forked from pool/c-ares
Adam Majer
6810ec45ff
Security:
* avoid read-heap-buffer-overflow in ares_parse_soa_reply found during
fuzzing
* Avoid theoretical buffer overflow in RC4 loop comparison
* Empty hquery->name could lead to invalid memory access
* ares_parse_{a,aaaa}_reply() could return a larger *naddrttls than was
passed in (bsc#1178882, CVE-2020-8277)
Changes:
* Update help information for adig, acountry, and ahost
* Test Suite now uses dynamic system-assigned ports rather than hardcoded
ports to prevent failures in containers
* Detect remote DNS server does not support EDNS using rules from RFC 6891
* Source tree has been reorganized to use a more modern layout
* Allow parsing of CAA Resource Record
Bug fixes:
* readaddrinfo bad sizeof()
* Test cases should honor HAVE_WRITEV flag, not depend on WIN32
* FQDN with trailing period should be queried first
* ares_getaddrinfo() was returning members of the struct as garbage values if
unset, and was not honoring ai_socktype and ai_protocol hints.
* ares_gethostbyname() with AF_UNSPEC and an ip address would fail
* Properly document ares_set_local_ip4() uses host byte order
For details, see https://c-ares.haxx.se/changelog.html
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/c-ares?expand=0&rev=24
12 lines
488 B
Plaintext
12 lines
488 B
Plaintext
-----BEGIN PGP SIGNATURE-----
|
|
|
|
iQEzBAABCgAdFiEEJ+3q8i86vOtQ25oSXMkI/bceEsIFAl+y9H8ACgkQXMkI/bce
|
|
EsKfbAgAhqNNHmxmcHf8i5BqHMDpJwlnBxeX2A0VFJU5iBm5v3MF1NI6LOKlzJb1
|
|
4xfJ4XcqwZQTK7bmcyX28/Rl71uG+0AhKy9X20fAUdWfzOr2rfmdzv7KDm3FimlN
|
|
8k1iAvcwSoRg/YOmiZrkefKMx0TrE7MjFfds4FtL54Y+qFkYCvdRlHpCtzBkQLjd
|
|
8JCD8dTKd0zrLVcoSVaAgOvKp67e5aOkhLsxpQNm7IFldzzePK4Go77toPKGZ8Q4
|
|
VQ97iFyvop5eN7+ItnR+8CC1/7d/1p1J5k62lygiYVK7M5uD+4ioj/mW4h9ykFha
|
|
b47/5W/AER3PRTgD3cLWcj0gb9AOAw==
|
|
=jz6s
|
|
-----END PGP SIGNATURE-----
|