Hi folks,
This package underlies most of the Cygwin downloaders I am aware of and
maintain, and also a lot of other async or parallel network packages, including
cygport, git, TeXlive, and other doc packages.
This large version jump with no .so version/ABI/DLL change and *without Google
gmock/gtest test suite* carries a lot of risks:
Version Arch Size Date Status Files
1.16.1-1 src 1343 KiB 2024-11-10 16:51 stable
https://cygwin.com/packages/x86_64/c-ares-src/c-ares-1.16.1-1-src
1.34.5-0 src 992 KiB 2025-04-12 18:07 test
https://cygwin.com/packages/x86_64/c-ares-src/c-ares-1.34.5-0-src
A full set of release notes has been included in the announcement (copied below)
due to the many versions skipped, and the many packages impacted:
$ cygcheck-dep -qN libcares2
libcares2: is recursively needed for ( aria2 asciidoc biber cygcheck-dep
cygport dblatex djvulibre docbook-utils geoipupdate gnome-common gtk-doc html2ps
libcares-devel nghttp2 preview-latex pwget texinfo-tex texlive-collection-basic
texlive-collection-bibtexextra texlive-collection-binextra
texlive-collection-fontsextra texlive-collection-fontsrecommended
texlive-collection-fontutils texlive-collection-formatsextra
texlive-collection-htmlxml texlive-collection-latex
texlive-collection-latexextra texlive-collection-latexrecommended
texlive-collection-mathscience texlive-collection-pictures
texlive-collection-plaingeneric texlive-collection-xetex wget xhtml2ps xmlto )
Please try to make time to rebuild affected packages and rerun their test suites
with the test -devel and DLL packages installed.
If for any reason anyone wants to rebuild c-ares from src, it requires Takashi's
latest patch to sys/unistd.h, which stops me from building yet on Scallywag CI
until that is promoted in a stable release!
[CCed Jari as he may no longer be following the lists and pwget may be impacted]
On 2025-04-12 15:01, Cygwin cares Maintainer via Cygwin-announce wrote:
Curl Asynchronous RESolver library for applications which
need to perform DNS queries without blocking, or
need to perform multiple DNS queries in parallel.
Primary applications are servers with multiple clients and GUI programs.
For more information see the project home page:
https://c-ares.org/
The following *TEST* packages have been released in the Cygwin distribution:
- libcares-devel 1.34.5
- libcares2 1.34.5
No build check is possible as Google gtest and gmock are required
but not available for Cygwin.
Please test these packages as extensively as possible (especially if you
are a Cygwin package maintainer) as libcares is used in many libraries
and utilities, including all network downloaders and their libraries:
aria2c, curl, wget, wget2; and many TeXlive packages.
Package maintainers should install this test release and rerun checks
of as many libraries and packages depending on libcares as possible.
I have it locally installed so it is getting used by commands, scripts,
cron jobs, and cygport builds, and has and is getting frequent exercise
with no apparent issues so far.
If no issues are reported within a couple of weeks the package will be
upgraded to current.
As there are many versions since the previous Cygwin release, see below or:
https://c-ares.org/changelog.html
08 Apr 2025 1.34.5
This is a security release.
Security:
- CVE-2025-31498. A use-after-free bug has been uncovered in
read_answers() that was introduced in v1.32.3.
Please see
https://github.com/c-ares/c-ares/security/advisories/GHSA-6hxc-62jh-p29v
Changes:
- Restore Windows XP support.
Bugfixes:
- A missing mutex initialization would make busy polling for configuration
changes (platforms other than Windows, Linux, MacOS) eat too much CPU
- Pkgconfig may be generated wrong for static builds in relation to `-pthread`
- Localhost resolution can fail if only one address family is in `/etc/hosts`
14 Dec 2024 1.34.4
This is a bugfix release.
Changes:
- QNX Port: Port to QNX 8, add primary config reading support, add CI build.
Bugfixes:
- Empty TXT records were not being preserved.
- docs: update deprecation notices for `ares_create_query()` and
`ares_mkquery()`.
- license: some files weren't properly updated.
- Fix bind local device regression from 1.34.0.
- CMake: set policy version to prevent deprecation warnings.
- CMake: shared and static library names should be the same on unix
platforms like autotools uses.
- Update to latest autoconf archive macros for enhanced system compatibility.
09 Nov 2024 1.34.3
This is a bugfix release.
Changes:
- Build the release package in an automated way so we can provide
provenance as per [SLSA3](https://slsa.dev/).
Bugfixes:
- Some upstream servers are non-compliant with EDNS options, resend
queries without EDNS.
- Android: <=7 needs sys/system_properties.h
- Android: CMake needs `-D_GNU_SOURCE` and others.
- TSAN warns on missing lock, but lock isn't actually necessary.
- `ares_getaddrinfo()` for `AF_UNSPEC` should retry IPv4 if only IPv6 is
received.
- `ares_send()` shouldn't return `ARES_EBADRESP`, its `ARES_EBADQUERY`.
- Fix typos in man pages.
15 Oct 2024 1.34.2
- This release contains a fix for downstream packages detecting the
c-ares version based on the contents of the header file rather than
the distributed pkgconf or cmake files.
09 Oct 2024 1.34.1
- This release fixes a packaging issue in 1.34.0.
09 Oct 2024 1.34.0
This is a feature and bugfix release.
Features:
- adig: read arguments from adigrc.
- Add new pending write callback optimization via `ares_set_pending_write_cb`.
- New function `ares_process_fds()`.
- Failed servers should be probed rather than redirecting queries which
could cause unexpected latency.
- adig: rework command line arguments to mimic dig from bind.
- Add new method for overriding network functions
`ares_set_socket_function_ex()` to properly support all new
functionality.
- Fix regression with custom socket callbacks due to DNS cookie support.
- ares_socket: set IP_BIND_ADDRESS_NO_PORT on ares_set_local_ip* tcp sockets
- URI parser/writer for ares_set_servers_csv()/ares_get_servers_csv().
Changes:
- Connection handling modularization.
- Expose library/utility functions to tools.
- Remove `ares__` prefix, just use `ares_` for internal functions.
Bugfixes:
- fix: potential WIN32_LEAN_AND_MEAN redefinition.
- Fix googletest v1.15 compatibility.
- Fix pkgconfig thread dependencies.
23 Aug 2024 1.33.1
This is a bugfix release.
Bugfixes:
- Work around systemd-resolved quirk that returns unexpected codes for
single label names. Also adds test cases to validate the work around
works and will continue to work in future releases.
See Also https://github.com/systemd/systemd/issues/34101
- Fix sysconfig ndots default value, also adds containerized test case
to prevent future regressions.
- Fix blank DNS name returning error code rather than valid record for
commands like: `adig -t SOA .`. Also adds test case to prevent future
regressions.
- Fix calculation of query times > 1s.
- Fix building on old Linux releases that don't have `TCP_FASTOPEN_CONNECT`.
- Fix minor Android build warnings.
02 Aug 2024 1.33.0
This is a feature and bugfix release.
Features:
- Add DNS cookie support (RFC7873 + RFC9018) to help prevent off-path
cache poisoning attacks.
- Implement TCP FastOpen (TFO) RFC7413, which will make TCP reconnects
0-RTT on supported systems.
Changes:
- Reorganize source tree.
- Refactoring of connection handling to prevent code duplication.
- New dynamic array data structure to prevent simple logic flaws in
array handling in various code paths.
Bugfixes:
- `ares_destroy()` race condition during shutdown due to missing lock.
- Android: Preserve thread name after attaching it to JVM.
- Windows UWP (Store) support fix.
24 Jul 2024 1.32.3
This is a bugfix release.
Changes:
- Prevent complex recursion during query requeuing and connection
cleanup for stability.
- Better propagate error codes on requeue situations.
- Try to prevent SIGPIPE from being generated and delivered to integrations.
Bugfixes:
- Missing manpage for `ares_dns_record_set_id()`
- Memory leak in `ares__hosts_entry_to_hostent()` due to allocation strategy.
- UDP write failure detected via ICMP unreachable should trigger faster
failover.
- Fix pycares test case regression due to wrong error code being
returned. Regression from 1.31.0.
- Fix possible Windows crash during `ares_destroy()` when using event threads.
- `ARES_OPT_MAXTIMEOUTMS` wasn't being honored in all cases.
15 Jul 2024 1.32.2
This is a bugfix release.
Bugfixes:
- Windows: rework EventThread AFD code for better stability.
- Windows: If an IP address was detected to have changed, it could lead to a
crash due to a bad pointer. Regression introduced in 1.31.0.
- Windows: use `QueryPerformanceCounters()` instead of
`GetTickCount64()` for better time accuracy (~15ms -> ~1us).
- Windows 32bit config change callback needs to be tagged as `stdcall`
otherwise could result in a crash.
- Tests that need accurate timing should not depend on internal symbols
as there are C++ equivalents in `std::chrono`.
- Kqueue (MacOS, \*BSD): If the open socket count exceeded 8 (unlikely),
it would try to allocate a new buffer that was too small.
07 Jul 2024 1.32.1
This is a bugfix release.
Bugfixes:
- Channel lock needs to be recursive to ensure calls into c-ares
functions can be made from callbacks otherwise deadlocks will occur.
This regression was introduced in 1.32.0.
04 Jul 2024 1.32.0
This is a feature and bugfix release.
Features:
- Add support for DNS 0x20 to help prevent cache poisoning attacks,
enabled by specifying `ARES_FLAG_DNS0x20`.
Disabled by default.
- Rework query timeout logic to automatically adjust timeouts based on
network conditions.
The timeout specified now is only used as a hint until there is
enough history to calculate a more valid timeout.
Changes:
- DNS RR TXT strings should not be automatically concatenated as there
are use cases outside of RFC 7208.
In order to maintain ABI compliance, the ability to retrieve TXT
strings concatenated is retained as well as a new API to retrieve the
individual strings.
This restores behavior from c-ares 1.20.0.
- Clean up header inclusion logic to make hacking on code easier.
- GCC/Clang: Enable even more strict warnings to catch more coding flaws.
- MSVC: Enable `/W4` warning level.
Bugfixes:
- Tests: Fix thread race condition in test cases for EventThread.
- Windows: Fix building with UNICODE.
- Thread Safety: `ares_timeout()` was missing lock.
- Fix building with DJGPP (32bit protected mode DOS).
18 Jun 2024 1.31.0
This is a maintenance and bugfix release.
Changes:
- Enable Query Cache by default.
Bugfixes:
- Enhance Windows DNS configuration change detection to also detect
manual DNS configuration changes.
- Various legacy MacOS Build fixes.
- Ndots value of zero in resolv.conf was not being honored.
- Watt-32 build support had been broken for some time.
- Distribute `ares_dns_rec_type_tostr` manpage.
07 Jun 2024 1.30.0
Important Information
1. The c-ares.org website is now hosted by GitHub Pages, links to
downloads have changed to the GitHub release artifact URLs. If you were
previously relying on packaging scripts downloading from
https://c-ares.org (or legacy https://c-ares.haxx.se), please update
your scripts as appropriate.
2. A new signing key was used to generate the signature for this
release. Please see the valid PGP / GPG signing keys on the
[download](https://c-ares.org/download/) page or in the repository
[README](https://github.com/c-ares/c-ares/blob/main/README.md#release-keys).
Release Notes
This is a maintenance and bugfix release.
Features:
- Basic support for SIG RR record (RFC 2931 / RFC 2535)
Changes:
- Validation that DNS strings can only consist of printable ascii
characters otherwise will trigger a parse failure.
- Windows: use `GetTickCount64()` for a monotonic timer that does not wrap.
Bugfixes:
- QueryCache: Fix issue where purging on server changes wasn't working.
- Windows: Fix Y2K38 issue by creating our own `ares_timeval_t` datatype.
- Fix packaging issue affecting MacOS due to a missing header.
- MacOS: Fix UBSAN warnings that are likely meaningless due to alignment
issues in new MacOS config reader.
- Android: arm 32bit build failure due to missing symbol.
23 May 2024 1.29.0
This is a feature and bugfix release.
Features:
- When using `ARES_OPT_EVENT_THREAD`, automatically reload system
configuration when network conditions change.
- Apple: reimplement DNS configuration reading to more accurately pull
DNS settings.
- Add observability into DNS server health via a server state callback,
invoked whenever a query finishes.
- Add server failover retry behavior, where failed servers are retried
with small probability after a minimum delay.
Changes:
- Mark `ares_channel_t *` as const in more places in the public API.
Bugfixes:
- Due to a logic flaw dns name compression writing was not properly
implemented which would result in the name prefix not being written
for a partial match.
This could cause issues in various record types such as MX records
when using the deprecated API. Regression introduced in 1.28.0.
- Revert OpenBSD `SOCK_DNS` flag, it doesn't do what the docs say it
does and causes c-ares to become non-functional.
- `ares_getnameinfo()`: loosen validation on `salen` parameter.
- cmake: Android requires C99.
- `ares_queue_wait_empty()` does not honor timeout_ms >= 0.
30 Mar 2024 1.28.1
This release contains a fix for a single significant regression introduced
in c-ares 1.28.0.
- `ares_search()` and `ares_getaddrinfo()` resolution fails if no search
domains are specified.
29 Mar 2024 1.28.0
This is a feature and bugfix release.
Features:
- Emit warnings when deprecated c-ares functions are used.
This can be disabled by passing a compiler definition of
`CARES_NO_DEPRECATED`.
- Add function `ares_search_dnsrec()` to search for records using the
new DNS record data structures.
- Rework internals to pass around `ares_dns_record_t` instead of binary
data, this introduces new public functions of `ares_query_dnsrec()`
and `ares_send_dnsrec()`.
Changes:
- tests: when performing simulated queries, reduce timeouts to make
tests run faster
- Replace configuration file parsers with memory-safe parser.
- Remove `acountry` completely, the manpage might still get installed
otherwise.
Bugfixes:
- CMake: don't overwrite global required libraries/definitions/includes
which could cause build errors for projects chain building c-ares.
- On some platforms, `netinet6/in6.h` is not included by `netinet/in.h`
and needs to be included separately.
- Fix a potential memory leak in `ares_init()`.
- Some platforms don't have the `isascii()` function. Implement as a macro.
- CMake: Fix Chain building if CMAKE runtime paths not set
- NDots configuration should allow a value of zero.
22 Feb 2024 1.27.0
This is a security, feature, and bugfix release.
Security:
- Moderate. CVE-2024-25629. Reading malformatted `/etc/resolv.conf`,
`/etc/nsswitch.conf` or the `HOSTALIASES` file could result in a
crash.
Features:
- New function `ares_queue_active_queries()` to retrieve number of
in-flight queries.
- New function `ares_queue_wait_empty()` to wait for the number of
in-flight queries to reach zero.
- New `ARES_FLAG_NO_DEFLT_SVR` for `ares_init_options()` to return a
failure if no DNS servers can be found rather than attempting to use
`127.0.0.1`.
This also introduces a new ares status code of `ARES_ENOSERVER`.
Changes:
- EDNS Packet size should be 1232 as per DNS Flag Day.
Bugfixes:
- Windows DNS suffix search list memory leak.
- Fix warning due to ignoring return code of `write()`.
- CMake: don't override target output locations if not top-level.
- Fix building c-ares without thread support.
26 Jan 2024 1.26.0
This is a feature and bugfix release.
Features:
- Event Thread support. Integrators are no longer required to monitor
the file descriptors registered by c-ares for events and call
ares_process() when enabling the event thread feature via
ARES_OPT_EVENT_THREAD passed to ares_init_options().
- Added flags to are_dns_parse() to force RAW packet parsing.
Changes:
- Mark ares_fds() as deprecated.
Bugfixes:
- adig: Differentiate between internal and server errors.
- Autotools allow make to override CFLAGS/CPPFLAGS/CXXFLAGS.
- Autotools: fix building for 32bit windows due to stdcall symbol mangling.
- RR Name should not be sanity checked against the Question.
03 Jan 2024 1.25.0
This is a maintenance release.
Changes:
- AutoTools: rewrite build system to be lighter weight and fix issues in
some semi-modern systems.
It is likely this has broken building on some less common and legacy
OSs, please report issues.
- Rewrite ares_strsplit() as a wrapper for ares__buf_split() for memory
safety reasons.
- The ahost utility now uses ares_getaddrinfo() and returns both IPv4
and IPv6 addresses by default.
- OpenBSD: Add SOCK_DNS flag when creating socket.
Bug Fixes:
- Tests: Live reverse lookups for Google's public DNS servers no longer
return results, replace with CloudFlare pubic DNS servers.
- MacOS legacy SDKs require sys/socket.h before net/if.h
- Connection failures should increment the server failure count first or
a retry might be enqueued to the same server.
- On systems that don't implement the ability to enumerate network
interfaces the stubs used the wrong prototype.
- Fix minor warnings and documentation typos.
- Fix support for older GoogleTest versions.
- getrandom() may require sys/random.h on some systems.
- Fix building tests with symbol hiding enabled.
17 Dec 2023 1.24.0
This is a feature and bugfix release.
Features:
- Add support for IPv6 link-local DNS servers.
Nameserver formats can now accept the %iface suffix, and a new
ares_get_servers_csv() function was added to return servers that can
contain the link-local interface name.
Changes:
- Unbundle GoogleTest for test cases. Package maintainers will now need
to require GoogleTest (GMock) as a build dependency if building tests.
New GoogleTest versions require C++14 or later.
- Replace nameserver parsing code to use new memory-safe functions.
- Replace the sortlist parser with new memory-safe functions.
- Various warning fixes and dead code removal.
Bug Fixes:
- Old Linux versions require POSIX_C_SOURCE or _GNU_SOURCE to compile
with thread safety support.
- A non-responsive DNS server that caused timeouts wouldn't increment
the failure count, this would lead to other servers not being tried.
Regression introduced in 1.22.0.
- Some projects that depend on c-ares expect invalid parameter option
values passed into ares_init_options() to simply be ignored. This
behavior has been restored.
- On linux getrandom() can fail if the kernel doesn't support the
syscall, fall back to another random source.
- ares_cancel() when performing ares_gethostbyname() or
ares_getaddrinfo() with AF_UNSPEC, if called after one address class
was returned but before the other address class, it would return
ARES_SUCCESS rather than ARES_ECANCELLED.
30 Nov 2023 1.23.0
This is a feature and bugfix release.
Features:
- Introduce optional (but on by default) thread-safety for the c-ares
library. This has no API nor ABI implications.
- resolv.conf in modern systems uses attempts and timeouts options
instead of the old retrans and retry options.
- Query caching support based on TTL of responses. Can be enabled via
ares_init_options() with ARES_OPT_QUERY_CACHE.
Bug Fixes:
- ares_init_options() for ARES_OPT_UDP_PORT and ARES_OPT_TCP_PORT accept
the port in host byte order, but it was reading it as network byte
order. Regression introduced in 1.20.0.
- ares_init_options() for ARES_FLAG_NOSEARCH was not being honored for
ares_getaddrinfo() or ares_gethostbyname(). Regression introduced in
1.16.0.
- Autotools MacOS and iOS version check was failing
- Environment variables passed to c-ares are meant to be an override for
system configuration. Regression introduced in 1.22.0.
- Spelling fixes as detected by codespell.
- The timeout returned by ares_timeout() was truncated to milliseconds
but validated to microseconds which could cause a user to attempt to
process timeouts prior to the timeout actually expiring.
- CMake was not honoring CXXFLAGS passed in via the environment which
could cause compile and link errors with distribution hardening flags
during packaging.
- Fix Windows UWP and Cygwin compilation.
- ares_set_servers_*() for legacy reasons needs to accept an empty
server list and zero out all servers. This results in an inoperable
channel and thus is only used in simulation testing, but we don't want
to break users. Regression introduced in 1.21.0.
19 Nov 2023 1.22.1
This is a bugfix release.
Bug Fixes:
- Fix /etc/hosts processing performance with all entries using same IP
address. Large hosts files using the same IP address for all entries
could use exponential time.
- Fix typos in manpages
- Fix OpenWatcom building
14 Nov 2023 1.22.0
This is a feature release with some significant internal changes.
Features:
- ares_reinit() is now implemented to re-read any system configuration
and immediately apply to an existing ares channel
- The adig command line program has been rewritten and its format now
more closely matches that of BIND's dig utility
- The new DNS message parser and writer functions have now been made public
- RFC9460 HTTPS and SVCB records are now supported
- RFC6698 TLSA records are now supported
- The server list is now internally dynamic and can be changed without
impacting existing queries
- Hosts file processing is now cached until the file is detected to be
changed to speed up repetitive lookups of large hosts files
Changes:
- Internally all DNS messages are now written using the new DNS writing
functions
- EDNS is now enabled by default
- Internal cleanups in function prototypes
Bug Fixes:
- Randomize retry penalties to prevent thundering herd issues when dns
servers throttle requests
- Fix Windows build error for missing if_indextoname()
27 Oct 2023 1.21.0
This is a bugfix and cleanup release with some significant internal changes.
Changes:
- Provide better man page cross-links.
- Introduce ares_status_t as an enum rather than using #define list and
integer data type for internal functions.
- Introduce ares_bool_t datatype rather than using an integer with 0/1
so it is clear based on the function prototype what it returns.
- Increase compiler warning levels by default.
- Use size_t and other more proper datatypes internally (rather than int).
- Many developers have used different code styles over the years,
standardize on one and use clang-format to enforce the style.
- CMake can now control symbol visibility
- Replace multiple DNS hand-made parsers with new memory-safe DNS
message parser.
Bug Fixes:
- Tools: STAYOPEN flag could make tools not terminate.
- Socket callbacks were passed SOCK_STREAM instead of SOCK_DGRAM on udp.
08 Oct 2023 1.20.1
This release resolves a significant issue in the 1.20.0 release.
Bug fixes:
- Resolve use-after-free issue when TCP connection is terminated before
a response is returned
- Reduce number of queries for a load test case to prevent overloading
some build systems
- Fix fuzz test build target
07 Oct 2023 1.20.0
This is a feature and bugfix release with some significant internal changes.
Changes:
- Update from 1989 MIT license text to modern MIT license text
- Remove acountry from built tools as nerd.dk is gone
- Add new ARES_OPT_UDP_MAX_QUERIES configuration option to limit the
number of queries that can be made from a single ephemeral port
- Default per-query timeout has been reduced to 2s with a 3x retry count
- Modernization: start implementing some common data structures that are
easy to use and hard to misuse. This will make code refactoring easier
and remove some varied implementations in use. This change also makes
ares_timeout() more efficient
- Use SPDX identifiers and a REUSE CI job to verify
- rand: add support for getrandom()
Bug fixes:
- TCP back to back queries were broken
- Ensure queries for ares_getaddrinfo() are not requeued during destruction
- ares_getaddrinfo() should not retry other address classes if one
address class has already been returned
- Avoid production ill-formed result when qualifying a name with the
root domain
- Fix missing prefix for CMake generated libcares.pc [10] - DNS server
ports will now be read from system configuration instead of defaulting
to port 53
- Remove some unreachable code
- Replace usages of sprintf with snprintf
- Fix Watcom instructions and update Windows URLs
28 Jan 2023 1.19.0
This is a feature and bugfix release.
It addresses a couple of new feature requests as well as a couple of bug fixes.
Security:
- Low. Stack overflow in ares_set_sortlist() which is used during c-ares
initialization and typically provided by an administrator and not an
end user.
Changes:
- Windows: Drop support for XP and derivatives which greatly cleans up
initialization code.
- Add ARES_OPT_HOSTS_FILE similar to ARES_OPT_RESOLVCONF for specifying
a custom hosts file location.
- Add vcpkg installation instructions
Bug fixes:
- Fix cross-compilation from Windows to Linux due to CPACK logic.
- Fix memory leak in reading /etc/hosts when using localhost fallback.
- Fix chain building c-ares when libresolv is already included by
another project
- File lookup should not immediately abort as there may be other tries
due to search criteria.
- Asterisks should be allowed in host validation as CNAMEs may reference
wildcard domains
- AutoTools build system referenced bad STDC_HEADERS macro
- Even if one address class returns a failure for ares_getaddrinfo() we
should still return the results we have
- CMake Windows: DLLs did not include resource file to include versions
- CMake: Guard target creation in exported config
- Fix ares_getaddrinfo() numerical address resolution with AF_UNSPEC
- Apple: fix libresolv configured query times.
- Fix tools and help information
- Various documentation fixes and cleanups
- Add include guards to ares_data.h
- c-ares could try to exceed maximum number of iovec entries supported
by system
- CMake package config generation allow for absolute install paths
- Intel compiler fixes
- ares_strsplit bugs
- The RFC6761 6.3 states localhost subdomains must be offline too.
26 Oct 2021 1.18.1
This is an urgent bugfix release for a regression made in 1.18.0.
Bug fixes:
- ares_getaddrinfo() would return ai_addrlen of 16 for ipv6 addresses
rather than the sizeof(struct sockaddr_in6)
25 Oct 2021 1.18.0
This is a feature and bugfix release. It addresses a couple of new
feature requests as well as a couple of bug fixes.
Changes:
- Add support for URI(Uniform Resource Identifier) records via
ares_parse_uri_reply()
- Provide ares_nameser.h as a public interface as needed by NodeJS
- Update URLs from c-ares.haxx.se to c-ares.org
- During a domain search, treat ARES_ENODATA as ARES_NXDOMAIN so that
the search process will continue to the next domain in the search.
- Turn ares_gethostbyname() into a wrapper for ares_getaddrinfo() as
they followed very similar code paths and ares_gethostbyaddr() has
some more desirable features such as priority sorting and parallel
queries for AF_UNSPEC.
- ares_getaddrinfo() now contains a name element in the address info
structure as the last element. This is not an API or ABI break due to
the structure always being internally allocated and it being the last
element.
- ares_parse_a_reply() and ares_parse_aaaa_reply() were nearly
identical, those now use the same helper functions for parsing rather
than having their own code.
- RFC6761 Section 6.3 says "localhost" lookups need to be special cased
to return loopback addresses, and not forward queries to recursive dns
servers. On Windows this now returns all loopback addresses, on other
systems it returns 127.0.0.1 or ::1 always, and will never forward a
request for "localhost" to outside DNS servers.
- Haiki: port
Bug fixes:
- add build to .gitignore
- z/OS minor update, add missing semicolon in ares_init.c
- Fix building when latest ax_code_coverage.m4 is imported
- Work around autotools 'error: too many loops' and other newer
autotools import related bugs.
- MinGW cross builds need advapi32 link as lower case
- Cygwin build fix due to containing both socket.h and winsock2.h
- ares_expand_name should allow underscores (_) as SRV records
legitimately use them
- Allow '/' as a valid character for a returned name for CNAME
in-addr.arpa delegation
- ares_getaddrinfo() was not honoring HOSTALIASES
- ares_getaddrinfo() had some test cases disabled due to a bug in the
test framework itself which has now been resolved
- Due to Travis-CI becoming unfriendly to open-source, Cirrus-CI has now
been brought online for automated unit testing.
10 Aug 2021 1.17.2
Security:
- NodeJS passes NULL for addr and 0 for addrlen to
ares_parse_ptr_reply() on systems where malloc(0) returns NULL. This
would cause a crash.
- When building c-ares with CMake, the RANDOM_FILE would not be set and
therefore downgrade to the less secure random number generator
- If ares_getaddrinfo() was terminated by an ares_destroy(), it would
cause a crash
- Crash in sortaddrinfo() if the list size equals 0 due to an unexpected
DNS response
- Expand number of escaped characters in DNS replies as per RFC1035 5.1
to prevent spoofing follow-up
- Perform validation on hostnames to prevent possible XSS due to
applications not performing valiation themselves
Changes:
- Use non-blocking /dev/urandom for random data to prevent early startup
performance issues
- z/OS port
- ares_malloc(0) is now defined behavior (returns NULL) rather than
system-specific to catch edge cases
Bug fixes:
- Fuzz testing files were not distributed with official archives
- Building tests should not force building of static libraries except on
Windows
- Windows builds of the tools would fail if built as static due to a
missing CARES_STATICLIB definition
- Relative headers must use double quotes to prevent pulling in a system
library
- Fix OpenBSD building by implementing portability updates for including
arpa/nameser.h
- Fix building out-of-tree for autotools
- Make install on MacOS/iOS with CMake was missing the bundle
destination so libraries weren’t actually installed
- Fix retrieving DNS server configuration on MacOS and iOS if the
configuration did not include search domains
- ares_parse_a_reply and ares_parse_aaa_reply were erroneously using
strdup() instead of ares_strdup()
19 Nov 2020 1.17.1
Fixes packaging issues in 1.17.0.
16 Nov 2020 1.17.0
Security:
- avoid read-heap-buffer-overflow in ares_parse_soa_reply found during fuzzing
- Avoid theoretical buffer overflow in RC4 loop comparison
- Empty hquery->name could lead to invalid memory access -
ares_parse_{a,aaaa}_reply() could return a larger *naddrttls than was
passed in
Changes:
- Update help information for adig, acountry, and ahost
- Test Suite now uses dynamic system-assigned ports rather than
hardcoded ports to prevent failures in containers
- Detect remote DNS server does not support EDNS using rules from RFC 6891
- Source tree has been reorganized to use a more modern layout
- Allow parsing of CAA Resource Record
Bug fixes:
- readaddrinfo bad sizeof()
- Test cases should honor HAVE_WRITEV flag, not depend on WIN32
- FQDN with trailing period should be queried first
- ares_getaddrinfo() was returning members of the struct as garbage
values if unset, and was not honoring ai_socktype and ai_protocol
hints.
- ares_gethostbyname() with AF_UNSPEC and an ip address would fail
- Properly document ares_set_local_ip4() uses host byte order
--
Take care. Thanks, Brian Inglis Calgary, Alberta, Canada
La perfection est atteinte Perfection is achieved
non pas lorsqu'il n'y a plus rien à ajouter not when there is no more to add
mais lorsqu'il n'y a plus rien à retrancher but when there is no more to cut
-- Antoine de Saint-Exupéry
