"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "RELEASE-NOTES" between
c-ares-1.17.1.tar.gz and c-ares-1.17.2.tar.gz

About: c-ares is a C library for asynchronous DNS requests (including name resolves).

RELEASE-NOTES  (c-ares-1.17.1):RELEASE-NOTES  (c-ares-1.17.2)
c-ares version 1.17.1 c-ares version 1.17.2
Due to a packaging issue with 1.17.0, we have released 1.17.1 to address that This is a security and bugfix release. It addresses a few security related
issue. See 1.17.0 release notes below.. issues along with various bugfixes mostly related to portability.
c-ares version 1.17.0
Security: Security:
o avoid read-heap-buffer-overflow in ares_parse_soa_reply found during o NodeJS passes NULL for addr and 0 for addrlen to ares_parse_ptr_reply() on
fuzzing [2] [3] systems where malloc(0) returns NULL. This would cause a crash. [8]
o Avoid theoretical buffer overflow in RC4 loop comparison [5] o When building c-ares with CMake, the RANDOM_FILE would not be set and
o Empty hquery->name could lead to invalid memory access [15] therefore downgrade to the less secure random number generator [12]
o ares_parse_{a,aaaa}_reply() could return a larger *naddrttls than was o If ares_getaddrinfo() was terminated by an ares_destroy(), it would cause
passed in [17] a crash [13]
o Crash in sortaddrinfo() if the list size equals 0 due to an unexpected
DNS response [14]
o Expand number of escaped characters in DNS replies as per RFC1035 5.1 to
prevent spoofing [16], [17]
o Perform validation on hostnames to prevent possible XSS due to applications
not performing valiation themselves [18]
Changes: Changes:
o Update help information for adig, acountry, and ahost [4] o Use non-blocking /dev/urandom for random data to prevent early startup
o Test Suite now uses dynamic system-assigned ports rather than hardcoded performance issues [5]
ports to prevent failures in containers [10] o z/OS port [6]
o Detect remote DNS server does not support EDNS using rules from RFC 6891 [12] o ares_malloc(0) is now defined behavior (returns NULL) rather than
o Source tree has been reorganized to use a more modern layout [13] system-specific to catch edge cases [7]
o Allow parsing of CAA Resource Record [14]
Bug fixes: Bug fixes:
o readaddrinfo bad sizeof() [1] o Fuzz testing files were not distributed with official archives [1]
o Test cases should honor HAVE_WRITEV flag, not depend on WIN32 [6] o Building tests should not force building of static libraries except on
o FQDN with trailing period should be queried first [7] Windows [2]
o ares_getaddrinfo() was returning members of the struct as garbage values if o Windows builds of the tools would fail if built as static due to a missing
unset, and was not honoring ai_socktype and ai_protocol hints. [8] [9] CARES_STATICLIB definition [3]
o ares_gethostbyname() with AF_UNSPEC and an ip address would fail [11] o Relative headers must use double quotes to prevent pulling in a system
o Properly document ares_set_local_ip4() uses host byte order [16] library [4]
o Fix OpenBSD building by implementing portability updates for including
arpa/nameser.h [9]
o Fix building out-of-tree for autotools [10]
o Make install on MacOS/iOS with CMake was missing the bundle destination so
libraries weren't actually installed [11]
o Fix retrieving DNS server configuration on MacOS and iOS if the configuration
did not include search domains [15]
o ares_parse_a_reply and ares_parse_aaa_reply were erroneously using strdup()
instead of ares_strdup() [19]
Thanks go to these friendly people for their efforts and contributions: Thanks go to these friendly people for their efforts and contributions:
@anonymoushelpishere Anton Danielsson (@anton-danielsson)
Anthony Penniston (@apenn-msft)
Brad House (@bradh352) Brad House (@bradh352)
Bulat Gaifullin (@bgaifullin)
Daniela Sonnenschein (@lxdicted)
Daniel Stenberg (@bagder) Daniel Stenberg (@bagder)
David Hotham (@dimbleby) Dhrumil Rana (@dhrumilrana)
Fionn Fitzmaurice (@fionn) František Dvořák (@valtri)
Gisle Vanem (@gavenm) @halx99
Ivan Baidakou (@basiliscos) Jay Freeman (@saurik)
Jonathan Maye-Hobbs (@wheelpharoah) Jean-pierre Cartal (@jeanpierrecartal)
Łukasz Marszał (@lmarszal) Michael Kourlas
lutianxiong (@ltx2018) Philipp Jeitner
Seraphime Kirkovski (@Seraphime) @vburdo
(14 contributors) (11 contributors)
References to bug reports and discussions on issues: References to bug reports and discussions on issues:
[1] = https://github.com/c-ares/c-ares/pull/331 [1] = https://github.com/c-ares/c-ares/issues/379
[2] = https://github.com/c-ares/c-ares/pull/332 [2] = https://github.com/c-ares/c-ares/issues/380
[3] = https://github.com/c-ares/c-ares/issues/333 [3] = https://github.com/c-ares/c-ares/issues/384
[4] = https://github.com/c-ares/c-ares/pull/334 [4] = https://github.com/c-ares/c-ares/pull/386
[5] = https://github.com/c-ares/c-ares/pull/336 [5] = https://github.com/c-ares/c-ares/pull/391
[6] = https://github.com/c-ares/c-ares/pull/344 [6] = https://github.com/c-ares/c-ares/pull/390
[7] = https://github.com/c-ares/c-ares/pull/345 [7] = https://github.com/c-ares/c-ares/commit/485fb66
[8] = https://github.com/c-ares/c-ares/issues/343 [8] = https://github.com/c-ares/c-ares/issues/392
[9] = https://github.com/c-ares/c-ares/issues/317 [9] = https://github.com/c-ares/c-ares/issues/388
[10] = https://github.com/c-ares/c-ares/pull/346 [10] = https://github.com/c-ares/c-ares/pull/394
[11] = https://github.com/c-ares/c-ares/pull/204 [11] = https://github.com/c-ares/c-ares/pull/395
[12] = https://github.com/c-ares/c-ares/pull/244 [12] = https://github.com/c-ares/c-ares/pull/397
[13] = https://github.com/c-ares/c-ares/pull/349 [13] = https://github.com/c-ares/c-ares/commit/df94703
[14] = https://github.com/c-ares/c-ares/pull/360 [14] = https://github.com/c-ares/c-ares/pull/400
[15] = https://github.com/c-ares/c-ares/pull/367 [15] = https://github.com/c-ares/c-ares/pull/401
[16] = https://github.com/c-ares/c-ares/pull/368 [16] = https://github.com/c-ares/c-ares/commit/362f91d
[17] = https://github.com/c-ares/c-ares/issues/371 [17] = https://github.com/c-ares/c-ares/commit/44c009b
[18] = https://github.com/c-ares/c-ares/commit/c9b6c60
[19] = https://github.com/c-ares/c-ares/pull/408
 End of changes. 9 change blocks. 
37 lines changed or deleted 46 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)