- update to 1.17.2:
Security:
* When building c-ares with CMake, the RANDOM_FILE would not be set
and therefore downgrade to the less secure random number generator
* If ares_getaddrinfo() was terminated by an ares_destroy(),
it would cause a crash
* Crash in sortaddrinfo() if the list size equals 0 due to
an unexpected DNS response
* Expand number of escaped characters in DNS replies as per
RFC1035 5.1 to prevent spoofing follow-up
(bsc#1188881, CVE-2021-3672)
* Perform validation on hostnames to prevent possible XSS
due to applications not performing valiation themselves
Changes:
* ares_malloc(0) is now defined behavior (returns NULL) rather than system-specific to catch edge cases
Bug fixes:
* Building tests should not force building of static libraries except on Windows
* Relative headers must use double quotes to prevent pulling in a system library
for details see,
https://c-ares.haxx.se/changelog.html#1_17_2
OBS-URL: https://build.opensuse.org/request/show/911845
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/c-ares?expand=0&rev=13
Security:
* When building c-ares with CMake, the RANDOM_FILE would not be set
and therefore downgrade to the less secure random number generator
* If ares_getaddrinfo() was terminated by an ares_destroy(),
it would cause a crash
* Crash in sortaddrinfo() if the list size equals 0 due to
an unexpected DNS response
* Expand number of escaped characters in DNS replies as per
RFC1035 5.1 to prevent spoofing follow-up
(bsc#1188881, CVE-2021-3672)
* Perform validation on hostnames to prevent possible XSS
due to applications not performing valiation themselves
Changes:
* ares_malloc(0) is now defined behavior (returns NULL) rather than system-specific to catch edge cases
Bug fixes:
* Building tests should not force building of static libraries except on Windows
* Relative headers must use double quotes to prevent pulling in a system library
for details see,
https://c-ares.haxx.se/changelog.html#1_17_2
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/c-ares?expand=0&rev=37
- update to 1.17.1:
Travis: add iOS target built with CMake (#378)
Issue #377 suggested that CMake builds for iOS with c-ares were broken. This PR adds an automatic Travis build for iOS CMake.
- fix build
External projects were using non-public header ares_dns.h, make public again (#376)
It appears some outside projects were relying on macros in ares_dns.h, even
though it doesn't appear that header was ever meant to be public. That said,
we don't want to break external integrators so we should distribute this header
again.
- note that so versioning has moved to configure.ac
- note about 1.17.1
- fix sed gone wrong
autotools cleanup (#372)
* buildconf: remove custom logic with autoreconf
- remove missing_header.patch (upstream)
OBS-URL: https://build.opensuse.org/request/show/863667
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/c-ares?expand=0&rev=35
- ares_dns.h, missing_header.patch: re-add missing header in last release
- Version update to 1.17.0
Security:
* avoid read-heap-buffer-overflow in ares_parse_soa_reply found during
fuzzing
* Avoid theoretical buffer overflow in RC4 loop comparison
* Empty hquery->name could lead to invalid memory access
* ares_parse_{a,aaaa}_reply() could return a larger *naddrttls than was
passed in (bsc#1178882, CVE-2020-8277)
Changes:
* Update help information for adig, acountry, and ahost
* Test Suite now uses dynamic system-assigned ports rather than hardcoded
ports to prevent failures in containers
* Detect remote DNS server does not support EDNS using rules from RFC 6891
* Source tree has been reorganized to use a more modern layout
* Allow parsing of CAA Resource Record
Bug fixes:
* readaddrinfo bad sizeof()
* Test cases should honor HAVE_WRITEV flag, not depend on WIN32
* FQDN with trailing period should be queried first
* ares_getaddrinfo() was returning members of the struct as garbage values if
unset, and was not honoring ai_socktype and ai_protocol hints.
* ares_gethostbyname() with AF_UNSPEC and an ip address would fail
* Properly document ares_set_local_ip4() uses host byte order
For details, see https://c-ares.haxx.se/changelog.html
- add missing upstream sources, to be removed for next release
- remove unnecessary BuildRequires
- fix building on SLE12 systems
OBS-URL: https://build.opensuse.org/request/show/849356
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/c-ares?expand=0&rev=10
Security:
* avoid read-heap-buffer-overflow in ares_parse_soa_reply found during
fuzzing
* Avoid theoretical buffer overflow in RC4 loop comparison
* Empty hquery->name could lead to invalid memory access
* ares_parse_{a,aaaa}_reply() could return a larger *naddrttls than was
passed in (bsc#1178882, CVE-2020-8277)
Changes:
* Update help information for adig, acountry, and ahost
* Test Suite now uses dynamic system-assigned ports rather than hardcoded
ports to prevent failures in containers
* Detect remote DNS server does not support EDNS using rules from RFC 6891
* Source tree has been reorganized to use a more modern layout
* Allow parsing of CAA Resource Record
Bug fixes:
* readaddrinfo bad sizeof()
* Test cases should honor HAVE_WRITEV flag, not depend on WIN32
* FQDN with trailing period should be queried first
* ares_getaddrinfo() was returning members of the struct as garbage values if
unset, and was not honoring ai_socktype and ai_protocol hints.
* ares_gethostbyname() with AF_UNSPEC and an ip address would fail
* Properly document ares_set_local_ip4() uses host byte order
For details, see https://c-ares.haxx.se/changelog.html
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/c-ares?expand=0&rev=24
- Version update to 1.16.1
Security:
* Prevent possible use-after-free and double-free in ares_getaddrinfo() if
ares_destroy() is called prior to ares_getaddrinfo() completing.
Reported by Jann Horn at Google Project Zero.
Changes:
* Allow TXT records on CHAOS qclass. Used for retriving things like
version.bind, version.server, authoris.bind, hostname.bind, and id.server. [3]
Bug fixes:
* Fix Windows Unicode incompatibilities with ares_getaddrinfo() [1]
* Silence false cast-align compiler warnings due to valid casts of struct
sockaddr to struct sockaddr_in and struct sockaddr_in6.
* MacOS should use libresolv for retrieving DNS servers, like iOS
* CMake build system should populate the INCLUDE_DIRECTORIES property of
installed targets [2]
* Correct macros in use for the ares_getaddrinfo.3 man page
- Changes in version 1.16.0
Changes:
* Introduction of ares_getaddrinfo() API which provides similar output
(including proper sorting as per RFC 6724) to the system native API, but
utilizes different data structures in order to provide additional
information such as TTLs and all aliases. Please reference the respective
man pages for usage details.
* Parse SOA records from ns_t_any response
* CMake: Provide c-ares version in package export file
* CMake: Add CPACK functionality for DEB and RPM
* CMake: Generate PDB files during build
* CMake: Support manpage installation
Bug fixes:
* Fix bad expectation in IPv6 localhost test.
* AutoTools: use XC_CHECK_BUILD_FLAGS instead of XC_CHECK_USER_FLAGS to
prevent complaints about CPPFLAGS in CFLAGS.
* Fix .onion handling
* Command line usage was out of date for adig and ahost.
* Typos in manpages
* If ares_getenv is defined, it must return a value on all platforms
* If /etc/resolv.conf has invalid lookup values, use the defaults.
* Tests: Separate live tests from SetServers* tests as only live tests
should require internet access.
* ares_gethostbyname() should return ENODATA if no valid A or AAAA record
is found, but a CNAME was found.
* CMake: Rework library function checking to prevent unintended linking
with system libraries that aren't needed.
* Due to use of inet_addr() it was not possible to return 255.255.255.255
from ares_gethostbyname().
* CMake: Fix building of tests on Windows
- Drop regression.patch which have been fixed upstream
- Refresh disable-live-tests.patch
- Remove static lib since its required when doing tests and we dont want it
included in package
- Run spec-cleaner
OBS-URL: https://build.opensuse.org/request/show/819608
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/c-ares?expand=0&rev=18
- Upgrade to latest snapshot from 2020-01-17
- disable-live-tests.patch: refreshed
- regression.patch: fix a regression in DNS results that contain
both A and AAAA answers.
- Add netcfg as the build requirement and runtime requirement.
ares_getaddrinfo function uses the getservbyport_r function which
requires the /etc/services file to function properly. That config
file is provided by the netcfg package. Unit tests rely on it
too, hence it has to be a build dependency as well.
- Switch to cmake-based build.
Some packages need the cmake build files.
OBS-URL: https://build.opensuse.org/request/show/770034
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/c-ares?expand=0&rev=7
- Upgrade to latest snapshot from 2020-01-17
- disable-live-tests.patch: refreshed
- regression.patch: fix a regression in DNS results that contain
both A and AAAA answers.
- Add netcfg as the build requirement and runtime requirement.
ares_getaddrinfo function uses the getservbyport_r function which
requires the /etc/services file to function properly. That config
file is provided by the netcfg package. Unit tests rely on it
too, hence it has to be a build dependency as well.
OBS-URL: https://build.opensuse.org/request/show/769948
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/c-ares?expand=0&rev=16
Previous set of patches broke NodeJS 12.x unit tests. With the
complete upstream snapshot, the tests pass as the regressions
are fixed.
- Update to upstream snapshot 20191108
* getaddrinfo - avoid infinite loop in case of NXDOMAIN
* ares_getenv - return NULL in all cases
* implement ares_getaddrinfo
- onion-crash.patch: removed, upstreamed.
- removed upstream patches that are part of the snapshot:
0001-Add-initial-implementation-for-ares_getaddrinfo-112.patch
0002-Remaining-queries-counter-fix-additional-unit-tests-.patch
0003-Bugfix-for-ares_getaddrinfo-and-additional-unit-test.patch
0004-Add-ares__sortaddrinfo-to-support-getaddrinfo-sorted.patch
0005-getaddrinfo-avoid-infinite-loop-in-case-of-NXDOMAIN-.patch
0006-getaddrinfo-callback-must-be-called-on-bad-domain-24.patch
0007-getaddrinfo-enhancements-257.patch
0008-Add-missing-limits.h-include-from-ares_getaddrinfo.c.patch
0009-Increase-portability-of-ares-test-mock-ai.cc-235.patch
0010-Disable-failing-test.patch
- disable-live-tests.patch - updated
OBS-URL: https://build.opensuse.org/request/show/746633
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/c-ares?expand=0&rev=11
- Version update to 1.15.0:
* Add ares_init_options() configurability for path to resolv.conf file
* Ability to exclude building of tools (adig, ahost, acountry) in CMake
* Report ARES_ENOTFOUND for .onion domain names as per RFC7686
(bsc#1125306)
* Apply the IPv6 server blacklist to all nameserver sources
* Prevent changing name servers while queries are outstanding
* ares_set_servers_csv() on failure should not leave channel in a
bad state
- enable unit tests
- disable-live-tests.patch: disable tests to live servers
- onion-crash.patch: backport fix for a crash affecting .onion TLD
OBS-URL: https://build.opensuse.org/request/show/674652
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/c-ares?expand=0&rev=7
* Fix patch for CVE-2017-1000381 to not be overly aggressive
* gethostbyaddr should fail with ECANCELLED not ENOTFOUND when ares_cancel is called
* ares_gethostbyname.3: fix callback status values
* docs: Document WSAStartup requirement
* Fix a typo in init_by_resolv_conf
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/c-ares?expand=0&rev=3
- Version update to 1.13.0:
* Fixes bsc#1044946 CVE-2017-1000381
* Bunch of bugfixes
- Drop cares-1.9.1-ocloexec.patch as it broke again and it is
not really worth all the fwdporting
- Drop check phase there is only return 0
- Version update to 1.12.0:
* Fixes bsc#1007728 CVE-2016-5180
* api: add ARES_OPT_NOROTATE optmask value
* Collection of bugfixes
- update to 1.11.0:
* Allow multiple -s options to the ahost command
* api: Expose the ares_library_initialized() function
* api: Add ares_set_sortlist(3) entrypoint
* api: Add entrypoints to allow use of per-server ports
* api: introduce `ares_parse_txt_reply_ext`
* api: Add ares_set_socket_configure_callback()
* Add -t u option to ahost
* collection of bug fixes
- No longer perform gpg validation; osc source_validator does it
implicit:
+ Drop gpg-offline BuildRequires.
+ No longer execute gpg_verify.
- Version bump to 1.10.0:
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/c-ares?expand=0&rev=2