File: changelog

package info (click to toggle)
c-ares 1.17.1-1%2Bdeb11u3
links: PTS, VCS
area: main
in suites: bullseye
size: 8,272 kB
sloc: cpp: 39,065; ansic: 25,077; sh: 4,256; makefile: 129; perl: 48; awk: 18
file content (429 lines) | stat: -rw-r--r-- 13,424 bytes
c-ares (1.17.1-1+deb11u3) bullseye-security; urgency=high

  * Non-maintainer upload by the Security Team.
  * CVE-2023-31130: buffer underflow for certain IPv6 addresses in
    inet_net_pton_ipv6().
  * CVE-2023-32067: unexpected resolver shutdown with malformed returning
    UDP packet with a length of zero.

 -- Aron Xu <aron@debian.org>  Sun, 04 Jun 2023 16:12:16 +0800

c-ares (1.17.1-1+deb11u2) bullseye; urgency=medium

   * Fix CVE-2022-4904:
     It was discovered that in c-ares, an asynchronous name resolver library,
     the config_sortlist function is missing checks about the validity of the
     input string, which allows a possible arbitrary length stack overflow and
     thus may cause a denial of service. (Closes: #1031525)

 -- Gregor Jasny <gjasny@googlemail.com>  Sat, 18 Feb 2023 00:24:32 +0100

c-ares (1.17.1-1+deb11u1) bullseye-security; urgency=high

  * Non-maintainer upload by the Security Team.
  * Missing input validation on hostnames returned by DNS servers
    (CVE-2021-3672)
    - ares_expand_name() should escape more characters
    - ares_expand_name(): fix formatting and handling of root name response

 -- Salvatore Bonaccorso <carnil@debian.org>  Sat, 07 Aug 2021 11:56:59 +0200

c-ares (1.17.1-1) unstable; urgency=medium

  * Imported Upstream version 1.17.1 (fixes CVE-2020-8277)
  * Bumped standards to version 4.5.1 (no changes needed)
  * Update upstream repository metadata
  * Ignore installed libtool file for all architectures
      
 -- Gregor Jasny <gjasny@googlemail.com>  Thu, 19 Nov 2020 18:57:27 +0100

c-ares (1.16.1-1) unstable; urgency=high

  * Imported Upstream version 1.16.1
  * This release prevents a possible use-after-free and
    double-free in ares_getaddrinfo() if ares_destroy()
    is called prior to ares_getaddrinfo() completing.

 -- Gregor Jasny <gjasny@googlemail.com>  Mon, 11 May 2020 20:24:56 +0200

c-ares (1.16.0-1) unstable; urgency=medium

  * Imported Upstream version 1.16.0
  * Bumped standards to version 4.5.0 (no changes needed)
  * Use debhelper v12

 -- Gregor Jasny <gjasny@googlemail.com>  Sat, 04 Apr 2020 13:24:31 +0200

c-ares (1.15.0-1) unstable; urgency=low

  * Imported Upstream version 1.15.0
  * Bumped standards to version 4.4.0 (no changes needed)
  * Add Build-Depends-Package field in symbols file
  * Minimize upstream signing key

 -- Gregor Jasny <gjasny@googlemail.com>  Wed, 17 Jul 2019 20:54:21 +0200

c-ares (1.14.0-1) unstable; urgency=low

  * Imported Upstream version 1.14.0
  * Update upstream signature key
  * Remove already applied patches

 -- Gregor Jasny <gjasny@googlemail.com>  Fri, 16 Feb 2018 20:40:22 +0100

c-ares (1.13.0-3) unstable; urgency=low

  * Bumped standards to version 4.1.3 (adjusted priority)
  * Enable bindnow hardening flag

 -- Gregor Jasny <gjasny@googlemail.com>  Sat, 30 Dec 2017 15:11:34 +0100

c-ares (1.13.0-2) unstable; urgency=medium

  * ares_parse_naptr_reply: make buffer length check more accurate

 -- Gregor Jasny <gjasny@googlemail.com>  Sun, 16 Jul 2017 19:12:12 +0200

c-ares (1.13.0-1) unstable; urgency=medium

  * Imported Upstream version 1.13.0
  * Bump standards to 4.0.0 (no changes needed)

 -- Gregor Jasny <gjasny@googlemail.com>  Wed, 28 Jun 2017 22:52:31 +0200

c-ares (1.12.0-4) unstable; urgency=high

  * Add patch for CVE-2017-1000381 (Closes: #865360)

 -- Gregor Jasny <gjasny@googlemail.com>  Sun, 25 Jun 2017 22:53:15 +0200

c-ares (1.12.0-2) unstable; urgency=medium

  * Add myself as maintainer (Closes: #861697)

 -- Gregor Jasny <gjasny@googlemail.com>  Thu, 04 May 2017 20:29:55 +0200

c-ares (1.12.0-1) unstable; urgency=high

  [ Daniel Stenberg ]
  * bump: start working on the next version
  * AUTHORS: added contributors from the 1.11.0 release
  * configure: acknowledge --disable-tests

  [ Gregor Jasny ]
  * Fix man page typos detected by Lintian

  [ David Drysdale ]
  * test: add missing #includes for dns-proto.cc
  * test: avoid in6addr_* constants
  * test: Build with MinGW on AppVeyor

  [ Viktor Szakats ]
  * Makefile.m32: add support for extra flags
  * Makefile.m32: add support for CROSSPREFIX

  [ Brad House ]
  * configure: check if tests can get built before enabled

  [ David Drysdale ]
  * ares_library_cleanup: reset ares_realloc too
  * ahost.c: add cast to fix C++ compile
  * test: Only pass unused args to GoogleTest
  * test: Use different name in live test
  * build: commonize MSVC version detection

  [ Chris Araman ]
  * msvc_ver.inc: support Visual Studio 2015 Update 1

  [ David Drysdale ]
  * test: for AF_UNSPEC, return CNAME only for AAAA, but valid A record
  * Explicitly clear struct servent before use
  * test: Update fuzzing function prototype
  * test: Check setting nsort=0 option is respected

  [ nordsturm ]
  * Fix nsort initialization

  [ David Drysdale ]
  * test: Add utility to show DNS packet from file
  * test: Add corpus of DNS packets
  * test: allow multiple files in aresfuzz command line
  * test: add fuzzing check script to tests
  * test: Run fuzzcheck.sh in Travis build

  [ svante karlsson ]
  * Update msvc_ver.inc

  [ David Drysdale ]
  * test: drop superfluous fuzz inputs

  [ Daniel Stenberg ]
  * email: use Gisle's "new" address

  [ David Drysdale ]
  * Fix trailing comment for #endif

  [ Chris Araman ]
  * Update msvc_ver.inc

  [ Daniel Stenberg ]
  * web: http => https
  * read_tcp_data: remove superfluous NULL check

  [ David Drysdale ]
  * test: disable MinGW tests
  * test: simplify deps for fuzzer entrypoint
  * test: fuzzer mode for AFL's persistent mode
  * test: make fuzzer driver code C not C++
  * test: more info on how to run fuzz testing
  * test: Add Clang static analysis build to Travis

  [ Daniel Stenberg ]
  * SECURITY.md: suggested "security process" for the project
  * README: added "CII best practices" badge
  * LICENSE.md: add a stand-alone license file
  * AUTHORS: added contributors from the git log
  * AUTHOR: maybe gitgub isn't really an author =)

  [ David Drysdale ]
  * test: Add null pointer to gtest args
  * test: Add valgrind build variant
  * test: Force reinstall of libtool on OSX
  * ares_init_options: only propagate init failures from options
  * api: add ARES_OPT_NOROTATE optmask value

  [ Brad House ]
  * headers: remove checks for and defines of variable sizes

  [ David Drysdale ]
  * test: fix gMock to work with gcc >= 6.x

  [ Daniel Stenberg ]
  * ares_create_query.3: edit language
  * RELEASE-NOTES: synced with daa7235b1a5
  * SECURITY: point to the vulnerabilities page now
  * ares_init.3: split the init docs into two separate man pages
  * ares_destroy.3: formatting polish
  * docs: minor formatting edits
  * README: link to the correct c-ares badge!
  * README.md: remove space from link
  * ares_library_init.3: corrected the ares_library_init_mem proto

  [ David Drysdale ]
  * man: update ares_init_options.3

  [ Daniel Stenberg ]
  * make: bump CARES_VERSION_INFO for release
  * ares_library_initialized.3: added
  * ares_create_query: avoid single-byte buffer overwrite

  [ David Drysdale ]
  * ares-test-misc: test ares_create_query with escaped trailing dot

  [ Daniel Stenberg ]
  * RELEASE-NOTES: 1.12.0

  [ Gregor Jasny ]
  * Import c-ares 1.12.0 (Closes: #839151)
  * Bump standards to 3.9.8 (no changes needed)
  * Stop moving ares_build.h to multiarch include path

 -- Gregor Jasny <gjasny@googlemail.com>  Thu, 29 Sep 2016 18:19:09 +0200

c-ares (1.11.0-1) unstable; urgency=low

  * Imported Upstream version 1.11.0
  * Change VCS information to https protocol
  * Updated watch file
  * Bump standards to 3.9.7 (no changes needed)

 -- Gregor Jasny <gjasny@googlemail.com>  Sun, 21 Feb 2016 15:46:29 +0100

c-ares (1.11.0~rc1-1) experimental; urgency=medium

  * Imported Upstream release snapshot

 -- Gregor Jasny <gjasny@googlemail.com>  Fri, 12 Feb 2016 21:14:11 +0100

c-ares (1.10.0-3) unstable; urgency=low

  [ James McCoy ]
  * Move debian/upstream to debian/upstream/metadata

  [ Gregor Jasny ]
  * Bump standards to 3.9.4 (no changes needed)
  * Add missing man pages (Closes: #811241)

 -- Gregor Jasny <gjasny@googlemail.com>  Sat, 23 Jan 2016 22:22:32 +0100

c-ares (1.10.0-2) unstable; urgency=low

  * Bump standards to v3.9.4 (no changes needed)
  * Canonicalize Git VCS URL
  * Prevent autoconf from mangling passed cflags
  * Depend on debhelper 9

 -- Gregor Jasny <gjasny@googlemail.com>  Sun, 16 Jun 2013 13:38:58 +0200

c-ares (1.10.0-1) unstable; urgency=low

  * Imported Upstream version 1.10.0
  * Add Upstream Metadata
  * Fix package description (Closes: #680640)
  * Dropped deprecated DM-Upload-Allowed flag
  * Remove patches that were applied upstream
  * Add new 1.10.0 symbols

 -- Gregor Jasny <gjasny@googlemail.com>  Tue, 14 May 2013 22:19:12 +0200

c-ares (1.9.1-3) unstable; urgency=low

  * Moved ares_build.h to arch dependent include dir (Closes: #678996)

 -- Gregor Jasny <gjasny@googlemail.com>  Mon, 25 Jun 2012 19:37:00 +0200

c-ares (1.9.1-2) unstable; urgency=low

  * Remove ares_free_soa declaration from ares.h

 -- Gregor Jasny <gjasny@googlemail.com>  Tue, 19 Jun 2012 09:43:09 +0200

c-ares (1.9.1-1) unstable; urgency=low

  * Imported Upstream version 1.9.1
  * Update homepage field (Closes: #674406)
  * Mark dev package as Multi-Arch: same

 -- Gregor Jasny <gjasny@googlemail.com>  Mon, 18 Jun 2012 23:06:40 +0200

c-ares (1.8.0-1) unstable; urgency=low

  * Imported Upstream version 1.8.0
  * Fix typo in package description (Closes: #638923)
  * Bump standards to v3.9.3 (no changes needed)

 -- Gregor Jasny <gjasny@googlemail.com>  Thu, 10 May 2012 21:46:27 +0200

c-ares (1.7.5-1) unstable; urgency=low

  * Imported Upstream version 1.7.5
  * Update watch file location
  * Fix typo in Uploaders field
  * Update SCM Browser URL
  * Convert to Multiarch
  * Bump standards to v3.9.2 (no changes needed)

 -- Gregor Jasny <gjasny@googlemail.com>  Sun, 21 Aug 2011 15:19:21 +0200

c-ares (1.7.4-1) unstable; urgency=low

  [ Gregor Jasny ]
  * Imported Upstream version 1.7.4
  * Fix typo in package description (Closes: #600309)
  * Bump standards to v3.9.1 (no changes needed)
  * Unapply patches after build
  * Add new symbols

  [ Andreas Schuldei ]
  * added Gregor Jasny as uploader

 -- Andreas Schuldei <andreas@debian.org>  Thu, 03 Mar 2011 21:48:00 +0100

c-ares (1.7.3-1) unstable; urgency=low

  [ Gregor Jasny ]
  * Imported Upstream version 1.7.3
  * Add ares_parse_mx_reply symbol

 -- Andreas Schuldei <andreas@debian.org>  Fri, 11 Jun 2010 18:33:50 +0200

c-ares (1.7.1-0) unstable; urgency=low

  [ Gregor Jasny ]
  * Remove quilt dir
  * Imported Upstream version 1.7.0
  * Bump standards to v3.8.3 (no changes needed)
  * Hide private symbols and add Debian symbols file
  * Use separate build dir
  * Tightened debhelper dependency
  * Revert "Use separate build dir"
  * Imported Upstream version 1.7.1
  * Add new ares_{get,set}_servers symbols
  * Bump standards to v3.8.4 (no changes needed)
  * Switch to dpkg-source 3.0 (quilt) format

 -- Andreas Schuldei <andreas@debian.org>  Fri, 30 Apr 2010 21:27:20 +0200

c-ares (1.6.0-2) unstable; urgency=low

  [ Gregor Jasny ]
  * Add git-buildpackage config
  * Imported Upstream version 1.6.0
  * New Upstream Version 1.6.0
  * Removed no_maxhostnamelen patch
  * Add Vcs-* fields to control file
  * Make package binNMUable (lintian: not-binnmuable-any-depends-any)
  * Add watch file (lintian: debian-watch-file-is-missing)
  * Updated standards to 3.8.1 (no changes needed)
  * Remove duplicate section (lintian: binary-control-field-duplicates-
    source)
  * Use debhelper 7 and its tiny rules script
  * Use copyright sign instead of (c) to make lintian happy
  * Add some words to the -dev package (lintian: duplicate-short-
    description)

 -- Andreas Schuldei <andreas@debian.org>  Mon, 25 May 2009 13:23:43 +0200

c-ares (1.6.0-1) unstable; urgency=low

  * New Upstream Version

 -- Gregor Jasny <gjasny@googlemail.com>  Mon, 04 May 2009 22:01:20 +0200

c-ares (1.5.2-4) unstable; urgency=low

  * fixing linitan warnings: standards versions, clean target in rules
  * fix memory leak in MAXHOSTNAMELEN patch

 -- Andreas Schuldei <andreas@jesaja.schuldei.org>  Mon, 30 Jun 2008 16:33:20 +0200

c-ares (1.5.2-3) unstable; urgency=low

  * remove the need to have MAXHOSTNAMELEN, to make hurd build

 -- Andreas Schuldei <andreas@debian.org>  Sun, 29 Jun 2008 01:55:35 +0200

c-ares (1.5.2-2) unstable; urgency=low

  * file conflicts (Closes: #484574)

 -- Andreas Schuldei <andreas@debian.org>  Thu, 05 Jun 2008 10:00:56 +0200

c-ares (1.5.2-1) unstable; urgency=low

  * missing copyright information in debian/copyright (Closes: #484517)

 -- Andreas Schuldei <andreas@debian.org>  Wed, 04 Jun 2008 20:22:59 +0200

c-ares (1.5.2-0) unstable; urgency=low

  * new upstream release: 1.5.2
  * Conflict with libcares2 (Closes: #478588)
  * libc-ares1 contains libcares.2.so (Closes: #480589)

 -- Andreas Schuldei <andreas@debian.org>  Sat, 31 May 2008 01:08:35 +0200

c-ares (1.5.1-0) unstable; urgency=low

  * new upstream release: 1.5.1
  * file conflicts between packages (Closes: #451343)
  * switch to pkgconfig, disable .la

 -- Andreas Schuldei <andreas@debian.org>  Mon, 26 Nov 2007 14:09:46 +0100

c-ares (1.4.0-1) unstable; urgency=low

  * Initial release (Closes: #359794) packaging c-ares

 -- Andreas Schuldei <andreas@debian.org>  Sat, 21 Jul 2007 17:44:06 +0200