-adns (1.5.1~~) unstable; urgency=low
+adns (1.6.1) UPSTREAM; urgency=low
+
+ Minor bugfix:
+ * Suppress warning about `trust-ad` in resolv.conf. Debian #1028112.
+
+ Build system:
+ * Honour DESTDIR, avoiding need for prefix= workaround.
+ [Contribution from Sergey Poznyakoff]
+ * regression tests: Add missing dependency on hsyscalls.h.
+ GNU #51329. [Report from Sergei Trofimovich]
+ * regression tests: build with 64-bit time_t on 32-bit systems.
+ Debian #1065725, Ubuntu Launchpad #2057735.
+ [Report from Sebastian Ramacher]
+
+ Documentation:
+ * Fix all http: URLs in docs to be https: instead.
+
+ -- Ian Jackson <ijackson@chiark.greenend.org.uk> Sun, 05 May 2024 22:39:28 +0100
+
+adns (1.6.0) UPSTREAM; urgency=medium
+
+ Bugfixes:
+ * adnshost: Support --reverse in -f mode input stream
+ * timeout robustness against clock skew: track query start time and
+ duration. Clock instability may now only cause spurious timeouts
+ rather than indefinite hangs or even assertion failures.
+
+ New features:
+ * adnshost: Offer ability to set adns checkc flags
+ * adnslogres: Honour --checkc-freq (if it comes first)
+ * adnsresfilter: Honour --checkc-freq and --checkc-entex
+ * time handling: Support use of CLOCK_MONOTONIC via an init flag.
+ * adns_str* etc.: Improve robustness; more allowable inputs values.
+
+ Build system improvements:
+ * clean targets: Delete $(TARGETS) too!
+ * Remove all m4 output files from the distributed source tree.
+ * Support DESTDIR=/some/absolute/path on `make install'.
+ * Provide autogen.sh.
+ * Rerun autoheader and autoconf (2.69).
+
+ Internal changes:
+ * adnshost: adh-opts.c: Whitespace adjustments to option table
+
+ Tests:
+ * New tests for fixes in 1.5.3.
+ * Fixes to test harness to avoid false positives during fuzzing.
+ * Other changes to support use with AFL.
+ * Many supporting improvements and refactorings.
+ * Fix skipped tests ($$ reference in Makefile)
+
+
+ -- Ian Jackson <ijackson@chiark.greenend.org.uk> Thu, 11 Jun 2020 15:49:39 +0100
+
+adns (1.5.2) UPSTREAM; urgency=medium
+
+ * Important security fixes:
+ CVE-2017-9103 CVE-2017-9104 CVE-2017-9105 CVE-2017-9109:
+ Vulnerable applications: all adns callers.
+ Exploitable by: the local recursive resolver.
+ Likely worst case: Remote code execution.
+ CVE-2017-9106:
+ Vulnerable applications: those that make SOA queries.
+ Exploitable by: upstream DNS data sources.
+ Likely worst case: DoS (crash of the adns-using application)
+ CVE-2017-9107:
+ Vulnerable applications: those that use adns_qf_quoteok_query.
+ Exploitable by: sources of query domain names.
+ Likely worst case: DoS (crash of the adns-using application)
+ CVE-2017-9108:
+ Vulnerable applications: adnshost.
+ Exploitable by: code responsible for framing the input.
+ Likely worst case: DoS (adnshost crashes at EOF).
+ All found by AFL 2.35b. Thanks to the University of Cambridge
+ Department of Applied Mathematics for computing facilities.
+
+ Bugfixes:
+ * Do not include spurious external symbol `data' (fixes GCC10 build).
+ * If server sends TC flag over TCP, bail rather than retrying.
+ * Do not crash on certain strange resolv.conf contents.
+ * Fix various crashes if a global system failure occurs, or
+ adns_finish is called with outstanding queries.
+ * Correct a parsing error message very slightly.
+ * DNS packet parsing: Slight fix when packet is truncated.
+ * Fix ABI compatibility in string conversion of certain RR types.
+ * internal.h: Use `unsigned' for nextid; fixes theoretical C UB.
+
+ Portability fix:
+ * common.make.in: add -Wno-unused-value. Fixes build with GCC9.
+
+ Internal changes:
+ * Additional comments describing some internal code restrions.
+ * Robustness assert() against malfunctioning write() system call.
+
+ -- Ian Jackson <ijackson@chiark.greenend.org.uk> Thu, 11 Jun 2020 15:48:12 +0100
+
+adns (1.5.1) UPSTREAM; urgency=medium
* Portability fix for systems where socklen_t is bigger than int.
* Fix for malicious optimisation of memcpy in test suite, which
* Fix TCP async connect handling. The bug is hidden on Linux and on most
systems where the nameserver is on localhost. If it is not hidden,
adns's TCP support is broken unless adns_if_noautosys is used.
-
- --
+ * Fix addr queries (including subqueries, ie including deferencing MX
+ lookups etc.) not to crash when one of the address queries returns
+ tempfail. Also, do not return a spurious pointer to the application
+ when one of the address queries returns a permanent error (although,
+ the application almost certainly won't use this pointer because the
+ associated count is zero).
+ * adnsresfilter: Fix addrtextbuf buffer size. This is not actually a
+ problem in real compiled code but should be corrected.
+ * Properly include harness.h in adnstest.c in regress/. Suppresses
+ a couple of compiler warnings (implicit declaration of Texit, etc.)
+
+ -- Ian Jackson <ijackson@chiark.greenend.org.uk> Fri, 12 Aug 2016 22:53:59 +0100
adns (1.5.0) UPSTREAM; urgency=low
~ianmdlvl / adns.git / blobdiff