://github.com/c-ares/c-ares/security/advisories/GHSA-jq53-42q6-pqr5
Fixes: CVE-2025-62408
+ (cherry picked from commit 9999bd59d0785859cf4472900448f98ae533c634)
## pkgs/development/libraries/c-ares/default.nix ##
@@
@@ pkgs/development/libraries/c-ares/default.nix
+ hash = "sha256-kS3XzDs+innFL9f7nA9Ozwqqc+Re/aiAJmotbia4TvU=";
};
-- patches = [
-- # Fix being unable to use Ipv6 link-local DNS servers. See: https://github.com/c-ares/c-ares/pull/997.
-- ./fix-link-local-dns-servers.patch
-- ];
--
outputs = [
- "out"
- "dev"
-
- ## pkgs/development/libraries/c-ares/fix-link-local-dns-servers.patch (deleted) ##
-@@
--From 0fbeb87f65ad9e9e6cead10d778291db71489f34 Mon Sep 17 00:00:00 2001
--From: iucoen <[email protected]>
--Date: Thu, 5 Jun 2025 20:08:43 -0700
--Subject: [PATCH] Fix IPv6 link-local nameservers in /etc/resolv.conf (#997)
--
--There are two issues that broke link-local nameservers in resolv.conf
--1. channel->sock_funcs needs to be initialized before
--ares_init_by_sysconfig()
--2. The aif_nametoindex and aif_indextoname function pointers were not
--initlized at all.
-----
-- src/lib/ares_init.c | 4 ++--
-- src/lib/ares_set_socket_functions.c | 2 ++
-- 2 files changed, 4 insertions(+), 2 deletions(-)
--
--diff --git a/src/lib/ares_init.c b/src/lib/ares_init.c
--index ae78262a11..ce6181833c 100644
----- a/src/lib/ares_init.c
--+++ b/src/lib/ares_init.c
--@@ -271,6 +271,8 @@ int ares_init_options(ares_channel_t **channelptr,
-- goto done;
-- }
--
--+ ares_set_socket_functions_def(channel);
--+
-- /* Initialize Server List */
-- channel->servers =
-- ares_slist_create(channel->rand_state, server_sort_cb, server_destroy_cb);
--@@ -346,8 +348,6 @@ int ares_init_options(ares_channel_t **channelptr,
-- goto done;
-- }
--
--- ares_set_socket_functions_def(channel);
---
-- /* Initialize the event thread */
-- if (channel->optmask & ARES_OPT_EVENT_THREAD) {
-- ares_event_thread_t *e = NULL;
--diff --git a/src/lib/ares_set_socket_functions.c b/src/lib/ares_set_socket_functions.c
--index cfe434327d..9994e81df5 100644
----- a/src/lib/ares_set_socket_functions.c
--+++ b/src/lib/ares_set_socket_functions.c
--@@ -127,6 +127,8 @@ ares_status_t
-- channel->sock_funcs.asendto = funcs->asendto;
-- channel->sock_funcs.agetsockname = funcs->agetsockname;
-- channel->sock_funcs.abind = funcs->abind;
--+ channel->sock_funcs.aif_nametoindex = funcs->aif_nametoindex;
--+ channel->sock_funcs.aif_indextoname = funcs->aif_indextoname;
-- }
--
-- /* Implement newer versions here ...*/
- \ No newline at end of file
Hint: The full diffs are also available in the runner logs with slightly better highlighting.
nixpkgs-ci
bot
added
10.rebuild-linux: 501+
This was referenced Dec 28, 2025
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bot-based backport to
staging-25.11, triggered by a label in #469130.Before merging, ensure that this backport is acceptable for the release.
Even as a non-committer, if you find that it is not acceptable, leave a comment.
Tip
If you maintain all packages touched by this pull request, and they are all located under
pkgs/by-name/*, you can comment@NixOS/nixpkgs-merge-bot mergeto automatically merge this PR using thenixpkgs-merge-bot.