forked from nodejs/node
-
Notifications
You must be signed in to change notification settings - Fork 4
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
PR-URL: nodejs#48115 Backport-PR-URL: https://github.com/nodejs-private/node-private/pull/437 Reviewed-By: Michaël Zasso <targos@protonmail.com> Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com> Reviewed-By: Rich Trott <rtrott@gmail.com> # Conflicts: # deps/cares/CHANGES # deps/cares/CMakeLists.txt # deps/cares/RELEASE-NOTES # deps/cares/aminclude_static.am # deps/cares/configure # deps/cares/configure.ac # deps/cares/include/ares_version.h # deps/cares/src/lib/Makefile.in # deps/cares/src/lib/ares_data.h # deps/cares/src/lib/ares_destroy.c # deps/cares/src/lib/ares_getaddrinfo.c # deps/cares/src/lib/ares_init.c # deps/cares/src/lib/ares_strsplit.c
- Loading branch information
Showing
37 changed files
with
3,764 additions
and
1,797 deletions.
There are no files selected for viewing
Large diffs are not rendered by default.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,85 +1,57 @@ | ||
c-ares version 1.18.1 | ||
c-ares version 1.19.1 | ||
|
||
This is an urgent bugfix release for a regression made in 1.18.0. | ||
This is a security and bugfix release. | ||
|
||
Bug fixes: | ||
o ares_getaddrinfo() would return ai_addrlen of 16 for ipv6 | ||
adddresses rather than the sizeof(struct sockaddr_in6) | ||
|
||
|
||
|
||
c-ares version 1.18.0 | ||
|
||
This is a feature and bugfix release. It addresses a couple of new feature | ||
requests as well as a couple of bug fixes. | ||
A special thanks goes out to the Open Source Technology Improvement Fund | ||
(https://ostif.org) for sponsoring a security audit of c-ares performed by X41 | ||
(https://x41-dsec.de). | ||
|
||
Changes: | ||
o Add support for URI(Uniform Resource Identifier) records via | ||
ares_parse_uri_reply() [1] | ||
o Provide ares_nameser.h as a public interface as needed by NodeJS [5] | ||
o Update URLs from c-ares.haxx.se to c-ares.org [9] | ||
o During a domain search, treat ARES_ENODATA as ARES_NXDOMAIN so that the | ||
search process will continue to the next domain in the search. [11] | ||
o Turn ares_gethostbyname() into a wrapper for ares_getaddrinfo() as they | ||
followed very similar code paths and ares_gethostbyaddr() has some more | ||
desirable features such as priority sorting and parallel queries for | ||
AF_UNSPEC. [12] | ||
o ares_getaddrinfo() now contains a name element in the address info | ||
structure as the last element. This is not an API or ABI break due to | ||
the structure always being internally allocated and it being the last | ||
element. [12] | ||
o ares_parse_a_reply() and ares_parse_aaaa_reply() were nearly identical, those | ||
now use the same helper functions for parsing rather than having their own | ||
code. [12] | ||
o RFC6761 Section 6.3 says "localhost" lookups need to be special cased to | ||
return loopback addresses, and not forward queries to recursive dns servers. | ||
On Windows this now returns all loopback addresses, on other systems it | ||
returns 127.0.0.1 or ::1 always, and will never forward a request for | ||
"localhost" to outside DNS servers. [13] | ||
o Haiki: port [14] | ||
Security: | ||
o CVE-2023-32067. High. 0-byte UDP payload causes Denial of Service [12] | ||
o CVE-2023-31147. Moderate. Insufficient randomness in generation of DNS | ||
query IDs [13] | ||
o CVE-2023-31130. Moderate. Buffer Underwrite in ares_inet_net_pton() [14] | ||
o CVE-2023-31124. Low. AutoTools does not set CARES_RANDOM_FILE during cross | ||
compilation [15] | ||
|
||
Bug fixes: | ||
o add build to .gitignore [2] | ||
o z/OS minor update, add missing semicolon in ares_init.c [3] | ||
o Fix building when latest ax_code_coverage.m4 is imported [4] | ||
o Work around autotools 'error: too many loops' and other newer autotools | ||
import related bugs. | ||
o MinGW cross builds need advapi32 link as lower case [6] | ||
o Cygwin build fix due to containing both socket.h and winsock2.h [7] | ||
o ares_expand_name should allow underscores (_) as SRV records legitimately use | ||
them [8] | ||
o Allow '/' as a valid character for a returned name for CNAME in-addr.arpa | ||
delegation [10] | ||
o ares_getaddrinfo() was not honoring HOSTALIASES [12] | ||
o ares_getaddrinfo() had some test cases disabled due to a bug in the test | ||
framework itself which has now been resolved [12] | ||
o Due to Travis-CI becoming unfriendly to open-source, Cirrus-CI has now been | ||
brought online for automated unit testing. | ||
o Fix uninitialized memory warning in test [1] | ||
o Turn off IPV6_V6ONLY on Windows to allow IPv4-mapped IPv6 addresses [2] | ||
o ares_getaddrinfo() should allow a port of 0 [3] | ||
o Fix memory leak in ares_send() on error [4] | ||
o Fix comment style in ares_data.h [5] | ||
o Remove unneeded ifdef for Windows [6] | ||
o Fix typo in ares_init_options.3 [7] | ||
o Re-add support for Watcom compiler [8] | ||
o Sync ax_pthread.m4 with upstream [9] | ||
o Windows: Invalid stack variable used out of scope for HOSTS path [10] | ||
o Sync ax_cxx_compile_stdcxx_11.m4 with upstream to fix uclibc support [11] | ||
|
||
Thanks go to these friendly people for their efforts and contributions: | ||
Biswapriyo Nath (@Biswa96) | ||
Brad House (@bradh352) | ||
Daniel Bevenius (@danbev) | ||
@Chilledheart | ||
Daniel Stenberg (@bagder) | ||
Dhrumil Rana (@dhrumilrana) | ||
Felix Yan (@felixonmars) | ||
Jérôme Duval (@korli) | ||
Martin Holeš (@martin-256) | ||
Sinan Kaya | ||
Douglas R. Reno (@renodr) | ||
Gregor Jasny (@gjasny) | ||
Jay Freeman (@saurik) | ||
@lifenjoiner | ||
Nikolaos Chatzikonstantinou (@createyourpersonalaccount) | ||
Yijie Ma (@yijiem) | ||
(9 contributors) | ||
|
||
References to bug reports and discussions on issues: | ||
[1] = https://github.com/c-ares/c-ares/pull/411 | ||
[2] = https://github.com/c-ares/c-ares/pull/410 | ||
[3] = https://github.com/c-ares/c-ares/pull/414 | ||
[4] = https://github.com/c-ares/c-ares/pull/418 | ||
[5] = https://github.com/c-ares/c-ares/pull/417 | ||
[6] = https://github.com/c-ares/c-ares/pull/420 | ||
[7] = https://github.com/c-ares/c-ares/pull/422 | ||
[8] = https://github.com/c-ares/c-ares/issues/424 | ||
[9] = https://github.com/c-ares/c-ares/issues/423 | ||
[10] = https://github.com/c-ares/c-ares/issues/427 | ||
[11] = https://github.com/c-ares/c-ares/issues/426 | ||
[12] = https://github.com/c-ares/c-ares/pull/428 | ||
[13] = https://github.com/c-ares/c-ares/pull/430 | ||
[14] = https://github.com/c-ares/c-ares/pull/431 | ||
[1] = https://github.com/c-ares/c-ares/pull/515 | ||
[2] = https://github.com/c-ares/c-ares/pull/520 | ||
[3] = https://github.com/c-ares/c-ares/issues/517 | ||
[4] = https://github.com/c-ares/c-ares/pull/511 | ||
[5] = https://github.com/c-ares/c-ares/pull/513 | ||
[6] = https://github.com/c-ares/c-ares/pull/512 | ||
[7] = https://github.com/c-ares/c-ares/pull/510 | ||
[8] = https://github.com/c-ares/c-ares/pull/509 | ||
[9] = https://github.com/c-ares/c-ares/pull/507 | ||
[10] = https://github.com/c-ares/c-ares/pull/502 | ||
[11] = https://github.com/c-ares/c-ares/pull/505 | ||
[12] = https://github.com/c-ares/c-ares/security/advisories/GHSA-9g78-jv2r-p7vc | ||
[13] = https://github.com/c-ares/c-ares/security/advisories/GHSA-8r8p-23f3-64c2 | ||
[14] = https://github.com/c-ares/c-ares/security/advisories/GHSA-x6mf-cxr9-8q6v | ||
[15] = https://github.com/c-ares/c-ares/security/advisories/GHSA-54xr-f67r-4pc4 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.