diff --git a/adns-1.5.1-gcc10.patch b/adns-1.5.1-gcc10.patch deleted file mode 100644 index 465149a..0000000 --- a/adns-1.5.1-gcc10.patch +++ /dev/null @@ -1,15 +0,0 @@ -diff -up adns-1.5.1/src/event.c.me adns-1.5.1/src/event.c -diff -up adns-1.5.1/src/internal.h.me adns-1.5.1/src/internal.h ---- adns-1.5.1/src/internal.h.me 2020-02-18 13:54:38.578415675 +0100 -+++ adns-1.5.1/src/internal.h 2020-02-18 14:00:26.398198338 +0100 -@@ -246,7 +246,9 @@ union maxalign { - void *p; - void (*fp)(void); - union maxalign *up; --} data; -+}; -+ -+extern union maxalign data; - - struct adns__query { - adns_state ads; diff --git a/adns-1.5.1.tar.gz b/adns-1.5.1.tar.gz deleted file mode 100644 index 064fc2b..0000000 --- a/adns-1.5.1.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:5b1026f18b8274be869245ed63427bf8ddac0739c67be12c4a769ac948824eeb -size 319774 diff --git a/adns-1.5.1.tar.gz.sig b/adns-1.5.1.tar.gz.sig deleted file mode 100644 index 02b8ba8..0000000 Binary files a/adns-1.5.1.tar.gz.sig and /dev/null differ diff --git a/adns-1.6.0.tar.gz b/adns-1.6.0.tar.gz new file mode 100644 index 0000000..3458103 --- /dev/null +++ b/adns-1.6.0.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:fb427265a981e033d1548f2b117cc021073dc8be2eaf2c45fd64ab7b00ed20de +size 323474 diff --git a/adns-1.6.0.tar.gz.sig b/adns-1.6.0.tar.gz.sig new file mode 100644 index 0000000..abe529f Binary files /dev/null and b/adns-1.6.0.tar.gz.sig differ diff --git a/adns-visibility.patch b/adns-visibility.patch index b8d9ed1..c20ca94 100644 --- a/adns-visibility.patch +++ b/adns-visibility.patch @@ -24,8 +24,8 @@ Index: src/internal.h +#pragma GCC visibility push(hidden) /* Configuration and constants */ - #define MAXSERVERS 5 -@@ -944,4 +945,5 @@ static inline int errno_resources(int e) + #define MAXSERVERS 5 /* do not increase beyond no. of bits in `unsigned'! */ +@@ -960,4 +961,5 @@ static inline int errno_resources(int e) (tv)|=GETIL_B(cb), \ (tv) ) diff --git a/adns.changes b/adns.changes index b628755..b35e5e9 100644 --- a/adns.changes +++ b/adns.changes @@ -1,3 +1,61 @@ +------------------------------------------------------------------- +Mon Jun 15 12:40:37 UTC 2020 - Kristyna Streitova + +- Update to 1.6.0 +- Changes in 1.6.0: + * Bugfixes + * adnshost: Support --reverse in -f mode input stream + * timeout robustness against clock skew: track query start time and + duration. Clock instability may now only cause spurious timeouts + rather than indefinite hangs or even assertion failures. + * New features: + * adnshost: Offer ability to set adns checkc flags + * adnslogres: Honour --checkc-freq (if it comes first) + * adnsresfilter: Honour --checkc-freq and --checkc-entex + * time handling: Support use of CLOCK_MONOTONIC via an init flag. + * adns_str* etc.: Improve robustness; more allowable inputs values. + * Internal changes: + * adnshost: adh-opts.c: Whitespace adjustments to option table + * Build system and tests improvements +- Changes in 1.5.2 + * Important security fixes: + CVE-2017-9103 CVE-2017-9104 CVE-2017-9105 CVE-2017-9109: + Vulnerable applications: all adns callers. + Exploitable by: the local recursive resolver. + Likely worst case: Remote code execution. + CVE-2017-9106: + Vulnerable applications: those that make SOA queries. + Exploitable by: upstream DNS data sources. + Likely worst case: DoS (crash of the adns-using application) + CVE-2017-9107: + Vulnerable applications: those that use adns_qf_quoteok_query. + Exploitable by: sources of query domain names. + Likely worst case: DoS (crash of the adns-using application) + CVE-2017-9108: + Vulnerable applications: adnshost. + Exploitable by: code responsible for framing the input. + Likely worst case: DoS (adnshost crashes at EOF). + * Bugfixes: + * Do not include spurious external symbol `data' (fixes GCC10 build). + * If server sends TC flag over TCP, bail rather than retrying. + * Do not crash on certain strange resolv.conf contents. + * Fix various crashes if a global system failure occurs, or + adns_finish is called with outstanding queries. + * Correct a parsing error message very slightly. + * DNS packet parsing: Slight fix when packet is truncated. + * Fix ABI compatibility in string conversion of certain RR types. + * internal.h: Use `unsigned' for nextid; fixes theoretical C UB. + * Portability fix: + * common.make.in: add -Wno-unused-value. Fixes build with GCC9. + * Internal changes: + * Additional comments describing some internal code restrions. + * Robustness assert() against malfunctioning write() system call. +- It fixes the following CVEs [bsc#1172265] + CVE-2017-9103, CVE-2017-9104, CVE-2017-9105, CVE-2017-9106, + CVE-2017-9107, CVE-2017-9108, CVE-2017-9109 +- refresh adns-visibility.patch +- drop adns-1.5.1-gcc10.patch that is no longer needed + ------------------------------------------------------------------- Tue Jun 2 12:48:11 UTC 2020 - Kristyna Streitova diff --git a/adns.spec b/adns.spec index c2bf5d0..97739b8 100644 --- a/adns.spec +++ b/adns.spec @@ -18,7 +18,7 @@ %define lname libadns1 Name: adns -Version: 1.5.1 +Version: 1.6.0 Release: 0 Summary: Advanced Easy-to-Use Asynchronous-Capable DNS Utilities License: GPL-2.0-or-later @@ -32,7 +32,6 @@ Source4: baselibs.conf Patch0: adns-1.4-destdir.patch Patch1: adns-1.4-configure.patch Patch2: adns-visibility.patch -Patch3: adns-1.5.1-gcc10.patch BuildRequires: autoconf %description @@ -64,7 +63,6 @@ programs with libads support. %patch0 %patch1 %patch2 -%patch3 -p1 cp %{SOURCE3} . %build @@ -73,7 +71,12 @@ autoreconf -fiv %make_build all %install -%make_install +make install \ + prefix=%{buildroot}%{_prefix} \ + bindir=%{buildroot}%{_bindir} \ + includedir=%{buildroot}%{_includedir} \ + libdir=%{buildroot}%{_libdir} \ + # FIXME: --disable-static not available rm %{buildroot}%{_libdir}/*.a