Test: libcares-devel/2 1.34.5 (TEST) - Curl Asynchronous RESolver library
Cygwin cares Maintainer
brian.inglis@systematicsw.ab.ca
Sat May 3 21:46:31 GMT 2025
Hi folks,
As nobody has said anything so far, I will be untest-ing this package to make it
current stable!
On 2025-04-12 15:52, Cygwin cares Maintainer via Cygwin-apps wrote:
> This package underlies most of the Cygwin downloaders I am aware of and
> maintain, and also a lot of other async or parallel network packages, including
> cygport, git, TeXlive, and other doc packages.
>
> This large version jump with no .so version/ABI/DLL change and *without Google
> gmock/gtest test suite* carries a lot of risks:
>
> Version Arch Size Date Status Files
> 1.16.1-1 src 1343 KiB 2024-11-10 16:51 stable https://cygwin.com/packages/
> x86_64/c-ares-src/c-ares-1.16.1-1-src
> 1.34.5-0 src 992 KiB 2025-04-12 18:07 test https://cygwin.com/packages/x86_64/
> c-ares-src/c-ares-1.34.5-0-src
>
> A full set of release notes has been included in the announcement (copied below)
> due to the many versions skipped, and the many packages impacted:
>
> $ cygcheck-dep -qN libcares2
> libcares2: is recursively needed for ( aria2 asciidoc biber cygcheck-dep
> cygport dblatex djvulibre docbook-utils geoipupdate gnome-common gtk-doc html2ps
> libcares-devel nghttp2 preview-latex pwget texinfo-tex texlive-collection-basic
> texlive-collection-bibtexextra texlive-collection-binextra
> texlive-collection-fontsextra texlive-collection-fontsrecommended
> texlive-collection-fontutils texlive-collection-formatsextra
> texlive-collection-htmlxml texlive-collection-latex
> texlive-collection-latexextra texlive-collection-latexrecommended
> texlive-collection-mathscience texlive-collection-pictures
> texlive-collection-plaingeneric texlive-collection-xetex wget xhtml2ps xmlto )
>
> Please try to make time to rebuild affected packages and rerun their test suites
> with the test -devel and DLL packages installed.
>
> If for any reason anyone wants to rebuild c-ares from src, it requires Takashi's
> latest patch to sys/unistd.h, which stops me from building yet on Scallywag CI
> until that is promoted in a stable release!
>
> [CCed Jari as he may no longer be following the lists and pwget may be impacted]
>
> On 2025-04-12 15:01, Cygwin cares Maintainer via Cygwin-announce wrote:
>> Curl Asynchronous RESolver library for applications which
>> need to perform DNS queries without blocking, or
>> need to perform multiple DNS queries in parallel.
>> Primary applications are servers with multiple clients and GUI programs.
>>
>> For more information see the project home page:
>>
>> https://c-ares.org/
>>
>> The following *TEST* packages have been released in the Cygwin distribution:
>>
>> - libcares-devel 1.34.5
>> - libcares2 1.34.5
>>
>> No build check is possible as Google gtest and gmock are required
>> but not available for Cygwin.
>>
>> Please test these packages as extensively as possible (especially if you
>> are a Cygwin package maintainer) as libcares is used in many libraries
>> and utilities, including all network downloaders and their libraries:
>> aria2c, curl, wget, wget2; and many TeXlive packages.
>>
>> Package maintainers should install this test release and rerun checks
>> of as many libraries and packages depending on libcares as possible.
>>
>> I have it locally installed so it is getting used by commands, scripts,
>> cron jobs, and cygport builds, and has and is getting frequent exercise
>> with no apparent issues so far.
>> If no issues are reported within a couple of weeks the package will be
>> upgraded to current.
>>
>> As there are many versions since the previous Cygwin release, see below or:
>>
>> https://c-ares.org/changelog.html
>>
>>
>> 08 Apr 2025 1.34.5
>>
>> This is a security release.
>>
>> Security:
>>
>> - CVE-2025-31498. A use-after-free bug has been uncovered in
>> read_answers() that was introduced in v1.32.3.
>> Please see
>> https://github.com/c-ares/c-ares/security/advisories/GHSA-6hxc-62jh-p29v
>>
>> Changes:
>>
>> - Restore Windows XP support.
>>
>> Bugfixes:
>>
>> - A missing mutex initialization would make busy polling for configuration
>> changes (platforms other than Windows, Linux, MacOS) eat too much CPU
>> - Pkgconfig may be generated wrong for static builds in relation to `-pthread`
>> - Localhost resolution can fail if only one address family is in `/etc/hosts`
>>
>>
>> 14 Dec 2024 1.34.4
>>
>> This is a bugfix release.
>>
>> Changes:
>>
>> - QNX Port: Port to QNX 8, add primary config reading support, add CI build.
>>
>> Bugfixes:
>>
>> - Empty TXT records were not being preserved.
>> - docs: update deprecation notices for `ares_create_query()` and
>> `ares_mkquery()`.
>> - license: some files weren't properly updated.
>> - Fix bind local device regression from 1.34.0.
>> - CMake: set policy version to prevent deprecation warnings.
>> - CMake: shared and static library names should be the same on unix
>> platforms like autotools uses.
>> - Update to latest autoconf archive macros for enhanced system compatibility.
>>
>>
>> 09 Nov 2024 1.34.3
>>
>> This is a bugfix release.
>>
>> Changes:
>>
>> - Build the release package in an automated way so we can provide
>> provenance as per [SLSA3](https://slsa.dev/).
>>
>> Bugfixes:
>>
>> - Some upstream servers are non-compliant with EDNS options, resend
>> queries without EDNS.
>> - Android: <=7 needs sys/system_properties.h
>> - Android: CMake needs `-D_GNU_SOURCE` and others.
>> - TSAN warns on missing lock, but lock isn't actually necessary.
>> - `ares_getaddrinfo()` for `AF_UNSPEC` should retry IPv4 if only IPv6 is
>> received.
>> - `ares_send()` shouldn't return `ARES_EBADRESP`, its `ARES_EBADQUERY`.
>> - Fix typos in man pages.
>>
>>
>> 15 Oct 2024 1.34.2
>>
>> - This release contains a fix for downstream packages detecting the
>> c-ares version based on the contents of the header file rather than
>> the distributed pkgconf or cmake files.
>>
>>
>> 09 Oct 2024 1.34.1
>>
>> - This release fixes a packaging issue in 1.34.0.
>>
>>
>> 09 Oct 2024 1.34.0
>>
>> This is a feature and bugfix release.
>>
>> Features:
>>
>> - adig: read arguments from adigrc.
>> - Add new pending write callback optimization via `ares_set_pending_write_cb`.
>> - New function `ares_process_fds()`.
>> - Failed servers should be probed rather than redirecting queries which
>> could cause unexpected latency.
>> - adig: rework command line arguments to mimic dig from bind.
>> - Add new method for overriding network functions
>> `ares_set_socket_function_ex()` to properly support all new
>> functionality.
>> - Fix regression with custom socket callbacks due to DNS cookie support.
>> - ares_socket: set IP_BIND_ADDRESS_NO_PORT on ares_set_local_ip* tcp sockets
>> - URI parser/writer for ares_set_servers_csv()/ares_get_servers_csv().
>>
>> Changes:
>>
>> - Connection handling modularization.
>> - Expose library/utility functions to tools.
>> - Remove `ares__` prefix, just use `ares_` for internal functions.
>>
>> Bugfixes:
>>
>> - fix: potential WIN32_LEAN_AND_MEAN redefinition.
>> - Fix googletest v1.15 compatibility.
>> - Fix pkgconfig thread dependencies.
>>
>>
>> 23 Aug 2024 1.33.1
>>
>> This is a bugfix release.
>>
>> Bugfixes:
>>
>> - Work around systemd-resolved quirk that returns unexpected codes for
>> single label names. Also adds test cases to validate the work around
>> works and will continue to work in future releases.
>> See Also https://github.com/systemd/systemd/issues/34101
>> - Fix sysconfig ndots default value, also adds containerized test case
>> to prevent future regressions.
>> - Fix blank DNS name returning error code rather than valid record for
>> commands like: `adig -t SOA .`. Also adds test case to prevent future
>> regressions.
>> - Fix calculation of query times > 1s.
>> - Fix building on old Linux releases that don't have `TCP_FASTOPEN_CONNECT`.
>> - Fix minor Android build warnings.
>>
>>
>> 02 Aug 2024 1.33.0
>>
>> This is a feature and bugfix release.
>>
>> Features:
>>
>> - Add DNS cookie support (RFC7873 + RFC9018) to help prevent off-path
>> cache poisoning attacks.
>> - Implement TCP FastOpen (TFO) RFC7413, which will make TCP reconnects
>> 0-RTT on supported systems.
>>
>> Changes:
>>
>> - Reorganize source tree.
>> - Refactoring of connection handling to prevent code duplication.
>> - New dynamic array data structure to prevent simple logic flaws in
>> array handling in various code paths.
>>
>> Bugfixes:
>>
>> - `ares_destroy()` race condition during shutdown due to missing lock.
>> - Android: Preserve thread name after attaching it to JVM.
>> - Windows UWP (Store) support fix.
>>
>>
>> 24 Jul 2024 1.32.3
>>
>> This is a bugfix release.
>>
>> Changes:
>>
>> - Prevent complex recursion during query requeuing and connection
>> cleanup for stability.
>> - Better propagate error codes on requeue situations.
>> - Try to prevent SIGPIPE from being generated and delivered to integrations.
>>
>> Bugfixes:
>>
>> - Missing manpage for `ares_dns_record_set_id()`
>> - Memory leak in `ares__hosts_entry_to_hostent()` due to allocation strategy.
>> - UDP write failure detected via ICMP unreachable should trigger faster
>> failover.
>> - Fix pycares test case regression due to wrong error code being
>> returned. Regression from 1.31.0.
>> - Fix possible Windows crash during `ares_destroy()` when using event threads.
>> - `ARES_OPT_MAXTIMEOUTMS` wasn't being honored in all cases.
>>
>>
>> 15 Jul 2024 1.32.2
>>
>> This is a bugfix release.
>>
>> Bugfixes:
>>
>> - Windows: rework EventThread AFD code for better stability.
>> - Windows: If an IP address was detected to have changed, it could lead to a
>> crash due to a bad pointer. Regression introduced in 1.31.0.
>> - Windows: use `QueryPerformanceCounters()` instead of
>> `GetTickCount64()` for better time accuracy (~15ms -> ~1us).
>> - Windows 32bit config change callback needs to be tagged as `stdcall`
>> otherwise could result in a crash.
>> - Tests that need accurate timing should not depend on internal symbols
>> as there are C++ equivalents in `std::chrono`.
>> - Kqueue (MacOS, \*BSD): If the open socket count exceeded 8 (unlikely),
>> it would try to allocate a new buffer that was too small.
>>
>>
>> 07 Jul 2024 1.32.1
>>
>> This is a bugfix release.
>>
>> Bugfixes:
>>
>> - Channel lock needs to be recursive to ensure calls into c-ares
>> functions can be made from callbacks otherwise deadlocks will occur.
>> This regression was introduced in 1.32.0.
>>
>>
>> 04 Jul 2024 1.32.0
>>
>> This is a feature and bugfix release.
>>
>> Features:
>>
>> - Add support for DNS 0x20 to help prevent cache poisoning attacks,
>> enabled by specifying `ARES_FLAG_DNS0x20`.
>> Disabled by default.
>> - Rework query timeout logic to automatically adjust timeouts based on
>> network conditions.
>> The timeout specified now is only used as a hint until there is
>> enough history to calculate a more valid timeout.
>>
>> Changes:
>>
>> - DNS RR TXT strings should not be automatically concatenated as there
>> are use cases outside of RFC 7208.
>> In order to maintain ABI compliance, the ability to retrieve TXT
>> strings concatenated is retained as well as a new API to retrieve the
>> individual strings.
>> This restores behavior from c-ares 1.20.0.
>> - Clean up header inclusion logic to make hacking on code easier.
>> - GCC/Clang: Enable even more strict warnings to catch more coding flaws.
>> - MSVC: Enable `/W4` warning level.
>>
>> Bugfixes:
>>
>> - Tests: Fix thread race condition in test cases for EventThread.
>> - Windows: Fix building with UNICODE.
>> - Thread Safety: `ares_timeout()` was missing lock.
>> - Fix building with DJGPP (32bit protected mode DOS).
>>
>>
>> 18 Jun 2024 1.31.0
>>
>> This is a maintenance and bugfix release.
>>
>> Changes:
>>
>> - Enable Query Cache by default.
>>
>> Bugfixes:
>>
>> - Enhance Windows DNS configuration change detection to also detect
>> manual DNS configuration changes.
>> - Various legacy MacOS Build fixes.
>> - Ndots value of zero in resolv.conf was not being honored.
>> - Watt-32 build support had been broken for some time.
>> - Distribute `ares_dns_rec_type_tostr` manpage.
>>
>>
>> 07 Jun 2024 1.30.0
>>
>> Important Information
>>
>> 1. The c-ares.org website is now hosted by GitHub Pages, links to
>> downloads have changed to the GitHub release artifact URLs. If you were
>> previously relying on packaging scripts downloading from
>> https://c-ares.org (or legacy https://c-ares.haxx.se), please update
>> your scripts as appropriate.
>> 2. A new signing key was used to generate the signature for this
>> release. Please see the valid PGP / GPG signing keys on the
>> [download](https://c-ares.org/download/) page or in the repository
>> [README](https://github.com/c-ares/c-ares/blob/main/README.md#release-keys).
>>
>> Release Notes
>>
>> This is a maintenance and bugfix release.
>>
>> Features:
>>
>> - Basic support for SIG RR record (RFC 2931 / RFC 2535)
>>
>> Changes:
>>
>> - Validation that DNS strings can only consist of printable ascii
>> characters otherwise will trigger a parse failure.
>> - Windows: use `GetTickCount64()` for a monotonic timer that does not wrap.
>>
>> Bugfixes:
>>
>> - QueryCache: Fix issue where purging on server changes wasn't working.
>> - Windows: Fix Y2K38 issue by creating our own `ares_timeval_t` datatype.
>> - Fix packaging issue affecting MacOS due to a missing header.
>> - MacOS: Fix UBSAN warnings that are likely meaningless due to alignment
>> issues in new MacOS config reader.
>> - Android: arm 32bit build failure due to missing symbol.
>>
>>
>> 23 May 2024 1.29.0
>>
>> This is a feature and bugfix release.
>>
>> Features:
>>
>> - When using `ARES_OPT_EVENT_THREAD`, automatically reload system
>> configuration when network conditions change.
>> - Apple: reimplement DNS configuration reading to more accurately pull
>> DNS settings.
>> - Add observability into DNS server health via a server state callback,
>> invoked whenever a query finishes.
>> - Add server failover retry behavior, where failed servers are retried
>> with small probability after a minimum delay.
>>
>> Changes:
>>
>> - Mark `ares_channel_t *` as const in more places in the public API.
>>
>> Bugfixes:
>>
>> - Due to a logic flaw dns name compression writing was not properly
>> implemented which would result in the name prefix not being written
>> for a partial match.
>> This could cause issues in various record types such as MX records
>> when using the deprecated API. Regression introduced in 1.28.0.
>> - Revert OpenBSD `SOCK_DNS` flag, it doesn't do what the docs say it
>> does and causes c-ares to become non-functional.
>> - `ares_getnameinfo()`: loosen validation on `salen` parameter.
>> - cmake: Android requires C99.
>> - `ares_queue_wait_empty()` does not honor timeout_ms >= 0.
>>
>>
>> 30 Mar 2024 1.28.1
>>
>> This release contains a fix for a single significant regression introduced
>> in c-ares 1.28.0.
>>
>> - `ares_search()` and `ares_getaddrinfo()` resolution fails if no search
>> domains are specified.
>>
>>
>> 29 Mar 2024 1.28.0
>>
>> This is a feature and bugfix release.
>>
>> Features:
>>
>> - Emit warnings when deprecated c-ares functions are used.
>> This can be disabled by passing a compiler definition of
>> `CARES_NO_DEPRECATED`.
>> - Add function `ares_search_dnsrec()` to search for records using the
>> new DNS record data structures.
>> - Rework internals to pass around `ares_dns_record_t` instead of binary
>> data, this introduces new public functions of `ares_query_dnsrec()`
>> and `ares_send_dnsrec()`.
>>
>> Changes:
>>
>> - tests: when performing simulated queries, reduce timeouts to make
>> tests run faster
>> - Replace configuration file parsers with memory-safe parser.
>> - Remove `acountry` completely, the manpage might still get installed
>> otherwise.
>>
>> Bugfixes:
>>
>> - CMake: don't overwrite global required libraries/definitions/includes
>> which could cause build errors for projects chain building c-ares.
>> - On some platforms, `netinet6/in6.h` is not included by `netinet/in.h`
>> and needs to be included separately.
>> - Fix a potential memory leak in `ares_init()`.
>> - Some platforms don't have the `isascii()` function. Implement as a macro.
>> - CMake: Fix Chain building if CMAKE runtime paths not set
>> - NDots configuration should allow a value of zero.
>>
>>
>> 22 Feb 2024 1.27.0
>>
>> This is a security, feature, and bugfix release.
>>
>> Security:
>>
>> - Moderate. CVE-2024-25629. Reading malformatted `/etc/resolv.conf`,
>> `/etc/nsswitch.conf` or the `HOSTALIASES` file could result in a
>> crash.
>>
>> Features:
>>
>> - New function `ares_queue_active_queries()` to retrieve number of
>> in-flight queries.
>> - New function `ares_queue_wait_empty()` to wait for the number of
>> in-flight queries to reach zero.
>> - New `ARES_FLAG_NO_DEFLT_SVR` for `ares_init_options()` to return a
>> failure if no DNS servers can be found rather than attempting to use
>> `127.0.0.1`.
>> This also introduces a new ares status code of `ARES_ENOSERVER`.
>>
>> Changes:
>>
>> - EDNS Packet size should be 1232 as per DNS Flag Day.
>>
>> Bugfixes:
>>
>> - Windows DNS suffix search list memory leak.
>> - Fix warning due to ignoring return code of `write()`.
>> - CMake: don't override target output locations if not top-level.
>> - Fix building c-ares without thread support.
>>
>>
>> 26 Jan 2024 1.26.0
>>
>> This is a feature and bugfix release.
>>
>> Features:
>>
>> - Event Thread support. Integrators are no longer required to monitor
>> the file descriptors registered by c-ares for events and call
>> ares_process() when enabling the event thread feature via
>> ARES_OPT_EVENT_THREAD passed to ares_init_options().
>> - Added flags to are_dns_parse() to force RAW packet parsing.
>>
>> Changes:
>>
>> - Mark ares_fds() as deprecated.
>>
>> Bugfixes:
>>
>> - adig: Differentiate between internal and server errors.
>> - Autotools allow make to override CFLAGS/CPPFLAGS/CXXFLAGS.
>> - Autotools: fix building for 32bit windows due to stdcall symbol mangling.
>> - RR Name should not be sanity checked against the Question.
>>
>>
>> 03 Jan 2024 1.25.0
>>
>> This is a maintenance release.
>>
>> Changes:
>>
>> - AutoTools: rewrite build system to be lighter weight and fix issues in
>> some semi-modern systems.
>> It is likely this has broken building on some less common and legacy
>> OSs, please report issues.
>> - Rewrite ares_strsplit() as a wrapper for ares__buf_split() for memory
>> safety reasons.
>> - The ahost utility now uses ares_getaddrinfo() and returns both IPv4
>> and IPv6 addresses by default.
>> - OpenBSD: Add SOCK_DNS flag when creating socket.
>>
>> Bug Fixes:
>>
>> - Tests: Live reverse lookups for Google's public DNS servers no longer
>> return results, replace with CloudFlare pubic DNS servers.
>> - MacOS legacy SDKs require sys/socket.h before net/if.h
>> - Connection failures should increment the server failure count first or
>> a retry might be enqueued to the same server.
>> - On systems that don't implement the ability to enumerate network
>> interfaces the stubs used the wrong prototype.
>> - Fix minor warnings and documentation typos.
>> - Fix support for older GoogleTest versions.
>> - getrandom() may require sys/random.h on some systems.
>> - Fix building tests with symbol hiding enabled.
>>
>>
>> 17 Dec 2023 1.24.0
>>
>> This is a feature and bugfix release.
>>
>> Features:
>>
>> - Add support for IPv6 link-local DNS servers.
>> Nameserver formats can now accept the %iface suffix, and a new
>> ares_get_servers_csv() function was added to return servers that can
>> contain the link-local interface name.
>>
>> Changes:
>>
>> - Unbundle GoogleTest for test cases. Package maintainers will now need
>> to require GoogleTest (GMock) as a build dependency if building tests.
>> New GoogleTest versions require C++14 or later.
>> - Replace nameserver parsing code to use new memory-safe functions.
>> - Replace the sortlist parser with new memory-safe functions.
>> - Various warning fixes and dead code removal.
>>
>> Bug Fixes:
>>
>> - Old Linux versions require POSIX_C_SOURCE or _GNU_SOURCE to compile
>> with thread safety support.
>> - A non-responsive DNS server that caused timeouts wouldn't increment
>> the failure count, this would lead to other servers not being tried.
>> Regression introduced in 1.22.0.
>> - Some projects that depend on c-ares expect invalid parameter option
>> values passed into ares_init_options() to simply be ignored. This
>> behavior has been restored.
>> - On linux getrandom() can fail if the kernel doesn't support the
>> syscall, fall back to another random source.
>> - ares_cancel() when performing ares_gethostbyname() or
>> ares_getaddrinfo() with AF_UNSPEC, if called after one address class
>> was returned but before the other address class, it would return
>> ARES_SUCCESS rather than ARES_ECANCELLED.
>>
>>
>> 30 Nov 2023 1.23.0
>>
>> This is a feature and bugfix release.
>>
>> Features:
>>
>> - Introduce optional (but on by default) thread-safety for the c-ares
>> library. This has no API nor ABI implications.
>> - resolv.conf in modern systems uses attempts and timeouts options
>> instead of the old retrans and retry options.
>> - Query caching support based on TTL of responses. Can be enabled via
>> ares_init_options() with ARES_OPT_QUERY_CACHE.
>>
>> Bug Fixes:
>>
>> - ares_init_options() for ARES_OPT_UDP_PORT and ARES_OPT_TCP_PORT accept
>> the port in host byte order, but it was reading it as network byte
>> order. Regression introduced in 1.20.0.
>> - ares_init_options() for ARES_FLAG_NOSEARCH was not being honored for
>> ares_getaddrinfo() or ares_gethostbyname(). Regression introduced in
>> 1.16.0.
>> - Autotools MacOS and iOS version check was failing
>> - Environment variables passed to c-ares are meant to be an override for
>> system configuration. Regression introduced in 1.22.0.
>> - Spelling fixes as detected by codespell.
>> - The timeout returned by ares_timeout() was truncated to milliseconds
>> but validated to microseconds which could cause a user to attempt to
>> process timeouts prior to the timeout actually expiring.
>> - CMake was not honoring CXXFLAGS passed in via the environment which
>> could cause compile and link errors with distribution hardening flags
>> during packaging.
>> - Fix Windows UWP and Cygwin compilation.
>> - ares_set_servers_*() for legacy reasons needs to accept an empty
>> server list and zero out all servers. This results in an inoperable
>> channel and thus is only used in simulation testing, but we don't want
>> to break users. Regression introduced in 1.21.0.
>>
>>
>> 19 Nov 2023 1.22.1
>>
>> This is a bugfix release.
>>
>> Bug Fixes:
>>
>> - Fix /etc/hosts processing performance with all entries using same IP
>> address. Large hosts files using the same IP address for all entries
>> could use exponential time.
>> - Fix typos in manpages
>> - Fix OpenWatcom building
>>
>>
>> 14 Nov 2023 1.22.0
>>
>> This is a feature release with some significant internal changes.
>>
>> Features:
>>
>> - ares_reinit() is now implemented to re-read any system configuration
>> and immediately apply to an existing ares channel
>> - The adig command line program has been rewritten and its format now
>> more closely matches that of BIND's dig utility
>> - The new DNS message parser and writer functions have now been made public
>> - RFC9460 HTTPS and SVCB records are now supported
>> - RFC6698 TLSA records are now supported
>> - The server list is now internally dynamic and can be changed without
>> impacting existing queries
>> - Hosts file processing is now cached until the file is detected to be
>> changed to speed up repetitive lookups of large hosts files
>>
>> Changes:
>>
>> - Internally all DNS messages are now written using the new DNS writing
>> functions
>> - EDNS is now enabled by default
>> - Internal cleanups in function prototypes
>>
>> Bug Fixes:
>>
>> - Randomize retry penalties to prevent thundering herd issues when dns
>> servers throttle requests
>> - Fix Windows build error for missing if_indextoname()
>>
>>
>> 27 Oct 2023 1.21.0
>>
>> This is a bugfix and cleanup release with some significant internal changes.
>>
>> Changes:
>>
>> - Provide better man page cross-links.
>> - Introduce ares_status_t as an enum rather than using #define list and
>> integer data type for internal functions.
>> - Introduce ares_bool_t datatype rather than using an integer with 0/1
>> so it is clear based on the function prototype what it returns.
>> - Increase compiler warning levels by default.
>> - Use size_t and other more proper datatypes internally (rather than int).
>> - Many developers have used different code styles over the years,
>> standardize on one and use clang-format to enforce the style.
>> - CMake can now control symbol visibility
>> - Replace multiple DNS hand-made parsers with new memory-safe DNS
>> message parser.
>>
>> Bug Fixes:
>>
>> - Tools: STAYOPEN flag could make tools not terminate.
>> - Socket callbacks were passed SOCK_STREAM instead of SOCK_DGRAM on udp.
>>
>>
>> 08 Oct 2023 1.20.1
>>
>> This release resolves a significant issue in the 1.20.0 release.
>>
>> Bug fixes:
>>
>> - Resolve use-after-free issue when TCP connection is terminated before
>> a response is returned
>> - Reduce number of queries for a load test case to prevent overloading
>> some build systems
>> - Fix fuzz test build target
>>
>>
>> 07 Oct 2023 1.20.0
>>
>>
>> This is a feature and bugfix release with some significant internal changes.
>>
>> Changes:
>>
>> - Update from 1989 MIT license text to modern MIT license text
>> - Remove acountry from built tools as nerd.dk is gone
>> - Add new ARES_OPT_UDP_MAX_QUERIES configuration option to limit the
>> number of queries that can be made from a single ephemeral port
>> - Default per-query timeout has been reduced to 2s with a 3x retry count
>> - Modernization: start implementing some common data structures that are
>> easy to use and hard to misuse. This will make code refactoring easier
>> and remove some varied implementations in use. This change also makes
>> ares_timeout() more efficient
>> - Use SPDX identifiers and a REUSE CI job to verify
>> - rand: add support for getrandom()
>>
>> Bug fixes:
>>
>> - TCP back to back queries were broken
>> - Ensure queries for ares_getaddrinfo() are not requeued during destruction
>> - ares_getaddrinfo() should not retry other address classes if one
>> address class has already been returned
>> - Avoid production ill-formed result when qualifying a name with the
>> root domain
>> - Fix missing prefix for CMake generated libcares.pc [10] - DNS server
>> ports will now be read from system configuration instead of defaulting
>> to port 53
>> - Remove some unreachable code
>> - Replace usages of sprintf with snprintf
>> - Fix Watcom instructions and update Windows URLs
>>
>>
>> 28 Jan 2023 1.19.0
>>
>> This is a feature and bugfix release.
>> It addresses a couple of new feature requests as well as a couple of bug fixes.
>>
>> Security:
>>
>> - Low. Stack overflow in ares_set_sortlist() which is used during c-ares
>> initialization and typically provided by an administrator and not an
>> end user.
>>
>> Changes:
>>
>> - Windows: Drop support for XP and derivatives which greatly cleans up
>> initialization code.
>> - Add ARES_OPT_HOSTS_FILE similar to ARES_OPT_RESOLVCONF for specifying
>> a custom hosts file location.
>> - Add vcpkg installation instructions
>>
>> Bug fixes:
>>
>> - Fix cross-compilation from Windows to Linux due to CPACK logic.
>> - Fix memory leak in reading /etc/hosts when using localhost fallback.
>> - Fix chain building c-ares when libresolv is already included by
>> another project
>> - File lookup should not immediately abort as there may be other tries
>> due to search criteria.
>> - Asterisks should be allowed in host validation as CNAMEs may reference
>> wildcard domains
>> - AutoTools build system referenced bad STDC_HEADERS macro
>> - Even if one address class returns a failure for ares_getaddrinfo() we
>> should still return the results we have
>> - CMake Windows: DLLs did not include resource file to include versions
>> - CMake: Guard target creation in exported config
>> - Fix ares_getaddrinfo() numerical address resolution with AF_UNSPEC
>> - Apple: fix libresolv configured query times.
>> - Fix tools and help information
>> - Various documentation fixes and cleanups
>> - Add include guards to ares_data.h
>> - c-ares could try to exceed maximum number of iovec entries supported
>> by system
>> - CMake package config generation allow for absolute install paths
>> - Intel compiler fixes
>> - ares_strsplit bugs
>> - The RFC6761 6.3 states localhost subdomains must be offline too.
>>
>>
>> 26 Oct 2021 1.18.1
>>
>> This is an urgent bugfix release for a regression made in 1.18.0.
>>
>> Bug fixes:
>>
>> - ares_getaddrinfo() would return ai_addrlen of 16 for ipv6 addresses
>> rather than the sizeof(struct sockaddr_in6)
>>
>>
>> 25 Oct 2021 1.18.0
>>
>> This is a feature and bugfix release. It addresses a couple of new
>> feature requests as well as a couple of bug fixes.
>>
>> Changes:
>>
>> - Add support for URI(Uniform Resource Identifier) records via
>> ares_parse_uri_reply()
>> - Provide ares_nameser.h as a public interface as needed by NodeJS
>> - Update URLs from c-ares.haxx.se to c-ares.org
>> - During a domain search, treat ARES_ENODATA as ARES_NXDOMAIN so that
>> the search process will continue to the next domain in the search.
>> - Turn ares_gethostbyname() into a wrapper for ares_getaddrinfo() as
>> they followed very similar code paths and ares_gethostbyaddr() has
>> some more desirable features such as priority sorting and parallel
>> queries for AF_UNSPEC.
>> - ares_getaddrinfo() now contains a name element in the address info
>> structure as the last element. This is not an API or ABI break due to
>> the structure always being internally allocated and it being the last
>> element.
>> - ares_parse_a_reply() and ares_parse_aaaa_reply() were nearly
>> identical, those now use the same helper functions for parsing rather
>> than having their own code.
>> - RFC6761 Section 6.3 says "localhost" lookups need to be special cased
>> to return loopback addresses, and not forward queries to recursive dns
>> servers. On Windows this now returns all loopback addresses, on other
>> systems it returns 127.0.0.1 or ::1 always, and will never forward a
>> request for "localhost" to outside DNS servers.
>> - Haiki: port
>>
>> Bug fixes:
>>
>> - add build to .gitignore
>> - z/OS minor update, add missing semicolon in ares_init.c
>> - Fix building when latest ax_code_coverage.m4 is imported
>> - Work around autotools 'error: too many loops' and other newer
>> autotools import related bugs.
>> - MinGW cross builds need advapi32 link as lower case
>> - Cygwin build fix due to containing both socket.h and winsock2.h
>> - ares_expand_name should allow underscores (_) as SRV records
>> legitimately use them
>> - Allow '/' as a valid character for a returned name for CNAME
>> in-addr.arpa delegation
>> - ares_getaddrinfo() was not honoring HOSTALIASES
>> - ares_getaddrinfo() had some test cases disabled due to a bug in the
>> test framework itself which has now been resolved
>> - Due to Travis-CI becoming unfriendly to open-source, Cirrus-CI has now
>> been brought online for automated unit testing.
>>
>>
>> 10 Aug 2021 1.17.2
>>
>> Security:
>>
>> - NodeJS passes NULL for addr and 0 for addrlen to
>> ares_parse_ptr_reply() on systems where malloc(0) returns NULL. This
>> would cause a crash.
>> - When building c-ares with CMake, the RANDOM_FILE would not be set and
>> therefore downgrade to the less secure random number generator
>> - If ares_getaddrinfo() was terminated by an ares_destroy(), it would
>> cause a crash
>> - Crash in sortaddrinfo() if the list size equals 0 due to an unexpected
>> DNS response
>> - Expand number of escaped characters in DNS replies as per RFC1035 5.1
>> to prevent spoofing follow-up
>> - Perform validation on hostnames to prevent possible XSS due to
>> applications not performing valiation themselves
>>
>> Changes:
>>
>> - Use non-blocking /dev/urandom for random data to prevent early startup
>> performance issues
>> - z/OS port
>> - ares_malloc(0) is now defined behavior (returns NULL) rather than
>> system-specific to catch edge cases
>>
>> Bug fixes:
>>
>> - Fuzz testing files were not distributed with official archives
>> - Building tests should not force building of static libraries except on
>> Windows
>> - Windows builds of the tools would fail if built as static due to a
>> missing CARES_STATICLIB definition
>> - Relative headers must use double quotes to prevent pulling in a system
>> library
>> - Fix OpenBSD building by implementing portability updates for including
>> arpa/nameser.h
>> - Fix building out-of-tree for autotools
>> - Make install on MacOS/iOS with CMake was missing the bundle
>> destination so libraries weren’t actually installed
>> - Fix retrieving DNS server configuration on MacOS and iOS if the
>> configuration did not include search domains
>> - ares_parse_a_reply and ares_parse_aaa_reply were erroneously using
>> strdup() instead of ares_strdup()
>>
>> 19 Nov 2020 1.17.1
>>
>> Fixes packaging issues in 1.17.0.
>>
>> 16 Nov 2020 1.17.0
>>
>> Security:
>>
>> - avoid read-heap-buffer-overflow in ares_parse_soa_reply found during fuzzing
>> - Avoid theoretical buffer overflow in RC4 loop comparison
>> - Empty hquery->name could lead to invalid memory access -
>> ares_parse_{a,aaaa}_reply() could return a larger *naddrttls than was
>> passed in
>>
>> Changes:
>>
>> - Update help information for adig, acountry, and ahost
>> - Test Suite now uses dynamic system-assigned ports rather than
>> hardcoded ports to prevent failures in containers
>> - Detect remote DNS server does not support EDNS using rules from RFC 6891
>> - Source tree has been reorganized to use a more modern layout
>> - Allow parsing of CAA Resource Record
>>
>> Bug fixes:
>>
>> - readaddrinfo bad sizeof()
>> - Test cases should honor HAVE_WRITEV flag, not depend on WIN32
>> - FQDN with trailing period should be queried first
>> - ares_getaddrinfo() was returning members of the struct as garbage
>> values if unset, and was not honoring ai_socktype and ai_protocol
>> hints.
>> - ares_gethostbyname() with AF_UNSPEC and an ip address would fail
>> - Properly document ares_set_local_ip4() uses host byte order
--
Take care. Thanks, Brian Inglis Calgary, Alberta, Canada
La perfection est atteinte Perfection is achieved
non pas lorsqu'il n'y a plus rien à ajouter not when there is no more to add
mais lorsqu'il n'y a plus rien à retrancher but when there is no more to cut
-- Antoine de Saint-Exupéry
More information about the Cygwin-apps
mailing list