ecb3998a20
c-ares version 1.17.2 This is a security and bugfix release. It addresses a few security related issues along with various bugfixes mostly related to portability. Security: o NodeJS passes NULL for addr and 0 for addrlen to ares_parse_ptr_reply() on systems where malloc(0) returns NULL. This would cause a crash. [8] o When building c-ares with CMake, the RANDOM_FILE would not be set and therefore downgrade to the less secure random number generator [12] o If ares_getaddrinfo() was terminated by an ares_destroy(), it would cause a crash [13] o Crash in sortaddrinfo() if the list size equals 0 due to an unexpected DNS response [14] o Expand number of escaped characters in DNS replies as per RFC1035 5.1 to prevent spoofing [16], [17] o Perform validation on hostnames to prevent possible XSS due to applications not performing valiation themselves [18] Changes: o Use non-blocking /dev/urandom for random data to prevent early startup performance issues [5] o z/OS port [6] o ares_malloc(0) is now defined behavior (returns NULL) rather than system-specific to catch edge cases [7] Bug fixes: o Fuzz testing files were not distributed with official archives [1] o Building tests should not force building of static libraries except on Windows [2] o Windows builds of the tools would fail if built as static due to a missing CARES_STATICLIB definition [3] o Relative headers must use double quotes to prevent pulling in a system library [4] o Fix OpenBSD building by implementing portability updates for including arpa/nameser.h [9] o Fix building out-of-tree for autotools [10] o Make install on MacOS/iOS with CMake was missing the bundle destination so libraries weren't actually installed [11] o Fix retrieving DNS server configuration on MacOS and iOS if the configuration did not include search domains [15] o ares_parse_a_reply and ares_parse_aaa_reply were erroneously using strdup() instead of ares_strdup() [19] |
||
|---|---|---|
| .. | ||
| buildlink3.mk | ||
| DESCR | ||
| distinfo | ||
| Makefile | ||
| PLIST | ||