   Changelog for the c-ares project. Generated with git2changes.pl

Version 1.18.1 (26 Oct 2021)

bradh352 (26 Oct 2021)
- missed version

- 1.18.1 release prep

- ares_getaddrinfo() was returning the wrong size for ai_addrlen
  
  ai_addrlen was erroneously returning 16 bytes instead of the
  sizeof(struct sockaddr_in6).  This is a regression introduced
  in 1.18.0.
  
  Reported by: James Brown <jbrown@easypost.com>
  Fix By: Brad House (@bradh352)

- Windows: autotools force linking to iphlpapi

GitHub (26 Oct 2021)
- [Gregor Jasny brought this change]

  Fix typo detected by lintian (#434)
  
  typo in docs for ares_parse_uri_reply
  
  Fix By: Gregor Jasny (@gjasny)

Version 1.18.0 (25 Oct 2021)

bradh352 (25 Oct 2021)
- replace Travis badge with Cirrus-CI badge

- c-ares 1.18.0 release prep

GitHub (21 Oct 2021)
- [Jérôme Duval brought this change]

  Haiku: port (#431)
  
  Port for Haiku.  Slight CMake changes, header changes, and resolv.conf/hosts paths specific to Haiku.
  
  Port By: Jérôme Duval (@korli)

bradh352 (19 Oct 2021)
- valgrind: fix reported invalid read

- make sure distcheck runs

- detect oddities and skip test if necessary

- fix null ptr deref in strlen

- bend over backwards for testing file access, something is weird on debian

- chmod(fn, 0) is failing on debian

- maybe process needs to be called

- split test output

- clean up a couple of compiler warnings

- use helper function for addrinfo to simplify code

- INSTANTIATE_TEST_CASE_P -> INSTANTIATE_TEST_SUITE_P as new convention in googletest

- gmock: update from 1.8.0 to 1.11.0

- Cirrus-CI: fix debian arm build

- Cirrus-CI: more updates for proper testing

- install proper packages for asan and analyze

- fix  crash in tests

- try to disable container tests

- need g++ for tests on debian

- try cirrus-ci again

- whitespace

- start bringing up cirrus-ci

- prep for adding new ci

- fix cut and paste error

GitHub (18 Oct 2021)
- [Brad House brought this change]

  RFC6761: special case "localhost" (#430)
  
  As per RFC6761 Section 6.3, "localhost" lookups need to be special cased to return loopback addresses, and not forward queries to recursive dns servers.
  
  We first look up via files (/etc/hosts or equivalent), and if that fails, we then attempt a system-specific address enumeration for loopback addresses (currently Windows-only), and finally fallback to ::1 and 127.0.0.1.
  
  Fix By: Brad House (@bradh352)
  Fixes Bug: #399

- [Brad House brought this change]

  Reimplement ares_gethostbyname() by wrapping ares_getaddrinfo() (#428)
  
  ares_gethostbyname() and ares_getaddrinfo() do a lot of similar things, however ares_getaddrinfo() has some desirable behaviors that should be imported into ares_gethostbyname(). For one, it sorts the address lists for the most likely to succeed based on the current system routes. Next, when AF_UNSPEC is specified, it properly handles search lists instead of first searching all of AF_INET6 then AF_INET, since ares_gethostbyname() searches in parallel. Therefore, this PR should also resolve the issues attempted in #94.
  
  A few things this PR does:
  
  1. ares_parse_a_reply() and ares_parse_aaaa_reply() had very similar code to translate struct ares_addrinfo into a struct hostent as well as into struct ares_addrttl/ares_addr6ttl this has been split out into helper functions of ares__addrinfo2hostent() and ares__addrinfo2addrttl() to prevent this duplicative code.
  
  2. ares_getaddrinfo() was apparently never honoring HOSTALIASES, and this was discovered once ares_gethostbyname() was turned into a wrapper, the affected test cases started failing.
  
  3. A slight API modification to save the query hostname into struct ares_addrinfo as the last element of name. Since this is the last element, and all user-level instances of struct ares_addrinfo are allocated internally by c-ares, this is not an ABI-breaking change nor would it impact any API compatibility. This was needed since struct hostent has an h_name element.
  
  4. Test Framework: MockServer tests via TCP would fail if more than 1 request was received at a time which is common when ares_getaddrinfo() queries for both A and AAAA records simultaneously. Infact, this was a long standing issue in which the ares_getaddrinfo() test were bypassing TCP alltogether. This has been corrected, the message is now processed in a loop.
  
  5. Some tests had to be updated for overall correctness as they were invalid but somehow passing prior to this change.
  
  Change By: Brad House (@bradh352)

bradh352 (9 Oct 2021)
- ares_getaddrinfo() missing sanity check to fix #426

- ares_getaddrinfo(): continue to next domain in search if query returns ARES_ENODATA
  
  Some DNS servers may behave badly and return a valid response with no data, in this
  case, continue on to the next search domain, but cache the result.
  
  Fixes Bug: #426
  Fix By: Brad House (@bradh352)

- Allow '/' as a valid character for a returned name
  
  As of c-ares 1.17.2, a CNAME an in-addr.arpa delegation broke due
  to not allowing '/'.  This needs to be allowed to not break valid
  functionality.
  
  Fixes Bug: #427
  Reported By: Adrian (@leftshift)
  Fix By: Brad House (@bradh352)

Daniel Stenberg (5 Oct 2021)
- libcares.pc.in: update the URL

bradh352 (8 Sep 2021)
- ares_expand_name should allow underscores (_) as SRV records legitimately use them
  
  c-ares 1.17.2 introduced response validation to prevent a security issue, however
  it did not have (_) listed as a valid character for domain name responses which
  caused issues when a CNAME referenced a SRV record which contained underscores.
  
  While RFC2181 section 11 does explicitly state not to do validation, that applies
  to servers not clients.
  
  Fixes: #424
  Fix By: Brad House (@bradh352)

Daniel Stenberg (7 Sep 2021)
- domain: update to use c-ares.org
  
  Closes #423

- mailing list: moved to lists.haxx.se

GitHub (3 Sep 2021)
- [Biswapriyo Nath brought this change]

  CMake: Fix build in cygwin (#422)
  
  As cygwin environment has both socket.h and winsock2.h headers check WIN32 not to include the later one here
  
  Fix By: Biswapriyo Nath (@Biswa96)

bradh352 (23 Aug 2021)
- make building more verbose

- add appveyor cmake/mingw static-only build

GitHub (17 Aug 2021)
- [Sinan Kaya brought this change]

  CMake: lower case advapi32 for cross-building with mingw (#420)
  
  When cross compiling with yocto's meta-mingw layer, getting a dependency
  error.
  
  This is caused by the fact that advapi32 is lower case in mingw builds.
  
  Fix By: Sinan Kaya <sinan.kaya@microsoft.com>

bradh352 (17 Aug 2021)
- autotools: add ax_check_gnu_make.m4

- autotools: add ax_require_defined.m4

- autotools: dont use newer AC_CHECK_INCLUDES_DEFAULT, don't quote AC_ERROR_MSG

- import more files needed by newer ax_code_coverage.m4

- import more files needed by newer ax_code_coverage.m4

- work around autoreconf -fiv first call returning 'error: too many loops'

- restore zz40-xc-ovr.m4

- autotools: processed configure.ac through autoupdate

- autotools. update ax_code_coverage.m4 to latest. don't use deprecated AC_HELP_STRING

- pull out some old autotools cruft

GitHub (17 Aug 2021)
- [Felix Yan brought this change]

  Provide ares_nameser.h as a public interface (#417)
  
  NodeJS needs ares_nameser.h as a pubic header.
  
  Fixes: #415
  Fix By: Felix Yan (@felixonmars)

- [Felix Yan brought this change]

  Fix building when latest ax_code_coverage.m4 is imported (#418)
  
  ax_code_coverage.m4 dropped the @CODE_COVERAGE_RULES@ macro, so we need to switch to the latest recommendation from the m4 file.  This requires updates to Makefile.am.
  
  Fix By: Felix Yan (@felixonmars)

bradh352 (12 Aug 2021)
- bump version to match current release

GitHub (12 Aug 2021)
- [dhrumilrana brought this change]

  z/OS minor update, add missing semicolon in ares_init.c (#414)
  
  Build fix for z/OS
  
  Fix by: Dhrumil Rana (@dhrumilrana)

- [Daniel Bevenius brought this change]

  add build to .gitignore (#410)
  
  This commit adds the build directory to be ignored by git.
  
  The motivation for adding this to .gitignore as opposed to
  .git/info/exclude is that the CMake example in INSTALL.md uses build
  as the name of the directory to be used by CMake. This will cause
  git to report build as an untracked file.
  
  Fix By: Daniel Bevenius (@danbev)

- [Martin Holeš brought this change]

  Add support for URI(Uniform Resource Identifier) records. (#411)
  
  Add ares_parse_uri_reply() for parsing URI DNS replies.
  
  Fix By: Martin Holeš (@martin-256)

Daniel Stenberg (10 Aug 2021)
- ares_getaddrinfo.3: available since 1.16.0

- README.md: use https:// links

Version 1.17.2 (24 Jul 2021)

bradh352 (24 Jul 2021)
- fix typo

- prep for 1.17.2 release

GitHub (30 Jun 2021)
- [jeanpierrecartal brought this change]

  Replace strdup() with ares_strdup() (#408)
  
  strdup() is used in src/lib/ares_parse_a_reply.c and src/lib/ares_parse_aaaa_reply.c whereas allocated memory is freed using ares_free().
  
  Bug: 407
  Fix By: Jean-pierre Cartal (@jeanpierrecartal)

- [Brad House brought this change]

  Validate hostnames in DNS responses and discard from malicious servers (#406)
  
  To prevent possible users having XSS issues due to intentionally malformed DNS replies, validate hostnames returned in responses and return EBADRESP if they are not valid.
  
  It is not clear what legitimate issues this may cause at this point.
  
  Bug Reported By: philipp.jeitner@sit.fraunhofer.de
  Fix By: Brad House (@bradh352)

bradh352 (11 Jun 2021)
- ares_expand_name(): fix formatting and handling of root name response
  
  Fixes issue introduced in prior commit with formatting and handling
  of parsing a root name response which should not be escaped.
  
  Fix By: Brad House

- ares_expand_name() should escape more characters
  
  RFC1035 5.1 specifies some reserved characters and escaping sequences
  that are allowed to be specified.  Expand the list of reserved characters
  and also escape non-printable characters using the \DDD format as
  specified in the RFC.
  
  Bug Reported By: philipp.jeitner@sit.fraunhofer.de
  Fix By: Brad House (@bradh352)

GitHub (15 Apr 2021)
- [HALX99 brought this change]

  Fix can't get dns server on macos and ios (#401)
  
  If DNS configuration didn't include search domains on MacOS (or iOS) it would throw an error instead of ignoring.
  
  Fix By: @halx99

- [catalinh-bd brought this change]

  Bugfix/crash in ares  sortaddrinfo (#400)
  
  The bug was generated because there was no check for the number
  of items in the list and invalid memory was accesed when the list
  was empty. There is a check for null after calling malloc but on
  some systems it always returns a valid address for size equals 0.
  Relates To: #392, 0903dcecabca283d0fa771632892dc7592b7a66d
  
  Fix By: @catalinh-bd

bradh352 (2 Mar 2021)
- Null deref if ares_getaddrinfo() is terminated with ares_destroy()
  
  ares_freeaddrinfo() was not checking for a Null ptr during cleanup of
  an aborted query.
  
  Once that was resolved it uncovered another possible issue with
  multiple simultaneous underlying queries being outstanding and
  possibly prematurely cleaning up the handle.
  
  Reported By: Michael Kourlas
  Fix By: Brad House (@bradh352)

GitHub (18 Feb 2021)
- [Brad House brought this change]

  CMake: RANDOM_FILE not defined #397
  
  RANDOM_FILE was never defined by cmake, causing RC4 key generation to use the less secure rand() method.
  
  Also, due to clashes with chain-building from other projects (e.g. curl) that may define RANDOM_FILE, this was renamed to CARES_RANDOM_FILE.
  
  This is the proposed change for #396
  
  Fix By: Brad House (@bradh352)

- [Anton Danielsson brought this change]

  CMake: fix Make install for iOS/MacOS (#395)
  
  INSTALL TARGETS were missing the BUNDLE DESTINATION
  
  Fix By: Anton Danielsson (@anton-danielsson)

- [František Dvořák brought this change]

  Fix build with autotools out of source tree (#394)
  
  Add missing include directory, which fixes the build with autotools in separated build directory.
  
  Fix By: František Dvořák (@valtri)

bradh352 (15 Jan 2021)
- fuzzing: HAVE_CONFIG_H may not be defined so cannot include ares_setup.h.  Its not needed even though we include ares_nameser.h

- remove redundant header checks

- properly detect netinet/tcp.h on openbsd

- more portability updates

- renamed nameser.h to ares_nameser.h requires Makefile.inc update for distributed files

- more portability updates

- remove bad files

- portability updates for test cases

- Portability Updates for arpa/nameser.h (#388)
  
  There is too much inconsistency between platforms for arpa/nameser.h and arpa/nameser_compat.h for the way the current files are structured.  Still load the respective system files but make our private nameser.h more forgiving.
  
  Fixes: #388
  Fix By: Brad House (@bradh352)

- ares_parse_ptr_reply() handle NULL for addr/addr_len. Fixes #392
  
  NodeJS passes NULL for addr and 0 for addrlen parameters to ares_parse_ptr_reply().  On systems where malloc(0) returned NULL, this would cause the function to return ARES_ENOMEM, but the cleanup wasn't handled properly and would crash.
  
  This patche fixes that bug, and also hardens ares_free_hostent() to not leak memory during cleanup.
  
  Fixes: #392
  Fix By: Brad House (@bradh352)

- Define behavior of malloc(0)
  
  Some systems may return either NULL or a valid pointer on malloc(0).  c-ares should never call malloc(0) so lets return NULL so we're more likely to find an issue if it were to occur.

GitHub (24 Dec 2020)
- [dhrumilrana brought this change]

  z/OS: port (#390)
  
  Port c-ares to z/OS.
  
  Fix By: Dhrumil Rana (@dhrumilrana)

- [vburdo brought this change]

  Use unbuffered stdio for /dev/urandom to read only requested data (#391)
  
  Buffered fread() reads 4096 bytes which is completely unnecessary and potentially may cause problems.
  I discovered this on private linux configuration where custom /dev/urandom implementation has poor performance.
  
  Fix By: @vburdo

- [Jay Freeman (saurik) brought this change]

  This relative header #include needs to use quotes. (#386)
  
  Fix By: Jay Freeman (@saurik)

bradh352 (23 Nov 2020)
- Win32: Fix tools build with autotools static library
  When c-ares is being built as static on Win32, CARES_STATICLIB must
  be defined, but it wasn't being pulled in for the tools.
  
  Fixes: #384
  Fix By: Brad House (@bradh352)

- Loosen requirements for static c-ares library when building tests
  
  It appears that when building tests, it would hardcode enabling building
  of the c-ares static library.  This was probably due to Windows limitations
  in symbol visibility.
  
  This change will use the static library if it exists for tests, always.
  Otherwise, it will only forcibly enable static libraries for tests on
  Windows.
  
  Fixes: #380
  Fix By: Brad House (@bradh352)

- Remove legacy comment about ahost/acountry/adig targets

- Distribute fuzzinput/fuzznames for fuzz tests
  
  The fuzz test files were not being distributed.  This doesn't appear to be
  a regression, it looks like they have never been distributed.
  
  Fixes: #379
  Fix By: Brad House (@bradh352)

Version 1.17.1 (19 Nov 2020)

GitHub (19 Nov 2020)
- [Brad House brought this change]

  Travis: add iOS target built with CMake (#378)
  
  Issue #377 suggested that CMake builds for iOS with c-ares were broken. This PR adds an automatic Travis build for iOS CMake.
  
  Fix By: Brad House (@bradh352)

bradh352 (18 Nov 2020)
- fix build

GitHub (18 Nov 2020)
- [Fabrice Fontaine brought this change]

  External projects were using non-public header ares_dns.h, make public again (#376)
  
  It appears some outside projects were relying on macros in ares_dns.h, even though it doesn't appear that header was ever meant to be public.  That said, we don't want to break external integrators so we should distribute this header again.
  
  Fix By: Fabrice Fontaine (@ffontaine)

bradh352 (17 Nov 2020)
- note that so versioning has moved to configure.ac

- note about 1.17.1

- fix sed gone wrong

GitHub (17 Nov 2020)
- [Daniel Stenberg brought this change]

  autotools cleanup (#372)
  
  * remove: install-sh mkinstalldirs
  
  They're generated when needed, no need to store in it.
  
  * buildconf: remove custom logic with autoreconf
  
  Fix By: Daniel Stenberg (@bagder)

bradh352 (17 Nov 2020)
- attempt to fix 1.17.0 release distribution issues

Version 1.17.0 (16 Nov 2020)

bradh352 (16 Nov 2020)
- 1.17.0 release prep

- ares_getaddrinfo(): duplicate hints ai_socktype and ai_protocol into output
  
  ai_socktype and ai_protocol were ignored from the hints input.  They are now
  duplicated into the output as expected.  Currently no sanity checks on
  proper values are taking place.
  
  Fixes: #317
  Fix By: Brad House (@bradh352)

- ares_parse_{a,aaaa}_reply could return larger *naddrttls than passed in
  
  If there are more ttls returned than the maximum provided by the requestor, then
  the *naddrttls response would be larger than the actual number of elements in
  the addrttls array.
  
  This bug could lead to invalid memory accesses in applications using c-ares.
  
  This behavior appeared to break with PR #257
  
  Fixes: #371
  Reported By: Momtchil Momtchev (@mmomtchev)
  Fix By: Brad House (@bradh352)

GitHub (5 Nov 2020)
- [Dustin Lundquist brought this change]

  docs: ares_set_local_ip4() uses host byte order (#368)
  
  Properly document brain-dead behavior of ares_set_local_ip4() using host byte order instead of expected network byte order.
  
  Fix By: Dustin Lundquist <d.lundquist@tempered.io>

- [Łukasz Marszał brought this change]

  empty hquery->name could lead to invalid memory access (#367)
  
  If hquery->name is empty (=="\0"), &hquery->name[strlen(hquery->name)-1] would point to "random" place in memory. This is causing some of my address sanitizer tests to fail.
  
  Fix By: Łukasz Marszał (@lmarszal)

bradh352 (28 Sep 2020)
- Fix OSSFuzz reported issue in CAA reply parsing
  
  OSS-Fuzz is reporting a use-of-uninitialized-value:
  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26012
  
  Reported By: David Drysdale (@daviddrysdale)

GitHub (26 Sep 2020)
- [David Hotham brought this change]

  fuzz CAA parsing (#363)
  
  Add fuzz support for CAA parsing
  
  Fix By: David Hotham (@dimbleby)

- [Daniela Sonnenschein brought this change]

  Allow parsing of CAA Resource Record (#360)
  
  CAA (Certification Authority Authorization) was introduced in RFC 6844.
  This has been obsoleted by RFC 8659. This commit added the possibility
  to query CAA resource records with adig and adds a parser for CAA
  records, that can be used in conjunction with ares_query(3).
  
  Closes Bug: #292
  Fix By: Daniela Sonnenschein (@lxdicted)

Daniel Stenberg (17 Sep 2020)
- docs: remove the html and pdf make targets
  
  They're rarely used in our daily work flow and mostly just add friction,
  
  Closes #362

bradh352 (14 Sep 2020)
- ares_process needs to always include nameser.h as it has compat

- Define T_OPT if system doesn't provide it

GitHub (12 Sep 2020)
- [Gisle Vanem brought this change]

  Change the mailman links (#358)
  
  Links when wrapping become misleading.  Insert newline to prevent wrapping.
  
  Fix By: Gisle Vanem (@gvanem)

- [Gisle Vanem brought this change]

  [adig] Update man-page for the '-x' option (#357)
  
  Fix By: Gisle Vanem (@gvanem)

- [Gisle Vanem brought this change]

  [adig] add '-x' option. (#356)
  
  Added a 'dig-style' '-x' option. Also support '-xx' for a
  IPv6 bit-string PTR query.
  
  Fix By: Gisle Vanem (@gvanem)

bradh352 (12 Sep 2020)
- fix indentation

- ns_t_opt -> T_OPT

GitHub (12 Sep 2020)
- [Gisle Vanem brought this change]

  Fixes for Watt-32 on djgpp + Windows (#355)
  
  No longer any relation to libcurl since '<libcurl-root>/packages/DOS/common.dj' is dropped.
  This Makefile.dj has been tested on Win-10 only (using the Windows hosted djgpp cross compiler).
  
  Fix By: Gisle Vanem (@gvanem)

- [Gisle Vanem brought this change]

  Fixes for Watt-32 on Windows and MSDOS (#354)
  
  Move the prototype to 'ares_private.h'.
  
  Fix By: Gisle Vanem (@gvanem)

bradh352 (11 Sep 2020)
- update path for include

- remove stale information

- remove stale information

Brad House (9 Sep 2020)
- silence compiler warnings

- Remove stale msvc files from makefile

GitHub (9 Sep 2020)
- [Brad House brought this change]

  Reorganize source tree (#349)
  
  Originally started by Daniel Stenberg (@bagder) with #123, this patch reorganizes the c-ares source tree to have a more modern layout.  It also fixes out of tree builds for autotools, and automatically builds the tests if tests are enabled.  All tests are passing which tests each of the supported build systems (autotools, cmake, nmake, mingw gmake).  There may be some edge cases that will have to be caught later on for things I'm not aware of.
  
  Fix By: Brad House (@bradh352)

Brad House (1 Sep 2020)
- remove CURLDEBUG as per #82

GitHub (1 Sep 2020)
- [Erik Lax brought this change]

  Detect remote DNS server does not support EDNS as per RFC 6891 (#244)
  
  EDNS retry should be based on FORMERR returned without an OPT RR record as per https://tools.ietf.org/html/rfc6891#section-7 rather than just treating any unexpected error condition as a reason to disable EDNS on the channel.
  
  Fix By: Erik Lax (@eriklax)

Brad House (27 Aug 2020)
- Fix for #345, don't use 'true' use 1

GitHub (27 Aug 2020)
- [Seraphime Kirkovski brought this change]

  ares_gethostbyname: Fix AF_UNSPEC support when using an ip address (#204)
  
  fake_hostent() was not supporting AF_UNSPEC, so when an ip address was specified when using AF_UNSPEC it would attempt to do a DNS lookup rather than returning a fake hostent using the ip address.
  
  Fix By: Seraphime Kirkovski (@Seraphime)

- [apenn-msft brought this change]

  Tests should use dynamic system-assigned ports rather than static port (#346)
  
  The c-ares test suite was hardcoded to use port 5300 (and possibly 5301, 5302) for the test suite.  Especially in containers, there may be no guarantee these ports are available and cause tests to fail when they could otherwise succeed.  Instead, request the system to assign a port to use dynamically.  This is now the default.  To override, the test suite still takes the "-p <port>" option as it always has and will honor that.
  
  Fix By: Anthony Penniston (@apenn-msft)

Brad House (25 Aug 2020)
- Unset members of the addr struct contain garbage values (#343)
  
  When generating the ares_sockaddr data by getaddrinfo() it was only filling
  in certain members while leaving others uninitialized.  This left garbage
  data if a user tried to use the unset values.  memset() the ares_sockaddr
  to 0 prior to filling in the values to prevent this.
  
  Reported By: @SmorkalovG
  Fix By: Brad House (@bradh352)

GitHub (24 Aug 2020)
- [Jonathan Maye-Hobbs brought this change]

  FQDN with trailing period should be queried first with larger ndot value (#345)
  
  If a query is performed for dynamodb.us-east-1.amazonaws.com. with ndots=5, it was attempting to search the search domains rather than just attempting the FQDN that was passed it.  This patch now at least attempts the FQDN first.
  
  We may need to determine if we should abort any further searching, however as is probably intended.
  
  Fix by: Jonathan Maye-Hobbs (@wheelpharoah)

- [Gisle Vanem brought this change]

  Update acountry.c country code list (#341)
  
  Updated country_list[]:
   * 2-letter ISO-3166 country-codes.
   * Add, rename some names + codes in accordance with latest table at https://en.wikipedia.org/wiki/ISO_3166-1.
  
  Fix By: Gisle Vanem (@gvanem)

- [Bulat Gaifullin brought this change]

  Test case should honor flag HAVE_WRITEV rather than WIN32 (#344)
  
  Test cases where not honoring the HAVE_WRITEV flag but instead using WIN32 to determine if WRITEV was available or not.  This patch fixes that.
  
  Fix By: Bulat Gaifullin (@bgaifullin)

Brad House (18 Jul 2020)
- Ensure c89 support
  
  A couple of for loops in Mac-specific code were using integer declarations
  inside a for loop.  Move the declaration to the top of the preceding
  code block to retain c89 compliance.
  
  Reported By: Jeffrey Walton

GitHub (2 Jul 2020)
- [Fionn Fitzmaurice brought this change]

  Avoid buffer overflow in RC4 loop comparison (#336)
  
  The rc4 function iterates over a buffer of size buffer_len who's maximum
  value is INT_MAX with a counter of type short that is not guaranteed to
  have maximum size INT_MAX.
  
  In circumstances where short is narrower than int and where buffer_len
  is larger than the maximum value of a short, it may be possible to loop
  infinitely as counter will overflow and never be greater than or equal
  to buffer_len.
  
  The solution is to make the comparison be between types of equal width.
  This commit defines counter as an int.
  
  Fix By: Fionn Fitzmaurice (@fionn)

- [anonymoushelpishere brought this change]

  Updated help information for adig, acountry, and ahost. (#334)
  
  Provide more descriptive help information for various utilities.
  
  Fix By: @anonymoushelpishere

- [lutianxiong brought this change]

  avoid read-heap-buffer-overflow (#332)
  
  Fix invalid read in ares_parse_soa_reply.c found during fuzzing
  
  Fixes Bug: #333
  Fix By: lutianxiong (@ltx2018)

- [Ivan Baidakou brought this change]

  Fix: sizeof(sizeof(addr.saX)) -> sizeof(addr.saX) in readaddrinfo (#331)
  
  Looks like a sed-gone-wrong, a sizeof inside of a sizeof.
  
  Fix By: Ivan Baidakou (@basiliscos)

Version 1.16.1 (11 May 2020)

Brad House (11 May 2020)
- c-ares 1.16.1 release prep

- update travis to use xcode11.4

- Prevent possible double-free in ares_getaddrinfo() if ares_destroy() is called
  
  In the event that ares_destroy() is called prior to ares_getaddrinfo() completing,
  it would result in an invalid read and double-free due to calling end_hquery() twice.
  
  Reported By: Jann Horn @ Google Project Zero

GitHub (30 Apr 2020)
- [shelley vohr brought this change]

  fix: windows UNICODE incompatibilities with ares_getaddrinfo (#328)
  
  Fixes the following compatibility issues:
  * Use RegQueryValueExA instead of RegQueryValueEx
  * Use ExpandEnvironmentStringsA instead of ExpandEnvironmentStrings
  * Use RegOpenKeyExA instead of RegOpenKeyExA
  * Use GetWindowsDirectoryA instead of GetWindowsDirectoryA
  
  Fix By: Shelley Vohr (@codebytere)
  Closes: #327

Brad House (13 Apr 2020)
- travis: CloudFlare does not allow T_ANY requests, so live tests that use it fail.  Disable.

- travis: bump macos image to the latest

- cast-align warnings are false for struct sockaddr, silence
  
  Create a macro to silence false cast-align warnings when casting
  struct sockaddr * to struct sockaddr_in * and struct sockaddr_in6 *.
  
  Fix By: Brad House (@bradh352)

- MacOS: Enable libresolv support for retrieving DNS servers like iOS does.

GitHub (10 Apr 2020)
- [Dmitry Igrishin brought this change]

  CMake: Populate the INCLUDE_DIRECTORIES property of installed targets (#323)
  
  Populate the INCLUDE_DIRECTORIES property of installed targets
  
  Fix By: Dmitry Igrishin (@dmitigr)

Brad House (10 Apr 2020)
- travis: make valgrind use cmake for tests

- dont try to use libtool to run valgrind

- valgrind requires libtool installed to wrap tests

- scan build 7

- fix travis live test

- add debug for travis

- try without sudo

- attempt to modernize travis build environment

GitHub (6 Apr 2020)
- [Teemu R brought this change]

  Allow TXT records on CHAOS qclass (#321)
  
  Some DNS servers intentionally "misuse" the obsoleted CHAOS (CH) qclass to provide things like `version.bind`, `version.server`, `authors.bind`, `hostname.bind` and `id.server`.
  
  C-ares was not allowing such use cases.
  
  Fix By: Teemu R. (@rytilahti)

Brad House (5 Apr 2020)
- Remove warnings from ares_getaddrinfo.3 man page
  
  As reported in #319, non-standard macros of .IN were used.
  Replace with .RS/.RE.
  
  Fixes: #319
  Fix By: Brad House (@bradh352)

- ares_getaddrinfo man page render better for man2html

- update man pages to render better for man2html

Version 1.16.0 (12 Mar 2020)

Brad House (12 Mar 2020)
- 1.16.0 release notes draft

- attempt to fix double-free introduced in e0517f9

GitHub (12 Mar 2020)
- [David Drysdale brought this change]

  test: fuzzer input triggering double free (#315)
  
  OSS-Fuzz has reported a double-free with the fuzzer input file
  included here; run with:
    ./test/aresfuzz test/fuzzinput/clusterfuzz-5637790584012800
  
  Bisecting the failure points to commit e0517f97d988 ("Parse SOA records
  from ns_t_any response (#103)")

- [Brad House brought this change]

  CMake: Install Manpages (#314)
  
  CMake wasn't installing manpages.
  
  Fixes #297
  Fix By: Brad House (@bradh352)

- [Brad House brought this change]

  Enable cmake tests for AppVeyor (#313)
  
  Tests require linking against the static library on Windows otherwise the symbols are not exported for internals being tested.
  
  Fix By: Brad House (@bradh352)

Brad House (11 Mar 2020)
- Add AppVeyor badge

- bump c-ares version to 1.16.0. test AppVeyor integration.

GitHub (11 Mar 2020)
- [Brad House brought this change]

  replace all usages of inet_addr() with ares_inet_pton() which is more proper (#312)
  
  Replace usage of inet_addr() with ares_inet_pton() which is more appropriate and fixes issues with legitimate addresses like 255.255.255.0. IPv6 already used this.
  
  Fixes #309
  Fix By: Brad House (@bradh352)

- [Brad House brought this change]

  CMake: Generate WinPDB files during build (#311)
  
  Build and Install PDB (Windows Debug Symbol) files if supported by underlying system.
  
  Also update AppVeyor to test cmake builds.
  
  Fixes #245
  Fix By: Piotr Pietraszkiewicz (@ppietrasa) and Brad House (@bradh352)

- [Brad House brought this change]

  CMake: Rework library function checking (#310)
  
  CHECK_LIBRARY_EXISTS(), while it takes a function name, does not actually verify the function exists in the library being evaluated. Instead, if the function is found in any dependent library, and the referenced library also exists, it returns true. This is not desirable.
  
  Wrap with a Macro to change the behavior.
  
  Fixes: #307
  Fix By: Brad House (@bradh352)

- [Dron Rathore brought this change]

  Parse SOA records from ns_t_any response (#103)
  
  Added the capability of parsing SOA record from a response buffer of ns_t_any type query, this implementation doesn't interfere with existing T_SOA query's response as that too is treated as a list of records. The function returns ARES_EBADRESP if no SOA record is found(as per RFC).
  
  The basic idea of sticking to RFC that a ns_t_any too should return an SOA record is something open for discussion but I have kept the functionality intact as it was previously i.e the function returns ARES_EBADRESP if it doesn't find a SOA record regardless of which response it is parsing i.e. T_SOA or T_ANY.
  
  Note that asking for T_ANY is generally a bad idea:
  - https://blog.cloudflare.com/what-happened-next-the-deprecation-of-any/
  - https://tools.ietf.org/html/draft-ietf-dnsop-refuse-any
  
  Bug: #102
  Fix By: Dron Rathore (@DronRathore)

- [Stephen Bryant brought this change]

  Added CPack functionality for generating RPM or DEB packages (#283)
  
  Added CPack functionality for generating RPM or DEB packages
  
  ie: run `cpack -G RPM` (or "DEB") after building with CMake.
  
  The current configuration creates 3 separate packages for the shared library,
  the development files and the tools.
  
  Fix By: Stephen Bryant (@bf-bryants)

- [tjwalton brought this change]

  ares_gethostbyname: Return ENODATA if no valid A or AAAA record found (#304)
  
  ares_gethostbyname() was returning ESUCCESS when no A or AAAA record was found but a CNAME pointing nowhere was present.  ENODATA should be returned instead, however the hosts pointer will still be present to provide the alias list.
  
  * Return ENODATA if no valid A or AAAA record found
  * Fix and update test ParseAReplyNoData.
  * Add test for new ENODATA behaviour in ares_gethostbyname.
  
