summaryrefslogtreecommitdiff
path: root/src/third_party/cares/dist/RELEASE-NOTES
diff options
context:
space:
mode:
Diffstat (limited to 'src/third_party/cares/dist/RELEASE-NOTES')
-rw-r--r--src/third_party/cares/dist/RELEASE-NOTES83
1 files changed, 83 insertions, 0 deletions
diff --git a/src/third_party/cares/dist/RELEASE-NOTES b/src/third_party/cares/dist/RELEASE-NOTES
new file mode 100644
index 00000000000..adb9b945d8c
--- /dev/null
+++ b/src/third_party/cares/dist/RELEASE-NOTES
@@ -0,0 +1,83 @@
+c-ares version 1.17.2
+
+This is a security and bugfix release. It addresses a few security related
+issues along with various bugfixes mostly related to portability.
+
+Security:
+ o NodeJS passes NULL for addr and 0 for addrlen to ares_parse_ptr_reply() on
+ systems where malloc(0) returns NULL. This would cause a crash. [8]
+ o When building c-ares with CMake, the RANDOM_FILE would not be set and
+ therefore downgrade to the less secure random number generator [12]
+ o If ares_getaddrinfo() was terminated by an ares_destroy(), it would cause
+ a crash [13]
+ o Crash in sortaddrinfo() if the list size equals 0 due to an unexpected
+ DNS response [14]
+ o Expand number of escaped characters in DNS replies as per RFC1035 5.1 to
+ prevent spoofing [16], [17]
+ o Perform validation on hostnames to prevent possible XSS due to applications
+ not performing valiation themselves [18]
+
+Changes:
+ o Use non-blocking /dev/urandom for random data to prevent early startup
+ performance issues [5]
+ o z/OS port [6]
+ o ares_malloc(0) is now defined behavior (returns NULL) rather than
+ system-specific to catch edge cases [7]
+
+Bug fixes:
+ o Fuzz testing files were not distributed with official archives [1]
+ o Building tests should not force building of static libraries except on
+ Windows [2]
+ o Windows builds of the tools would fail if built as static due to a missing
+ CARES_STATICLIB definition [3]
+ o Relative headers must use double quotes to prevent pulling in a system
+ library [4]
+ o Fix OpenBSD building by implementing portability updates for including
+ arpa/nameser.h [9]
+ o Fix building out-of-tree for autotools [10]
+ o Make install on MacOS/iOS with CMake was missing the bundle destination so
+ libraries weren't actually installed [11]
+ o Fix retrieving DNS server configuration on MacOS and iOS if the configuration
+ did not include search domains [15]
+ o ares_parse_a_reply and ares_parse_aaa_reply were erroneously using strdup()
+ instead of ares_strdup() [19]
+
+
+Thanks go to these friendly people for their efforts and contributions:
+ Anton Danielsson (@anton-danielsson)
+ Brad House (@bradh352)
+ Daniel Stenberg (@bagder)
+ Dhrumil Rana (@dhrumilrana)
+ František Dvořák (@valtri)
+ @halx99
+ Jay Freeman (@saurik)
+ Jean-pierre Cartal (@jeanpierrecartal)
+ Michael Kourlas
+ Philipp Jeitner
+ @vburdo
+(11 contributors)
+
+References to bug reports and discussions on issues:
+ [1] = https://github.com/c-ares/c-ares/issues/379
+ [2] = https://github.com/c-ares/c-ares/issues/380
+ [3] = https://github.com/c-ares/c-ares/issues/384
+ [4] = https://github.com/c-ares/c-ares/pull/386
+ [5] = https://github.com/c-ares/c-ares/pull/391
+ [6] = https://github.com/c-ares/c-ares/pull/390
+ [7] = https://github.com/c-ares/c-ares/commit/485fb66
+ [8] = https://github.com/c-ares/c-ares/issues/392
+ [9] = https://github.com/c-ares/c-ares/issues/388
+ [10] = https://github.com/c-ares/c-ares/pull/394
+ [11] = https://github.com/c-ares/c-ares/pull/395
+ [12] = https://github.com/c-ares/c-ares/pull/397
+ [13] = https://github.com/c-ares/c-ares/commit/df94703
+ [14] = https://github.com/c-ares/c-ares/pull/400
+ [15] = https://github.com/c-ares/c-ares/pull/401
+ [16] = https://github.com/c-ares/c-ares/commit/362f91d
+ [17] = https://github.com/c-ares/c-ares/commit/44c009b
+ [18] = https://github.com/c-ares/c-ares/commit/c9b6c60
+ [19] = https://github.com/c-ares/c-ares/pull/408
+
+
+
+
View Lorry Controller Status