Document 1.5.2 changes and set version number

Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>

diff --git a/Makefile.in b/Makefile.in
index 3c9a03cd60ff0a998aa0e2b184dbbc1c6c200bab..0889ad9d3815b6c5b1c9c081c315bfb434ed4197 100644 (file)
--- a/Makefile.in
+++ b/Makefile.in
@@ -24,7 +24,7 @@ include               ./common.make
 
 # Remember to change ADNS_VERSION_STRING in client/client.h too, and
 # possibly library soname (MAJOR and MINOR in common.make.in).
-DISTVERSION=   1.5.1
+DISTVERSION=   1.5.2
 
 srcdir=                @srcdir@
 VPATH=         @srcdir@

diff --git a/NEWS b/NEWS
index 4cb96303684cdf586426bc4935963f32bcfbfac0..18130c2b83d5c0348bf1c8d6160523d4c088211e 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,7 @@
+Changes in adns 1.5.2, since adns 1.5.1, are:
+
+ Important security fixes, and other bugfixes.  See changelog.
+
 Changes in adns 1.5.1, since adns 1.5.0, are:
 
  Bugfixes.  See changelog.

diff --git a/changelog b/changelog
index e47c073b20337396a91ece52496fb47029bf1fab..a0cfb25bafbb354691971a4d17ae042a4f21d3f7 100644 (file)
--- a/changelog
+++ b/changelog
@@ -1,8 +1,44 @@
-adns (1.5.2~) UPSTREAM; urgency=medium
+adns (1.5.2) UPSTREAM; urgency=medium
+
+  * Important security fixes:
+     CVE-2017-9103 CVE-2017-9104 CVE-2017-9105 CVE-2017-9109:
+       Vulnerable applications: all adns callers.
+        Exploitable by: the local recursive resolver.
+       Likely worst case: Remote code execution.
+     CVE-2017-9106:
+       Vulnerable applications: those that make SOA queries.
+        Exploitable by: upstream DNS data sources.
+       Likely worst case: DoS (crash of the adns-using application)
+     CVE-2017-9107:
+       Vulnerable applications: those that use adns_qf_quoteok_query.
+        Exploitable by: sources of query domain names.
+       Likely worst case: DoS (crash of the adns-using application)
+     CVE-2017-9108:
+       Vulnerable applications: adnshost.
+        Exploitable by: code responsible for framing the input.
+        Likely worst case: DoS (adnshost crashes at EOF).
+    All found by AFL 2.35b.  Thanks to the University of Cambridge
+    Department of Applied Mathematics for computing facilities.
 
-  * 
-
- --
+  Bugfixes:
+  * Do not include spurious external symbol `data' (fixes GCC10 build).
+  * If server sends TC flag over TCP, bail rather than retrying.
+  * Do not crash on certain strange resolv.conf contents.
+  * Fix various crashes if a global system failure occurs, or
+    adns_finish is called with outstanding queries.
+  * Correct a parsing error message very slightly.
+  * DNS packet parsing: Slight fix when packet is truncated.
+  * Fix ABI compatibility in string conversion of certain RR types.
+  * internal.h: Use `unsigned' for nextid; fixes theoretical C UB.
+
+  Portability fix:
+  * common.make.in: add -Wno-unused-value.  Fixes build with GCC9.
+
+  Internal changes:
+  * Additional comments describing some internal code restrions.
+  * Robustness assert() against malfunctioning write() system call.
+
+ -- Ian Jackson <ijackson@chiark.greenend.org.uk>  Thu, 11 Jun 2020 15:48:12 +0100
 
 adns (1.5.1) UPSTREAM; urgency=medium
 

diff --git a/client/client.h b/client/client.h
index 535c04c92eca2411d8c0bddc671ac21c9bd80b21..5d9c271c83a2b547659acd597445e8faa90e27a9 100644 (file)
--- a/client/client.h
+++ b/client/client.h
@@ -27,7 +27,7 @@
 #ifndef CLIENT_H_INCLUDED
 #define CLIENT_H_INCLUDED
 
-#define ADNS_VERSION_STRING "1.5.1"
+#define ADNS_VERSION_STRING "1.5.2"
 
 #define COPYRIGHT_MESSAGE \
  "Copyright (C) 1997-2000,2003,2006,2014-2016,2020  Ian Jackson\n" \