-adns (1.5~~) UPSTREAM; urgency=low
+adns (1.5.2) UPSTREAM; urgency=medium
+
+ * Important security fixes:
+ CVE-2017-9103 CVE-2017-9104 CVE-2017-9105 CVE-2017-9109:
+ Vulnerable applications: all adns callers.
+ Exploitable by: the local recursive resolver.
+ Likely worst case: Remote code execution.
+ CVE-2017-9106:
+ Vulnerable applications: those that make SOA queries.
+ Exploitable by: upstream DNS data sources.
+ Likely worst case: DoS (crash of the adns-using application)
+ CVE-2017-9107:
+ Vulnerable applications: those that use adns_qf_quoteok_query.
+ Exploitable by: sources of query domain names.
+ Likely worst case: DoS (crash of the adns-using application)
+ CVE-2017-9108:
+ Vulnerable applications: adnshost.
+ Exploitable by: code responsible for framing the input.
+ Likely worst case: DoS (adnshost crashes at EOF).
+ All found by AFL 2.35b. Thanks to the University of Cambridge
+ Department of Applied Mathematics for computing facilities.
+
+ Bugfixes:
+ * Do not include spurious external symbol `data' (fixes GCC10 build).
+ * If server sends TC flag over TCP, bail rather than retrying.
+ * Do not crash on certain strange resolv.conf contents.
+ * Fix various crashes if a global system failure occurs, or
+ adns_finish is called with outstanding queries.
+ * Correct a parsing error message very slightly.
+ * DNS packet parsing: Slight fix when packet is truncated.
+ * Fix ABI compatibility in string conversion of certain RR types.
+ * internal.h: Use `unsigned' for nextid; fixes theoretical C UB.
+
+ Portability fix:
+ * common.make.in: add -Wno-unused-value. Fixes build with GCC9.
+
+ Internal changes:
+ * Additional comments describing some internal code restrions.
+ * Robustness assert() against malfunctioning write() system call.
+
+ -- Ian Jackson <ijackson@chiark.greenend.org.uk> Thu, 11 Jun 2020 15:48:12 +0100
+
+adns (1.5.1) UPSTREAM; urgency=medium
+
+ * Portability fix for systems where socklen_t is bigger than int.
+ * Fix for malicious optimisation of memcpy in test suite, which
+ causes failure with gcc-4.1.9 -O3. See Debian bug #772718.
+ * Fix TCP async connect handling. The bug is hidden on Linux and on most
+ systems where the nameserver is on localhost. If it is not hidden,
+ adns's TCP support is broken unless adns_if_noautosys is used.
+ * Fix addr queries (including subqueries, ie including deferencing MX
+ lookups etc.) not to crash when one of the address queries returns
+ tempfail. Also, do not return a spurious pointer to the application
+ when one of the address queries returns a permanent error (although,
+ the application almost certainly won't use this pointer because the
+ associated count is zero).
+ * adnsresfilter: Fix addrtextbuf buffer size. This is not actually a
+ problem in real compiled code but should be corrected.
+ * Properly include harness.h in adnstest.c in regress/. Suppresses
+ a couple of compiler warnings (implicit declaration of Texit, etc.)
+
+ -- Ian Jackson <ijackson@chiark.greenend.org.uk> Fri, 12 Aug 2016 22:53:59 +0100
+
+adns (1.5.0) UPSTREAM; urgency=low
+
+ * Release 1.5.0. No changes since 1.5.0~rc1.
+
+ -- Ian Jackson <ijackson@chiark.greenend.org.uk> Sun, 26 Oct 2014 14:57:10 +0000
+
+adns (1.5.0~rc1) UPSTREAM; urgency=low
+
+ ABI/API changes:
+ * Provide adns_qf_cname_strict flag, currently ignored because it's the
+ default. This will allow us to make this not the default in the future
+ while retaining forward and backward API and ABI compatibility.
+ * Add `sizeforce' enum member value to force enum types in the APIs to be
+ big (which will avoids theoretical future ABI-incompatibility).
+ * Reject unknown flags passed by our caller. This will make it ABI-safe
+ (although not ABI-backward-compatible) to add new flags in the future,
+ as newer clients running against this old library will get ENOSYS.
+
+ resolv.conf parsing:
+ * Support `adns_ignoreunkcfg' resolv.conf option to ignore unknown
+ options and keywords in resolv.conf.
+ * Ignore various BIND9 resolv.conf keywords and options.
+ * Fix resolv.conf option word splitting.
+
+ Tests, build system, coding style, etc.:
+ * Test cases show rrtype flag values in hex.
+ * Parallelise `make check'.
+ * Make vbuf__append_quoted1035 no longer extern (there are no out-of-file
+ callers).
+ * Remove all RCSids.
+ * When releasing, check that the `make dist' tarball is identical to git.
+ And provide a test mode for the RELEASE-CHECKLIST doc/script.
+ * Add `make dist' tarball signature to .gitignore.
+ * More correctly and effectively work around bugs in make (Debian #4073,
+ #756123) affecting regress.
+
+ -- Ian Jackson <ijackson@chiark.greenend.org.uk> Sun, 26 Oct 2014 13:24:00 +0000
+
+adns (1.5.0~rc0) UPSTREAM; urgency=low
New features:
- * Support for transport over IPv6.
* Support for queries about IPv6 data in all applicable adns
query types (including AAAA, PTR, and adns_r_addr queries).
+ (Thanks very much to Mark Wooding.)
+ * Support for transport over IPv6. (Thanks to Mark Wooding again.)
+ * adns_addr2text and adns_text2addr: Convenient functions for
+ converting between addresses and address literals.
Bugfixes:
* Fix a crashing bug in adnslogres. (Debian#392102.)
Build system fixes and improvements:
* `make clean' removes the pipes.
* Work around bugs in make (Debian #4073, #756123) affecting regress.
+ * Do not include Makefile and src/config.h in distribution tarball.
Regression test debugging improvements:
* Provide gdbwrap convenience script.
- * Honour ADNS_TEST_DEBUG env. var.
+ * Honour ADNS_TEST_DEBUG env. var. (Mark Wooding.)
Other improvements:
- * Source code cleanups.
+ * Licence changed to GPLv3 (still LGPLv2 for adns.h).
+ * Source code cleanups. (Some from Mark Wooding.)
* Now in git.
* Documentation and webpage updates.
- -- Ian Jackson <ijackson@chiark.greenend.org.uk> Sun, 19 Oct 2014 23:52:20 +0100
+ -- Ian Jackson <ijackson@chiark.greenend.org.uk> Mon, 20 Oct 2014 01:29:50 +0100
adns (1.4); urgency=low