"Fossies" - the Fresh Open Source Software Archive

Member "c-ares-1.17.2/RELEASE-NOTES" (8 Aug 2021, 3403 Bytes) of package /linux/misc/dns/c-ares-1.17.2.tar.gz:


As a special service "Fossies" has tried to format the requested text file into HTML format (style: standard) with prefixed line numbers. Alternatively you can here view or download the uninterpreted source code file. See also the latest Fossies "Diffs" side-by-side code changes report for "RELEASE-NOTES": 1.17.1_vs_1.17.2.

    1 c-ares version 1.17.2
    2 
    3 This is a security and bugfix release.  It addresses a few security related
    4 issues along with various bugfixes mostly related to portability.
    5 
    6 Security:
    7  o NodeJS passes NULL for addr and 0 for addrlen to ares_parse_ptr_reply() on
    8    systems where malloc(0) returns NULL.  This would cause a crash. [8]
    9  o When building c-ares with CMake, the RANDOM_FILE would not be set and
   10    therefore downgrade to the less secure random number generator [12]
   11  o If ares_getaddrinfo() was terminated by an ares_destroy(), it would cause
   12    a crash [13]
   13  o Crash in sortaddrinfo() if the list size equals 0 due to an unexpected
   14    DNS response [14]
   15  o Expand number of escaped characters in DNS replies as per RFC1035 5.1 to
   16    prevent spoofing [16], [17]
   17  o Perform validation on hostnames to prevent possible XSS due to applications
   18    not performing valiation themselves [18]
   19 
   20 Changes:
   21  o Use non-blocking /dev/urandom for random data to prevent early startup
   22    performance issues [5]
   23  o z/OS port [6]
   24  o ares_malloc(0) is now defined behavior (returns NULL) rather than
   25    system-specific to catch edge cases [7]
   26 
   27 Bug fixes:
   28  o Fuzz testing files were not distributed with official archives [1]
   29  o Building tests should not force building of static libraries except on
   30    Windows [2]
   31  o Windows builds of the tools would fail if built as static due to a missing
   32    CARES_STATICLIB definition [3]
   33  o Relative headers must use double quotes to prevent pulling in a system
   34    library [4]
   35  o Fix OpenBSD building by implementing portability updates for including
   36    arpa/nameser.h [9]
   37  o Fix building out-of-tree for autotools [10]
   38  o Make install on MacOS/iOS with CMake was missing the bundle destination so
   39    libraries weren't actually installed [11]
   40  o Fix retrieving DNS server configuration on MacOS and iOS if the configuration
   41    did not include search domains [15]
   42  o ares_parse_a_reply and ares_parse_aaa_reply were erroneously using strdup()
   43    instead of ares_strdup() [19]
   44 
   45 
   46 Thanks go to these friendly people for their efforts and contributions:
   47   Anton Danielsson (@anton-danielsson)
   48   Brad House (@bradh352)
   49   Daniel Stenberg (@bagder)
   50   Dhrumil Rana (@dhrumilrana)
   51   František Dvořák (@valtri)
   52   @halx99
   53   Jay Freeman (@saurik)
   54   Jean-pierre Cartal (@jeanpierrecartal)
   55   Michael Kourlas
   56   Philipp Jeitner
   57   @vburdo
   58 (11 contributors)
   59 
   60 References to bug reports and discussions on issues:
   61  [1] = https://github.com/c-ares/c-ares/issues/379
   62  [2] = https://github.com/c-ares/c-ares/issues/380
   63  [3] = https://github.com/c-ares/c-ares/issues/384
   64  [4] = https://github.com/c-ares/c-ares/pull/386
   65  [5] = https://github.com/c-ares/c-ares/pull/391
   66  [6] = https://github.com/c-ares/c-ares/pull/390
   67  [7] = https://github.com/c-ares/c-ares/commit/485fb66
   68  [8] = https://github.com/c-ares/c-ares/issues/392
   69  [9] = https://github.com/c-ares/c-ares/issues/388
   70  [10] = https://github.com/c-ares/c-ares/pull/394
   71  [11] = https://github.com/c-ares/c-ares/pull/395
   72  [12] = https://github.com/c-ares/c-ares/pull/397
   73  [13] = https://github.com/c-ares/c-ares/commit/df94703
   74  [14] = https://github.com/c-ares/c-ares/pull/400
   75  [15] = https://github.com/c-ares/c-ares/pull/401
   76  [16] = https://github.com/c-ares/c-ares/commit/362f91d
   77  [17] = https://github.com/c-ares/c-ares/commit/44c009b
   78  [18] = https://github.com/c-ares/c-ares/commit/c9b6c60
   79  [19] = https://github.com/c-ares/c-ares/pull/408
   80 
   81 
   82 
   83