On Tue, Apr 08, 2025 at 10:10:39PM +0200, Volker Schlecht wrote: > Here's a security release for libcares that can probably wait a little: > > https://github.com/c-ares/c-ares/security/advisories/GHSA-6hxc-62jh-p29v > > ok for -current after ports tree is unlocked?
As discussed on ICB, this needs a minor shlib bump for -current and we probably also want to remove -DCARES_STATIC=ON. It survived an amd64 bulk with these changes. > ok for 7.7 once tagged and set up? The minor bump should be avoided in stable. Also the renaming of the static library isn't ideal, although we can probably live with it. Unfortunately, the c-ares 1.34.5 commit history is a bit of a mess and it's unclear what the actual fix is and whether it is self-standing. So I'd try to add a patch that avoids exporting the two new functions and undo the library rename.
