adamm/c-ares
SHA256
1
0
Fork 0
forked from pool/c-ares
Code Pull Requests Activity

- Version update to 1.17.0

Browse Source 
Security:
  * avoid read-heap-buffer-overflow in ares_parse_soa_reply found during
    fuzzing
  * Avoid theoretical buffer overflow in RC4 loop comparison
  * Empty hquery->name could lead to invalid memory access
  * ares_parse_{a,aaaa}_reply() could return a larger *naddrttls than was
    passed in (bsc#1178882, CVE-2020-8277)
  Changes:
  * Update help information for adig, acountry, and ahost
  * Test Suite now uses dynamic system-assigned ports rather than hardcoded
    ports to prevent failures in containers
  * Detect remote DNS server does not support EDNS using rules from RFC 6891
  * Source tree has been reorganized to use a more modern layout
  * Allow parsing of CAA Resource Record
  Bug fixes:
  * readaddrinfo bad sizeof()
  * Test cases should honor HAVE_WRITEV flag, not depend on WIN32
  * FQDN with trailing period should be queried first
  * ares_getaddrinfo() was returning members of the struct as garbage values if
    unset, and was not honoring ai_socktype and ai_protocol hints.
  * ares_gethostbyname() with AF_UNSPEC and an ip address would fail
  * Properly document ares_set_local_ip4() uses host byte order
For details, see https://c-ares.haxx.se/changelog.html

OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/c-ares?expand=0&rev=24
This commit is contained in:
Adam Majer
2020-11-17 12:35:56 +00:00
committed by Git OBS Bridge
parent 958dddd2da
commit 6810ec45ff
8 changed files with 96 additions and 29 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
c-ares.changes
View File

@@ -1,3 +1,34 @@
-------------------------------------------------------------------
Tue Nov 17 12:07:22 UTC 2020 - Adam Majer <adam.majer@suse.de>
- Version update to 1.17.0
Security:
* avoid read-heap-buffer-overflow in ares_parse_soa_reply found during
fuzzing
* Avoid theoretical buffer overflow in RC4 loop comparison
* Empty hquery->name could lead to invalid memory access
* ares_parse_{a,aaaa}_reply() could return a larger *naddrttls than was
passed in (bsc#1178882, CVE-2020-8277)
Changes:
* Update help information for adig, acountry, and ahost
* Test Suite now uses dynamic system-assigned ports rather than hardcoded
ports to prevent failures in containers
* Detect remote DNS server does not support EDNS using rules from RFC 6891
* Source tree has been reorganized to use a more modern layout
* Allow parsing of CAA Resource Record
Bug fixes:
* readaddrinfo bad sizeof()
* Test cases should honor HAVE_WRITEV flag, not depend on WIN32
* FQDN with trailing period should be queried first
* ares_getaddrinfo() was returning members of the struct as garbage values if
unset, and was not honoring ai_socktype and ai_protocol hints.
* ares_gethostbyname() with AF_UNSPEC and an ip address would fail
* Properly document ares_set_local_ip4() uses host byte order
For details, see https://c-ares.haxx.se/changelog.html
-------------------------------------------------------------------
Fri Sep 11 07:54:10 UTC 2020 - Tomáš Chvátal <tchvatal@suse.com>