adns 1.5.2, adns 1.6.0 - SECURITY FIXES

Ian Jackson ijackson at chiark.greenend.org.uk
Thu Jun 11 17:08:20 BST 2020 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

It is with mixed feelings that I announce the release of adns 1.5.2
and adns 1.6.0.

adns is a DNS resolver library for C (and C++) programs, and a
collection of useful DNS lookup utilities.  The C library, and the
command line utilities, provide a convenient interface.  adns is
capable of doing DNS lookups in an asynchronous, event-driven,
fashion.

For more information about adns, please see one of:
  https://www.chiark.greenend.org.uk/~ian/adns/
  https://www.gnu.org/software/adns/

These are security bugfix releases.  All users should upgrade ASAP.

1.5.2 has precisely the security fixes; it does not contain supporting
tests or other noncritical bugfixes.

1.6.0 contains everything in 1.5.2 plus some additional build fixes,
tests for the bugfixes, etc., and minor new features
(forwards-compatible in API, ABI and CLI).

It will be evident from the CVEs (and the commit timestamps in the git
repository) that this release has taken an entirely unreasonbly long
time to prepare.  I can only apologise.

You can download adns as a tarball, or from the git repository which
contains signed git tags.


d8dc389e19dcf4d091ea54d41e83745ade0f04ccabc3452ce4dbca4bf8aa2a7d  adns-1.5.2.tar.gz
2cfa0b229ad4b2792e7bf97f2bb924d97af38b8fbdcd854cb5e92863152f334a  adns-1.5.2.tar.gz.sig
fb427265a981e033d1548f2b117cc021073dc8be2eaf2c45fd64ab7b00ed20de  adns-1.6.0.tar.gz
50e33a021a786b6cba1d2aaf339482a5d52ccd1983f02adc9018b917f2e5cd54  adns-1.6.0.tar.gz.sig


adns (1.6.0)

  Bugfixes:
  * adnshost: Support --reverse in -f mode input stream
  * timeout robustness against clock skew: track query start time and
    duration.  Clock instability may now only cause spurious timeouts
    rather than indefinite hangs or even assertion failures.

  New features:
  * adnshost: Offer ability to set adns checkc flags
  * adnslogres: Honour --checkc-freq (if it comes first)
  * adnsresfilter: Honour --checkc-freq and --checkc-entex
  * time handling: Support use of CLOCK_MONOTONIC via an init flag.
  * adns_str* etc.: Improve robustness; more allowable inputs values.

  Build system improvements:
  * clean targets: Delete $(TARGETS) too!
  * Remove all m4 output files from the distributed source tree.
  * Support DESTDIR=/some/absolute/path on `make install'.
  * Provide autogen.sh.
  * Rerun autoheader and autoconf (2.69).

  Internal changes:
  * adnshost: adh-opts.c: Whitespace adjustments to option table

  Tests:
  * New tests for fixes in 1.5.3.
  * Fixes to test harness to avoid false positives during fuzzing.
  * Other changes to support use with AFL.
  * Many supporting improvements and refactorings.
  * Fix skipped tests ($$ reference in Makefile)



adns (1.5.2)

  * Important security fixes:
     CVE-2017-9103 CVE-2017-9104 CVE-2017-9105 CVE-2017-9109:
	Vulnerable applications: all adns callers.
        Exploitable by: the local recursive resolver.
	Likely worst case: Remote code execution.
     CVE-2017-9106:
	Vulnerable applications: those that make SOA queries.
        Exploitable by: upstream DNS data sources.
	Likely worst case: DoS (crash of the adns-using application)
     CVE-2017-9107:
	Vulnerable applications: those that use adns_qf_quoteok_query.
        Exploitable by: sources of query domain names.
	Likely worst case: DoS (crash of the adns-using application)
     CVE-2017-9108:
	Vulnerable applications: adnshost.
        Exploitable by: code responsible for framing the input.
        Likely worst case: DoS (adnshost crashes at EOF).
    All found by AFL 2.35b.  Thanks to the University of Cambridge
    Department of Applied Mathematics for computing facilities.

  Bugfixes:
  * Do not include spurious external symbol `data' (fixes GCC10 build).
  * If server sends TC flag over TCP, bail rather than retrying.
  * Do not crash on certain strange resolv.conf contents.
  * Fix various crashes if a global system failure occurs, or
    adns_finish is called with outstanding queries.
  * Correct a parsing error message very slightly.
  * DNS packet parsing: Slight fix when packet is truncated.
  * Fix ABI compatibility in string conversion of certain RR types.
  * internal.h: Use `unsigned' for nextid; fixes theoretical C UB.

  Portability fix:
  * common.make.in: add -Wno-unused-value.  Fixes build with GCC9.

  Internal changes:
  * Additional comments describing some internal code restrions.
  * Robustness assert() against malfunctioning write() system call.



-----BEGIN PGP SIGNATURE-----

iQFUBAEBCAA+FiEEVZrkbC1rbTJl58uh4+M5I0i1DTkFAl7iVpggHGlqYWNrc29u
QGNoaWFyay5ncmVlbmVuZC5vcmcudWsACgkQ4+M5I0i1DTleWQgAmfe0u+gpCL1r
670GvpMISmGR4e5piCuX6EQLO3UNlqKJ3XsIYQLOjIPApWAia28kwUQu1OgCs0C/
qRxpjwikCinbg9/HR5XWmbfV12SVCrERu352IPrIP+Ayr29fY/ZxnB+GlxqbAHFb
wqzteXX1cYMmSKsu8G50m5CgKf8IC5FL4SAe/Ps1bnUEt7h3tIFNMCZ4d7EjYCOP
Thv7wWJ2UYJeUpqJs+tjjB1fgrf65TjQ+fFtSPxvkt8j3Ci33bEhG7kn/es0gJw9
raj5D9SHDVOrXACGKqU+1RR6sLs5a1PsycauqK2Tejr+Pe+z4yUKUEYYrr1KUnAu
2rrWwMpxqg==
=+RqR
-----END PGP SIGNATURE-----

-- 
Ian Jackson <ijackson at chiark.greenend.org.uk>   These opinions are my own.

If I emailed you from an address @fyvzl.net or @evade.org.uk, that is
a private address which bypasses my fierce spamfilter.

More information about the adns-announce mailing list