+adns (1.6.1) UPSTREAM; urgency=low
+
+ Minor bugfix:
+ * Suppress warning about `trust-ad` in resolv.conf. Debian #1028112.
+
+ Build system:
+ * Honour DESTDIR, avoiding need for prefix= workaround.
+ [Contribution from Sergey Poznyakoff]
+ * regression tests: Add missing dependency on hsyscalls.h.
+ GNU #51329. [Report from Sergei Trofimovich]
+ * regression tests: build with 64-bit time_t on 32-bit systems.
+ Debian #1065725, Ubuntu Launchpad #2057735.
+ [Report from Sebastian Ramacher]
+
+ Documentation:
+ * Fix all http: URLs in docs to be https: instead.
+
+ -- Ian Jackson <ijackson@chiark.greenend.org.uk> Sun, 05 May 2024 22:39:28 +0100
+
+adns (1.6.0) UPSTREAM; urgency=medium
+
+ Bugfixes:
+ * adnshost: Support --reverse in -f mode input stream
+ * timeout robustness against clock skew: track query start time and
+ duration. Clock instability may now only cause spurious timeouts
+ rather than indefinite hangs or even assertion failures.
+
+ New features:
+ * adnshost: Offer ability to set adns checkc flags
+ * adnslogres: Honour --checkc-freq (if it comes first)
+ * adnsresfilter: Honour --checkc-freq and --checkc-entex
+ * time handling: Support use of CLOCK_MONOTONIC via an init flag.
+ * adns_str* etc.: Improve robustness; more allowable inputs values.
+
+ Build system improvements:
+ * clean targets: Delete $(TARGETS) too!
+ * Remove all m4 output files from the distributed source tree.
+ * Support DESTDIR=/some/absolute/path on `make install'.
+ * Provide autogen.sh.
+ * Rerun autoheader and autoconf (2.69).
+
+ Internal changes:
+ * adnshost: adh-opts.c: Whitespace adjustments to option table
+
+ Tests:
+ * New tests for fixes in 1.5.3.
+ * Fixes to test harness to avoid false positives during fuzzing.
+ * Other changes to support use with AFL.
+ * Many supporting improvements and refactorings.
+ * Fix skipped tests ($$ reference in Makefile)
+
+
+ -- Ian Jackson <ijackson@chiark.greenend.org.uk> Thu, 11 Jun 2020 15:49:39 +0100
+
+adns (1.5.2) UPSTREAM; urgency=medium
+
+ * Important security fixes:
+ CVE-2017-9103 CVE-2017-9104 CVE-2017-9105 CVE-2017-9109:
+ Vulnerable applications: all adns callers.
+ Exploitable by: the local recursive resolver.
+ Likely worst case: Remote code execution.
+ CVE-2017-9106:
+ Vulnerable applications: those that make SOA queries.
+ Exploitable by: upstream DNS data sources.
+ Likely worst case: DoS (crash of the adns-using application)
+ CVE-2017-9107:
+ Vulnerable applications: those that use adns_qf_quoteok_query.
+ Exploitable by: sources of query domain names.
+ Likely worst case: DoS (crash of the adns-using application)
+ CVE-2017-9108:
+ Vulnerable applications: adnshost.
+ Exploitable by: code responsible for framing the input.
+ Likely worst case: DoS (adnshost crashes at EOF).
+ All found by AFL 2.35b. Thanks to the University of Cambridge
+ Department of Applied Mathematics for computing facilities.
+
+ Bugfixes:
+ * Do not include spurious external symbol `data' (fixes GCC10 build).
+ * If server sends TC flag over TCP, bail rather than retrying.
+ * Do not crash on certain strange resolv.conf contents.
+ * Fix various crashes if a global system failure occurs, or
+ adns_finish is called with outstanding queries.
+ * Correct a parsing error message very slightly.
+ * DNS packet parsing: Slight fix when packet is truncated.
+ * Fix ABI compatibility in string conversion of certain RR types.
+ * internal.h: Use `unsigned' for nextid; fixes theoretical C UB.
+
+ Portability fix:
+ * common.make.in: add -Wno-unused-value. Fixes build with GCC9.
+
+ Internal changes:
+ * Additional comments describing some internal code restrions.
+ * Robustness assert() against malfunctioning write() system call.
+
+ -- Ian Jackson <ijackson@chiark.greenend.org.uk> Thu, 11 Jun 2020 15:48:12 +0100
+
+adns (1.5.1) UPSTREAM; urgency=medium
+
+ * Portability fix for systems where socklen_t is bigger than int.
+ * Fix for malicious optimisation of memcpy in test suite, which
+ causes failure with gcc-4.1.9 -O3. See Debian bug #772718.
+ * Fix TCP async connect handling. The bug is hidden on Linux and on most
+ systems where the nameserver is on localhost. If it is not hidden,
+ adns's TCP support is broken unless adns_if_noautosys is used.
+ * Fix addr queries (including subqueries, ie including deferencing MX
+ lookups etc.) not to crash when one of the address queries returns
+ tempfail. Also, do not return a spurious pointer to the application
+ when one of the address queries returns a permanent error (although,
+ the application almost certainly won't use this pointer because the
+ associated count is zero).
+ * adnsresfilter: Fix addrtextbuf buffer size. This is not actually a
+ problem in real compiled code but should be corrected.
+ * Properly include harness.h in adnstest.c in regress/. Suppresses
+ a couple of compiler warnings (implicit declaration of Texit, etc.)
+
+ -- Ian Jackson <ijackson@chiark.greenend.org.uk> Fri, 12 Aug 2016 22:53:59 +0100
+
+adns (1.5.0) UPSTREAM; urgency=low
+
+ * Release 1.5.0. No changes since 1.5.0~rc1.
+
+ -- Ian Jackson <ijackson@chiark.greenend.org.uk> Sun, 26 Oct 2014 14:57:10 +0000
+
adns (1.5.0~rc1) UPSTREAM; urgency=low
ABI/API changes: