- c-ares 1.30.0
Features:
* Basic support for SIG RR record (RFC 2931 / RFC 2535) [PR #773]
Changes:
* Validation that DNS strings can only consist of printable ascii characters
otherwise will trigger a parse failure. [75de16c] and [40fb125]
Bugfixes:
* QueryCache: Fix issue where purging on server changes wasn't working. [a6c8fe6]
- updated dowload URLs to point to github
- updated keyring to include Brad House DA7D64E4C82C6294CB73A20E22E3D13B5411B7CA
OBS-URL: https://build.opensuse.org/request/show/1179976
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/c-ares?expand=0&rev=24
Features:
* Basic support for SIG RR record (RFC 2931 / RFC 2535) [PR #773]
Changes:
* Validation that DNS strings can only consist of printable ascii characters
otherwise will trigger a parse failure. [75de16c] and [40fb125]
Bugfixes:
* QueryCache: Fix issue where purging on server changes wasn't working. [a6c8fe6]
- changes in 1.29.0
Features:
* When using `ARES_OPT_EVENT_THREAD`, automatically reload system configuration
when network conditions change. [PR #759]
* Add observability into DNS server health via a server state callback, invoked
whenever a query finishes. [PR #744]
* Add server failover retry behavior, where failed servers are retried with
small probability after a minimum delay. [PR #731]
Changes:
* Mark `ares_channel_t *` as const in more places in the public API. [PR #758]
Bugfixes:
* Due to a logic flaw dns name compression writing was not properly implemented
which would result in the name prefix not being written for a partial match.
This could cause issues in various record types such as MX records when using
the deprecated API. Regression introduced in 1.28.0. [Issue #757]
* Revert OpenBSD `SOCK_DNS` flag, it doesn't do what the docs say it does and
causes c-ares to become non-functional. [PR #754]
* `ares_getnameinfo()`: loosen validation on `salen` parameter. [Issue #752]
* cmake: Android requires C99. [PR #748]
* `ares_queue_wait_empty()` does not honor timeout_ms >= 0. [Issue #742]
- updated dowload URLs to point to github
- updated keyring to include Brad House DA7D64E4C82C6294CB73A20E22E3D13B5411B7CA
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/c-ares?expand=0&rev=69
- c-ares 1.28.1
Features:
* Emit warnings when deprecated c-ares functions are used.
This can be disabled by passing a compiler definition of
`CARES_NO_DEPRECATED`. [PR #732]
* Add function `ares_search_dnsrec()` to search for records
using the new DNS record data structures. [PR #719]
* Rework internals to pass around `ares_dns_record_t` instead of
binary data, this introduces new public functions of
`ares_query_dnsrec()` and `ares_send_dnsrec()`. [PR #730]
Changes:
* tests: when performing simulated queries, reduce timeouts
to make tests run faster
* Replace configuration file parsers with memory-safe parser. [PR #725]
* Remove `acountry` completely, the manpage might still get
installed otherwise. [Issue #718]
Bugfixes:
* CMake: don't overwrite global required libraries/definitions/includes
which could cause build errors for projects chain building c-ares.
[Issue #729]
* On some platforms, `netinet6/in6.h` is not included by `netinet/in.h`
and needs to be included separately. [PR #728]
* Fix a potential memory leak in `ares_init()`. [Issue #724]
* Some platforms don't have the `isascii()` function.
Implement as a macro. [PR #721]
* CMake: Fix Chain building if CMAKE runtime paths not set
* NDots configuration should allow a value of zero. [PR #735]
OBS-URL: https://build.opensuse.org/request/show/1164057
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/c-ares?expand=0&rev=22
Features:
* Emit warnings when deprecated c-ares functions are used.
This can be disabled by passing a compiler definition of
`CARES_NO_DEPRECATED`. [PR #732]
* Add function `ares_search_dnsrec()` to search for records
using the new DNS record data structures. [PR #719]
* Rework internals to pass around `ares_dns_record_t` instead of
binary data, this introduces new public functions of
`ares_query_dnsrec()` and `ares_send_dnsrec()`. [PR #730]
Changes:
* tests: when performing simulated queries, reduce timeouts
to make tests run faster
* Replace configuration file parsers with memory-safe parser. [PR #725]
* Remove `acountry` completely, the manpage might still get
installed otherwise. [Issue #718]
Bugfixes:
* CMake: don't overwrite global required libraries/definitions/includes
which could cause build errors for projects chain building c-ares.
[Issue #729]
* On some platforms, `netinet6/in6.h` is not included by `netinet/in.h`
and needs to be included separately. [PR #728]
* Fix a potential memory leak in `ares_init()`. [Issue #724]
* Some platforms don't have the `isascii()` function.
Implement as a macro. [PR #721]
* CMake: Fix Chain building if CMAKE runtime paths not set
* NDots configuration should allow a value of zero. [PR #735]
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/c-ares?expand=0&rev=65
- c-ares 1.27.0
Security:
* Moderate. CVE-2024-25629. Reading malformatted /etc/resolv.conf,
/etc/nsswitch.conf or the HOSTALIASES file could result in a crash.
GHSA-mg26-v6qh-x48q (CVE-2024-25629, bsc#1220279)
Features:
* New function ares_queue_active_queries() to retrieve number of in-flight
queries. PR #712
* New function ares_queue_wait_empty() to wait for the number of in-flight
queries to reach zero. PR #710
* New ARES_FLAG_NO_DEFLT_SVR for ares_init_options() to return a failure if
no DNS servers can be found rather than attempting to use 127.0.0.1. This
also introduces a new ares status code of ARES_ENOSERVER. PR #713
Changes:
* EDNS Packet size should be 1232 as per DNS Flag Day. PR #705
Bugfixes:
* Fix warning due to ignoring return code of write(). PR #709
* CMake: don't override target output locations if not top-level. Issue #708
* Fix building c-ares without thread support. PR #700
OBS-URL: https://build.opensuse.org/request/show/1151588
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/c-ares?expand=0&rev=21
Security:
* Moderate. CVE-2024-25629. Reading malformatted /etc/resolv.conf,
/etc/nsswitch.conf or the HOSTALIASES file could result in a crash.
GHSA-mg26-v6qh-x48q (CVE-2024-25629, bsc#1220279)
Features:
* New function ares_queue_active_queries() to retrieve number of in-flight
queries. PR #712
* New function ares_queue_wait_empty() to wait for the number of in-flight
queries to reach zero. PR #710
* New ARES_FLAG_NO_DEFLT_SVR for ares_init_options() to return a failure if
no DNS servers can be found rather than attempting to use 127.0.0.1. This
also introduces a new ares status code of ARES_ENOSERVER. PR #713
Changes:
* EDNS Packet size should be 1232 as per DNS Flag Day. PR #705
Bugfixes:
* Fix warning due to ignoring return code of write(). PR #709
* CMake: don't override target output locations if not top-level. Issue #708
* Fix building c-ares without thread support. PR #700
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/c-ares?expand=0&rev=63
- Ensure multibuild flavors result in different src names.
- c-ares 1.26.0:
* Event Thread support. Integrators are no longer required to
monitor the file descriptors registered by c-ares for events
and call ares_process() when enabling the event thread feature
via ARES_OPT_EVENT_THREAD passed to ares_init_options().
* Added flags to are_dns_parse() to force RAW packet parsing
* Mark ares_fds() as deprecated
* Bug fixes
- move tests into a build flavor to avoid gtest/gmock build loop
- Update to version 1.25
Changes:
o Rewrite ares_strsplit() as a wrapper for ares__buf_split() for memory
safety reasons.
o The ahost utility now uses ares_getaddrinfo() and returns both IPv4 and
IPv6 addresses by default.
Bug Fixes:
o Tests: Live reverse lookups for Google's public DNS servers no longer
return results, replace with CloudFlare pubic DNS servers.
o Connection failures should increment the server failure count first or a
retry might be enqueued to the same server
o On systems that don't implement the ability to enumerate network interfaces
the stubs used the wrong prototype.
o Fix minor warnings and documentation typos
o Fix support for older GoogleTest versions
o getrandom() may require sys/random.h on some systems.
o Fix building tests with symbol hiding enabled.
- 0001-Use-RPM-compiler-options.patch: dropped, obsolete
OBS-URL: https://build.opensuse.org/request/show/1145395
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/c-ares?expand=0&rev=20
Changes:
o Rewrite ares_strsplit() as a wrapper for ares__buf_split() for memory
safety reasons.
o The ahost utility now uses ares_getaddrinfo() and returns both IPv4 and
IPv6 addresses by default.
Bug Fixes:
o Tests: Live reverse lookups for Google's public DNS servers no longer
return results, replace with CloudFlare pubic DNS servers.
o Connection failures should increment the server failure count first or a
retry might be enqueued to the same server
o On systems that don't implement the ability to enumerate network interfaces
the stubs used the wrong prototype.
o Fix minor warnings and documentation typos
o Fix support for older GoogleTest versions
o getrandom() may require sys/random.h on some systems.
o Fix building tests with symbol hiding enabled.
- 0001-Use-RPM-compiler-options.patch: dropped, obsolete
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/c-ares?expand=0&rev=58
Features:
* Add support for IPv6 link-local DNS servers. Nameserver formats
can now accept the 0face suffix, and a new ares_get_servers_csv()
function was added to return servers that can contain the link-local
interface name.
Changes:
* Unbundle GoogleTest for test cases. Package maintainers will now
need torequire GoogleTest (GMock) as a build dependency if
building tests. New GoogleTest versions require C++14 or later.
* Replace nameserver parsing code to use new memory-safe functions.
* Replace the sortlist parser with new memory-safe functions.
* Various warning fixes and dead code removal.
Bugfixes:
* Old Linux versions require POSIX_C_SOURCE or _GNU_SOURCE to
compile with thread safety support
* A non-responsive DNS server that caused timeouts wouldn't
increment thefailure count, this would lead to other servers
not being tried. Regression introduced in 1.22.0
* Some projects that depend on c-ares expect invalid parameter
option valuespassed into ares_init_options() to simply be
ignored. This behavior has been restored
* getrandom() can fail if the kernel doesn't support
the syscall, fall back to another random source
* ares_cancel() when performing ares_gethostbyname() or
ares_getaddrinfo()with AF_UNSPEC, if called after one address
class was returned but before the other address class, it
would return ARES_SUCCESS rather than ARES_ECANCELLED
- disable-live-tests.patch: dropped, not needed
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/c-ares?expand=0&rev=57
Features:
Introduce optional (but on by default) thread-safety for the c-ares library. This has no API nor ABI implications.
resolv.conf in modern systems uses attempts and timeouts options instead of the old retrans and retry options.
Query caching support based on TTL of responses. Can be enabled via ares_init_options() with ARES_OPT_QUERY_CACHE.
Bugfixes:
ares_init_options() for ARES_OPT_UDP_PORT and ARES_OPT_TCP_PORT accept theport in host byte order, but it was reading it as network byte order. Regression introduced in 1.20.0.
ares_init_options() for ARES_FLAG_NOSEARCH was not being honored forares_getaddrinfo() or ares_gethostbyname(). Regression introduced in 1.16.0.
Autotools MacOS and iOS version check was failing
Environment variables passed to c-ares are meant to be an override for system configuration. Regression introduced in 1.22.0.
Spelling fixes as detected by codespell.
The timeout returned by ares_timeout() was truncated to milliseconds butvalidated to microseconds which could cause a user to attempt to process timeouts prior to the timeout actually expiring.
CMake was not honoring CXXFLAGS passed in via the environment which couldcause compile and link errors with distribution hardening flags during packaging.
Fix Windows UWP and Cygwin compilation.
ares_set_servers_*() for legacy reasons needs to accept an empty server listand zero out all servers. This results in an inoperable channel and thus is only used in simulation testing, but we don't want to break users. Regression introduced in 1.21.0.
Changes in version 1.22.1
Bugfixes:
Fix /etc/hosts processing performance with all entries using same IPaddress. Large hosts files using the same IP address for all entries could use exponential time.
Fix typos in manpages
Fix OpenWatcom building
Changes in version 1.22.0
Features:
ares_reinit() is now implemented to re-read any system configuration and immediately apply to an existing ares channel
The adig command line program has been rewritten and its format now more closely matches that of BIND's dig utility
The new DNS message parser and writer functions have now been made public
RFC9460 HTTPS and SVCB records are now supported
RFC6698 TLSA records are now supported
The server list is now internally dynamic and can be changed without impacting existing queries
Hosts file processing is now cached until the file is detected to be changed to speed up repetitive lookups of large hosts files
Changes:
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/c-ares?expand=0&rev=56
- Update to version 1.20.1
* Remove bin/acountry from built tools as nerd.dk is gone
* Default per-query timeout has been reduced to 2s with a 3x retry count
* rand: add support for getrandom()
Bug fixes:
* TCP back to back queries were broken
* Ensure queries for ares_getaddrinfo() are not requeued during
destruction
* ares_getaddrinfo() should not retry other address classes if
one address class has already been returned
* Avoid production ill-formed result when qualifying a name
with the root domain
* Fix missing prefix for CMake generated libcares.pc
* DNS server ports can now be read from system configuration
instead of defaulting to port 53, aka openBSD resolv.conf format
* Replace usages of sprintf with snprintf
OBS-URL: https://build.opensuse.org/request/show/1116650
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/c-ares?expand=0&rev=19
* Remove bin/acountry from built tools as nerd.dk is gone
* Default per-query timeout has been reduced to 2s with a 3x retry count
* rand: add support for getrandom()
Bug fixes:
* TCP back to back queries were broken
* Ensure queries for ares_getaddrinfo() are not requeued during
destruction
* ares_getaddrinfo() should not retry other address classes if
one address class has already been returned
* Avoid production ill-formed result when qualifying a name
with the root domain
* Fix missing prefix for CMake generated libcares.pc
* DNS server ports can now be read from system configuration
instead of defaulting to port 53, aka openBSD resolv.conf format
* Replace usages of sprintf with snprintf
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/c-ares?expand=0&rev=52
- Update to version 1.19.1
Security:
* CVE-2023-32067. High. 0-byte UDP payload causes Denial of Service
(bsc#1211604)
* CVE-2023-31147 Moderate. Insufficient randomness in generation
of DNS query IDs (bsc#1211605)
* CVE-2023-31130. Moderate. Buffer Underwrite in
ares_inet_net_pton() (bsc#1211606)
* CVE-2023-31124. Low. AutoTools does not set CARES_RANDOM_FILE
during cross compilation (bsc#1211607)
Bug fixes:
* Fix uninitialized memory warning in test
* ares_getaddrinfo() should allow a port of 0
* Fix memory leak in ares_send() on error
* Fix comment style in ares_data.h
* Fix typo in ares_init_options.3
* Sync ax_pthread.m4 with upstream
* Sync ax_cxx_compile_stdcxx_11.m4 with upstream to fix uclibc support
OBS-URL: https://build.opensuse.org/request/show/1088407
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/c-ares?expand=0&rev=18
Security:
* CVE-2023-32067. High. 0-byte UDP payload causes Denial of Service
(bsc#1211604)
* CVE-2023-31147 Moderate. Insufficient randomness in generation
of DNS query IDs (bsc#1211605)
* CVE-2023-31130. Moderate. Buffer Underwrite in
ares_inet_net_pton() (bsc#1211606)
* CVE-2023-31124. Low. AutoTools does not set CARES_RANDOM_FILE
during cross compilation (bsc#1211607)
Bug fixes:
* Fix uninitialized memory warning in test
* ares_getaddrinfo() should allow a port of 0
* Fix memory leak in ares_send() on error
* Fix comment style in ares_data.h
* Fix typo in ares_init_options.3
* Sync ax_pthread.m4 with upstream
* Sync ax_cxx_compile_stdcxx_11.m4 with upstream to fix uclibc support
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/c-ares?expand=0&rev=50
- update to 1.19.0
* Stack overflow in ares_set_sortlist() which is used during c-ares
initialization and typically provided by an administrator and not an
end user. (bsc#1208067, CVE-2022-4904)
* Add ARES_OPT_HOSTS_FILE similar to ARES_OPT_RESOLVCONF for specifying a
custom hosts file location
* Add vcpkg installation instructions
* A number of bugfixes, for complete list see
https://c-ares.org/changelog.html
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/c-ares?expand=0&rev=48
- Update to version 1.19.0
Security:
* Low. Stack overflow in ares_set_sortlist() which is used
during c-ares initialization and typically provided by an
administrator and not an end user.
Changes:
* Add ARES_OPT_HOSTS_FILE similar to ARES_OPT_RESOLVCONF for
specifying a custom hosts file location.
Bug fixes:
* Fix memory leak in reading /etc/hosts when using localhost
fallback.
* Fix chain building c-ares when libresolv is already included by
another project.
* File lookup should not immediately abort as there may be other
tries due to search criteria.
* Asterisks should be allowed in host validation as CNAMEs may
reference wildcard domains.
* AutoTools build system referenced bad STDC_HEADERS macro.
* Even if one address class returns a failure for
ares_getaddrinfo() we should still return the results we have.
* Fix ares_getaddrinfo() numerical address resolution with
AF_UNSPEC
* Fix tools and help information.
* Various documentation fixes and cleanups.
* Add include guards to ares_data.h
* c-ares could try to exceed maximum number of iovec entries
supported by system.
* The RFC6761 6.3 states localhost subdomains must be offline too
OBS-URL: https://build.opensuse.org/request/show/1061853
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/c-ares?expand=0&rev=46
- update to 1.18.1. Changes since 1.17.2:
* Allow '/' as a valid character for a returned name for
CNAME in-addr.arpa delegation
* no longer forwards requests for localhost resolution per RFC6761
* During a domain search, treat ARES_ENODATA as ARES_NXDOMAIN so
that the search process will continue to the next domain
in the search.
* Provide ares_nameser.h as a public interface as needed by NodeJS
* Add support for URI(Uniform Resource Identifier) records via
ares_parse_uri_reply()
- disable unit tests for SLE12 since GCC compiler too old to build
unit tests
- 5c995d5.patch: upstreamed
- disable-live-tests.patch: refreshed
OBS-URL: https://build.opensuse.org/request/show/937232
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/c-ares?expand=0&rev=15
* Allow '/' as a valid character for a returned name for
CNAME in-addr.arpa delegation
* no longer forwards requests for localhost resolution per RFC6761
* During a domain search, treat ARES_ENODATA as ARES_NXDOMAIN so
that the search process will continue to the next domain
in the search.
* Provide ares_nameser.h as a public interface as needed by NodeJS
* Add support for URI(Uniform Resource Identifier) records via
ares_parse_uri_reply()
- 5c995d5.patch: upstreamed
- disable-live-tests.patch: refreshed
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/c-ares?expand=0&rev=44
- update to 1.17.2:
Security:
* When building c-ares with CMake, the RANDOM_FILE would not be set
and therefore downgrade to the less secure random number generator
* If ares_getaddrinfo() was terminated by an ares_destroy(),
it would cause a crash
* Crash in sortaddrinfo() if the list size equals 0 due to
an unexpected DNS response
* Expand number of escaped characters in DNS replies as per
RFC1035 5.1 to prevent spoofing follow-up
(bsc#1188881, CVE-2021-3672)
* Perform validation on hostnames to prevent possible XSS
due to applications not performing valiation themselves
Changes:
* ares_malloc(0) is now defined behavior (returns NULL) rather than system-specific to catch edge cases
Bug fixes:
* Building tests should not force building of static libraries except on Windows
* Relative headers must use double quotes to prevent pulling in a system library
for details see,
https://c-ares.haxx.se/changelog.html#1_17_2
OBS-URL: https://build.opensuse.org/request/show/911845
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/c-ares?expand=0&rev=13
Security:
* When building c-ares with CMake, the RANDOM_FILE would not be set
and therefore downgrade to the less secure random number generator
* If ares_getaddrinfo() was terminated by an ares_destroy(),
it would cause a crash
* Crash in sortaddrinfo() if the list size equals 0 due to
an unexpected DNS response
* Expand number of escaped characters in DNS replies as per
RFC1035 5.1 to prevent spoofing follow-up
(bsc#1188881, CVE-2021-3672)
* Perform validation on hostnames to prevent possible XSS
due to applications not performing valiation themselves
Changes:
* ares_malloc(0) is now defined behavior (returns NULL) rather than system-specific to catch edge cases
Bug fixes:
* Building tests should not force building of static libraries except on Windows
* Relative headers must use double quotes to prevent pulling in a system library
for details see,
https://c-ares.haxx.se/changelog.html#1_17_2
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/c-ares?expand=0&rev=37
- update to 1.17.1:
Travis: add iOS target built with CMake (#378)
Issue #377 suggested that CMake builds for iOS with c-ares were broken. This PR adds an automatic Travis build for iOS CMake.
- fix build
External projects were using non-public header ares_dns.h, make public again (#376)
It appears some outside projects were relying on macros in ares_dns.h, even
though it doesn't appear that header was ever meant to be public. That said,
we don't want to break external integrators so we should distribute this header
again.
- note that so versioning has moved to configure.ac
- note about 1.17.1
- fix sed gone wrong
autotools cleanup (#372)
* buildconf: remove custom logic with autoreconf
- remove missing_header.patch (upstream)
OBS-URL: https://build.opensuse.org/request/show/863667
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/c-ares?expand=0&rev=35
- ares_dns.h, missing_header.patch: re-add missing header in last release
- Version update to 1.17.0
Security:
* avoid read-heap-buffer-overflow in ares_parse_soa_reply found during
fuzzing
* Avoid theoretical buffer overflow in RC4 loop comparison
* Empty hquery->name could lead to invalid memory access
* ares_parse_{a,aaaa}_reply() could return a larger *naddrttls than was
passed in (bsc#1178882, CVE-2020-8277)
Changes:
* Update help information for adig, acountry, and ahost
* Test Suite now uses dynamic system-assigned ports rather than hardcoded
ports to prevent failures in containers
* Detect remote DNS server does not support EDNS using rules from RFC 6891
* Source tree has been reorganized to use a more modern layout
* Allow parsing of CAA Resource Record
Bug fixes:
* readaddrinfo bad sizeof()
* Test cases should honor HAVE_WRITEV flag, not depend on WIN32
* FQDN with trailing period should be queried first
* ares_getaddrinfo() was returning members of the struct as garbage values if
unset, and was not honoring ai_socktype and ai_protocol hints.
* ares_gethostbyname() with AF_UNSPEC and an ip address would fail
* Properly document ares_set_local_ip4() uses host byte order
For details, see https://c-ares.haxx.se/changelog.html
- add missing upstream sources, to be removed for next release
- remove unnecessary BuildRequires
- fix building on SLE12 systems
OBS-URL: https://build.opensuse.org/request/show/849356
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/c-ares?expand=0&rev=10
