OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/adns?expand=0&rev=4

README.SUSE

@@ -0,0 +1,53 @@
+ADNS
+
+From the Homepage:
+
+Advanced, easy to use, asynchronous-capable DNS client library and utilities.
+adns is a resolver library for C (and C++) programs, and a collection of useful 
+DNS resolver utilities.
+
+I'm (Ian) afraid there is no manual yet. However, competent C programmers should
+be able to use the library based on the commented adns.h header file, and
+the usage messages for the programs should be sufficient.
+
+adns also comes with a number of utility programs for use from the command
+line and in scripts:
+
+    * adnslogres is a much faster version of Apache's logresolv program.
+
+    * adnsresfilter is a filter which copies its input to its output,
+      replacing IP addresses by the corresponding names, without unduly
+      delaying the output. For example, you can usefully pipe the
+      output of netstat -n, tcpdump -ln, and the like, into it.
+
+    * adnshost is a general-purpose DNS lookup utility which can be used easily
+      in from the command line and from shell scripts to do simple lookups.
+      In a more advanced mode it can be used as a general-purpose DNS helper
+      program for scripting languages which can invoke and communicate with
+      subprocesses. See the adnshost usage message for a summary of its capabilities.
+
+From the INSTALL file:
+
+    SECURITY AND PERFORMANCE - AN IMPORTANT NOTE
+
+    adns is not a `full-service resolver': it does no caching of responses
+    at all, and has no defence against bad nameservers or fake packets
+    which appear to come from your real nameservers.  It relies on the
+    full-service resolvers listed in resolv.conf to handle these tasks.
+
+    For secure and reasonable operation you MUST run a full-service
+    nameserver on the same system as your adns applications, or on the
+    same local, fully trusted network.  You MUST only list such
+    nameservers in the adns configuration (eg resolv.conf).
+
+    You MUST use a firewall or other means to block packets which appear
+    to come from these nameservers, but which were actually sent by other,
+    untrusted, entities.
+
+    Furthermore, adns is not DNSSEC-aware in this version; it doesn't
+    understand even how to ask a DNSSEC-aware nameserver to perform the
+    DNSSEC cryptographic signature checking.
+
+In particular, adns does not randomize the query source port or transaction ID;
+relevant advisories are CVE-2008-1447 and CVE-2008-4100.  Since adns is a stub
+resolver, the workarounds listed in DSA-1605-1 for glibc also apply to adns.

adns.changes

@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Thu Sep 18 10:40:36 CEST 2008 - prusnak@suse.cz
+
+- document CVE-2008-1447 / CVE-2008-4100 poisoning vulnerability
+  in README.SUSE [bnc#426515]
+
 -------------------------------------------------------------------
 Wed Feb 20 17:08:29 CET 2008 - prusnak@suse.cz
 

adns.spec

@@ -2,9 +2,16 @@
 # spec file for package adns (Version 1.4)
 #
 # Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany.
-# This file and all modifications and additions to the pristine
-# package are under the same license as the package itself.
 #
+# All modifications and additions to the file contributed by third parties
+# remain the property of their copyright owners, unless otherwise agreed
+# upon. The license for this file, and modifications and additions to the
+# file, is the same license as for the pristine package itself (unless the
+# license for the pristine package is not an Open Source License, in which
+# case the license is the MIT License). An "Open Source License" is a
+# license that conforms to the Open Source Definition (Version 1.9)
+# published by the Open Source Initiative.
+
 # Please submit bugfixes or comments via http://bugs.opensuse.org/
 #
 
@@ -13,13 +20,14 @@
 
 Name:           adns
 Version:        1.4
-Release:        31
+Release:        73
 License:        GPL v2 or later
 Group:          Productivity/Networking/DNS/Utilities
 Url:            http://www.chiark.greenend.org.uk/~ian/adns/
 AutoReqProv:    on
 Summary:        Advanced Easy-to-Use Asynchronous-Capable DNS Utilities
 Source:         %{name}-%{version}.tar.bz2
+Source1:        README.SUSE
 Patch0:         %{name}-%{version}-destdir.patch
 Patch1:         %{name}-%{version}-configure.patch
 Patch2:         %{name}-%{version}-ipv6.patch
@@ -35,6 +43,7 @@ Authors:
     Ian Jackson <adns-maint at chiark dot greenend dot org dot uk>
 
 %package -n libadns1
+License:        GPL v2 or later
 Summary:        Advanced DNS resolver client library
 Group:          System/Libraries
 Provides:       libadns = %{version}
@@ -52,6 +61,7 @@ Authors:
     Ian Jackson <adns-maint at chiark dot greenend dot org dot uk>
 
 %package -n libadns-devel
+License:        GPL v2 or later
 Summary:        Libraries and header files to develop programs with libadns support
 Group:          Development/Languages/C and C++
 Requires:       libadns1 = %{version} glibc-devel
@@ -71,6 +81,7 @@ Authors:
 %patch0
 %patch1
 %patch2
+cp %{S:1} .
 
 %build
 autoreconf -fi
@@ -108,6 +119,9 @@ rm -rf %{buildroot}
 %postun -n libadns1 -p /sbin/ldconfig
 
 %changelog
+* Thu Sep 18 2008 prusnak@suse.cz
+- document CVE-2008-1447 / CVE-2008-4100 poisoning vulnerability
+  in README.SUSE [bnc#426515]
 * Wed Feb 20 2008 prusnak@suse.cz
 - added patch to support IPv6 protocol [#350506]
 * Tue Aug 07 2007 crrodriguez@suse.de