Adam Majer
037df42bc1
- Update to 1.6.0
- Changes in 1.6.0:
* Bugfixes
* adnshost: Support --reverse in -f mode input stream
* timeout robustness against clock skew: track query start time and
duration. Clock instability may now only cause spurious timeouts
rather than indefinite hangs or even assertion failures.
* New features:
* adnshost: Offer ability to set adns checkc flags
* adnslogres: Honour --checkc-freq (if it comes first)
* adnsresfilter: Honour --checkc-freq and --checkc-entex
* time handling: Support use of CLOCK_MONOTONIC via an init flag.
* adns_str* etc.: Improve robustness; more allowable inputs values.
* Internal changes:
* adnshost: adh-opts.c: Whitespace adjustments to option table
* Build system and tests improvements
- Changes in 1.5.2
* Important security fixes:
CVE-2017-9103 CVE-2017-9104 CVE-2017-9105 CVE-2017-9109:
Vulnerable applications: all adns callers.
Exploitable by: the local recursive resolver.
Likely worst case: Remote code execution.
CVE-2017-9106:
Vulnerable applications: those that make SOA queries.
Exploitable by: upstream DNS data sources.
Likely worst case: DoS (crash of the adns-using application)
CVE-2017-9107:
Vulnerable applications: those that use adns_qf_quoteok_query.
Exploitable by: sources of query domain names.
Likely worst case: DoS (crash of the adns-using application)
OBS-URL: https://build.opensuse.org/request/show/814724
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/adns?expand=0&rev=29
34 lines
843 B
Diff
34 lines
843 B
Diff
Index: configure.in
|
|
===================================================================
|
|
--- configure.in.orig
|
|
+++ configure.in
|
|
@@ -59,7 +59,9 @@ AC_ARG_ENABLE(dynamic,
|
|
AC_MSG_RESULT([yes, by default])
|
|
])
|
|
|
|
-AC_PROG_CC
|
|
+AC_PROG_CC_STDC
|
|
+AC_USE_SYSTEM_EXTENSIONS
|
|
+AC_SYS_LARGEFILE
|
|
AC_PROG_CPP
|
|
AC_PROG_RANLIB
|
|
AC_PROG_INSTALL
|
|
Index: src/internal.h
|
|
===================================================================
|
|
--- src/internal.h.orig
|
|
+++ src/internal.h
|
|
@@ -51,6 +51,7 @@ typedef unsigned char byte;
|
|
# include "hredirect.h"
|
|
#endif
|
|
|
|
+#pragma GCC visibility push(hidden)
|
|
/* Configuration and constants */
|
|
|
|
#define MAXSERVERS 5 /* do not increase beyond no. of bits in `unsigned'! */
|
|
@@ -960,4 +961,5 @@ static inline int errno_resources(int e)
|
|
(tv)|=GETIL_B(cb), \
|
|
(tv) )
|
|
|
|
+#pragma GCC visibility pop
|
|
#endif
|