X-Git-Url: https://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?a=blobdiff_plain;f=changelog;h=aa09bd02b0029f52715d69b5a8fb23460afd922a;hb=ccaa00188308fa3f21820f52c5d4cdf8346d1ccf;hp=dcc43b81c4d7be41e9a2884b7c00be83b6711f94;hpb=571b072e2fcb2cfeb3d253f4dff0f1c167238b7c;p=adns.git diff --git a/changelog b/changelog index dcc43b8..aa09bd0 100644 --- a/changelog +++ b/changelog @@ -1,3 +1,80 @@ +adns (1.6.0) UPSTREAM; urgency=medium + + Bugfixes: + * adnshost: Support --reverse in -f mode input stream + * timeout robustness against clock skew: track query start time and + duration. Clock instability may now only cause spurious timeouts + rather than indefinite hangs or even assertion failures. + + New features: + * adnshost: Offer ability to set adns checkc flags + * adnslogres: Honour --checkc-freq (if it comes first) + * adnsresfilter: Honour --checkc-freq and --checkc-entex + * time handling: Support use of CLOCK_MONOTONIC via an init flag. + * adns_str* etc.: Improve robustness; more allowable inputs values. + + Build system improvements: + * clean targets: Delete $(TARGETS) too! + * Remove all m4 output files from the distributed source tree. + * Support DESTDIR=/some/absolute/path on `make install'. + * Provide autogen.sh. + * Rerun autoheader and autoconf (2.69). + + Internal changes: + * adnshost: adh-opts.c: Whitespace adjustments to option table + + Tests: + * New tests for fixes in 1.5.3. + * Fixes to test harness to avoid false positives during fuzzing. + * Other changes to support use with AFL. + * Many supporting improvements and refactorings. + * Fix skipped tests ($$ reference in Makefile) + + + -- Ian Jackson Thu, 11 Jun 2020 15:49:39 +0100 + +adns (1.5.2) UPSTREAM; urgency=medium + + * Important security fixes: + CVE-2017-9103 CVE-2017-9104 CVE-2017-9105 CVE-2017-9109: + Vulnerable applications: all adns callers. + Exploitable by: the local recursive resolver. + Likely worst case: Remote code execution. + CVE-2017-9106: + Vulnerable applications: those that make SOA queries. + Exploitable by: upstream DNS data sources. + Likely worst case: DoS (crash of the adns-using application) + CVE-2017-9107: + Vulnerable applications: those that use adns_qf_quoteok_query. + Exploitable by: sources of query domain names. + Likely worst case: DoS (crash of the adns-using application) + CVE-2017-9108: + Vulnerable applications: adnshost. + Exploitable by: code responsible for framing the input. + Likely worst case: DoS (adnshost crashes at EOF). + All found by AFL 2.35b. Thanks to the University of Cambridge + Department of Applied Mathematics for computing facilities. + + Bugfixes: + * Do not include spurious external symbol `data' (fixes GCC10 build). + * If server sends TC flag over TCP, bail rather than retrying. + * Do not crash on certain strange resolv.conf contents. + * Fix various crashes if a global system failure occurs, or + adns_finish is called with outstanding queries. + * Correct a parsing error message very slightly. + * DNS packet parsing: Slight fix when packet is truncated. + * Fix ABI compatibility in string conversion of certain RR types. + * internal.h: Use `unsigned' for nextid; fixes theoretical C UB. + + Portability fix: + * common.make.in: add -Wno-unused-value. Fixes build with GCC9. + + Internal changes: + * Additional comments describing some internal code restrions. + * Robustness assert() against malfunctioning write() system call. + + -- Ian Jackson Thu, 11 Jun 2020 15:48:12 +0100 + adns (1.5.1) UPSTREAM; urgency=medium * Portability fix for systems where socklen_t is bigger than int.