Subject: [RELEASE] c-ares 1.12.0

[RELEASE] c-ares 1.12.0

From: Daniel Stenberg <daniel_at_haxx.se>
Date: Thu, 29 Sep 2016 16:01:52 +0200 (CEST)

Hi friends!

I'm happy to announce another c-ares release. This time including a fix for a
security vulnerability present in previous versions. See separate notice
coming after this email.

As always, get the tarball from https://c-ares.haxx.se/

c-ares version 1.12.0

Changes:

  o api: add ARES_OPT_NOROTATE optmask value

Bug fixes:

  o CVE-2016-5180: ares_create_query single byte out of buffer write [4]
  o configure: acknowledge --disable-tests [1]
  o man pages: fix typos detected by Lintian
  o test: add missing #includes for dns-proto.cc
  o test: avoid in6addr_* constants
  o test: Build with MinGW on AppVeyor
  o Makefile.m32: add support for extra flags
  o Makefile.m32: add support for CROSSPREFIX
  o configure: check if tests can get built before enabled
  o ares_library_cleanup: reset ares_realloc too
  o ahost.c: add cast to fix C++ compile
  o test: Only pass unused args to GoogleTest
  o build: commonize MSVC version detection
  o msvc_ver.inc: support Visual Studio 2015 Update 1, 2, 3
  o test: for AF_UNSPEC, return CNAME only for AAAA, but valid A record
  o ares_getnameinfo: explicitly clear struct servent before use
  o test: Update fuzzing function prototype
  o init: fix nsort initialization
  o test: add fuzzing check script to tests
  o web: http => https
  o read_tcp_data: remove superfluous NULL check
  o LICENSE.md: add a stand-alone license file
  o SECURITY.md: suggested "security process" for the project
  o ares_init_options: only propagate init failures from options [2]
  o headers: remove checks for and defines of variable sizes
  o test: fix gMock to work with gcc >= 6.x [3]

Thanks go to these friendly people for their efforts and contributions:

   Alexander Drachevskiy, Brad House, Chris Araman, Daniel Stenberg,
   David Drysdale, Gregor Jasny, Svante Karlsson, Viktor Szakats,
   Gzob Qq, Mattias Nissler

References to bug reports and discussions on issues:

  [1] = https://github.com/c-ares/c-ares/issues/44
  [2] = https://github.com/c-ares/c-ares/issues/60
  [3] = https://github.com/google/googletest/issues/705#issuecomment-235067917
  [4] = https://c-ares.haxx.se/adv_20160929.html 

-- 
  / daniel.haxx.se
Received on 2016-09-29