X-Git-Url: https://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?a=blobdiff_plain;f=changelog;h=aa09bd02b0029f52715d69b5a8fb23460afd922a;hb=ccaa00188308fa3f21820f52c5d4cdf8346d1ccf;hp=e47c073b20337396a91ece52496fb47029bf1fab;hpb=2f6e879e0fca1715d5c5946bcedb4f821ce64d77;p=adns.git

diff --git a/changelog b/changelog
index e47c073..aa09bd0 100644
--- a/changelog
+++ b/changelog
@@ -1,8 +1,79 @@
-adns (1.5.2~) UPSTREAM; urgency=medium
+adns (1.6.0) UPSTREAM; urgency=medium
 
-  * 
+  Bugfixes:
+  * adnshost: Support --reverse in -f mode input stream
+  * timeout robustness against clock skew: track query start time and
+    duration.  Clock instability may now only cause spurious timeouts
+    rather than indefinite hangs or even assertion failures.
+
+  New features:
+  * adnshost: Offer ability to set adns checkc flags
+  * adnslogres: Honour --checkc-freq (if it comes first)
+  * adnsresfilter: Honour --checkc-freq and --checkc-entex
+  * time handling: Support use of CLOCK_MONOTONIC via an init flag.
+  * adns_str* etc.: Improve robustness; more allowable inputs values.
+
+  Build system improvements:
+  * clean targets: Delete $(TARGETS) too!
+  * Remove all m4 output files from the distributed source tree.
+  * Support DESTDIR=/some/absolute/path on `make install'.
+  * Provide autogen.sh.
+  * Rerun autoheader and autoconf (2.69).
+
+  Internal changes:
+  * adnshost: adh-opts.c: Whitespace adjustments to option table
+
+  Tests:
+  * New tests for fixes in 1.5.3.
+  * Fixes to test harness to avoid false positives during fuzzing.
+  * Other changes to support use with AFL.
+  * Many supporting improvements and refactorings.
+  * Fix skipped tests ($$ reference in Makefile)
+
+
+ -- Ian Jackson <ijackson@chiark.greenend.org.uk>  Thu, 11 Jun 2020 15:49:39 +0100
+
+adns (1.5.2) UPSTREAM; urgency=medium
+
+  * Important security fixes:
+     CVE-2017-9103 CVE-2017-9104 CVE-2017-9105 CVE-2017-9109:
+	Vulnerable applications: all adns callers.
+        Exploitable by: the local recursive resolver.
+	Likely worst case: Remote code execution.
+     CVE-2017-9106:
+	Vulnerable applications: those that make SOA queries.
+        Exploitable by: upstream DNS data sources.
+	Likely worst case: DoS (crash of the adns-using application)
+     CVE-2017-9107:
+	Vulnerable applications: those that use adns_qf_quoteok_query.
+        Exploitable by: sources of query domain names.
+	Likely worst case: DoS (crash of the adns-using application)
+     CVE-2017-9108:
+	Vulnerable applications: adnshost.
+        Exploitable by: code responsible for framing the input.
+        Likely worst case: DoS (adnshost crashes at EOF).
+    All found by AFL 2.35b.  Thanks to the University of Cambridge
+    Department of Applied Mathematics for computing facilities.
 
- --
+  Bugfixes:
+  * Do not include spurious external symbol `data' (fixes GCC10 build).
+  * If server sends TC flag over TCP, bail rather than retrying.
+  * Do not crash on certain strange resolv.conf contents.
+  * Fix various crashes if a global system failure occurs, or
+    adns_finish is called with outstanding queries.
+  * Correct a parsing error message very slightly.
+  * DNS packet parsing: Slight fix when packet is truncated.
+  * Fix ABI compatibility in string conversion of certain RR types.
+  * internal.h: Use `unsigned' for nextid; fixes theoretical C UB.
+
+  Portability fix:
+  * common.make.in: add -Wno-unused-value.  Fixes build with GCC9.
+
+  Internal changes:
+  * Additional comments describing some internal code restrions.
+  * Robustness assert() against malfunctioning write() system call.
+
+ -- Ian Jackson <ijackson@chiark.greenend.org.uk>  Thu, 11 Jun 2020 15:48:12 +0100
 
 adns (1.5.1) UPSTREAM; urgency=medium