pool/adns
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
22 Commits 1 Branch 0 Tags 155 KiB
Standard ML 100%
037df42bc1
Go to file
Adam Majer 037df42bc1 Accepting request 814724 from home:kstreitova:branches:devel:libraries:c_c++ 
- Update to 1.6.0
- Changes in 1.6.0:
  * Bugfixes
    * adnshost: Support --reverse in -f mode input stream
    * timeout robustness against clock skew: track query start time and
      duration.  Clock instability may now only cause spurious timeouts
      rather than indefinite hangs or even assertion failures.
  * New features:
    * adnshost: Offer ability to set adns checkc flags
    * adnslogres: Honour --checkc-freq (if it comes first)
    * adnsresfilter: Honour --checkc-freq and --checkc-entex
    * time handling: Support use of CLOCK_MONOTONIC via an init flag.
    * adns_str* etc.: Improve robustness; more allowable inputs values.
  * Internal changes:
    * adnshost: adh-opts.c: Whitespace adjustments to option table
  * Build system and tests improvements
- Changes in 1.5.2
  * Important security fixes:
    CVE-2017-9103 CVE-2017-9104 CVE-2017-9105 CVE-2017-9109:
      Vulnerable applications: all adns callers.
      Exploitable by: the local recursive resolver.
      Likely worst case: Remote code execution.
    CVE-2017-9106:
      Vulnerable applications: those that make SOA queries.
      Exploitable by: upstream DNS data sources.
      Likely worst case: DoS (crash of the adns-using application)
    CVE-2017-9107:
      Vulnerable applications: those that use adns_qf_quoteok_query.
      Exploitable by: sources of query domain names.
      Likely worst case: DoS (crash of the adns-using application)

OBS-URL: https://build.opensuse.org/request/show/814724
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/adns?expand=0&rev=29
2020-06-15 15:25:03 +00:00
.gitattributes OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/adns?expand=0&rev=1 2007-01-15 22:50:52 +00:00
.gitignore OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/adns?expand=0&rev=1 2007-01-15 22:50:52 +00:00
adns-1.4-configure.patch OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/adns?expand=0&rev=3 2008-02-21 00:31:47 +00:00
adns-1.4-destdir.patch Accepting request 288563 from home:pluskalm:branches:devel:libraries:c_c++ 2015-03-04 17:15:56 +00:00
adns-1.6.0.tar.gz Accepting request 814724 from home:kstreitova:branches:devel:libraries:c_c++ 2020-06-15 15:25:03 +00:00
adns-1.6.0.tar.gz.sig Accepting request 814724 from home:kstreitova:branches:devel:libraries:c_c++ 2020-06-15 15:25:03 +00:00
adns-visibility.patch Accepting request 814724 from home:kstreitova:branches:devel:libraries:c_c++ 2020-06-15 15:25:03 +00:00
adns.changes Accepting request 814724 from home:kstreitova:branches:devel:libraries:c_c++ 2020-06-15 15:25:03 +00:00
adns.keyring Accepting request 288563 from home:pluskalm:branches:devel:libraries:c_c++ 2015-03-04 17:15:56 +00:00
adns.spec Accepting request 814724 from home:kstreitova:branches:devel:libraries:c_c++ 2020-06-15 15:25:03 +00:00
baselibs.conf Accepting request 82577 from home:jengelh:bl 2011-09-17 10:06:32 +00:00
README.SUSE OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/adns?expand=0&rev=4 2008-09-24 12:58:43 +00:00

README.SUSE 

ADNS

From the Homepage:

Advanced, easy to use, asynchronous-capable DNS client library and utilities.
adns is a resolver library for C (and C++) programs, and a collection of useful 
DNS resolver utilities.

I'm (Ian) afraid there is no manual yet. However, competent C programmers should
be able to use the library based on the commented adns.h header file, and
the usage messages for the programs should be sufficient.

adns also comes with a number of utility programs for use from the command
line and in scripts:

    * adnslogres is a much faster version of Apache's logresolv program.

    * adnsresfilter is a filter which copies its input to its output,
      replacing IP addresses by the corresponding names, without unduly
      delaying the output. For example, you can usefully pipe the
      output of netstat -n, tcpdump -ln, and the like, into it.

    * adnshost is a general-purpose DNS lookup utility which can be used easily
      in from the command line and from shell scripts to do simple lookups.
      In a more advanced mode it can be used as a general-purpose DNS helper
      program for scripting languages which can invoke and communicate with
      subprocesses. See the adnshost usage message for a summary of its capabilities.

From the INSTALL file:

    SECURITY AND PERFORMANCE - AN IMPORTANT NOTE

    adns is not a `full-service resolver': it does no caching of responses
    at all, and has no defence against bad nameservers or fake packets
    which appear to come from your real nameservers.  It relies on the
    full-service resolvers listed in resolv.conf to handle these tasks.

    For secure and reasonable operation you MUST run a full-service
    nameserver on the same system as your adns applications, or on the
    same local, fully trusted network.  You MUST only list such
    nameservers in the adns configuration (eg resolv.conf).

    You MUST use a firewall or other means to block packets which appear
    to come from these nameservers, but which were actually sent by other,
    untrusted, entities.

    Furthermore, adns is not DNSSEC-aware in this version; it doesn't
    understand even how to ask a DNSSEC-aware nameserver to perform the
    DNSSEC cryptographic signature checking.

In particular, adns does not randomize the query source port or transaction ID;
relevant advisories are CVE-2008-1447 and CVE-2008-4100.  Since adns is a stub
resolver, the workarounds listed in DSA-1605-1 for glibc also apply to adns.