Subject: CVS commit: pkgsrc/net/adns
From: Nia Alarie
Date: 2021-02-11 12:25:51
Message id:

Log Message:
adns: Update to 1.6.0

adns (1.6.0) UPSTREAM; urgency=medium

  * adnshost: Support --reverse in -f mode input stream
  * timeout robustness against clock skew: track query start time and
    duration.  Clock instability may now only cause spurious timeouts
    rather than indefinite hangs or even assertion failures.

  New features:
  * adnshost: Offer ability to set adns checkc flags
  * adnslogres: Honour --checkc-freq (if it comes first)
  * adnsresfilter: Honour --checkc-freq and --checkc-entex
  * time handling: Support use of CLOCK_MONOTONIC via an init flag.
  * adns_str* etc.: Improve robustness; more allowable inputs values.

  Build system improvements:
  * clean targets: Delete $(TARGETS) too!
  * Remove all m4 output files from the distributed source tree.
  * Support DESTDIR=/some/absolute/path on `make install'.
  * Provide
  * Rerun autoheader and autoconf (2.69).

  Internal changes:
  * adnshost: adh-opts.c: Whitespace adjustments to option table

  * New tests for fixes in 1.5.3.
  * Fixes to test harness to avoid false positives during fuzzing.
  * Other changes to support use with AFL.
  * Many supporting improvements and refactorings.
  * Fix skipped tests ($$ reference in Makefile)

 -- Ian Jackson <>  Thu, 11 Jun 2020 \ 
15:49:39 +0100

adns (1.5.2) UPSTREAM; urgency=medium

  * Important security fixes:
     CVE-2017-9103 CVE-2017-9104 CVE-2017-9105 CVE-2017-9109:
	Vulnerable applications: all adns callers.
        Exploitable by: the local recursive resolver.
	Likely worst case: Remote code execution.
	Vulnerable applications: those that make SOA queries.
        Exploitable by: upstream DNS data sources.
	Likely worst case: DoS (crash of the adns-using application)
	Vulnerable applications: those that use adns_qf_quoteok_query.
        Exploitable by: sources of query domain names.
	Likely worst case: DoS (crash of the adns-using application)
	Vulnerable applications: adnshost.
        Exploitable by: code responsible for framing the input.
        Likely worst case: DoS (adnshost crashes at EOF).
    All found by AFL 2.35b.  Thanks to the University of Cambridge
    Department of Applied Mathematics for computing facilities.

  * Do not include spurious external symbol `data' (fixes GCC10 build).
  * If server sends TC flag over TCP, bail rather than retrying.
  * Do not crash on certain strange resolv.conf contents.
  * Fix various crashes if a global system failure occurs, or
    adns_finish is called with outstanding queries.
  * Correct a parsing error message very slightly.
  * DNS packet parsing: Slight fix when packet is truncated.
  * Fix ABI compatibility in string conversion of certain RR types.
  * internal.h: Use `unsigned' for nextid; fixes theoretical C UB.

  Portability fix:
  * add -Wno-unused-value.  Fixes build with GCC9.

  Internal changes:
  * Additional comments describing some internal code restrions.
  * Robustness assert() against malfunctioning write() system call.

 -- Ian Jackson <>  Thu, 11 Jun 2020 \ 
15:48:12 +0100