-adns (0.9) unstable; urgency=high
+adns (1.6.0) UPSTREAM; urgency=medium
+
+ Bugfixes:
+ * adnshost: Support --reverse in -f mode input stream
+ * timeout robustness against clock skew: track query start time and
+ duration. Clock instability may now only cause spurious timeouts
+ rather than indefinite hangs or even assertion failures.
+
+ New features:
+ * adnshost: Offer ability to set adns checkc flags
+ * adnslogres: Honour --checkc-freq (if it comes first)
+ * adnsresfilter: Honour --checkc-freq and --checkc-entex
+ * time handling: Support use of CLOCK_MONOTONIC via an init flag.
+ * adns_str* etc.: Improve robustness; more allowable inputs values.
+
+ Build system improvements:
+ * clean targets: Delete $(TARGETS) too!
+ * Remove all m4 output files from the distributed source tree.
+ * Support DESTDIR=/some/absolute/path on `make install'.
+ * Provide autogen.sh.
+ * Rerun autoheader and autoconf (2.69).
+
+ Internal changes:
+ * adnshost: adh-opts.c: Whitespace adjustments to option table
+
+ Tests:
+ * New tests for fixes in 1.5.3.
+ * Fixes to test harness to avoid false positives during fuzzing.
+ * Other changes to support use with AFL.
+ * Many supporting improvements and refactorings.
+ * Fix skipped tests ($$ reference in Makefile)
+
+
+ -- Ian Jackson <ijackson@chiark.greenend.org.uk> Thu, 11 Jun 2020 15:49:39 +0100
+
+adns (1.5.2) UPSTREAM; urgency=medium
+
+ * Important security fixes:
+ CVE-2017-9103 CVE-2017-9104 CVE-2017-9105 CVE-2017-9109:
+ Vulnerable applications: all adns callers.
+ Exploitable by: the local recursive resolver.
+ Likely worst case: Remote code execution.
+ CVE-2017-9106:
+ Vulnerable applications: those that make SOA queries.
+ Exploitable by: upstream DNS data sources.
+ Likely worst case: DoS (crash of the adns-using application)
+ CVE-2017-9107:
+ Vulnerable applications: those that use adns_qf_quoteok_query.
+ Exploitable by: sources of query domain names.
+ Likely worst case: DoS (crash of the adns-using application)
+ CVE-2017-9108:
+ Vulnerable applications: adnshost.
+ Exploitable by: code responsible for framing the input.
+ Likely worst case: DoS (adnshost crashes at EOF).
+ All found by AFL 2.35b. Thanks to the University of Cambridge
+ Department of Applied Mathematics for computing facilities.
+
+ Bugfixes:
+ * Do not include spurious external symbol `data' (fixes GCC10 build).
+ * If server sends TC flag over TCP, bail rather than retrying.
+ * Do not crash on certain strange resolv.conf contents.
+ * Fix various crashes if a global system failure occurs, or
+ adns_finish is called with outstanding queries.
+ * Correct a parsing error message very slightly.
+ * DNS packet parsing: Slight fix when packet is truncated.
+ * Fix ABI compatibility in string conversion of certain RR types.
+ * internal.h: Use `unsigned' for nextid; fixes theoretical C UB.
+
+ Portability fix:
+ * common.make.in: add -Wno-unused-value. Fixes build with GCC9.
+
+ Internal changes:
+ * Additional comments describing some internal code restrions.
+ * Robustness assert() against malfunctioning write() system call.
+
+ -- Ian Jackson <ijackson@chiark.greenend.org.uk> Thu, 11 Jun 2020 15:48:12 +0100
+
+adns (1.5.1) UPSTREAM; urgency=medium
+
+ * Portability fix for systems where socklen_t is bigger than int.
+ * Fix for malicious optimisation of memcpy in test suite, which
+ causes failure with gcc-4.1.9 -O3. See Debian bug #772718.
+ * Fix TCP async connect handling. The bug is hidden on Linux and on most
+ systems where the nameserver is on localhost. If it is not hidden,
+ adns's TCP support is broken unless adns_if_noautosys is used.
+ * Fix addr queries (including subqueries, ie including deferencing MX
+ lookups etc.) not to crash when one of the address queries returns
+ tempfail. Also, do not return a spurious pointer to the application
+ when one of the address queries returns a permanent error (although,
+ the application almost certainly won't use this pointer because the
+ associated count is zero).
+ * adnsresfilter: Fix addrtextbuf buffer size. This is not actually a
+ problem in real compiled code but should be corrected.
+ * Properly include harness.h in adnstest.c in regress/. Suppresses
+ a couple of compiler warnings (implicit declaration of Texit, etc.)
+
+ -- Ian Jackson <ijackson@chiark.greenend.org.uk> Fri, 12 Aug 2016 22:53:59 +0100
+
+adns (1.5.0) UPSTREAM; urgency=low
+
+ * Release 1.5.0. No changes since 1.5.0~rc1.
+
+ -- Ian Jackson <ijackson@chiark.greenend.org.uk> Sun, 26 Oct 2014 14:57:10 +0000
+
+adns (1.5.0~rc1) UPSTREAM; urgency=low
+
+ ABI/API changes:
+ * Provide adns_qf_cname_strict flag, currently ignored because it's the
+ default. This will allow us to make this not the default in the future
+ while retaining forward and backward API and ABI compatibility.
+ * Add `sizeforce' enum member value to force enum types in the APIs to be
+ big (which will avoids theoretical future ABI-incompatibility).
+ * Reject unknown flags passed by our caller. This will make it ABI-safe
+ (although not ABI-backward-compatible) to add new flags in the future,
+ as newer clients running against this old library will get ENOSYS.
+
+ resolv.conf parsing:
+ * Support `adns_ignoreunkcfg' resolv.conf option to ignore unknown
+ options and keywords in resolv.conf.
+ * Ignore various BIND9 resolv.conf keywords and options.
+ * Fix resolv.conf option word splitting.
+
+ Tests, build system, coding style, etc.:
+ * Test cases show rrtype flag values in hex.
+ * Parallelise `make check'.
+ * Make vbuf__append_quoted1035 no longer extern (there are no out-of-file
+ callers).
+ * Remove all RCSids.
+ * When releasing, check that the `make dist' tarball is identical to git.
+ And provide a test mode for the RELEASE-CHECKLIST doc/script.
+ * Add `make dist' tarball signature to .gitignore.
+ * More correctly and effectively work around bugs in make (Debian #4073,
+ #756123) affecting regress.
+
+ -- Ian Jackson <ijackson@chiark.greenend.org.uk> Sun, 26 Oct 2014 13:24:00 +0000
+
+adns (1.5.0~rc0) UPSTREAM; urgency=low
+
+ New features:
+ * Support for queries about IPv6 data in all applicable adns
+ query types (including AAAA, PTR, and adns_r_addr queries).
+ (Thanks very much to Mark Wooding.)
+ * Support for transport over IPv6. (Thanks to Mark Wooding again.)
+ * adns_addr2text and adns_text2addr: Convenient functions for
+ converting between addresses and address literals.
+
+ Bugfixes:
+ * Fix a crashing bug in adnslogres. (Debian#392102.)
+ * Do all checks of checked PTR owner name before actually sending the
+ query, and reject IPv4 PTR owner names whose labels have leading zero
+ digits or values >255.
+
+ Build system fixes and improvements:
+ * `make clean' removes the pipes.
+ * Work around bugs in make (Debian #4073, #756123) affecting regress.
+ * Do not include Makefile and src/config.h in distribution tarball.
+
+ Regression test debugging improvements:
+ * Provide gdbwrap convenience script.
+ * Honour ADNS_TEST_DEBUG env. var. (Mark Wooding.)
+
+ Other improvements:
+ * Licence changed to GPLv3 (still LGPLv2 for adns.h).
+ * Source code cleanups. (Some from Mark Wooding.)
+ * Now in git.
+ * Documentation and webpage updates.
+
+ -- Ian Jackson <ijackson@chiark.greenend.org.uk> Mon, 20 Oct 2014 01:29:50 +0100
+
+adns (1.4); urgency=low
+
+ Improvements for multithreaded programs:
+ * New documentation comment in adns.h explaining thread guarantees
+ (or lack of them), replaces `single-threaded' note at the top.
+ * Fix string conversion of adns_r_addr not to use a static buffer
+ (function csp_addr) so as to make thread promise true.
+ * Make an internal variable const-correct (expectdomain in pa_ptr).
+
+ -- Ian Jackson <ian@davenant.greenend.org.uk> Tue, 17 Oct 2006 17:05:08 +0100
+
+adns (1.3); urgency=low
+
+ Portability fixes:
+ * Cast ptrdiff_t to int for %.*s length in adnsheloex and adnslogres,
+ as is required. (Report from Jim Meyering.)
+ * In configure.in, quote macro name argument to define() to
+ suppress spurious autoconf error. (Report from Mihai Ibanescu.)
+ * Use autoconf's values for {bin,lib,include}dir rather than inventing
+ our own from @exec_prefix@, making configure --libdir work.
+ (Patch from Mihai Ibanescu.)
+ * Remove spurious `_' from {bin,lib,include}dir Makefile variables.
+ (Report from Mihai Ibanescu.)
+ * Do away with `mismatch' variable in parse.c:adns__findrr_anychk so that
+ overzealous GCC cannot complain about members of eo_fls being
+ uninitialised. (Report from Jim Meyering.)
+
+ -- Ian Jackson <ian@davenant.greenend.org.uk> Tue, 6 Jun 2006 20:22:30 +0100
+
+adns (1.2); urgency=medium
+
+ New features:
+ * Support for SRV RRs.
+ * Support for unknown RR types (according to RFC3597) via adns_r_unknown.
+ * Allow `;'-comments in resolv.conf (report from Colin Charles).
+ * New adnsheloex client courtesy of Tony Finch.
+ * New adns_init_logfn etc. for having logging use a callback function.
+
+ Bugfixes:
+ * Fix error in prototype in definition of adns__parse_domain.
+ * Add missing ENOTSOCK to hcommon.c.m4 (was already in hcommon.c!)
+
+ Portability fixes prompted by Bernd Eckenfels, the Debian maintainer:
+ * Correct type of various printf arguments: ptrdiff_t != int.
+ * Do not print size of leaked blocks of memory (this causes
+ a spurious regression test failure on some platforms).
+ * Provide adns_if_none and adns_qf_none (which will help with compilers
+ which complain about plain `0' being passed where an enum is wanted).
+ * adnstest converts some errno values to EFOOBAR: all of the ones
+ mentioned in adns.h, at least. This makes the regression test
+ more portable (fixes problem noticed by Bernd Eckenfels).
+ * Add -Wno-pointer-sign if GCC has that option.
+
+ Documentation improvements:
+ * Add documentation comment by definition of adns_r_ptr_raw type enum.
+ * Document in adns.h EINVAL from adns_init meaning bad configuration.
+ * Include several new references to related programs to README.html.
+ * Redacted the TODO list.
+ * New LICENCE.WAIVERS file for GPL-incompatility workarounds.
+ * Clarified GPL-vs-LGPL: a bit less hostile and a bit more mercenary.
+ * Copyright notices updated.
+
+ Packaging changes:
+ * Update MINOR to 2 and DISTVERSION and ADNS_VERSION_STRING to 1.2.
+ * Reran autoconf/autoheader (autoconf Debian 2.13-54).
+ * Create $(bin_dir) and $(lib_dir) on `make install', and also
+ make a libadns.so.1 -> libadns.so.1.<minor> link. (Suggestions
+ and patch from Nix of esperi.org.uk.)
+ * Add .PHONY: install to Makefile, to help people with demented fs's.
+ * Darwin listed in INSTALL.
+
+ Minor test harness improvements:
+ * Hgettimeofday calls Tensurerecordfile (was Tensureinput/outputfile).
+ * Add bind(2) and listen(2) wrappers (for epithet, but harmless in adns).
+
+ -- Ian Jackson <ian@davenant.greenend.org.uk> Sat, 8 Apr 2006 15:41:28 +0100
+
+adns (1.1); urgency=medium
+
+ Major bugfixes:
+ * Do not spin if connect() fails immediately (!)
+ * Stop searching on a CNAME (even if it's broken).
+ * When search list runs out, _qf_owner sets owner to query domain.
+ * Fix bogus multiple updates to p in transmit.c (!)
+
+ Portability improvements:
+ * Fix up spurious #undef's in hredirect.h.
+ * Don't use <sys/select.h> any more, it was a mistake made in pre-1.0
+ (and there doesn't seem to be much explanation why).
+ * Understand and sort of check OpenBSD `lookup' resolv.conf directive.
+ * #include <stdlib.h> in internal.h (for abort etc).
+ * Always #include <sys/types.h> before <sys/socket.h> (for FreeBSD 4.6).
+
+ Cosmetic and documentation improvements:
+ * Added wishlist entry re configurable port no.
+ * Problem with SERVFAIL in TODO.
+ * README.html: mentioned Jarle Aase's Windows port, and other fixes.
+ * Some better source code formatting/wrapping.
+
+ -- Ian Jackson <ian@davenant.greenend.org.uk> Tue, 1 Jul 2003 22:55:29 +0100
+
+adns (1.0); urgency=medium
+
+ Bugfixes:
+ * Treat 8-bit characters in email addrs as RFC822 `special' (=> quote).
+ * Fix incorrect `compressed datagram contains loop' error.
+ * Actually compile shared libraries by default !
+ * Fix adnsresfilter usage message to include correct default timeout.
+
+ General improvements:
+ * adnshost, adnslogres, adnsresfilter have options for config override.
+ * adnsresfilter has --debug option.
+ * Improvements to adnslogres (incl. new -c option) from Tony Finch.
+ * adnslogres has --help option, all utilities support --version.
+ * Documentation improved somewhat, including new GPL-vs-LGPL file.
+
+ Changes for non-BETA release:
+ * Change shared library soname to 1.0.
+ * Do not install adnstest test utility.
+
+ Regression test improvements:
+ * Tests now include adnshost, adnslogres and adnsresfilter.
+ * Test cancellation both before and after query completion.
+
+ Portability fixes and cleanups:
+ * adnstest: setvbuf(stdout,...) before we do first output.
+ * Cope with compilers that don't do `inline'.
+ * Add and fix various missing system #includes.
+ * Find install-sh properly when we need to use it, and chmod it +x.
+ * Do not use variadic macro, use stdarg instead (adnslogres.c).
+ * Regression tests work even if some syscalls are already macros.
+ * #include "config.h" before "adns.h".
+ * Cast a sizeof(...) in src/event.c to unsigned long before printing.
+ * Add pre-generated versions of m4-generated files in regress/.
+ * Kill bogus warning, adh-main.c: `arg2' might be used uninitialized ...
+ * Add extra {...} near adnslogres.c:167 to kill spurious warning.
+ * Use `printf' instead of `echo -n'.
+ * Add list of tested platforms in INSTALL file.
+
+ -- Ian Jackson <ian@davenant.greenend.org.uk> Sun, 17 Sep 2000 15:15:58 +0100
+
+adns (0.9) BETA; urgency=high
Bug fixes:
* Don't make _processany always kill the TCP connection with the message
* Referrals with RD+RA set, or RCODE=Refused, don't generate warnings,
just debug messages. BIND does this kind of thing all the time.
- --
+ -- Ian Jackson <ian@davenant.greenend.org.uk> Wed, 9 Aug 2000 16:59:28 +0100
adns (0.8) BETA; urgency=medium
~ianmdlvl / adns.git / blobdiff