mirror of https://github.com/c-ares/c-ares.git
1.20.0 release prep (#557)
Brad House
1 year ago
committed by
GitHub
parent
4b9a03ec68
commit
f4f96b9ea6
4 changed files with 54 additions and 51 deletions
@ -1,57 +1,60 @@ |
||||
c-ares version 1.19.1 |
||||
c-ares version 1.20.0 |
||||
|
||||
This is a security and bugfix release. |
||||
This is a feature and bugfix release with some significant internal changes. |
||||
|
||||
A special thanks goes out to the Open Source Technology Improvement Fund |
||||
(https://ostif.org) for sponsoring a security audit of c-ares performed by X41 |
||||
(https://x41-dsec.de). |
||||
|
||||
Security: |
||||
o CVE-2023-32067. High. 0-byte UDP payload causes Denial of Service [12] |
||||
o CVE-2023-31147. Moderate. Insufficient randomness in generation of DNS |
||||
query IDs [13] |
||||
o CVE-2023-31130. Moderate. Buffer Underwrite in ares_inet_net_pton() [14] |
||||
o CVE-2023-31124. Low. AutoTools does not set CARES_RANDOM_FILE during cross |
||||
compilation [15] |
||||
Changes: |
||||
o Update from 1989 MIT license text to modern MIT license text [1] |
||||
o Remove acountry from built tools as nerd.dk is gone [3] |
||||
o Add new ARES_OPT_UDP_MAX_QUERIES configuration option to limit the number of |
||||
queries that can be made from a single ephemeral port [7] |
||||
o Default per-query timeout has been reduced to 2s with a 3x retry count [8] |
||||
o Modernization: start implementing some common data structures that are easy |
||||
to use and hard to misuse. This will make code refactoring easier and remove |
||||
some varied implementations in use. This change also makes ares_timeout() |
||||
more efficient [9] |
||||
o Use SPDX identifiers and a REUSE CI job to verify [12] |
||||
o rand: add support for getrandom() [14] |
||||
|
||||
Bug fixes: |
||||
o Fix uninitialized memory warning in test [1] |
||||
o Turn off IPV6_V6ONLY on Windows to allow IPv4-mapped IPv6 addresses [2] |
||||
o ares_getaddrinfo() should allow a port of 0 [3] |
||||
o Fix memory leak in ares_send() on error [4] |
||||
o Fix comment style in ares_data.h [5] |
||||
o Remove unneeded ifdef for Windows [6] |
||||
o Fix typo in ares_init_options.3 [7] |
||||
o Re-add support for Watcom compiler [8] |
||||
o Sync ax_pthread.m4 with upstream [9] |
||||
o Windows: Invalid stack variable used out of scope for HOSTS path [10] |
||||
o Sync ax_cxx_compile_stdcxx_11.m4 with upstream to fix uclibc support [11] |
||||
o TCP back to back queries were broken [2] |
||||
o Ensure queries for ares_getaddrinfo() are not requeued during destruction [4] |
||||
o ares_getaddrinfo() should not retry other address classes if one address |
||||
class has already been returned [5] |
||||
o Avoid production ill-formed result when qualifying a name with the root |
||||
domain [6] |
||||
o Fix missing prefix for CMake generated libcares.pc [10] |
||||
o DNS server ports will now be read from system configuration instead of |
||||
defaulting to port 53 [11] |
||||
o Remove some unreachable code [13] |
||||
o Replace usages of sprintf with snprintf [15] |
||||
o Fix Watcom instructions and update Windows URLs [16] |
||||
|
||||
Thanks go to these friendly people for their efforts and contributions: |
||||
Alexey A Tikhonov (@alexey-tikhonov) |
||||
Ben Noordhuis (@bnoordhuis) |
||||
Brad House (@bradh352) |
||||
@Chilledheart |
||||
Daniel Stenberg (@bagder) |
||||
Douglas R. Reno (@renodr) |
||||
Gregor Jasny (@gjasny) |
||||
Jay Freeman (@saurik) |
||||
@lifenjoiner |
||||
Nikolaos Chatzikonstantinou (@createyourpersonalaccount) |
||||
Yijie Ma (@yijiem) |
||||
Jérôme Duval (@korli) |
||||
Sam Morris (@yrro) |
||||
Tim Wojtulewicz (@timwoj) |
||||
(9 contributors) |
||||
|
||||
References to bug reports and discussions on issues: |
||||
[1] = https://github.com/c-ares/c-ares/pull/515 |
||||
[2] = https://github.com/c-ares/c-ares/pull/520 |
||||
[3] = https://github.com/c-ares/c-ares/issues/517 |
||||
[4] = https://github.com/c-ares/c-ares/pull/511 |
||||
[5] = https://github.com/c-ares/c-ares/pull/513 |
||||
[6] = https://github.com/c-ares/c-ares/pull/512 |
||||
[7] = https://github.com/c-ares/c-ares/pull/510 |
||||
[8] = https://github.com/c-ares/c-ares/pull/509 |
||||
[9] = https://github.com/c-ares/c-ares/pull/507 |
||||
[10] = https://github.com/c-ares/c-ares/pull/502 |
||||
[11] = https://github.com/c-ares/c-ares/pull/505 |
||||
[12] = https://github.com/c-ares/c-ares/security/advisories/GHSA-9g78-jv2r-p7vc |
||||
[13] = https://github.com/c-ares/c-ares/security/advisories/GHSA-8r8p-23f3-64c2 |
||||
[14] = https://github.com/c-ares/c-ares/security/advisories/GHSA-x6mf-cxr9-8q6v |
||||
[15] = https://github.com/c-ares/c-ares/security/advisories/GHSA-54xr-f67r-4pc4 |
||||
[1] = https://github.com/c-ares/c-ares/pull/556 |
||||
[2] = https://github.com/c-ares/c-ares/pull/552 |
||||
[3] = https://github.com/c-ares/c-ares/pull/554 |
||||
[4] = https://github.com/c-ares/c-ares/pull/553 |
||||
[5] = https://github.com/c-ares/c-ares/pull/551 |
||||
[6] = https://github.com/c-ares/c-ares/pull/546 |
||||
[7] = https://github.com/c-ares/c-ares/pull/549 |
||||
[8] = https://github.com/c-ares/c-ares/pull/542 |
||||
[9] = https://github.com/c-ares/c-ares/pull/540 |
||||
[10] = https://github.com/c-ares/c-ares/pull/530 |
||||
[11] = https://github.com/c-ares/c-ares/pull/534 |
||||
[12] = https://github.com/c-ares/c-ares/commit/c1b00c41 |
||||
[13] = https://github.com/c-ares/c-ares/pull/527 |
||||
[14] = https://github.com/c-ares/c-ares/pull/526 |
||||
[15] = https://github.com/c-ares/c-ares/pull/525 |
||||
[16] = https://github.com/c-ares/c-ares/pull/524 |
||||
|
||||
Loading…
Reference in new issue