adns (1.6.0) UPSTREAM; urgency=medium
Bugfixes:
* adnshost: Support --reverse in -f mode input stream
* timeout robustness against clock skew: track query start time and
duration. Clock instability may now only cause spurious timeouts
rather than indefinite hangs or even assertion failures.
New features:
* adnshost: Offer ability to set adns checkc flags
* adnslogres: Honour --checkc-freq (if it comes first)
* adnsresfilter: Honour --checkc-freq and --checkc-entex
* time handling: Support use of CLOCK_MONOTONIC via an init flag.
* adns_str* etc.: Improve robustness; more allowable inputs values.
Build system improvements:
* clean targets: Delete $(TARGETS) too!
* Remove all m4 output files from the distributed source tree.
* Support DESTDIR=/some/absolute/path on `make install'.
* Provide autogen.sh.
* Rerun autoheader and autoconf (2.69).
Internal changes:
* adnshost: adh-opts.c: Whitespace adjustments to option table
Tests:
* New tests for fixes in 1.5.3.
* Fixes to test harness to avoid false positives during fuzzing.
* Other changes to support use with AFL.
* Many supporting improvements and refactorings.
* Fix skipped tests ($$ reference in Makefile)
-- Ian Jackson <ijackson@chiark.greenend.org.uk> Thu, 11 Jun 2020 15:49:39 +0100
adns (1.5.2) UPSTREAM; urgency=medium
* Important security fixes:
CVE-2017-9103 CVE-2017-9104 CVE-2017-9105 CVE-2017-9109:
Vulnerable applications: all adns callers.
Exploitable by: the local recursive resolver.
Likely worst case: Remote code execution.
CVE-2017-9106:
Vulnerable applications: those that make SOA queries.
Exploitable by: upstream DNS data sources.
Likely worst case: DoS (crash of the adns-using application)
CVE-2017-9107:
Vulnerable applications: those that use adns_qf_quoteok_query.
Exploitable by: sources of query domain names.
Likely worst case: DoS (crash of the adns-using application)
CVE-2017-9108:
Vulnerable applications: adnshost.
Exploitable by: code responsible for framing the input.
Likely worst case: DoS (adnshost crashes at EOF).
All found by AFL 2.35b. Thanks to the University of Cambridge
Department of Applied Mathematics for computing facilities.
Bugfixes:
* Do not include spurious external symbol `data' (fixes GCC10 build).
* If server sends TC flag over TCP, bail rather than retrying.
* Do not crash on certain strange resolv.conf contents.
* Fix various crashes if a global system failure occurs, or
adns_finish is called with outstanding queries.
* Correct a parsing error message very slightly.
* DNS packet parsing: Slight fix when packet is truncated.
* Fix ABI compatibility in string conversion of certain RR types.
* internal.h: Use `unsigned' for nextid; fixes theoretical C UB.
Portability fix:
* common.make.in: add -Wno-unused-value. Fixes build with GCC9.
Internal changes:
* Additional comments describing some internal code restrions.
* Robustness assert() against malfunctioning write() system call.
-- Ian Jackson <ijackson@chiark.greenend.org.uk> Thu, 11 Jun 2020 15:48:12 +0100
pkglint -r --network --only "migrate"
As a side-effect of migrating the homepages, pkglint also fixed a few
indentations in unrelated lines. These and the new homepages have been
checked manually.
-------------------------
adns (1.5.1) UPSTREAM; urgency=medium
* Portability fix for systems where socklen_t is bigger than int.
* Fix for malicious optimisation of memcpy in test suite, which
causes failure with gcc-4.1.9 -O3. See Debian bug #772718.
* Fix TCP async connect handling. The bug is hidden on Linux and on most
systems where the nameserver is on localhost. If it is not hidden,
adns's TCP support is broken unless adns_if_noautosys is used.
* Fix addr queries (including subqueries, ie including deferencing MX
lookups etc.) not to crash when one of the address queries returns
tempfail. Also, do not return a spurious pointer to the application
when one of the address queries returns a permanent error (although,
the application almost certainly won't use this pointer because the
associated count is zero).
* adnsresfilter: Fix addrtextbuf buffer size. This is not actually a
problem in real compiled code but should be corrected.
* Properly include harness.h in adnstest.c in regress/. Suppresses
a couple of compiler warnings (implicit declaration of Texit, etc.)
-- Ian Jackson <ijackson@chiark.greenend.org.uk> Fri, 12 Aug 2016 22:53:59 +0100
- Add comments on patches from cvs log
(upsteam)
- update 1.4 to 1.5.0
-------------------
Changes in adns 1.5.0, since adns 1.4, are:
New features:
* This release provides full IPv6 support. Applications can request
AAAA records (containing IPv6 addresses) as well as, or instead of,
A records (containing IPv4 addresses). adns 1.5 can speak to
nameservers over IPv6.
* adns_addr2text and adns_text2addr: Convenient C functions for
converting between addresses and address literals. These carry
less baggage than getaddrinfo and getnameinfo.
Bugfixes:
* We fix a crashing bug in adnslogres. (Debian#392102.)
* Previously, parsing of some adns_specific options in resolv.conf
would go awry if multiple options were specified on the same line.
(Fixed since 1.5.0~rc0.)
* adns now knows to ignore more things in resolv.conf, rather than
warn about them, and there's also an option to disable all of these
warnings. (Debian#411263.) (Fixed since 1.5.0~rc0.)
* Previously, some harmless but wrong owner names for checked ptr
queries would be accepted; now they are rejected with `Domain
invalid for particular DNS query type'.
Other:
* There are some minor API/ABI changes and improvements, for future
proofing.
* There are also some build system, test suite and coding style
improvements.
* Licence is now GPLv3.
Compatibility:
adns 1.5 is fully forwards API- and ABI-compatible with 1.4.
adns 1.5 is not backwards ABI-compatible, in the sense that
applications built against adns 1.5 but run with adns 1.4 may
experience `Function not implemented' errors, or `symbol lookup
error' due to undefined symbols. But applications built against 1.4
will not experience data corruption due to ABI mismatches.
adns_r_addr queries (general `address' queries where the application
does not specify the kind of address) used to only return AF_INET
(IPv4) addresses. To avoid surprising existing applications,
AF_INET6 (IPv6) addresses will be returned only if the application
explicitly states its support for handling a mixture of address
families in the results from adns_r_addr. In a future version of
adns this will become the default.
adnshost and the other command-line utilities are fully forward- and
backward-compatible, except that in adns 1.5, adnshost will return
IPv6 as well as IPv4 information if simply asked for `addresses'.
Calling programs which did not ask for a specific address type ought
to cope with this.
The API in 1.5.0 also fixes a technical nonconformance to the C
specification. On platforms where an `enum' type might be an
integer type whose size is bits is not a power of two, there could
be an incompatible ABI change between 1.4 and 1.5 - but we don't
think there are many (if any) such platforms which are sufficiently
POSIX-like for adns. (Changed since 1.5.0~rc0.)
File too long (should be no more than 24 lines).
Line too long (should be no more than 80 characters).
Trailing empty lines.
Trailing white-space.
Trucated the long files as best as possible while preserving the most info
contained in them.
Inspired by PR#43126 from Wen Heping.
While here, set LICENSE and TEST_TARGET.
adns (1.4); urgency=low
Improvements for multithreaded programs:
* New documentation comment in adns.h explaining thread guarantees
(or lack of them), replaces `single-threaded' note at the top.
* Fix string conversion of adns_r_addr not to use a static buffer
(function csp_addr) so as to make thread promise true.
* Make an internal variable const-correct (expectdomain in pa_ptr).
-- Ian Jackson <ian@davenant.greenend.org.uk> Tue, 17 Oct 2006 17:05:08 +0100
adns (1.3); urgency=low
Portability fixes:
* Cast ptrdiff_t to int for %.*s length in adnsheloex and adnslogres,
as is required. (Report from Jim Meyering.)
* In configure.in, quote macro name argument to define() to
suppress spurious autoconf error. (Report from Mihai Ibanescu.)
* Use autoconf's values for {bin,lib,include}dir rather than inventing
our own from @exec_prefix@, making configure --libdir work.
(Patch from Mihai Ibanescu.)
* Remove spurious `_' from {bin,lib,include}dir Makefile variables.
(Report from Mihai Ibanescu.)
* Do away with `mismatch' variable in parse.c:adns__findrr_anychk so that
overzealous GCC cannot complain about members of eo_fls being
uninitialised. (Report from Jim Meyering.)
-- Ian Jackson <ian@davenant.greenend.org.uk> Tue, 6 Jun 2006 20:22:30 +0100
adns (1.2); urgency=medium
New features:
* Support for SRV RRs.
* Support for unknown RR types (according to RFC3597) via adns_r_unknown.
* Allow `;'-comments in resolv.conf (report from Colin Charles).
* New adnsheloex client courtesy of Tony Finch.
* New adns_init_logfn etc. for having logging use a callback function.
Bugfixes:
* Fix error in prototype in definition of adns__parse_domain.
* Add missing ENOTSOCK to hcommon.c.m4 (was already in hcommon.c!)
Portability fixes prompted by Bernd Eckenfels, the Debian maintainer:
* Correct type of various printf arguments: ptrdiff_t != int.
* Do not print size of leaked blocks of memory (this causes
a spurious regression test failure on some platforms).
* Provide adns_if_none and adns_qf_none (which will help with compilers
which complain about plain `0' being passed where an enum is wanted).
* adnstest converts some errno values to EFOOBAR: all of the ones
mentioned in adns.h, at least. This makes the regression test
more portable (fixes problem noticed by Bernd Eckenfels).
* Add -Wno-pointer-sign if GCC has that option.
Documentation improvements:
* Add documentation comment by definition of adns_r_ptr_raw type enum.
* Document in adns.h EINVAL from adns_init meaning bad configuration.
* Include several new references to related programs to README.html.
* Redacted the TODO list.
* New LICENCE.WAIVERS file for GPL-incompatility workarounds.
* Clarified GPL-vs-LGPL: a bit less hostile and a bit more mercenary.
* Copyright notices updated.
Packaging changes:
* Update MINOR to 2 and DISTVERSION and ADNS_VERSION_STRING to 1.2.
* Reran autoconf/autoheader (autoconf Debian 2.13-54).
* Create $(bin_dir) and $(lib_dir) on `make install', and also
make a libadns.so.1 -> libadns.so.1.<minor> link. (Suggestions
and patch from Nix of esperi.org.uk.)
* Add .PHONY: install to Makefile, to help people with demented fs's.
* Darwin listed in INSTALL.
Minor test harness improvements:
* Hgettimeofday calls Tensurerecordfile (was Tensureinput/outputfile).
* Add bind(2) and listen(2) wrappers (for epithet, but harmless in adns).
-- Ian Jackson <ian@davenant.greenend.org.uk> Sat, 8 Apr 2006 15:41:28 +0100
This changes the buildlink3.mk files to use an include guard for the
recursive include. The use of BUILDLINK_DEPTH, BUILDLINK_DEPENDS,
BUILDLINK_PACKAGES and BUILDLINK_ORDER is handled by a single new
variable BUILDLINK_TREE. Each buildlink3.mk file adds a pair of
enter/exit marker, which can be used to reconstruct the tree and
to determine first level includes. Avoiding := for large variables
(BUILDLINK_ORDER) speeds up parse time as += has linear complexity.
The include guard reduces system time by avoiding reading files over and
over again. For complex packages this reduces both %user and %sys time to
half of the former time.
and add a new helper target and script, "show-buildlink3", that outputs
a listing of the buildlink3.mk files included as well as the depth at
which they are included.
For example, "make show-buildlink3" in fonts/Xft2 displays:
zlib
fontconfig
iconv
zlib
freetype2
expat
freetype2
Xrender
renderproto
RECOMMENDED is removed. It becomes ABI_DEPENDS.
BUILDLINK_RECOMMENDED.foo becomes BUILDLINK_ABI_DEPENDS.foo.
BUILDLINK_DEPENDS.foo becomes BUILDLINK_API_DEPENDS.foo.
BUILDLINK_DEPENDS does not change.
IGNORE_RECOMMENDED (which defaulted to "no") becomes USE_ABI_DEPENDS
which defaults to "yes".
Added to obsolete.mk checking for IGNORE_RECOMMENDED.
I did not manually go through and fix any aesthetic tab/spacing issues.
I have tested the above patch on DragonFly building and packaging
subversion and pkglint and their many dependencies.
I have also tested USE_ABI_DEPENDS=no on my NetBSD workstation (where I
have used IGNORE_RECOMMENDED for a long time). I have been an active user
of IGNORE_RECOMMENDED since it was available.
As suggested, I removed the documentation sentences suggesting bumping for
"security" issues.
As discussed on tech-pkg.
I will commit to revbump, pkglint, pkg_install, createbuildlink separately.
Note that if you use wip, it will fail! I will commit to pkgsrc-wip
later (within day).
developer is officially maintaining the package.
The rationale for changing this from "tech-pkg" to "pkgsrc-users" is
that it implies that any user can try to maintain the package (by
submitting patches to the mailing list). Since the folks most likely
to care about the package are the folks that want to use it or are
already using it, this would leverage the energy of users who aren't
developers.
This makes the package build on Darwin. Patch from DarwinPorts.
The modified header file is used internally, and never installed. So
no visible changes to dependent packages.
in the process. (More information on tech-pkg.)
Bump PKGREVISION and BUILDLINK_DEPENDS of all packages using libtool and
installing .la files.
Bump PKGREVISION (only) of all packages depending directly on the above
via a buildlink3 include.
All library names listed by *.la files no longer need to be listed
in the PLIST, e.g., instead of:
lib/libfoo.a
lib/libfoo.la
lib/libfoo.so
lib/libfoo.so.0
lib/libfoo.so.0.1
one simply needs:
lib/libfoo.la
and bsd.pkg.mk will automatically ensure that the additional library
names are listed in the installed package +CONTENTS file.
Also make LIBTOOLIZE_PLIST default to "yes".
Changes:
Major bugfixes:
* Do not spin if connect() fails immediately (!)
* Stop searching on a CNAME (even if it's broken).
* When search list runs out, _qf_owner sets owner to query domain.
* Fix bogus multiple updates to p in transmit.c (!)
Portability improvements:
* Fix up spurious #undef's in hredirect.h.
* Don't use <sys/select.h> any more, it was a mistake made in pre-1.0
(and there doesn't seem to be much explanation why).
* Understand and sort of check OpenBSD `lookup' resolv.conf directive.
* #include <stdlib.h> in internal.h (for abort etc).
* Always #include <sys/types.h> before <sys/socket.h> (for FreeBSD 4.6).
Cosmetic and documentation improvements:
* Added wishlist entry re configurable port no.
* Problem with SERVFAIL in TODO.
* README.html: mentioned Jarle Aase's Windows port, and other fixes.
* Some better source code formatting/wrapping.
