Navigation:
Browse pkgsrc
(this page)
net adns
CVSweb ] [ 
Homepage ] [ 
RSS ] [ 
Required by ] [ 
Add to tracker ]| 2021-10-26 13:07:15 by Nia Alarie | Files touched by this commit (958) |
Log message: net: Replace RMD160 checksums with BLAKE2s checksums All checksums have been double-checked against existing RMD160 and SHA512 hashes Not committed (merge conflicts...): net/radsecproxy/distinfo The following distfiles could not be fetched (fetched conditionally?): ./net/citrix_ica/distinfo citrix_ica-10.6.115659/en.linuxx86.tar.gz ./net/djbdns/distinfo dnscache-1.05-multiple-ip.patch ./net/djbdns/distinfo djbdns-1.05-test28.diff.xz ./net/djbdns/distinfo djbdns-1.05-ignoreip2.patch ./net/djbdns/distinfo djbdns-1.05-multiip.diff ./net/djbdns/distinfo djbdns-cachestats.patch |
| 2021-10-07 16:43:07 by Nia Alarie | Files touched by this commit (962) |
Log message: net: Remove SHA1 hashes for distfiles |
| 2021-02-11 12:25:51 by Nia Alarie | Files touched by this commit (3) |
Log message:
adns: Update to 1.6.0
adns (1.6.0) UPSTREAM; urgency=medium
Bugfixes:
* adnshost: Support --reverse in -f mode input stream
* timeout robustness against clock skew: track query start time and
duration. Clock instability may now only cause spurious timeouts
rather than indefinite hangs or even assertion failures.
New features:
* adnshost: Offer ability to set adns checkc flags
* adnslogres: Honour --checkc-freq (if it comes first)
* adnsresfilter: Honour --checkc-freq and --checkc-entex
* time handling: Support use of CLOCK_MONOTONIC via an init flag.
* adns_str* etc.: Improve robustness; more allowable inputs values.
Build system improvements:
* clean targets: Delete $(TARGETS) too!
* Remove all m4 output files from the distributed source tree.
* Support DESTDIR=/some/absolute/path on `make install'.
* Provide autogen.sh.
* Rerun autoheader and autoconf (2.69).
Internal changes:
* adnshost: adh-opts.c: Whitespace adjustments to option table
Tests:
* New tests for fixes in 1.5.3.
* Fixes to test harness to avoid false positives during fuzzing.
* Other changes to support use with AFL.
* Many supporting improvements and refactorings.
* Fix skipped tests ($$ reference in Makefile)
-- Ian Jackson <ijackson@chiark.greenend.org.uk> Thu, 11 Jun 2020 \
15:49:39 +0100
adns (1.5.2) UPSTREAM; urgency=medium
* Important security fixes:
CVE-2017-9103 CVE-2017-9104 CVE-2017-9105 CVE-2017-9109:
Vulnerable applications: all adns callers.
Exploitable by: the local recursive resolver.
Likely worst case: Remote code execution.
CVE-2017-9106:
Vulnerable applications: those that make SOA queries.
Exploitable by: upstream DNS data sources.
Likely worst case: DoS (crash of the adns-using application)
CVE-2017-9107:
Vulnerable applications: those that use adns_qf_quoteok_query.
Exploitable by: sources of query domain names.
Likely worst case: DoS (crash of the adns-using application)
CVE-2017-9108:
Vulnerable applications: adnshost.
Exploitable by: code responsible for framing the input.
Likely worst case: DoS (adnshost crashes at EOF).
All found by AFL 2.35b. Thanks to the University of Cambridge
Department of Applied Mathematics for computing facilities.
Bugfixes:
* Do not include spurious external symbol `data' (fixes GCC10 build).
* If server sends TC flag over TCP, bail rather than retrying.
* Do not crash on certain strange resolv.conf contents.
* Fix various crashes if a global system failure occurs, or
adns_finish is called with outstanding queries.
* Correct a parsing error message very slightly.
* DNS packet parsing: Slight fix when packet is truncated.
* Fix ABI compatibility in string conversion of certain RR types.
* internal.h: Use `unsigned' for nextid; fixes theoretical C UB.
Portability fix:
* common.make.in: add -Wno-unused-value. Fixes build with GCC9.
Internal changes:
* Additional comments describing some internal code restrions.
* Robustness assert() against malfunctioning write() system call.
-- Ian Jackson <ijackson@chiark.greenend.org.uk> Thu, 11 Jun 2020 \
15:48:12 +0100
|
| 2020-01-26 18:32:28 by Roland Illig | Files touched by this commit (981) |
Log message: all: migrate homepages from http to https pkglint -r --network --only "migrate" As a side-effect of migrating the homepages, pkglint also fixed a few indentations in unrelated lines. These and the new homepages have been checked manually. |
| 2016-08-16 15:34:52 by Makoto Fujiwara | Files touched by this commit (2) |
Log message:
Updated net/adns to 1.5.1
-------------------------
adns (1.5.1) UPSTREAM; urgency=medium
* Portability fix for systems where socklen_t is bigger than int.
* Fix for malicious optimisation of memcpy in test suite, which
causes failure with gcc-4.1.9 -O3. See Debian bug #772718.
* Fix TCP async connect handling. The bug is hidden on Linux and on most
systems where the nameserver is on localhost. If it is not hidden,
adns's TCP support is broken unless adns_if_noautosys is used.
* Fix addr queries (including subqueries, ie including deferencing MX
lookups etc.) not to crash when one of the address queries returns
tempfail. Also, do not return a spurious pointer to the application
when one of the address queries returns a permanent error (although,
the application almost certainly won't use this pointer because the
associated count is zero).
* adnsresfilter: Fix addrtextbuf buffer size. This is not actually a
problem in real compiled code but should be corrected.
* Properly include harness.h in adnstest.c in regress/. Suppresses
a couple of compiler warnings (implicit declaration of Texit, etc.)
-- Ian Jackson <ijackson@chiark.greenend.org.uk> Fri, 12 Aug 2016 \
22:53:59 +0100
|
| 2015-11-04 01:35:47 by Alistair G. Crooks | Files touched by this commit (748) |
Log message: Add SHA512 digests for distfiles for net category Problems found with existing digests: Package haproxy distfile haproxy-1.5.14.tar.gz 159f5beb8fdc6b8059ae51b53dc935d91c0fb51f [recorded] da39a3ee5e6b4b0d3255bfef95601890afd80709 [calculated] Problems found locating distfiles: Package bsddip: missing distfile bsddip-1.02.tar.Z Package citrix_ica: missing distfile citrix_ica-10.6.115659/en.linuxx86.tar.gz Package djbdns: missing distfile djbdns-1.05-test25.diff.bz2 Package djbdns: missing distfile djbdns-cachestats.patch Package djbdns: missing distfile 0002-dnscache-cache-soa-records.patch Package gated: missing distfile gated-3-5-11.tar.gz Package owncloudclient: missing distfile owncloudclient-2.0.2.tar.xz Package poink: missing distfile poink-1.6.tar.gz Package ra-rtsp-proxy: missing distfile rtspd-src-1.0.0.0.tar.gz Package ucspi-ssl: missing distfile ucspi-ssl-0.70-ucspitls-0.1.patch Package waste: missing distfile waste-source.tar.gz Otherwise, existing SHA1 digests verified and found to be the same on the machine holding the existing distfiles (morden). All existing SHA1 digests retained for now as an audit trail. |
2015-01-29 10:53:29 by Makoto Fujiwara | Files touched by this commit (5) |  |
Log message: recursive revbump due to net/adns update 1.4 to 1.5.0 |
| 2015-01-29 10:47:04 by Makoto Fujiwara | Files touched by this commit (8) | |
Log message: (pkgsrc) - Add comments on patches from cvs log (upsteam) - update 1.4 to 1.5.0 ------------------- Changes in adns 1.5.0, since adns 1.4, are: New features: * This release provides full IPv6 support. Applications can request AAAA records (containing IPv6 addresses) as well as, or instead of, A records (containing IPv4 addresses). adns 1.5 can speak to nameservers over IPv6. * adns_addr2text and adns_text2addr: Convenient C functions for converting between addresses and address literals. These carry less baggage than getaddrinfo and getnameinfo. Bugfixes: * We fix a crashing bug in adnslogres. (Debian#392102.) * Previously, parsing of some adns_specific options in resolv.conf would go awry if multiple options were specified on the same line. (Fixed since 1.5.0~rc0.) * adns now knows to ignore more things in resolv.conf, rather than warn about them, and there's also an option to disable all of these warnings. (Debian#411263.) (Fixed since 1.5.0~rc0.) * Previously, some harmless but wrong owner names for checked ptr queries would be accepted; now they are rejected with `Domain invalid for particular DNS query type'. Other: * There are some minor API/ABI changes and improvements, for future proofing. * There are also some build system, test suite and coding style improvements. * Licence is now GPLv3. Compatibility: adns 1.5 is fully forwards API- and ABI-compatible with 1.4. adns 1.5 is not backwards ABI-compatible, in the sense that applications built against adns 1.5 but run with adns 1.4 may experience `Function not implemented' errors, or `symbol lookup error' due to undefined symbols. But applications built against 1.4 will not experience data corruption due to ABI mismatches. adns_r_addr queries (general `address' queries where the application does not specify the kind of address) used to only return AF_INET (IPv4) addresses. To avoid surprising existing applications, AF_INET6 (IPv6) addresses will be returned only if the application explicitly states its support for handling a mixture of address families in the results from adns_r_addr. In a future version of adns this will become the default. adnshost and the other command-line utilities are fully forward- and backward-compatible, except that in adns 1.5, adnshost will return IPv6 as well as IPv4 information if simply asked for `addresses'. Calling programs which did not ask for a specific address type ought to cope with this. The API in 1.5.0 also fixes a technical nonconformance to the C specification. On platforms where an `enum' type might be an integer type whose size is bits is not a power of two, there could be an incompatible ABI change between 1.4 and 1.5 - but we don't think there are many (if any) such platforms which are sufficiently POSIX-like for adns. (Changed since 1.5.0~rc0.) |
New packages: