layout | title |
---|---|
page |
Changelog |
This is a bugfix release.
Changes:
- QNX Port: Port to QNX 8, add primary config reading support, add CI build. PR #934, PR #937, PR #938
Bugfixes:
- Empty TXT records were not being preserved. PR #922
- docs: update deprecation notices for
ares_create_query()
andares_mkquery()
. PR #910 - license: some files weren't properly updated. PR #920
- Fix bind local device regression from 1.34.0. PR #929, PR #931, PR #935
- CMake: set policy version to prevent deprecation warnings. PR #932
- CMake: shared and static library names should be the same on unix platforms like autotools uses. PR #933
- Update to latest autoconf archive macros for enhanced system compatibility. PR #936
This is a bugfix release.
Changes:
Bugfixes:
- Some upstream servers are non-compliant with EDNS options, resend queries without EDNS. Issue #911
- Android: <=7 needs sys/system_properties.h a70637c
- Android: CMake needs
-D_GNU_SOURCE
and others. PR #915 - TSAN warns on missing lock, but lock isn't actually necessary. PR #915
ares_getaddrinfo()
forAF_UNSPEC
should retry IPv4 if only IPv6 is received. 765d558ares_send()
shouldn't returnARES_EBADRESP
, itsARES_EBADQUERY
. 91519e7- Fix typos in man pages. PR #905
This release contains a fix for downstream packages detecting the c-ares version based on the contents of the header file rather than the distributed pkgconf or cmake files.
This release fixes a packaging issue.
This is a feature and bugfix release.
Features:
- adig: read arguments from adigrc. PR #856
- Add new pending write callback optimization via
ares_set_pending_write_cb
. PR #857 - New function
ares_process_fds()
. PR #875 - Failed servers should be probed rather than redirecting queries which could cause unexpected latency. PR #877
- adig: rework command line arguments to mimic dig from bind. PR #890
- Add new method for overriding network functions
ares_set_socket_function_ex()
to properly support all new functionality. PR #894 - Fix regression with custom socket callbacks due to DNS cookie support. PR #895
- ares_socket: set IP_BIND_ADDRESS_NO_PORT on ares_set_local_ip* tcp sockets PR #887
- URI parser/writer for ares_set_servers_csv()/ares_get_servers_csv(). PR #882
Changes:
- Connection handling modularization. PR #857, PR #876
- Expose library/utility functions to tools. PR #860
- Remove
ares__
prefix, just useares_
for internal functions. PR #872
Bugfixes:
- fix: potential WIN32_LEAN_AND_MEAN redefinition. PR #869
- Fix googletest v1.15 compatibility. PR #874
- Fix pkgconfig thread dependencies. PR #884
This is a bugfix release.
Bugfixes:
- Work around systemd-resolved quirk that returns unexpected codes for single label names. Also adds test cases to validate the work around works and will continue to work in future releases. PR #863, See Also systemd/systemd#34101
- Fix sysconfig ndots default value, also adds containerized test case to prevent future regressions. PR #862
- Fix blank DNS name returning error code rather than valid record for
commands like:
adig -t SOA .
. Also adds test case to prevent future regressions. 9e574af - Fix calculation of query times > 1s. 2b2eae7
- Fix building on old Linux releases that don't have
TCP_FASTOPEN_CONNECT
. b7a89b9 - Fix minor Android build warnings. PR #848
This is a feature and bugfix release.
Features:
- Add DNS cookie support (RFC7873 + RFC9018) to help prevent off-path cache poisoning attacks. PR #833
- Implement TCP FastOpen (TFO) RFC7413, which will make TCP reconnects 0-RTT on supported systems. PR #840
Changes:
- Reorganize source tree. PR #822
- Refactoring of connection handling to prevent code duplication. PR #839
- New dynamic array data structure to prevent simple logic flaws in array handling in various code paths. PR #841
Bugfixes:
ares_destroy()
race condition during shutdown due to missing lock. PR #831- Android: Preserve thread name after attaching it to JVM. PR #838
- Windows UWP (Store) support fix. PR #845
This is a bugfix release.
Changes:
- Prevent complex recursion during query requeuing and connection cleanup for stability. e8b32b8
- Better propagate error codes on requeue situations. a9bc0a2
- Try to prevent SIGPIPE from being generated and delivered to integrations. de01baa
Bugfixes:
- Missing manpage for
ares_dns_record_set_id()
aa462b3 - Memory leak in
ares__hosts_entry_to_hostent()
due to allocation strategy. PR #824 - UDP write failure detected via ICMP unreachable should trigger faster failover. PR #821
- Fix pycares test case regression due to wrong error code being returned. Regression from 1.31.0. PR #820
- Fix possible Windows crash during
ares_destroy()
when using event threads. 5609bd4 ARES_OPT_MAXTIMEOUTMS
wasn't being honored in all cases. a649c60
This is a bugfix release.
Bugfixes:
- Windows: rework EventThread AFD code for better stability. PR #811
- Windows: If an IP address was detected to have changed, it could lead to a crash due to a bad pointer. Regression introduced in 1.31.0. 59e3a1f4
- Windows: use
QueryPerformanceCounters()
instead ofGetTickCount64()
for better time accuracy (~15ms -> ~1us). 8a50fc6c - Windows 32bit config change callback needs to be tagged as
stdcall
otherwise could result in a crash. 5c2bab35 - Tests that need accurate timing should not depend on internal symbols as there
are C++ equivalents in
std::chrono
. PR #809 - Kqueue (MacOS, *BSD): If the open socket count exceeded 8 (unlikely), it would try to allocate a new buffer that was too small. 5aad7981
This is a bugfix release.
Bugfixes:
- Channel lock needs to be recursive to ensure calls into c-ares functions can be made from callbacks otherwise deadlocks will occur. This regression was introduced in 1.32.0.
This is a feature and bugfix release.
Features:
- Add support for DNS 0x20 to help prevent cache poisoning attacks, enabled
by specifying
ARES_FLAG_DNS0x20
. Disabled by default. PR #800 - Rework query timeout logic to automatically adjust timeouts based on network conditions. The timeout specified now is only used as a hint until there is enough history to calculate a more valid timeout. PR #794
Changes:
- DNS RR TXT strings should not be automatically concatenated as there are use cases outside of RFC 7208. In order to maintain ABI compliance, the ability to retrieve TXT strings concatenated is retained as well as a new API to retrieve the individual strings. This restores behavior from c-ares 1.20.0. PR #801
- Clean up header inclusion logic to make hacking on code easier. PR #797
- GCC/Clang: Enable even more strict warnings to catch more coding flaws. 253bdee
- MSVC: Enable
/W4
warning level. PR #792
Bugfixes:
- Tests: Fix thread race condition in test cases for EventThread. PR #803
- Windows: Fix building with UNICODE. PR #802
- Thread Saftey:
ares_timeout()
was missing lock. 74a64e4 - Fix building with DJGPP (32bit protected mode DOS). PR #789
This is a maintenance and bugfix release.
Changes:
- Enable Query Cache by default. PR #786
Bugfixes:
- Enhance Windows DNS configuration change detection to also detect manual DNS configuration changes. PR #785
- Various legacy MacOS Build fixes. Issue #782
- Ndots value of zero in resolv.conf was not being honored. 852a60a
- Watt-32 build support had been broken for some time. PR #781
- Distribute
ares_dns_rec_type_tostr
manpage. PR #778
This is a maintenance and bugfix release.
Features:
- Basic support for SIG RR record (RFC 2931 / RFC 2535) PR #773
Changes:
- Validation that DNS strings can only consist of printable ascii characters otherwise will trigger a parse failure. 75de16c and 40fb125
- Windows: use
GetTickCount64()
for a monotonic timer that does not wrap. 1dff8f6
Bugfixes:
- QueryCache: Fix issue where purging on server changes wasn't working. a6c8fe6
- Windows: Fix Y2K38 issue by creating our own
ares_timeval_t
datatype. PR #772 - Fix packaging issue affecting MacOS due to a missing header. 55afad6
- MacOS: Fix UBSAN warnings that are likely meaningless due to alignment issues in new MacOS config reader.
- Android: arm 32bit build failure due to missing symbol. d1722e6
This is a feature and bugfix release.
Features:
- When using
ARES_OPT_EVENT_THREAD
, automatically reload system configuration when network conditions change. PR #759 - Apple: reimplement DNS configuration reading to more accurately pull DNS settings. PR #750
- Add observability into DNS server health via a server state callback, invoked whenever a query finishes. PR #744
- Add server failover retry behavior, where failed servers are retried with small probability after a minimum delay. PR #731
Changes:
- Mark
ares_channel_t *
as const in more places in the public API. PR #758
Bugfixes:
- Due to a logic flaw dns name compression writing was not properly implemented which would result in the name prefix not being written for a partial match. This could cause issues in various record types such as MX records when using the deprecated API. Regression introduced in 1.28.0. Issue #757
- Revert OpenBSD
SOCK_DNS
flag, it doesn't do what the docs say it does and causes c-ares to become non-functional. PR #754 ares_getnameinfo()
: loosen validation onsalen
parameter. Issue #752- cmake: Android requires C99. PR #748
ares_queue_wait_empty()
does not honor timeout_ms >= 0. Issue #742
This release contains a fix for a single significant regression introduced in c-ares 1.28.0.
ares_search()
andares_getaddrinfo()
resolution fails if no search domains are specified. Issue #737
This is a feature and bugfix release.
Features:
- Emit warnings when deprecated c-ares functions are used. This can be
disabled by passing a compiler definition of
CARES_NO_DEPRECATED
. PR #732 - Add function
ares_search_dnsrec()
to search for records using the new DNS record data structures. PR #719 - Rework internals to pass around
ares_dns_record_t
instead of binary data, this introduces new public functions ofares_query_dnsrec()
andares_send_dnsrec()
. PR #730
Changes:
- tests: when performing simulated queries, reduce timeouts to make tests run faster
- Replace configuration file parsers with memory-safe parser. PR #725
- Remove
acountry
completely, the manpage might still get installed otherwise. Issue #718
Bugfixes:
- CMake: don't overwrite global required libraries/definitions/includes which could cause build errors for projects chain building c-ares. Issue #729
- On some platforms,
netinet6/in6.h
is not included bynetinet/in.h
and needs to be included separately. PR #728 - Fix a potential memory leak in
ares_init()
. Issue #724 - Some platforms don't have the
isascii()
function. Implement as a macro. PR #721 - CMake: Fix Chain building if CMAKE runtime paths not set
- NDots configuration should allow a value of zero. PR #735
This is a security, feature, and bugfix release.
Security:
- Moderate. CVE-2024-25629. Reading malformatted
/etc/resolv.conf
,/etc/nsswitch.conf
or theHOSTALIASES
file could result in a crash. GHSA-mg26-v6qh-x48q
Features:
- New function
ares_queue_active_queries()
to retrieve number of in-flight queries. PR #712 - New function
ares_queue_wait_empty()
to wait for the number of in-flight queries to reach zero. PR #710 - New
ARES_FLAG_NO_DEFLT_SVR
forares_init_options()
to return a failure if no DNS servers can be found rather than attempting to use127.0.0.1
. This also introduces a new ares status code ofARES_ENOSERVER
. PR #713
Changes:
- EDNS Packet size should be 1232 as per DNS Flag Day. PR #705
Bugfixes:
- Windows DNS suffix search list memory leak. PR #711
- Fix warning due to ignoring return code of
write()
. PR #709 - CMake: don't override target output locations if not top-level. Issue #708
- Fix building c-ares without thread support. PR #700
This is a feature and bugfix release.
Features:
- Event Thread support. Integrators are no longer required to monitor the
file descriptors registered by c-ares for events and call
ares_process()
when enabling the event thread feature viaARES_OPT_EVENT_THREAD
passed toares_init_options()
. PR #696 - Added flags to
are_dns_parse()
to force RAW packet parsing. PR #693
Changes:
- Mark
ares_fds()
as deprecated. PR #691
Bugfixes:
adig
: Differentiate between internal and server errors. e10b16a- Autotools allow make to override CFLAGS/CPPFLAGS/CXXFLAGS. PR #695
- Autotools: fix building for 32bit windows due to stdcall symbol mangling. PR #689
- RR Name should not be sanity checked against the Question. PR #685
Changes:
- AutoTools: rewrite build system to be lighter weight and fix issues in some semi-modern systems. It is likely this has broken building on some less common and legacy OSs, please report issues. PR #674
- Rewrite ares_strsplit() as a wrapper for ares__buf_split() for memory safety reasons. 88c444d
- The ahost utility now uses ares_getaddrinfo() and returns both IPv4 and IPv6 addresses by default. PR #669
- OpenBSD: Add SOCK_DNS flag when creating socket. PR #659
Bugfixes:
- Tests: Live reverse lookups for Google's public DNS servers no longer return results, replace with CloudFlare pubic DNS servers. 1231aa7
- MacOS legacy SDKs require sys/socket.h before net/if.h PR #673
- Connection failures should increment the server failure count first or a retry might be enqueued to the same server. 05181a6
- On systems that don't implement the ability to enumerate network interfaces the stubs used the wrong prototype. eebfe0c
- Fix minor warnings and documentation typos. PR #666
- Fix support for older GoogleTest versions. d186f11
- getrandom() may require sys/random.h on some systems. Issue #665
- Fix building tests with symbol hiding enabled. Issue #664
Features:
Changes:
- Unbundle GoogleTest for test cases. Package maintainers will now need to require GoogleTest (GMock) as a build dependency if building tests. New GoogleTest versions require C++14 or later.
- Replace nameserver parsing code to use new memory-safe functions.
- Replace the sortlist parser with new memory-safe functions.
- Various warning fixes and dead code removal.
Bugfixes:
- Old Linux versions require POSIX_C_SOURCE or _GNU_SOURCE to compile with thread safety support.
- A non-responsive DNS server that caused timeouts wouldn't increment the failure count, this would lead to other servers not being tried. Regression introduced in 1.22.0.
- Some projects that depend on c-ares expect invalid parameter option values passed into ares_init_options() to simply be ignored. This behavior has been restored.
- On linux getrandom() can fail if the kernel doesn't support the syscall, fall back to another random source.
- ares_cancel() when performing ares_gethostbyname() or ares_getaddrinfo() with AF_UNSPEC, if called after one address class was returned but before the other address class, it would return ARES_SUCCESS rather than ARES_ECANCELLED.
Features:
- Introduce optional (but on by default) thread-safety for the c-ares library. This has no API nor ABI implications.
- resolv.conf in modern systems uses attempts and timeouts options instead of the old retrans and retry options.
- Query caching support based on TTL of responses. Can be enabled via ares_init_options() with ARES_OPT_QUERY_CACHE.
Bugfixes:
- ares_init_options() for ARES_OPT_UDP_PORT and ARES_OPT_TCP_PORT accept the port in host byte order, but it was reading it as network byte order. Regression introduced in 1.20.0.
- ares_init_options() for ARES_FLAG_NOSEARCH was not being honored for ares_getaddrinfo() or ares_gethostbyname(). Regression introduced in 1.16.0.
- Autotools MacOS and iOS version check was failing
- Environment variables passed to c-ares are meant to be an override for system configuration. Regression introduced in 1.22.0.
- Spelling fixes as detected by codespell.
- The timeout returned by ares_timeout() was truncated to milliseconds but validated to microseconds which could cause a user to attempt to process timeouts prior to the timeout actually expiring.
- CMake was not honoring CXXFLAGS passed in via the environment which could cause compile and link errors with distribution hardening flags during packaging.
- Fix Windows UWP and Cygwin compilation.
- ares_set_servers_*() for legacy reasons needs to accept an empty server listand zero out all servers. This results in an inoperable channel and thus is only used in simulation testing, but we don't want to break users. Regression introduced in 1.21.0.
Bugfixes:
- Fix /etc/hosts processing performance with all entries using same IPaddress. Large hosts files using the same IP address for all entries could use exponential time.
- Fix typos in manpages
- Fix OpenWatcom building
Features:
- ares_reinit() is now implemented to re-read any system configuration and immediately apply to an existing ares channel
- The adig command line program has been rewritten and its format now more closely matches that of BIND's dig utility
- The new DNS message parser and writer functions have now been made public
- RFC9460 HTTPS and SVCB records are now supported
- RFC6698 TLSA records are now supported
- The server list is now internally dynamic and can be changed without impacting existing queries
- Hosts file processing is now cached until the file is detected to be changed to speed up repetitive lookups of large hosts files
Changes:
- Internally all DNS messages are now written using the new DNS writing functions
- EDNS is now enabled by default
- Internal cleanups in function prototypes
Bugfixes:
- Randomize retry penalties to prevent thundering herd issues when dns servers throttle requests
- Fix Windows build error for missing if_indextoname()
Changes:
- Provide better man page cross-links.
- Introduce ares_status_t as an enum rather than using #define list and integer data type for internal functions.
- Introduce ares_bool_t datatype rather than using an integer with 0/1 so it is clear based on the function prototype what it returns.
- Increase compiler warning levels by default.
- Use size_t and other more proper datatypes internally (rather than int).
- Many developers have used different code styles over the years, standardize on one and use clang-format to enforce the style.
- CMake can now control symbol visibility
- Replace multiple DNS hand-made parsers with new memory-safe DNS message parser.
Bugfixes:
- Tools: STAYOPEN flag could make tools not terminate.
- Socket callbacks were passed SOCK_STREAM instead of SOCK_DGRAM on udp.
Bugfixes:
- Resolve use-after-free issue when TCP connection is terminated before a response is returned
- Reduce number of queries for a load test case to prevent overloading some build systems
- Fix fuzz test build target
Changes:
- Update from 1989 MIT license text to modern MIT license text
- Remove acountry from built tools as nerd.dk is gone
- Add new ARES_OPT_UDP_MAX_QUERIES configuration option to limit the number of queries that can be made from a single ephemeral port
- Default per-query timeout has been reduced to 2s with a 3x retry count
- Modernization: start implementing some common data structures that are easy to use and hard to misuse. This will make code refactoring easier and remove some varied implementations in use. This change also makes ares_timeout() more efficient
- Use SPDX identifiers and a REUSE CI job to verify
- rand: add support for getrandom()
Bug fixes:
- TCP back to back queries were broken
- Ensure queries for ares_getaddrinfo() are not requeued during destruction
- ares_getaddrinfo() should not retry other address classes if one address class has already been returned
- Avoid production ill-formed result when qualifying a name with the root domain
- Fix missing prefix for CMake generated libcares.pc
- DNS server ports will now be read from system configuration instead of defaulting to port 53
- Remove some unreachable code
- Replace usages of sprintf with snprintf
- Fix Watcom instructions and update Windows URLs
Security:
- CVE-2023-32067. High. 0-byte UDP payload causes Denial of Service
- CVE-2023-31147 Moderate. Insufficient randomness in generation of DNS query IDs
- CVE-2023-31130. Moderate. Buffer Underwrite in ares_inet_net_pton()
- CVE-2023-31124. Low. AutoTools does not set CARES_RANDOM_FILE during cross compilation
Bug fixes:
- Fix uninitialized memory warning in test
- Turn off IPV6_V6ONLY on Windows to allow IPv4-mapped IPv6 addresses
- ares_getaddrinfo() should allow a port of 0
- Fix memory leak in ares_send() on error
- Fix comment style in ares_data.h
- Remove unneeded ifdef for Windows
- Fix typo in ares_init_options.3
- Re-add support for Watcom compiler
- Sync ax_pthread.m4 with upstream
- Windows: Invalid stack variable used out of scope for HOSTS path
- Sync ax_cxx_compile_stdcxx_11.m4 with upstream to fix uclibc support
Security:
Changes:
- Windows: Drop support for XP and derivatives which greatly cleans up initialization code.
- Add ARES_OPT_HOSTS_FILE similar to ARES_OPT_RESOLVCONF for specifying a custom hosts file location.
- Add vcpkg installation instructions
Bug fixes:
- Fix cross-compilation from Windows to Linux due to CPACK logic.
- Fix memory leak in reading /etc/hosts when using localhost fallback.
- Fix chain building c-ares when libresolv is already included by another project
- File lookup should not immediately abort as there may be other tries due to search criteria.
- Asterisks should be allowed in host validation as CNAMEs may reference wildcard domains
- AutoTools build system referenced bad STDC_HEADERS macro
- Even if one address class returns a failure for ares_getaddrinfo() we should still return the results we have
- CMake Windows: DLLs did not include resource file to include versions
- CMake: Guard target creation in exported config
- Fix ares_getaddrinfo() numerical address resolution with AF_UNSPEC
- Apple: fix libresolv configured query times.
- Fix tools and help information
- Various documentation fixes and cleanups
- Add include guards to ares_data.h
- c-ares could try to exceed maximum number of iovec entries supported by system
- CMake package config generation allow for absolute install paths
- Intel compiler fixes
- ares_strsplit bugs
- The RFC6761 6.3 states localhost subdomains must be offline too.
Bug fixes:
- ares_getaddrinfo() would return ai_addrlen of 16 for ipv6 adddresses rather than the sizeof(struct sockaddr_in6)
Changes:
- Add support for URI(Uniform Resource Identifier) records via ares_parse_uri_reply()
- Provide ares_nameser.h as a public interface as needed by NodeJS
- Update URLs from c-ares.haxx.se to c-ares.org
- During a domain search, treat ARES_ENODATA as ARES_NXDOMAIN so that the search process will continue to the next domain in the search.
- Turn ares_gethostbyname() into a wrapper for ares_getaddrinfo() as they followed very similar code paths and ares_gethostbyaddr() has some more desirable features such as priority sorting and parallel queries for AF_UNSPEC.
- ares_getaddrinfo() now contains a name element in the address info structure as the last element. This is not an API or ABI break due to the structure always being internally allocated and it being the last element.
- ares_parse_a_reply() and ares_parse_aaaa_reply() were nearly identical, those now use the same helper functions for parsing rather than having their own code.
- RFC6761 Section 6.3 says "localhost" lookups need to be special cased to return loopback addresses, and not forward queries to recursive dns servers. On Windows this now returns all loopback addresses, on other systems it returns 127.0.0.1 or ::1 always, and will never forward a request for "localhost" to outside DNS servers.
- Haiku: port
Bug fixes:
- add build to .gitignore
- z/OS minor update, add missing semicolon in ares_init.c
- Fix building when latest ax_code_coverage.m4 is imported
- Work around autotools 'error: too many loops' and other newer autotools import related bugs.
- MinGW cross builds need advapi32 link as lower case
- Cygwin build fix due to containing both socket.h and winsock2.h
- ares_expand_name should allow underscores (_) as SRV records legitimately use them
- Allow '/' as a valid character for a returned name for CNAME in-addr.arpa delegation
- ares_getaddrinfo() was not honoring HOSTALIASES
- ares_getaddrinfo() had some test cases disabled due to a bug in the test framework itself which has now been resolved
Security:
- NodeJS passes NULL for addr and 0 for addrlen to ares_parse_ptr_reply() on systems where malloc(0) returns NULL. This would cause a crash.
- When building c-ares with CMake, the RANDOM_FILE would not be set and therefore downgrade to the less secure random number generator
- If ares_getaddrinfo() was terminated by an ares_destroy(), it would cause a crash
- Crash in sortaddrinfo() if the list size equals 0 due to an unexpected DNS response
- Expand number of escaped characters in DNS replies as per RFC1035 5.1 to prevent spoofing follow-up
- Perform validation on hostnames to prevent possible XSS due to applications not performing valiation themselves
Changes:
- Use non-blocking /dev/urandom for random data to prevent early startup performance issues
- z/OS port
- ares_malloc(0) is now defined behavior (returns NULL) rather than system-specific to catch edge cases
Bug fixes:
- Fuzz testing files were not distributed with official archives
- Building tests should not force building of static libraries except on Windows
- Windows builds of the tools would fail if built as static due to a missing CARES_STATICLIB definition
- Relative headers must use double quotes to prevent pulling in a system library
- Fix OpenBSD building by implementing portability updates for including arpa/nameser.h
- Fix building out-of-tree for autotools
- Make install on MacOS/iOS with CMake was missing the bundle destination so libraries weren't actually installed
- Fix retrieving DNS server configuration on MacOS and iOS if the configuration did not include search domains
- ares_parse_a_reply and ares_parse_aaa_reply were erroneously using strdup() instead of ares_strdup()
Fixes packaging issues in 1.17.0.
Security:
- avoid read-heap-buffer-overflow in ares_parse_soa_reply found during fuzzing
- Avoid theoretical buffer overflow in RC4 loop comparison
- Empty hquery->name could lead to invalid memory access
- ares_parse_{a,aaaa}_reply() could return a larger *naddrttls than was passed in
Changes:
- Update help information for adig, acountry, and ahost
- Test Suite now uses dynamic system-assigned ports rather than hardcoded ports to prevent failures in containers
- Detect remote DNS server does not support EDNS using rules from RFC 6891
- Source tree has been reorganized to use a more modern layout
- Allow parsing of CAA Resource Record
Bug fixes:
- readaddrinfo bad sizeof()
- Test cases should honor HAVE_WRITEV flag, not depend on WIN32
- FQDN with trailing period should be queried first
- ares_getaddrinfo() was returning members of the struct as garbage values if unset, and was not honoring ai_socktype and ai_protocol hints.
- ares_gethostbyname() with AF_UNSPEC and an ip address would fail
- Properly document ares_set_local_ip4() uses host byte order
Security:
- Prevent possible use-after-free and double-free in ares_getaddrinfo() if ares_destroy() is called prior to ares_getaddrinfo() completing. Reported by Jann Horn at Google Project Zero.
Changes:
- Allow TXT records on CHAOS qclass. Used for retriving things like version.bind, version.server, authoris.bind, hostname.bind, and id.server. [3]
Bug fixes:
- Fix Windows Unicode incompatibilities with ares_getaddrinfo() [1]
- Silence false cast-align compiler warnings due to valid casts of struct sockaddr to struct sockaddr_in and struct sockaddr_in6.
- MacOS should use libresolv for retrieving DNS servers, like iOS
- CMake build system should populate the INCLUDE_DIRECTORIES property of installed targets [2]
- Correct macros in use for the ares_getaddrinfo.3 man page
Changes:
- Introduction of ares_getaddrinfo() API which provides similar output (including proper sorting as per RFC 6724) to the system native API, but utilizes different data structures in order to provide additional information such as TTLs and all aliases. Please reference the respective man pages for usage details.
- Parse SOA records from ns_t_any response
- CMake: Provide c-ares version in package export file
- CMake: Add CPACK functionality for DEB and RPM
- CMake: Generate PDB files during build
- CMake: Support manpage installation
Bug fixes:
- Fix bad expectation in IPv6 localhost test.
- AutoTools: use XC_CHECK_BUILD_FLAGS instead of XC_CHECK_USER_FLAGS to prevent complaints about CPPFLAGS in CFLAGS.
- Fix .onion handling
- Command line usage was out of date for adig and ahost.
- Typos in manpages
- If ares_getenv is defined, it must return a value on all platforms
- If /etc/resolv.conf has invalid lookup values, use the defaults.
- Tests: Separate live tests from SetServers* tests as only live tests should require internet access.
- ares_gethostbyname() should return ENODATA if no valid A or AAAA record is found, but a CNAME was found.
- CMake: Rework library function checking to prevent unintended linking with system libraries that aren't needed.
- Due to use of inet_addr() it was not possible to return 255.255.255.255 from ares_gethostbyname().
- CMake: Fix building of tests on Windows
Changes:
- Add ares_init_options() configurability for path to resolv.conf file
- Ability to exclude building of tools (adig, ahost, acountry) in CMake
- Android: Support for domain search suffix
- Report ARES_ENOTFOUND for .onion domain names as per RFC7686
Bug fixes:
- AIX build fix for trying to include both nameser_compat.h and onameser_compat.h
- Windows: Improve DNS suffixes extracting from WinNT registry
- Fix modern GCC warnings
- Apply the IPv6 server blacklist to all nameserver sources, not just Windows
- Fix warnings emitted by MSVC when using -W4
- Prevent changing name servers while queries are outstanding
- Harden and rationalize c-ares timeout computation
- Distribute ares_android.h
- ares_set_servers_csv() on failure should not leave channel in a bad state
- Add missing docs to distribution
Changes:
Bug fixes:
- Fix patch for CVE-2017-1000381 to not be overly aggressive
- win32: Preserve DNS server order returned by Windows when sorting and exclude DNS servers in legacy subnets
- win32: Support most recent Visual Studio 2017
- gethostbyaddr should fail with ECANCELLED not ENOTFOUND when ares_cancel is called
- win32: Exclude legacy ipv6 subnets
- android: Applications compiled for Oreo can no longer use __system_property_get and must use Java calls to retrieve DNS servers
- win32: Force use of ANSI functions
- CMake minimum version is now 3.1
- ares_gethostbyname.3: fix callback status values
- docs: Document WSAStartup requirement
- Fix a typo in init_by_resolv_conf
- Android JNI code leaks local references in some cases
- Force using the ANSI versions of WinAPI functions
Changes:
- cmake build system support added
- Add virtual function set for socket IO: ares_set_socket_functions
Bug fixes:
- CVE-2017-1000381: c-ares NAPTR parser out of bounds access
- macos: do not set HAVE_CLOCK_GETTIME_MONOTONIC
- test: check ares_create_query with too-long name
- dist: add ares_library_initialized.* to the tarball
- fix build on OpenBSD
- dist: ship msvc_ver.inc too
- test: Add gTest/gMock files to SOURCES
- test: add fuzz entrypoint for ares_create_query()
- configure: clock_gettime workaround
- docs: convert INSTALL to MarkDown & tweak
- ares_process: fix return type of socket_create function (win32 warning)
- docs: fixed references to ares_set_local_ip4 and ares_set_local_ip6
- Windows DNS server sorting
- Use ares_socklen_t instead of socket_t
- ares_create_query: use ares_free not naked free
- msvc_ver.inc support most recent Visual Studio 2017
- acountry: Convert char from ISO-8859-1 to UTF-8
- ares_expand_name: limit number of indirections
- configure: do not check for ar if specified manually
- Added support for Windows DNS Suffix Search List
- ares.h: support compiling with QNX
Changes:
- api: add ARES_OPT_NOROTATE optmask value
Bug fixes:
- CVE-2016-5180: ares_create_query single byte out of buffer write
- configure: acknowledge --disable-tests [1]
- man pages: fix typos detected by Lintian
- test: add missing #includes for dns-proto.cc
- test: avoid in6addr_* constants
- test: Build with MinGW on AppVeyor
- Makefile.m32: add support for extra flags
- Makefile.m32: add support for CROSSPREFIX
- configure: check if tests can get built before enabled
- ares_library_cleanup: reset ares_realloc too
- ahost.c: add cast to fix C++ compile
- test: Only pass unused args to GoogleTest
- build: commonize MSVC version detection
- msvc_ver.inc: support Visual Studio 2015 Update 1, 2, 3
- test: for AF_UNSPEC, return CNAME only for AAAA, but valid A record
- ares_getnameinfo: explicitly clear struct servent before use
- test: Update fuzzing function prototype
- init: fix nsort initialization
- test: add fuzzing check script to tests
- web: http => https
- read_tcp_data: remove superfluous NULL check
- LICENSE.md: add a stand-alone license file
- SECURITY.md: suggested "security process" for the project
- ares_init_options: only propagate init failures from options [2]
- headers: remove checks for and defines of variable sizes
- test: fix gMock to work with gcc >= 6.x [3]
Changes:
- Add a unit test suite
- Allow builds with code converage with --enable-code-coverage configure option
- Allow library-wide override of malloc/free
- Allow multiple -s options to the ahost command
- api: Expose the ares_library_initialized() function
- api: Add ares_set_sortlist(3) entrypoint
- api: Add entrypoints to allow use of per-server ports
- api: introduce `ares_parse_txt_reply_ext`
- api: Add ares_set_socket_configure_callback()
Bug fixes:
- timeadd: make static
- timeoffset: made static and private
- nowarn: use limits.h instead of configure for size of long
- single_domain: Invalid memory access for empty string input
- ares_build.h: fix building on 64-bit powerpc
- Allow specification of search domain in ahost
- Don't override explicitly specified search domains
- ares_parse_soa_reply: Do not leak rr_name on allocation failure
- Update ahost man page to describe -s option
- host_callback: Fall back to AF_INET on searching with AF_UNSPEC
- Add -t u option to ahost
- CONTRIBUTING: added
- ares_set_servers_csv: fix NULL dereference
- Fix integer shift overflow if both tcp_socket and udp_socket are set
- fix acountry memory leak
- lookup_service: prevent tmpbuf from overrunning
- ares_getnameinfo.3: there is no ares_getaddrinfo
- init_by_defaults: Continue loop if space for hostname not large enough
- Destroy options if ares_save_options fails
- ares__read_line: free buf on realloc failure
- added define for visual studio 2013
- windows: fix slow DNS lookup issue
- Use libresolv to initialize cares on iPhone targets
- buildconf: remove check for libtool, it only requires libtoolize
- init_by_resolv_conf: Don't exit loop early leaving uninitialized entries
- ahost: check the select() return code
- configure_socket: explicitly ignore return code
- read_tcp_data: don't try to use NULL pointer after malloc failure
- Distribute all man pages
- ares_expand_name: check for valid bits in label length
- ares__read_line: clear buf pointer on realloc failure
- process_answer: fix things up correctly when removing EDNS option
- ares_parse_txt_reply: propagate errors from per-substring loop
- ares_gethostbyname: don't leak valid-but-empty hostent
- ares_init_options: don't lose init failure
- ares_dup: clear new channel on failure
- config_sortlist: free any existing sortlist on (re)alloc failure
- ares_striendstr: fix so non-NULL return can happen
- bitncmp: update comment to match code behaviour
- ares_set_servers_csv.3: make return type match code
- init_by_resolv_conf: ignore
fopen
errors to use default values - Use "resolve" as synonym of "dns" in nsswitch.conf
- ares_win32_init: make LoadLibrary work when using UNICODE too
- dist: Distribute README.md
- configure: build silently by default
- ares_dup.3: remove mention of nonexistent function
Changes:
- Added ares_create_query(), to be used instead of ares_mkquery()
- ares_inet_ntop() and ares_inet_pton() are now recognized c-ares functions
Bug fixes:
- include the ares_parse_soa_reply.* files in the tarball
- read_udp_packets: bail out loop on bad sockets
- get_DNS_AdaptersAddresses: fix IPv6 parsing
- adig: perror() doesn't work for socket errors on windows
- ares_parse_aaaa_reply: fix memory leak
- setup_once.h: HP-UX sys/socket.h issue workaround
- configure: several fixes
- config-dos.h: define strerror() to strerror_s_() for High-C
- config-dos.h: define HAVE_CLOSE_S for MSDOS/Watt-32
- ares_build.h.dist: enhance non-configure GCC ABI detection logic
- ares.h: stricter CARES_EXTERN linkage decorations logic
- ares_cancel(): cancel requests safely
- protocol parsing: check input data stricter
- library init: be recursive, reference count inits/cleanups
- ares_parse_txt_reply: return a ares_txt_reply node for each sub-string
- ares_set_servers_csv: fixed IPv6 address parsing
- build: fix build on msvc11
Fixed:
- include the ares_parse_soa_reply.* files in the tarball
Changed:
- Added ares_parse_soa_reply
Fixed:
- libcares.pc generation for static MingW* cross builds
- ares_dup: UDP and TCP port byte order in saved options
Changed:
- Added ares_parse_naptr_reply()
Fixed:
- handle CNAME-only in ares_parse_aaaa_reply()
- support multiple DNS servers on Android
- check for __ANDROID__ in addition to ANDROID macro
- port numbers: convert them to network order
- get_iphlpapi_dns_info: fix buffer overrun
- configure: make CURL_CHECK_DEF ignore leading whitespace
- segfault triggered in ares_init_options()
- ares_getnameinfo's memcpy did not copy enough bytes
- ares_destroy: fix segfault in ares_destroy_options()
- CHANGES: generate from script
- configure: fix symbol hiding usability check
Fixed:
- detection of semicolon comments in resolv.conf
- avoid using system's inet_net_pton affected by the WLB-2008080064 advisory
- replacement ares_inet_net_pton affected by the WLB-2008080064 advisory
- replacement ares_inet_ntop affected by potential out of bounds write
- added install target to Makefile.msvc
- only fall back to AF_INET searches when looking for AF_UNSPEC addresses
- fixed ares_parse_*_reply memory leaks
- Use correct sizeof in ares_getnameinfo()
- IPv6-on-windows: find DNS servers correctly
- man pages: docs for the c-ares utility programs
- getservbyport replacement for Win CE
- config_sortlist: (win32) missing else
- advance_tcp_send_queue: avoid NULL ptr dereference
- configure: fix a bashism
- ares_expand_name: Fix encoded length for indirect root
Changed:
- local-bind: Support binding to local interface/IPs, see ares_set_local_ip4, ares_set_local_ip6, ares_set_local_dev
Fixed:
- memory leak in ares_getnameinfo
- add missing break that caused get_ares_servers to fail
- ares_parse_a_reply: fix CNAME response parsing
- init_by_options: don't copy an empty sortlist
- Replaced uint32_t with unsigned int to fix broken builds on a couple of platforms
- Fix lookup with HOSTALIASES set
- adig: fix NAPTR parsing
- compiler warning cleanups
Fixed:
- builds on Android
- now includes all files necessary to build it (1.7.2 lacked a file)
Changed:
- Added ares_parse_mx_reply()
Fixed:
- ares_init: Last, not first instance of domain or search should win
- improve alternative definition of bool
- fix VS2010 compiler warnings
Changed:
- added IPv6 name servers support
Fixed:
- closing of sockets on Windows systems
- MSVC deprecated compiler options warnings
- ares_process_fd() didn't check broken connections
Changed:
- in6_addr is not used in ares.h anymore, but a private ares_in6_addr is instead declared and used
- ares_gethostbyname() now supports 'AF_UNSPEC' as a family for resolving either AF_INET6 or AF_INET
- a build-time configured ares_socklen_t is now used instead of socklen_t
- new ares_library_init() and ares_library_cleanup() functions
- new --enable-curldebug configure option
- ARES_ECANCELLED is now sent as reason for ares_cancel()
- added ares_parse_srv_reply()
- added ares_parse_txt_reply()
- added ares_free_data()
- new --enable-symbol-hiding configure option
- new Makefile.msvc for any MSVC compiler or MS Visual Studio version
- addrttl and addr6ttl structs renamed to ares_addrttl and ares_addr6ttl
- naming convention for libraries built with MSVC, see README.msvc
Fixed:
- ares_parse_*_reply() functions now return ARES_EBADRESP instead of ARES_EBADNAME if the name in the response failed to decode
- only expose/export symbols starting with 'ares_'
- fix \Device\TCP handle leaks triggered by buggy iphlpapi.dll
- init without internet gone no longer fails
- out of bounds memory overwrite triggered with malformed /etc/hosts file
- function prototypes in man pages out of sync with ares.h
Changed:
- Added support for the glibc "rotate" resolv.conf option (or ARES_OPT_ROTATE)
- Added ares_gethostbyname_file()
- Added ares_dup()
- Added ares_set_socket_callback()
Fixed:
- improved configure detection of several functions
- improved source code portability
- adig supports a regular numerical dotted IP address for the -s option
- handling of EINPROGRESS for UDP connects
- ares_parse_ptr_reply() would cause a buffer to shrink instead of expand if a reply contained 8 or more records
- buildconf works on OS X
- fix adig sample application compilation failure on some systems
- fix pkg-config reporting of private libraries needed for static linking
- fallback to gettimeofday when monotonic clock is unavailable at run-time
- ares_gethostbyname() fallback from AAA to A records with CNAME present
- allow --enable-largefile and --disable-largefile configurations
- configure process no longer needs nor checks size of curl_off_t
- library will now be built with _REENTRANT symbol defined if needed
- Improved configure detection of number of arguments for getservbyport_r
- Improved query-ID randomness
- Validate that DNS response address matches the request address
- fix acountry sample application compilation failure on some systems
- code refactoring in ares_gethostbyaddr
- improved checking of /dev/urandom in configure script
- new sample application, acountry
- improved MSVC6 dsp files
- adig sample application supports NAPTR records
- improved file seeding randomizer
- improved parsing of resolver configuration files
- updated configure script to remove autoconf 2.62 warnings
- use monotonic time source if available
- return all PTR-records when doing reverse lookups
- millisecond resolution support for the timeout option
- added the ares_llist.h header that was missing in the 1.5.0 release
- SONAME bump to a few API and ABI breaking changes: - ares_host_callback() - ares_nameinfo_callback() - ares_parse_a_reply() - ares_parse_aaaa_reply()
- two valgrind reports were silenced
- ares_save_options() fix
- do DNS retries even on TCP connections
- correctly clear sockets from the fd_set in several functions
- always wait on TCP events to detect connect closures
- new socket options: ARES_OPT_SOCK_SNDBUF and ARES_OPT_SOCK_RCVBUF
- made the query callbacks receive the number of timeouts that happened during the execution of a query
- don't skip a server if it's the only one
- segfault when generating a DNS "Transaction ID" under low memory conditions
- ares_strerror() segfault fix
- added copyright texts to a few places that were missing them
- fixed VS2005 compiler warnings due to time_t being 64bit
- introduced cryptographically secure transaction IDs
- added ares_save_options()
- added ares_destroy_options()
- added ares_process_fd()
- fixed undefined return value in init_by_resolv_conf() function for windows
- added ares_parse_ns_reply()
- fix failure to get the search sequence of /etc/hosts and DNS from /etc/nsswitch.conf, /etc/host.conf or /etc/svc.conf when /etc/resolv.conf did not exist
- when domains were sert in the options struct, and there were domain/search entries in /etc/resolv.conf, the domains of the options struct would be overridden
- removed a couple of potential zero size memory allocations
- fixed the line endings in areslib.dsp