diff -Nru ldns-1.7.1/aclocal.m4 ldns-1.8.1/aclocal.m4 --- ldns-1.7.1/aclocal.m4 2019-07-26 15:07:49.000000000 +0000 +++ ldns-1.8.1/aclocal.m4 2021-12-03 07:45:55.000000000 +0000 @@ -1,6 +1,6 @@ -# generated automatically by aclocal 1.16.1 -*- Autoconf -*- +# generated automatically by aclocal 1.16.4 -*- Autoconf -*- -# Copyright (C) 1996-2018 Free Software Foundation, Inc. +# Copyright (C) 1996-2021 Free Software Foundation, Inc. # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, diff -Nru ldns-1.7.1/acx_nlnetlabs.m4 ldns-1.8.1/acx_nlnetlabs.m4 --- ldns-1.7.1/acx_nlnetlabs.m4 2019-07-26 15:07:44.000000000 +0000 +++ ldns-1.8.1/acx_nlnetlabs.m4 2021-12-03 07:45:47.000000000 +0000 @@ -2,7 +2,15 @@ # Copyright 2009, Wouter Wijngaards, NLnet Labs. # BSD licensed. # -# Version 34 +# Version 41 +# 2021-07-30 fix for openssl use of lib64 directory. +# 2021-06-14 fix nonblocking test to use host instead of target for mingw test. +# 2021-05-17 fix nonblocking socket test from grep on mingw32 to mingw for +# 64bit compatibility. +# 2021-03-24 fix ACX_FUNC_DEPRECATED to use CPPFLAGS and CFLAGS. +# 2021-01-05 fix defun for aclocal +# 2021-01-05 autoconf 2.70 autoupdate and fixes, no AC_TRY_COMPILE +# 2020-08-24 Use EVP_sha256 instead of HMAC_Update (for openssl-3.0.0). # 2016-03-21 Check -ldl -pthread for libcrypto for ldns and openssl 1.1.0. # 2016-03-21 Use HMAC_Update instead of HMAC_CTX_Init (for openssl-1.1.0). # 2016-01-04 -D_DEFAULT_SOURCE defined with -D_BSD_SOURCE for Linux glibc 2.20 @@ -446,15 +454,12 @@ AC_MSG_CHECKING(whether the C compiler (${CC-cc}) accepts the "format" attribute) AC_CACHE_VAL(ac_cv_c_format_attribute, [ac_cv_c_format_attribute=no -AC_TRY_COMPILE( -[#include +AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include void f (char *format, ...) __attribute__ ((format (printf, 1, 2))); void (*pf) (char *format, ...) __attribute__ ((format (printf, 1, 2))); -], [ +]], [[ f ("%s", "str"); -], -[ac_cv_c_format_attribute="yes"], -[ac_cv_c_format_attribute="no"]) +]])],[ac_cv_c_format_attribute="yes"],[ac_cv_c_format_attribute="no"]) ]) AC_MSG_RESULT($ac_cv_c_format_attribute) @@ -483,14 +488,11 @@ AC_MSG_CHECKING(whether the C compiler (${CC-cc}) accepts the "unused" attribute) AC_CACHE_VAL(ac_cv_c_unused_attribute, [ac_cv_c_unused_attribute=no -AC_TRY_COMPILE( -[#include +AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include void f (char *u __attribute__((unused))); -], [ +]], [[ f ("x"); -], -[ac_cv_c_unused_attribute="yes"], -[ac_cv_c_unused_attribute="no"]) +]])],[ac_cv_c_unused_attribute="yes"],[ac_cv_c_unused_attribute="no"]) ]) dnl Setup ATTR_UNUSED config.h parts. @@ -547,7 +549,7 @@ dnl because libtools 'AC_REQUIRE' names are right after this one, before dnl this function contents. AC_REQUIRE([ACX_LIBTOOL_C_PRE]) -AC_PROG_LIBTOOL +LT_INIT ]) dnl Detect if u_char type is defined, otherwise define it. @@ -646,7 +648,7 @@ if test x_$withval != x_no; then AC_MSG_CHECKING(for SSL) if test x_$withval = x_ -o x_$withval = x_yes; then - withval="/usr/local/ssl /usr/lib/ssl /usr/ssl /usr/pkg /usr/local /opt/local /usr/local/opt/openssl /usr/sfw /usr" + withval="/usr/local/ssl /usr/lib/ssl /usr/ssl /usr/pkg /usr/local /opt/local /usr/sfw /usr" fi for dir in $withval; do ssldir="$dir" @@ -668,22 +670,28 @@ HAVE_SSL=yes dnl assume /usr is already in the lib and dynlib paths. if test "$ssldir" != "/usr" -a "$ssldir" != ""; then - LDFLAGS="$LDFLAGS -L$ssldir/lib" - LIBSSL_LDFLAGS="$LIBSSL_LDFLAGS -L$ssldir/lib" - ACX_RUNTIME_PATH_ADD([$ssldir/lib]) + if test ! -d "$ssldir/lib" -a -d "$ssldir/lib64"; then + LDFLAGS="$LDFLAGS -L$ssldir/lib64" + LIBSSL_LDFLAGS="$LIBSSL_LDFLAGS -L$ssldir/lib64" + ACX_RUNTIME_PATH_ADD([$ssldir/lib64]) + else + LDFLAGS="$LDFLAGS -L$ssldir/lib" + LIBSSL_LDFLAGS="$LIBSSL_LDFLAGS -L$ssldir/lib" + ACX_RUNTIME_PATH_ADD([$ssldir/lib]) + fi fi - AC_MSG_CHECKING([for HMAC_Update in -lcrypto]) + AC_MSG_CHECKING([for EVP_sha256 in -lcrypto]) LIBS="$LIBS -lcrypto" LIBSSL_LIBS="$LIBSSL_LIBS -lcrypto" - AC_TRY_LINK(, [ - int HMAC_Update(void); - (void)HMAC_Update(); - ], [ + AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[ + int EVP_sha256(void); + (void)EVP_sha256(); + ]])],[ AC_MSG_RESULT(yes) - AC_DEFINE([HAVE_HMAC_UPDATE], 1, - [If you have HMAC_Update]) - ], [ + AC_DEFINE([HAVE_EVP_SHA256], 1, + [If you have EVP_sha256]) + ],[ AC_MSG_RESULT(no) # check if -lwsock32 or -lgdi32 are needed. BAKLIBS="$LIBS" @@ -691,12 +699,12 @@ LIBS="$LIBS -lgdi32 -lws2_32" LIBSSL_LIBS="$LIBSSL_LIBS -lgdi32 -lws2_32" AC_MSG_CHECKING([if -lcrypto needs -lgdi32]) - AC_TRY_LINK([], [ - int HMAC_Update(void); - (void)HMAC_Update(); - ],[ - AC_DEFINE([HAVE_HMAC_UPDATE], 1, - [If you have HMAC_Update]) + AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[ + int EVP_sha256(void); + (void)EVP_sha256(); + ]])],[ + AC_DEFINE([HAVE_EVP_SHA256], 1, + [If you have EVP_sha256]) AC_MSG_RESULT(yes) ],[ AC_MSG_RESULT(no) @@ -705,12 +713,12 @@ LIBS="$LIBS -ldl" LIBSSL_LIBS="$LIBSSL_LIBS -ldl" AC_MSG_CHECKING([if -lcrypto needs -ldl]) - AC_TRY_LINK([], [ - int HMAC_Update(void); - (void)HMAC_Update(); - ],[ - AC_DEFINE([HAVE_HMAC_UPDATE], 1, - [If you have HMAC_Update]) + AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[ + int EVP_sha256(void); + (void)EVP_sha256(); + ]])],[ + AC_DEFINE([HAVE_EVP_SHA256], 1, + [If you have EVP_sha256]) AC_MSG_RESULT(yes) ],[ AC_MSG_RESULT(no) @@ -719,12 +727,12 @@ LIBS="$LIBS -ldl -pthread" LIBSSL_LIBS="$LIBSSL_LIBS -ldl -pthread" AC_MSG_CHECKING([if -lcrypto needs -ldl -pthread]) - AC_TRY_LINK([], [ - int HMAC_Update(void); - (void)HMAC_Update(); - ],[ - AC_DEFINE([HAVE_HMAC_UPDATE], 1, - [If you have HMAC_Update]) + AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[ + int EVP_sha256(void); + (void)EVP_sha256(); + ]])],[ + AC_DEFINE([HAVE_EVP_SHA256], 1, + [If you have EVP_sha256]) AC_MSG_RESULT(yes) ],[ AC_MSG_RESULT(no) @@ -749,9 +757,8 @@ dnl AC_DEFUN([ACX_WITH_SSL], [ -AC_ARG_WITH(ssl, AC_HELP_STRING([--with-ssl=pathname], - [enable SSL (will check /usr/local/ssl - /usr/lib/ssl /usr/ssl /usr/pkg /usr/local /opt/local /usr/local/opt/openssl /usr/sfw /usr)]),[ +AC_ARG_WITH(ssl, AS_HELP_STRING([--with-ssl=pathname],[enable SSL (will check /usr/local/ssl + /usr/lib/ssl /usr/ssl /usr/pkg /usr/local /opt/local /usr/sfw /usr)]),[ ],[ withval="yes" ]) @@ -768,9 +775,8 @@ dnl AC_DEFUN([ACX_WITH_SSL_OPTIONAL], [ -AC_ARG_WITH(ssl, AC_HELP_STRING([--with-ssl=pathname], - [enable SSL (will check /usr/local/ssl - /usr/lib/ssl /usr/ssl /usr/pkg /usr/local /opt/local /usr/local/opt/openssl /usr/sfw /usr)]),[ +AC_ARG_WITH(ssl, AS_HELP_STRING([--with-ssl=pathname],[enable SSL (will check /usr/local/ssl + /usr/lib/ssl /usr/ssl /usr/pkg /usr/local /opt/local /usr/sfw /usr)]),[ ],[ withval="yes" ]) @@ -893,7 +899,7 @@ [ echo '$3' >conftest.c echo 'void f(){ $2 }' >>conftest.c -if test -z "`$CC -c conftest.c 2>&1 | grep deprecated`"; then +if test -z "`$CC $CPPFLAGS $CFLAGS -c conftest.c 2>&1 | grep -e deprecated -e unavailable`"; then eval "cv_cc_deprecated_$cache=no" else eval "cv_cc_deprecated_$cache=yes" @@ -919,7 +925,7 @@ AC_DEFUN([ACX_CHECK_NONBLOCKING_BROKEN], [ AC_MSG_CHECKING([if nonblocking sockets work]) -if echo $target | grep mingw32 >/dev/null; then +if echo $host | grep mingw >/dev/null; then AC_MSG_RESULT([no (windows)]) AC_DEFINE([NONBLOCKING_IS_BROKEN], 1, [Define if the network stack does not fully support nonblocking io (causes lower performance).]) else @@ -1061,7 +1067,7 @@ AC_DEFUN([ACX_MKDIR_ONE_ARG], [ AC_MSG_CHECKING([whether mkdir has one arg]) -AC_TRY_COMPILE([ +AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include #include #ifdef HAVE_WINSOCK2_H @@ -1070,14 +1076,12 @@ #ifdef HAVE_SYS_STAT_H #include #endif -], [ +]], [[ (void)mkdir("directory"); -], -AC_MSG_RESULT(yes) +]])],[AC_MSG_RESULT(yes) AC_DEFINE(MKDIR_HAS_ONE_ARG, 1, [Define if mkdir has one argument.]) -, -AC_MSG_RESULT(no) -) +],[AC_MSG_RESULT(no) +]) ])dnl end of ACX_MKDIR_ONE_ARG dnl Check for ioctlsocket function. works on mingw32 too. diff -Nru ldns-1.7.1/ax_pkg_swig.m4 ldns-1.8.1/ax_pkg_swig.m4 --- ldns-1.7.1/ax_pkg_swig.m4 2019-07-26 15:07:44.000000000 +0000 +++ ldns-1.8.1/ax_pkg_swig.m4 2021-12-03 07:45:47.000000000 +0000 @@ -1,5 +1,5 @@ # =========================================================================== -# http://www.gnu.org/software/autoconf-archive/ax_pkg_swig.html +# https://www.gnu.org/software/autoconf-archive/ax_pkg_swig.html # =========================================================================== # # SYNOPSIS @@ -32,9 +32,9 @@ # LICENSE # # Copyright (c) 2008 Sebastian Huber -# Copyright (c) 2008 Alan W. Irwin +# Copyright (c) 2008 Alan W. Irwin # Copyright (c) 2008 Rafael Laboissiere -# Copyright (c) 2008 Andrew Collier +# Copyright (c) 2008 Andrew Collier # Copyright (c) 2011 Murray Cumming # # This program is free software; you can redistribute it and/or modify it @@ -48,7 +48,7 @@ # Public License for more details. # # You should have received a copy of the GNU General Public License along -# with this program. If not, see . +# with this program. If not, see . # # As a special exception, the respective Autoconf Macro's copyright owner # gives unlimited permission to copy, distribute and modify the configure @@ -63,11 +63,11 @@ # modified version of the Autoconf Macro, you may extend this special # exception to the GPL to apply to your modified version as well. -#serial 8 +#serial 13 AC_DEFUN([AX_PKG_SWIG],[ - # Ubuntu has swig 2.0 as /usr/bin/swig2.0 - AC_PATH_PROGS([SWIG],[swig2.0 swig]) + # Find path to the "swig" executable. + AC_PATH_PROGS([SWIG],[swig swig3.0 swig2.0]) if test -z "$SWIG" ; then m4_ifval([$3],[$3],[:]) elif test -n "$1" ; then diff -Nru ldns-1.7.1/ax_python_devel.m4 ldns-1.8.1/ax_python_devel.m4 --- ldns-1.7.1/ax_python_devel.m4 2019-07-26 15:07:44.000000000 +0000 +++ ldns-1.8.1/ax_python_devel.m4 2021-12-03 07:45:47.000000000 +0000 @@ -1,5 +1,5 @@ # =========================================================================== -# http://www.gnu.org/software/autoconf-archive/ax_python_devel.html +# https://www.gnu.org/software/autoconf-archive/ax_python_devel.html # =========================================================================== # # SYNOPSIS @@ -12,8 +12,8 @@ # in your configure.ac. # # This macro checks for Python and tries to get the include path to -# 'Python.h'. It provides the $(PYTHON_CPPFLAGS) and $(PYTHON_LDFLAGS) -# output variables. It also exports $(PYTHON_EXTRA_LIBS) and +# 'Python.h'. It provides the $(PYTHON_CPPFLAGS) and $(PYTHON_LIBS) output +# variables. It also exports $(PYTHON_EXTRA_LIBS) and # $(PYTHON_EXTRA_LDFLAGS) for embedding Python in your code. # # You can search for some particular version of Python by passing a @@ -52,7 +52,7 @@ # Public License for more details. # # You should have received a copy of the GNU General Public License along -# with this program. If not, see . +# with this program. If not, see . # # As a special exception, the respective Autoconf Macro's copyright owner # gives unlimited permission to copy, distribute and modify the configure @@ -67,7 +67,7 @@ # modified version of the Autoconf Macro, you may extend this special # exception to the GPL to apply to your modified version as well. -#serial 16 +#serial 21 AU_ALIAS([AC_PYTHON_DEVEL], [AX_PYTHON_DEVEL]) AC_DEFUN([AX_PYTHON_DEVEL],[ @@ -99,7 +99,7 @@ This version of the AC@&t@_PYTHON_DEVEL macro doesn't work properly with versions of Python before 2.1.0. You may need to re-run configure, setting the -variables PYTHON_CPPFLAGS, PYTHON_LDFLAGS, PYTHON_SITE_PKG, +variables PYTHON_CPPFLAGS, PYTHON_LIBS, PYTHON_SITE_PKG, PYTHON_EXTRA_LIBS and PYTHON_EXTRA_LDFLAGS by hand. Moreover, to disable this check, set PYTHON_NOVERSIONCHECK to something else than an empty string. @@ -137,7 +137,7 @@ # AC_MSG_CHECKING([for the distutils Python package]) ac_distutils_result=`$PYTHON -c "import distutils" 2>&1` - if test -z "$ac_distutils_result"; then + if test $? -eq 0; then AC_MSG_RESULT([yes]) else AC_MSG_RESULT([no]) @@ -172,7 +172,7 @@ # Check for Python library path # AC_MSG_CHECKING([for Python library path]) - if test -z "$PYTHON_LDFLAGS"; then + if test -z "$PYTHON_LIBS"; then # (makes two attempts to ensure we've got a version number # from the interpreter) ac_python_version=`cat<_position <= capacity); + assert(!buffer->_fixed); data = (uint8_t *) LDNS_XREALLOC(buffer->_data, uint8_t, capacity); if (!data) { @@ -79,7 +80,6 @@ ldns_buffer_reserve(ldns_buffer *buffer, size_t amount) { ldns_buffer_invariant(buffer); - assert(!buffer->_fixed); if (buffer->_capacity < buffer->_position + amount) { size_t new_capacity = buffer->_capacity * 3 / 2; diff -Nru ldns-1.7.1/Changelog ldns-1.8.1/Changelog --- ldns-1.7.1/Changelog 2019-07-26 15:07:44.000000000 +0000 +++ ldns-1.8.1/Changelog 2021-12-03 07:45:47.000000000 +0000 @@ -1,3 +1,69 @@ +1.8.1 2021-12-03 + * bugfix #146: ldns-1.7.1 had soname 3.0, so ldns-1.8.x soname + needs to larger. + * Undo PR#123 fix ldns.pc installation when building out-of-source + +1.8.0 2021-11-26 + * bugfix #38: Print "line" before line number when printing + zone parse errors. Thanks Petr Špaček. + * bugfix: Revert unused variables in ldns-config removal patch. + * bugfix #50: heap Out-of-bound Read vulnerability in + rr_frm_str_internal reported by pokerfacett. + * bugfix #51: Heap Out-of-bound Read vulnerability in + ldns_nsec3_salt_data reported by pokerfacett. + * Fix memory leak in examples/ldns-testns handle_tcp routine. + * Detect fixed time memory compare for openssl 0.9.8. + * Fix compile warning by variable initialisation for older gcc. + * Fix #92: ldns-testns.c:429:15: error: 'fork' is unavailable: not + available on tvOS. + * Fix for #93: fix packaging/libldns.pc Makefile rule. + * ZONEMD support in ldns-signzone and ldns-verify-zone + * ldns-testns can answer several queries over one tcp connection, + if they arrive within 100msec of each other. + * Fix so that ldns-testns does not leak sockets if the read fails. + * SVCB and HTTPS draft rrtypes. + Enable with --enable-rrtype-svcb-https. + * bugfix #117: Assertion failure with DNSSEC validating of + non existence of RR types at the root. Thanks ZjYwMj + * Set NSEC(3) ttls to the minimum of the MINIMUM field of the SOA + record and the TTL of the SOA itself. draft-ietf-dnsop-nsec-ttl + * bugfix #119: Let example tools read longer RR's than + LDNS_MAX_LINELEN + * Add SVCPARAMS to python ldns_rdf_type2str function. + * PR #134 Miscellaneous spelling fixes. Thanks jsoref! + * Fix that ldns-read-zone and ldns_zone_new_frm_fp_l properly return + the $INCLUDE not implemented error. + * Fix that ldns-read-zone and ldns_zone_new_frm_fp_l count the line + number for an empty line after a comment. + * Fix #135: Fix compile with OpenSSL-3.0.0-beta2. + * PR #107: Added ldns_pkt2buffer_wire_compress() to make dname + compression optional when converting packets to wire format. + Thanks Eli Lindsey + * Option to ldns-keygen to create symlinks with known names + (i.e. without the key id) to the created files. + Thanks Andreas Schulze + * Fix #121: Correct handling of centimetres by LOC parser. + Thanks Felipe Gasper + * PR #126: Link with libldns.la in Makefile.in. + Thanks orbea + * PR #127: Addes option -Q to drill to give short answer. + Thanks niknah + * PR #133: Update m4 files for python modules. + Thanks Petr Menšík + * Bufix CAA value fields may be empty: Thanks Robert Mortimer + * PR #108: Fix for ldns-compare-zones net detecting when first zone + has a RRset that shrinks from two to one RRs, or grows from one + to two RRs. Thanks Emilio Caballero + * Fix #131: Drill sig chasing breaks with gcc-11 and + strict-aliasing. Thanks Stanislav Levin + * Fix #130: Unless $TLL is defined, ttl defaults to the last + explicitly stated value. Thanks Benno + * Fix #48: Missing UNSIGNED legend with drill. Thanks reedjc + * Fix #143: EVP_PKEY_base_id became a macro with OpenSSL > 3.0 + Thanks Daniel J. Luke + * Let ldns-signzone warn for high NSEC3 iteration counts. + Thanks Andreas Schulze + 1.7.1 2019-07-26 * bugfix: Manage verification paths for OpenSSL >= 1.1.0 Thanks Marco Davids @@ -13,9 +79,9 @@ Thanks Bill Parker * bugfix #1260: Anticipate strchr returning NULL on unfound char Thanks Stephan Zeisberg - * bugfix #1257: Free after reallocing to 0 size + * bugfix #1257: Free after reallocing to 0 size (CVE-2017-1000232) Thanks Stephan Zeisberg - * bugfix #1256: Check parse limit before t increment + * bugfix #1256: Check parse limit before t increment (CVE-2017-1000231) Thanks Stephan Zeisberg * bugfix #1245: Only one signature per RRset needs to be valid with ldns-verify-zone. Thanks Emil Natan. @@ -267,7 +333,7 @@ in sync. * Let ldns_pkt_push_rr now return false on (memory) errors. * Make buffer_export comply to documentation and fix buffer2str - * Various improvements and fixes of pyldns from Katel Slany + * Various improvements and fixes of pyldns from Karel Slany now documented in their own Changelog. * bugfix: Make ldns_resolver_pop_nameserver clear the array when there was only one. @@ -306,7 +372,7 @@ * bugfix #433: Allocate rdf using ldns_rdf_new in ldns_dname_label * bugfix #432: Use LDNS_MALLOC & LDNS_FREE i.s.o. malloc & free * bugfix #431: Added error message for LDNS_STATUS_INVALID_B32_EXT - * bugfix #427: Explicitely link ssl with the programs that use it. + * bugfix #427: Explicitly link ssl with the programs that use it. * Fix reading \DDD: Error on values that are outside range (>255). * bugfix #429: fix doxyparse.pl fails on NetBSD because specified path to perl. @@ -370,7 +436,7 @@ * Update of libdns.vim (thanks Miek Gieben) * Added the ldnsx Python module to our contrib section, which adds even more pythonisticism to the usage of ldns with Python. (Many thanks - to Christpher Olah and Paul Wouters) + to Christopher Olah and Paul Wouters) The ldnsx module is automatically installed when --with-pyldns is used with configuring, but may explicitly be excluded with the --without-pyldnsx option to configure. @@ -398,7 +464,7 @@ * bugfix #380: Minimizing effect of discrepancies in sizeof(bool) at build time and when used. * bugfix #383: Fix detection of empty nonterminals of multiple labels. - * Fixed the ommission of rrsets in nsec(3)s and rrsigs to all occluded + * Fixed the omission of rrsets in nsec(3)s and rrsigs to all occluded names (in stead of just the ones that contain glue only) and all occluded records on the delegation points (in stead of just the glue). * Clarify the operation of ldns_dnssec_mark_glue and the usage of @@ -688,7 +754,7 @@ from Shane Kerr, bug id 188) * zone.c memory leaks on error and allocation checks fixed (patch from Shane Kerr, bug id 189) - * ldns-zplit output and error messages fixed (patch from Shane Kerr, + * ldns-zsplit output and error messages fixed (patch from Shane Kerr, bug id 190) * Fixed potential buffer overflow in ldns_str2rdf_dname * Signing code no longer signs delegation NS rrsets @@ -717,7 +783,7 @@ * DLV RR type added * TCP fallback system has been improved * HMAC-SHA256 TSIG support has been added. - * TTLS are now correcly set in NSEC(3) records when signing zones + * TTLS are now correctly set in NSEC(3) records when signing zones EXAMPLE TOOLS: * New example: ldns-revoke to revoke DNSKEYs according to RFC5011 @@ -792,7 +858,7 @@ 28 Nov 2007 1.2.2: * Added support for HMAC-MD5 keys in generator * Added a new example tool (written by Ondrej Sury): ldns-compare-zones - * ldns-keygen now checks key sizes for rfc conformancy + * ldns-keygen now checks key sizes for rfc conformance * ldns-signzone outputs SSL error if present * Fixed manpages (thanks to Ondrej Sury) * Fixed Makefile for -j @@ -882,7 +948,7 @@ * ldns-dpa was added to the examples - this is the Dns Packet Analyzer tool. * ldnsd - as very, very simple nameserver impl. - * ldns-zsplit - split zones for parrallel signing + * ldns-zsplit - split zones for parallel signing * ldns-zcat - cat split zones back together * ldns-keyfetcher - Fetches DNSKEY records with a few (non-strong, non-DNSSEC) anti-spoofing techniques. @@ -901,7 +967,7 @@ API: Changed: * renamed ldns/dns.h to ldns/ldns.h - * ldns_rr_new_frm_str() is extented with an extra variable which + * ldns_rr_new_frm_str() is extended with an extra variable which in common use may be NULL. This trickles through to: o ldns_rr_new_frm_fp o ldns_rr_new_frm_fp_l @@ -975,7 +1041,7 @@ 13 Jun 2005: 0.65: ldns-team * Repository is online at: http://www.nlnetlabs.nl/ldns/svn/ - * Apply reference copying throuhgout ldns, except in 2 + * Apply reference copying throughout ldns, except in 2 places in the ldns_resolver structure (._domain and ._nameservers) * Usual array of bugfixes diff -Nru ldns-1.7.1/config.guess ldns-1.8.1/config.guess --- ldns-1.7.1/config.guess 2019-07-26 15:07:44.000000000 +0000 +++ ldns-1.8.1/config.guess 2021-12-03 07:45:50.000000000 +0000 @@ -1,8 +1,10 @@ #! /bin/sh # Attempt to guess a canonical system name. -# Copyright 1992-2018 Free Software Foundation, Inc. +# Copyright 1992-2021 Free Software Foundation, Inc. -timestamp='2018-02-24' +# shellcheck disable=SC2006,SC2268 # see below for rationale + +timestamp='2021-06-03' # This file is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License as published by @@ -27,11 +29,19 @@ # Originally written by Per Bothner; maintained since 2000 by Ben Elliston. # # You can get the latest version of this script from: -# https://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess +# https://git.savannah.gnu.org/cgit/config.git/plain/config.guess # # Please send patches to . +# The "shellcheck disable" line above the timestamp inhibits complaints +# about features and limitations of the classic Bourne shell that were +# superseded or lifted in POSIX. However, this script identifies a wide +# variety of pre-POSIX systems that do not have POSIX shells at all, and +# even some reasonably current systems (Solaris 10 as case-in-point) still +# have a pre-POSIX /bin/sh. + + me=`echo "$0" | sed -e 's,.*/,,'` usage="\ @@ -50,7 +60,7 @@ GNU config.guess ($timestamp) Originally written by Per Bothner. -Copyright 1992-2018 Free Software Foundation, Inc. +Copyright 1992-2021 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." @@ -84,7 +94,8 @@ exit 1 fi -trap 'exit 1' 1 2 15 +# Just in case it came from the environment. +GUESS= # CC_FOR_BUILD -- compiler used by this script. Note that the use of a # compiler to aid in system detection is discouraged as it requires @@ -96,73 +107,90 @@ # Portable tmp directory creation inspired by the Autoconf team. -set_cc_for_build=' -trap "exitcode=\$?; (rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null) && exit \$exitcode" 0 ; -trap "rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null; exit 1" 1 2 13 15 ; -: ${TMPDIR=/tmp} ; - { tmp=`(umask 077 && mktemp -d "$TMPDIR/cgXXXXXX") 2>/dev/null` && test -n "$tmp" && test -d "$tmp" ; } || - { test -n "$RANDOM" && tmp=$TMPDIR/cg$$-$RANDOM && (umask 077 && mkdir $tmp) ; } || - { tmp=$TMPDIR/cg-$$ && (umask 077 && mkdir $tmp) && echo "Warning: creating insecure temp directory" >&2 ; } || - { echo "$me: cannot create a temporary directory in $TMPDIR" >&2 ; exit 1 ; } ; -dummy=$tmp/dummy ; -tmpfiles="$dummy.c $dummy.o $dummy.rel $dummy" ; -case $CC_FOR_BUILD,$HOST_CC,$CC in - ,,) echo "int x;" > "$dummy.c" ; - for c in cc gcc c89 c99 ; do - if ($c -c -o "$dummy.o" "$dummy.c") >/dev/null 2>&1 ; then - CC_FOR_BUILD="$c"; break ; - fi ; - done ; - if test x"$CC_FOR_BUILD" = x ; then - CC_FOR_BUILD=no_compiler_found ; - fi - ;; - ,,*) CC_FOR_BUILD=$CC ;; - ,*,*) CC_FOR_BUILD=$HOST_CC ;; -esac ; set_cc_for_build= ;' +tmp= +# shellcheck disable=SC2172 +trap 'test -z "$tmp" || rm -fr "$tmp"' 0 1 2 13 15 + +set_cc_for_build() { + # prevent multiple calls if $tmp is already set + test "$tmp" && return 0 + : "${TMPDIR=/tmp}" + # shellcheck disable=SC2039,SC3028 + { tmp=`(umask 077 && mktemp -d "$TMPDIR/cgXXXXXX") 2>/dev/null` && test -n "$tmp" && test -d "$tmp" ; } || + { test -n "$RANDOM" && tmp=$TMPDIR/cg$$-$RANDOM && (umask 077 && mkdir "$tmp" 2>/dev/null) ; } || + { tmp=$TMPDIR/cg-$$ && (umask 077 && mkdir "$tmp" 2>/dev/null) && echo "Warning: creating insecure temp directory" >&2 ; } || + { echo "$me: cannot create a temporary directory in $TMPDIR" >&2 ; exit 1 ; } + dummy=$tmp/dummy + case ${CC_FOR_BUILD-},${HOST_CC-},${CC-} in + ,,) echo "int x;" > "$dummy.c" + for driver in cc gcc c89 c99 ; do + if ($driver -c -o "$dummy.o" "$dummy.c") >/dev/null 2>&1 ; then + CC_FOR_BUILD=$driver + break + fi + done + if test x"$CC_FOR_BUILD" = x ; then + CC_FOR_BUILD=no_compiler_found + fi + ;; + ,,*) CC_FOR_BUILD=$CC ;; + ,*,*) CC_FOR_BUILD=$HOST_CC ;; + esac +} # This is needed to find uname on a Pyramid OSx when run in the BSD universe. # (ghazi@noc.rutgers.edu 1994-08-24) -if (test -f /.attbin/uname) >/dev/null 2>&1 ; then +if test -f /.attbin/uname ; then PATH=$PATH:/.attbin ; export PATH fi UNAME_MACHINE=`(uname -m) 2>/dev/null` || UNAME_MACHINE=unknown UNAME_RELEASE=`(uname -r) 2>/dev/null` || UNAME_RELEASE=unknown -UNAME_SYSTEM=`(uname -s) 2>/dev/null` || UNAME_SYSTEM=unknown +UNAME_SYSTEM=`(uname -s) 2>/dev/null` || UNAME_SYSTEM=unknown UNAME_VERSION=`(uname -v) 2>/dev/null` || UNAME_VERSION=unknown -case "$UNAME_SYSTEM" in +case $UNAME_SYSTEM in Linux|GNU|GNU/*) - # If the system lacks a compiler, then just pick glibc. - # We could probably try harder. - LIBC=gnu + LIBC=unknown - eval "$set_cc_for_build" + set_cc_for_build cat <<-EOF > "$dummy.c" #include #if defined(__UCLIBC__) LIBC=uclibc #elif defined(__dietlibc__) LIBC=dietlibc - #else + #elif defined(__GLIBC__) LIBC=gnu + #else + #include + /* First heuristic to detect musl libc. */ + #ifdef __DEFINED_va_list + LIBC=musl + #endif #endif EOF - eval "`$CC_FOR_BUILD -E "$dummy.c" 2>/dev/null | grep '^LIBC' | sed 's, ,,g'`" + cc_set_libc=`$CC_FOR_BUILD -E "$dummy.c" 2>/dev/null | grep '^LIBC' | sed 's, ,,g'` + eval "$cc_set_libc" - # If ldd exists, use it to detect musl libc. - if command -v ldd >/dev/null && \ - ldd --version 2>&1 | grep -q ^musl - then - LIBC=musl + # Second heuristic to detect musl libc. + if [ "$LIBC" = unknown ] && + command -v ldd >/dev/null && + ldd --version 2>&1 | grep -q ^musl; then + LIBC=musl + fi + + # If the system lacks a compiler, then just pick glibc. + # We could probably try harder. + if [ "$LIBC" = unknown ]; then + LIBC=gnu fi ;; esac # Note: order is significant - the case branches are not exclusive. -case "$UNAME_MACHINE:$UNAME_SYSTEM:$UNAME_RELEASE:$UNAME_VERSION" in +case $UNAME_MACHINE:$UNAME_SYSTEM:$UNAME_RELEASE:$UNAME_VERSION in *:NetBSD:*:*) # NetBSD (nbsd) targets should (where applicable) match one or # more of the tuples: *-*-netbsdelf*, *-*-netbsdaout*, @@ -174,12 +202,12 @@ # # Note: NetBSD doesn't particularly care about the vendor # portion of the name. We always set it to "unknown". - sysctl="sysctl -n hw.machine_arch" UNAME_MACHINE_ARCH=`(uname -p 2>/dev/null || \ - "/sbin/$sysctl" 2>/dev/null || \ - "/usr/sbin/$sysctl" 2>/dev/null || \ + /sbin/sysctl -n hw.machine_arch 2>/dev/null || \ + /usr/sbin/sysctl -n hw.machine_arch 2>/dev/null || \ echo unknown)` - case "$UNAME_MACHINE_ARCH" in + case $UNAME_MACHINE_ARCH in + aarch64eb) machine=aarch64_be-unknown ;; armeb) machine=armeb-unknown ;; arm*) machine=arm-unknown ;; sh3el) machine=shl-unknown ;; @@ -188,18 +216,18 @@ earmv*) arch=`echo "$UNAME_MACHINE_ARCH" | sed -e 's,^e\(armv[0-9]\).*$,\1,'` endian=`echo "$UNAME_MACHINE_ARCH" | sed -ne 's,^.*\(eb\)$,\1,p'` - machine="${arch}${endian}"-unknown + machine=${arch}${endian}-unknown ;; - *) machine="$UNAME_MACHINE_ARCH"-unknown ;; + *) machine=$UNAME_MACHINE_ARCH-unknown ;; esac # The Operating System including object format, if it has switched # to ELF recently (or will in the future) and ABI. - case "$UNAME_MACHINE_ARCH" in + case $UNAME_MACHINE_ARCH in earm*) os=netbsdelf ;; arm*|i386|m68k|ns32k|sh3*|sparc|vax) - eval "$set_cc_for_build" + set_cc_for_build if echo __ELF__ | $CC_FOR_BUILD -E - 2>/dev/null \ | grep -q __ELF__ then @@ -215,7 +243,7 @@ ;; esac # Determine ABI tags. - case "$UNAME_MACHINE_ARCH" in + case $UNAME_MACHINE_ARCH in earm*) expr='s/^earmv[0-9]/-eabi/;s/eb$//' abi=`echo "$UNAME_MACHINE_ARCH" | sed -e "$expr"` @@ -226,7 +254,7 @@ # thus, need a distinct triplet. However, they do not need # kernel version information, so it can be replaced with a # suitable tag, in the style of linux-gnu. - case "$UNAME_VERSION" in + case $UNAME_VERSION in Debian*) release='-gnu' ;; @@ -237,45 +265,57 @@ # Since CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM: # contains redundant information, the shorter form: # CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM is used. - echo "$machine-${os}${release}${abi}" - exit ;; + GUESS=$machine-${os}${release}${abi-} + ;; *:Bitrig:*:*) UNAME_MACHINE_ARCH=`arch | sed 's/Bitrig.//'` - echo "$UNAME_MACHINE_ARCH"-unknown-bitrig"$UNAME_RELEASE" - exit ;; + GUESS=$UNAME_MACHINE_ARCH-unknown-bitrig$UNAME_RELEASE + ;; *:OpenBSD:*:*) UNAME_MACHINE_ARCH=`arch | sed 's/OpenBSD.//'` - echo "$UNAME_MACHINE_ARCH"-unknown-openbsd"$UNAME_RELEASE" - exit ;; + GUESS=$UNAME_MACHINE_ARCH-unknown-openbsd$UNAME_RELEASE + ;; + *:SecBSD:*:*) + UNAME_MACHINE_ARCH=`arch | sed 's/SecBSD.//'` + GUESS=$UNAME_MACHINE_ARCH-unknown-secbsd$UNAME_RELEASE + ;; *:LibertyBSD:*:*) UNAME_MACHINE_ARCH=`arch | sed 's/^.*BSD\.//'` - echo "$UNAME_MACHINE_ARCH"-unknown-libertybsd"$UNAME_RELEASE" - exit ;; + GUESS=$UNAME_MACHINE_ARCH-unknown-libertybsd$UNAME_RELEASE + ;; *:MidnightBSD:*:*) - echo "$UNAME_MACHINE"-unknown-midnightbsd"$UNAME_RELEASE" - exit ;; + GUESS=$UNAME_MACHINE-unknown-midnightbsd$UNAME_RELEASE + ;; *:ekkoBSD:*:*) - echo "$UNAME_MACHINE"-unknown-ekkobsd"$UNAME_RELEASE" - exit ;; + GUESS=$UNAME_MACHINE-unknown-ekkobsd$UNAME_RELEASE + ;; *:SolidBSD:*:*) - echo "$UNAME_MACHINE"-unknown-solidbsd"$UNAME_RELEASE" - exit ;; + GUESS=$UNAME_MACHINE-unknown-solidbsd$UNAME_RELEASE + ;; + *:OS108:*:*) + GUESS=$UNAME_MACHINE-unknown-os108_$UNAME_RELEASE + ;; macppc:MirBSD:*:*) - echo powerpc-unknown-mirbsd"$UNAME_RELEASE" - exit ;; + GUESS=powerpc-unknown-mirbsd$UNAME_RELEASE + ;; *:MirBSD:*:*) - echo "$UNAME_MACHINE"-unknown-mirbsd"$UNAME_RELEASE" - exit ;; + GUESS=$UNAME_MACHINE-unknown-mirbsd$UNAME_RELEASE + ;; *:Sortix:*:*) - echo "$UNAME_MACHINE"-unknown-sortix - exit ;; + GUESS=$UNAME_MACHINE-unknown-sortix + ;; + *:Twizzler:*:*) + GUESS=$UNAME_MACHINE-unknown-twizzler + ;; *:Redox:*:*) - echo "$UNAME_MACHINE"-unknown-redox - exit ;; + GUESS=$UNAME_MACHINE-unknown-redox + ;; mips:OSF1:*.*) - echo mips-dec-osf1 - exit ;; + GUESS=mips-dec-osf1 + ;; alpha:OSF1:*:*) + # Reset EXIT trap before exiting to avoid spurious non-zero exit code. + trap '' 0 case $UNAME_RELEASE in *4.0) UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $3}'` @@ -289,7 +329,7 @@ # covers most systems running today. This code pipes the CPU # types through head -n 1, so we only detect the type of CPU 0. ALPHA_CPU_TYPE=`/usr/sbin/psrinfo -v | sed -n -e 's/^ The alpha \(.*\) processor.*$/\1/p' | head -n 1` - case "$ALPHA_CPU_TYPE" in + case $ALPHA_CPU_TYPE in "EV4 (21064)") UNAME_MACHINE=alpha ;; "EV4.5 (21064)") @@ -326,75 +366,76 @@ # A Tn.n version is a released field test version. # A Xn.n version is an unreleased experimental baselevel. # 1.2 uses "1.2" for uname -r. - echo "$UNAME_MACHINE"-dec-osf"`echo "$UNAME_RELEASE" | sed -e 's/^[PVTX]//' | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz`" - # Reset EXIT trap before exiting to avoid spurious non-zero exit code. - exitcode=$? - trap '' 0 - exit $exitcode ;; + OSF_REL=`echo "$UNAME_RELEASE" | sed -e 's/^[PVTX]//' | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz` + GUESS=$UNAME_MACHINE-dec-osf$OSF_REL + ;; Amiga*:UNIX_System_V:4.0:*) - echo m68k-unknown-sysv4 - exit ;; + GUESS=m68k-unknown-sysv4 + ;; *:[Aa]miga[Oo][Ss]:*:*) - echo "$UNAME_MACHINE"-unknown-amigaos - exit ;; + GUESS=$UNAME_MACHINE-unknown-amigaos + ;; *:[Mm]orph[Oo][Ss]:*:*) - echo "$UNAME_MACHINE"-unknown-morphos - exit ;; + GUESS=$UNAME_MACHINE-unknown-morphos + ;; *:OS/390:*:*) - echo i370-ibm-openedition - exit ;; + GUESS=i370-ibm-openedition + ;; *:z/VM:*:*) - echo s390-ibm-zvmoe - exit ;; + GUESS=s390-ibm-zvmoe + ;; *:OS400:*:*) - echo powerpc-ibm-os400 - exit ;; + GUESS=powerpc-ibm-os400 + ;; arm:RISC*:1.[012]*:*|arm:riscix:1.[012]*:*) - echo arm-acorn-riscix"$UNAME_RELEASE" - exit ;; + GUESS=arm-acorn-riscix$UNAME_RELEASE + ;; arm*:riscos:*:*|arm*:RISCOS:*:*) - echo arm-unknown-riscos - exit ;; + GUESS=arm-unknown-riscos + ;; SR2?01:HI-UX/MPP:*:* | SR8000:HI-UX/MPP:*:*) - echo hppa1.1-hitachi-hiuxmpp - exit ;; + GUESS=hppa1.1-hitachi-hiuxmpp + ;; Pyramid*:OSx*:*:* | MIS*:OSx*:*:* | MIS*:SMP_DC-OSx*:*:*) # akee@wpdis03.wpafb.af.mil (Earle F. Ake) contributed MIS and NILE. - if test "`(/bin/universe) 2>/dev/null`" = att ; then - echo pyramid-pyramid-sysv3 - else - echo pyramid-pyramid-bsd - fi - exit ;; + case `(/bin/universe) 2>/dev/null` in + att) GUESS=pyramid-pyramid-sysv3 ;; + *) GUESS=pyramid-pyramid-bsd ;; + esac + ;; NILE*:*:*:dcosx) - echo pyramid-pyramid-svr4 - exit ;; + GUESS=pyramid-pyramid-svr4 + ;; DRS?6000:unix:4.0:6*) - echo sparc-icl-nx6 - exit ;; + GUESS=sparc-icl-nx6 + ;; DRS?6000:UNIX_SV:4.2*:7* | DRS?6000:isis:4.2*:7*) case `/usr/bin/uname -p` in - sparc) echo sparc-icl-nx7; exit ;; - esac ;; + sparc) GUESS=sparc-icl-nx7 ;; + esac + ;; s390x:SunOS:*:*) - echo "$UNAME_MACHINE"-ibm-solaris2"`echo "$UNAME_RELEASE" | sed -e 's/[^.]*//'`" - exit ;; + SUN_REL=`echo "$UNAME_RELEASE" | sed -e 's/[^.]*//'` + GUESS=$UNAME_MACHINE-ibm-solaris2$SUN_REL + ;; sun4H:SunOS:5.*:*) - echo sparc-hal-solaris2"`echo "$UNAME_RELEASE"|sed -e 's/[^.]*//'`" - exit ;; + SUN_REL=`echo "$UNAME_RELEASE" | sed -e 's/[^.]*//'` + GUESS=sparc-hal-solaris2$SUN_REL + ;; sun4*:SunOS:5.*:* | tadpole*:SunOS:5.*:*) - echo sparc-sun-solaris2"`echo "$UNAME_RELEASE" | sed -e 's/[^.]*//'`" - exit ;; + SUN_REL=`echo "$UNAME_RELEASE" | sed -e 's/[^.]*//'` + GUESS=sparc-sun-solaris2$SUN_REL + ;; i86pc:AuroraUX:5.*:* | i86xen:AuroraUX:5.*:*) - echo i386-pc-auroraux"$UNAME_RELEASE" - exit ;; + GUESS=i386-pc-auroraux$UNAME_RELEASE + ;; i86pc:SunOS:5.*:* | i86xen:SunOS:5.*:*) - eval "$set_cc_for_build" + set_cc_for_build SUN_ARCH=i386 # If there is a compiler, see if it is configured for 64-bit objects. # Note that the Sun cc does not turn __LP64__ into 1 like gcc does. # This test works for both compilers. - if [ "$CC_FOR_BUILD" != no_compiler_found ]; then + if test "$CC_FOR_BUILD" != no_compiler_found; then if (echo '#ifdef __amd64'; echo IS_64BIT_ARCH; echo '#endif') | \ (CCOPTS="" $CC_FOR_BUILD -E - 2>/dev/null) | \ grep IS_64BIT_ARCH >/dev/null @@ -402,41 +443,44 @@ SUN_ARCH=x86_64 fi fi - echo "$SUN_ARCH"-pc-solaris2"`echo "$UNAME_RELEASE"|sed -e 's/[^.]*//'`" - exit ;; + SUN_REL=`echo "$UNAME_RELEASE" | sed -e 's/[^.]*//'` + GUESS=$SUN_ARCH-pc-solaris2$SUN_REL + ;; sun4*:SunOS:6*:*) # According to config.sub, this is the proper way to canonicalize # SunOS6. Hard to guess exactly what SunOS6 will be like, but # it's likely to be more like Solaris than SunOS4. - echo sparc-sun-solaris3"`echo "$UNAME_RELEASE"|sed -e 's/[^.]*//'`" - exit ;; + SUN_REL=`echo "$UNAME_RELEASE" | sed -e 's/[^.]*//'` + GUESS=sparc-sun-solaris3$SUN_REL + ;; sun4*:SunOS:*:*) - case "`/usr/bin/arch -k`" in + case `/usr/bin/arch -k` in Series*|S4*) UNAME_RELEASE=`uname -v` ;; esac # Japanese Language versions have a version number like `4.1.3-JL'. - echo sparc-sun-sunos"`echo "$UNAME_RELEASE"|sed -e 's/-/_/'`" - exit ;; + SUN_REL=`echo "$UNAME_RELEASE" | sed -e 's/-/_/'` + GUESS=sparc-sun-sunos$SUN_REL + ;; sun3*:SunOS:*:*) - echo m68k-sun-sunos"$UNAME_RELEASE" - exit ;; + GUESS=m68k-sun-sunos$UNAME_RELEASE + ;; sun*:*:4.2BSD:*) UNAME_RELEASE=`(sed 1q /etc/motd | awk '{print substr($5,1,3)}') 2>/dev/null` test "x$UNAME_RELEASE" = x && UNAME_RELEASE=3 - case "`/bin/arch`" in + case `/bin/arch` in sun3) - echo m68k-sun-sunos"$UNAME_RELEASE" + GUESS=m68k-sun-sunos$UNAME_RELEASE ;; sun4) - echo sparc-sun-sunos"$UNAME_RELEASE" + GUESS=sparc-sun-sunos$UNAME_RELEASE ;; esac - exit ;; + ;; aushp:SunOS:*:*) - echo sparc-auspex-sunos"$UNAME_RELEASE" - exit ;; + GUESS=sparc-auspex-sunos$UNAME_RELEASE + ;; # The situation for MiNT is a little confusing. The machine name # can be virtually everything (everything which is not # "atarist" or "atariste" at least should have a processor @@ -446,43 +490,43 @@ # MiNT. But MiNT is downward compatible to TOS, so this should # be no problem. atarist[e]:*MiNT:*:* | atarist[e]:*mint:*:* | atarist[e]:*TOS:*:*) - echo m68k-atari-mint"$UNAME_RELEASE" - exit ;; + GUESS=m68k-atari-mint$UNAME_RELEASE + ;; atari*:*MiNT:*:* | atari*:*mint:*:* | atarist[e]:*TOS:*:*) - echo m68k-atari-mint"$UNAME_RELEASE" - exit ;; + GUESS=m68k-atari-mint$UNAME_RELEASE + ;; *falcon*:*MiNT:*:* | *falcon*:*mint:*:* | *falcon*:*TOS:*:*) - echo m68k-atari-mint"$UNAME_RELEASE" - exit ;; + GUESS=m68k-atari-mint$UNAME_RELEASE + ;; milan*:*MiNT:*:* | milan*:*mint:*:* | *milan*:*TOS:*:*) - echo m68k-milan-mint"$UNAME_RELEASE" - exit ;; + GUESS=m68k-milan-mint$UNAME_RELEASE + ;; hades*:*MiNT:*:* | hades*:*mint:*:* | *hades*:*TOS:*:*) - echo m68k-hades-mint"$UNAME_RELEASE" - exit ;; + GUESS=m68k-hades-mint$UNAME_RELEASE + ;; *:*MiNT:*:* | *:*mint:*:* | *:*TOS:*:*) - echo m68k-unknown-mint"$UNAME_RELEASE" - exit ;; + GUESS=m68k-unknown-mint$UNAME_RELEASE + ;; m68k:machten:*:*) - echo m68k-apple-machten"$UNAME_RELEASE" - exit ;; + GUESS=m68k-apple-machten$UNAME_RELEASE + ;; powerpc:machten:*:*) - echo powerpc-apple-machten"$UNAME_RELEASE" - exit ;; + GUESS=powerpc-apple-machten$UNAME_RELEASE + ;; RISC*:Mach:*:*) - echo mips-dec-mach_bsd4.3 - exit ;; + GUESS=mips-dec-mach_bsd4.3 + ;; RISC*:ULTRIX:*:*) - echo mips-dec-ultrix"$UNAME_RELEASE" - exit ;; + GUESS=mips-dec-ultrix$UNAME_RELEASE + ;; VAX*:ULTRIX*:*:*) - echo vax-dec-ultrix"$UNAME_RELEASE" - exit ;; + GUESS=vax-dec-ultrix$UNAME_RELEASE + ;; 2020:CLIX:*:* | 2430:CLIX:*:*) - echo clipper-intergraph-clix"$UNAME_RELEASE" - exit ;; + GUESS=clipper-intergraph-clix$UNAME_RELEASE + ;; mips:*:*:UMIPS | mips:*:*:RISCos) - eval "$set_cc_for_build" + set_cc_for_build sed 's/^ //' << EOF > "$dummy.c" #ifdef __cplusplus #include /* for printf() prototype */ @@ -508,78 +552,79 @@ dummyarg=`echo "$UNAME_RELEASE" | sed -n 's/\([0-9]*\).*/\1/p'` && SYSTEM_NAME=`"$dummy" "$dummyarg"` && { echo "$SYSTEM_NAME"; exit; } - echo mips-mips-riscos"$UNAME_RELEASE" - exit ;; + GUESS=mips-mips-riscos$UNAME_RELEASE + ;; Motorola:PowerMAX_OS:*:*) - echo powerpc-motorola-powermax - exit ;; + GUESS=powerpc-motorola-powermax + ;; Motorola:*:4.3:PL8-*) - echo powerpc-harris-powermax - exit ;; + GUESS=powerpc-harris-powermax + ;; Night_Hawk:*:*:PowerMAX_OS | Synergy:PowerMAX_OS:*:*) - echo powerpc-harris-powermax - exit ;; + GUESS=powerpc-harris-powermax + ;; Night_Hawk:Power_UNIX:*:*) - echo powerpc-harris-powerunix - exit ;; + GUESS=powerpc-harris-powerunix + ;; m88k:CX/UX:7*:*) - echo m88k-harris-cxux7 - exit ;; + GUESS=m88k-harris-cxux7 + ;; m88k:*:4*:R4*) - echo m88k-motorola-sysv4 - exit ;; + GUESS=m88k-motorola-sysv4 + ;; m88k:*:3*:R3*) - echo m88k-motorola-sysv3 - exit ;; + GUESS=m88k-motorola-sysv3 + ;; AViiON:dgux:*:*) # DG/UX returns AViiON for all architectures UNAME_PROCESSOR=`/usr/bin/uname -p` - if [ "$UNAME_PROCESSOR" = mc88100 ] || [ "$UNAME_PROCESSOR" = mc88110 ] + if test "$UNAME_PROCESSOR" = mc88100 || test "$UNAME_PROCESSOR" = mc88110 then - if [ "$TARGET_BINARY_INTERFACE"x = m88kdguxelfx ] || \ - [ "$TARGET_BINARY_INTERFACE"x = x ] + if test "$TARGET_BINARY_INTERFACE"x = m88kdguxelfx || \ + test "$TARGET_BINARY_INTERFACE"x = x then - echo m88k-dg-dgux"$UNAME_RELEASE" + GUESS=m88k-dg-dgux$UNAME_RELEASE else - echo m88k-dg-dguxbcs"$UNAME_RELEASE" + GUESS=m88k-dg-dguxbcs$UNAME_RELEASE fi else - echo i586-dg-dgux"$UNAME_RELEASE" + GUESS=i586-dg-dgux$UNAME_RELEASE fi - exit ;; + ;; M88*:DolphinOS:*:*) # DolphinOS (SVR3) - echo m88k-dolphin-sysv3 - exit ;; + GUESS=m88k-dolphin-sysv3 + ;; M88*:*:R3*:*) # Delta 88k system running SVR3 - echo m88k-motorola-sysv3 - exit ;; + GUESS=m88k-motorola-sysv3 + ;; XD88*:*:*:*) # Tektronix XD88 system running UTekV (SVR3) - echo m88k-tektronix-sysv3 - exit ;; + GUESS=m88k-tektronix-sysv3 + ;; Tek43[0-9][0-9]:UTek:*:*) # Tektronix 4300 system running UTek (BSD) - echo m68k-tektronix-bsd - exit ;; + GUESS=m68k-tektronix-bsd + ;; *:IRIX*:*:*) - echo mips-sgi-irix"`echo "$UNAME_RELEASE"|sed -e 's/-/_/g'`" - exit ;; + IRIX_REL=`echo "$UNAME_RELEASE" | sed -e 's/-/_/g'` + GUESS=mips-sgi-irix$IRIX_REL + ;; ????????:AIX?:[12].1:2) # AIX 2.2.1 or AIX 2.1.1 is RT/PC AIX. - echo romp-ibm-aix # uname -m gives an 8 hex-code CPU id - exit ;; # Note that: echo "'`uname -s`'" gives 'AIX ' + GUESS=romp-ibm-aix # uname -m gives an 8 hex-code CPU id + ;; # Note that: echo "'`uname -s`'" gives 'AIX ' i*86:AIX:*:*) - echo i386-ibm-aix - exit ;; + GUESS=i386-ibm-aix + ;; ia64:AIX:*:*) - if [ -x /usr/bin/oslevel ] ; then + if test -x /usr/bin/oslevel ; then IBM_REV=`/usr/bin/oslevel` else - IBM_REV="$UNAME_VERSION.$UNAME_RELEASE" + IBM_REV=$UNAME_VERSION.$UNAME_RELEASE fi - echo "$UNAME_MACHINE"-ibm-aix"$IBM_REV" - exit ;; + GUESS=$UNAME_MACHINE-ibm-aix$IBM_REV + ;; *:AIX:2:3) if grep bos325 /usr/include/stdio.h >/dev/null 2>&1; then - eval "$set_cc_for_build" + set_cc_for_build sed 's/^ //' << EOF > "$dummy.c" #include @@ -593,16 +638,16 @@ EOF if $CC_FOR_BUILD -o "$dummy" "$dummy.c" && SYSTEM_NAME=`"$dummy"` then - echo "$SYSTEM_NAME" + GUESS=$SYSTEM_NAME else - echo rs6000-ibm-aix3.2.5 + GUESS=rs6000-ibm-aix3.2.5 fi elif grep bos324 /usr/include/stdio.h >/dev/null 2>&1; then - echo rs6000-ibm-aix3.2.4 + GUESS=rs6000-ibm-aix3.2.4 else - echo rs6000-ibm-aix3.2 + GUESS=rs6000-ibm-aix3.2 fi - exit ;; + ;; *:AIX:*:[4567]) IBM_CPU_ID=`/usr/sbin/lsdev -C -c processor -S available | sed 1q | awk '{ print $1 }'` if /usr/sbin/lsattr -El "$IBM_CPU_ID" | grep ' POWER' >/dev/null 2>&1; then @@ -610,57 +655,57 @@ else IBM_ARCH=powerpc fi - if [ -x /usr/bin/lslpp ] ; then - IBM_REV=`/usr/bin/lslpp -Lqc bos.rte.libc | + if test -x /usr/bin/lslpp ; then + IBM_REV=`/usr/bin/lslpp -Lqc bos.rte.libc | \ awk -F: '{ print $3 }' | sed s/[0-9]*$/0/` else - IBM_REV="$UNAME_VERSION.$UNAME_RELEASE" + IBM_REV=$UNAME_VERSION.$UNAME_RELEASE fi - echo "$IBM_ARCH"-ibm-aix"$IBM_REV" - exit ;; + GUESS=$IBM_ARCH-ibm-aix$IBM_REV + ;; *:AIX:*:*) - echo rs6000-ibm-aix - exit ;; + GUESS=rs6000-ibm-aix + ;; ibmrt:4.4BSD:*|romp-ibm:4.4BSD:*) - echo romp-ibm-bsd4.4 - exit ;; + GUESS=romp-ibm-bsd4.4 + ;; ibmrt:*BSD:*|romp-ibm:BSD:*) # covers RT/PC BSD and - echo romp-ibm-bsd"$UNAME_RELEASE" # 4.3 with uname added to - exit ;; # report: romp-ibm BSD 4.3 + GUESS=romp-ibm-bsd$UNAME_RELEASE # 4.3 with uname added to + ;; # report: romp-ibm BSD 4.3 *:BOSX:*:*) - echo rs6000-bull-bosx - exit ;; + GUESS=rs6000-bull-bosx + ;; DPX/2?00:B.O.S.:*:*) - echo m68k-bull-sysv3 - exit ;; + GUESS=m68k-bull-sysv3 + ;; 9000/[34]??:4.3bsd:1.*:*) - echo m68k-hp-bsd - exit ;; + GUESS=m68k-hp-bsd + ;; hp300:4.4BSD:*:* | 9000/[34]??:4.3bsd:2.*:*) - echo m68k-hp-bsd4.4 - exit ;; + GUESS=m68k-hp-bsd4.4 + ;; 9000/[34678]??:HP-UX:*:*) - HPUX_REV=`echo "$UNAME_RELEASE"|sed -e 's/[^.]*.[0B]*//'` - case "$UNAME_MACHINE" in + HPUX_REV=`echo "$UNAME_RELEASE" | sed -e 's/[^.]*.[0B]*//'` + case $UNAME_MACHINE in 9000/31?) HP_ARCH=m68000 ;; 9000/[34]??) HP_ARCH=m68k ;; 9000/[678][0-9][0-9]) - if [ -x /usr/bin/getconf ]; then + if test -x /usr/bin/getconf; then sc_cpu_version=`/usr/bin/getconf SC_CPU_VERSION 2>/dev/null` sc_kernel_bits=`/usr/bin/getconf SC_KERNEL_BITS 2>/dev/null` - case "$sc_cpu_version" in + case $sc_cpu_version in 523) HP_ARCH=hppa1.0 ;; # CPU_PA_RISC1_0 528) HP_ARCH=hppa1.1 ;; # CPU_PA_RISC1_1 532) # CPU_PA_RISC2_0 - case "$sc_kernel_bits" in + case $sc_kernel_bits in 32) HP_ARCH=hppa2.0n ;; 64) HP_ARCH=hppa2.0w ;; '') HP_ARCH=hppa2.0 ;; # HP-UX 10.20 esac ;; esac fi - if [ "$HP_ARCH" = "" ]; then - eval "$set_cc_for_build" + if test "$HP_ARCH" = ""; then + set_cc_for_build sed 's/^ //' << EOF > "$dummy.c" #define _HPUX_SOURCE @@ -698,9 +743,9 @@ test -z "$HP_ARCH" && HP_ARCH=hppa fi ;; esac - if [ "$HP_ARCH" = hppa2.0w ] + if test "$HP_ARCH" = hppa2.0w then - eval "$set_cc_for_build" + set_cc_for_build # hppa2.0w-hp-hpux* has a 64-bit kernel and a compiler generating # 32-bit code. hppa64-hp-hpux* has the same kernel and a compiler @@ -719,14 +764,14 @@ HP_ARCH=hppa64 fi fi - echo "$HP_ARCH"-hp-hpux"$HPUX_REV" - exit ;; + GUESS=$HP_ARCH-hp-hpux$HPUX_REV + ;; ia64:HP-UX:*:*) - HPUX_REV=`echo "$UNAME_RELEASE"|sed -e 's/[^.]*.[0B]*//'` - echo ia64-hp-hpux"$HPUX_REV" - exit ;; + HPUX_REV=`echo "$UNAME_RELEASE" | sed -e 's/[^.]*.[0B]*//'` + GUESS=ia64-hp-hpux$HPUX_REV + ;; 3050*:HI-UX:*:*) - eval "$set_cc_for_build" + set_cc_for_build sed 's/^ //' << EOF > "$dummy.c" #include int @@ -754,36 +799,36 @@ EOF $CC_FOR_BUILD -o "$dummy" "$dummy.c" && SYSTEM_NAME=`"$dummy"` && { echo "$SYSTEM_NAME"; exit; } - echo unknown-hitachi-hiuxwe2 - exit ;; + GUESS=unknown-hitachi-hiuxwe2 + ;; 9000/7??:4.3bsd:*:* | 9000/8?[79]:4.3bsd:*:*) - echo hppa1.1-hp-bsd - exit ;; + GUESS=hppa1.1-hp-bsd + ;; 9000/8??:4.3bsd:*:*) - echo hppa1.0-hp-bsd - exit ;; + GUESS=hppa1.0-hp-bsd + ;; *9??*:MPE/iX:*:* | *3000*:MPE/iX:*:*) - echo hppa1.0-hp-mpeix - exit ;; + GUESS=hppa1.0-hp-mpeix + ;; hp7??:OSF1:*:* | hp8?[79]:OSF1:*:*) - echo hppa1.1-hp-osf - exit ;; + GUESS=hppa1.1-hp-osf + ;; hp8??:OSF1:*:*) - echo hppa1.0-hp-osf - exit ;; + GUESS=hppa1.0-hp-osf + ;; i*86:OSF1:*:*) - if [ -x /usr/sbin/sysversion ] ; then - echo "$UNAME_MACHINE"-unknown-osf1mk + if test -x /usr/sbin/sysversion ; then + GUESS=$UNAME_MACHINE-unknown-osf1mk else - echo "$UNAME_MACHINE"-unknown-osf1 + GUESS=$UNAME_MACHINE-unknown-osf1 fi - exit ;; + ;; parisc*:Lites*:*:*) - echo hppa1.1-hp-lites - exit ;; + GUESS=hppa1.1-hp-lites + ;; C1*:ConvexOS:*:* | convex:ConvexOS:C1*:*) - echo c1-convex-bsd - exit ;; + GUESS=c1-convex-bsd + ;; C2*:ConvexOS:*:* | convex:ConvexOS:C2*:*) if getsysinfo -f scalar_acc then echo c32-convex-bsd @@ -791,17 +836,18 @@ fi exit ;; C34*:ConvexOS:*:* | convex:ConvexOS:C34*:*) - echo c34-convex-bsd - exit ;; + GUESS=c34-convex-bsd + ;; C38*:ConvexOS:*:* | convex:ConvexOS:C38*:*) - echo c38-convex-bsd - exit ;; + GUESS=c38-convex-bsd + ;; C4*:ConvexOS:*:* | convex:ConvexOS:C4*:*) - echo c4-convex-bsd - exit ;; + GUESS=c4-convex-bsd + ;; CRAY*Y-MP:*:*:*) - echo ymp-cray-unicos"$UNAME_RELEASE" | sed -e 's/\.[^.]*$/.X/' - exit ;; + CRAY_REL=`echo "$UNAME_RELEASE" | sed -e 's/\.[^.]*$/.X/'` + GUESS=ymp-cray-unicos$CRAY_REL + ;; CRAY*[A-Z]90:*:*:*) echo "$UNAME_MACHINE"-cray-unicos"$UNAME_RELEASE" \ | sed -e 's/CRAY.*\([A-Z]90\)/\1/' \ @@ -809,103 +855,126 @@ -e 's/\.[^.]*$/.X/' exit ;; CRAY*TS:*:*:*) - echo t90-cray-unicos"$UNAME_RELEASE" | sed -e 's/\.[^.]*$/.X/' - exit ;; + CRAY_REL=`echo "$UNAME_RELEASE" | sed -e 's/\.[^.]*$/.X/'` + GUESS=t90-cray-unicos$CRAY_REL + ;; CRAY*T3E:*:*:*) - echo alphaev5-cray-unicosmk"$UNAME_RELEASE" | sed -e 's/\.[^.]*$/.X/' - exit ;; + CRAY_REL=`echo "$UNAME_RELEASE" | sed -e 's/\.[^.]*$/.X/'` + GUESS=alphaev5-cray-unicosmk$CRAY_REL + ;; CRAY*SV1:*:*:*) - echo sv1-cray-unicos"$UNAME_RELEASE" | sed -e 's/\.[^.]*$/.X/' - exit ;; + CRAY_REL=`echo "$UNAME_RELEASE" | sed -e 's/\.[^.]*$/.X/'` + GUESS=sv1-cray-unicos$CRAY_REL + ;; *:UNICOS/mp:*:*) - echo craynv-cray-unicosmp"$UNAME_RELEASE" | sed -e 's/\.[^.]*$/.X/' - exit ;; + CRAY_REL=`echo "$UNAME_RELEASE" | sed -e 's/\.[^.]*$/.X/'` + GUESS=craynv-cray-unicosmp$CRAY_REL + ;; F30[01]:UNIX_System_V:*:* | F700:UNIX_System_V:*:*) FUJITSU_PROC=`uname -m | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz` FUJITSU_SYS=`uname -p | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz | sed -e 's/\///'` FUJITSU_REL=`echo "$UNAME_RELEASE" | sed -e 's/ /_/'` - echo "${FUJITSU_PROC}-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}" - exit ;; + GUESS=${FUJITSU_PROC}-fujitsu-${FUJITSU_SYS}${FUJITSU_REL} + ;; 5000:UNIX_System_V:4.*:*) FUJITSU_SYS=`uname -p | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz | sed -e 's/\///'` FUJITSU_REL=`echo "$UNAME_RELEASE" | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz | sed -e 's/ /_/'` - echo "sparc-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}" - exit ;; + GUESS=sparc-fujitsu-${FUJITSU_SYS}${FUJITSU_REL} + ;; i*86:BSD/386:*:* | i*86:BSD/OS:*:* | *:Ascend\ Embedded/OS:*:*) - echo "$UNAME_MACHINE"-pc-bsdi"$UNAME_RELEASE" - exit ;; + GUESS=$UNAME_MACHINE-pc-bsdi$UNAME_RELEASE + ;; sparc*:BSD/OS:*:*) - echo sparc-unknown-bsdi"$UNAME_RELEASE" - exit ;; + GUESS=sparc-unknown-bsdi$UNAME_RELEASE + ;; *:BSD/OS:*:*) - echo "$UNAME_MACHINE"-unknown-bsdi"$UNAME_RELEASE" - exit ;; + GUESS=$UNAME_MACHINE-unknown-bsdi$UNAME_RELEASE + ;; + arm:FreeBSD:*:*) + UNAME_PROCESSOR=`uname -p` + set_cc_for_build + if echo __ARM_PCS_VFP | $CC_FOR_BUILD -E - 2>/dev/null \ + | grep -q __ARM_PCS_VFP + then + FREEBSD_REL=`echo "$UNAME_RELEASE" | sed -e 's/[-(].*//'` + GUESS=$UNAME_PROCESSOR-unknown-freebsd$FREEBSD_REL-gnueabi + else + FREEBSD_REL=`echo "$UNAME_RELEASE" | sed -e 's/[-(].*//'` + GUESS=$UNAME_PROCESSOR-unknown-freebsd$FREEBSD_REL-gnueabihf + fi + ;; *:FreeBSD:*:*) UNAME_PROCESSOR=`/usr/bin/uname -p` - case "$UNAME_PROCESSOR" in + case $UNAME_PROCESSOR in amd64) UNAME_PROCESSOR=x86_64 ;; i386) UNAME_PROCESSOR=i586 ;; esac - echo "$UNAME_PROCESSOR"-unknown-freebsd"`echo "$UNAME_RELEASE"|sed -e 's/[-(].*//'`" - exit ;; + FREEBSD_REL=`echo "$UNAME_RELEASE" | sed -e 's/[-(].*//'` + GUESS=$UNAME_PROCESSOR-unknown-freebsd$FREEBSD_REL + ;; i*:CYGWIN*:*) - echo "$UNAME_MACHINE"-pc-cygwin - exit ;; + GUESS=$UNAME_MACHINE-pc-cygwin + ;; *:MINGW64*:*) - echo "$UNAME_MACHINE"-pc-mingw64 - exit ;; + GUESS=$UNAME_MACHINE-pc-mingw64 + ;; *:MINGW*:*) - echo "$UNAME_MACHINE"-pc-mingw32 - exit ;; + GUESS=$UNAME_MACHINE-pc-mingw32 + ;; *:MSYS*:*) - echo "$UNAME_MACHINE"-pc-msys - exit ;; + GUESS=$UNAME_MACHINE-pc-msys + ;; i*:PW*:*) - echo "$UNAME_MACHINE"-pc-pw32 - exit ;; + GUESS=$UNAME_MACHINE-pc-pw32 + ;; *:Interix*:*) - case "$UNAME_MACHINE" in + case $UNAME_MACHINE in x86) - echo i586-pc-interix"$UNAME_RELEASE" - exit ;; + GUESS=i586-pc-interix$UNAME_RELEASE + ;; authenticamd | genuineintel | EM64T) - echo x86_64-unknown-interix"$UNAME_RELEASE" - exit ;; + GUESS=x86_64-unknown-interix$UNAME_RELEASE + ;; IA64) - echo ia64-unknown-interix"$UNAME_RELEASE" - exit ;; + GUESS=ia64-unknown-interix$UNAME_RELEASE + ;; esac ;; i*:UWIN*:*) - echo "$UNAME_MACHINE"-pc-uwin - exit ;; + GUESS=$UNAME_MACHINE-pc-uwin + ;; amd64:CYGWIN*:*:* | x86_64:CYGWIN*:*:*) - echo x86_64-unknown-cygwin - exit ;; + GUESS=x86_64-pc-cygwin + ;; prep*:SunOS:5.*:*) - echo powerpcle-unknown-solaris2"`echo "$UNAME_RELEASE"|sed -e 's/[^.]*//'`" - exit ;; + SUN_REL=`echo "$UNAME_RELEASE" | sed -e 's/[^.]*//'` + GUESS=powerpcle-unknown-solaris2$SUN_REL + ;; *:GNU:*:*) # the GNU system - echo "`echo "$UNAME_MACHINE"|sed -e 's,[-/].*$,,'`-unknown-$LIBC`echo "$UNAME_RELEASE"|sed -e 's,/.*$,,'`" - exit ;; + GNU_ARCH=`echo "$UNAME_MACHINE" | sed -e 's,[-/].*$,,'` + GNU_REL=`echo "$UNAME_RELEASE" | sed -e 's,/.*$,,'` + GUESS=$GNU_ARCH-unknown-$LIBC$GNU_REL + ;; *:GNU/*:*:*) # other systems with GNU libc and userland - echo "$UNAME_MACHINE-unknown-`echo "$UNAME_SYSTEM" | sed 's,^[^/]*/,,' | tr "[:upper:]" "[:lower:]"``echo "$UNAME_RELEASE"|sed -e 's/[-(].*//'`-$LIBC" - exit ;; - i*86:Minix:*:*) - echo "$UNAME_MACHINE"-pc-minix - exit ;; + GNU_SYS=`echo "$UNAME_SYSTEM" | sed 's,^[^/]*/,,' | tr "[:upper:]" "[:lower:]"` + GNU_REL=`echo "$UNAME_RELEASE" | sed -e 's/[-(].*//'` + GUESS=$UNAME_MACHINE-unknown-$GNU_SYS$GNU_REL-$LIBC + ;; + *:Minix:*:*) + GUESS=$UNAME_MACHINE-unknown-minix + ;; aarch64:Linux:*:*) - echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" - exit ;; + GUESS=$UNAME_MACHINE-unknown-linux-$LIBC + ;; aarch64_be:Linux:*:*) UNAME_MACHINE=aarch64_be - echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" - exit ;; + GUESS=$UNAME_MACHINE-unknown-linux-$LIBC + ;; alpha:Linux:*:*) - case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in + case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' /proc/cpuinfo 2>/dev/null` in EV5) UNAME_MACHINE=alphaev5 ;; EV56) UNAME_MACHINE=alphaev56 ;; PCA56) UNAME_MACHINE=alphapca56 ;; @@ -916,187 +985,225 @@ esac objdump --private-headers /bin/sh | grep -q ld.so.1 if test "$?" = 0 ; then LIBC=gnulibc1 ; fi - echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" - exit ;; - arc:Linux:*:* | arceb:Linux:*:*) - echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" - exit ;; + GUESS=$UNAME_MACHINE-unknown-linux-$LIBC + ;; + arc:Linux:*:* | arceb:Linux:*:* | arc32:Linux:*:* | arc64:Linux:*:*) + GUESS=$UNAME_MACHINE-unknown-linux-$LIBC + ;; arm*:Linux:*:*) - eval "$set_cc_for_build" + set_cc_for_build if echo __ARM_EABI__ | $CC_FOR_BUILD -E - 2>/dev/null \ | grep -q __ARM_EABI__ then - echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" + GUESS=$UNAME_MACHINE-unknown-linux-$LIBC else if echo __ARM_PCS_VFP | $CC_FOR_BUILD -E - 2>/dev/null \ | grep -q __ARM_PCS_VFP then - echo "$UNAME_MACHINE"-unknown-linux-"$LIBC"eabi + GUESS=$UNAME_MACHINE-unknown-linux-${LIBC}eabi else - echo "$UNAME_MACHINE"-unknown-linux-"$LIBC"eabihf + GUESS=$UNAME_MACHINE-unknown-linux-${LIBC}eabihf fi fi - exit ;; + ;; avr32*:Linux:*:*) - echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" - exit ;; + GUESS=$UNAME_MACHINE-unknown-linux-$LIBC + ;; cris:Linux:*:*) - echo "$UNAME_MACHINE"-axis-linux-"$LIBC" - exit ;; + GUESS=$UNAME_MACHINE-axis-linux-$LIBC + ;; crisv32:Linux:*:*) - echo "$UNAME_MACHINE"-axis-linux-"$LIBC" - exit ;; + GUESS=$UNAME_MACHINE-axis-linux-$LIBC + ;; e2k:Linux:*:*) - echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" - exit ;; + GUESS=$UNAME_MACHINE-unknown-linux-$LIBC + ;; frv:Linux:*:*) - echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" - exit ;; + GUESS=$UNAME_MACHINE-unknown-linux-$LIBC + ;; hexagon:Linux:*:*) - echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" - exit ;; + GUESS=$UNAME_MACHINE-unknown-linux-$LIBC + ;; i*86:Linux:*:*) - echo "$UNAME_MACHINE"-pc-linux-"$LIBC" - exit ;; + GUESS=$UNAME_MACHINE-pc-linux-$LIBC + ;; ia64:Linux:*:*) - echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" - exit ;; + GUESS=$UNAME_MACHINE-unknown-linux-$LIBC + ;; k1om:Linux:*:*) - echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" - exit ;; + GUESS=$UNAME_MACHINE-unknown-linux-$LIBC + ;; + loongarch32:Linux:*:* | loongarch64:Linux:*:* | loongarchx32:Linux:*:*) + GUESS=$UNAME_MACHINE-unknown-linux-$LIBC + ;; m32r*:Linux:*:*) - echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" - exit ;; + GUESS=$UNAME_MACHINE-unknown-linux-$LIBC + ;; m68*:Linux:*:*) - echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" - exit ;; + GUESS=$UNAME_MACHINE-unknown-linux-$LIBC + ;; mips:Linux:*:* | mips64:Linux:*:*) - eval "$set_cc_for_build" + set_cc_for_build + IS_GLIBC=0 + test x"${LIBC}" = xgnu && IS_GLIBC=1 sed 's/^ //' << EOF > "$dummy.c" #undef CPU - #undef ${UNAME_MACHINE} - #undef ${UNAME_MACHINE}el + #undef mips + #undef mipsel + #undef mips64 + #undef mips64el + #if ${IS_GLIBC} && defined(_ABI64) + LIBCABI=gnuabi64 + #else + #if ${IS_GLIBC} && defined(_ABIN32) + LIBCABI=gnuabin32 + #else + LIBCABI=${LIBC} + #endif + #endif + + #if ${IS_GLIBC} && defined(__mips64) && defined(__mips_isa_rev) && __mips_isa_rev>=6 + CPU=mipsisa64r6 + #else + #if ${IS_GLIBC} && !defined(__mips64) && defined(__mips_isa_rev) && __mips_isa_rev>=6 + CPU=mipsisa32r6 + #else + #if defined(__mips64) + CPU=mips64 + #else + CPU=mips + #endif + #endif + #endif + #if defined(__MIPSEL__) || defined(__MIPSEL) || defined(_MIPSEL) || defined(MIPSEL) - CPU=${UNAME_MACHINE}el + MIPS_ENDIAN=el #else #if defined(__MIPSEB__) || defined(__MIPSEB) || defined(_MIPSEB) || defined(MIPSEB) - CPU=${UNAME_MACHINE} + MIPS_ENDIAN= #else - CPU= + MIPS_ENDIAN= #endif #endif EOF - eval "`$CC_FOR_BUILD -E "$dummy.c" 2>/dev/null | grep '^CPU'`" - test "x$CPU" != x && { echo "$CPU-unknown-linux-$LIBC"; exit; } + cc_set_vars=`$CC_FOR_BUILD -E "$dummy.c" 2>/dev/null | grep '^CPU\|^MIPS_ENDIAN\|^LIBCABI'` + eval "$cc_set_vars" + test "x$CPU" != x && { echo "$CPU${MIPS_ENDIAN}-unknown-linux-$LIBCABI"; exit; } ;; mips64el:Linux:*:*) - echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" - exit ;; + GUESS=$UNAME_MACHINE-unknown-linux-$LIBC + ;; openrisc*:Linux:*:*) - echo or1k-unknown-linux-"$LIBC" - exit ;; + GUESS=or1k-unknown-linux-$LIBC + ;; or32:Linux:*:* | or1k*:Linux:*:*) - echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" - exit ;; + GUESS=$UNAME_MACHINE-unknown-linux-$LIBC + ;; padre:Linux:*:*) - echo sparc-unknown-linux-"$LIBC" - exit ;; + GUESS=sparc-unknown-linux-$LIBC + ;; parisc64:Linux:*:* | hppa64:Linux:*:*) - echo hppa64-unknown-linux-"$LIBC" - exit ;; + GUESS=hppa64-unknown-linux-$LIBC + ;; parisc:Linux:*:* | hppa:Linux:*:*) # Look for CPU level case `grep '^cpu[^a-z]*:' /proc/cpuinfo 2>/dev/null | cut -d' ' -f2` in - PA7*) echo hppa1.1-unknown-linux-"$LIBC" ;; - PA8*) echo hppa2.0-unknown-linux-"$LIBC" ;; - *) echo hppa-unknown-linux-"$LIBC" ;; + PA7*) GUESS=hppa1.1-unknown-linux-$LIBC ;; + PA8*) GUESS=hppa2.0-unknown-linux-$LIBC ;; + *) GUESS=hppa-unknown-linux-$LIBC ;; esac - exit ;; + ;; ppc64:Linux:*:*) - echo powerpc64-unknown-linux-"$LIBC" - exit ;; + GUESS=powerpc64-unknown-linux-$LIBC + ;; ppc:Linux:*:*) - echo powerpc-unknown-linux-"$LIBC" - exit ;; + GUESS=powerpc-unknown-linux-$LIBC + ;; ppc64le:Linux:*:*) - echo powerpc64le-unknown-linux-"$LIBC" - exit ;; + GUESS=powerpc64le-unknown-linux-$LIBC + ;; ppcle:Linux:*:*) - echo powerpcle-unknown-linux-"$LIBC" - exit ;; - riscv32:Linux:*:* | riscv64:Linux:*:*) - echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" - exit ;; + GUESS=powerpcle-unknown-linux-$LIBC + ;; + riscv32:Linux:*:* | riscv32be:Linux:*:* | riscv64:Linux:*:* | riscv64be:Linux:*:*) + GUESS=$UNAME_MACHINE-unknown-linux-$LIBC + ;; s390:Linux:*:* | s390x:Linux:*:*) - echo "$UNAME_MACHINE"-ibm-linux-"$LIBC" - exit ;; + GUESS=$UNAME_MACHINE-ibm-linux-$LIBC + ;; sh64*:Linux:*:*) - echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" - exit ;; + GUESS=$UNAME_MACHINE-unknown-linux-$LIBC + ;; sh*:Linux:*:*) - echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" - exit ;; + GUESS=$UNAME_MACHINE-unknown-linux-$LIBC + ;; sparc:Linux:*:* | sparc64:Linux:*:*) - echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" - exit ;; + GUESS=$UNAME_MACHINE-unknown-linux-$LIBC + ;; tile*:Linux:*:*) - echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" - exit ;; + GUESS=$UNAME_MACHINE-unknown-linux-$LIBC + ;; vax:Linux:*:*) - echo "$UNAME_MACHINE"-dec-linux-"$LIBC" - exit ;; + GUESS=$UNAME_MACHINE-dec-linux-$LIBC + ;; x86_64:Linux:*:*) - if objdump -f /bin/sh | grep -q elf32-x86-64; then - echo "$UNAME_MACHINE"-pc-linux-"$LIBC"x32 - else - echo "$UNAME_MACHINE"-pc-linux-"$LIBC" + set_cc_for_build + LIBCABI=$LIBC + if test "$CC_FOR_BUILD" != no_compiler_found; then + if (echo '#ifdef __ILP32__'; echo IS_X32; echo '#endif') | \ + (CCOPTS="" $CC_FOR_BUILD -E - 2>/dev/null) | \ + grep IS_X32 >/dev/null + then + LIBCABI=${LIBC}x32 + fi fi - exit ;; + GUESS=$UNAME_MACHINE-pc-linux-$LIBCABI + ;; xtensa*:Linux:*:*) - echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" - exit ;; + GUESS=$UNAME_MACHINE-unknown-linux-$LIBC + ;; i*86:DYNIX/ptx:4*:*) # ptx 4.0 does uname -s correctly, with DYNIX/ptx in there. # earlier versions are messed up and put the nodename in both # sysname and nodename. - echo i386-sequent-sysv4 - exit ;; + GUESS=i386-sequent-sysv4 + ;; i*86:UNIX_SV:4.2MP:2.*) # Unixware is an offshoot of SVR4, but it has its own version # number series starting with 2... # I am not positive that other SVR4 systems won't match this, # I just have to hope. -- rms. # Use sysv4.2uw... so that sysv4* matches it. - echo "$UNAME_MACHINE"-pc-sysv4.2uw"$UNAME_VERSION" - exit ;; + GUESS=$UNAME_MACHINE-pc-sysv4.2uw$UNAME_VERSION + ;; i*86:OS/2:*:*) # If we were able to find `uname', then EMX Unix compatibility # is probably installed. - echo "$UNAME_MACHINE"-pc-os2-emx - exit ;; + GUESS=$UNAME_MACHINE-pc-os2-emx + ;; i*86:XTS-300:*:STOP) - echo "$UNAME_MACHINE"-unknown-stop - exit ;; + GUESS=$UNAME_MACHINE-unknown-stop + ;; i*86:atheos:*:*) - echo "$UNAME_MACHINE"-unknown-atheos - exit ;; + GUESS=$UNAME_MACHINE-unknown-atheos + ;; i*86:syllable:*:*) - echo "$UNAME_MACHINE"-pc-syllable - exit ;; + GUESS=$UNAME_MACHINE-pc-syllable + ;; i*86:LynxOS:2.*:* | i*86:LynxOS:3.[01]*:* | i*86:LynxOS:4.[02]*:*) - echo i386-unknown-lynxos"$UNAME_RELEASE" - exit ;; + GUESS=i386-unknown-lynxos$UNAME_RELEASE + ;; i*86:*DOS:*:*) - echo "$UNAME_MACHINE"-pc-msdosdjgpp - exit ;; + GUESS=$UNAME_MACHINE-pc-msdosdjgpp + ;; i*86:*:4.*:*) UNAME_REL=`echo "$UNAME_RELEASE" | sed 's/\/MP$//'` if grep Novell /usr/include/link.h >/dev/null 2>/dev/null; then - echo "$UNAME_MACHINE"-univel-sysv"$UNAME_REL" + GUESS=$UNAME_MACHINE-univel-sysv$UNAME_REL else - echo "$UNAME_MACHINE"-pc-sysv"$UNAME_REL" + GUESS=$UNAME_MACHINE-pc-sysv$UNAME_REL fi - exit ;; + ;; i*86:*:5:[678]*) # UnixWare 7.x, OpenUNIX and OpenServer 6. case `/bin/uname -X | grep "^Machine"` in @@ -1104,12 +1211,12 @@ *Pentium) UNAME_MACHINE=i586 ;; *Pent*|*Celeron) UNAME_MACHINE=i686 ;; esac - echo "$UNAME_MACHINE-unknown-sysv${UNAME_RELEASE}${UNAME_SYSTEM}{$UNAME_VERSION}" - exit ;; + GUESS=$UNAME_MACHINE-unknown-sysv${UNAME_RELEASE}${UNAME_SYSTEM}${UNAME_VERSION} + ;; i*86:*:3.2:*) if test -f /usr/options/cb.name; then UNAME_REL=`sed -n 's/.*Version //p' /dev/null >/dev/null ; then UNAME_REL=`(/bin/uname -X|grep Release|sed -e 's/.*= //')` (/bin/uname -X|grep i80486 >/dev/null) && UNAME_MACHINE=i486 @@ -1119,11 +1226,11 @@ && UNAME_MACHINE=i686 (/bin/uname -X|grep '^Machine.*Pentium Pro' >/dev/null) \ && UNAME_MACHINE=i686 - echo "$UNAME_MACHINE"-pc-sco"$UNAME_REL" + GUESS=$UNAME_MACHINE-pc-sco$UNAME_REL else - echo "$UNAME_MACHINE"-pc-sysv32 + GUESS=$UNAME_MACHINE-pc-sysv32 fi - exit ;; + ;; pc:*:*:*) # Left here for compatibility: # uname -m prints for DJGPP always 'pc', but it prints nothing about @@ -1131,31 +1238,31 @@ # Note: whatever this is, it MUST be the same as what config.sub # prints for the "djgpp" host, or else GDB configure will decide that # this is a cross-build. - echo i586-pc-msdosdjgpp - exit ;; + GUESS=i586-pc-msdosdjgpp + ;; Intel:Mach:3*:*) - echo i386-pc-mach3 - exit ;; + GUESS=i386-pc-mach3 + ;; paragon:*:*:*) - echo i860-intel-osf1 - exit ;; + GUESS=i860-intel-osf1 + ;; i860:*:4.*:*) # i860-SVR4 if grep Stardent /usr/include/sys/uadmin.h >/dev/null 2>&1 ; then - echo i860-stardent-sysv"$UNAME_RELEASE" # Stardent Vistra i860-SVR4 + GUESS=i860-stardent-sysv$UNAME_RELEASE # Stardent Vistra i860-SVR4 else # Add other i860-SVR4 vendors below as they are discovered. - echo i860-unknown-sysv"$UNAME_RELEASE" # Unknown i860-SVR4 + GUESS=i860-unknown-sysv$UNAME_RELEASE # Unknown i860-SVR4 fi - exit ;; + ;; mini*:CTIX:SYS*5:*) # "miniframe" - echo m68010-convergent-sysv - exit ;; + GUESS=m68010-convergent-sysv + ;; mc68k:UNIX:SYSTEM5:3.51m) - echo m68k-convergent-sysv - exit ;; + GUESS=m68k-convergent-sysv + ;; M680?0:D-NIX:5.3:*) - echo m68k-diab-dnix - exit ;; + GUESS=m68k-diab-dnix + ;; M68*:*:R3V[5678]*:*) test -r /sysV68 && { echo 'm68k-motorola-sysv'; exit; } ;; 3[345]??:*:4.0:3.0 | 3[34]??A:*:4.0:3.0 | 3[34]??,*:*:4.0:3.0 | 3[34]??/*:*:4.0:3.0 | 4400:*:4.0:3.0 | 4850:*:4.0:3.0 | SKA40:*:4.0:3.0 | SDS2:*:4.0:3.0 | SHG2:*:4.0:3.0 | S7501*:*:4.0:3.0) @@ -1180,249 +1287,401 @@ /bin/uname -p 2>/dev/null | /bin/grep pteron >/dev/null \ && { echo i586-ncr-sysv4.3"$OS_REL"; exit; } ;; m68*:LynxOS:2.*:* | m68*:LynxOS:3.0*:*) - echo m68k-unknown-lynxos"$UNAME_RELEASE" - exit ;; + GUESS=m68k-unknown-lynxos$UNAME_RELEASE + ;; mc68030:UNIX_System_V:4.*:*) - echo m68k-atari-sysv4 - exit ;; + GUESS=m68k-atari-sysv4 + ;; TSUNAMI:LynxOS:2.*:*) - echo sparc-unknown-lynxos"$UNAME_RELEASE" - exit ;; + GUESS=sparc-unknown-lynxos$UNAME_RELEASE + ;; rs6000:LynxOS:2.*:*) - echo rs6000-unknown-lynxos"$UNAME_RELEASE" - exit ;; + GUESS=rs6000-unknown-lynxos$UNAME_RELEASE + ;; PowerPC:LynxOS:2.*:* | PowerPC:LynxOS:3.[01]*:* | PowerPC:LynxOS:4.[02]*:*) - echo powerpc-unknown-lynxos"$UNAME_RELEASE" - exit ;; + GUESS=powerpc-unknown-lynxos$UNAME_RELEASE + ;; SM[BE]S:UNIX_SV:*:*) - echo mips-dde-sysv"$UNAME_RELEASE" - exit ;; + GUESS=mips-dde-sysv$UNAME_RELEASE + ;; RM*:ReliantUNIX-*:*:*) - echo mips-sni-sysv4 - exit ;; + GUESS=mips-sni-sysv4 + ;; RM*:SINIX-*:*:*) - echo mips-sni-sysv4 - exit ;; + GUESS=mips-sni-sysv4 + ;; *:SINIX-*:*:*) if uname -p 2>/dev/null >/dev/null ; then UNAME_MACHINE=`(uname -p) 2>/dev/null` - echo "$UNAME_MACHINE"-sni-sysv4 + GUESS=$UNAME_MACHINE-sni-sysv4 else - echo ns32k-sni-sysv + GUESS=ns32k-sni-sysv fi - exit ;; + ;; PENTIUM:*:4.0*:*) # Unisys `ClearPath HMP IX 4000' SVR4/MP effort # says - echo i586-unisys-sysv4 - exit ;; + GUESS=i586-unisys-sysv4 + ;; *:UNIX_System_V:4*:FTX*) # From Gerald Hewes . # How about differentiating between stratus architectures? -djm - echo hppa1.1-stratus-sysv4 - exit ;; + GUESS=hppa1.1-stratus-sysv4 + ;; *:*:*:FTX*) # From seanf@swdc.stratus.com. - echo i860-stratus-sysv4 - exit ;; + GUESS=i860-stratus-sysv4 + ;; i*86:VOS:*:*) # From Paul.Green@stratus.com. - echo "$UNAME_MACHINE"-stratus-vos - exit ;; + GUESS=$UNAME_MACHINE-stratus-vos + ;; *:VOS:*:*) # From Paul.Green@stratus.com. - echo hppa1.1-stratus-vos - exit ;; + GUESS=hppa1.1-stratus-vos + ;; mc68*:A/UX:*:*) - echo m68k-apple-aux"$UNAME_RELEASE" - exit ;; + GUESS=m68k-apple-aux$UNAME_RELEASE + ;; news*:NEWS-OS:6*:*) - echo mips-sony-newsos6 - exit ;; + GUESS=mips-sony-newsos6 + ;; R[34]000:*System_V*:*:* | R4000:UNIX_SYSV:*:* | R*000:UNIX_SV:*:*) - if [ -d /usr/nec ]; then - echo mips-nec-sysv"$UNAME_RELEASE" + if test -d /usr/nec; then + GUESS=mips-nec-sysv$UNAME_RELEASE else - echo mips-unknown-sysv"$UNAME_RELEASE" + GUESS=mips-unknown-sysv$UNAME_RELEASE fi - exit ;; + ;; BeBox:BeOS:*:*) # BeOS running on hardware made by Be, PPC only. - echo powerpc-be-beos - exit ;; + GUESS=powerpc-be-beos + ;; BeMac:BeOS:*:*) # BeOS running on Mac or Mac clone, PPC only. - echo powerpc-apple-beos - exit ;; + GUESS=powerpc-apple-beos + ;; BePC:BeOS:*:*) # BeOS running on Intel PC compatible. - echo i586-pc-beos - exit ;; + GUESS=i586-pc-beos + ;; BePC:Haiku:*:*) # Haiku running on Intel PC compatible. - echo i586-pc-haiku - exit ;; + GUESS=i586-pc-haiku + ;; x86_64:Haiku:*:*) - echo x86_64-unknown-haiku - exit ;; + GUESS=x86_64-unknown-haiku + ;; SX-4:SUPER-UX:*:*) - echo sx4-nec-superux"$UNAME_RELEASE" - exit ;; + GUESS=sx4-nec-superux$UNAME_RELEASE + ;; SX-5:SUPER-UX:*:*) - echo sx5-nec-superux"$UNAME_RELEASE" - exit ;; + GUESS=sx5-nec-superux$UNAME_RELEASE + ;; SX-6:SUPER-UX:*:*) - echo sx6-nec-superux"$UNAME_RELEASE" - exit ;; + GUESS=sx6-nec-superux$UNAME_RELEASE + ;; SX-7:SUPER-UX:*:*) - echo sx7-nec-superux"$UNAME_RELEASE" - exit ;; + GUESS=sx7-nec-superux$UNAME_RELEASE + ;; SX-8:SUPER-UX:*:*) - echo sx8-nec-superux"$UNAME_RELEASE" - exit ;; + GUESS=sx8-nec-superux$UNAME_RELEASE + ;; SX-8R:SUPER-UX:*:*) - echo sx8r-nec-superux"$UNAME_RELEASE" - exit ;; + GUESS=sx8r-nec-superux$UNAME_RELEASE + ;; SX-ACE:SUPER-UX:*:*) - echo sxace-nec-superux"$UNAME_RELEASE" - exit ;; + GUESS=sxace-nec-superux$UNAME_RELEASE + ;; Power*:Rhapsody:*:*) - echo powerpc-apple-rhapsody"$UNAME_RELEASE" - exit ;; + GUESS=powerpc-apple-rhapsody$UNAME_RELEASE + ;; *:Rhapsody:*:*) - echo "$UNAME_MACHINE"-apple-rhapsody"$UNAME_RELEASE" - exit ;; + GUESS=$UNAME_MACHINE-apple-rhapsody$UNAME_RELEASE + ;; + arm64:Darwin:*:*) + GUESS=aarch64-apple-darwin$UNAME_RELEASE + ;; *:Darwin:*:*) - UNAME_PROCESSOR=`uname -p` || UNAME_PROCESSOR=unknown - eval "$set_cc_for_build" - if test "$UNAME_PROCESSOR" = unknown ; then - UNAME_PROCESSOR=powerpc - fi - if test "`echo "$UNAME_RELEASE" | sed -e 's/\..*//'`" -le 10 ; then - if [ "$CC_FOR_BUILD" != no_compiler_found ]; then - if (echo '#ifdef __LP64__'; echo IS_64BIT_ARCH; echo '#endif') | \ - (CCOPTS="" $CC_FOR_BUILD -E - 2>/dev/null) | \ - grep IS_64BIT_ARCH >/dev/null - then - case $UNAME_PROCESSOR in - i386) UNAME_PROCESSOR=x86_64 ;; - powerpc) UNAME_PROCESSOR=powerpc64 ;; - esac - fi - # On 10.4-10.6 one might compile for PowerPC via gcc -arch ppc - if (echo '#ifdef __POWERPC__'; echo IS_PPC; echo '#endif') | \ - (CCOPTS="" $CC_FOR_BUILD -E - 2>/dev/null) | \ - grep IS_PPC >/dev/null - then - UNAME_PROCESSOR=powerpc - fi + UNAME_PROCESSOR=`uname -p` + case $UNAME_PROCESSOR in + unknown) UNAME_PROCESSOR=powerpc ;; + esac + if command -v xcode-select > /dev/null 2> /dev/null && \ + ! xcode-select --print-path > /dev/null 2> /dev/null ; then + # Avoid executing cc if there is no toolchain installed as + # cc will be a stub that puts up a graphical alert + # prompting the user to install developer tools. + CC_FOR_BUILD=no_compiler_found + else + set_cc_for_build + fi + if test "$CC_FOR_BUILD" != no_compiler_found; then + if (echo '#ifdef __LP64__'; echo IS_64BIT_ARCH; echo '#endif') | \ + (CCOPTS="" $CC_FOR_BUILD -E - 2>/dev/null) | \ + grep IS_64BIT_ARCH >/dev/null + then + case $UNAME_PROCESSOR in + i386) UNAME_PROCESSOR=x86_64 ;; + powerpc) UNAME_PROCESSOR=powerpc64 ;; + esac + fi + # On 10.4-10.6 one might compile for PowerPC via gcc -arch ppc + if (echo '#ifdef __POWERPC__'; echo IS_PPC; echo '#endif') | \ + (CCOPTS="" $CC_FOR_BUILD -E - 2>/dev/null) | \ + grep IS_PPC >/dev/null + then + UNAME_PROCESSOR=powerpc fi elif test "$UNAME_PROCESSOR" = i386 ; then - # Avoid executing cc on OS X 10.9, as it ships with a stub - # that puts up a graphical alert prompting to install - # developer tools. Any system running Mac OS X 10.7 or - # later (Darwin 11 and later) is required to have a 64-bit - # processor. This is not true of the ARM version of Darwin - # that Apple uses in portable devices. - UNAME_PROCESSOR=x86_64 + # uname -m returns i386 or x86_64 + UNAME_PROCESSOR=$UNAME_MACHINE fi - echo "$UNAME_PROCESSOR"-apple-darwin"$UNAME_RELEASE" - exit ;; + GUESS=$UNAME_PROCESSOR-apple-darwin$UNAME_RELEASE + ;; *:procnto*:*:* | *:QNX:[0123456789]*:*) UNAME_PROCESSOR=`uname -p` if test "$UNAME_PROCESSOR" = x86; then UNAME_PROCESSOR=i386 UNAME_MACHINE=pc fi - echo "$UNAME_PROCESSOR"-"$UNAME_MACHINE"-nto-qnx"$UNAME_RELEASE" - exit ;; + GUESS=$UNAME_PROCESSOR-$UNAME_MACHINE-nto-qnx$UNAME_RELEASE + ;; *:QNX:*:4*) - echo i386-pc-qnx - exit ;; + GUESS=i386-pc-qnx + ;; NEO-*:NONSTOP_KERNEL:*:*) - echo neo-tandem-nsk"$UNAME_RELEASE" - exit ;; + GUESS=neo-tandem-nsk$UNAME_RELEASE + ;; NSE-*:NONSTOP_KERNEL:*:*) - echo nse-tandem-nsk"$UNAME_RELEASE" - exit ;; + GUESS=nse-tandem-nsk$UNAME_RELEASE + ;; NSR-*:NONSTOP_KERNEL:*:*) - echo nsr-tandem-nsk"$UNAME_RELEASE" - exit ;; + GUESS=nsr-tandem-nsk$UNAME_RELEASE + ;; NSV-*:NONSTOP_KERNEL:*:*) - echo nsv-tandem-nsk"$UNAME_RELEASE" - exit ;; + GUESS=nsv-tandem-nsk$UNAME_RELEASE + ;; NSX-*:NONSTOP_KERNEL:*:*) - echo nsx-tandem-nsk"$UNAME_RELEASE" - exit ;; + GUESS=nsx-tandem-nsk$UNAME_RELEASE + ;; *:NonStop-UX:*:*) - echo mips-compaq-nonstopux - exit ;; + GUESS=mips-compaq-nonstopux + ;; BS2000:POSIX*:*:*) - echo bs2000-siemens-sysv - exit ;; + GUESS=bs2000-siemens-sysv + ;; DS/*:UNIX_System_V:*:*) - echo "$UNAME_MACHINE"-"$UNAME_SYSTEM"-"$UNAME_RELEASE" - exit ;; + GUESS=$UNAME_MACHINE-$UNAME_SYSTEM-$UNAME_RELEASE + ;; *:Plan9:*:*) # "uname -m" is not consistent, so use $cputype instead. 386 # is converted to i386 for consistency with other x86 # operating systems. - if test "$cputype" = 386; then + if test "${cputype-}" = 386; then UNAME_MACHINE=i386 - else - UNAME_MACHINE="$cputype" + elif test "x${cputype-}" != x; then + UNAME_MACHINE=$cputype fi - echo "$UNAME_MACHINE"-unknown-plan9 - exit ;; + GUESS=$UNAME_MACHINE-unknown-plan9 + ;; *:TOPS-10:*:*) - echo pdp10-unknown-tops10 - exit ;; + GUESS=pdp10-unknown-tops10 + ;; *:TENEX:*:*) - echo pdp10-unknown-tenex - exit ;; + GUESS=pdp10-unknown-tenex + ;; KS10:TOPS-20:*:* | KL10:TOPS-20:*:* | TYPE4:TOPS-20:*:*) - echo pdp10-dec-tops20 - exit ;; + GUESS=pdp10-dec-tops20 + ;; XKL-1:TOPS-20:*:* | TYPE5:TOPS-20:*:*) - echo pdp10-xkl-tops20 - exit ;; + GUESS=pdp10-xkl-tops20 + ;; *:TOPS-20:*:*) - echo pdp10-unknown-tops20 - exit ;; + GUESS=pdp10-unknown-tops20 + ;; *:ITS:*:*) - echo pdp10-unknown-its - exit ;; + GUESS=pdp10-unknown-its + ;; SEI:*:*:SEIUX) - echo mips-sei-seiux"$UNAME_RELEASE" - exit ;; + GUESS=mips-sei-seiux$UNAME_RELEASE + ;; *:DragonFly:*:*) - echo "$UNAME_MACHINE"-unknown-dragonfly"`echo "$UNAME_RELEASE"|sed -e 's/[-(].*//'`" - exit ;; + DRAGONFLY_REL=`echo "$UNAME_RELEASE" | sed -e 's/[-(].*//'` + GUESS=$UNAME_MACHINE-unknown-dragonfly$DRAGONFLY_REL + ;; *:*VMS:*:*) UNAME_MACHINE=`(uname -p) 2>/dev/null` - case "$UNAME_MACHINE" in - A*) echo alpha-dec-vms ; exit ;; - I*) echo ia64-dec-vms ; exit ;; - V*) echo vax-dec-vms ; exit ;; + case $UNAME_MACHINE in + A*) GUESS=alpha-dec-vms ;; + I*) GUESS=ia64-dec-vms ;; + V*) GUESS=vax-dec-vms ;; esac ;; *:XENIX:*:SysV) - echo i386-pc-xenix - exit ;; + GUESS=i386-pc-xenix + ;; i*86:skyos:*:*) - echo "$UNAME_MACHINE"-pc-skyos"`echo "$UNAME_RELEASE" | sed -e 's/ .*$//'`" - exit ;; + SKYOS_REL=`echo "$UNAME_RELEASE" | sed -e 's/ .*$//'` + GUESS=$UNAME_MACHINE-pc-skyos$SKYOS_REL + ;; i*86:rdos:*:*) - echo "$UNAME_MACHINE"-pc-rdos - exit ;; - i*86:AROS:*:*) - echo "$UNAME_MACHINE"-pc-aros - exit ;; + GUESS=$UNAME_MACHINE-pc-rdos + ;; + *:AROS:*:*) + GUESS=$UNAME_MACHINE-unknown-aros + ;; x86_64:VMkernel:*:*) - echo "$UNAME_MACHINE"-unknown-esx - exit ;; + GUESS=$UNAME_MACHINE-unknown-esx + ;; amd64:Isilon\ OneFS:*:*) - echo x86_64-unknown-onefs - exit ;; + GUESS=x86_64-unknown-onefs + ;; + *:Unleashed:*:*) + GUESS=$UNAME_MACHINE-unknown-unleashed$UNAME_RELEASE + ;; esac +# Do we have a guess based on uname results? +if test "x$GUESS" != x; then + echo "$GUESS" + exit +fi + +# No uname command or uname output not recognized. +set_cc_for_build +cat > "$dummy.c" < +#include +#endif +#if defined(ultrix) || defined(_ultrix) || defined(__ultrix) || defined(__ultrix__) +#if defined (vax) || defined (__vax) || defined (__vax__) || defined(mips) || defined(__mips) || defined(__mips__) || defined(MIPS) || defined(__MIPS__) +#include +#if defined(_SIZE_T_) || defined(SIGLOST) +#include +#endif +#endif +#endif +main () +{ +#if defined (sony) +#if defined (MIPSEB) + /* BFD wants "bsd" instead of "newsos". Perhaps BFD should be changed, + I don't know.... */ + printf ("mips-sony-bsd\n"); exit (0); +#else +#include + printf ("m68k-sony-newsos%s\n", +#ifdef NEWSOS4 + "4" +#else + "" +#endif + ); exit (0); +#endif +#endif + +#if defined (NeXT) +#if !defined (__ARCHITECTURE__) +#define __ARCHITECTURE__ "m68k" +#endif + int version; + version=`(hostinfo | sed -n 's/.*NeXT Mach \([0-9]*\).*/\1/p') 2>/dev/null`; + if (version < 4) + printf ("%s-next-nextstep%d\n", __ARCHITECTURE__, version); + else + printf ("%s-next-openstep%d\n", __ARCHITECTURE__, version); + exit (0); +#endif + +#if defined (MULTIMAX) || defined (n16) +#if defined (UMAXV) + printf ("ns32k-encore-sysv\n"); exit (0); +#else +#if defined (CMU) + printf ("ns32k-encore-mach\n"); exit (0); +#else + printf ("ns32k-encore-bsd\n"); exit (0); +#endif +#endif +#endif + +#if defined (__386BSD__) + printf ("i386-pc-bsd\n"); exit (0); +#endif + +#if defined (sequent) +#if defined (i386) + printf ("i386-sequent-dynix\n"); exit (0); +#endif +#if defined (ns32000) + printf ("ns32k-sequent-dynix\n"); exit (0); +#endif +#endif + +#if defined (_SEQUENT_) + struct utsname un; + + uname(&un); + if (strncmp(un.version, "V2", 2) == 0) { + printf ("i386-sequent-ptx2\n"); exit (0); + } + if (strncmp(un.version, "V1", 2) == 0) { /* XXX is V1 correct? */ + printf ("i386-sequent-ptx1\n"); exit (0); + } + printf ("i386-sequent-ptx\n"); exit (0); +#endif + +#if defined (vax) +#if !defined (ultrix) +#include +#if defined (BSD) +#if BSD == 43 + printf ("vax-dec-bsd4.3\n"); exit (0); +#else +#if BSD == 199006 + printf ("vax-dec-bsd4.3reno\n"); exit (0); +#else + printf ("vax-dec-bsd\n"); exit (0); +#endif +#endif +#else + printf ("vax-dec-bsd\n"); exit (0); +#endif +#else +#if defined(_SIZE_T_) || defined(SIGLOST) + struct utsname un; + uname (&un); + printf ("vax-dec-ultrix%s\n", un.release); exit (0); +#else + printf ("vax-dec-ultrix\n"); exit (0); +#endif +#endif +#endif +#if defined(ultrix) || defined(_ultrix) || defined(__ultrix) || defined(__ultrix__) +#if defined(mips) || defined(__mips) || defined(__mips__) || defined(MIPS) || defined(__MIPS__) +#if defined(_SIZE_T_) || defined(SIGLOST) + struct utsname *un; + uname (&un); + printf ("mips-dec-ultrix%s\n", un.release); exit (0); +#else + printf ("mips-dec-ultrix\n"); exit (0); +#endif +#endif +#endif + +#if defined (alliant) && defined (i860) + printf ("i860-alliant-bsd\n"); exit (0); +#endif + + exit (1); +} +EOF + +$CC_FOR_BUILD -o "$dummy" "$dummy.c" 2>/dev/null && SYSTEM_NAME=`"$dummy"` && + { echo "$SYSTEM_NAME"; exit; } + +# Apollos put the system type in the environment. +test -d /usr/apollo && { echo "$ISP-apollo-$SYSTYPE"; exit; } + echo "$0: unable to guess system type" >&2 -case "$UNAME_MACHINE:$UNAME_SYSTEM" in +case $UNAME_MACHINE:$UNAME_SYSTEM in mips:Linux | mips64:Linux) # If we got here on MIPS GNU/Linux, output extra information. cat >&2 <&2 <&2 exit 1 ;; *local*) @@ -110,1223 +119,1181 @@ exit 1;; esac -# Separate what the user gave into CPU-COMPANY and OS or KERNEL-OS (if any). -# Here we must recognize all the valid KERNEL-OS combinations. -maybe_os=`echo "$1" | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'` -case $maybe_os in - nto-qnx* | linux-gnu* | linux-android* | linux-dietlibc | linux-newlib* | \ - linux-musl* | linux-uclibc* | uclinux-uclibc* | uclinux-gnu* | kfreebsd*-gnu* | \ - knetbsd*-gnu* | netbsd*-gnu* | netbsd*-eabi* | \ - kopensolaris*-gnu* | cloudabi*-eabi* | \ - storm-chaos* | os2-emx* | rtmk-nova*) - os=-$maybe_os - basic_machine=`echo "$1" | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'` - ;; - android-linux) - os=-linux-android - basic_machine=`echo "$1" | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'`-unknown - ;; - *) - basic_machine=`echo "$1" | sed 's/-[^-]*$//'` - if [ "$basic_machine" != "$1" ] - then os=`echo "$1" | sed 's/.*-/-/'` - else os=; fi - ;; -esac - -### Let's recognize common machines as not being operating systems so -### that things like config.sub decstation-3100 work. We also -### recognize some manufacturers as not being operating systems, so we -### can provide default operating systems below. -case $os in - -sun*os*) - # Prevent following clause from handling this invalid input. - ;; - -dec* | -mips* | -sequent* | -encore* | -pc532* | -sgi* | -sony* | \ - -att* | -7300* | -3300* | -delta* | -motorola* | -sun[234]* | \ - -unicom* | -ibm* | -next | -hp | -isi* | -apollo | -altos* | \ - -convergent* | -ncr* | -news | -32* | -3600* | -3100* | -hitachi* |\ - -c[123]* | -convex* | -sun | -crds | -omron* | -dg | -ultra | -tti* | \ - -harris | -dolphin | -highlevel | -gould | -cbm | -ns | -masscomp | \ - -apple | -axis | -knuth | -cray | -microblaze*) - os= - basic_machine=$1 - ;; - -bluegene*) - os=-cnk - ;; - -sim | -cisco | -oki | -wec | -winbond) - os= - basic_machine=$1 - ;; - -scout) - ;; - -wrs) - os=-vxworks - basic_machine=$1 - ;; - -chorusos*) - os=-chorusos - basic_machine=$1 - ;; - -chorusrdb) - os=-chorusrdb - basic_machine=$1 - ;; - -hiux*) - os=-hiuxwe2 - ;; - -sco6) - os=-sco5v6 - basic_machine=`echo "$1" | sed -e 's/86-.*/86-pc/'` - ;; - -sco5) - os=-sco3.2v5 - basic_machine=`echo "$1" | sed -e 's/86-.*/86-pc/'` - ;; - -sco4) - os=-sco3.2v4 - basic_machine=`echo "$1" | sed -e 's/86-.*/86-pc/'` - ;; - -sco3.2.[4-9]*) - os=`echo $os | sed -e 's/sco3.2./sco3.2v/'` - basic_machine=`echo "$1" | sed -e 's/86-.*/86-pc/'` - ;; - -sco3.2v[4-9]*) - # Don't forget version if it is 3.2v4 or newer. - basic_machine=`echo "$1" | sed -e 's/86-.*/86-pc/'` - ;; - -sco5v6*) - # Don't forget version if it is 3.2v4 or newer. - basic_machine=`echo "$1" | sed -e 's/86-.*/86-pc/'` - ;; - -sco*) - os=-sco3.2v2 - basic_machine=`echo "$1" | sed -e 's/86-.*/86-pc/'` - ;; - -udk*) - basic_machine=`echo "$1" | sed -e 's/86-.*/86-pc/'` - ;; - -isc) - os=-isc2.2 - basic_machine=`echo "$1" | sed -e 's/86-.*/86-pc/'` - ;; - -clix*) - basic_machine=clipper-intergraph - ;; - -isc*) - basic_machine=`echo "$1" | sed -e 's/86-.*/86-pc/'` - ;; - -lynx*178) - os=-lynxos178 - ;; - -lynx*5) - os=-lynxos5 +# Split fields of configuration type +# shellcheck disable=SC2162 +saved_IFS=$IFS +IFS="-" read field1 field2 field3 field4 <&2 + exit 1 ;; - -lynx*) - os=-lynxos + *-*-*-*) + basic_machine=$field1-$field2 + basic_os=$field3-$field4 ;; - -ptx*) - basic_machine=`echo "$1" | sed -e 's/86-.*/86-sequent/'` + *-*-*) + # Ambiguous whether COMPANY is present, or skipped and KERNEL-OS is two + # parts + maybe_os=$field2-$field3 + case $maybe_os in + nto-qnx* | linux-* | uclinux-uclibc* \ + | uclinux-gnu* | kfreebsd*-gnu* | knetbsd*-gnu* | netbsd*-gnu* \ + | netbsd*-eabi* | kopensolaris*-gnu* | cloudabi*-eabi* \ + | storm-chaos* | os2-emx* | rtmk-nova*) + basic_machine=$field1 + basic_os=$maybe_os + ;; + android-linux) + basic_machine=$field1-unknown + basic_os=linux-android + ;; + *) + basic_machine=$field1-$field2 + basic_os=$field3 + ;; + esac ;; - -psos*) - os=-psos + *-*) + # A lone config we happen to match not fitting any pattern + case $field1-$field2 in + decstation-3100) + basic_machine=mips-dec + basic_os= + ;; + *-*) + # Second component is usually, but not always the OS + case $field2 in + # Prevent following clause from handling this valid os + sun*os*) + basic_machine=$field1 + basic_os=$field2 + ;; + zephyr*) + basic_machine=$field1-unknown + basic_os=$field2 + ;; + # Manufacturers + dec* | mips* | sequent* | encore* | pc533* | sgi* | sony* \ + | att* | 7300* | 3300* | delta* | motorola* | sun[234]* \ + | unicom* | ibm* | next | hp | isi* | apollo | altos* \ + | convergent* | ncr* | news | 32* | 3600* | 3100* \ + | hitachi* | c[123]* | convex* | sun | crds | omron* | dg \ + | ultra | tti* | harris | dolphin | highlevel | gould \ + | cbm | ns | masscomp | apple | axis | knuth | cray \ + | microblaze* | sim | cisco \ + | oki | wec | wrs | winbond) + basic_machine=$field1-$field2 + basic_os= + ;; + *) + basic_machine=$field1 + basic_os=$field2 + ;; + esac + ;; + esac ;; - -mint | -mint[0-9]*) - basic_machine=m68k-atari - os=-mint + *) + # Convert single-component short-hands not valid as part of + # multi-component configurations. + case $field1 in + 386bsd) + basic_machine=i386-pc + basic_os=bsd + ;; + a29khif) + basic_machine=a29k-amd + basic_os=udi + ;; + adobe68k) + basic_machine=m68010-adobe + basic_os=scout + ;; + alliant) + basic_machine=fx80-alliant + basic_os= + ;; + altos | altos3068) + basic_machine=m68k-altos + basic_os= + ;; + am29k) + basic_machine=a29k-none + basic_os=bsd + ;; + amdahl) + basic_machine=580-amdahl + basic_os=sysv + ;; + amiga) + basic_machine=m68k-unknown + basic_os= + ;; + amigaos | amigados) + basic_machine=m68k-unknown + basic_os=amigaos + ;; + amigaunix | amix) + basic_machine=m68k-unknown + basic_os=sysv4 + ;; + apollo68) + basic_machine=m68k-apollo + basic_os=sysv + ;; + apollo68bsd) + basic_machine=m68k-apollo + basic_os=bsd + ;; + aros) + basic_machine=i386-pc + basic_os=aros + ;; + aux) + basic_machine=m68k-apple + basic_os=aux + ;; + balance) + basic_machine=ns32k-sequent + basic_os=dynix + ;; + blackfin) + basic_machine=bfin-unknown + basic_os=linux + ;; + cegcc) + basic_machine=arm-unknown + basic_os=cegcc + ;; + convex-c1) + basic_machine=c1-convex + basic_os=bsd + ;; + convex-c2) + basic_machine=c2-convex + basic_os=bsd + ;; + convex-c32) + basic_machine=c32-convex + basic_os=bsd + ;; + convex-c34) + basic_machine=c34-convex + basic_os=bsd + ;; + convex-c38) + basic_machine=c38-convex + basic_os=bsd + ;; + cray) + basic_machine=j90-cray + basic_os=unicos + ;; + crds | unos) + basic_machine=m68k-crds + basic_os= + ;; + da30) + basic_machine=m68k-da30 + basic_os= + ;; + decstation | pmax | pmin | dec3100 | decstatn) + basic_machine=mips-dec + basic_os= + ;; + delta88) + basic_machine=m88k-motorola + basic_os=sysv3 + ;; + dicos) + basic_machine=i686-pc + basic_os=dicos + ;; + djgpp) + basic_machine=i586-pc + basic_os=msdosdjgpp + ;; + ebmon29k) + basic_machine=a29k-amd + basic_os=ebmon + ;; + es1800 | OSE68k | ose68k | ose | OSE) + basic_machine=m68k-ericsson + basic_os=ose + ;; + gmicro) + basic_machine=tron-gmicro + basic_os=sysv + ;; + go32) + basic_machine=i386-pc + basic_os=go32 + ;; + h8300hms) + basic_machine=h8300-hitachi + basic_os=hms + ;; + h8300xray) + basic_machine=h8300-hitachi + basic_os=xray + ;; + h8500hms) + basic_machine=h8500-hitachi + basic_os=hms + ;; + harris) + basic_machine=m88k-harris + basic_os=sysv3 + ;; + hp300 | hp300hpux) + basic_machine=m68k-hp + basic_os=hpux + ;; + hp300bsd) + basic_machine=m68k-hp + basic_os=bsd + ;; + hppaosf) + basic_machine=hppa1.1-hp + basic_os=osf + ;; + hppro) + basic_machine=hppa1.1-hp + basic_os=proelf + ;; + i386mach) + basic_machine=i386-mach + basic_os=mach + ;; + isi68 | isi) + basic_machine=m68k-isi + basic_os=sysv + ;; + m68knommu) + basic_machine=m68k-unknown + basic_os=linux + ;; + magnum | m3230) + basic_machine=mips-mips + basic_os=sysv + ;; + merlin) + basic_machine=ns32k-utek + basic_os=sysv + ;; + mingw64) + basic_machine=x86_64-pc + basic_os=mingw64 + ;; + mingw32) + basic_machine=i686-pc + basic_os=mingw32 + ;; + mingw32ce) + basic_machine=arm-unknown + basic_os=mingw32ce + ;; + monitor) + basic_machine=m68k-rom68k + basic_os=coff + ;; + morphos) + basic_machine=powerpc-unknown + basic_os=morphos + ;; + moxiebox) + basic_machine=moxie-unknown + basic_os=moxiebox + ;; + msdos) + basic_machine=i386-pc + basic_os=msdos + ;; + msys) + basic_machine=i686-pc + basic_os=msys + ;; + mvs) + basic_machine=i370-ibm + basic_os=mvs + ;; + nacl) + basic_machine=le32-unknown + basic_os=nacl + ;; + ncr3000) + basic_machine=i486-ncr + basic_os=sysv4 + ;; + netbsd386) + basic_machine=i386-pc + basic_os=netbsd + ;; + netwinder) + basic_machine=armv4l-rebel + basic_os=linux + ;; + news | news700 | news800 | news900) + basic_machine=m68k-sony + basic_os=newsos + ;; + news1000) + basic_machine=m68030-sony + basic_os=newsos + ;; + necv70) + basic_machine=v70-nec + basic_os=sysv + ;; + nh3000) + basic_machine=m68k-harris + basic_os=cxux + ;; + nh[45]000) + basic_machine=m88k-harris + basic_os=cxux + ;; + nindy960) + basic_machine=i960-intel + basic_os=nindy + ;; + mon960) + basic_machine=i960-intel + basic_os=mon960 + ;; + nonstopux) + basic_machine=mips-compaq + basic_os=nonstopux + ;; + os400) + basic_machine=powerpc-ibm + basic_os=os400 + ;; + OSE68000 | ose68000) + basic_machine=m68000-ericsson + basic_os=ose + ;; + os68k) + basic_machine=m68k-none + basic_os=os68k + ;; + paragon) + basic_machine=i860-intel + basic_os=osf + ;; + parisc) + basic_machine=hppa-unknown + basic_os=linux + ;; + psp) + basic_machine=mipsallegrexel-sony + basic_os=psp + ;; + pw32) + basic_machine=i586-unknown + basic_os=pw32 + ;; + rdos | rdos64) + basic_machine=x86_64-pc + basic_os=rdos + ;; + rdos32) + basic_machine=i386-pc + basic_os=rdos + ;; + rom68k) + basic_machine=m68k-rom68k + basic_os=coff + ;; + sa29200) + basic_machine=a29k-amd + basic_os=udi + ;; + sei) + basic_machine=mips-sei + basic_os=seiux + ;; + sequent) + basic_machine=i386-sequent + basic_os= + ;; + sps7) + basic_machine=m68k-bull + basic_os=sysv2 + ;; + st2000) + basic_machine=m68k-tandem + basic_os= + ;; + stratus) + basic_machine=i860-stratus + basic_os=sysv4 + ;; + sun2) + basic_machine=m68000-sun + basic_os= + ;; + sun2os3) + basic_machine=m68000-sun + basic_os=sunos3 + ;; + sun2os4) + basic_machine=m68000-sun + basic_os=sunos4 + ;; + sun3) + basic_machine=m68k-sun + basic_os= + ;; + sun3os3) + basic_machine=m68k-sun + basic_os=sunos3 + ;; + sun3os4) + basic_machine=m68k-sun + basic_os=sunos4 + ;; + sun4) + basic_machine=sparc-sun + basic_os= + ;; + sun4os3) + basic_machine=sparc-sun + basic_os=sunos3 + ;; + sun4os4) + basic_machine=sparc-sun + basic_os=sunos4 + ;; + sun4sol2) + basic_machine=sparc-sun + basic_os=solaris2 + ;; + sun386 | sun386i | roadrunner) + basic_machine=i386-sun + basic_os= + ;; + sv1) + basic_machine=sv1-cray + basic_os=unicos + ;; + symmetry) + basic_machine=i386-sequent + basic_os=dynix + ;; + t3e) + basic_machine=alphaev5-cray + basic_os=unicos + ;; + t90) + basic_machine=t90-cray + basic_os=unicos + ;; + toad1) + basic_machine=pdp10-xkl + basic_os=tops20 + ;; + tpf) + basic_machine=s390x-ibm + basic_os=tpf + ;; + udi29k) + basic_machine=a29k-amd + basic_os=udi + ;; + ultra3) + basic_machine=a29k-nyu + basic_os=sym1 + ;; + v810 | necv810) + basic_machine=v810-nec + basic_os=none + ;; + vaxv) + basic_machine=vax-dec + basic_os=sysv + ;; + vms) + basic_machine=vax-dec + basic_os=vms + ;; + vsta) + basic_machine=i386-pc + basic_os=vsta + ;; + vxworks960) + basic_machine=i960-wrs + basic_os=vxworks + ;; + vxworks68) + basic_machine=m68k-wrs + basic_os=vxworks + ;; + vxworks29k) + basic_machine=a29k-wrs + basic_os=vxworks + ;; + xbox) + basic_machine=i686-pc + basic_os=mingw32 + ;; + ymp) + basic_machine=ymp-cray + basic_os=unicos + ;; + *) + basic_machine=$1 + basic_os= + ;; + esac ;; esac -# Decode aliases for certain CPU-COMPANY combinations. +# Decode 1-component or ad-hoc basic machines case $basic_machine in - # Recognize the basic CPU types without company name. - # Some are omitted here because they have special meanings below. - 1750a | 580 \ - | a29k \ - | aarch64 | aarch64_be \ - | alpha | alphaev[4-8] | alphaev56 | alphaev6[78] | alphapca5[67] \ - | alpha64 | alpha64ev[4-8] | alpha64ev56 | alpha64ev6[78] | alpha64pca5[67] \ - | am33_2.0 \ - | arc | arceb \ - | arm | arm[bl]e | arme[lb] | armv[2-8] | armv[3-8][lb] | armv7[arm] \ - | avr | avr32 \ - | ba \ - | be32 | be64 \ - | bfin \ - | c4x | c8051 | clipper \ - | d10v | d30v | dlx | dsp16xx \ - | e2k | epiphany \ - | fido | fr30 | frv | ft32 \ - | h8300 | h8500 | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \ - | hexagon \ - | i370 | i860 | i960 | ia16 | ia64 \ - | ip2k | iq2000 \ - | k1om \ - | le32 | le64 \ - | lm32 \ - | m32c | m32r | m32rle | m68000 | m68k | m88k \ - | maxq | mb | microblaze | microblazeel | mcore | mep | metag \ - | mips | mipsbe | mipseb | mipsel | mipsle \ - | mips16 \ - | mips64 | mips64el \ - | mips64octeon | mips64octeonel \ - | mips64orion | mips64orionel \ - | mips64r5900 | mips64r5900el \ - | mips64vr | mips64vrel \ - | mips64vr4100 | mips64vr4100el \ - | mips64vr4300 | mips64vr4300el \ - | mips64vr5000 | mips64vr5000el \ - | mips64vr5900 | mips64vr5900el \ - | mipsisa32 | mipsisa32el \ - | mipsisa32r2 | mipsisa32r2el \ - | mipsisa32r6 | mipsisa32r6el \ - | mipsisa64 | mipsisa64el \ - | mipsisa64r2 | mipsisa64r2el \ - | mipsisa64r6 | mipsisa64r6el \ - | mipsisa64sb1 | mipsisa64sb1el \ - | mipsisa64sr71k | mipsisa64sr71kel \ - | mipsr5900 | mipsr5900el \ - | mipstx39 | mipstx39el \ - | mn10200 | mn10300 \ - | moxie \ - | mt \ - | msp430 \ - | nds32 | nds32le | nds32be \ - | nios | nios2 | nios2eb | nios2el \ - | ns16k | ns32k \ - | open8 | or1k | or1knd | or32 \ - | pdp10 | pj | pjl \ - | powerpc | powerpc64 | powerpc64le | powerpcle \ - | pru \ - | pyramid \ - | riscv32 | riscv64 \ - | rl78 | rx \ - | score \ - | sh | sh[1234] | sh[24]a | sh[24]aeb | sh[23]e | sh[234]eb | sheb | shbe | shle | sh[1234]le | sh3ele \ - | sh64 | sh64le \ - | sparc | sparc64 | sparc64b | sparc64v | sparc86x | sparclet | sparclite \ - | sparcv8 | sparcv9 | sparcv9b | sparcv9v \ - | spu \ - | tahoe | tic4x | tic54x | tic55x | tic6x | tic80 | tron \ - | ubicom32 \ - | v850 | v850e | v850e1 | v850e2 | v850es | v850e2v3 \ - | visium \ - | wasm32 \ - | x86 | xc16x | xstormy16 | xtensa \ - | z8k | z80) - basic_machine=$basic_machine-unknown - ;; - c54x) - basic_machine=tic54x-unknown - ;; - c55x) - basic_machine=tic55x-unknown - ;; - c6x) - basic_machine=tic6x-unknown - ;; - leon|leon[3-9]) - basic_machine=sparc-$basic_machine - ;; - m6811 | m68hc11 | m6812 | m68hc12 | m68hcs12x | nvptx | picochip) - basic_machine=$basic_machine-unknown - os=-none + # Here we handle the default manufacturer of certain CPU types. It is in + # some cases the only manufacturer, in others, it is the most popular. + w89k) + cpu=hppa1.1 + vendor=winbond ;; - m88110 | m680[12346]0 | m683?2 | m68360 | m5200 | v70 | w65) + op50n) + cpu=hppa1.1 + vendor=oki ;; - ms1) - basic_machine=mt-unknown + op60c) + cpu=hppa1.1 + vendor=oki ;; - - strongarm | thumb | xscale) - basic_machine=arm-unknown + ibm*) + cpu=i370 + vendor=ibm ;; - xgate) - basic_machine=$basic_machine-unknown - os=-none + orion105) + cpu=clipper + vendor=highlevel ;; - xscaleeb) - basic_machine=armeb-unknown + mac | mpw | mac-mpw) + cpu=m68k + vendor=apple ;; - - xscaleel) - basic_machine=armel-unknown + pmac | pmac-mpw) + cpu=powerpc + vendor=apple ;; - # We use `pc' rather than `unknown' - # because (1) that's what they normally are, and - # (2) the word "unknown" tends to confuse beginning users. - i*86 | x86_64) - basic_machine=$basic_machine-pc - ;; - # Object if more than one company name word. - *-*-*) - echo Invalid configuration \`"$1"\': machine \`"$basic_machine"\' not recognized 1>&2 - exit 1 - ;; - # Recognize the basic CPU types with company name. - 580-* \ - | a29k-* \ - | aarch64-* | aarch64_be-* \ - | alpha-* | alphaev[4-8]-* | alphaev56-* | alphaev6[78]-* \ - | alpha64-* | alpha64ev[4-8]-* | alpha64ev56-* | alpha64ev6[78]-* \ - | alphapca5[67]-* | alpha64pca5[67]-* | arc-* | arceb-* \ - | arm-* | armbe-* | armle-* | armeb-* | armv*-* \ - | avr-* | avr32-* \ - | ba-* \ - | be32-* | be64-* \ - | bfin-* | bs2000-* \ - | c[123]* | c30-* | [cjt]90-* | c4x-* \ - | c8051-* | clipper-* | craynv-* | cydra-* \ - | d10v-* | d30v-* | dlx-* \ - | e2k-* | elxsi-* \ - | f30[01]-* | f700-* | fido-* | fr30-* | frv-* | fx80-* \ - | h8300-* | h8500-* \ - | hppa-* | hppa1.[01]-* | hppa2.0-* | hppa2.0[nw]-* | hppa64-* \ - | hexagon-* \ - | i*86-* | i860-* | i960-* | ia16-* | ia64-* \ - | ip2k-* | iq2000-* \ - | k1om-* \ - | le32-* | le64-* \ - | lm32-* \ - | m32c-* | m32r-* | m32rle-* \ - | m68000-* | m680[012346]0-* | m68360-* | m683?2-* | m68k-* \ - | m88110-* | m88k-* | maxq-* | mcore-* | metag-* \ - | microblaze-* | microblazeel-* \ - | mips-* | mipsbe-* | mipseb-* | mipsel-* | mipsle-* \ - | mips16-* \ - | mips64-* | mips64el-* \ - | mips64octeon-* | mips64octeonel-* \ - | mips64orion-* | mips64orionel-* \ - | mips64r5900-* | mips64r5900el-* \ - | mips64vr-* | mips64vrel-* \ - | mips64vr4100-* | mips64vr4100el-* \ - | mips64vr4300-* | mips64vr4300el-* \ - | mips64vr5000-* | mips64vr5000el-* \ - | mips64vr5900-* | mips64vr5900el-* \ - | mipsisa32-* | mipsisa32el-* \ - | mipsisa32r2-* | mipsisa32r2el-* \ - | mipsisa32r6-* | mipsisa32r6el-* \ - | mipsisa64-* | mipsisa64el-* \ - | mipsisa64r2-* | mipsisa64r2el-* \ - | mipsisa64r6-* | mipsisa64r6el-* \ - | mipsisa64sb1-* | mipsisa64sb1el-* \ - | mipsisa64sr71k-* | mipsisa64sr71kel-* \ - | mipsr5900-* | mipsr5900el-* \ - | mipstx39-* | mipstx39el-* \ - | mmix-* \ - | mt-* \ - | msp430-* \ - | nds32-* | nds32le-* | nds32be-* \ - | nios-* | nios2-* | nios2eb-* | nios2el-* \ - | none-* | np1-* | ns16k-* | ns32k-* \ - | open8-* \ - | or1k*-* \ - | orion-* \ - | pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \ - | powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* \ - | pru-* \ - | pyramid-* \ - | riscv32-* | riscv64-* \ - | rl78-* | romp-* | rs6000-* | rx-* \ - | sh-* | sh[1234]-* | sh[24]a-* | sh[24]aeb-* | sh[23]e-* | sh[34]eb-* | sheb-* | shbe-* \ - | shle-* | sh[1234]le-* | sh3ele-* | sh64-* | sh64le-* \ - | sparc-* | sparc64-* | sparc64b-* | sparc64v-* | sparc86x-* | sparclet-* \ - | sparclite-* \ - | sparcv8-* | sparcv9-* | sparcv9b-* | sparcv9v-* | sv1-* | sx*-* \ - | tahoe-* \ - | tic30-* | tic4x-* | tic54x-* | tic55x-* | tic6x-* | tic80-* \ - | tile*-* \ - | tron-* \ - | ubicom32-* \ - | v850-* | v850e-* | v850e1-* | v850es-* | v850e2-* | v850e2v3-* \ - | vax-* \ - | visium-* \ - | wasm32-* \ - | we32k-* \ - | x86-* | x86_64-* | xc16x-* | xps100-* \ - | xstormy16-* | xtensa*-* \ - | ymp-* \ - | z8k-* | z80-*) - ;; - # Recognize the basic CPU types without company name, with glob match. - xtensa*) - basic_machine=$basic_machine-unknown - ;; # Recognize the various machine names and aliases which stand # for a CPU type and a company and sometimes even an OS. - 386bsd) - basic_machine=i386-pc - os=-bsd - ;; 3b1 | 7300 | 7300-att | att-7300 | pc7300 | safari | unixpc) - basic_machine=m68000-att + cpu=m68000 + vendor=att ;; 3b*) - basic_machine=we32k-att - ;; - a29khif) - basic_machine=a29k-amd - os=-udi - ;; - abacus) - basic_machine=abacus-unknown - ;; - adobe68k) - basic_machine=m68010-adobe - os=-scout - ;; - alliant | fx80) - basic_machine=fx80-alliant - ;; - altos | altos3068) - basic_machine=m68k-altos - ;; - am29k) - basic_machine=a29k-none - os=-bsd - ;; - amd64) - basic_machine=x86_64-pc - ;; - amd64-*) - basic_machine=x86_64-`echo "$basic_machine" | sed 's/^[^-]*-//'` - ;; - amdahl) - basic_machine=580-amdahl - os=-sysv - ;; - amiga | amiga-*) - basic_machine=m68k-unknown - ;; - amigaos | amigados) - basic_machine=m68k-unknown - os=-amigaos - ;; - amigaunix | amix) - basic_machine=m68k-unknown - os=-sysv4 - ;; - apollo68) - basic_machine=m68k-apollo - os=-sysv - ;; - apollo68bsd) - basic_machine=m68k-apollo - os=-bsd - ;; - aros) - basic_machine=i386-pc - os=-aros - ;; - asmjs) - basic_machine=asmjs-unknown - ;; - aux) - basic_machine=m68k-apple - os=-aux - ;; - balance) - basic_machine=ns32k-sequent - os=-dynix - ;; - blackfin) - basic_machine=bfin-unknown - os=-linux - ;; - blackfin-*) - basic_machine=bfin-`echo "$basic_machine" | sed 's/^[^-]*-//'` - os=-linux + cpu=we32k + vendor=att ;; bluegene*) - basic_machine=powerpc-ibm - os=-cnk - ;; - c54x-*) - basic_machine=tic54x-`echo "$basic_machine" | sed 's/^[^-]*-//'` - ;; - c55x-*) - basic_machine=tic55x-`echo "$basic_machine" | sed 's/^[^-]*-//'` - ;; - c6x-*) - basic_machine=tic6x-`echo "$basic_machine" | sed 's/^[^-]*-//'` - ;; - c90) - basic_machine=c90-cray - os=-unicos - ;; - cegcc) - basic_machine=arm-unknown - os=-cegcc - ;; - convex-c1) - basic_machine=c1-convex - os=-bsd - ;; - convex-c2) - basic_machine=c2-convex - os=-bsd - ;; - convex-c32) - basic_machine=c32-convex - os=-bsd - ;; - convex-c34) - basic_machine=c34-convex - os=-bsd - ;; - convex-c38) - basic_machine=c38-convex - os=-bsd - ;; - cray | j90) - basic_machine=j90-cray - os=-unicos - ;; - craynv) - basic_machine=craynv-cray - os=-unicosmp - ;; - cr16 | cr16-*) - basic_machine=cr16-unknown - os=-elf - ;; - crds | unos) - basic_machine=m68k-crds - ;; - crisv32 | crisv32-* | etraxfs*) - basic_machine=crisv32-axis - ;; - cris | cris-* | etrax*) - basic_machine=cris-axis - ;; - crx) - basic_machine=crx-unknown - os=-elf - ;; - da30 | da30-*) - basic_machine=m68k-da30 - ;; - decstation | decstation-3100 | pmax | pmax-* | pmin | dec3100 | decstatn) - basic_machine=mips-dec + cpu=powerpc + vendor=ibm + basic_os=cnk ;; decsystem10* | dec10*) - basic_machine=pdp10-dec - os=-tops10 + cpu=pdp10 + vendor=dec + basic_os=tops10 ;; decsystem20* | dec20*) - basic_machine=pdp10-dec - os=-tops20 + cpu=pdp10 + vendor=dec + basic_os=tops20 ;; delta | 3300 | motorola-3300 | motorola-delta \ | 3300-motorola | delta-motorola) - basic_machine=m68k-motorola - ;; - delta88) - basic_machine=m88k-motorola - os=-sysv3 - ;; - dicos) - basic_machine=i686-pc - os=-dicos - ;; - djgpp) - basic_machine=i586-pc - os=-msdosdjgpp - ;; - dpx20 | dpx20-*) - basic_machine=rs6000-bull - os=-bosx + cpu=m68k + vendor=motorola ;; dpx2*) - basic_machine=m68k-bull - os=-sysv3 - ;; - e500v[12]) - basic_machine=powerpc-unknown - os=$os"spe" - ;; - e500v[12]-*) - basic_machine=powerpc-`echo "$basic_machine" | sed 's/^[^-]*-//'` - os=$os"spe" - ;; - ebmon29k) - basic_machine=a29k-amd - os=-ebmon - ;; - elxsi) - basic_machine=elxsi-elxsi - os=-bsd + cpu=m68k + vendor=bull + basic_os=sysv3 ;; encore | umax | mmax) - basic_machine=ns32k-encore + cpu=ns32k + vendor=encore ;; - es1800 | OSE68k | ose68k | ose | OSE) - basic_machine=m68k-ericsson - os=-ose + elxsi) + cpu=elxsi + vendor=elxsi + basic_os=${basic_os:-bsd} ;; fx2800) - basic_machine=i860-alliant + cpu=i860 + vendor=alliant ;; genix) - basic_machine=ns32k-ns - ;; - gmicro) - basic_machine=tron-gmicro - os=-sysv - ;; - go32) - basic_machine=i386-pc - os=-go32 + cpu=ns32k + vendor=ns ;; h3050r* | hiux*) - basic_machine=hppa1.1-hitachi - os=-hiuxwe2 - ;; - h8300hms) - basic_machine=h8300-hitachi - os=-hms - ;; - h8300xray) - basic_machine=h8300-hitachi - os=-xray - ;; - h8500hms) - basic_machine=h8500-hitachi - os=-hms - ;; - harris) - basic_machine=m88k-harris - os=-sysv3 - ;; - hp300-*) - basic_machine=m68k-hp - ;; - hp300bsd) - basic_machine=m68k-hp - os=-bsd - ;; - hp300hpux) - basic_machine=m68k-hp - os=-hpux + cpu=hppa1.1 + vendor=hitachi + basic_os=hiuxwe2 ;; hp3k9[0-9][0-9] | hp9[0-9][0-9]) - basic_machine=hppa1.0-hp + cpu=hppa1.0 + vendor=hp ;; hp9k2[0-9][0-9] | hp9k31[0-9]) - basic_machine=m68000-hp + cpu=m68000 + vendor=hp ;; hp9k3[2-9][0-9]) - basic_machine=m68k-hp + cpu=m68k + vendor=hp ;; hp9k6[0-9][0-9] | hp6[0-9][0-9]) - basic_machine=hppa1.0-hp + cpu=hppa1.0 + vendor=hp ;; hp9k7[0-79][0-9] | hp7[0-79][0-9]) - basic_machine=hppa1.1-hp + cpu=hppa1.1 + vendor=hp ;; hp9k78[0-9] | hp78[0-9]) # FIXME: really hppa2.0-hp - basic_machine=hppa1.1-hp + cpu=hppa1.1 + vendor=hp ;; hp9k8[67]1 | hp8[67]1 | hp9k80[24] | hp80[24] | hp9k8[78]9 | hp8[78]9 | hp9k893 | hp893) # FIXME: really hppa2.0-hp - basic_machine=hppa1.1-hp + cpu=hppa1.1 + vendor=hp ;; hp9k8[0-9][13679] | hp8[0-9][13679]) - basic_machine=hppa1.1-hp + cpu=hppa1.1 + vendor=hp ;; hp9k8[0-9][0-9] | hp8[0-9][0-9]) - basic_machine=hppa1.0-hp - ;; - hppaosf) - basic_machine=hppa1.1-hp - os=-osf - ;; - hppro) - basic_machine=hppa1.1-hp - os=-proelf - ;; - i370-ibm* | ibm*) - basic_machine=i370-ibm + cpu=hppa1.0 + vendor=hp ;; i*86v32) - basic_machine=`echo "$1" | sed -e 's/86.*/86-pc/'` - os=-sysv32 + cpu=`echo "$1" | sed -e 's/86.*/86/'` + vendor=pc + basic_os=sysv32 ;; i*86v4*) - basic_machine=`echo "$1" | sed -e 's/86.*/86-pc/'` - os=-sysv4 + cpu=`echo "$1" | sed -e 's/86.*/86/'` + vendor=pc + basic_os=sysv4 ;; i*86v) - basic_machine=`echo "$1" | sed -e 's/86.*/86-pc/'` - os=-sysv + cpu=`echo "$1" | sed -e 's/86.*/86/'` + vendor=pc + basic_os=sysv ;; i*86sol2) - basic_machine=`echo "$1" | sed -e 's/86.*/86-pc/'` - os=-solaris2 - ;; - i386mach) - basic_machine=i386-mach - os=-mach - ;; - vsta) - basic_machine=i386-unknown - os=-vsta + cpu=`echo "$1" | sed -e 's/86.*/86/'` + vendor=pc + basic_os=solaris2 + ;; + j90 | j90-cray) + cpu=j90 + vendor=cray + basic_os=${basic_os:-unicos} ;; iris | iris4d) - basic_machine=mips-sgi - case $os in - -irix*) + cpu=mips + vendor=sgi + case $basic_os in + irix*) ;; *) - os=-irix4 + basic_os=irix4 ;; esac ;; - isi68 | isi) - basic_machine=m68k-isi - os=-sysv - ;; - leon-*|leon[3-9]-*) - basic_machine=sparc-`echo "$basic_machine" | sed 's/-.*//'` - ;; - m68knommu) - basic_machine=m68k-unknown - os=-linux - ;; - m68knommu-*) - basic_machine=m68k-`echo "$basic_machine" | sed 's/^[^-]*-//'` - os=-linux - ;; - magnum | m3230) - basic_machine=mips-mips - os=-sysv - ;; - merlin) - basic_machine=ns32k-utek - os=-sysv - ;; - microblaze*) - basic_machine=microblaze-xilinx - ;; - mingw64) - basic_machine=x86_64-pc - os=-mingw64 - ;; - mingw32) - basic_machine=i686-pc - os=-mingw32 - ;; - mingw32ce) - basic_machine=arm-unknown - os=-mingw32ce - ;; miniframe) - basic_machine=m68000-convergent - ;; - *mint | -mint[0-9]* | *MiNT | *MiNT[0-9]*) - basic_machine=m68k-atari - os=-mint - ;; - mips3*-*) - basic_machine=`echo "$basic_machine" | sed -e 's/mips3/mips64/'` - ;; - mips3*) - basic_machine=`echo "$basic_machine" | sed -e 's/mips3/mips64/'`-unknown - ;; - monitor) - basic_machine=m68k-rom68k - os=-coff - ;; - morphos) - basic_machine=powerpc-unknown - os=-morphos - ;; - moxiebox) - basic_machine=moxie-unknown - os=-moxiebox - ;; - msdos) - basic_machine=i386-pc - os=-msdos + cpu=m68000 + vendor=convergent ;; - ms1-*) - basic_machine=`echo "$basic_machine" | sed -e 's/ms1-/mt-/'` - ;; - msys) - basic_machine=i686-pc - os=-msys - ;; - mvs) - basic_machine=i370-ibm - os=-mvs - ;; - nacl) - basic_machine=le32-unknown - os=-nacl - ;; - ncr3000) - basic_machine=i486-ncr - os=-sysv4 - ;; - netbsd386) - basic_machine=i386-unknown - os=-netbsd - ;; - netwinder) - basic_machine=armv4l-rebel - os=-linux - ;; - news | news700 | news800 | news900) - basic_machine=m68k-sony - os=-newsos - ;; - news1000) - basic_machine=m68030-sony - os=-newsos + *mint | mint[0-9]* | *MiNT | *MiNT[0-9]*) + cpu=m68k + vendor=atari + basic_os=mint ;; news-3600 | risc-news) - basic_machine=mips-sony - os=-newsos - ;; - necv70) - basic_machine=v70-nec - os=-sysv + cpu=mips + vendor=sony + basic_os=newsos ;; next | m*-next) - basic_machine=m68k-next - case $os in - -nextstep* ) + cpu=m68k + vendor=next + case $basic_os in + openstep*) + ;; + nextstep*) ;; - -ns2*) - os=-nextstep2 + ns2*) + basic_os=nextstep2 ;; *) - os=-nextstep3 + basic_os=nextstep3 ;; esac ;; - nh3000) - basic_machine=m68k-harris - os=-cxux - ;; - nh[45]000) - basic_machine=m88k-harris - os=-cxux - ;; - nindy960) - basic_machine=i960-intel - os=-nindy - ;; - mon960) - basic_machine=i960-intel - os=-mon960 - ;; - nonstopux) - basic_machine=mips-compaq - os=-nonstopux - ;; np1) - basic_machine=np1-gould - ;; - neo-tandem) - basic_machine=neo-tandem - ;; - nse-tandem) - basic_machine=nse-tandem - ;; - nsr-tandem) - basic_machine=nsr-tandem - ;; - nsv-tandem) - basic_machine=nsv-tandem - ;; - nsx-tandem) - basic_machine=nsx-tandem + cpu=np1 + vendor=gould ;; op50n-* | op60c-*) - basic_machine=hppa1.1-oki - os=-proelf - ;; - openrisc | openrisc-*) - basic_machine=or32-unknown - ;; - os400) - basic_machine=powerpc-ibm - os=-os400 - ;; - OSE68000 | ose68000) - basic_machine=m68000-ericsson - os=-ose - ;; - os68k) - basic_machine=m68k-none - os=-os68k + cpu=hppa1.1 + vendor=oki + basic_os=proelf ;; pa-hitachi) - basic_machine=hppa1.1-hitachi - os=-hiuxwe2 - ;; - paragon) - basic_machine=i860-intel - os=-osf - ;; - parisc) - basic_machine=hppa-unknown - os=-linux - ;; - parisc-*) - basic_machine=hppa-`echo "$basic_machine" | sed 's/^[^-]*-//'` - os=-linux + cpu=hppa1.1 + vendor=hitachi + basic_os=hiuxwe2 ;; pbd) - basic_machine=sparc-tti + cpu=sparc + vendor=tti ;; pbb) - basic_machine=m68k-tti + cpu=m68k + vendor=tti ;; - pc532 | pc532-*) - basic_machine=ns32k-pc532 + pc532) + cpu=ns32k + vendor=pc532 ;; - pc98) - basic_machine=i386-pc + pn) + cpu=pn + vendor=gould ;; - pc98-*) - basic_machine=i386-`echo "$basic_machine" | sed 's/^[^-]*-//'` + power) + cpu=power + vendor=ibm ;; - pentium | p5 | k5 | k6 | nexgen | viac3) - basic_machine=i586-pc + ps2) + cpu=i386 + vendor=ibm ;; - pentiumpro | p6 | 6x86 | athlon | athlon_*) - basic_machine=i686-pc + rm[46]00) + cpu=mips + vendor=siemens ;; - pentiumii | pentium2 | pentiumiii | pentium3) - basic_machine=i686-pc + rtpc | rtpc-*) + cpu=romp + vendor=ibm ;; - pentium4) - basic_machine=i786-pc + sde) + cpu=mipsisa32 + vendor=sde + basic_os=${basic_os:-elf} ;; - pentium-* | p5-* | k5-* | k6-* | nexgen-* | viac3-*) - basic_machine=i586-`echo "$basic_machine" | sed 's/^[^-]*-//'` + simso-wrs) + cpu=sparclite + vendor=wrs + basic_os=vxworks ;; - pentiumpro-* | p6-* | 6x86-* | athlon-*) - basic_machine=i686-`echo "$basic_machine" | sed 's/^[^-]*-//'` + tower | tower-32) + cpu=m68k + vendor=ncr ;; - pentiumii-* | pentium2-* | pentiumiii-* | pentium3-*) - basic_machine=i686-`echo "$basic_machine" | sed 's/^[^-]*-//'` + vpp*|vx|vx-*) + cpu=f301 + vendor=fujitsu ;; - pentium4-*) - basic_machine=i786-`echo "$basic_machine" | sed 's/^[^-]*-//'` + w65) + cpu=w65 + vendor=wdc ;; - pn) - basic_machine=pn-gould + w89k-*) + cpu=hppa1.1 + vendor=winbond + basic_os=proelf ;; - power) basic_machine=power-ibm + none) + cpu=none + vendor=none ;; - ppc | ppcbe) basic_machine=powerpc-unknown + leon|leon[3-9]) + cpu=sparc + vendor=$basic_machine ;; - ppc-* | ppcbe-*) - basic_machine=powerpc-`echo "$basic_machine" | sed 's/^[^-]*-//'` + leon-*|leon[3-9]-*) + cpu=sparc + vendor=`echo "$basic_machine" | sed 's/-.*//'` ;; - ppcle | powerpclittle) - basic_machine=powerpcle-unknown + + *-*) + # shellcheck disable=SC2162 + saved_IFS=$IFS + IFS="-" read cpu vendor <&2 - exit 1 + # Recognize the canonical CPU types that are allowed with any + # company name. + case $cpu in + 1750a | 580 \ + | a29k \ + | aarch64 | aarch64_be \ + | abacus \ + | alpha | alphaev[4-8] | alphaev56 | alphaev6[78] \ + | alpha64 | alpha64ev[4-8] | alpha64ev56 | alpha64ev6[78] \ + | alphapca5[67] | alpha64pca5[67] \ + | am33_2.0 \ + | amdgcn \ + | arc | arceb | arc32 | arc64 \ + | arm | arm[lb]e | arme[lb] | armv* \ + | avr | avr32 \ + | asmjs \ + | ba \ + | be32 | be64 \ + | bfin | bpf | bs2000 \ + | c[123]* | c30 | [cjt]90 | c4x \ + | c8051 | clipper | craynv | csky | cydra \ + | d10v | d30v | dlx | dsp16xx \ + | e2k | elxsi | epiphany \ + | f30[01] | f700 | fido | fr30 | frv | ft32 | fx80 \ + | h8300 | h8500 \ + | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \ + | hexagon \ + | i370 | i*86 | i860 | i960 | ia16 | ia64 \ + | ip2k | iq2000 \ + | k1om \ + | le32 | le64 \ + | lm32 \ + | loongarch32 | loongarch64 | loongarchx32 \ + | m32c | m32r | m32rle \ + | m5200 | m68000 | m680[012346]0 | m68360 | m683?2 | m68k \ + | m6811 | m68hc11 | m6812 | m68hc12 | m68hcs12x \ + | m88110 | m88k | maxq | mb | mcore | mep | metag \ + | microblaze | microblazeel \ + | mips | mipsbe | mipseb | mipsel | mipsle \ + | mips16 \ + | mips64 | mips64eb | mips64el \ + | mips64octeon | mips64octeonel \ + | mips64orion | mips64orionel \ + | mips64r5900 | mips64r5900el \ + | mips64vr | mips64vrel \ + | mips64vr4100 | mips64vr4100el \ + | mips64vr4300 | mips64vr4300el \ + | mips64vr5000 | mips64vr5000el \ + | mips64vr5900 | mips64vr5900el \ + | mipsisa32 | mipsisa32el \ + | mipsisa32r2 | mipsisa32r2el \ + | mipsisa32r3 | mipsisa32r3el \ + | mipsisa32r5 | mipsisa32r5el \ + | mipsisa32r6 | mipsisa32r6el \ + | mipsisa64 | mipsisa64el \ + | mipsisa64r2 | mipsisa64r2el \ + | mipsisa64r3 | mipsisa64r3el \ + | mipsisa64r5 | mipsisa64r5el \ + | mipsisa64r6 | mipsisa64r6el \ + | mipsisa64sb1 | mipsisa64sb1el \ + | mipsisa64sr71k | mipsisa64sr71kel \ + | mipsr5900 | mipsr5900el \ + | mipstx39 | mipstx39el \ + | mmix \ + | mn10200 | mn10300 \ + | moxie \ + | mt \ + | msp430 \ + | nds32 | nds32le | nds32be \ + | nfp \ + | nios | nios2 | nios2eb | nios2el \ + | none | np1 | ns16k | ns32k | nvptx \ + | open8 \ + | or1k* \ + | or32 \ + | orion \ + | picochip \ + | pdp10 | pdp11 | pj | pjl | pn | power \ + | powerpc | powerpc64 | powerpc64le | powerpcle | powerpcspe \ + | pru \ + | pyramid \ + | riscv | riscv32 | riscv32be | riscv64 | riscv64be \ + | rl78 | romp | rs6000 | rx \ + | s390 | s390x \ + | score \ + | sh | shl \ + | sh[1234] | sh[24]a | sh[24]ae[lb] | sh[23]e | she[lb] | sh[lb]e \ + | sh[1234]e[lb] | sh[12345][lb]e | sh[23]ele | sh64 | sh64le \ + | sparc | sparc64 | sparc64b | sparc64v | sparc86x | sparclet \ + | sparclite \ + | sparcv8 | sparcv9 | sparcv9b | sparcv9v | sv1 | sx* \ + | spu \ + | tahoe \ + | thumbv7* \ + | tic30 | tic4x | tic54x | tic55x | tic6x | tic80 \ + | tron \ + | ubicom32 \ + | v70 | v850 | v850e | v850e1 | v850es | v850e2 | v850e2v3 \ + | vax \ + | visium \ + | w65 \ + | wasm32 | wasm64 \ + | we32k \ + | x86 | x86_64 | xc16x | xgate | xps100 \ + | xstormy16 | xtensa* \ + | ymp \ + | z8k | z80) + ;; + + *) + echo Invalid configuration \`"$1"\': machine \`"$cpu-$vendor"\' not recognized 1>&2 + exit 1 + ;; + esac ;; esac # Here we canonicalize certain aliases for manufacturers. -case $basic_machine in - *-digital*) - basic_machine=`echo "$basic_machine" | sed 's/digital.*/dec/'` +case $vendor in + digital*) + vendor=dec ;; - *-commodore*) - basic_machine=`echo "$basic_machine" | sed 's/commodore.*/cbm/'` + commodore*) + vendor=cbm ;; *) ;; @@ -1334,203 +1301,215 @@ # Decode manufacturer-specific aliases for certain operating systems. -if [ x"$os" != x"" ] +if test x$basic_os != x then + +# First recognize some ad-hoc caes, or perhaps split kernel-os, or else just +# set os. +case $basic_os in + gnu/linux*) + kernel=linux + os=`echo "$basic_os" | sed -e 's|gnu/linux|gnu|'` + ;; + os2-emx) + kernel=os2 + os=`echo "$basic_os" | sed -e 's|os2-emx|emx|'` + ;; + nto-qnx*) + kernel=nto + os=`echo "$basic_os" | sed -e 's|nto-qnx|qnx|'` + ;; + *-*) + # shellcheck disable=SC2162 + saved_IFS=$IFS + IFS="-" read kernel os <&2 - exit 1 + # No normalization, but not necessarily accepted, that comes below. ;; esac + else # Here we handle the default operating systems that come with various machines. @@ -1543,258 +1522,362 @@ # will signal an error saying that MANUFACTURER isn't an operating # system, and we'll never get to this point. -case $basic_machine in +kernel= +case $cpu-$vendor in score-*) - os=-elf + os=elf ;; spu-*) - os=-elf + os=elf ;; *-acorn) - os=-riscix1.2 + os=riscix1.2 ;; arm*-rebel) - os=-linux + kernel=linux + os=gnu ;; arm*-semi) - os=-aout + os=aout ;; c4x-* | tic4x-*) - os=-coff + os=coff ;; c8051-*) - os=-elf + os=elf + ;; + clipper-intergraph) + os=clix ;; hexagon-*) - os=-elf + os=elf ;; tic54x-*) - os=-coff + os=coff ;; tic55x-*) - os=-coff + os=coff ;; tic6x-*) - os=-coff + os=coff ;; # This must come before the *-dec entry. pdp10-*) - os=-tops20 + os=tops20 ;; pdp11-*) - os=-none + os=none ;; *-dec | vax-*) - os=-ultrix4.2 + os=ultrix4.2 ;; m68*-apollo) - os=-domain + os=domain ;; i386-sun) - os=-sunos4.0.2 + os=sunos4.0.2 ;; m68000-sun) - os=-sunos3 + os=sunos3 ;; m68*-cisco) - os=-aout + os=aout ;; mep-*) - os=-elf + os=elf ;; mips*-cisco) - os=-elf + os=elf ;; mips*-*) - os=-elf + os=elf ;; or32-*) - os=-coff + os=coff ;; *-tti) # must be before sparc entry or we get the wrong os. - os=-sysv3 + os=sysv3 ;; sparc-* | *-sun) - os=-sunos4.1.1 + os=sunos4.1.1 ;; pru-*) - os=-elf + os=elf ;; *-be) - os=-beos + os=beos ;; *-ibm) - os=-aix + os=aix ;; *-knuth) - os=-mmixware + os=mmixware ;; *-wec) - os=-proelf + os=proelf ;; *-winbond) - os=-proelf + os=proelf ;; *-oki) - os=-proelf + os=proelf ;; *-hp) - os=-hpux + os=hpux ;; *-hitachi) - os=-hiux + os=hiux ;; i860-* | *-att | *-ncr | *-altos | *-motorola | *-convergent) - os=-sysv + os=sysv ;; *-cbm) - os=-amigaos + os=amigaos ;; *-dg) - os=-dgux + os=dgux ;; *-dolphin) - os=-sysv3 + os=sysv3 ;; m68k-ccur) - os=-rtu + os=rtu ;; m88k-omron*) - os=-luna + os=luna ;; *-next) - os=-nextstep + os=nextstep ;; *-sequent) - os=-ptx + os=ptx ;; *-crds) - os=-unos + os=unos ;; *-ns) - os=-genix + os=genix ;; i370-*) - os=-mvs + os=mvs ;; *-gould) - os=-sysv + os=sysv ;; *-highlevel) - os=-bsd + os=bsd ;; *-encore) - os=-bsd + os=bsd ;; *-sgi) - os=-irix + os=irix ;; *-siemens) - os=-sysv4 + os=sysv4 ;; *-masscomp) - os=-rtu + os=rtu ;; f30[01]-fujitsu | f700-fujitsu) - os=-uxpv + os=uxpv ;; *-rom68k) - os=-coff + os=coff ;; *-*bug) - os=-coff + os=coff ;; *-apple) - os=-macos + os=macos ;; *-atari*) - os=-mint + os=mint + ;; + *-wrs) + os=vxworks ;; *) - os=-none + os=none ;; esac + fi +# Now, validate our (potentially fixed-up) OS. +case $os in + # Sometimes we do "kernel-libc", so those need to count as OSes. + musl* | newlib* | relibc* | uclibc*) + ;; + # Likewise for "kernel-abi" + eabi* | gnueabi*) + ;; + # VxWorks passes extra cpu info in the 4th filed. + simlinux | simwindows | spe) + ;; + # Now accept the basic system types. + # The portable systems comes first. + # Each alternative MUST end in a * to match a version number. + gnu* | android* | bsd* | mach* | minix* | genix* | ultrix* | irix* \ + | *vms* | esix* | aix* | cnk* | sunos | sunos[34]* \ + | hpux* | unos* | osf* | luna* | dgux* | auroraux* | solaris* \ + | sym* | plan9* | psp* | sim* | xray* | os68k* | v88r* \ + | hiux* | abug | nacl* | netware* | windows* \ + | os9* | macos* | osx* | ios* \ + | mpw* | magic* | mmixware* | mon960* | lnews* \ + | amigaos* | amigados* | msdos* | newsos* | unicos* | aof* \ + | aos* | aros* | cloudabi* | sortix* | twizzler* \ + | nindy* | vxsim* | vxworks* | ebmon* | hms* | mvs* \ + | clix* | riscos* | uniplus* | iris* | isc* | rtu* | xenix* \ + | mirbsd* | netbsd* | dicos* | openedition* | ose* \ + | bitrig* | openbsd* | secbsd* | solidbsd* | libertybsd* | os108* \ + | ekkobsd* | freebsd* | riscix* | lynxos* | os400* \ + | bosx* | nextstep* | cxux* | aout* | elf* | oabi* \ + | ptx* | coff* | ecoff* | winnt* | domain* | vsta* \ + | udi* | lites* | ieee* | go32* | aux* | hcos* \ + | chorusrdb* | cegcc* | glidix* | serenity* \ + | cygwin* | msys* | pe* | moss* | proelf* | rtems* \ + | midipix* | mingw32* | mingw64* | mint* \ + | uxpv* | beos* | mpeix* | udk* | moxiebox* \ + | interix* | uwin* | mks* | rhapsody* | darwin* \ + | openstep* | oskit* | conix* | pw32* | nonstopux* \ + | storm-chaos* | tops10* | tenex* | tops20* | its* \ + | os2* | vos* | palmos* | uclinux* | nucleus* | morphos* \ + | scout* | superux* | sysv* | rtmk* | tpf* | windiss* \ + | powermax* | dnix* | nx6 | nx7 | sei* | dragonfly* \ + | skyos* | haiku* | rdos* | toppers* | drops* | es* \ + | onefs* | tirtos* | phoenix* | fuchsia* | redox* | bme* \ + | midnightbsd* | amdhsa* | unleashed* | emscripten* | wasi* \ + | nsk* | powerunix* | genode* | zvmoe* | qnx* | emx* | zephyr*) + ;; + # This one is extra strict with allowed versions + sco3.2v2 | sco3.2v[4-9]* | sco5v6*) + # Don't forget version if it is 3.2v4 or newer. + ;; + none) + ;; + *) + echo Invalid configuration \`"$1"\': OS \`"$os"\' not recognized 1>&2 + exit 1 + ;; +esac + +# As a final step for OS-related things, validate the OS-kernel combination +# (given a valid OS), if there is a kernel. +case $kernel-$os in + linux-gnu* | linux-dietlibc* | linux-android* | linux-newlib* \ + | linux-musl* | linux-relibc* | linux-uclibc* ) + ;; + uclinux-uclibc* ) + ;; + -dietlibc* | -newlib* | -musl* | -relibc* | -uclibc* ) + # These are just libc implementations, not actual OSes, and thus + # require a kernel. + echo "Invalid configuration \`$1': libc \`$os' needs explicit kernel." 1>&2 + exit 1 + ;; + kfreebsd*-gnu* | kopensolaris*-gnu*) + ;; + vxworks-simlinux | vxworks-simwindows | vxworks-spe) + ;; + nto-qnx*) + ;; + os2-emx) + ;; + *-eabi* | *-gnueabi*) + ;; + -*) + # Blank kernel with real OS is always fine. + ;; + *-*) + echo "Invalid configuration \`$1': Kernel \`$kernel' not known to work with OS \`$os'." 1>&2 + exit 1 + ;; +esac + # Here we handle the case where we know the os, and the CPU type, but not the # manufacturer. We pick the logical manufacturer. -vendor=unknown -case $basic_machine in - *-unknown) - case $os in - -riscix*) +case $vendor in + unknown) + case $cpu-$os in + *-riscix*) vendor=acorn ;; - -sunos*) + *-sunos*) vendor=sun ;; - -cnk*|-aix*) + *-cnk* | *-aix*) vendor=ibm ;; - -beos*) + *-beos*) vendor=be ;; - -hpux*) + *-hpux*) vendor=hp ;; - -mpeix*) + *-mpeix*) vendor=hp ;; - -hiux*) + *-hiux*) vendor=hitachi ;; - -unos*) + *-unos*) vendor=crds ;; - -dgux*) + *-dgux*) vendor=dg ;; - -luna*) + *-luna*) vendor=omron ;; - -genix*) + *-genix*) vendor=ns ;; - -mvs* | -opened*) + *-clix*) + vendor=intergraph + ;; + *-mvs* | *-opened*) + vendor=ibm + ;; + *-os400*) vendor=ibm ;; - -os400*) + s390-* | s390x-*) vendor=ibm ;; - -ptx*) + *-ptx*) vendor=sequent ;; - -tpf*) + *-tpf*) vendor=ibm ;; - -vxsim* | -vxworks* | -windiss*) + *-vxsim* | *-vxworks* | *-windiss*) vendor=wrs ;; - -aux*) + *-aux*) vendor=apple ;; - -hms*) + *-hms*) vendor=hitachi ;; - -mpw* | -macos*) + *-mpw* | *-macos*) vendor=apple ;; - -*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*) + *-*mint | *-mint[0-9]* | *-*MiNT | *-MiNT[0-9]*) vendor=atari ;; - -vos*) + *-vos*) vendor=stratus ;; esac - basic_machine=`echo "$basic_machine" | sed "s/unknown/$vendor/"` ;; esac -echo "$basic_machine$os" +echo "$cpu-$vendor-${kernel:+$kernel-}$os" exit # Local variables: -# eval: (add-hook 'write-file-functions 'time-stamp) +# eval: (add-hook 'before-save-hook 'time-stamp) # time-stamp-start: "timestamp='" # time-stamp-format: "%:y-%02m-%02d" # time-stamp-end: "'" diff -Nru ldns-1.7.1/configure ldns-1.8.1/configure --- ldns-1.7.1/configure 2019-07-26 15:07:50.000000000 +0000 +++ ldns-1.8.1/configure 2021-12-03 07:45:56.000000000 +0000 @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for ldns 1.7.1. +# Generated by GNU Autoconf 2.69 for ldns 1.8.1. # # Report bugs to . # @@ -590,8 +590,8 @@ # Identity of this package. PACKAGE_NAME='ldns' PACKAGE_TARNAME='libdns' -PACKAGE_VERSION='1.7.1' -PACKAGE_STRING='ldns 1.7.1' +PACKAGE_VERSION='1.8.1' +PACKAGE_STRING='ldns 1.8.1' PACKAGE_BUGREPORT='libdns@nlnetlabs.nl' PACKAGE_URL='' @@ -658,6 +658,9 @@ ldns_build_config_use_dane_ta_usage ldns_build_config_use_dane_verify ldns_build_config_use_dane +ldns_build_config_use_ed448 +ldns_build_config_use_ed25519 +ldns_build_config_use_dsa RUNTIME_PATH HAVE_SSL libtool @@ -681,7 +684,7 @@ PYTHON_EXTRA_LDFLAGS PYTHON_EXTRA_LIBS PYTHON_SITE_PKG -PYTHON_LDFLAGS +PYTHON_LIBS PYTHON_CPPFLAGS PYTHON PYTHON_VERSION @@ -826,6 +829,7 @@ enable_rrtype_avc enable_rrtype_doa enable_rrtype_amtrelay +enable_rrtype_svcb_https enable_rpath with_xcode_sdk with_trust_anchor @@ -1393,7 +1397,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures ldns 1.7.1 to adapt to many kinds of systems. +\`configure' configures ldns 1.8.1 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1459,7 +1463,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of ldns 1.7.1:";; + short | recursive ) echo "Configuration of ldns 1.8.1:";; esac cat <<\_ACEOF @@ -1478,7 +1482,7 @@ --enable-poll This platform supports poll(7) --disable-sha2 Disable SHA256 and SHA512 RRSIG support --disable-gost Disable GOST support - --enable-gost-anyway Enable GOST even whithout a GOST engine installed + --enable-gost-anyway Enable GOST even without a GOST engine installed --disable-ecdsa Disable ECDSA support --disable-dsa Disable DSA support --disable-ed25519 Disable (experimental) ED25519 support. Default is @@ -1498,6 +1502,8 @@ --enable-rrtype-doa Enable draft RR type DOA. --enable-rrtype-amtrelay Enable draft RR type AMTRELAY. + --enable-rrtype-svcb-https + Enable draft RR types SVCB and HTTPS. --disable-rpath disable hardcoded rpath (default=enabled) Optional Packages: @@ -1519,8 +1525,8 @@ --with-pyldnsx to install it. --with-p5-dns-ldns generate DNS::LDNS perl bindings --with-ssl=pathname enable SSL (will check /usr/local/ssl /usr/lib/ssl - /usr/ssl /usr/pkg /usr/local /opt/local - /usr/local/opt/openssl /usr/sfw /usr) + /usr/ssl /usr/pkg /usr/local /opt/local /usr/sfw + /usr) --with-xcode-sdk Set xcode SDK version. Default is autodetect --with-trust-anchor=KEYFILE Default location of the trust anchor file for drill @@ -1611,7 +1617,7 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -ldns configure 1.7.1 +ldns configure 1.8.1 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -2320,7 +2326,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by ldns $as_me 1.7.1, which was +It was created by ldns $as_me 1.8.1, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ @@ -2672,7 +2678,7 @@ # needed to build correct soname LDNS_VERSION_MAJOR=1 -LDNS_VERSION_MINOR=7 +LDNS_VERSION_MINOR=8 LDNS_VERSION_MICRO=1 @@ -2689,10 +2695,12 @@ # set age to 0 # # ldns-1.6.17 and before had a .so with version same as VERSION_INFO -# ldns-1.7.0 has libversion 2:0:0 -# ldns-1.7.1 has libversion 3:0:1 +# ldns-1.7.0 had libversion 2:0:0 +# ldns-1.7.1 had libversion 3:0:0 (though it should have had 3:0:1) +# ldns-1.8.0 had libversion 4:0:2 (though it should have had 4:0:1) +# ldns-1.8.1 has libversion 5:0:2 # -VERSION_INFO=3:0:0 +VERSION_INFO=5:0:2 ac_ext=c @@ -5519,7 +5527,7 @@ fi : ${AR=ar} -: ${AR_FLAGS=cru} +: ${AR_FLAGS=cr} @@ -7282,8 +7290,8 @@ _LT_EOF echo "$LTCC $LTCFLAGS -c -o conftest.o conftest.c" >&5 $LTCC $LTCFLAGS -c -o conftest.o conftest.c 2>&5 - echo "$AR cru libconftest.a conftest.o" >&5 - $AR cru libconftest.a conftest.o 2>&5 + echo "$AR cr libconftest.a conftest.o" >&5 + $AR cr libconftest.a conftest.o 2>&5 echo "$RANLIB libconftest.a" >&5 $RANLIB libconftest.a 2>&5 cat > conftest.c << _LT_EOF @@ -7315,11 +7323,11 @@ # to the OS version, if on x86, and 10.4, the deployment # target defaults to 10.4. Don't you love it? case ${MACOSX_DEPLOYMENT_TARGET-10.0},$host in - 10.0,*86*-darwin8*|10.0,*-darwin[91]*) + 10.0,*86*-darwin8*|10.0,*-darwin[912]*) _lt_dar_allow_undefined='$wl-undefined ${wl}dynamic_lookup' ;; 10.[012][,.]*) _lt_dar_allow_undefined='$wl-flat_namespace $wl-undefined ${wl}suppress' ;; - 10.*) + 10.*|11.*) _lt_dar_allow_undefined='$wl-undefined ${wl}dynamic_lookup' ;; esac ;; @@ -12734,6 +12742,37 @@ fi + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CC supports -fno-strict-aliasing" >&5 +$as_echo_n "checking whether $CC supports -fno-strict-aliasing... " >&6; } +cache=`echo fno-strict-aliasing | sed 'y%.=/+-%___p_%'` +if eval \${cv_prog_cc_flag_$cache+:} false; then : + $as_echo_n "(cached) " >&6 +else + +echo 'void f(void){}' >conftest.c +if test -z "`$CC $CPPFLAGS $CFLAGS -fno-strict-aliasing -c conftest.c 2>&1`"; then +eval "cv_prog_cc_flag_$cache=yes" +else +eval "cv_prog_cc_flag_$cache=no" +fi +rm -f conftest conftest.o conftest.c + +fi + +if eval "test \"`echo '$cv_prog_cc_flag_'$cache`\" = yes"; then +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } +: +CFLAGS="-fno-strict-aliasing $CFLAGS" +else +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +: + +fi + + for ac_header in getopt.h time.h do : as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` @@ -12766,6 +12805,20 @@ # end mingw32 tests +# Check for Apple header. This uncovers TARGET_OS_IPHONE, TARGET_OS_TV or TARGET_OS_WATCH +for ac_header in TargetConditionals.h +do : + ac_fn_c_check_header_mongrel "$LINENO" "TargetConditionals.h" "ac_cv_header_TargetConditionals_h" "$ac_includes_default" +if test "x$ac_cv_header_TargetConditionals_h" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_TARGETCONDITIONALS_H 1 +_ACEOF + +fi + +done + + @@ -13684,7 +13737,11 @@ # check to see if libraries are needed for these functions. -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing socket" >&5 +ac_fn_c_check_func "$LINENO" "socket" "ac_cv_func_socket" +if test "x$ac_cv_func_socket" = xyes; then : + +else + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing socket" >&5 $as_echo_n "checking for library containing socket... " >&6; } if ${ac_cv_search_socket+:} false; then : $as_echo_n "(cached) " >&6 @@ -13740,7 +13797,87 @@ fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing inet_pton" >&5 + +fi + + +# modern Linux provides inet_ntop in -lsocket. +# modern OS X provides inet_ntop in -lc. +# modern Solaris provides inet_ntop in -lsocket -lnsl. +# older Solaris provides inet_ntop in -lresolv. +ac_fn_c_check_func "$LINENO" "inet_ntop" "ac_cv_func_inet_ntop" +if test "x$ac_cv_func_inet_ntop" = xyes; then : + +else + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing inet_ntop" >&5 +$as_echo_n "checking for library containing inet_ntop... " >&6; } +if ${ac_cv_search_inet_ntop+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_func_search_save_LIBS=$LIBS +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char inet_ntop (); +int +main () +{ +return inet_ntop (); + ; + return 0; +} +_ACEOF +for ac_lib in '' socket c nsl resolv; do + if test -z "$ac_lib"; then + ac_res="none required" + else + ac_res=-l$ac_lib + LIBS="-l$ac_lib $ac_func_search_save_LIBS" + fi + if ac_fn_c_try_link "$LINENO"; then : + ac_cv_search_inet_ntop=$ac_res +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext + if ${ac_cv_search_inet_ntop+:} false; then : + break +fi +done +if ${ac_cv_search_inet_ntop+:} false; then : + +else + ac_cv_search_inet_ntop=no +fi +rm conftest.$ac_ext +LIBS=$ac_func_search_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_inet_ntop" >&5 +$as_echo "$ac_cv_search_inet_ntop" >&6; } +ac_res=$ac_cv_search_inet_ntop +if test "$ac_res" != no; then : + test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" + +fi + + +fi + + +# modern Linux provides inet_pton in -lsocket. +# modern OS X provides inet_pton in -lc. +# modern Solaris provides inet_pton in -lsocket -lnsl. +# older Solaris provides inet_pton in -lresolv. +ac_fn_c_check_func "$LINENO" "inet_pton" "ac_cv_func_inet_pton" +if test "x$ac_cv_func_inet_pton" = xyes; then : + +else + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing inet_pton" >&5 $as_echo_n "checking for library containing inet_pton... " >&6; } if ${ac_cv_search_inet_pton+:} false; then : $as_echo_n "(cached) " >&6 @@ -13764,7 +13901,7 @@ return 0; } _ACEOF -for ac_lib in '' nsl; do +for ac_lib in '' socket c nsl resolv; do if test -z "$ac_lib"; then ac_res="none required" else @@ -13797,6 +13934,9 @@ fi +fi + + # Check whether --with-drill was given. @@ -14019,7 +14159,7 @@ ldns_have_python=no if test x_$withval != x_no; then # =========================================================================== -# http://www.gnu.org/software/autoconf-archive/ax_python_devel.html +# https://www.gnu.org/software/autoconf-archive/ax_python_devel.html # =========================================================================== # # SYNOPSIS @@ -14032,8 +14172,8 @@ # in your configure.ac. # # This macro checks for Python and tries to get the include path to -# 'Python.h'. It provides the $(PYTHON_CPPFLAGS) and $(PYTHON_LDFLAGS) -# output variables. It also exports $(PYTHON_EXTRA_LIBS) and +# 'Python.h'. It provides the $(PYTHON_CPPFLAGS) and $(PYTHON_LIBS) output +# variables. It also exports $(PYTHON_EXTRA_LIBS) and # $(PYTHON_EXTRA_LDFLAGS) for embedding Python in your code. # # You can search for some particular version of Python by passing a @@ -14072,7 +14212,7 @@ # Public License for more details. # # You should have received a copy of the GNU General Public License along -# with this program. If not, see . +# with this program. If not, see . # # As a special exception, the respective Autoconf Macro's copyright owner # gives unlimited permission to copy, distribute and modify the configure @@ -14087,7 +14227,7 @@ # modified version of the Autoconf Macro, you may extend this special # exception to the GPL to apply to your modified version as well. -#serial 16 +#serial 21 # This is what autoupdate's m4 run will expand. It fires # the warning (with _au_warn_XXX), outputs it into the @@ -14180,7 +14320,7 @@ This version of the AC_PYTHON_DEVEL macro doesn't work properly with versions of Python before 2.1.0. You may need to re-run configure, setting the -variables PYTHON_CPPFLAGS, PYTHON_LDFLAGS, PYTHON_SITE_PKG, +variables PYTHON_CPPFLAGS, PYTHON_LIBS, PYTHON_SITE_PKG, PYTHON_EXTRA_LIBS and PYTHON_EXTRA_LDFLAGS by hand. Moreover, to disable this check, set PYTHON_NOVERSIONCHECK to something else than an empty string. @@ -14225,7 +14365,7 @@ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for the distutils Python package" >&5 $as_echo_n "checking for the distutils Python package... " >&6; } ac_distutils_result=`$PYTHON -c "import distutils" 2>&1` - if test -z "$ac_distutils_result"; then + if test $? -eq 0; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } else @@ -14265,7 +14405,7 @@ # { $as_echo "$as_me:${as_lineno-$LINENO}: checking for Python library path" >&5 $as_echo_n "checking for Python library path... " >&6; } - if test -z "$PYTHON_LDFLAGS"; then + if test -z "$PYTHON_LIBS"; then # (makes two attempts to ensure we've got a version number # from the interpreter) ac_python_version=`cat<&5 -$as_echo "$PYTHON_LDFLAGS" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PYTHON_LIBS" >&5 +$as_echo "$PYTHON_LIBS" >&6; } # @@ -14365,7 +14505,7 @@ if test -z "$PYTHON_EXTRA_LIBS"; then PYTHON_EXTRA_LIBS=`$PYTHON -c "import distutils.sysconfig; \ conf = distutils.sysconfig.get_config_var; \ - print (conf('LIBS'))"` + print (conf('LIBS') + ' ' + conf('SYSLIBS'))"` fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PYTHON_EXTRA_LIBS" >&5 $as_echo "$PYTHON_EXTRA_LIBS" >&6; } @@ -14392,8 +14532,10 @@ $as_echo_n "checking consistency of all components of python development environment... " >&6; } # save current global flags ac_save_LIBS="$LIBS" + ac_save_LDFLAGS="$LDFLAGS" ac_save_CPPFLAGS="$CPPFLAGS" - LIBS="$ac_save_LIBS $PYTHON_LDFLAGS $PYTHON_EXTRA_LDFLAGS $PYTHON_EXTRA_LIBS" + LIBS="$ac_save_LIBS $PYTHON_LIBS $PYTHON_EXTRA_LIBS $PYTHON_EXTRA_LIBS" + LDFLAGS="$ac_save_LDFLAGS $PYTHON_EXTRA_LDFLAGS" CPPFLAGS="$ac_save_CPPFLAGS $PYTHON_CPPFLAGS" ac_ext=c ac_cpp='$CPP $CPPFLAGS' @@ -14430,6 +14572,7 @@ # turn back to default flags CPPFLAGS="$ac_save_CPPFLAGS" LIBS="$ac_save_LIBS" + LDFLAGS="$ac_save_LDFLAGS" { $as_echo "$as_me:${as_lineno-$LINENO}: result: $pythonexists" >&5 $as_echo "$pythonexists" >&6; } @@ -14440,8 +14583,8 @@ as_fn_error $? " Could not link test program to Python. Maybe the main Python library has been installed in some non-standard library path. If so, pass it to configure, - via the LDFLAGS environment variable. - Example: ./configure LDFLAGS=\"-L/usr/non-standard-path/python/lib\" + via the LIBS environment variable. + Example: ./configure LIBS=\"-L/usr/non-standard-path/python/lib\" ============================================================================ ERROR! You probably have to install the development version of the Python package @@ -14471,7 +14614,7 @@ # check for SWIG if test x_$ldns_have_python != x_no; then # =========================================================================== -# http://www.gnu.org/software/autoconf-archive/ax_pkg_swig.html +# https://www.gnu.org/software/autoconf-archive/ax_pkg_swig.html # =========================================================================== # # SYNOPSIS @@ -14504,9 +14647,9 @@ # LICENSE # # Copyright (c) 2008 Sebastian Huber -# Copyright (c) 2008 Alan W. Irwin +# Copyright (c) 2008 Alan W. Irwin # Copyright (c) 2008 Rafael Laboissiere -# Copyright (c) 2008 Andrew Collier +# Copyright (c) 2008 Andrew Collier # Copyright (c) 2011 Murray Cumming # # This program is free software; you can redistribute it and/or modify it @@ -14520,7 +14663,7 @@ # Public License for more details. # # You should have received a copy of the GNU General Public License along -# with this program. If not, see . +# with this program. If not, see . # # As a special exception, the respective Autoconf Macro's copyright owner # gives unlimited permission to copy, distribute and modify the configure @@ -14535,7 +14678,7 @@ # modified version of the Autoconf Macro, you may extend this special # exception to the GPL to apply to your modified version as well. -#serial 8 +#serial 13 @@ -14545,8 +14688,8 @@ ver = sys.version.split()[0]; \ print(ver >= '3.2')"` = "True"; then - # Ubuntu has swig 2.0 as /usr/bin/swig2.0 - for ac_prog in swig2.0 swig + # Find path to the "swig" executable. + for ac_prog in swig swig3.0 swig2.0 do # Extract the first word of "$ac_prog", so it can be a program name with args. set dummy $ac_prog; ac_word=$2 @@ -14664,8 +14807,8 @@ else - # Ubuntu has swig 2.0 as /usr/bin/swig2.0 - for ac_prog in swig2.0 swig + # Find path to the "swig" executable. + for ac_prog in swig swig3.0 swig2.0 do # Extract the first word of "$ac_prog", so it can be a program name with args. set dummy $ac_prog; ac_word=$2 @@ -15190,7 +15333,7 @@ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for SSL" >&5 $as_echo_n "checking for SSL... " >&6; } if test x_$withval = x_ -o x_$withval = x_yes; then - withval="/usr/local/ssl /usr/lib/ssl /usr/ssl /usr/pkg /usr/local /opt/local /usr/local/opt/openssl /usr/sfw /usr" + withval="/usr/local/ssl /usr/lib/ssl /usr/ssl /usr/pkg /usr/local /opt/local /usr/sfw /usr" fi for dir in $withval; do ssldir="$dir" @@ -15215,8 +15358,19 @@ $as_echo "found in $ssldir" >&6; } HAVE_SSL=yes if test "$ssldir" != "/usr" -a "$ssldir" != ""; then - LDFLAGS="$LDFLAGS -L$ssldir/lib" - LIBSSL_LDFLAGS="$LIBSSL_LDFLAGS -L$ssldir/lib" + if test ! -d "$ssldir/lib" -a -d "$ssldir/lib64"; then + LDFLAGS="$LDFLAGS -L$ssldir/lib64" + LIBSSL_LDFLAGS="$LIBSSL_LDFLAGS -L$ssldir/lib64" + + if test "x$enable_rpath" = xyes; then + if echo "$ssldir/lib64" | grep "^/" >/dev/null; then + RUNTIME_PATH="$RUNTIME_PATH -R$ssldir/lib64" + fi + fi + + else + LDFLAGS="$LDFLAGS -L$ssldir/lib" + LIBSSL_LDFLAGS="$LIBSSL_LDFLAGS -L$ssldir/lib" if test "x$enable_rpath" = xyes; then if echo "$ssldir/lib" | grep "^/" >/dev/null; then @@ -15224,10 +15378,11 @@ fi fi + fi fi - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for HMAC_Update in -lcrypto" >&5 -$as_echo_n "checking for HMAC_Update in -lcrypto... " >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for EVP_sha256 in -lcrypto" >&5 +$as_echo_n "checking for EVP_sha256 in -lcrypto... " >&6; } LIBS="$LIBS -lcrypto" LIBSSL_LIBS="$LIBSSL_LIBS -lcrypto" cat confdefs.h - <<_ACEOF >conftest.$ac_ext @@ -15237,8 +15392,8 @@ main () { - int HMAC_Update(void); - (void)HMAC_Update(); + int EVP_sha256(void); + (void)EVP_sha256(); ; return 0; @@ -15249,7 +15404,7 @@ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } -$as_echo "#define HAVE_HMAC_UPDATE 1" >>confdefs.h +$as_echo "#define HAVE_EVP_SHA256 1" >>confdefs.h else @@ -15270,8 +15425,8 @@ main () { - int HMAC_Update(void); - (void)HMAC_Update(); + int EVP_sha256(void); + (void)EVP_sha256(); ; return 0; @@ -15280,7 +15435,7 @@ if ac_fn_c_try_link "$LINENO"; then : -$as_echo "#define HAVE_HMAC_UPDATE 1" >>confdefs.h +$as_echo "#define HAVE_EVP_SHA256 1" >>confdefs.h { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } @@ -15302,8 +15457,8 @@ main () { - int HMAC_Update(void); - (void)HMAC_Update(); + int EVP_sha256(void); + (void)EVP_sha256(); ; return 0; @@ -15312,7 +15467,7 @@ if ac_fn_c_try_link "$LINENO"; then : -$as_echo "#define HAVE_HMAC_UPDATE 1" >>confdefs.h +$as_echo "#define HAVE_EVP_SHA256 1" >>confdefs.h { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } @@ -15334,8 +15489,8 @@ main () { - int HMAC_Update(void); - (void)HMAC_Update(); + int EVP_sha256(void); + (void)EVP_sha256(); ; return 0; @@ -15344,7 +15499,7 @@ if ac_fn_c_try_link "$LINENO"; then : -$as_echo "#define HAVE_HMAC_UPDATE 1" >>confdefs.h +$as_echo "#define HAVE_EVP_SHA256 1" >>confdefs.h { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } @@ -15427,7 +15582,20 @@ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi -for ac_func in EVP_sha256 EVP_sha384 EVP_sha512 ENGINE_load_cryptodev EVP_PKEY_keygen ECDSA_SIG_get0 EVP_MD_CTX_new EVP_PKEY_base_id DSA_SIG_set0 DSA_SIG_get0 EVP_dss1 DSA_get0_pqg DSA_get0_key OPENSSL_init_ssl OPENSSL_init_crypto ERR_load_crypto_strings +for ac_header in openssl/ssl.h openssl/evp.h openssl/engine.h openssl/conf.h +do : + as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` +ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default" +if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : + cat >>confdefs.h <<_ACEOF +#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 +_ACEOF + +fi + +done + +for ac_func in EVP_sha256 EVP_sha384 EVP_sha512 EVP_PKEY_keygen ECDSA_SIG_get0 EVP_MD_CTX_new DSA_SIG_set0 DSA_SIG_get0 EVP_dss1 DSA_get0_pqg DSA_get0_key EVP_cleanup ENGINE_cleanup ENGINE_free CRYPTO_cleanup_all_ex_data ERR_free_strings CONF_modules_unload OPENSSL_init_ssl OPENSSL_init_crypto ERR_load_crypto_strings CRYPTO_memcmp EVP_PKEY_get_base_id do : as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" @@ -15439,6 +15607,64 @@ fi done +ac_fn_c_check_decl "$LINENO" "EVP_PKEY_base_id" "ac_cv_have_decl_EVP_PKEY_base_id" "$ac_includes_default +#include + +" +if test "x$ac_cv_have_decl_EVP_PKEY_base_id" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_EVP_PKEY_BASE_ID $ac_have_decl +_ACEOF +if test $ac_have_decl = 1; then : + + +cat >>confdefs.h <<_ACEOF +#define HAVE_EVP_PKEY_BASE_ID 1 +_ACEOF + + +fi + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking Checking for OpenSSL >= 3.0.0" >&5 +$as_echo_n "checking Checking for OpenSSL >= 3.0.0... " >&6; } +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#if OPENSSL_VERSION_MAJOR >= 3 +#define SOMETHING +#else +This fails compiling. +So either no OpenSSL at all (the include already failed), or the version < 3.0.0 +#endif + +int +main () +{ + + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + CFLAGS="-DOPENSSL_API_COMPAT=10100 $CFLAGS" + +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + # for macosx, see if glibtool exists and use that # BSD's need to know the version... @@ -15476,7 +15702,7 @@ ;; esac -# check wether gost also works +# check whether gost also works # Check whether --enable-gost was given. if test "${enable_gost+set}" = set; then : @@ -15511,7 +15737,11 @@ if test c${cross_compiling} = cno; then BAKCFLAGS="$CFLAGS" if test -n "$ssldir"; then + if test ! -d "$ssldir/lib" -a -d "$ssldir/lib64"; then + CFLAGS="$CFLAGS -Wl,-rpath,$ssldir/lib64" + else CFLAGS="$CFLAGS -Wl,-rpath,$ssldir/lib" + fi fi if test "$cross_compiling" = yes; then : { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 @@ -15523,10 +15753,18 @@ /* end confdefs.h. */ #include +#ifdef HAVE_OPENSSL_SSL_H #include +#endif +#ifdef HAVE_OPENSSL_EVP_H #include +#endif +#ifdef HAVE_OPENSSL_ENGINE_H #include +#endif +#ifdef HAVE_OPENSSL_CONF_H #include +#endif /* routine to load gost (from sldns) */ int load_gost_id(void) { @@ -15726,6 +15964,8 @@ case "$enable_dsa" in no) + ldns_build_config_use_dsa=0 + ;; *) # detect if DSA is supported, and turn it off if not. ac_fn_c_check_func "$LINENO" "DSA_SIG_new" "ac_cv_func_DSA_SIG_new" @@ -15736,10 +15976,14 @@ #define USE_DSA 1 _ACEOF + ldns_build_config_use_dsa=1 + else if test "x$enable_dsa" = "xyes"; then as_fn_error $? "OpenSSL does not support DSA and you used --enable-dsa." "$LINENO" 5 fi + ldns_build_config_use_dsa=0 + fi ;; @@ -15751,7 +15995,10 @@ fi case "$enable_ed25519" in - no) ;; + no) + ldns_build_config_use_ed25519=0 + + ;; *) ac_fn_c_check_decl "$LINENO" "NID_ED25519" "ac_cv_have_decl_NID_ED25519" "$ac_includes_default #include @@ -15772,10 +16019,14 @@ #define USE_ED25519 1 _ACEOF + ldns_build_config_use_ed25519=1 + else if test "x$enable_ed25519" = "xyes"; then as_fn_error $? "OpenSSL does not support ED25519 and you used --enable-ed25519." "$LINENO" 5 - fi + fi + ldns_build_config_use_ed25519=0 + fi ;; @@ -15787,7 +16038,10 @@ fi case "$enable_ed448" in - no) ;; + no) + ldns_build_config_use_ed448=0 + + ;; *) ac_fn_c_check_decl "$LINENO" "NID_ED448" "ac_cv_have_decl_NID_ED448" "$ac_includes_default #include @@ -15808,10 +16062,14 @@ #define USE_ED448 1 _ACEOF + ldns_build_config_use_ed448=1 + else if test "x$enable_ed448" = "xyes"; then as_fn_error $? "OpenSSL does not support ED448 and you used --enable-ed448." "$LINENO" 5 - fi + fi + ldns_build_config_use_ed448=0 + fi ;; @@ -15906,7 +16164,8 @@ ldns_build_config_use_dane_ta_usage=0 ;; - *) LIBS="-lssl $LIBS" + *) danetmpLIBS="$LIBS" + LIBS="-lssl -lcrypto $LIBS" ac_fn_c_check_func "$LINENO" "SSL_get0_dane" "ac_cv_func_SSL_get0_dane" if test "x$ac_cv_func_SSL_get0_dane" = xyes; then : @@ -15915,6 +16174,7 @@ fi LIBSSL_LIBS="-lssl $LIBSSL_LIBS" + LIBS="$danetmpLIBS" ldns_build_config_use_dane_ta_usage=1 @@ -16040,6 +16300,22 @@ no|*) ;; esac +# Check whether --enable-rrtype-svcb-https was given. +if test "${enable_rrtype_svcb_https+set}" = set; then : + enableval=$enable_rrtype_svcb_https; +fi + +case "$enable_rrtype_svcb_https" in + yes) + +cat >>confdefs.h <<_ACEOF +#define RRTYPE_SVCB_HTTPS /**/ +_ACEOF + + ;; + no|*) + ;; +esac @@ -16047,7 +16323,12 @@ if test "x$HAVE_SSL" = "xyes"; then -LIBSSL_SSL_LIBS="-lssl $LIBSSL_LIBS" + if echo "$LIBSSL_LIBS" | grep -- "-lssl" >/dev/null 2>&1; then + LIBSSL_SSL_LIBS="$LIBSSL_LIBS" + else + LIBSSL_SSL_LIBS="-lssl $LIBSSL_LIBS" + fi + LIBSSL_SSL_LIBS="$LIBSSL_SSL_LIBS" fi CPPFLAGS=$tmp_CPPFLAGS @@ -16914,140 +17195,9 @@ fi -for ac_header in stdlib.h -do : - ac_fn_c_check_header_mongrel "$LINENO" "stdlib.h" "ac_cv_header_stdlib_h" "$ac_includes_default" -if test "x$ac_cv_header_stdlib_h" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_STDLIB_H 1 -_ACEOF - -fi - -done - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for GNU libc compatible malloc" >&5 -$as_echo_n "checking for GNU libc compatible malloc... " >&6; } -if ${ac_cv_func_malloc_0_nonnull+:} false; then : - $as_echo_n "(cached) " >&6 -else - if test "$cross_compiling" = yes; then : - ac_cv_func_malloc_0_nonnull=no -else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#if defined STDC_HEADERS || defined HAVE_STDLIB_H -# include -#else -char *malloc (); -#endif - -int -main () -{ -return ! malloc (0); - ; - return 0; -} -_ACEOF -if ac_fn_c_try_run "$LINENO"; then : - ac_cv_func_malloc_0_nonnull=yes -else - ac_cv_func_malloc_0_nonnull=no -fi -rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ - conftest.$ac_objext conftest.beam conftest.$ac_ext -fi - -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_func_malloc_0_nonnull" >&5 -$as_echo "$ac_cv_func_malloc_0_nonnull" >&6; } -if test $ac_cv_func_malloc_0_nonnull = yes; then : - -$as_echo "#define HAVE_MALLOC 1" >>confdefs.h - -else - $as_echo "#define HAVE_MALLOC 0" >>confdefs.h - - case " $LIBOBJS " in - *" malloc.$ac_objext "* ) ;; - *) LIBOBJS="$LIBOBJS malloc.$ac_objext" - ;; -esac - - -$as_echo "#define malloc rpl_malloc" >>confdefs.h - -fi - - -for ac_header in stdlib.h -do : - ac_fn_c_check_header_mongrel "$LINENO" "stdlib.h" "ac_cv_header_stdlib_h" "$ac_includes_default" -if test "x$ac_cv_header_stdlib_h" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_STDLIB_H 1 -_ACEOF - -fi - -done - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for GNU libc compatible realloc" >&5 -$as_echo_n "checking for GNU libc compatible realloc... " >&6; } -if ${ac_cv_func_realloc_0_nonnull+:} false; then : - $as_echo_n "(cached) " >&6 -else - if test "$cross_compiling" = yes; then : - ac_cv_func_realloc_0_nonnull=no -else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#if defined STDC_HEADERS || defined HAVE_STDLIB_H -# include -#else -char *realloc (); -#endif - -int -main () -{ -return ! realloc (0, 0); - ; - return 0; -} -_ACEOF -if ac_fn_c_try_run "$LINENO"; then : - ac_cv_func_realloc_0_nonnull=yes -else - ac_cv_func_realloc_0_nonnull=no -fi -rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ - conftest.$ac_objext conftest.beam conftest.$ac_ext -fi - -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_func_realloc_0_nonnull" >&5 -$as_echo "$ac_cv_func_realloc_0_nonnull" >&6; } -if test $ac_cv_func_realloc_0_nonnull = yes; then : - -$as_echo "#define HAVE_REALLOC 1" >>confdefs.h - -else - $as_echo "#define HAVE_REALLOC 0" >>confdefs.h - - case " $LIBOBJS " in - *" realloc.$ac_objext "* ) ;; - *) LIBOBJS="$LIBOBJS realloc.$ac_objext" - ;; -esac - - -$as_echo "#define realloc rpl_realloc" >>confdefs.h - -fi - - +# AC_FUNC_MALLOC suffers false failures and causes Asan failures. +# AC_FUNC_MALLOC +# AC_FUNC_REALLOC ac_fn_c_check_func "$LINENO" "b64_pton" "ac_cv_func_b64_pton" if test "x$ac_cv_func_b64_pton" = xyes; then : @@ -17483,6 +17633,37 @@ fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking compile of fork" >&5 +$as_echo_n "checking compile of fork... " >&6; } +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include + +int +main () +{ + + (void)fork(); + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + +$as_echo "#define HAVE_FORK_AVAILABLE 1" >>confdefs.h + + +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext for ac_func in endprotoent endservent sleep random fcntl strtoul bzero memset b32_ntop b32_pton do : as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` @@ -17831,7 +18012,7 @@ if test "x_$with_xcode_sdk" != "x_no" ; then # check OSX deployment target, if needed - if echo $build_os | grep darwin > /dev/null; then + if echo $target_os | grep darwin > /dev/null; then sdk_p=`xcode-select -print-path`; if test "x_$with_xcode_sdk" = "x_yes" ; then sdk_v="$( /usr/bin/xcrun --show-sdk-version 2>/dev/null )" @@ -18468,7 +18649,7 @@ # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by ldns $as_me 1.7.1, which was +This file was extended by ldns $as_me 1.8.1, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -18534,7 +18715,7 @@ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -ldns config.status 1.7.1 +ldns config.status 1.8.1 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" @@ -20093,5 +20274,3 @@ - - diff -Nru ldns-1.7.1/configure.ac ldns-1.8.1/configure.ac --- ldns-1.7.1/configure.ac 2019-07-26 15:07:44.000000000 +0000 +++ ldns-1.8.1/configure.ac 2021-12-03 07:45:47.000000000 +0000 @@ -5,7 +5,7 @@ # must be numbers. ac_defun because of later processing. m4_define([VERSION_MAJOR],[1]) -m4_define([VERSION_MINOR],[7]) +m4_define([VERSION_MINOR],[8]) m4_define([VERSION_MICRO],[1]) AC_INIT(ldns, m4_defn([VERSION_MAJOR]).m4_defn([VERSION_MINOR]).m4_defn([VERSION_MICRO]), libdns@nlnetlabs.nl, libdns) AC_CONFIG_SRCDIR([packet.c]) @@ -26,10 +26,12 @@ # set age to 0 # # ldns-1.6.17 and before had a .so with version same as VERSION_INFO -# ldns-1.7.0 has libversion 2:0:0 -# ldns-1.7.1 has libversion 3:0:1 +# ldns-1.7.0 had libversion 2:0:0 +# ldns-1.7.1 had libversion 3:0:0 (though it should have had 3:0:1) +# ldns-1.8.0 had libversion 4:0:2 (though it should have had 4:0:1) +# ldns-1.8.1 has libversion 5:0:2 # -AC_SUBST(VERSION_INFO, [3:0:0]) +AC_SUBST(VERSION_INFO, [5:0:2]) AC_AIX if test "$ac_cv_header_minix_config_h" = "yes"; then @@ -50,7 +52,7 @@ # Extra (sp)lint flags for NetBSD AC_CANONICAL_HOST case "$host_os" in - netbsd*) LINTFLAGS="'-D__RENAME(x)=' -D_NETINET_IN_H_ $LINTFLAGS" + netbsd*) LINTFLAGS="'-D__RENAME(x)=' -D_NETINET_IN_H_ $LINTFLAGS" ;; *) LINTFLAGS="$LINTFLAGS" ;; @@ -96,6 +98,7 @@ #ACX_CHECK_COMPILER_FLAG(Wshadow, [CFLAGS="-Wshadow $CFLAGS"]) ACX_CHECK_COMPILER_FLAG(Wunused-function, [CFLAGS="-Wunused-function $CFLAGS"]) ACX_CHECK_COMPILER_FLAG(Wmissing-prototypes, [CFLAGS="-Wmissing-prototypes $CFLAGS"]) +ACX_CHECK_COMPILER_FLAG(fno-strict-aliasing, [CFLAGS="-fno-strict-aliasing $CFLAGS"]) AC_CHECK_HEADERS([getopt.h time.h],,, [AC_INCLUDES_DEFAULT]) @@ -103,6 +106,9 @@ AC_CHECK_HEADERS([winsock2.h ws2tcpip.h],,, [AC_INCLUDES_DEFAULT]) # end mingw32 tests +# Check for Apple header. This uncovers TARGET_OS_IPHONE, TARGET_OS_TV or TARGET_OS_WATCH +AC_CHECK_HEADERS([TargetConditionals.h]) + ACX_DETERMINE_EXT_FLAGS_UNBOUND AC_C_INLINE @@ -119,12 +125,32 @@ AC_CHECK_PROG(doxygen, doxygen, doxygen) # check to see if libraries are needed for these functions. -AC_SEARCH_LIBS([socket], [socket]) -AC_SEARCH_LIBS([inet_pton], [nsl]) +AC_CHECK_FUNC([socket], + [], + [AC_SEARCH_LIBS([socket], [socket]) +]) +# modern Linux provides inet_ntop in -lsocket. +# modern OS X provides inet_ntop in -lc. +# modern Solaris provides inet_ntop in -lsocket -lnsl. +# older Solaris provides inet_ntop in -lresolv. +AC_CHECK_FUNC([inet_ntop], + [], + [AC_SEARCH_LIBS([inet_ntop], [socket c nsl resolv]) +]) + +# modern Linux provides inet_pton in -lsocket. +# modern OS X provides inet_pton in -lc. +# modern Solaris provides inet_pton in -lsocket -lnsl. +# older Solaris provides inet_pton in -lresolv. +AC_CHECK_FUNC([inet_pton], + [], + [AC_SEARCH_LIBS([inet_pton], [socket c nsl resolv]) +]) -AC_ARG_WITH(drill, AC_HELP_STRING([--with-drill], - [Also build drill.]), + +AC_ARG_WITH(drill, AC_HELP_STRING([--with-drill], + [Also build drill.]), [],[with_drill="no"]) if test x_$with_drill != x_no ; then AC_SUBST(DRILL,[drill]) @@ -136,7 +162,7 @@ AC_MSG_ERROR([ A config.h was detected in the drill subdirectory. This does not work with the --with-drill option. -Please remove the config.h from the drill subdirectory +Please remove the config.h from the drill subdirectory or do not use the --with-drill option.]) fi else @@ -148,8 +174,8 @@ fi -AC_ARG_WITH(examples, AC_HELP_STRING([--with-examples], - [Also build examples.]), +AC_ARG_WITH(examples, AC_HELP_STRING([--with-examples], + [Also build examples.]), [],[with_examples="no"]) if test x_$with_examples != x_no ; then AC_SUBST(EXAMPLES,[examples]) @@ -161,7 +187,7 @@ AC_MSG_ERROR([ A config.h was detected in the examples subdirectory. This does not work with the --with-examples option. -Please remove the config.h from the examples subdirectory +Please remove the config.h from the examples subdirectory or do not use the --with-examples option.]) fi else @@ -192,7 +218,7 @@ case "$enable_stderr_msgs" in no) dnl default ;; - *) + *) AC_DEFINE_UNQUOTED([STDERR_MSGS], [1], [Define this to enable messages to stderr.]) ;; esac @@ -208,8 +234,8 @@ PYTHON_X_CFLAGS="" ldns_with_pyldns=no ldns_with_pyldnsx=no -AC_ARG_WITH(pyldns, AC_HELP_STRING([--with-pyldns], - [generate python library, or --without-pyldns to disable Python support.]), +AC_ARG_WITH(pyldns, AC_HELP_STRING([--with-pyldns], + [generate python library, or --without-pyldns to disable Python support.]), [],[ withval="no" ]) ldns_have_python=no if test x_$withval != x_no; then @@ -264,8 +290,8 @@ AC_SUBST(PYTHON_X_CFLAGS) # Check for pyldnsx -AC_ARG_WITH(pyldnsx, AC_HELP_STRING([--without-pyldnsx], - [Do not install the ldnsx python module, or --with-pyldnsx to install it.]), +AC_ARG_WITH(pyldnsx, AC_HELP_STRING([--without-pyldnsx], + [Do not install the ldnsx python module, or --with-pyldnsx to install it.]), [],[ withval="with_pyldns" ]) if test x_$withval != x_no; then if test x_$ldns_with_pyldns != x_no; then @@ -295,8 +321,8 @@ # check for perl ldns_with_p5_dns_ldns=no -AC_ARG_WITH(p5-dns-ldns, AC_HELP_STRING([--with-p5-dns-ldns], - [generate DNS::LDNS perl bindings]), +AC_ARG_WITH(p5-dns-ldns, AC_HELP_STRING([--with-p5-dns-ldns], + [generate DNS::LDNS perl bindings]), [],[ withval="no" ]) ldns_have_perl=no if test x_$withval != x_no; then @@ -332,7 +358,29 @@ else AC_MSG_RESULT([no]) fi -AC_CHECK_FUNCS([EVP_sha256 EVP_sha384 EVP_sha512 ENGINE_load_cryptodev EVP_PKEY_keygen ECDSA_SIG_get0 EVP_MD_CTX_new EVP_PKEY_base_id DSA_SIG_set0 DSA_SIG_get0 EVP_dss1 DSA_get0_pqg DSA_get0_key OPENSSL_init_ssl OPENSSL_init_crypto ERR_load_crypto_strings]) +AC_CHECK_HEADERS([openssl/ssl.h openssl/evp.h openssl/engine.h openssl/conf.h]) +AC_CHECK_FUNCS([EVP_sha256 EVP_sha384 EVP_sha512 EVP_PKEY_keygen ECDSA_SIG_get0 EVP_MD_CTX_new DSA_SIG_set0 DSA_SIG_get0 EVP_dss1 DSA_get0_pqg DSA_get0_key EVP_cleanup ENGINE_cleanup ENGINE_free CRYPTO_cleanup_all_ex_data ERR_free_strings CONF_modules_unload OPENSSL_init_ssl OPENSSL_init_crypto ERR_load_crypto_strings CRYPTO_memcmp EVP_PKEY_get_base_id]) +AC_CHECK_DECLS([EVP_PKEY_base_id], [ + AC_DEFINE_UNQUOTED([HAVE_EVP_PKEY_BASE_ID], [1], [Define to 1 if you have the EVP_PKEY_base_id function or macro.]) +], [], [AC_INCLUDES_DEFAULT +#include +]) +AC_MSG_CHECKING([Checking for OpenSSL >= 3.0.0]) +AC_COMPILE_IFELSE([AC_LANG_PROGRAM([ +#include +#if OPENSSL_VERSION_MAJOR >= 3 +#define SOMETHING +#else +This fails compiling. +So either no OpenSSL at all (the include already failed), or the version < 3.0.0 +#endif +], [ +])], [ + AC_MSG_RESULT(yes) + CFLAGS="-DOPENSSL_API_COMPAT=10100 $CFLAGS" +], [ AC_MSG_RESULT(no) +]) + # for macosx, see if glibtool exists and use that # BSD's need to know the version... @@ -355,21 +403,33 @@ ;; esac -# check wether gost also works +# check whether gost also works AC_DEFUN([AC_CHECK_GOST_WORKS], [AC_REQUIRE([AC_PROG_CC]) AC_MSG_CHECKING([if GOST works]) if test c${cross_compiling} = cno; then BAKCFLAGS="$CFLAGS" if test -n "$ssldir"; then + if test ! -d "$ssldir/lib" -a -d "$ssldir/lib64"; then + CFLAGS="$CFLAGS -Wl,-rpath,$ssldir/lib64" + else CFLAGS="$CFLAGS -Wl,-rpath,$ssldir/lib" + fi fi AC_RUN_IFELSE([AC_LANG_SOURCE([[ #include +#ifdef HAVE_OPENSSL_SSL_H #include +#endif +#ifdef HAVE_OPENSSL_EVP_H #include +#endif +#ifdef HAVE_OPENSSL_ENGINE_H #include +#endif +#ifdef HAVE_OPENSSL_CONF_H #include +#endif /* routine to load gost (from sldns) */ int load_gost_id(void) { @@ -414,7 +474,7 @@ EVP_PKEY_asn1_get0_info(&gost_id, NULL, NULL, NULL, NULL, meth); return gost_id; } -int main(void) { +int main(void) { EVP_MD_CTX* ctx; const EVP_MD* md; unsigned char digest[64]; /* its a 256-bit digest, so uses 32 bytes */ @@ -464,7 +524,7 @@ AC_CHECK_FUNC(EVP_PKEY_set_type_str, [],[AC_MSG_ERROR([OpenSSL >= 1.0.0 is needed for GOST support or rerun with --disable-gost])]) AC_CHECK_FUNC(EC_KEY_new, [], [AC_MSG_ERROR([No ECC functions found in OpenSSL: please upgrade OpenSSL or rerun with --disable-gost])]) AC_CHECK_GOST_WORKS - AC_ARG_ENABLE(gost-anyway, AC_HELP_STRING([--enable-gost-anyway], [Enable GOST even whithout a GOST engine installed])) + AC_ARG_ENABLE(gost-anyway, AC_HELP_STRING([--enable-gost-anyway], [Enable GOST even without a GOST engine installed])) if test "$ac_cv_c_gost_works" != "no" -o "$enable_gost_anyway" = "yes"; then if test "$ac_cv_c_gost_works" = "no"; then AC_MSG_RESULT([no, but compiling with GOST support anyway]) @@ -503,24 +563,31 @@ AC_ARG_ENABLE(dsa, AC_HELP_STRING([--disable-dsa], [Disable DSA support])) case "$enable_dsa" in no) + AC_SUBST(ldns_build_config_use_dsa, 0) ;; *) dnl default # detect if DSA is supported, and turn it off if not. AC_CHECK_FUNC(DSA_SIG_new, [ AC_DEFINE_UNQUOTED([USE_DSA], [1], [Define this to enable DSA support.]) + AC_SUBST(ldns_build_config_use_dsa, 1) ], [if test "x$enable_dsa" = "xyes"; then AC_MSG_ERROR([OpenSSL does not support DSA and you used --enable-dsa.]) - fi ]) + fi + AC_SUBST(ldns_build_config_use_dsa, 0)]) ;; esac AC_ARG_ENABLE(ed25519, AC_HELP_STRING([--disable-ed25519], [Disable (experimental) ED25519 support. Default is detect])) case "$enable_ed25519" in - no) ;; + no) + AC_SUBST(ldns_build_config_use_ed25519, 0) + ;; *) dnl default AC_CHECK_DECLS([NID_ED25519], [ AC_DEFINE_UNQUOTED([USE_ED25519], [1], [Define this to enable ED25519 support.]) + AC_SUBST(ldns_build_config_use_ed25519, 1) ], [if test "x$enable_ed25519" = "xyes"; then AC_MSG_ERROR([OpenSSL does not support ED25519 and you used --enable-ed25519.]) - fi ], [AC_INCLUDES_DEFAULT + fi + AC_SUBST(ldns_build_config_use_ed25519, 0)], [AC_INCLUDES_DEFAULT #include ]) ;; @@ -528,12 +595,16 @@ AC_ARG_ENABLE(ed448, AC_HELP_STRING([--disable-ed448], [Disable (experimental) ED448 support. Default is detect])) case "$enable_ed448" in - no) ;; + no) + AC_SUBST(ldns_build_config_use_ed448, 0) + ;; *) dnl default AC_CHECK_DECLS([NID_ED448], [ AC_DEFINE_UNQUOTED([USE_ED448], [1], [Define this to enable ED448 support.]) + AC_SUBST(ldns_build_config_use_ed448, 1) ], [if test "x$enable_ed448" = "xyes"; then AC_MSG_ERROR([OpenSSL does not support ED448 and you used --enable-ed448.]) - fi ], [AC_INCLUDES_DEFAULT + fi + AC_SUBST(ldns_build_config_use_ed448, 0)], [AC_INCLUDES_DEFAULT #include ]) ;; @@ -584,9 +655,11 @@ AC_SUBST(ldns_build_config_use_dane_ta_usage, 0) ;; *) dnl default - LIBS="-lssl $LIBS" + danetmpLIBS="$LIBS" + LIBS="-lssl -lcrypto $LIBS" AC_CHECK_FUNC(SSL_get0_dane, [], [AC_MSG_ERROR([OpenSSL does not support offline DANE verification (Needed for the DANE-TA usage type). Please upgrade OpenSSL to version >= 1.1.0 or rerun with --disable-dane-verify or --disable-dane-ta-usage])]) LIBSSL_LIBS="-lssl $LIBSSL_LIBS" + LIBS="$danetmpLIBS" AC_SUBST(ldns_build_config_use_dane_ta_usage, 1) AC_DEFINE_UNQUOTED([USE_DANE_TA_USAGE], [1], [Define this to enable DANE-TA usage type support.]) ;; @@ -651,6 +724,14 @@ no|*) ;; esac +AC_ARG_ENABLE(rrtype-svcb-https, AC_HELP_STRING([--enable-rrtype-svcb-https], [Enable draft RR types SVCB and HTTPS.])) +case "$enable_rrtype_svcb_https" in + yes) + AC_DEFINE_UNQUOTED([RRTYPE_SVCB_HTTPS], [], [Define this to enable RR types SVCB and HTTPS.]) + ;; + no|*) + ;; +esac @@ -658,7 +739,12 @@ AC_SUBST(LIBSSL_LDFLAGS) AC_SUBST(LIBSSL_LIBS) if test "x$HAVE_SSL" = "xyes"; then -AC_SUBST(LIBSSL_SSL_LIBS, ["-lssl $LIBSSL_LIBS"]) + if echo "$LIBSSL_LIBS" | grep -- "-lssl" >/dev/null 2>&1; then + LIBSSL_SSL_LIBS="$LIBSSL_LIBS" + else + LIBSSL_SSL_LIBS="-lssl $LIBSSL_LIBS" + fi + AC_SUBST(LIBSSL_SSL_LIBS, "$LIBSSL_SSL_LIBS") fi CPPFLAGS=$tmp_CPPFLAGS LDFLAGS=$tmp_LDFLAGS @@ -770,7 +856,7 @@ ] ) AC_CHECK_HEADERS([netinet/in_systm.h net/if.h netinet/ip.h netinet/udp.h netinet/igmp.h netinet/if_ether.h netinet/ip6.h net/ethernet.h netinet/ip_compat.h],,, [ -AC_INCLUDES_DEFAULT +AC_INCLUDES_DEFAULT #ifdef HAVE_NETINET_IN_SYSTM_H #include #endif @@ -811,8 +897,9 @@ #endif]) ACX_CHECK_SS_FAMILY -AC_FUNC_MALLOC -AC_FUNC_REALLOC +# AC_FUNC_MALLOC suffers false failures and causes Asan failures. +# AC_FUNC_MALLOC +# AC_FUNC_REALLOC AC_REPLACE_FUNCS(b64_pton) AC_REPLACE_FUNCS(b64_ntop) @@ -830,6 +917,16 @@ AC_REPLACE_FUNCS(strlcpy) AC_REPLACE_FUNCS(memmove) AC_FUNC_FORK +AC_MSG_CHECKING([compile of fork]) +AC_COMPILE_IFELSE([AC_LANG_PROGRAM([ +#include +], [ + (void)fork(); +])], [ + AC_MSG_RESULT(yes) + AC_DEFINE([HAVE_FORK_AVAILABLE], 1, [if fork is available for compile]) +], [ AC_MSG_RESULT(no) +]) AC_CHECK_FUNCS([endprotoent endservent sleep random fcntl strtoul bzero memset b32_ntop b32_pton]) if test "x$HAVE_B32_NTOP" = "xyes"; then AC_SUBST(ldns_build_config_have_b32_ntop, 1) @@ -856,12 +953,12 @@ ACX_CHECK_FORMAT_ATTRIBUTE ACX_CHECK_UNUSED_ATTRIBUTE -AC_ARG_WITH(xcode-sdk, AC_HELP_STRING([--with-xcode-sdk], - [Set xcode SDK version. Default is autodetect]), +AC_ARG_WITH(xcode-sdk, AC_HELP_STRING([--with-xcode-sdk], + [Set xcode SDK version. Default is autodetect]), [],[with_xcode_sdk="yes"]) if test "x_$with_xcode_sdk" != "x_no" ; then # check OSX deployment target, if needed - if echo $build_os | grep darwin > /dev/null; then + if echo $target_os | grep darwin > /dev/null; then sdk_p=`xcode-select -print-path`; if test "x_$with_xcode_sdk" = "x_yes" ; then sdk_v="$( /usr/bin/xcrun --show-sdk-version 2>/dev/null )" @@ -1088,5 +1185,3 @@ COPY_HEADER_FILES(ldns/, ldns/) dnl AC_CONFIG_SUBDIRS([drill]) - - diff -Nru ldns-1.7.1/contrib/android/15-android.conf ldns-1.8.1/contrib/android/15-android.conf --- ldns-1.7.1/contrib/android/15-android.conf 1970-01-01 00:00:00.000000000 +0000 +++ ldns-1.8.1/contrib/android/15-android.conf 2021-12-03 07:45:47.000000000 +0000 @@ -0,0 +1,37 @@ +#### Android... +# +# Heavily hacked 15-android.conf based on OpenSSL's config file of the same name. +# This 15-android.conf avoids compiler errors using NDK-r20. This 15-android.conf +# requires an environment set (sourced) using setenv-android.sh. + +my %targets = ( + "android" => { + inherit_from => [ "linux-generic32" ], + template => 1, + bin_cflags => add("-fPIE"), + bin_lflags => add("-pie"), + enable => [ ], + }, + + "android-arm" => { + inherit_from => [ "android", asm("armv4_asm") ], + bn_ops => [ "BN_LLONG", "RC4_CHAR" ], + }, + "android-arm64" => { + inherit_from => [ "android", asm("aarch64_asm") ], + bn_ops => [ "SIXTY_FOUR_BIT_LONG", "RC4_CHAR" ], + perlasm_scheme => "linux64", + }, + + "android-x86" => { + inherit_from => [ "android", asm("x86_asm") ], + cflags => add(picker(release => "-fomit-frame-pointer")), + bn_ops => [ "BN_LLONG", "RC4_INT" ], + perlasm_scheme => "android", + }, + "android-x86_64" => { + inherit_from => [ "android", asm("x86_64_asm") ], + bn_ops => [ "SIXTY_FOUR_BIT_LONG", "RC4_INT" ], + perlasm_scheme => "elf", + }, +); diff -Nru ldns-1.7.1/contrib/android/bootstrap_ldns.sh ldns-1.8.1/contrib/android/bootstrap_ldns.sh --- ldns-1.7.1/contrib/android/bootstrap_ldns.sh 1970-01-01 00:00:00.000000000 +0000 +++ ldns-1.8.1/contrib/android/bootstrap_ldns.sh 2021-12-03 07:45:47.000000000 +0000 @@ -0,0 +1,55 @@ +#!/usr/bin/env bash + +if ! git submodule update --init; then + echo "Failed to init submodule" + exit 1 +fi + +echo "AUTOTOOLS_BUILD: $AUTOTOOLS_BUILD" +echo "AUTOTOOLS_HOST: $AUTOTOOLS_HOST" + +# libtool complains about our updated config.guess and config.sub. +# Remove them to get through bootstrap. Re-add them after libtoolize. + +echo "Running libtoolize" +if [ -n "$(command -v glibtoolize)" ]; then + rm -f config.guess config.sub + if ! glibtoolize -ci ; then + echo "Failed to libtoolize (glibtoolize)" + exit 1 + fi +elif [ -n "$(command -v libtoolize)" ]; then + rm -f config.guess config.sub + if ! libtoolize -ci ; then + echo "Failed to libtoolize (libtoolize)" + exit 1 + fi +else + echo "Failed to find a libtool" + exit 1 +fi + +echo "Updating config.guess" +if ! wget -q -O config.guess 'https://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess;hb=HEAD'; then + echo "Failed to download config.guess" +fi + +echo "Updating config.sub" +if ! wget -q -O config.sub 'https://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub;hb=HEAD'; then + echo "Failed to download config.sub" +fi + +echo "Fixing config permissions" +chmod a+x config.guess config.sub +if [ -n "$(command -v xattr 2>/dev/null)" ]; then + xattr -d com.apple.quarantine config.guess 2>/dev/null + xattr -d com.apple.quarantine config.sub 2>/dev/null +fi + +echo "Running autoreconf" +if ! autoreconf -fi ; then + echo "Failed to autoreconf" + exit 1 +fi + +exit 0 diff -Nru ldns-1.7.1/contrib/android/install_ndk.sh ldns-1.8.1/contrib/android/install_ndk.sh --- ldns-1.7.1/contrib/android/install_ndk.sh 1970-01-01 00:00:00.000000000 +0000 +++ ldns-1.8.1/contrib/android/install_ndk.sh 2021-12-03 07:45:47.000000000 +0000 @@ -0,0 +1,60 @@ +#!/usr/bin/env bash + +if [ -z "$ANDROID_SDK_ROOT" ]; then + echo "ERROR: ANDROID_SDK_ROOT is not set. Please set it." + echo "SDK root is $ANDROID_SDK_ROOT" + exit 1 +fi + +if [ -z "$ANDROID_NDK_ROOT" ]; then + echo "ERROR: ANDROID_NDK_ROOT is not set. Please set it." + echo "NDK root is $ANDROID_NDK_ROOT" + exit 1 +fi + +echo "Using ANDROID_SDK_ROOT: $ANDROID_SDK_ROOT" +echo "Using ANDROID_NDK_ROOT: $ANDROID_NDK_ROOT" + +echo "Downloading SDK" +if ! curl -L -k -s -o "$HOME/android-sdk.zip" https://dl.google.com/android/repository/commandlinetools-linux-6200805_latest.zip; +then + echo "Failed to download SDK" + exit 1 +fi + +echo "Downloading NDK" +if ! curl -L -k -s -o "$HOME/android-ndk.zip" https://dl.google.com/android/repository/android-ndk-r20b-linux-x86_64.zip; +then + echo "Failed to download NDK" + exit 1 +fi + +echo "Unpacking SDK to $ANDROID_SDK_ROOT" +if ! unzip -qq "$HOME/android-sdk.zip" -d "$ANDROID_SDK_ROOT"; +then + echo "Failed to unpack SDK" + exit 1 +fi + +echo "Unpacking NDK to $ANDROID_NDK_ROOT" +if ! unzip -qq "$HOME/android-ndk.zip" -d "$HOME"; +then + echo "Failed to unpack NDK" + exit 1 +fi + +if ! mv "$HOME/android-ndk-r20b" "$ANDROID_NDK_ROOT"; +then + echo "Failed to move $HOME/android-ndk-r20b to $ANDROID_NDK_ROOT" + exit 1 +fi + +rm -f "$HOME/android-sdk.zip" +rm -f "$HOME/android-ndk.zip" + +# https://stackoverflow.com/a/47028911/608639 +touch "$ANDROID_SDK_ROOT/repositories.cfg" + +echo "Finished installing SDK and NDK" + +exit 0 diff -Nru ldns-1.7.1/contrib/android/install_openssl.sh ldns-1.8.1/contrib/android/install_openssl.sh --- ldns-1.7.1/contrib/android/install_openssl.sh 1970-01-01 00:00:00.000000000 +0000 +++ ldns-1.8.1/contrib/android/install_openssl.sh 2021-12-03 07:45:47.000000000 +0000 @@ -0,0 +1,44 @@ +#!/usr/bin/env bash + +echo "Downloading OpenSSL" +if ! curl -L -k -s -o openssl-1.1.1d.tar.gz https://www.openssl.org/source/openssl-1.1.1d.tar.gz; +then + echo "Failed to download OpenSSL" + exit 1 +fi + +echo "Unpacking OpenSSL" +rm -rf ./openssl-1.1.1d +if ! tar -xf openssl-1.1.1d.tar.gz; +then + echo "Failed to unpack OpenSSL" + exit 1 +fi + +cd openssl-1.1.1d || exit 1 + +if ! cp ../contrib/android/15-android.conf Configurations/; then + echo "Failed to copy OpenSSL Android config" + exit 1 +fi + +echo "Configuring OpenSSL" +if ! ./Configure "$OPENSSL_HOST" no-comp no-asm no-hw no-engine shared \ + --prefix="$ANDROID_PREFIX" --openssldir="$ANDROID_PREFIX"; then + echo "Failed to configure OpenSSL" + exit 1 +fi + +echo "Building OpenSSL" +if ! make; then + echo "Failed to build OpenSSL" + exit 1 +fi + +echo "Installing OpenSSL" +if ! make install_sw; then + echo "Failed to install OpenSSL" + exit 1 +fi + +exit 0 diff -Nru ldns-1.7.1/contrib/android/install_tools.sh ldns-1.8.1/contrib/android/install_tools.sh --- ldns-1.7.1/contrib/android/install_tools.sh 1970-01-01 00:00:00.000000000 +0000 +++ ldns-1.8.1/contrib/android/install_tools.sh 2021-12-03 07:45:47.000000000 +0000 @@ -0,0 +1,26 @@ +#!/usr/bin/env bash + +# This step should install tools needed for all packages - OpenSSL and LDNS +echo "Updating tools" +sudo apt-get -qq update +sudo apt-get -qq install --no-install-recommends curl wget tar zip unzip patch perl openjdk-8-jdk autoconf automake libtool pkg-config + +# Android builds run config.guess early to determine BUILD and HOST. We need to add config.guess +# and config.sub now. Later, bootstrap_ldns.sh will handle the complete bootstrap of LDNS. + +echo "Adding config.guess" +if ! wget -q -O config.guess 'https://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess;hb=HEAD'; then + echo "Failed to download config.guess" +fi + +echo "Adding config.sub" +if ! wget -q -O config.sub 'https://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub;hb=HEAD'; then + echo "Failed to download config.sub" +fi + +echo "Fixing config permissions" +chmod a+x config.guess config.sub +if [ -n "$(command -v xattr 2>/dev/null)" ]; then + xattr -d com.apple.quarantine config.guess 2>/dev/null + xattr -d com.apple.quarantine config.sub 2>/dev/null +fi diff -Nru ldns-1.7.1/contrib/android/setenv_android.sh ldns-1.8.1/contrib/android/setenv_android.sh --- ldns-1.7.1/contrib/android/setenv_android.sh 1970-01-01 00:00:00.000000000 +0000 +++ ldns-1.8.1/contrib/android/setenv_android.sh 2021-12-03 07:45:47.000000000 +0000 @@ -0,0 +1,203 @@ +#!/usr/bin/env bash + +# ==================================================================== +# Sets the cross compile environment for Android +# +# Based upon OpenSSL's setenv-android.sh by TH, JW, and SM. +# Heavily modified by JWW for Crypto++. +# Updated by Skycoder42 for current recommendations for Android. +# Modified by JWW for LDNS. +# ==================================================================== + +######################################### +##### Some validation ##### +######################################### + +if [ -z "$ANDROID_API" ]; then + echo "ANDROID_API is not set. Please set it" + [[ "$0" = "${BASH_SOURCE[0]}" ]] && exit 1 || return 1 +fi + +if [ -z "$ANDROID_CPU" ]; then + echo "ANDROID_CPU is not set. Please set it" + [[ "$0" = "${BASH_SOURCE[0]}" ]] && exit 1 || return 1 +fi + +if [ ! -d "$ANDROID_NDK_ROOT" ]; then + echo "ERROR: ANDROID_NDK_ROOT is not a valid path. Please set it." + echo "NDK root is $ANDROID_NDK_ROOT" + [ "$0" = "${BASH_SOURCE[0]}" ] && exit 1 || return 1 +fi + +# cryptest-android.sh may run this script without sourcing. +if [ "$0" = "${BASH_SOURCE[0]}" ]; then + echo "setenv-android.sh is usually sourced, but not this time." +fi + +##################################################################### + +# Need to set THIS_HOST to darwin-x86_64, linux-x86_64, +# windows, or windows-x86_64 + +if [[ "$(uname -s | grep -i -c darwin)" -ne 0 ]]; then + THIS_HOST=darwin-x86_64 +elif [[ "$(uname -s | grep -i -c linux)" -ne 0 ]]; then + THIS_HOST=linux-x86_64 +else + echo "ERROR: Unknown host" + [ "$0" = "${BASH_SOURCE[0]}" ] && exit 1 || return 1 +fi + +ANDROID_TOOLCHAIN="$ANDROID_NDK_ROOT/toolchains/llvm/prebuilt/$THIS_HOST/bin" +ANDROID_SYSROOT="$ANDROID_NDK_ROOT/toolchains/llvm/prebuilt/$THIS_HOST/sysroot" + +# Error checking +if [ ! -d "$ANDROID_TOOLCHAIN" ]; then + echo "ERROR: ANDROID_TOOLCHAIN is not a valid path. Please set it." + echo "Path is $ANDROID_TOOLCHAIN" + [ "$0" = "${BASH_SOURCE[0]}" ] && exit 1 || return 1 +fi + +# Error checking +if [ ! -d "$ANDROID_SYSROOT" ]; then + echo "ERROR: ANDROID_SYSROOT is not a valid path. Please set it." + echo "Path is $ANDROID_SYSROOT" + [ "$0" = "${BASH_SOURCE[0]}" ] && exit 1 || return 1 +fi + +##################################################################### + +THE_ARCH=$(tr '[:upper:]' '[:lower:]' <<< "$ANDROID_CPU") + +# https://developer.android.com/ndk/guides/abis.html +case "$THE_ARCH" in + armv7*|armeabi*) + CC="armv7a-linux-androideabi$ANDROID_API-clang" + CXX="armv7a-linux-androideabi$ANDROID_API-clang++" + LD="arm-linux-androideabi-ld" + AS="arm-linux-androideabi-as" + AR="arm-linux-androideabi-ar" + RANLIB="arm-linux-androideabi-ranlib" + STRIP="arm-linux-androideabi-strip" + + CFLAGS="-march=armv7-a -mthumb -mfloat-abi=softfp -funwind-tables -fexceptions" + CXXFLAGS="-march=armv7-a -mthumb -mfloat-abi=softfp -funwind-tables -fexceptions -frtti" + ;; + + armv8*|aarch64|arm64) + CC="aarch64-linux-android$ANDROID_API-clang" + CXX="aarch64-linux-android$ANDROID_API-clang++" + LD="aarch64-linux-android-ld" + AS="aarch64-linux-android-as" + AR="aarch64-linux-android-ar" + RANLIB="aarch64-linux-android-ranlib" + STRIP="aarch64-linux-android-strip" + + CFLAGS="-funwind-tables -fexceptions" + CXXFLAGS="-funwind-tables -fexceptions -frtti" + ;; + + x86) + CC="i686-linux-android$ANDROID_API-clang" + CXX="i686-linux-android$ANDROID_API-clang++" + LD="i686-linux-android-ld" + AS="i686-linux-android-as" + AR="i686-linux-android-ar" + RANLIB="i686-linux-android-ranlib" + STRIP="i686-linux-android-strip" + + CFLAGS="-mtune=intel -mssse3 -mfpmath=sse -funwind-tables -fexceptions" + CXXFLAGS="-mtune=intel -mssse3 -mfpmath=sse -funwind-tables -fexceptions -frtti" + ;; + + x86_64|x64) + CC="x86_64-linux-android$ANDROID_API-clang" + CXX="x86_64-linux-android$ANDROID_API-clang++" + LD="x86_64-linux-android-ld" + AS="x86_64-linux-android-as" + AR="x86_64-linux-android-ar" + RANLIB="x86_64-linux-android-ranlib" + STRIP="x86_64-linux-android-strip" + + CFLAGS="-march=x86-64 -msse4.2 -mpopcnt -mtune=intel -funwind-tables -fexceptions" + CXXFLAGS="-march=x86-64 -msse4.2 -mpopcnt -mtune=intel -funwind-tables -fexceptions -frtti" + ;; + + *) + echo "ERROR: Unknown architecture $ANDROID_CPU" + [ "$0" = "${BASH_SOURCE[0]}" ] && exit 1 || return 1 + ;; +esac + +##################################################################### + +# Error checking +if [ ! -e "$ANDROID_TOOLCHAIN/$CC" ]; then + echo "ERROR: Failed to find Android clang. Please edit this script." + [ "$0" = "${BASH_SOURCE[0]}" ] && exit 1 || return 1 +fi + +# Error checking +if [ ! -e "$ANDROID_TOOLCHAIN/$CXX" ]; then + echo "ERROR: Failed to find Android clang++. Please edit this script." + [ "$0" = "${BASH_SOURCE[0]}" ] && exit 1 || return 1 +fi + +# Error checking +if [ ! -e "$ANDROID_TOOLCHAIN/$RANLIB" ]; then + echo "ERROR: Failed to find Android ranlib. Please edit this script." + [ "$0" = "${BASH_SOURCE[0]}" ] && exit 1 || return 1 +fi + +# Error checking +if [ ! -e "$ANDROID_TOOLCHAIN/$AR" ]; then + echo "ERROR: Failed to find Android ar. Please edit this script." + [ "$0" = "${BASH_SOURCE[0]}" ] && exit 1 || return 1 +fi + +# Error checking +if [ ! -e "$ANDROID_TOOLCHAIN/$AS" ]; then + echo "ERROR: Failed to find Android as. Please edit this script." + [ "$0" = "${BASH_SOURCE[0]}" ] && exit 1 || return 1 +fi + +# Error checking +if [ ! -e "$ANDROID_TOOLCHAIN/$LD" ]; then + echo "ERROR: Failed to find Android ld. Please edit this script." + [ "$0" = "${BASH_SOURCE[0]}" ] && exit 1 || return 1 +fi + +##################################################################### + +LENGTH=${#ANDROID_TOOLCHAIN} +SUBSTR=${PATH:0:$LENGTH} +if [ "$SUBSTR" != "$ANDROID_TOOLCHAIN" ]; then + export PATH="$ANDROID_TOOLCHAIN:$PATH" +fi + +##################################################################### + +export CPP CC CXX LD AS AR RANLIB STRIP +export ANDROID_SYSROOT="$AOSP_SYSROOT" +export CPPFLAGS="-D__ANDROID_API__=$ANDROID_API" +export CFLAGS="$CFLAGS --sysroot=$AOSP_SYSROOT" +export CXXFLAGS="$CXXFLAGS -stdlib=libc++ --sysroot=$AOSP_SYSROOT" + +##################################################################### + +echo "ANDROID_TOOLCHAIN: $ANDROID_TOOLCHAIN" + +echo "CPP: $(command -v "$CPP")" +echo "CC: $(command -v "$CC")" +echo "CXX: $(command -v "$CXX")" +echo "LD: $(command -v "$LD")" +echo "AS: $(command -v "$AS")" +echo "AR: $(command -v "$AR")" + +echo "ANDROID_SYSROOT: $ANDROID_SYSROOT" + +echo "CPPFLAGS: $CPPFLAGS" +echo "CFLAGS: $CFLAGS" +echo "CXXFLAGS: $CXXFLAGS" + +[ "$0" = "${BASH_SOURCE[0]}" ] && exit 0 || return 0 diff -Nru ldns-1.7.1/contrib/DNS-LDNS/Makefile.PL ldns-1.8.1/contrib/DNS-LDNS/Makefile.PL --- ldns-1.7.1/contrib/DNS-LDNS/Makefile.PL 2019-07-26 15:07:51.000000000 +0000 +++ ldns-1.8.1/contrib/DNS-LDNS/Makefile.PL 2021-12-03 07:45:58.000000000 +0000 @@ -1,5 +1,5 @@ # This Makefile.PL for DNS-LDNS was generated by -# Dist::Zilla::Plugin::MakeMaker::Awesome 0.47. +# Dist::Zilla::Plugin::MakeMaker::Awesome 0.48. # Don't edit it but the dist.ini and plugins used to construct it. use strict; diff -Nru ldns-1.7.1/contrib/DNS-LDNS/META.yml ldns-1.8.1/contrib/DNS-LDNS/META.yml --- ldns-1.7.1/contrib/DNS-LDNS/META.yml 2019-07-26 15:07:51.000000000 +0000 +++ ldns-1.8.1/contrib/DNS-LDNS/META.yml 2021-12-03 07:45:58.000000000 +0000 @@ -10,7 +10,7 @@ Devel::CheckLib: '0.9' ExtUtils::MakeMaker: '0' dynamic_config: 0 -generated_by: 'Dist::Zilla version 6.012, CPAN::Meta::Converter version 2.150010' +generated_by: 'Dist::Zilla version 6.017, CPAN::Meta::Converter version 2.150010' license: restrictive meta-spec: url: http://module-build.sourceforge.net/META-spec-v1.4.html @@ -25,5 +25,5 @@ strict: '0' warnings: '0' version: '0.61' -x_generated_by_perl: v5.28.1 +x_generated_by_perl: v5.32.1 x_serialization_backend: 'YAML::Tiny version 1.73' diff -Nru ldns-1.7.1/contrib/ios/15-ios.conf ldns-1.8.1/contrib/ios/15-ios.conf --- ldns-1.7.1/contrib/ios/15-ios.conf 1970-01-01 00:00:00.000000000 +0000 +++ ldns-1.8.1/contrib/ios/15-ios.conf 2021-12-03 07:45:47.000000000 +0000 @@ -0,0 +1,41 @@ +#### iPhoneOS/iOS +# +# It takes recent enough Xcode to use following two targets. It shouldn't +# be a problem by now, but if they don't work, original targets below +# that depend on manual definition of environment variables should still +# work... +# +my %targets = ( + "ios-common" => { + template => 1, + inherit_from => [ "darwin-common" ], + sys_id => "iOS", + disable => [ "engine", "async" ], + }, + "ios-xcrun" => { + inherit_from => [ "ios-common", asm("armv4_asm") ], + bn_ops => [ "BN_LLONG", "RC4_CHAR" ], + perlasm_scheme => "ios32", + }, + "ios64-xcrun" => { + inherit_from => [ "ios-common", asm("aarch64_asm") ], + bn_ops => [ "SIXTY_FOUR_BIT_LONG", "RC4_CHAR" ], + perlasm_scheme => "ios64", + }, + "iossimulator-xcrun" => { + inherit_from => [ "ios-common" ], + }, + + "iphoneos-cross" => { + inherit_from => [ "ios-common" ], + cflags => add("-Wall -fno-common"), + }, + "ios-cross" => { + inherit_from => [ "ios-xcrun" ], + cflags => add("-Wall -fno-common"), + }, + "ios64-cross" => { + inherit_from => [ "ios64-xcrun" ], + cflags => add("-Wall -fno-common"), + }, +); diff -Nru ldns-1.7.1/contrib/ios/bootstrap_ldns.sh ldns-1.8.1/contrib/ios/bootstrap_ldns.sh --- ldns-1.7.1/contrib/ios/bootstrap_ldns.sh 1970-01-01 00:00:00.000000000 +0000 +++ ldns-1.8.1/contrib/ios/bootstrap_ldns.sh 2021-12-03 07:45:47.000000000 +0000 @@ -0,0 +1,55 @@ +#!/usr/bin/env bash + +if ! git submodule update --init; then + echo "Failed to init submodule" + exit 1 +fi + +echo "AUTOTOOLS_BUILD: $AUTOTOOLS_BUILD" +echo "AUTOTOOLS_HOST: $AUTOTOOLS_HOST" + +# libtool complains about our updated config.guess and config.sub. +# Remove them to get through bootstrap. Re-add them after libtoolize. + +echo "Running libtoolize" +if [ -n "$(command -v glibtoolize)" ]; then + rm -f config.guess config.sub + if ! glibtoolize -ci ; then + echo "Failed to libtoolize (glibtoolize)" + exit 1 + fi +elif [ -n "$(command -v libtoolize)" ]; then + rm -f config.guess config.sub + if ! libtoolize -ci ; then + echo "Failed to libtoolize (libtoolize)" + exit 1 + fi +else + echo "Failed to find a libtool" + exit 1 +fi + +echo "Updating config.guess" +if ! wget -q -O config.guess 'https://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess;hb=HEAD'; then + echo "Failed to download config.guess" +fi + +echo "Updating config.sub" +if ! wget -q -O config.sub 'https://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub;hb=HEAD'; then + echo "Failed to download config.sub" +fi + +echo "Fixing config permissions" +chmod a+x config.guess config.sub +if [ -n "$(command -v xattr 2>/dev/null)" ]; then + xattr -d com.apple.quarantine config.guess 2>/dev/null + xattr -d com.apple.quarantine config.sub 2>/dev/null +fi + +echo "Running autoreconf" +if ! autoreconf -fi ; then + echo "Failed to autoreconf" + exit 1 +fi + +exit 0 diff -Nru ldns-1.7.1/contrib/ios/install_openssl.sh ldns-1.8.1/contrib/ios/install_openssl.sh --- ldns-1.7.1/contrib/ios/install_openssl.sh 1970-01-01 00:00:00.000000000 +0000 +++ ldns-1.8.1/contrib/ios/install_openssl.sh 2021-12-03 07:45:47.000000000 +0000 @@ -0,0 +1,52 @@ +#!/usr/bin/env bash + +echo "Downloading OpenSSL" +if ! curl -L -k -s -o openssl-1.1.1d.tar.gz https://www.openssl.org/source/openssl-1.1.1d.tar.gz; +then + echo "Failed to download OpenSSL" + exit 1 +fi + +echo "Unpacking OpenSSL" +rm -rf ./openssl-1.1.1d +if ! tar -xf openssl-1.1.1d.tar.gz; +then + echo "Failed to unpack OpenSSL" + exit 1 +fi + +cd openssl-1.1.1d || exit 1 + +if ! cp ../contrib/ios/15-ios.conf Configurations/; then + echo "Failed to copy OpenSSL ios config" + exit 1 +fi + +# ocsp.c:947:23: error: 'fork' is unavailable: not available on tvOS +# ocsp.c:978:23: error: 'fork' is unavailable: not available on watchOS +# Also see https://github.com/openssl/openssl/issues/7607. +if ! patch -u -p0 < ../contrib/ios/openssl.patch; then + echo "Failed to patch OpenSSL" + exit 1 +fi + +echo "Configuring OpenSSL" +if ! ./Configure "$OPENSSL_HOST" -DNO_FORK no-comp no-asm no-hw no-engine no-tests no-unit-test \ + --prefix="$IOS_PREFIX" --openssldir="$IOS_PREFIX"; then + echo "Failed to configure OpenSSL" + exit 1 +fi + +echo "Building OpenSSL" +if ! make; then + echo "Failed to build OpenSSL" + exit 1 +fi + +echo "Installing OpenSSL" +if ! make install_sw; then + echo "Failed to install OpenSSL" + exit 1 +fi + +exit 0 diff -Nru ldns-1.7.1/contrib/ios/install_tools.sh ldns-1.8.1/contrib/ios/install_tools.sh --- ldns-1.7.1/contrib/ios/install_tools.sh 1970-01-01 00:00:00.000000000 +0000 +++ ldns-1.8.1/contrib/ios/install_tools.sh 2021-12-03 07:45:47.000000000 +0000 @@ -0,0 +1,9 @@ +#!/usr/bin/env bash + +# This step should install tools needed for all packages - OpenSSL and LDNS +# When running on Travis, Homebrew fails in unusual ways, hence '|| true'. +# https://travis-ci.community/t/homebrew-fails-because-an-automake-update-is-an-error/7831/3 +echo "Updating tools" +brew update 1>/dev/null || true +echo "Installing tools" +brew install autoconf automake libtool pkg-config curl perl 1>/dev/null || true diff -Nru ldns-1.7.1/contrib/ios/openssl.patch ldns-1.8.1/contrib/ios/openssl.patch --- ldns-1.7.1/contrib/ios/openssl.patch 1970-01-01 00:00:00.000000000 +0000 +++ ldns-1.8.1/contrib/ios/openssl.patch 2021-12-03 07:45:47.000000000 +0000 @@ -0,0 +1,48 @@ +--- apps/speed.c ++++ apps/speed.c +@@ -99,6 +99,13 @@ + #endif + #include + ++/* fork() breaks AppleTVOS, WatchOS, AppleTVSimulator and WatchSimulator */ ++/* Users should configure with -DNO_FORK */ ++#if defined(NO_FORK) ++# undef HAVE_FORK ++# define HAVE_FORK 0 ++#endif ++ + #ifndef HAVE_FORK + # if defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_VXWORKS) + # define HAVE_FORK 0 +@@ -110,6 +117,7 @@ + #if HAVE_FORK + # undef NO_FORK + #else ++# undef NO_FORK + # define NO_FORK + #endif + +--- apps/ocsp.c ++++ apps/ocsp.c +@@ -36,6 +36,13 @@ + # include + # include + ++/* fork() breaks AppleTVOS, WatchOS, AppleTVSimulator and WatchSimulator */ ++/* Users should configure with -DNO_FORK */ ++#if defined(NO_FORK) ++# undef HAVE_FORK ++# define HAVE_FORK 0 ++#endif ++ + #ifndef HAVE_FORK + # if defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_WINDOWS) + # define HAVE_FORK 0 +@@ -47,6 +54,7 @@ + #if HAVE_FORK + # undef NO_FORK + #else ++# undef NO_FORK + # define NO_FORK + #endif + diff -Nru ldns-1.7.1/contrib/ios/setenv_ios.sh ldns-1.8.1/contrib/ios/setenv_ios.sh --- ldns-1.7.1/contrib/ios/setenv_ios.sh 1970-01-01 00:00:00.000000000 +0000 +++ ldns-1.8.1/contrib/ios/setenv_ios.sh 2021-12-03 07:45:47.000000000 +0000 @@ -0,0 +1,274 @@ +#!/usr/bin/env bash + +# ==================================================================== +# Sets the cross compile environment for Xcode/iOS +# +# Based upon OpenSSL's setenv-ios.sh by TH, JW, and SM. +# Heavily modified by JWW for Crypto++. +# Modified by JWW for LDNS. +# ==================================================================== + +######################################### +##### Some validation ##### +######################################### + +# In the past we could mostly infer arch or cpu from the SDK (and +# mostly vice-versa). Nowadays we need it set for us because Apple +# platforms can be either 32-bit or 64-bit. + +if [ -z "$IOS_SDK" ]; then + echo "IOS_SDK is not set. Please set it" + [[ "$0" = "${BASH_SOURCE[0]}" ]] && exit 1 || return 1 +fi + +if [ -z "$IOS_CPU" ]; then + echo "IOS_CPU is not set. Please set it" + [[ "$0" = "${BASH_SOURCE[0]}" ]] && exit 1 || return 1 +fi + +# cryptest-ios.sh may run this script without sourcing. +if [ "$0" = "${BASH_SOURCE[0]}" ]; then + echo "setenv-ios.sh is usually sourced, but not this time." +fi + +######################################### +##### Small Fixups, if needed ##### +######################################### + +if [[ "$IOS_SDK" == "iPhone" ]]; then + IOS_SDK=iPhoneOS +fi + +if [[ "$IOS_SDK" == "iPhoneOSSimulator" ]]; then + IOS_SDK=iPhoneSimulator +fi + +if [[ "$IOS_SDK" == "TV" || "$IOS_SDK" == "AppleTV" ]]; then + IOS_SDK=AppleTVOS +fi + +if [[ "$IOS_SDK" == "Watch" || "$IOS_SDK" == "AppleWatch" ]]; then + IOS_SDK=WatchOS +fi + +if [[ "$IOS_CPU" == "aarch64" || "$IOS_CPU" == "armv8"* ]] ; then + IOS_CPU=arm64 +fi + +######################################## +##### Environment ##### +######################################## + +# The flags below were tested with Xcode 8 on Travis. If +# you use downlevel versions of Xcode, then you can push +# xxx-version-min=n lower. For example, Xcode 6 can use +# -miphoneos-version-min=5. + +# iPhones can be either 32-bit or 64-bit +if [[ "$IOS_SDK" == "iPhoneOS" && "$IOS_CPU" == "armv7"* ]]; then + MIN_VER=-miphoneos-version-min=6 +elif [[ "$IOS_SDK" == "iPhoneOS" && "$IOS_CPU" == "arm64" ]]; then + MIN_VER=-miphoneos-version-min=6 + +# Fixups for convenience +elif [[ "$IOS_SDK" == "iPhoneOS" && "$IOS_CPU" == "i386" ]]; then + IOS_SDK=iPhoneSimulator + # MIN_VER=-miphoneos-version-min=6 + MIN_VER=-miphonesimulator-version-min=6 +elif [[ "$IOS_SDK" == "iPhoneOS" && "$IOS_CPU" == "x86_64" ]]; then + IOS_SDK=iPhoneSimulator + # MIN_VER=-miphoneos-version-min=6 + MIN_VER=-miphonesimulator-version-min=6 + +# Simulator builds +elif [[ "$IOS_SDK" == "iPhoneSimulator" && "$IOS_CPU" == "i386" ]]; then + MIN_VER=-miphonesimulator-version-min=6 +elif [[ "$IOS_SDK" == "iPhoneSimulator" && "$IOS_CPU" == "x86_64" ]]; then + MIN_VER=-miphonesimulator-version-min=6 + +# Apple TV can be 32-bit Intel (1st gen), 32-bit ARM (2nd, 3rd gen) or 64-bit ARM (4th gen) +elif [[ "$IOS_SDK" == "AppleTVOS" && "$IOS_CPU" == "i386" ]]; then + MIN_VER=-mappletvos-version-min=6 +elif [[ "$IOS_SDK" == "AppleTVOS" && "$IOS_CPU" == "armv7"* ]]; then + MIN_VER=-mappletvos-version-min=6 +elif [[ "$IOS_SDK" == "AppleTVOS" && "$IOS_CPU" == "arm64" ]]; then + MIN_VER=-mappletvos-version-min=6 + +# Simulator builds +elif [[ "$IOS_SDK" == "AppleTVSimulator" && "$IOS_CPU" == "i386" ]]; then + MIN_VER=-mappletvsimulator-version-min=6 +elif [[ "$IOS_SDK" == "AppleTVSimulator" && "$IOS_CPU" == "x86_64" ]]; then + MIN_VER=-mappletvsimulator-version-min=6 + +# Watch can be either 32-bit or 64-bit ARM. TODO: figure out which +# -mwatchos-version-min=n is needed for arm64. 9 is not enough. +elif [[ "$IOS_SDK" == "WatchOS" && "$IOS_CPU" == "armv7"* ]]; then + MIN_VER=-mwatchos-version-min=6 +elif [[ "$IOS_SDK" == "WatchOS" && "$IOS_CPU" == "arm64" ]]; then + MIN_VER=-mwatchos-version-min=10 + +# Simulator builds. TODO: figure out which -watchos-version-min=n +# is needed for arm64. 6 compiles and links, but is it correct? +elif [[ "$IOS_SDK" == "WatchSimulator" && "$IOS_CPU" == "i386" ]]; then + MIN_VER=-mwatchsimulator-version-min=6 +elif [[ "$IOS_SDK" == "WatchSimulator" && "$IOS_CPU" == "x86_64" ]]; then + MIN_VER=-mwatchsimulator-version-min=6 + +# And the final catch-all +else + echo "IOS_SDK and IOS_CPU are not valid. Please fix them" + [[ "$0" = "${BASH_SOURCE[0]}" ]] && exit 1 || return 1 +fi + +##################################################################### + +# Xcode 6 and below cannot handle -miphonesimulator-version-min +# Fix it so the simulator will compile as expected. This trick +# may work on other SDKs, but it was not tested. + +if [ -n "$(command -v xcodebuild 2>/dev/null)" ]; then + # Output of xcodebuild is similar to "Xcode 6.2". The first cut gets + # the dotted decimal value. The second cut gets the major version. + XCODE_VERSION=$(xcodebuild -version 2>/dev/null | head -n 1 | cut -f2 -d" " | cut -f1 -d".") + if [ -z "$XCODE_VERSION" ]; then XCODE_VERSION=100; fi + + if [ "$XCODE_VERSION" -le 6 ]; then + MIN_VER="${MIN_VER//iphonesimulator/iphoneos}" + fi +fi + +##################################################################### + +# Allow a user override? I think we should be doing this. The use case is, +# move /Applications/Xcode somewhere else for a side-by-side installation. +if [ -z "${XCODE_DEVELOPER-}" ]; then + XCODE_DEVELOPER=$(xcode-select -print-path 2>/dev/null) +fi + +if [ ! -d "$XCODE_DEVELOPER" ]; then + echo "ERROR: unable to find XCODE_DEVELOPER directory." + [ "$0" = "${BASH_SOURCE[0]}" ] && exit 1 || return 1 +fi + +# XCODE_DEVELOPER_SDK is the SDK location. +XCODE_DEVELOPER_SDK="$XCODE_DEVELOPER/Platforms/$IOS_SDK.platform" + +if [ ! -d "$XCODE_DEVELOPER_SDK" ]; then + echo "ERROR: unable to find XCODE_DEVELOPER_SDK directory." + echo " Is the SDK supported by Xcode and installed?" + [ "$0" = "${BASH_SOURCE[0]}" ] && exit 1 || return 1 +fi + +# XCODE_TOOLCHAIN is the location of the actual compiler tools. +if [ -d "$XCODE_DEVELOPER/Toolchains/XcodeDefault.xctoolchain/usr/bin/" ]; then + XCODE_TOOLCHAIN="$XCODE_DEVELOPER/Toolchains/XcodeDefault.xctoolchain/usr/bin/" +elif [ -d "$XCODE_DEVELOPER_SDK/Developer/usr/bin/" ]; then + XCODE_TOOLCHAIN="$XCODE_DEVELOPER_SDK/Developer/usr/bin/" +fi + +if [ -z "$XCODE_TOOLCHAIN" ] || [ ! -d "$XCODE_TOOLCHAIN" ]; then + echo "ERROR: unable to find Xcode cross-compiler tools." + [ "$0" = "${BASH_SOURCE[0]}" ] && exit 1 || return 1 +fi + +# XCODE_SDK is the SDK name/version being used - adjust the list as appropriate. +# For example, remove 4.3, 6.2, and 6.1 if they are not installed. We go back to +# the 1.0 SDKs because Apple WatchOS uses low numbers, like 2.0 and 2.1. +XCODE_SDK= +for i in $(seq -f "%.1f" 30.0 -0.1 1.0) +do + if [ -d "$XCODE_DEVELOPER_SDK/Developer/SDKs/$IOS_SDK$i.sdk" ]; then + XCODE_SDK="$IOS_SDK$i.sdk" + break + fi +done + +# Error checking +if [ -z "$XCODE_SDK" ]; then + echo "ERROR: unable to find a SDK." + [ "$0" = "${BASH_SOURCE[0]}" ] && exit 1 || return 1 +fi + +IOS_SYSROOT="$XCODE_DEVELOPER_SDK/Developer/SDKs/$XCODE_SDK" + +if [ -z "$IOS_SYSROOT" ] || [ ! -d "$IOS_SYSROOT" ]; then + echo "ERROR: unable to find IOS_SYSROOT directory." + [ "$0" = "${BASH_SOURCE[0]}" ] && exit 1 || return 1 +fi + +##################################################################### + +# We want to set AR=libtool and ARFLAGS="-static -o", +# but I am not sure Autotools can handle it. +CPP=cpp; CC=clang; CXX=clang++; LD=ld +AS=as; AR=ar; RANLIB=ranlib; STRIP=strip + +# Error checking +if [ ! -e "$XCODE_TOOLCHAIN/$CC" ]; then + echo "ERROR: Failed to find iOS clang. Please edit this script." + [ "$0" = "${BASH_SOURCE[0]}" ] && exit 1 || return 1 +fi + +# Error checking +if [ ! -e "$XCODE_TOOLCHAIN/$CXX" ]; then + echo "ERROR: Failed to find iOS clang++. Please edit this script." + [ "$0" = "${BASH_SOURCE[0]}" ] && exit 1 || return 1 +fi + +# Error checking +if [ ! -e "$XCODE_TOOLCHAIN/$RANLIB" ]; then + echo "ERROR: Failed to find iOS ranlib. Please edit this script." + [ "$0" = "${BASH_SOURCE[0]}" ] && exit 1 || return 1 +fi + +# Error checking +if [ ! -e "$XCODE_TOOLCHAIN/$AR" ]; then + echo "ERROR: Failed to find iOS ar. Please edit this script." + [ "$0" = "${BASH_SOURCE[0]}" ] && exit 1 || return 1 +fi + +# Error checking +if [ ! -e "$XCODE_TOOLCHAIN/$AS" ]; then + echo "ERROR: Failed to find iOS as. Please edit this script." + [ "$0" = "${BASH_SOURCE[0]}" ] && exit 1 || return 1 +fi + +# Error checking +if [ ! -e "$XCODE_TOOLCHAIN/$LD" ]; then + echo "ERROR: Failed to find iOS ld. Please edit this script." + [ "$0" = "${BASH_SOURCE[0]}" ] && exit 1 || return 1 +fi + +##################################################################### + +LENGTH=${#XCODE_TOOLCHAIN} +SUBSTR=${PATH:0:$LENGTH} +if [ "$SUBSTR" != "$XCODE_TOOLCHAIN" ]; then + export PATH="$XCODE_TOOLCHAIN":"$PATH" +fi + +##################################################################### + +export CPP CC CXX LD AS AR RANLIB STRIP +export IOS_SYSROOT +export CFLAGS="-arch $IOS_CPU $MIN_VER --sysroot=$IOS_SYSROOT" +export CXXFLAGS="-arch $IOS_CPU $MIN_VER -stdlib-libc++ --sysroot=$IOS_SYSROOT" + +##################################################################### + +echo "XCODE_TOOLCHAIN: $XCODE_TOOLCHAIN" + +echo "CPP: $(command -v "$CPP")" +echo "CC: $(command -v "$CC")" +echo "CXX: $(command -v "$CXX")" +echo "LD: $(command -v "$LD")" +echo "AS: $(command -v "$AS")" +echo "AR: $(command -v "$AR")" + +echo "IOS_SYSROOT: $IOS_SYSROOT" + +echo "CPPFLAGS: $CPPFLAGS" +echo "CFLAGS: $CFLAGS" +echo "CXXFLAGS: $CXXFLAGS" + +[ "$0" = "${BASH_SOURCE[0]}" ] && exit 0 || return 0 diff -Nru ldns-1.7.1/contrib/ldnsx/ldnsx.py ldns-1.8.1/contrib/ldnsx/ldnsx.py --- ldns-1.7.1/contrib/ldnsx/ldnsx.py 2019-07-26 15:07:44.000000000 +0000 +++ ldns-1.8.1/contrib/ldnsx/ldnsx.py 2021-12-03 07:45:47.000000000 +0000 @@ -4,9 +4,9 @@ """ Easy DNS (including DNSSEC) via ldns. -ldns is a great library. It is a powerfull tool for +ldns is a great library. It is a powerful tool for working with DNS. python-ldns it is a straight up clone of the C -interface, howver that is not a very good interface for python. Its +interface, however that is not a very good interface for python. Its documentation is incomplete and some functions don't work as described. And some objects don't have a full python API. @@ -204,7 +204,7 @@ defaults to settings from /etc/resolv.conf * dnssec -- should the resolver try and use dnssec or not? * tcp -- should the resolver use TCP - 'auto' is a depricated work around for old ldns problems + 'auto' is a deprecated work around for old ldns problems * port -- the port to use, must be the same for all nameservers """ @@ -238,7 +238,7 @@ * rr_type -- the record type to query for * rr_class -- the class to query for, defaults to IN (Internet) * flags -- the flags to send the query with - * tries -- the number of times to attempt to acheive query in case of packet loss, etc + * tries -- the number of times to attempt to achieve query in case of packet loss, etc **Examples** @@ -284,7 +284,7 @@ If the version of ldnsx you are using is old, it is possible that there could be new rr_types that we don't recognise mnemonic for. You can still use the number XXX or the string "TYPEXXX". To - determine what rr_type menmonics we support, please refer to resolver.supported_rr_types() + determine what rr_type mnemonics we support, please refer to resolver.supported_rr_types() """ # Determine rr_type int @@ -320,7 +320,7 @@ pkt = self._ldns_resolver.query(name, _rr_type, _rr_class, _flags) except KeyboardInterrupt: #Since so much time is spent waiting on ldns, this is very common place for Ctr-C to fall raise - except: #Since the ldns exceptiion is not very descriptive... + except: #Since the ldns exception is not very descriptive... raise Exception("ldns backend ran into problems. Likely, the name you were querying for, %s, was invalid." % name) #Deal with failed queries if not pkt: @@ -497,7 +497,7 @@ Example returned value: "NOERROR" - possilbe rcodes (via ldns): "FORMERR", "MASK", "NOERROR", + possible rcodes (via ldns): "FORMERR", "MASK", "NOERROR", "NOTAUTH", "NOTIMPL", "NOTZONE", "NXDOMAIN", "NXRSET", "REFUSED", "SERVFAIL", "SHIFT", "YXDOMAIN", "YXRRSET" @@ -823,7 +823,7 @@ return -1 def protocol(self): - """ Returns proticol of the DNSKEY""" + """ Returns protocol of the DNSKEY""" t = self.rr_type() if t == "DNSKEY": return int(self[5]) diff -Nru ldns-1.7.1/contrib/ldnsx/README ldns-1.8.1/contrib/ldnsx/README --- ldns-1.7.1/contrib/ldnsx/README 2019-07-26 15:07:44.000000000 +0000 +++ ldns-1.8.1/contrib/ldnsx/README 2021-12-03 07:45:47.000000000 +0000 @@ -1,8 +1,8 @@ LDNSX: Easy DNS (including DNSSEC) via ldns. -ldns is a great library. It is a powerfull tool for +ldns is a great library. It is a powerful tool for working with DNS. python-ldns it is a straight up clone of the C -interface, howver that is not a very good interface for python. Its +interface, however that is not a very good interface for python. Its documentation is incomplete and some functions don't work as described. And some objects don't have a full python API. diff -Nru ldns-1.7.1/contrib/ldnsx/source/index.rst ldns-1.8.1/contrib/ldnsx/source/index.rst --- ldns-1.7.1/contrib/ldnsx/source/index.rst 2019-07-26 15:07:44.000000000 +0000 +++ ldns-1.8.1/contrib/ldnsx/source/index.rst 2021-12-03 07:45:47.000000000 +0000 @@ -3,9 +3,9 @@ LDNSX: Easy DNS (including DNSSEC) via ldns. -ldns is a great library. It is a powerfull tool for +ldns is a great library. It is a powerful tool for working with DNS. python-ldns it is a straight up clone of the C -interface, howver that is not a very good interface for python. Its +interface, however that is not a very good interface for python. Its documentation is incomplete and some functions don't work as described. And some objects don't have a full python API. diff -Nru ldns-1.7.1/contrib/python/Changelog ldns-1.8.1/contrib/python/Changelog --- ldns-1.7.1/contrib/python/Changelog 2019-07-26 15:07:44.000000000 +0000 +++ ldns-1.8.1/contrib/python/Changelog 2021-12-03 07:45:47.000000000 +0000 @@ -2,7 +2,7 @@ * Added ldns_rdf.data_as_bytearray(). The method returns a bytearray object containing rdf data. * Changed the behaviour of ldns_resolver.trusted_key() in order to prevent - memory corrupotion and leaks. + memory corruption and leaks. * Fixed memory leaks when destroying ldns_resolver. * Removed ldns_pkt.section_count(), ldns_resolver.set_searchlist_count() because it is marked static in the library. diff -Nru ldns-1.7.1/contrib/python/docs/source/examples/example1.rst ldns-1.8.1/contrib/python/docs/source/examples/example1.rst --- ldns-1.7.1/contrib/python/docs/source/examples/example1.rst 2019-07-26 15:07:44.000000000 +0000 +++ ldns-1.8.1/contrib/python/docs/source/examples/example1.rst 2021-12-03 07:45:47.000000000 +0000 @@ -50,7 +50,7 @@ pkt = resolver.query(dname, ldns.LDNS_RR_TYPE_MX, ldns.LDNS_RR_CLASS_IN, ldns.LDNS_RD) The function should return a packet if everything goes well and this packet will contain resource records we asked for. -Note that there exists a simplier way. Instead of using a dname variable, we can use a string which will be automatically converted. +Note that there exists a simpler way. Instead of using a dname variable, we can use a string which will be automatically converted. :: pkt = resolver.query("fit.vutbr.cz", ldns.LDNS_RR_TYPE_MX, ldns.LDNS_RR_CLASS_IN, ldns.LDNS_RD) diff -Nru ldns-1.7.1/contrib/python/docs/source/examples/example8.rst ldns-1.8.1/contrib/python/docs/source/examples/example8.rst --- ldns-1.7.1/contrib/python/docs/source/examples/example8.rst 2019-07-26 15:07:44.000000000 +0000 +++ ldns-1.8.1/contrib/python/docs/source/examples/example8.rst 2021-12-03 07:45:47.000000000 +0000 @@ -10,8 +10,8 @@ Signing consists of three steps -1. In the first step, the content of a zone file is readed and parsed. This can be done using :class:`ldns.ldns_zone` class. +1. In the first step, the content of a zone file is read and parsed. This can be done using :class:`ldns.ldns_zone` class. -2. In the second step, the private and public key is readed and public key is inserted into zone (as DNSKEY). +2. In the second step, the private and public key is read and public key is inserted into zone (as DNSKEY). -3. In the last step, the DNSSEC zone instace is created and all the RRs from zone file are copied here. Then, all the records are signed using :meth:`ldns.ldns_zone.sign` method. If the signing was successfull, the content of DNSSEC zone is written to a file. +3. In the last step, the DNSSEC zone instance is created and all the RRs from zone file are copied here. Then, all the records are signed using :meth:`ldns.ldns_zone.sign` method. If the signing was successful, the content of DNSSEC zone is written to a file. diff -Nru ldns-1.7.1/contrib/python/examples/test_buffer.py ldns-1.8.1/contrib/python/examples/test_buffer.py --- ldns-1.7.1/contrib/python/examples/test_buffer.py 2019-07-26 15:07:44.000000000 +0000 +++ ldns-1.8.1/contrib/python/examples/test_buffer.py 2021-12-03 07:45:47.000000000 +0000 @@ -230,7 +230,7 @@ #if not error_detected: if True: - mehod_name = "ldns_buffer.flip()" + method_name = "ldns_buffer.flip()" buf.printf("abcdef") try: buf.flip() diff -Nru ldns-1.7.1/contrib/python/examples/test_dname.py ldns-1.8.1/contrib/python/examples/test_dname.py --- ldns-1.7.1/contrib/python/examples/test_dname.py 2019-07-26 15:07:44.000000000 +0000 +++ ldns-1.8.1/contrib/python/examples/test_dname.py 2021-12-03 07:45:47.000000000 +0000 @@ -44,7 +44,7 @@ except: set_error() # - # Error when printing a dname wich was created fron an empty string. + # Error when printing a dname wich was created from an empty string. # Must find out why. # try: diff -Nru ldns-1.7.1/contrib/python/ldns_buffer.i ldns-1.8.1/contrib/python/ldns_buffer.i --- ldns-1.7.1/contrib/python/ldns_buffer.i 2019-07-26 15:07:44.000000000 +0000 +++ ldns-1.8.1/contrib/python/ldns_buffer.i 2021-12-03 07:45:47.000000000 +0000 @@ -483,7 +483,7 @@ :param amount: Amount to use. :type amount: positive integer :throws TypeError: When `amount` of non-integer type. - :return: (bool) hether this failed or succeeded. + :return: (bool) Whether this failed or succeeded. """ return _ldns.ldns_buffer_reserve(self, amount) #parameters: ldns_buffer *, size_t, diff -Nru ldns-1.7.1/contrib/python/ldns_dname.i ldns-1.8.1/contrib/python/ldns_dname.i --- ldns-1.7.1/contrib/python/ldns_dname.i 2019-07-26 15:07:44.000000000 +0000 +++ ldns-1.8.1/contrib/python/ldns_dname.i 2021-12-03 07:45:47.000000000 +0000 @@ -36,7 +36,7 @@ /* ========================================================================= */ /* - * Not here (with the exception of functions defined in this C code sction), + * Not here (with the exception of functions defined in this C code section), * must be set in ldns_rdf.i. */ @@ -46,7 +46,7 @@ /* ========================================================================= */ /* - * Not here (with the exception of functions defined in this C code sction), + * Not here (with the exception of functions defined in this C code section), * must be set in ldns_rdf.i. */ diff -Nru ldns-1.7.1/contrib/python/ldns_dnssec.i ldns-1.8.1/contrib/python/ldns_dnssec.i --- ldns-1.7.1/contrib/python/ldns_dnssec.i 2019-07-26 15:07:44.000000000 +0000 +++ ldns-1.8.1/contrib/python/ldns_dnssec.i 2021-12-03 07:45:47.000000000 +0000 @@ -163,7 +163,7 @@ @staticmethod def new_frm_rr(raiseException=True): - """Create a new instace of dnssec name for the given RR. + """Create a new instance of dnssec name for the given RR. :returns: (ldns_dnssec_name) instance """ diff -Nru ldns-1.7.1/contrib/python/ldns_key.i ldns-1.8.1/contrib/python/ldns_key.i --- ldns-1.7.1/contrib/python/ldns_key.i 2019-07-26 15:07:44.000000000 +0000 +++ ldns-1.8.1/contrib/python/ldns_key.i 2021-12-03 07:45:47.000000000 +0000 @@ -204,7 +204,7 @@ def expiration(self): """return the key's expiration date - :returns: (uint32_t) the experiration date + :returns: (uint32_t) the expiration date """ return _ldns.ldns_key_expiration(self) #parameters: const ldns_key *, @@ -514,7 +514,7 @@ """Set the keylist's key count to count. :param count: - the cuont + the count """ _ldns.ldns_key_list_set_key_count(self,count) #parameters: ldns_key_list *,size_t, diff -Nru ldns-1.7.1/contrib/python/ldns_packet.i ldns-1.8.1/contrib/python/ldns_packet.i --- ldns-1.7.1/contrib/python/ldns_packet.i 2019-07-26 15:07:44.000000000 +0000 +++ ldns-1.8.1/contrib/python/ldns_packet.i 2021-12-03 07:45:47.000000000 +0000 @@ -736,7 +736,7 @@ """ Return the packet's edns data. - :return: (:class:`ldns_rdf`) The ensd data. + :return: (:class:`ldns_rdf`) The edns data. """ return _ldns._ldns_pkt_edns_data(self) #parameters: const ldns_pkt *, @@ -1346,7 +1346,7 @@ def set_rcode(self, c): """ - Set the packet's respons code. + Set the packet's response code. :param c: The rcode. :type c: uint8_t diff -Nru ldns-1.7.1/contrib/python/ldns_rdf.i ldns-1.8.1/contrib/python/ldns_rdf.i --- ldns-1.7.1/contrib/python/ldns_rdf.i 2019-07-26 15:07:44.000000000 +0000 +++ ldns-1.8.1/contrib/python/ldns_rdf.i 2021-12-03 07:45:47.000000000 +0000 @@ -222,6 +222,7 @@ case LDNS_RDF_TYPE_TAG: return "TAG"; case LDNS_RDF_TYPE_LONG_STR: return "LONG_STR"; case LDNS_RDF_TYPE_AMTRELAY: return "AMTRELAY"; + case LDNS_RDF_TYPE_SVCPARAMS: return "SVCPARAMS"; case LDNS_RDF_TYPE_CERTIFICATE_USAGE: return "CERTIFICATE_USAGE"; case LDNS_RDF_TYPE_SELECTOR: return "SELECTOR"; @@ -585,7 +586,7 @@ """ warnings.warn("The ldns_rdf.dname_new_frm_str() method is" + " scheduled to be deprecated in future releases." + - " Use ldsn_dname constructor instead.", + " Use ldns_dname constructor instead.", PendingDeprecationWarning, stacklevel=2) return _ldns.ldns_dname_new_frm_str(string) @@ -608,7 +609,7 @@ """ warnings.warn("The ldns_rdf.absolute() method is scheduled" + " to be deprecated in future releases." + - " Convert the ldns_rdf to ldsn_dname and the use its" + + " Convert the ldns_rdf to ldns_dname and the use its" + " methods.", PendingDeprecationWarning, stacklevel=2) if self.get_type() == _ldns.LDNS_RDF_TYPE_DNAME: string = self.__str__() @@ -630,7 +631,7 @@ """ warnings.warn("The ldns_rdf.make_canonical() method is scheduled" + " to be deprecated in future releases." + - " Convert the ldns_rdf to ldsn_dname and the use its" + + " Convert the ldns_rdf to ldns_dname and the use its" + " methods.", PendingDeprecationWarning, stacklevel=2) _ldns.ldns_dname2canonical(self) @@ -653,7 +654,7 @@ """ warnings.warn("The ldns_rdf.dname_compare() method is" + " scheduled to be deprecated in future releases." + - " Convert the ldns_rdf to ldsn_dname and the use its" + + " Convert the ldns_rdf to ldns_dname and the use its" + " methods.", PendingDeprecationWarning, stacklevel=2) # # The wrapped function generates asserts instead of setting @@ -685,7 +686,7 @@ """ warnings.warn("The ldns_rdf.cat() method is scheduled" + " to be deprecated in future releases." + - " Convert the ldns_rdf to ldsn_dname and the use its" + + " Convert the ldns_rdf to ldns_dname and the use its" + " methods.", PendingDeprecationWarning, stacklevel=2) return _ldns.ldns_dname_cat(self, rd2) #parameters: ldns_rdf *, ldns_rdf *, @@ -710,7 +711,7 @@ """ warnings.warn("The ldns_rdf.cat_clone() method is scheduled" + " to be deprecated in future releases." + - " Convert the ldns_rdf to ldsn_dname and the use its" + + " Convert the ldns_rdf to ldns_dname and the use its" + " methods.", PendingDeprecationWarning, stacklevel=2) return _ldns.ldns_dname_cat_clone(self, rd2) #parameters: const ldns_rdf *, const ldns_rdf *, @@ -740,7 +741,7 @@ """ warnings.warn("The ldns_rdf.interval() method is scheduled" + " to be deprecated in future releases." + - " Convert the ldns_rdf to ldsn_dname and the use its" + + " Convert the ldns_rdf to ldns_dname and the use its" + " methods.", PendingDeprecationWarning, stacklevel=2) # # The wrapped function generates asserts instead of setting @@ -779,7 +780,7 @@ """ warnings.warn("The ldns_rdf.is_subdomain() method is scheduled" + " to be deprecated in future releases." + - " Convert the ldns_rdf to ldsn_dname and the use its" + + " Convert the ldns_rdf to ldns_dname and the use its" + " methods.", PendingDeprecationWarning, stacklevel=2) return _ldns.ldns_dname_is_subdomain(self, parent) #parameters: const ldns_rdf *, const ldns_rdf *, @@ -806,7 +807,7 @@ """ warnings.warn("The ldns_rdf.label() method is scheduled" + " to be deprecated in future releases." + - " Convert the ldns_rdf to ldsn_dname and the use its" + + " Convert the ldns_rdf to ldns_dname and the use its" + " methods.", PendingDeprecationWarning, stacklevel=2) return _ldns.ldns_dname_label(self, labelpos) #parameters: const ldns_rdf *, uint8_t, @@ -826,7 +827,7 @@ """ warnings.warn("The ldns_rdf.label_count() method is scheduled" + " to be deprecated in future releases." + - " Convert the ldns_rdf to ldsn_dname and the use its" + + " Convert the ldns_rdf to ldns_dname and the use its" + " methods.", PendingDeprecationWarning, stacklevel=2) return _ldns.ldns_dname_label_count(self) #parameters: const ldns_rdf *, @@ -848,7 +849,7 @@ """ warnings.warn("The ldns_rdf.left_chop() method is scheduled" + " to be deprecated in future releases." + - " Convert the ldns_rdf to ldsn_dname and the use its" + + " Convert the ldns_rdf to ldns_dname and the use its" + " methods.", PendingDeprecationWarning, stacklevel=2) return _ldns.ldns_dname_left_chop(self) #parameters: const ldns_rdf *, @@ -871,7 +872,7 @@ """ warnings.warn("The ldns_rdf.reverse() method is scheduled" + " to be deprecated in future releases." + - " Convert the ldns_rdf to ldsn_dname and the use its" + + " Convert the ldns_rdf to ldns_dname and the use its" + " methods.", PendingDeprecationWarning, stacklevel=2) if self.get_type() != _ldns.LDNS_RDF_TYPE_DNAME: raise Exception("Operand must be a dname rdf.") diff -Nru ldns-1.7.1/contrib/python/ldns_resolver.i ldns-1.8.1/contrib/python/ldns_resolver.i --- ldns-1.7.1/contrib/python/ldns_resolver.i 2019-07-26 15:07:44.000000000 +0000 +++ ldns-1.8.1/contrib/python/ldns_resolver.i 2021-12-03 07:45:47.000000000 +0000 @@ -35,7 +35,7 @@ /* SWIG setting and definitions. */ /* ========================================================================= */ -/* Creates temporary instance of (ldns_rersolver *). */ +/* Creates temporary instance of (ldns_resolver *). */ %typemap(in,numinputs=0,noblock=1) (ldns_resolver **r) { ldns_resolver *$1_res; @@ -431,7 +431,7 @@ Ask the resolver about name and return all address records. :param name: The name to look for. String is automatically - converrted to dname. + converted to dname. :type name: :class:`ldns_dname` or str :param aclass: The class to use. :type aclass: ldns_rr_class diff -Nru ldns-1.7.1/contrib/python/ldns_rr.i ldns-1.8.1/contrib/python/ldns_rr.i --- ldns-1.7.1/contrib/python/ldns_rr.i 2019-07-26 15:07:44.000000000 +0000 +++ ldns-1.8.1/contrib/python/ldns_rr.i 2021-12-03 07:45:47.000000000 +0000 @@ -562,7 +562,7 @@ :type prev: :class:`ldns_rdf` :param raiseException: If True, an exception occurs in case a rr instance can't be created. - :throws Exception: If `raiseExceprion` is set and fails. + :throws Exception: If `raiseException` is set and fails. :throws TypeError: When parameters of incorrect types. :return: (:class:`ldns_rr`) RR instance or None. @@ -612,7 +612,7 @@ :type prev: :class:`ldns_rdf` :param raiseException: If True, an exception occurs in case a rr instance can't be created. - :throws Exception: If `raiseExceprion` is set and fails. + :throws Exception: If `raiseException` is set and fails. :throws TypeError: When parameters of incorrect types. :return: (:class:`ldns_rr`) RR instance or None. If the object can't be created and `raiseException` is True, @@ -657,7 +657,7 @@ :type prev: :class:`ldns_rdf` :param raiseException: If True, an exception occurs in case when a rr instance can't be created. - :throws Exception: If `raiseExceprion` is set and fails. + :throws Exception: If `raiseException` is set and fails. :throws TypeError: When parameters of incorrect types. :return: None when fails, otherwise a tuple containing: @@ -751,7 +751,7 @@ :type origin: :class:`ldns_dname` :param prev: When the owner is white spaces use this. :type prev: :class:`ldns_rdf` - :param raiseException: Iif True, an exception occurs in case + :param raiseException: If True, an exception occurs in case a resolver object can't be created. :throws Exception: If `raiseException` is set and the input cannot be read. @@ -1424,9 +1424,9 @@ def rrsig_set_expiration(self, f): """ - Sets the expireation date of a LDNS_RR_TYPE_RRSIG rr. + Sets the expiration date of a LDNS_RR_TYPE_RRSIG rr. - :param f: The expireation date to set. + :param f: The expiration date to set. :type f: :class:`ldns_rdf` :throws TypeError: when `f` of non-:class:`ldns_rdf` type. :return: (bool) True on success, False otherwise. @@ -1653,7 +1653,7 @@ Sets the type in the rr. :param rr_type: Set to this type. - :type rr_type: ineteger + :type rr_type: integer :throws TypeError: when `rr_type` of non-integer type. """ _ldns.ldns_rr_set_type(self, rr_type) @@ -1695,7 +1695,7 @@ """ Calculates the uncompressed size of an RR. - :return: (inetger) size of the rr. + :return: (integer) size of the rr. """ return _ldns.ldns_rr_uncompressed_size(self) #parameters: const ldns_rr *, @@ -2441,7 +2441,7 @@ :param field: The field number. :type field: positive int - :throws TypeError: when `field` of non-inetger type. + :throws TypeError: when `field` of non-integer type. :return: (int) the rdf type for the field. """ return _ldns.ldns_rr_descriptor_field_type(self, field) diff -Nru ldns-1.7.1/contrib/python/ldns_zone.i ldns-1.8.1/contrib/python/ldns_zone.i --- ldns-1.7.1/contrib/python/ldns_zone.i 2019-07-26 15:07:44.000000000 +0000 +++ ldns-1.8.1/contrib/python/ldns_zone.i 2021-12-03 07:45:47.000000000 +0000 @@ -132,7 +132,7 @@ :param file: a file object :param origin: (ldns_rdf) the zones' origin :param ttl: default ttl to use - :param rr_class: efault class to use (IN) + :param rr_class: Default class to use (IN) :param raiseException: if True, an exception occurs in case a zone instance can't be created :returns: zone instance or None. If an instance can't be created and raiseException is True, an exception occurs. """ @@ -149,7 +149,7 @@ :param file: a file object :param origin: (ldns_rdf) the zones' origin :param ttl: default ttl to use - :param rr_class: efault class to use (IN) + :param rr_class: Default class to use (IN) :param raiseException: if True, an exception occurs in case a zone instance can't be created :returns: * zone - zone instance or None. If an instance can't be created and raiseException is True, an exception occurs. diff -Nru ldns-1.7.1/dane.c ldns-1.8.1/dane.c --- ldns-1.7.1/dane.c 2019-07-26 15:07:44.000000000 +0000 +++ ldns-1.8.1/dane.c 2021-12-03 07:45:47.000000000 +0000 @@ -1,7 +1,7 @@ /* * Verify or create TLS authentication with DANE (RFC6698) * - * (c) NLnetLabs 2012 + * (c) NLnetLabs 2012-2020 * * See the file LICENSE for the license. * @@ -29,6 +29,63 @@ #include #endif +/* OpenSSL context options. At the moment, disable SSLv2, SSLv3 + * and Compression, if available. TLSv1.0 is allowed at the moment. + * TLSv1.1 is the first to provide elliptic curves, so it is usually + * allowed in a TLS stack. TLSv1.2 is the first to provide authentication + * modes of operation, like GCM. The defines below are a moving + * target based on OpenSSL library version. Grep is useful to find + * the defines: grep -IR SSL_OP_NO_ /usr/include/openssl. + */ +#ifdef HAVE_SSL +# ifdef SSL_OP_NO_SSLv2 + const long NoOpenSSLv2 = SSL_OP_NO_SSLv2; +# else + const long NoOpenSSLv2 = 0L; +# endif +# ifdef SSL_OP_NO_SSLv3 + const long NoOpenSSLv3 = SSL_OP_NO_SSLv3; +# else + const long NoOpenSSLv3 = 0L; +# endif +# ifdef SSL_OP_NO_TLSv1 + const long NoOpenTLSv1 = SSL_OP_NO_TLSv1; +# else + const long NoOpenTLSv1 = 0L; +# endif +# ifdef SSL_OP_NO_DTLSv1 + const long NoOpenDTLSv1 = SSL_OP_NO_DTLSv1; +# else + const long NoOpenDTLSv1 = 0L; +# endif +# ifdef SSL_OP_NO_COMPRESSION + const long NoOpenSSLCompression = SSL_OP_NO_COMPRESSION; +# else + const long NoOpenSSLCompression = 0L; +# endif +#endif + +#if defined(USE_DANE_VERIFY) && defined(USE_DANE_TA_USAGE) +static SSL_CTX* +ldns_dane_new_ssl_context(void) +{ + SSL_CTX* ssl_ctx; + + ssl_ctx = SSL_CTX_new(TLS_client_method()); + if (ssl_ctx != NULL) + { + /* ldns allows TLS and DTLS v1.0 at the moment. Some may disagree. + * Sometime in the future they may be disabled, too. Maybe + * --disable-tlsv1 and --disable-dtlsv1 should be configure options. + */ + long flags = NoOpenSSLv2 | NoOpenSSLv3 | NoOpenSSLCompression; + SSL_CTX_set_options(ssl_ctx, flags); + } + + return ssl_ctx; +} +#endif + ldns_status ldns_dane_create_tlsa_owner(ldns_rdf** tlsa_owner, const ldns_rdf* name, uint16_t port, ldns_dane_transport transport) @@ -193,7 +250,7 @@ } -/* Orinary PKIX validation of cert (with extra_certs to help) +/* Ordinary PKIX validation of cert (with extra_certs to help) * against the CA's in store, but also return the validation chain. */ static ldns_status @@ -641,7 +698,7 @@ * verification. We use these undocumented means with the ldns * dane function prototypes which did only offline dane verification. */ - if (!(ssl_ctx = SSL_CTX_new(TLS_client_method()))) + if (!(ssl_ctx = ldns_dane_new_ssl_context())) s = LDNS_STATUS_MEM_ERR; else if (SSL_CTX_dane_enable(ssl_ctx) <= 0) @@ -841,7 +898,7 @@ * verification. We use these undocumented means with the ldns * dane function prototypes which did only offline dane verification. */ - if (!(ssl_ctx = SSL_CTX_new(TLS_client_method()))) + if (!(ssl_ctx = ldns_dane_new_ssl_context())) s = LDNS_STATUS_MEM_ERR; else if (SSL_CTX_dane_enable(ssl_ctx) <= 0) diff -Nru ldns-1.7.1/debian/changelog ldns-1.8.1/debian/changelog --- ldns-1.7.1/debian/changelog 2022-03-25 09:10:41.000000000 +0000 +++ ldns-1.8.1/debian/changelog 2022-04-26 13:05:17.000000000 +0000 @@ -1,41 +1,77 @@ -ldns (1.7.1-2ubuntu4) jammy; urgency=medium +ldns (1.8.1-1) unstable; urgency=medium - * d/p/lp-1966237-Fix-131-Compile-with-fno-strict-aliasing.patch: fix - wrong results in sha256 (LP: #1966237) + * New upstream version 1.8.1 + Closes: #1008638 (FTBFS with python 3.10 due to distutils check) + Closes: #1005646 (FTBFS with OpenSSL 3.0) + Closes: #1009385 (output of ldns-key2ds changes after compiler changes) + Closes: CVE-2020-19860 (heap buffer overflow in while verifying zone file) + Closes: CVE-2020-19861 (heap overflow/leakage when reading a zone file) + * rework the build system, fixing numerous issues: + - stop overwriting files at install time from different builds + and ending up using the build with wrong configure options + - stop running install twice + - stop removing system-installed files if any on clean + - stop doing (re)build of everything just for the python build + - build python bits in the main build and perform extra steps + only if there's more than one python version to build for + (this effectively eliminates miltiple builds completely) + - clarify build with multiple pyversions and why it still fails + - remove old, now irrelevant, stuff (like overriding options + which are being in effect anyway, or which has no effect) + - move variable-based custom install rule for libldns.pc + into .install file once dh now allows variables in there + - reduce startup time by eliminating dpkg's default.mk which is slow + - remove the wrongly-generated staic lib for the python bindings + (_ldns.{a,la}) in the install rules instead of ignoring them + in dh_install -X + - fix add --with-trust-anchor= so it actually works + - replace dh --with python with Build-Depend: dh-sequence-python3 + - run dh only for supported targets/sequences + * update symbols file for 1.8 version, adding 6 new symbols + * remove Makefile-remove-install-libldns-pc.patch + * update short descriptions of all packages to mention what is + actually in there instead of being the same for all packages + * remove Build-Dependes: chrpath & pkg-config (not used) + * add fix-pyldns-include.patch to fix building pyldns outside source dir + * d/control: update Stdandards-Version to 4.6.0.1 (no changes) + * d/watch: rework, simplify, use https, enable pgp signature verification + * add upstream/signing-key.asc with the followig key: + E5F8F8212F77A498 "Willem Toorop " + * remove trailing whitespace from d/changelog + * add myself to uploaders - -- Christian Ehrhardt Fri, 25 Mar 2022 10:10:41 +0100 + -- Michael Tokarev Tue, 26 Apr 2022 16:05:17 +0300 -ldns (1.7.1-2ubuntu3) jammy; urgency=medium +ldns (1.7.1-3) unstable; urgency=medium - * Check success of distutils import by return code rather - than by stderr to avoid FTBFS with Python 3.10 + * Acknowledge NMU (thanks, Michael Tokarev!) - -- Graham Inggs Wed, 26 Jan 2022 14:12:06 +0000 - -ldns (1.7.1-2ubuntu2) jammy; urgency=medium - - * No-change rebuild with Python 3.10 as default version - - -- Graham Inggs Thu, 13 Jan 2022 19:30:47 +0000 - -ldns (1.7.1-2ubuntu1) jammy; urgency=medium - - * d/p/OpenSSL3.patch: cherry-pick an upstream patch to fix the build - against OpenSSL 3.0 + [ Robert Edmonds ] - -- Simon Chopin Wed, 08 Dec 2021 11:07:45 +0100 + * debian/rules: Add "--with-trust-anchor=/usr/share/dns/root.key" + to configure parameters + * debian/control: Add "Recommends: dns-root-data" to ldnsutils -ldns (1.7.1-2build2) jammy; urgency=medium + [ Daniel Kahn Gillmor ] - * No-change rebuild against openssl3 + * added myself to uploaders + * Import upstream patch to fix SHA-256 on GCC 11 (Closes: #1009385) + * d/watch: update to version 4 (and use https) + * d/clean: clean up some generated files - -- Simon Chopin Mon, 29 Nov 2021 13:43:40 +0100 + -- Daniel Kahn Gillmor Wed, 13 Apr 2022 10:27:03 -0700 -ldns (1.7.1-2build1) hirsute; urgency=medium +ldns (1.7.1-2.1) unstable; urgency=medium - * No-change rebuild to build with python3.9 as default. + * Non-maintainer upload. + * add fix-wrong-python-distutils-configure-check.diff to fix the + incorrect distutils package check (it should be checking the + return code not the emptiness of the output). This fixes FTBFS + with new python (3.10) and allows the python3.10 transition to + happen, but it is not fixing the actual issiue with ldns using + distutils which should be addressed later. Closes: #1008638 - -- Matthias Klose Thu, 19 Nov 2020 18:32:53 +0100 + -- Michael Tokarev Thu, 07 Apr 2022 16:03:29 +0300 ldns (1.7.1-2) unstable; urgency=low @@ -370,7 +406,7 @@ -- Ondřej Surý Thu, 28 Jan 2010 22:33:05 +0100 ldns (1.6.4-1) unstable; urgency=low - + * New Upstream version 1.6.4 * Bump standards version to 3.8.3 * Enable pyldns bindings (python-pyldns package) @@ -524,4 +560,3 @@ - Fix some errors in man pages of examples -- Ondřej Surý Thu, 11 Oct 2007 13:40:14 +0200 - diff -Nru ldns-1.7.1/debian/control ldns-1.8.1/debian/control --- ldns-1.7.1/debian/control 2022-03-24 14:58:45.000000000 +0000 +++ ldns-1.8.1/debian/control 2022-04-25 08:33:02.000000000 +0000 @@ -1,19 +1,19 @@ Source: ldns Priority: optional -Maintainer: Ubuntu Developers -XSBC-Original-Maintainer: Debian DNS Team -Uploaders: Ondřej Surý -Build-Depends: chrpath, - debhelper-compat (= 13), - dh-python, +Maintainer: Debian DNS Team +Uploaders: Ondřej Surý , + Daniel Kahn Gillmor , + Michael Tokarev +Build-Depends: debhelper-compat (= 13), + dh-sequence-python3, doxygen, libpcap-dev, libpython3-dev, libssl-dev (>= 1.1.0), - pkg-config, - python3-dev:any, +# autodep8 bug: #904999 + python3-dev:any | python3-dev, swig -Standards-Version: 4.3.0.3 +Standards-Version: 4.6.0.1 Rules-Requires-Root: no Section: net Vcs-Browser: https://salsa.debian.org/dns-team/ldns @@ -26,7 +26,7 @@ Multi-Arch: same Depends: ${misc:Depends}, ${shlibs:Depends} -Description: ldns library for DNS programming +Description: ldns library for DNS programming - shared library The goal of ldns is to simplify DNS programming, it supports recent RFCs like the DNSSEC documents, and allows developers to easily create software conforming to current RFCs, and experimental software for current Internet @@ -42,7 +42,7 @@ libssl-dev, ${misc:Depends}, ${shlibs:Depends} -Description: ldns library for DNS programming +Description: ldns library for DNS programming - development files The goal of ldns is to simplify DNS programming, it supports recent RFCs like the DNSSEC documents, and allows developers to easily create software conforming to current RFCs, and experimental software for current Internet @@ -51,12 +51,12 @@ This package contains development libraries and headers. Package: ldnsutils -Section: net Architecture: any Multi-Arch: foreign Depends: ${misc:Depends}, ${shlibs:Depends} -Description: ldns library for DNS programming +Recommends: dns-root-data +Description: ldns library for DNS programming - tools (includes drill tool) The goal of ldns is to simplify DNS programming, it supports recent RFCs like the DNSSEC documents, and allows developers to easily create software conforming to current RFCs, and experimental software for current Internet @@ -75,7 +75,7 @@ ${shlibs:Depends} Provides: ${python3:Provides} Multi-Arch: foreign -Description: Python3 bindings for the ldns library for DNS programming +Description: ldns library for DNS programming - Python3 bindings The goal of ldns is to simplify DNS programming, it supports recent RFCs like the DNSSEC documents, and allows developers to easily create software conforming to current RFCs, and experimental software for current Internet diff -Nru ldns-1.7.1/debian/libldns2.symbols ldns-1.8.1/debian/libldns2.symbols --- ldns-1.7.1/debian/libldns2.symbols 2020-06-15 12:47:30.000000000 +0000 +++ ldns-1.8.1/debian/libldns2.symbols 1970-01-01 00:00:00.000000000 +0000 @@ -1,866 +0,0 @@ -libldns.so.2 libldns2 #MINVER# - b32_ntop@Base 1.4.0 - b32_ntop_extended_hex@Base 1.4.0 - b32_pton@Base 1.4.0 - b32_pton_extended_hex@Base 1.4.0 - ldns_algorithm2buffer_str@Base 1.4.0 - ldns_algorithms@Base 1.4.0 - ldns_axfr_abort@Base 1.6.17 - ldns_axfr_complete@Base 1.4.0 - ldns_axfr_last_pkt@Base 1.4.0 - ldns_axfr_next@Base 1.4.0 - ldns_axfr_start@Base 1.4.0 - ldns_b32_ntop@Base 1.4.0 - ldns_b32_ntop_extended_hex@Base 1.4.0 - ldns_b32_pton@Base 1.4.0 - ldns_b32_pton_extended_hex@Base 1.4.0 - ldns_b64_ntop@Base 1.4.0 - ldns_b64_pton@Base 1.4.0 - ldns_bget_keyword_data@Base 1.4.0 - ldns_bget_token@Base 1.4.0 - ldns_bgetc@Base 1.4.0 - ldns_bskipcs@Base 1.4.0 - ldns_bubblebabble@Base 1.4.0 - ldns_buffer2pkt_wire@Base 1.4.0 - ldns_buffer2str@Base 1.4.0 - ldns_buffer_copy@Base 1.4.0 - ldns_buffer_export2str@Base 1.6.16 - ldns_buffer_export@Base 1.4.0 - ldns_buffer_free@Base 1.4.0 - ldns_buffer_new@Base 1.4.0 - ldns_buffer_new_frm_data@Base 1.4.0 - ldns_buffer_printf@Base 1.4.0 - ldns_buffer_reserve@Base 1.4.0 - ldns_buffer_set_capacity@Base 1.4.0 - ldns_calc_keytag@Base 1.4.0 - ldns_calc_keytag_raw@Base 1.4.0 - ldns_cert_algorithm2buffer_str@Base 1.4.0 - ldns_cert_algorithms@Base 1.4.0 - ldns_convert_dsa_rrsig_asn12rdf@Base 1.4.0 - ldns_convert_dsa_rrsig_rdf2asn1@Base 1.4.0 - ldns_convert_ecdsa_rrsig_asn1len2rdf@Base 1.7.0 - ldns_convert_ecdsa_rrsig_rdf2asn1@Base 1.6.13 - ldns_convert_ed25519_rrsig_asn12rdf@Base 1.7.0 - ldns_convert_ed25519_rrsig_rdf2asn1@Base 1.7.0 - ldns_create_empty_rrsig@Base 1.5.1 - ldns_create_nsec3@Base 1.4.0 - ldns_create_nsec@Base 1.4.0 - ldns_dane_cert2rdf@Base 1.6.16 - ldns_dane_create_tlsa_owner@Base 1.6.16 - ldns_dane_create_tlsa_rr@Base 1.6.16 - ldns_dane_select_certificate@Base 1.6.16 - ldns_dane_verify@Base 1.6.16 - ldns_dane_verify_rr@Base 1.6.16 - ldns_digest_evp@Base 1.6.1 - ldns_directive_types@Base 1.4.0 - ldns_dname2buffer_wire@Base 1.4.0 - ldns_dname2buffer_wire_compress@Base 1.7.0 - ldns_dname2canonical@Base 1.4.0 - ldns_dname_absolute@Base 1.6.16 - ldns_dname_cat@Base 1.4.0 - ldns_dname_cat_clone@Base 1.4.0 - ldns_dname_clone_from@Base 1.5.1 - ldns_dname_compare@Base 1.4.0 - ldns_dname_compare_v@Base 1.4.0 - ldns_dname_interval@Base 1.4.0 - ldns_dname_is_subdomain@Base 1.4.0 - ldns_dname_is_wildcard@Base 1.6.5 - ldns_dname_label@Base 1.4.0 - ldns_dname_label_count@Base 1.4.0 - ldns_dname_left_chop@Base 1.4.0 - ldns_dname_match_wildcard@Base 1.5.1 - ldns_dname_new@Base 1.4.0 - ldns_dname_new_frm_data@Base 1.4.0 - ldns_dname_new_frm_str@Base 1.4.0 - ldns_dname_reverse@Base 1.4.0 - ldns_dname_str_absolute@Base 1.4.0 - ldns_dnssec_build_data_chain@Base 1.4.0 - ldns_dnssec_chain_nsec3_list@Base 1.4.0 - ldns_dnssec_create_nsec3@Base 1.4.0 - ldns_dnssec_create_nsec@Base 1.4.0 - ldns_dnssec_create_nsec_bitmap@Base 1.4.0 - ldns_dnssec_data_chain_deep_free@Base 1.4.0 - ldns_dnssec_data_chain_free@Base 1.4.0 - ldns_dnssec_data_chain_new@Base 1.4.0 - ldns_dnssec_data_chain_print@Base 1.4.0 - ldns_dnssec_data_chain_print_fmt@Base 1.6.11 - ldns_dnssec_default_add_to_signatures@Base 1.4.0 - ldns_dnssec_default_delete_signatures@Base 1.4.0 - ldns_dnssec_default_leave_signatures@Base 1.4.0 - ldns_dnssec_default_replace_signatures@Base 1.4.0 - ldns_dnssec_derive_trust_tree@Base 1.4.0 - ldns_dnssec_derive_trust_tree_dnskey_rrset@Base 1.4.0 - ldns_dnssec_derive_trust_tree_dnskey_rrset_time@Base 1.6.13 - ldns_dnssec_derive_trust_tree_ds_rrset@Base 1.4.0 - ldns_dnssec_derive_trust_tree_ds_rrset_time@Base 1.6.13 - ldns_dnssec_derive_trust_tree_no_sig@Base 1.4.0 - ldns_dnssec_derive_trust_tree_no_sig_time@Base 1.6.13 - ldns_dnssec_derive_trust_tree_normal_rrset@Base 1.4.0 - ldns_dnssec_derive_trust_tree_normal_rrset_time@Base 1.6.13 - ldns_dnssec_derive_trust_tree_time@Base 1.6.13 - ldns_dnssec_get_dnskey_for_rrsig@Base 1.4.0 - ldns_dnssec_get_rrsig_for_name_and_type@Base 1.4.0 - ldns_dnssec_name_add_rr@Base 1.4.0 - ldns_dnssec_name_cmp@Base 1.4.0 - ldns_dnssec_name_deep_free@Base 1.5.1 - ldns_dnssec_name_find_rrset@Base 1.4.0 - ldns_dnssec_name_free@Base 1.4.0 - ldns_dnssec_name_is_glue@Base 1.6.10 - ldns_dnssec_name_name@Base 1.4.0 - ldns_dnssec_name_new@Base 1.4.0 - ldns_dnssec_name_new_frm_rr@Base 1.4.0 - ldns_dnssec_name_node_next_nonglue@Base 1.4.0 - ldns_dnssec_name_print@Base 1.4.0 - ldns_dnssec_name_print_fmt@Base 1.6.11 - ldns_dnssec_name_set_name@Base 1.4.0 - ldns_dnssec_name_set_nsec@Base 1.4.0 - ldns_dnssec_nsec3_closest_encloser@Base 1.4.0 - ldns_dnssec_pkt_get_rrsigs_for_name_and_type@Base 1.4.0 - ldns_dnssec_pkt_get_rrsigs_for_type@Base 1.4.0 - ldns_dnssec_pkt_has_rrsigs@Base 1.4.0 - ldns_dnssec_remove_signatures@Base 1.4.0 - ldns_dnssec_rrs_add_rr@Base 1.4.0 - ldns_dnssec_rrs_deep_free@Base 1.5.1 - ldns_dnssec_rrs_free@Base 1.4.0 - ldns_dnssec_rrs_new@Base 1.4.0 - ldns_dnssec_rrs_print@Base 1.4.0 - ldns_dnssec_rrs_print_fmt@Base 1.6.11 - ldns_dnssec_rrsets_add_rr@Base 1.4.0 - ldns_dnssec_rrsets_contains_type@Base 1.6.0 - ldns_dnssec_rrsets_deep_free@Base 1.5.1 - ldns_dnssec_rrsets_free@Base 1.4.0 - ldns_dnssec_rrsets_new@Base 1.4.0 - ldns_dnssec_rrsets_print@Base 1.4.0 - ldns_dnssec_rrsets_print_fmt@Base 1.6.11 - ldns_dnssec_rrsets_set_type@Base 1.4.0 - ldns_dnssec_rrsets_type@Base 1.4.0 - ldns_dnssec_trust_tree_add_parent@Base 1.4.0 - ldns_dnssec_trust_tree_contains_keys@Base 1.4.0 - ldns_dnssec_trust_tree_depth@Base 1.4.0 - ldns_dnssec_trust_tree_free@Base 1.4.0 - ldns_dnssec_trust_tree_new@Base 1.4.0 - ldns_dnssec_trust_tree_print@Base 1.4.0 - ldns_dnssec_trust_tree_print_fmt@Base 1.6.11 - ldns_dnssec_verify_denial@Base 1.4.0 - ldns_dnssec_verify_denial_nsec3@Base 1.4.0 - ldns_dnssec_verify_denial_nsec3_match@Base 1.6.10 - ldns_dnssec_zone_add_empty_nonterminals@Base 1.4.0 - ldns_dnssec_zone_add_rr@Base 1.4.0 - ldns_dnssec_zone_create_nsec3s@Base 1.4.0 - ldns_dnssec_zone_create_nsecs@Base 1.4.0 - ldns_dnssec_zone_create_rrsigs@Base 1.4.0 - ldns_dnssec_zone_create_rrsigs_flg@Base 1.6.2 - ldns_dnssec_zone_deep_free@Base 1.5.1 - ldns_dnssec_zone_find_rrset@Base 1.4.0 - ldns_dnssec_zone_free@Base 1.4.0 - ldns_dnssec_zone_is_nsec3_optout@Base 1.6.13 - ldns_dnssec_zone_mark_and_get_glue@Base 1.6.10 - ldns_dnssec_zone_mark_glue@Base 1.4.0 - ldns_dnssec_zone_names_print@Base 1.4.0 - ldns_dnssec_zone_names_print_fmt@Base 1.6.11 - ldns_dnssec_zone_new@Base 1.4.0 - ldns_dnssec_zone_new_frm_fp@Base 1.6.13 - ldns_dnssec_zone_new_frm_fp_l@Base 1.6.13 - ldns_dnssec_zone_print@Base 1.4.0 - ldns_dnssec_zone_print_fmt@Base 1.6.11 - ldns_dnssec_zone_sign@Base 1.4.0 - ldns_dnssec_zone_sign_flg@Base 1.6.2 - ldns_dnssec_zone_sign_nsec3@Base 1.4.0 - ldns_dnssec_zone_sign_nsec3_flg@Base 1.6.2 - ldns_dnssec_zone_sign_nsec3_flg_mkmap@Base 1.6.11 - ldns_duration2string@Base 1.6.13 - ldns_duration2time@Base 1.6.13 - ldns_duration_cleanup@Base 1.6.13 - ldns_duration_compare@Base 1.6.13 - ldns_duration_create@Base 1.6.13 - ldns_duration_create_from_string@Base 1.6.13 - ldns_ecdsa2pkey_raw@Base 1.6.13 - ldns_ed255192pkey_raw@Base 1.7.0 - ldns_edns_flags@Base 1.4.0 - ldns_error_str@Base 1.4.0 - ldns_fetch_valid_domain_keys@Base 1.4.0 - ldns_fetch_valid_domain_keys_time@Base 1.6.13 - ldns_fget_keyword_data@Base 1.4.0 - ldns_fget_keyword_data_l@Base 1.4.0 - ldns_fget_token@Base 1.4.0 - ldns_fget_token_l@Base 1.4.0 - ldns_fskipcs@Base 1.4.0 - ldns_fskipcs_l@Base 1.4.0 - ldns_get_bit@Base 1.4.0 - ldns_get_bit_r@Base 1.4.0 - ldns_get_errorstr_by_id@Base 1.4.0 - ldns_get_random@Base 1.6.5 - ldns_get_rr_class_by_name@Base 1.4.0 - ldns_get_rr_list_addr_by_name@Base 1.4.0 - ldns_get_rr_list_hosts_frm_file@Base 1.4.0 - ldns_get_rr_list_hosts_frm_fp@Base 1.4.0 - ldns_get_rr_list_hosts_frm_fp_l@Base 1.4.0 - ldns_get_rr_list_name_by_addr@Base 1.4.0 - ldns_get_rr_type_by_name@Base 1.4.0 - ldns_get_signing_algorithm_by_name@Base 1.6.7 - ldns_getaddrinfo@Base 1.4.0 - ldns_gost2pkey_raw@Base 1.6.10 - ldns_gost_engine@Base 1.6.10 - ldns_hexdigit_to_int@Base 1.4.0 - ldns_hexstring_to_data@Base 1.4.0 - ldns_init_random@Base 1.4.0 - ldns_int_to_hexdigit@Base 1.4.0 - ldns_is_rrset@Base 1.4.0 - ldns_key2buffer_str@Base 1.4.0 - ldns_key2rr@Base 1.4.0 - ldns_key2str@Base 1.4.0 - ldns_key_EVP_load_gost_id@Base 1.6.10 - ldns_key_EVP_unload_gost@Base 1.6.10 - ldns_key_algo_supported@Base 1.6.1 - ldns_key_algorithm@Base 1.4.0 - ldns_key_assign_dsa_key@Base 1.6.16 - ldns_key_assign_rsa_key@Base 1.6.16 - ldns_key_buf2dsa@Base 1.4.0 - ldns_key_buf2dsa_raw@Base 1.4.0 - ldns_key_buf2rsa@Base 1.4.0 - ldns_key_buf2rsa_raw@Base 1.4.0 - ldns_key_deep_free@Base 1.4.0 - ldns_key_dsa_key@Base 1.4.0 - ldns_key_evp_key@Base 1.4.0 - ldns_key_expiration@Base 1.4.0 - ldns_key_external_key@Base 1.5.1 - ldns_key_flags@Base 1.4.0 - ldns_key_free@Base 1.4.0 - ldns_key_get_file_base_name@Base 1.5.1 - ldns_key_hmac_key@Base 1.4.0 - ldns_key_hmac_size@Base 1.4.0 - ldns_key_inception@Base 1.4.0 - ldns_key_keytag@Base 1.4.0 - ldns_key_list_free@Base 1.4.0 - ldns_key_list_key@Base 1.4.0 - ldns_key_list_key_count@Base 1.4.0 - ldns_key_list_new@Base 1.4.0 - ldns_key_list_pop_key@Base 1.4.0 - ldns_key_list_push_key@Base 1.4.0 - ldns_key_list_set_key_count@Base 1.4.0 - ldns_key_list_set_use@Base 1.4.0 - ldns_key_new@Base 1.4.0 - ldns_key_new_frm_algorithm@Base 1.4.0 - ldns_key_new_frm_engine@Base 1.4.0 - ldns_key_new_frm_fp@Base 1.4.0 - ldns_key_new_frm_fp_dsa@Base 1.4.0 - ldns_key_new_frm_fp_dsa_l@Base 1.4.0 - ldns_key_new_frm_fp_hmac@Base 1.4.0 - ldns_key_new_frm_fp_hmac_l@Base 1.4.0 - ldns_key_new_frm_fp_l@Base 1.4.0 - ldns_key_new_frm_fp_rsa@Base 1.4.0 - ldns_key_new_frm_fp_rsa_l@Base 1.4.0 - ldns_key_origttl@Base 1.4.0 - ldns_key_print@Base 1.4.0 - ldns_key_pubkey_owner@Base 1.4.0 - ldns_key_rr2ds@Base 1.4.0 - ldns_key_rsa_key@Base 1.4.0 - ldns_key_set_algorithm@Base 1.4.0 - ldns_key_set_dsa_key@Base 1.4.0 - ldns_key_set_evp_key@Base 1.4.0 - ldns_key_set_expiration@Base 1.4.0 - ldns_key_set_external_key@Base 1.5.1 - ldns_key_set_flags@Base 1.4.0 - ldns_key_set_hmac_key@Base 1.4.0 - ldns_key_set_hmac_size@Base 1.4.0 - ldns_key_set_inception@Base 1.4.0 - ldns_key_set_keytag@Base 1.4.0 - ldns_key_set_origttl@Base 1.4.0 - ldns_key_set_pubkey_owner@Base 1.4.0 - ldns_key_set_rsa_key@Base 1.4.0 - ldns_key_set_use@Base 1.4.0 - ldns_key_use@Base 1.4.0 - ldns_lookup_by_id@Base 1.4.0 - ldns_lookup_by_name@Base 1.4.0 - ldns_mktime_from_utc@Base 1.6.16 - ldns_native2rdf_int16@Base 1.4.0 - ldns_native2rdf_int16_data@Base 1.4.0 - ldns_native2rdf_int32@Base 1.4.0 - ldns_native2rdf_int8@Base 1.4.0 - ldns_nsec3_add_param_rdfs@Base 1.4.0 - ldns_nsec3_algorithm@Base 1.4.0 - ldns_nsec3_bitmap@Base 1.4.0 - ldns_nsec3_flags@Base 1.4.0 - ldns_nsec3_hash_name@Base 1.4.0 - ldns_nsec3_hash_name_frm_nsec3@Base 1.4.0 - ldns_nsec3_iterations@Base 1.4.0 - ldns_nsec3_next_owner@Base 1.4.0 - ldns_nsec3_optout@Base 1.4.0 - ldns_nsec3_salt@Base 1.4.0 - ldns_nsec3_salt_data@Base 1.4.0 - ldns_nsec3_salt_length@Base 1.4.0 - ldns_nsec_bitmap_clear_type@Base 1.6.17 - ldns_nsec_bitmap_covers_type@Base 1.4.0 - ldns_nsec_bitmap_set_type@Base 1.6.17 - ldns_nsec_covers_name@Base 1.4.0 - ldns_nsec_get_bitmap@Base 1.4.0 - ldns_nsec_type_check@Base 1.4.0 - ldns_octet@Base 1.4.0 - ldns_opcodes@Base 1.4.0 - ldns_output_format_bubblebabble@Base 1.6.11 - ldns_output_format_bubblebabble_record@Base 1.6.11 - ldns_output_format_clear_type@Base 1.6.17 - ldns_output_format_default@Base 1.6.11 - ldns_output_format_nocomments@Base 1.6.11 - ldns_output_format_nocomments_record@Base 1.6.11 - ldns_output_format_onlykeyids@Base 1.6.11 - ldns_output_format_onlykeyids_record@Base 1.6.11 - ldns_output_format_set_type@Base 1.6.17 - ldns_pkt2buffer_str@Base 1.4.0 - ldns_pkt2buffer_str_fmt@Base 1.6.11 - ldns_pkt2buffer_wire@Base 1.4.0 - ldns_pkt2str@Base 1.4.0 - ldns_pkt2str_fmt@Base 1.6.11 - ldns_pkt2wire@Base 1.4.0 - ldns_pkt_aa@Base 1.4.0 - ldns_pkt_ad@Base 1.4.0 - ldns_pkt_additional@Base 1.4.0 - ldns_pkt_algorithm2str@Base 1.4.0 - ldns_pkt_all@Base 1.4.0 - ldns_pkt_all_noquestion@Base 1.4.0 - ldns_pkt_ancount@Base 1.4.0 - ldns_pkt_answer@Base 1.4.0 - ldns_pkt_answerfrom@Base 1.4.0 - ldns_pkt_arcount@Base 1.4.0 - ldns_pkt_authority@Base 1.4.0 - ldns_pkt_cd@Base 1.4.0 - ldns_pkt_cert_algorithm2str@Base 1.4.0 - ldns_pkt_clone@Base 1.4.0 - ldns_pkt_edns@Base 1.4.0 - ldns_pkt_edns_data@Base 1.4.0 - ldns_pkt_edns_do@Base 1.4.0 - ldns_pkt_edns_extended_rcode@Base 1.4.0 - ldns_pkt_edns_udp_size@Base 1.4.0 - ldns_pkt_edns_version@Base 1.4.0 - ldns_pkt_edns_z@Base 1.4.0 - ldns_pkt_empty@Base 1.4.0 - ldns_pkt_free@Base 1.4.0 - ldns_pkt_get_opcode@Base 1.4.0 - ldns_pkt_get_rcode@Base 1.4.0 - ldns_pkt_get_section_clone@Base 1.4.0 - ldns_pkt_id@Base 1.4.0 - ldns_pkt_ixfr_request_new@Base 1.6.17 - ldns_pkt_ixfr_request_new_frm_str@Base 1.6.17 - ldns_pkt_new@Base 1.4.0 - ldns_pkt_nscount@Base 1.4.0 - ldns_pkt_opcode2buffer_str@Base 1.4.0 - ldns_pkt_opcode2str@Base 1.4.0 - ldns_pkt_print@Base 1.4.0 - ldns_pkt_print_fmt@Base 1.6.11 - ldns_pkt_push_rr@Base 1.4.0 - ldns_pkt_push_rr_list@Base 1.4.0 - ldns_pkt_qdcount@Base 1.4.0 - ldns_pkt_qr@Base 1.4.0 - ldns_pkt_query_new@Base 1.4.0 - ldns_pkt_query_new_frm_str@Base 1.4.0 - ldns_pkt_querytime@Base 1.4.0 - ldns_pkt_question@Base 1.4.0 - ldns_pkt_ra@Base 1.4.0 - ldns_pkt_rcode2buffer_str@Base 1.4.0 - ldns_pkt_rcode2str@Base 1.4.0 - ldns_pkt_rd@Base 1.4.0 - ldns_pkt_reply_type@Base 1.4.0 - ldns_pkt_rr@Base 1.4.0 - ldns_pkt_rr_list_by_name@Base 1.4.0 - ldns_pkt_rr_list_by_name_and_type@Base 1.4.0 - ldns_pkt_rr_list_by_type@Base 1.4.0 - ldns_pkt_safe_push_rr@Base 1.4.0 - ldns_pkt_safe_push_rr_list@Base 1.4.0 - ldns_pkt_section_count@Base 1.4.0 - ldns_pkt_set_aa@Base 1.4.0 - ldns_pkt_set_ad@Base 1.4.0 - ldns_pkt_set_additional@Base 1.4.0 - ldns_pkt_set_ancount@Base 1.4.0 - ldns_pkt_set_answer@Base 1.4.0 - ldns_pkt_set_answerfrom@Base 1.4.0 - ldns_pkt_set_arcount@Base 1.4.0 - ldns_pkt_set_authority@Base 1.4.0 - ldns_pkt_set_cd@Base 1.4.0 - ldns_pkt_set_edns_data@Base 1.4.0 - ldns_pkt_set_edns_do@Base 1.4.0 - ldns_pkt_set_edns_extended_rcode@Base 1.4.0 - ldns_pkt_set_edns_udp_size@Base 1.4.0 - ldns_pkt_set_edns_version@Base 1.4.0 - ldns_pkt_set_edns_z@Base 1.4.0 - ldns_pkt_set_flags@Base 1.4.0 - ldns_pkt_set_id@Base 1.4.0 - ldns_pkt_set_nscount@Base 1.4.0 - ldns_pkt_set_opcode@Base 1.4.0 - ldns_pkt_set_qdcount@Base 1.4.0 - ldns_pkt_set_qr@Base 1.4.0 - ldns_pkt_set_querytime@Base 1.4.0 - ldns_pkt_set_question@Base 1.4.0 - ldns_pkt_set_ra@Base 1.4.0 - ldns_pkt_set_random_id@Base 1.4.0 - ldns_pkt_set_rcode@Base 1.4.0 - ldns_pkt_set_rd@Base 1.4.0 - ldns_pkt_set_section_count@Base 1.4.0 - ldns_pkt_set_size@Base 1.4.0 - ldns_pkt_set_tc@Base 1.4.0 - ldns_pkt_set_timestamp@Base 1.4.0 - ldns_pkt_set_tsig@Base 1.4.0 - ldns_pkt_size@Base 1.4.0 - ldns_pkt_tc@Base 1.4.0 - ldns_pkt_timestamp@Base 1.4.0 - ldns_pkt_tsig@Base 1.4.0 - ldns_pkt_tsig_sign@Base 1.4.0 - ldns_pkt_tsig_sign_next@Base 1.6.7 - ldns_pkt_tsig_verify@Base 1.4.0 - ldns_pkt_tsig_verify_next@Base 1.6.7 - ldns_pkt_verify@Base 1.4.0 - ldns_pkt_verify_time@Base 1.6.13 - ldns_pktheader2buffer_str@Base 1.4.0 - ldns_print_rr_rdf@Base 1.4.0 - ldns_radix_create@Base 1.6.17 - ldns_radix_delete@Base 1.6.17 - ldns_radix_find_less_equal@Base 1.6.17 - ldns_radix_first@Base 1.6.17 - ldns_radix_free@Base 1.6.17 - ldns_radix_init@Base 1.6.17 - ldns_radix_insert@Base 1.6.17 - ldns_radix_join@Base 1.6.17 - ldns_radix_last@Base 1.6.17 - ldns_radix_next@Base 1.6.17 - ldns_radix_prev@Base 1.6.17 - ldns_radix_printf@Base 1.6.17 - ldns_radix_search@Base 1.6.17 - ldns_radix_split@Base 1.6.17 - ldns_radix_traverse_postorder@Base 1.6.17 - ldns_rbtree_create@Base 1.4.0 - ldns_rbtree_delete@Base 1.4.0 - ldns_rbtree_find_less_equal@Base 1.4.0 - ldns_rbtree_first@Base 1.4.0 - ldns_rbtree_free@Base 1.4.0 - ldns_rbtree_init@Base 1.4.0 - ldns_rbtree_insert@Base 1.4.0 - ldns_rbtree_insert_vref@Base 1.4.0 - ldns_rbtree_join@Base 1.4.0 - ldns_rbtree_last@Base 1.4.0 - ldns_rbtree_next@Base 1.4.0 - ldns_rbtree_null_node@Base 1.4.0 - ldns_rbtree_previous@Base 1.4.0 - ldns_rbtree_search@Base 1.4.0 - ldns_rbtree_split@Base 1.4.0 - ldns_rcodes@Base 1.4.0 - ldns_rdf2buffer_str@Base 1.4.0 - ldns_rdf2buffer_str_a@Base 1.4.0 - ldns_rdf2buffer_str_aaaa@Base 1.4.0 - ldns_rdf2buffer_str_alg@Base 1.4.0 - ldns_rdf2buffer_str_apl@Base 1.4.0 - ldns_rdf2buffer_str_atma@Base 1.6.2 - ldns_rdf2buffer_str_b32_ext@Base 1.4.0 - ldns_rdf2buffer_str_b64@Base 1.4.0 - ldns_rdf2buffer_str_cert_alg@Base 1.4.0 - ldns_rdf2buffer_str_class@Base 1.4.0 - ldns_rdf2buffer_str_dname@Base 1.4.0 - ldns_rdf2buffer_str_eui48@Base 1.6.17 - ldns_rdf2buffer_str_eui64@Base 1.6.17 - ldns_rdf2buffer_str_hex@Base 1.4.0 - ldns_rdf2buffer_str_hip@Base 1.6.17 - ldns_rdf2buffer_str_ilnp64@Base 1.6.17 - ldns_rdf2buffer_str_int16@Base 1.4.0 - ldns_rdf2buffer_str_int16_data@Base 1.4.0 - ldns_rdf2buffer_str_int32@Base 1.4.0 - ldns_rdf2buffer_str_int8@Base 1.4.0 - ldns_rdf2buffer_str_ipseckey@Base 1.4.0 - ldns_rdf2buffer_str_loc@Base 1.4.0 - ldns_rdf2buffer_str_long_str@Base 1.6.17 - ldns_rdf2buffer_str_nsap@Base 1.4.0 - ldns_rdf2buffer_str_nsec3_salt@Base 1.4.0 - ldns_rdf2buffer_str_nsec@Base 1.4.0 - ldns_rdf2buffer_str_period@Base 1.4.0 - ldns_rdf2buffer_str_str@Base 1.4.0 - ldns_rdf2buffer_str_tag@Base 1.6.17 - ldns_rdf2buffer_str_time@Base 1.4.0 - ldns_rdf2buffer_str_tsigtime@Base 1.4.0 - ldns_rdf2buffer_str_type@Base 1.4.0 - ldns_rdf2buffer_str_unknown@Base 1.4.0 - ldns_rdf2buffer_str_wks@Base 1.4.0 - ldns_rdf2buffer_wire@Base 1.4.0 - ldns_rdf2buffer_wire_canonical@Base 1.4.0 - ldns_rdf2buffer_wire_compress@Base 1.7.0 - ldns_rdf2native_int16@Base 1.4.0 - ldns_rdf2native_int32@Base 1.4.0 - ldns_rdf2native_int8@Base 1.4.0 - ldns_rdf2native_sockaddr_storage@Base 1.4.0 - ldns_rdf2native_time_t@Base 1.4.0 - ldns_rdf2rr_type@Base 1.4.0 - ldns_rdf2str@Base 1.4.0 - ldns_rdf2wire@Base 1.4.0 - ldns_rdf_address_reverse@Base 1.4.0 - ldns_rdf_bitmap_known_rr_types@Base 1.6.17 - ldns_rdf_bitmap_known_rr_types_space@Base 1.6.17 - ldns_rdf_clone@Base 1.4.0 - ldns_rdf_compare@Base 1.4.0 - ldns_rdf_data@Base 1.4.0 - ldns_rdf_deep_free@Base 1.4.0 - ldns_rdf_free@Base 1.4.0 - ldns_rdf_get_type@Base 1.4.0 - ldns_rdf_hip_get_alg_hit_pk@Base 1.6.17 - ldns_rdf_hip_new_frm_alg_hit_pk@Base 1.6.17 - ldns_rdf_new@Base 1.4.0 - ldns_rdf_new_frm_data@Base 1.4.0 - ldns_rdf_new_frm_fp@Base 1.4.0 - ldns_rdf_new_frm_fp_l@Base 1.4.0 - ldns_rdf_new_frm_str@Base 1.4.0 - ldns_rdf_print@Base 1.4.0 - ldns_rdf_set_data@Base 1.4.0 - ldns_rdf_set_size@Base 1.4.0 - ldns_rdf_set_type@Base 1.4.0 - ldns_rdf_size@Base 1.4.0 - ldns_read_anchor_file@Base 1.4.0 - ldns_resolver_clone@Base 1.6.17 - ldns_resolver_debug@Base 1.4.0 - ldns_resolver_dec_nameserver_count@Base 1.4.0 - ldns_resolver_deep_free@Base 1.4.0 - ldns_resolver_defnames@Base 1.4.0 - ldns_resolver_dnsrch@Base 1.4.0 - ldns_resolver_dnssec@Base 1.4.0 - ldns_resolver_dnssec_anchors@Base 1.4.0 - ldns_resolver_dnssec_cd@Base 1.4.0 - ldns_resolver_domain@Base 1.4.0 - ldns_resolver_edns_udp_size@Base 1.4.0 - ldns_resolver_fail@Base 1.4.0 - ldns_resolver_fallback@Base 1.4.0 - ldns_resolver_free@Base 1.4.0 - ldns_resolver_get_ixfr_serial@Base 1.7.0 - ldns_resolver_igntc@Base 1.4.0 - ldns_resolver_incr_nameserver_count@Base 1.4.0 - ldns_resolver_ip6@Base 1.4.0 - ldns_resolver_nameserver_count@Base 1.4.0 - ldns_resolver_nameserver_rtt@Base 1.4.0 - ldns_resolver_nameservers@Base 1.4.0 - ldns_resolver_nameservers_randomize@Base 1.4.0 - ldns_resolver_new@Base 1.4.0 - ldns_resolver_new_frm_file@Base 1.4.0 - ldns_resolver_new_frm_fp@Base 1.4.0 - ldns_resolver_new_frm_fp_l@Base 1.4.0 - ldns_resolver_pop_nameserver@Base 1.4.0 - ldns_resolver_port@Base 1.4.0 - ldns_resolver_prepare_query_pkt@Base 1.4.0 - ldns_resolver_print@Base 1.4.0 - ldns_resolver_print_fmt@Base 1.6.11 - ldns_resolver_push_dnssec_anchor@Base 1.4.0 - ldns_resolver_push_nameserver@Base 1.4.0 - ldns_resolver_push_nameserver_rr@Base 1.4.0 - ldns_resolver_push_nameserver_rr_list@Base 1.4.0 - ldns_resolver_push_searchlist@Base 1.4.0 - ldns_resolver_query@Base 1.4.0 - ldns_resolver_query_status@Base 1.6.17 - ldns_resolver_random@Base 1.4.0 - ldns_resolver_recursive@Base 1.4.0 - ldns_resolver_retrans@Base 1.4.0 - ldns_resolver_retry@Base 1.4.0 - ldns_resolver_rtt@Base 1.4.0 - ldns_resolver_search@Base 1.4.0 - ldns_resolver_search_status@Base 1.6.17 - ldns_resolver_searchlist@Base 1.4.0 - ldns_resolver_searchlist_count@Base 1.4.0 - ldns_resolver_send@Base 1.4.0 - ldns_resolver_send_pkt@Base 1.4.0 - ldns_resolver_set_debug@Base 1.4.0 - ldns_resolver_set_defnames@Base 1.4.0 - ldns_resolver_set_dnsrch@Base 1.4.0 - ldns_resolver_set_dnssec@Base 1.4.0 - ldns_resolver_set_dnssec_anchors@Base 1.4.0 - ldns_resolver_set_dnssec_cd@Base 1.4.0 - ldns_resolver_set_domain@Base 1.4.0 - ldns_resolver_set_edns_udp_size@Base 1.4.0 - ldns_resolver_set_fail@Base 1.4.0 - ldns_resolver_set_fallback@Base 1.4.0 - ldns_resolver_set_igntc@Base 1.4.0 - ldns_resolver_set_ip6@Base 1.4.0 - ldns_resolver_set_ixfr_serial@Base 1.7.0 - ldns_resolver_set_nameserver_count@Base 1.4.0 - ldns_resolver_set_nameserver_rtt@Base 1.4.0 - ldns_resolver_set_nameservers@Base 1.4.0 - ldns_resolver_set_port@Base 1.4.0 - ldns_resolver_set_random@Base 1.4.0 - ldns_resolver_set_recursive@Base 1.4.0 - ldns_resolver_set_retrans@Base 1.4.0 - ldns_resolver_set_retry@Base 1.4.0 - ldns_resolver_set_rtt@Base 1.4.0 - ldns_resolver_set_source@Base 1.6.17 - ldns_resolver_set_timeout@Base 1.4.0 - ldns_resolver_set_tsig_algorithm@Base 1.4.0 - ldns_resolver_set_tsig_keydata@Base 1.4.0 - ldns_resolver_set_tsig_keyname@Base 1.4.0 - ldns_resolver_set_usevc@Base 1.4.0 - ldns_resolver_source@Base 1.6.17 - ldns_resolver_timeout@Base 1.4.0 - ldns_resolver_trusted_key@Base 1.4.0 - ldns_resolver_tsig_algorithm@Base 1.4.0 - ldns_resolver_tsig_keydata@Base 1.4.0 - ldns_resolver_tsig_keyname@Base 1.4.0 - ldns_resolver_usevc@Base 1.4.0 - ldns_rr2buffer_str@Base 1.4.0 - ldns_rr2buffer_str_fmt@Base 1.6.11 - ldns_rr2buffer_wire@Base 1.4.0 - ldns_rr2buffer_wire_canonical@Base 1.4.0 - ldns_rr2buffer_wire_compress@Base 1.7.0 - ldns_rr2canonical@Base 1.4.0 - ldns_rr2str@Base 1.4.0 - ldns_rr2str_fmt@Base 1.6.11 - ldns_rr2wire@Base 1.4.0 - ldns_rr_a_address@Base 1.4.0 - ldns_rr_a_set_address@Base 1.4.0 - ldns_rr_class2buffer_str@Base 1.4.0 - ldns_rr_class2str@Base 1.4.0 - ldns_rr_classes@Base 1.4.0 - ldns_rr_clone@Base 1.4.0 - ldns_rr_compare@Base 1.4.0 - ldns_rr_compare_ds@Base 1.4.0 - ldns_rr_compare_no_rdata@Base 1.4.0 - ldns_rr_compare_wire@Base 1.4.0 - ldns_rr_descript@Base 1.4.0 - ldns_rr_descriptor_field_type@Base 1.4.0 - ldns_rr_descriptor_maximum@Base 1.4.0 - ldns_rr_descriptor_minimum@Base 1.4.0 - ldns_rr_dnskey_algorithm@Base 1.4.0 - ldns_rr_dnskey_flags@Base 1.4.0 - ldns_rr_dnskey_key@Base 1.4.0 - ldns_rr_dnskey_key_size@Base 1.4.0 - ldns_rr_dnskey_key_size_raw@Base 1.4.0 - ldns_rr_dnskey_protocol@Base 1.4.0 - ldns_rr_dnskey_set_algorithm@Base 1.4.0 - ldns_rr_dnskey_set_flags@Base 1.4.0 - ldns_rr_dnskey_set_key@Base 1.4.0 - ldns_rr_dnskey_set_protocol@Base 1.4.0 - ldns_rr_free@Base 1.4.0 - ldns_rr_get_class@Base 1.4.0 - ldns_rr_get_type@Base 1.4.0 - ldns_rr_is_question@Base 1.6.3 - ldns_rr_label_count@Base 1.4.0 - ldns_rr_list2buffer_str@Base 1.4.0 - ldns_rr_list2buffer_str_fmt@Base 1.6.11 - ldns_rr_list2buffer_wire@Base 1.4.0 - ldns_rr_list2canonical@Base 1.4.0 - ldns_rr_list2str@Base 1.4.0 - ldns_rr_list2str_fmt@Base 1.6.11 - ldns_rr_list_cat@Base 1.4.0 - ldns_rr_list_cat_clone@Base 1.4.0 - ldns_rr_list_clone@Base 1.4.0 - ldns_rr_list_compare@Base 1.4.0 - ldns_rr_list_contains_rr@Base 1.4.0 - ldns_rr_list_deep_free@Base 1.4.0 - ldns_rr_list_free@Base 1.4.0 - ldns_rr_list_new@Base 1.4.0 - ldns_rr_list_owner@Base 1.4.0 - ldns_rr_list_pop_rr@Base 1.4.0 - ldns_rr_list_pop_rr_list@Base 1.4.0 - ldns_rr_list_pop_rrset@Base 1.4.0 - ldns_rr_list_print@Base 1.4.0 - ldns_rr_list_print_fmt@Base 1.6.11 - ldns_rr_list_push_rr@Base 1.4.0 - ldns_rr_list_push_rr_list@Base 1.4.0 - ldns_rr_list_rr@Base 1.4.0 - ldns_rr_list_rr_count@Base 1.4.0 - ldns_rr_list_set_rr@Base 1.4.0 - ldns_rr_list_set_rr_count@Base 1.4.0 - ldns_rr_list_sort@Base 1.4.0 - ldns_rr_list_sort_nsec3@Base 1.4.0 - ldns_rr_list_subtype_by_rdf@Base 1.4.0 - ldns_rr_list_type@Base 1.4.0 - ldns_rr_mx_exchange@Base 1.4.0 - ldns_rr_mx_preference@Base 1.4.0 - ldns_rr_new@Base 1.4.0 - ldns_rr_new_frm_fp@Base 1.4.0 - ldns_rr_new_frm_fp_l@Base 1.4.0 - ldns_rr_new_frm_str@Base 1.4.0 - ldns_rr_new_frm_type@Base 1.4.0 - ldns_rr_new_question_frm_str@Base 1.4.0 - ldns_rr_ns_nsdname@Base 1.4.0 - ldns_rr_owner@Base 1.4.0 - ldns_rr_pop_rdf@Base 1.4.0 - ldns_rr_print@Base 1.4.0 - ldns_rr_print_fmt@Base 1.6.11 - ldns_rr_push_rdf@Base 1.4.0 - ldns_rr_rd_count@Base 1.4.0 - ldns_rr_rdata2buffer_wire@Base 1.4.0 - ldns_rr_rdf@Base 1.4.0 - ldns_rr_rrsig_algorithm@Base 1.4.0 - ldns_rr_rrsig_expiration@Base 1.4.0 - ldns_rr_rrsig_inception@Base 1.4.0 - ldns_rr_rrsig_keytag@Base 1.4.0 - ldns_rr_rrsig_labels@Base 1.4.0 - ldns_rr_rrsig_origttl@Base 1.4.0 - ldns_rr_rrsig_set_algorithm@Base 1.4.0 - ldns_rr_rrsig_set_expiration@Base 1.4.0 - ldns_rr_rrsig_set_inception@Base 1.4.0 - ldns_rr_rrsig_set_keytag@Base 1.4.0 - ldns_rr_rrsig_set_labels@Base 1.4.0 - ldns_rr_rrsig_set_origttl@Base 1.4.0 - ldns_rr_rrsig_set_sig@Base 1.4.0 - ldns_rr_rrsig_set_signame@Base 1.4.0 - ldns_rr_rrsig_set_typecovered@Base 1.4.0 - ldns_rr_rrsig_sig@Base 1.4.0 - ldns_rr_rrsig_signame@Base 1.4.0 - ldns_rr_rrsig_typecovered@Base 1.4.0 - ldns_rr_set_class@Base 1.4.0 - ldns_rr_set_owner@Base 1.4.0 - ldns_rr_set_pop_rr@Base 1.4.0 - ldns_rr_set_push_rr@Base 1.4.0 - ldns_rr_set_question@Base 1.6.3 - ldns_rr_set_rd_count@Base 1.4.0 - ldns_rr_set_rdf@Base 1.4.0 - ldns_rr_set_ttl@Base 1.4.0 - ldns_rr_set_type@Base 1.4.0 - ldns_rr_soa_increment@Base 1.6.13 - ldns_rr_soa_increment_func@Base 1.6.13 - ldns_rr_soa_increment_func_data@Base 1.6.13 - ldns_rr_soa_increment_func_int@Base 1.6.13 - ldns_rr_ttl@Base 1.4.0 - ldns_rr_type2buffer_str@Base 1.4.0 - ldns_rr_type2str@Base 1.4.0 - ldns_rr_uncompressed_size@Base 1.4.0 - ldns_rrsig2buffer_wire@Base 1.4.0 - ldns_send@Base 1.4.0 - ldns_send_buffer@Base 1.4.0 - ldns_serial_arithmitics_gmtime_r@Base 1.6.10 - ldns_set_bit@Base 1.4.0 - ldns_sha1@Base 1.6.0 - ldns_sha1_final@Base 1.6.0 - ldns_sha1_init@Base 1.6.0 - ldns_sha1_transform@Base 1.6.0 - ldns_sha1_update@Base 1.6.0 - ldns_sha256@Base 1.6.0 - ldns_sha256_final@Base 1.6.0 - ldns_sha256_init@Base 1.6.0 - ldns_sha256_update@Base 1.6.0 - ldns_sha384@Base 1.6.0 - ldns_sha384_final@Base 1.6.0 - ldns_sha384_init@Base 1.6.0 - ldns_sha384_update@Base 1.6.0 - ldns_sha512@Base 1.6.0 - ldns_sha512_final@Base 1.6.0 - ldns_sha512_init@Base 1.6.0 - ldns_sha512_update@Base 1.6.0 - ldns_sign_public@Base 1.4.0 - ldns_sign_public_buffer@Base 1.5.1 - ldns_sign_public_dsa@Base 1.4.0 - ldns_sign_public_evp@Base 1.4.0 - ldns_sign_public_rsamd5@Base 1.4.0 - ldns_sign_public_rsasha1@Base 1.4.0 - ldns_signing_algorithms@Base 1.4.0 - ldns_soa_serial_datecounter@Base 1.6.13 - ldns_soa_serial_identity@Base 1.6.13 - ldns_soa_serial_increment@Base 1.6.13 - ldns_soa_serial_increment_by@Base 1.6.13 - ldns_soa_serial_unixtime@Base 1.6.13 - ldns_sockaddr_storage2rdf@Base 1.4.0 - ldns_str2period@Base 1.4.0 - ldns_str2rdf_a@Base 1.4.0 - ldns_str2rdf_aaaa@Base 1.4.0 - ldns_str2rdf_alg@Base 1.4.0 - ldns_str2rdf_apl@Base 1.4.0 - ldns_str2rdf_atma@Base 1.6.2 - ldns_str2rdf_b32_ext@Base 1.4.0 - ldns_str2rdf_b64@Base 1.4.0 - ldns_str2rdf_cert_alg@Base 1.4.0 - ldns_str2rdf_certificate_usage@Base 1.7.0 - ldns_str2rdf_class@Base 1.4.0 - ldns_str2rdf_dname@Base 1.4.0 - ldns_str2rdf_eui48@Base 1.6.17 - ldns_str2rdf_eui64@Base 1.6.17 - ldns_str2rdf_hex@Base 1.4.0 - ldns_str2rdf_hip@Base 1.6.17 - ldns_str2rdf_ilnp64@Base 1.6.17 - ldns_str2rdf_int16@Base 1.4.0 - ldns_str2rdf_int32@Base 1.4.0 - ldns_str2rdf_int8@Base 1.4.0 - ldns_str2rdf_ipseckey@Base 1.6.2 - ldns_str2rdf_loc@Base 1.4.0 - ldns_str2rdf_long_str@Base 1.6.17 - ldns_str2rdf_matching_type@Base 1.7.0 - ldns_str2rdf_nsap@Base 1.4.0 - ldns_str2rdf_nsec3_salt@Base 1.4.0 - ldns_str2rdf_nsec@Base 1.4.0 - ldns_str2rdf_period@Base 1.4.0 - ldns_str2rdf_selector@Base 1.7.0 - ldns_str2rdf_service@Base 1.4.0 - ldns_str2rdf_str@Base 1.4.0 - ldns_str2rdf_tag@Base 1.6.17 - ldns_str2rdf_time@Base 1.4.0 - ldns_str2rdf_type@Base 1.4.0 - ldns_str2rdf_unknown@Base 1.4.0 - ldns_str2rdf_wks@Base 1.4.0 - ldns_tcp_bgsend@Base 1.4.0 - ldns_tcp_connect@Base 1.4.0 - ldns_tcp_read_wire@Base 1.4.0 - ldns_tcp_read_wire_timeout@Base 1.6.2 - ldns_tcp_send@Base 1.4.0 - ldns_tcp_send_query@Base 1.4.0 - ldns_traverse_postorder@Base 1.4.0 - ldns_tsig_algorithm@Base 1.4.0 - ldns_tsig_keydata@Base 1.4.0 - ldns_tsig_keydata_clone@Base 1.4.0 - ldns_tsig_keyname@Base 1.4.0 - ldns_tsig_keyname_clone@Base 1.4.0 - ldns_udp_bgsend@Base 1.4.0 - ldns_udp_connect@Base 1.4.0 - ldns_udp_read_wire@Base 1.4.0 - ldns_udp_send@Base 1.4.0 - ldns_udp_send_query@Base 1.4.0 - ldns_update_ad@Base 1.4.0 - ldns_update_pkt_new@Base 1.4.0 - ldns_update_pkt_tsig_add@Base 1.4.0 - ldns_update_prcount@Base 1.4.0 - ldns_update_set_adcount@Base 1.4.0 - ldns_update_set_prcount@Base 1.4.0 - ldns_update_set_upcount@Base 1.4.0 - ldns_update_set_zo@Base 1.4.0 - ldns_update_soa_mname@Base 1.4.0 - ldns_update_soa_zone_mname@Base 1.4.0 - ldns_update_upcount@Base 1.4.0 - ldns_update_zocount@Base 1.4.0 - ldns_validate_domain_dnskey@Base 1.4.0 - ldns_validate_domain_dnskey_time@Base 1.6.13 - ldns_validate_domain_ds@Base 1.4.0 - ldns_validate_domain_ds_time@Base 1.6.13 - ldns_verify@Base 1.4.0 - ldns_verify_notime@Base 1.6.1 - ldns_verify_rrsig@Base 1.4.0 - ldns_verify_rrsig_buffers@Base 1.4.0 - ldns_verify_rrsig_buffers_raw@Base 1.4.0 - ldns_verify_rrsig_dsa@Base 1.4.0 - ldns_verify_rrsig_dsa_raw@Base 1.4.0 - ldns_verify_rrsig_evp@Base 1.4.0 - ldns_verify_rrsig_evp_raw@Base 1.4.0 - ldns_verify_rrsig_keylist@Base 1.4.0 - ldns_verify_rrsig_keylist_notime@Base 1.6.1 - ldns_verify_rrsig_keylist_time@Base 1.6.13 - ldns_verify_rrsig_rsamd5@Base 1.4.0 - ldns_verify_rrsig_rsamd5_raw@Base 1.4.0 - ldns_verify_rrsig_rsasha1@Base 1.4.0 - ldns_verify_rrsig_rsasha1_raw@Base 1.4.0 - ldns_verify_rrsig_rsasha256_raw@Base 1.4.0 - ldns_verify_rrsig_rsasha512_raw@Base 1.4.0 - ldns_verify_rrsig_time@Base 1.6.13 - ldns_verify_time@Base 1.6.13 - ldns_verify_trusted@Base 1.4.0 - ldns_verify_trusted_time@Base 1.6.13 - ldns_version@Base 1.4.0 - ldns_wire2dname@Base 1.4.0 - ldns_wire2pkt@Base 1.4.0 - ldns_wire2rdf@Base 1.4.0 - ldns_wire2rr@Base 1.4.0 - ldns_zone_deep_free@Base 1.4.0 - ldns_zone_free@Base 1.4.0 - ldns_zone_glue_rr_list@Base 1.4.0 - ldns_zone_new@Base 1.4.0 - ldns_zone_new_frm_fp@Base 1.4.0 - ldns_zone_new_frm_fp_l@Base 1.4.0 - ldns_zone_print@Base 1.4.0 - ldns_zone_print_fmt@Base 1.6.11 - ldns_zone_push_rr@Base 1.4.0 - ldns_zone_push_rr_list@Base 1.4.0 - ldns_zone_rr_count@Base 1.4.0 - ldns_zone_rrs@Base 1.4.0 - ldns_zone_set_rrs@Base 1.4.0 - ldns_zone_set_soa@Base 1.4.0 - ldns_zone_sign@Base 1.4.0 - ldns_zone_sign_nsec3@Base 1.4.0 - ldns_zone_soa@Base 1.4.0 - ldns_zone_sort@Base 1.4.0 - mktime_from_utc@Base 1.4.0 - qsort_rr_compare_nsec3@Base 1.4.0 diff -Nru ldns-1.7.1/debian/libldns3.symbols ldns-1.8.1/debian/libldns3.symbols --- ldns-1.7.1/debian/libldns3.symbols 2022-03-24 14:58:45.000000000 +0000 +++ ldns-1.8.1/debian/libldns3.symbols 2022-04-25 08:33:02.000000000 +0000 @@ -1,4 +1,5 @@ libldns.so.3 libldns3 #MINVER# +* Build-Depends-Package: libldns-dev b32_ntop@Base 1.7.1 b32_ntop_extended_hex@Base 1.7.1 b32_pton@Base 1.7.1 @@ -166,6 +167,7 @@ ldns_dnssec_zone_sign_nsec3@Base 1.7.1 ldns_dnssec_zone_sign_nsec3_flg@Base 1.7.1 ldns_dnssec_zone_sign_nsec3_flg_mkmap@Base 1.7.1 + ldns_dnssec_zone_verify_zonemd@Base 1.8.0 ldns_duration2string@Base 1.7.1 ldns_duration2time@Base 1.7.1 ldns_duration_cleanup@Base 1.7.1 @@ -183,6 +185,7 @@ ldns_fget_keyword_data_l@Base 1.7.1 ldns_fget_token@Base 1.7.1 ldns_fget_token_l@Base 1.7.1 + ldns_fget_token_l_st@Base 1.8.0 ldns_fskipcs@Base 1.7.1 ldns_fskipcs_l@Base 1.7.1 ldns_get_bit@Base 1.7.1 @@ -308,6 +311,7 @@ ldns_pkt2buffer_str@Base 1.7.1 ldns_pkt2buffer_str_fmt@Base 1.7.1 ldns_pkt2buffer_wire@Base 1.7.1 + ldns_pkt2buffer_wire_compress@Base 1.8.0 ldns_pkt2str@Base 1.7.1 ldns_pkt2str_fmt@Base 1.7.1 ldns_pkt2wire@Base 1.7.1 @@ -472,6 +476,7 @@ ldns_rdf2buffer_str_nsec@Base 1.7.1 ldns_rdf2buffer_str_period@Base 1.7.1 ldns_rdf2buffer_str_str@Base 1.7.1 + ldns_rdf2buffer_str_svcparams@Base 1.8.0 ldns_rdf2buffer_str_tag@Base 1.7.1 ldns_rdf2buffer_str_time@Base 1.7.1 ldns_rdf2buffer_str_tsigtime@Base 1.7.1 @@ -718,6 +723,7 @@ ldns_rrsig2buffer_wire@Base 1.7.1 ldns_send@Base 1.7.1 ldns_send_buffer@Base 1.7.1 + ldns_serial_arithmetics_gmtime_r@Base 1.8.0 ldns_serial_arithmitics_gmtime_r@Base 1.7.1 ldns_set_bit@Base 1.7.1 ldns_sha1@Base 1.7.1 @@ -782,6 +788,7 @@ ldns_str2rdf_selector@Base 1.7.1 ldns_str2rdf_service@Base 1.7.1 ldns_str2rdf_str@Base 1.7.1 + ldns_str2rdf_svcparams@Base 1.8.0 ldns_str2rdf_tag@Base 1.7.1 ldns_str2rdf_time@Base 1.7.1 ldns_str2rdf_type@Base 1.7.1 diff -Nru ldns-1.7.1/debian/libldns-dev.install ldns-1.8.1/debian/libldns-dev.install --- ldns-1.7.1/debian/libldns-dev.install 2020-06-15 12:47:30.000000000 +0000 +++ ldns-1.8.1/debian/libldns-dev.install 2022-04-25 08:33:02.000000000 +0000 @@ -3,3 +3,4 @@ usr/lib/*/libldns.so usr/lib/*/pkgconfig/*.pc usr/share/man/man3/* +packaging/libldns.pc usr/lib/${DEB_HOST_MULTIARCH}/pkgconfig/ diff -Nru ldns-1.7.1/debian/libldns-dev.lintian-overrides ldns-1.8.1/debian/libldns-dev.lintian-overrides --- ldns-1.7.1/debian/libldns-dev.lintian-overrides 2020-06-15 12:47:30.000000000 +0000 +++ ldns-1.8.1/debian/libldns-dev.lintian-overrides 1970-01-01 00:00:00.000000000 +0000 @@ -1 +0,0 @@ -libldns-dev: manpage-has-bad-whatis-entry usr/share/man/man3/* diff -Nru ldns-1.7.1/debian/not-installed ldns-1.8.1/debian/not-installed --- ldns-1.7.1/debian/not-installed 2020-06-15 12:47:30.000000000 +0000 +++ ldns-1.8.1/debian/not-installed 2022-04-25 08:33:02.000000000 +0000 @@ -1,3 +1 @@ usr/lib/*/*.la -usr/lib/*/dist-packages/_ldns.a -usr/lib/*/dist-packages/_ldns.la diff -Nru ldns-1.7.1/debian/patches/fix-pyldns-include.patch ldns-1.8.1/debian/patches/fix-pyldns-include.patch --- ldns-1.7.1/debian/patches/fix-pyldns-include.patch 1970-01-01 00:00:00.000000000 +0000 +++ ldns-1.8.1/debian/patches/fix-pyldns-include.patch 2022-04-25 08:33:02.000000000 +0000 @@ -0,0 +1,16 @@ +From: Michael Tokarev +Date: Fri, 08 Apr 2022 13:55:18 +0300 +Subject: fix pyldns include + +contrib/python/ldns.i has #include "ldns.h", while +other source files has it like "ldns/ldns.h". This +works when building in source dir, but breaks when +doing the build in a separate subdirectory. + +diff --git a/contrib/python/ldns.i b/contrib/python/ldns.i +index 881ba5e..b0703cb 100644 +--- a/contrib/python/ldns.i ++++ b/contrib/python/ldns.i +@@ -37 +37 @@ +-#include "ldns.h" ++#include "ldns/ldns.h" diff -Nru ldns-1.7.1/debian/patches/lp-1966237-Fix-131-Compile-with-fno-strict-aliasing.patch ldns-1.8.1/debian/patches/lp-1966237-Fix-131-Compile-with-fno-strict-aliasing.patch --- ldns-1.7.1/debian/patches/lp-1966237-Fix-131-Compile-with-fno-strict-aliasing.patch 2022-03-25 09:09:48.000000000 +0000 +++ ldns-1.8.1/debian/patches/lp-1966237-Fix-131-Compile-with-fno-strict-aliasing.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,57 +0,0 @@ -From 4d2057f0b5220487882be1b19c302833b84cffe3 Mon Sep 17 00:00:00 2001 -From: Willem Toorop -Date: Thu, 7 Oct 2021 16:49:11 +0200 -Subject: [PATCH] Fix #131: Compile with -fno-strict-aliasing - -or drill will fail signature chasing - -Origin: backport, https://github.com/NLnetLabs/ldns/commit/4d2057f0b5 -Bug-Ubuntu: https://bugs.launchpad.net/bugs/1966237 -Last-Update: 2022-03-25 -X-Backport-Note: all applies as-is, except a not needed hunk in the changelog. - ---- - Changelog | 2 ++ - configure.ac | 1 + - sha2.c | 6 +++--- - 3 files changed, 6 insertions(+), 3 deletions(-) - ---- a/configure.ac -+++ b/configure.ac -@@ -96,6 +96,7 @@ ACX_CHECK_COMPILER_FLAG(Wstrict-prototyp - #ACX_CHECK_COMPILER_FLAG(Wshadow, [CFLAGS="-Wshadow $CFLAGS"]) - ACX_CHECK_COMPILER_FLAG(Wunused-function, [CFLAGS="-Wunused-function $CFLAGS"]) - ACX_CHECK_COMPILER_FLAG(Wmissing-prototypes, [CFLAGS="-Wmissing-prototypes $CFLAGS"]) -+ACX_CHECK_COMPILER_FLAG(fno-strict-aliasing, [CFLAGS="-fno-strict-aliasing $CFLAGS"]) - - AC_CHECK_HEADERS([getopt.h time.h],,, [AC_INCLUDES_DEFAULT]) - ---- a/sha2.c -+++ b/sha2.c -@@ -554,7 +554,7 @@ typedef union _ldns_sha2_buffer_union { - uint64_t* theLongs; - } ldns_sha2_buffer_union; - --void ldns_sha256_final(sha2_byte digest[], ldns_sha256_CTX* context) { -+void ldns_sha256_final(sha2_byte digest[LDNS_SHA256_DIGEST_LENGTH], ldns_sha256_CTX* context) { - sha2_word32 *d = (sha2_word32*)digest; - size_t usedspace; - ldns_sha2_buffer_union cast_var; -@@ -905,7 +905,7 @@ static void ldns_sha512_Last(ldns_sha512 - ldns_sha512_Transform(context, (sha2_word64*)context->buffer); - } - --void ldns_sha512_final(sha2_byte digest[], ldns_sha512_CTX* context) { -+void ldns_sha512_final(sha2_byte digest[LDNS_SHA512_DIGEST_LENGTH], ldns_sha512_CTX* context) { - sha2_word64 *d = (sha2_word64*)digest; - - /* Sanity check: */ -@@ -958,7 +958,7 @@ void ldns_sha384_update(ldns_sha384_CTX* - ldns_sha512_update((ldns_sha512_CTX*)context, data, len); - } - --void ldns_sha384_final(sha2_byte digest[], ldns_sha384_CTX* context) { -+void ldns_sha384_final(sha2_byte digest[LDNS_SHA384_DIGEST_LENGTH], ldns_sha384_CTX* context) { - sha2_word64 *d = (sha2_word64*)digest; - - /* Sanity check: */ diff -Nru ldns-1.7.1/debian/patches/Makefile-remove-install-libldns-pc.patch ldns-1.8.1/debian/patches/Makefile-remove-install-libldns-pc.patch --- ldns-1.7.1/debian/patches/Makefile-remove-install-libldns-pc.patch 2022-03-24 14:58:45.000000000 +0000 +++ ldns-1.8.1/debian/patches/Makefile-remove-install-libldns-pc.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,19 +0,0 @@ -Description: Starting with 1.7.1, the packaging/libldns.pc fails when - building in debian, since it doesn't find packaging/libldns.pc.in in the - build output dir. -Author: Santiago Ruano Rincón - -Index: ldns/Makefile.in -=================================================================== ---- ldns.orig/Makefile.in -+++ ldns/Makefile.in -@@ -370,9 +370,6 @@ uninstall-h: - test ! -d $(DESTDIR)$(includedir)/ldns || rmdir -p $(DESTDIR)$(includedir)/ldns || echo "ok, dir already gone" - exit 0 - --packaging/libldns.pc: packaging/libldns.pc.in -- ./config.status $@ -- - install-pc: packaging/libldns.pc - $(INSTALL) -m 644 packaging/libldns.pc $(DESTDIR)$(libdir)/pkgconfig/ldns.pc - diff -Nru ldns-1.7.1/debian/patches/OpenSSL3.patch ldns-1.8.1/debian/patches/OpenSSL3.patch --- ldns-1.7.1/debian/patches/OpenSSL3.patch 2022-03-24 14:58:45.000000000 +0000 +++ ldns-1.8.1/debian/patches/OpenSSL3.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,351 +0,0 @@ -From 1bae6e3556f79d29d1bba812b32b5ba21278a014 Mon Sep 17 00:00:00 2001 -From: "W.C.A. Wijngaards" -Date: Mon, 2 Aug 2021 10:45:42 +0200 -Subject: [PATCH] * Fix #135: Fix compile with OpenSSL-3.0.0-beta2. -Origin: https://github.com/NLnetLabs/ldns/commit/12ab6f7a408cd99e9b43b7db86724c2ee66bc36e -Applied-Upstream: 1.8.0 - ---- - acx_nlnetlabs.m4 | 122 ++++++++++++++++++++++++----------------------- - configure.ac | 21 +++++++- - dnssec_sign.c | 13 +++-- - 3 files changed, 92 insertions(+), 64 deletions(-) - -diff --git a/acx_nlnetlabs.m4 b/acx_nlnetlabs.m4 -index 13736ee1..39e92d87 100644 ---- a/acx_nlnetlabs.m4 -+++ b/acx_nlnetlabs.m4 -@@ -2,7 +2,15 @@ - # Copyright 2009, Wouter Wijngaards, NLnet Labs. - # BSD licensed. - # --# Version 34 -+# Version 41 -+# 2021-07-30 fix for openssl use of lib64 directory. -+# 2021-06-14 fix nonblocking test to use host instead of target for mingw test. -+# 2021-05-17 fix nonblocking socket test from grep on mingw32 to mingw for -+# 64bit compatibility. -+# 2021-03-24 fix ACX_FUNC_DEPRECATED to use CPPFLAGS and CFLAGS. -+# 2021-01-05 fix defun for aclocal -+# 2021-01-05 autoconf 2.70 autoupdate and fixes, no AC_TRY_COMPILE -+# 2020-08-24 Use EVP_sha256 instead of HMAC_Update (for openssl-3.0.0). - # 2016-03-21 Check -ldl -pthread for libcrypto for ldns and openssl 1.1.0. - # 2016-03-21 Use HMAC_Update instead of HMAC_CTX_Init (for openssl-1.1.0). - # 2016-01-04 -D_DEFAULT_SOURCE defined with -D_BSD_SOURCE for Linux glibc 2.20 -@@ -446,15 +454,12 @@ AC_DEFUN([ACX_CHECK_FORMAT_ATTRIBUTE], - AC_MSG_CHECKING(whether the C compiler (${CC-cc}) accepts the "format" attribute) - AC_CACHE_VAL(ac_cv_c_format_attribute, - [ac_cv_c_format_attribute=no --AC_TRY_COMPILE( --[#include -+AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include - void f (char *format, ...) __attribute__ ((format (printf, 1, 2))); - void (*pf) (char *format, ...) __attribute__ ((format (printf, 1, 2))); --], [ -+]], [[ - f ("%s", "str"); --], --[ac_cv_c_format_attribute="yes"], --[ac_cv_c_format_attribute="no"]) -+]])],[ac_cv_c_format_attribute="yes"],[ac_cv_c_format_attribute="no"]) - ]) - - AC_MSG_RESULT($ac_cv_c_format_attribute) -@@ -483,14 +488,11 @@ AC_DEFUN([ACX_CHECK_UNUSED_ATTRIBUTE], - AC_MSG_CHECKING(whether the C compiler (${CC-cc}) accepts the "unused" attribute) - AC_CACHE_VAL(ac_cv_c_unused_attribute, - [ac_cv_c_unused_attribute=no --AC_TRY_COMPILE( --[#include -+AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include - void f (char *u __attribute__((unused))); --], [ -+]], [[ - f ("x"); --], --[ac_cv_c_unused_attribute="yes"], --[ac_cv_c_unused_attribute="no"]) -+]])],[ac_cv_c_unused_attribute="yes"],[ac_cv_c_unused_attribute="no"]) - ]) - - dnl Setup ATTR_UNUSED config.h parts. -@@ -547,7 +549,7 @@ dnl as a requirement so that is gets called before LIBTOOL - dnl because libtools 'AC_REQUIRE' names are right after this one, before - dnl this function contents. - AC_REQUIRE([ACX_LIBTOOL_C_PRE]) --AC_PROG_LIBTOOL -+LT_INIT - ]) - - dnl Detect if u_char type is defined, otherwise define it. -@@ -646,7 +648,7 @@ AC_DEFUN([ACX_SSL_CHECKS], [ - if test x_$withval != x_no; then - AC_MSG_CHECKING(for SSL) - if test x_$withval = x_ -o x_$withval = x_yes; then -- withval="/usr/local/ssl /usr/lib/ssl /usr/ssl /usr/pkg /usr/local /opt/local /usr/local/opt/openssl /usr/sfw /usr" -+ withval="/usr/local/ssl /usr/lib/ssl /usr/ssl /usr/pkg /usr/local /opt/local /usr/sfw /usr" - fi - for dir in $withval; do - ssldir="$dir" -@@ -668,22 +670,28 @@ AC_DEFUN([ACX_SSL_CHECKS], [ - HAVE_SSL=yes - dnl assume /usr is already in the lib and dynlib paths. - if test "$ssldir" != "/usr" -a "$ssldir" != ""; then -- LDFLAGS="$LDFLAGS -L$ssldir/lib" -- LIBSSL_LDFLAGS="$LIBSSL_LDFLAGS -L$ssldir/lib" -- ACX_RUNTIME_PATH_ADD([$ssldir/lib]) -+ if test ! -d "$ssldir/lib" -a -d "$ssldir/lib64"; then -+ LDFLAGS="$LDFLAGS -L$ssldir/lib64" -+ LIBSSL_LDFLAGS="$LIBSSL_LDFLAGS -L$ssldir/lib64" -+ ACX_RUNTIME_PATH_ADD([$ssldir/lib64]) -+ else -+ LDFLAGS="$LDFLAGS -L$ssldir/lib" -+ LIBSSL_LDFLAGS="$LIBSSL_LDFLAGS -L$ssldir/lib" -+ ACX_RUNTIME_PATH_ADD([$ssldir/lib]) -+ fi - fi - -- AC_MSG_CHECKING([for HMAC_Update in -lcrypto]) -+ AC_MSG_CHECKING([for EVP_sha256 in -lcrypto]) - LIBS="$LIBS -lcrypto" - LIBSSL_LIBS="$LIBSSL_LIBS -lcrypto" -- AC_TRY_LINK(, [ -- int HMAC_Update(void); -- (void)HMAC_Update(); -- ], [ -+ AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[ -+ int EVP_sha256(void); -+ (void)EVP_sha256(); -+ ]])],[ - AC_MSG_RESULT(yes) -- AC_DEFINE([HAVE_HMAC_UPDATE], 1, -- [If you have HMAC_Update]) -- ], [ -+ AC_DEFINE([HAVE_EVP_SHA256], 1, -+ [If you have EVP_sha256]) -+ ],[ - AC_MSG_RESULT(no) - # check if -lwsock32 or -lgdi32 are needed. - BAKLIBS="$LIBS" -@@ -691,12 +699,12 @@ AC_DEFUN([ACX_SSL_CHECKS], [ - LIBS="$LIBS -lgdi32 -lws2_32" - LIBSSL_LIBS="$LIBSSL_LIBS -lgdi32 -lws2_32" - AC_MSG_CHECKING([if -lcrypto needs -lgdi32]) -- AC_TRY_LINK([], [ -- int HMAC_Update(void); -- (void)HMAC_Update(); -- ],[ -- AC_DEFINE([HAVE_HMAC_UPDATE], 1, -- [If you have HMAC_Update]) -+ AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[ -+ int EVP_sha256(void); -+ (void)EVP_sha256(); -+ ]])],[ -+ AC_DEFINE([HAVE_EVP_SHA256], 1, -+ [If you have EVP_sha256]) - AC_MSG_RESULT(yes) - ],[ - AC_MSG_RESULT(no) -@@ -705,12 +713,12 @@ AC_DEFUN([ACX_SSL_CHECKS], [ - LIBS="$LIBS -ldl" - LIBSSL_LIBS="$LIBSSL_LIBS -ldl" - AC_MSG_CHECKING([if -lcrypto needs -ldl]) -- AC_TRY_LINK([], [ -- int HMAC_Update(void); -- (void)HMAC_Update(); -- ],[ -- AC_DEFINE([HAVE_HMAC_UPDATE], 1, -- [If you have HMAC_Update]) -+ AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[ -+ int EVP_sha256(void); -+ (void)EVP_sha256(); -+ ]])],[ -+ AC_DEFINE([HAVE_EVP_SHA256], 1, -+ [If you have EVP_sha256]) - AC_MSG_RESULT(yes) - ],[ - AC_MSG_RESULT(no) -@@ -719,12 +727,12 @@ AC_DEFUN([ACX_SSL_CHECKS], [ - LIBS="$LIBS -ldl -pthread" - LIBSSL_LIBS="$LIBSSL_LIBS -ldl -pthread" - AC_MSG_CHECKING([if -lcrypto needs -ldl -pthread]) -- AC_TRY_LINK([], [ -- int HMAC_Update(void); -- (void)HMAC_Update(); -- ],[ -- AC_DEFINE([HAVE_HMAC_UPDATE], 1, -- [If you have HMAC_Update]) -+ AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[ -+ int EVP_sha256(void); -+ (void)EVP_sha256(); -+ ]])],[ -+ AC_DEFINE([HAVE_EVP_SHA256], 1, -+ [If you have EVP_sha256]) - AC_MSG_RESULT(yes) - ],[ - AC_MSG_RESULT(no) -@@ -749,9 +757,8 @@ dnl Checks main header files of SSL. - dnl - AC_DEFUN([ACX_WITH_SSL], - [ --AC_ARG_WITH(ssl, AC_HELP_STRING([--with-ssl=pathname], -- [enable SSL (will check /usr/local/ssl -- /usr/lib/ssl /usr/ssl /usr/pkg /usr/local /opt/local /usr/local/opt/openssl /usr/sfw /usr)]),[ -+AC_ARG_WITH(ssl, AS_HELP_STRING([--with-ssl=pathname],[enable SSL (will check /usr/local/ssl -+ /usr/lib/ssl /usr/ssl /usr/pkg /usr/local /opt/local /usr/sfw /usr)]),[ - ],[ - withval="yes" - ]) -@@ -768,9 +775,8 @@ dnl Checks main header files of SSL. - dnl - AC_DEFUN([ACX_WITH_SSL_OPTIONAL], - [ --AC_ARG_WITH(ssl, AC_HELP_STRING([--with-ssl=pathname], -- [enable SSL (will check /usr/local/ssl -- /usr/lib/ssl /usr/ssl /usr/pkg /usr/local /opt/local /usr/local/opt/openssl /usr/sfw /usr)]),[ -+AC_ARG_WITH(ssl, AS_HELP_STRING([--with-ssl=pathname],[enable SSL (will check /usr/local/ssl -+ /usr/lib/ssl /usr/ssl /usr/pkg /usr/local /opt/local /usr/sfw /usr)]),[ - ],[ - withval="yes" - ]) -@@ -893,7 +899,7 @@ AC_CACHE_VAL(cv_cc_deprecated_$cache, - [ - echo '$3' >conftest.c - echo 'void f(){ $2 }' >>conftest.c --if test -z "`$CC -c conftest.c 2>&1 | grep deprecated`"; then -+if test -z "`$CC $CPPFLAGS $CFLAGS -c conftest.c 2>&1 | grep -e deprecated -e unavailable`"; then - eval "cv_cc_deprecated_$cache=no" - else - eval "cv_cc_deprecated_$cache=yes" -@@ -919,7 +925,7 @@ dnl a nonblocking socket do not work, a new call to select is necessary. - AC_DEFUN([ACX_CHECK_NONBLOCKING_BROKEN], - [ - AC_MSG_CHECKING([if nonblocking sockets work]) --if echo $target | grep mingw32 >/dev/null; then -+if echo $host | grep mingw >/dev/null; then - AC_MSG_RESULT([no (windows)]) - AC_DEFINE([NONBLOCKING_IS_BROKEN], 1, [Define if the network stack does not fully support nonblocking io (causes lower performance).]) - else -@@ -1061,7 +1067,7 @@ dnl defines MKDIR_HAS_ONE_ARG - AC_DEFUN([ACX_MKDIR_ONE_ARG], - [ - AC_MSG_CHECKING([whether mkdir has one arg]) --AC_TRY_COMPILE([ -+AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ - #include - #include - #ifdef HAVE_WINSOCK2_H -@@ -1070,14 +1076,12 @@ AC_TRY_COMPILE([ - #ifdef HAVE_SYS_STAT_H - #include - #endif --], [ -+]], [[ - (void)mkdir("directory"); --], --AC_MSG_RESULT(yes) -+]])],[AC_MSG_RESULT(yes) - AC_DEFINE(MKDIR_HAS_ONE_ARG, 1, [Define if mkdir has one argument.]) --, --AC_MSG_RESULT(no) --) -+],[AC_MSG_RESULT(no) -+]) - ])dnl end of ACX_MKDIR_ONE_ARG - - dnl Check for ioctlsocket function. works on mingw32 too. -diff --git a/configure.ac b/configure.ac -index 9ab7dff9..5401ef0d 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -332,7 +332,7 @@ if grep VERSION_TEXT $ssldir/include/openssl/opensslv.h | grep "LibreSSL" >/dev/ - else - AC_MSG_RESULT([no]) - fi --AC_CHECK_FUNCS([EVP_sha256 EVP_sha384 EVP_sha512 ENGINE_load_cryptodev EVP_PKEY_keygen ECDSA_SIG_get0 EVP_MD_CTX_new EVP_PKEY_base_id DSA_SIG_set0 DSA_SIG_get0 EVP_dss1 DSA_get0_pqg DSA_get0_key OPENSSL_init_ssl OPENSSL_init_crypto ERR_load_crypto_strings]) -+AC_CHECK_FUNCS([EVP_sha256 EVP_sha384 EVP_sha512 ENGINE_load_cryptodev EVP_PKEY_keygen ECDSA_SIG_get0 EVP_MD_CTX_new EVP_PKEY_base_id DSA_SIG_set0 DSA_SIG_get0 EVP_dss1 DSA_get0_pqg DSA_get0_key OPENSSL_init_ssl OPENSSL_init_crypto ERR_load_crypto_strings EVP_PKEY_get_base_id]) - - # for macosx, see if glibtool exists and use that - # BSD's need to know the version... -@@ -362,7 +362,11 @@ AC_MSG_CHECKING([if GOST works]) - if test c${cross_compiling} = cno; then - BAKCFLAGS="$CFLAGS" - if test -n "$ssldir"; then -+ if test ! -d "$ssldir/lib" -a -d "$ssldir/lib64"; then -+ CFLAGS="$CFLAGS -Wl,-rpath,$ssldir/lib64" -+ else - CFLAGS="$CFLAGS -Wl,-rpath,$ssldir/lib" -+ fi - fi - AC_RUN_IFELSE([AC_LANG_SOURCE([[ - #include -@@ -584,9 +588,11 @@ case "$enable_dane" in - AC_SUBST(ldns_build_config_use_dane_ta_usage, 0) - ;; - *) dnl default -- LIBS="-lssl $LIBS" -- AC_CHECK_FUNC(SSL_get0_dane, [], [AC_MSG_ERROR([OpenSSL does not support offline DANE verification (Needed for the DANE-TA usage type). Please upgrade OpenSSL to version >= 1.1.0 or rerun with --disable-dane-verify or --disable-dane-ta-usage])]) -- LIBSSL_LIBS="-lssl $LIBSSL_LIBS" -+ danetmpLIBS="$LIBS" -+ LIBS="-lssl -lcrypto $LIBS" -+ AC_CHECK_FUNC(SSL_get0_dane, [], [AC_MSG_ERROR([OpenSSL does not support offline DANE verification (Needed for the DANE-TA usage type). Please upgrade OpenSSL to version >= 1.1.0 or rerun with --disable-dane-verify or --disable-dane-ta-usage])]) -+ LIBSSL_LIBS="-lssl $LIBSSL_LIBS" -+ LIBS="$danetmpLIBS" - AC_SUBST(ldns_build_config_use_dane_ta_usage, 1) - AC_DEFINE_UNQUOTED([USE_DANE_TA_USAGE], [1], [Define this to enable DANE-TA usage type support.]) - ;; -@@ -658,7 +670,12 @@ AC_SUBST(LIBSSL_CPPFLAGS) - AC_SUBST(LIBSSL_LDFLAGS) - AC_SUBST(LIBSSL_LIBS) - if test "x$HAVE_SSL" = "xyes"; then --AC_SUBST(LIBSSL_SSL_LIBS, ["-lssl $LIBSSL_LIBS"]) -+ if echo "$LIBSSL_LIBS" | grep -- "-lssl" >/dev/null 2>&1; then -+ LIBSSL_SSL_LIBS="$LIBSSL_LIBS" -+ else -+ LIBSSL_SSL_LIBS="-lssl $LIBSSL_LIBS" -+ fi -+ AC_SUBST(LIBSSL_SSL_LIBS, "$LIBSSL_SSL_LIBS") - fi - CPPFLAGS=$tmp_CPPFLAGS - LDFLAGS=$tmp_LDFLAGS -diff --git a/dnssec_sign.c b/dnssec_sign.c -index c6d1dd2f..55d99f25 100644 ---- a/dnssec_sign.c -+++ b/dnssec_sign.c -@@ -413,7 +413,10 @@ ldns_pkey_is_ecdsa(EVP_PKEY* pkey) - { - EC_KEY* ec; - const EC_GROUP* g; --#ifdef HAVE_EVP_PKEY_BASE_ID -+#ifdef HAVE_EVP_PKEY_GET_BASE_ID -+ if(EVP_PKEY_get_base_id(pkey) != EVP_PKEY_EC) -+ return 0; -+#elif defined(HAVE_EVP_PKEY_BASE_ID) - if(EVP_PKEY_base_id(pkey) != EVP_PKEY_EC) - return 0; - #else -@@ -529,7 +532,9 @@ ldns_sign_public_evp(ldns_buffer *to_sign, - #ifdef USE_DSA - #ifndef S_SPLINT_S - /* unfortunately, OpenSSL output is different from DNS DSA format */ --# ifdef HAVE_EVP_PKEY_BASE_ID -+# ifdef HAVE_EVP_PKEY_GET_BASE_ID -+ if (EVP_PKEY_get_base_id(key) == EVP_PKEY_DSA) { -+# elif defined(HAVE_EVP_PKEY_BASE_ID) - if (EVP_PKEY_base_id(key) == EVP_PKEY_DSA) { - # else - if (EVP_PKEY_type(key->type) == EVP_PKEY_DSA) { -@@ -541,7 +546,9 @@ ldns_sign_public_evp(ldns_buffer *to_sign, - #endif - #if defined(USE_ECDSA) - if( --# ifdef HAVE_EVP_PKEY_BASE_ID -+# ifdef HAVE_EVP_PKEY_GET_BASE_ID -+ EVP_PKEY_get_base_id(key) -+# elif defined(HAVE_EVP_PKEY_BASE_ID) - EVP_PKEY_base_id(key) - # else - EVP_PKEY_type(key->type) --- -2.32.0 - diff -Nru ldns-1.7.1/debian/patches/python3.10.patch ldns-1.8.1/debian/patches/python3.10.patch --- ldns-1.7.1/debian/patches/python3.10.patch 2022-03-24 14:58:45.000000000 +0000 +++ ldns-1.8.1/debian/patches/python3.10.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,16 +0,0 @@ -Description: check success of import by return code rather than by stderr -Origin: upstream, https://github.com/autoconf-archive/autoconf-archive/commit/883a2abd5af5c96be894d5ef7ee6e9a2b8e64307 -Author: Igor Gnatenko -Last-Update: 2017-03-14 - ---- a/ax_python_devel.m4 -+++ b/ax_python_devel.m4 -@@ -137,7 +137,7 @@ - # - AC_MSG_CHECKING([for the distutils Python package]) - ac_distutils_result=`$PYTHON -c "import distutils" 2>&1` -- if test -z "$ac_distutils_result"; then -+ if test $? -eq 0; then - AC_MSG_RESULT([yes]) - else - AC_MSG_RESULT([no]) diff -Nru ldns-1.7.1/debian/patches/series ldns-1.8.1/debian/patches/series --- ldns-1.7.1/debian/patches/series 2022-03-25 09:07:42.000000000 +0000 +++ ldns-1.8.1/debian/patches/series 2022-04-25 08:33:02.000000000 +0000 @@ -1,4 +1 @@ -Makefile-remove-install-libldns-pc.patch -OpenSSL3.patch -python3.10.patch -lp-1966237-Fix-131-Compile-with-fno-strict-aliasing.patch +fix-pyldns-include.patch diff -Nru ldns-1.7.1/debian/rules ldns-1.8.1/debian/rules --- ldns-1.7.1/debian/rules 2022-03-24 14:58:45.000000000 +0000 +++ ldns-1.8.1/debian/rules 2022-04-25 08:33:02.000000000 +0000 @@ -7,52 +7,75 @@ # enable dpkg build flags export DEB_BUILD_MAINT_OPTIONS = hardening=+all DPKG_EXPORT_BUILDFLAGS = 1 -include /usr/share/dpkg/default.mk +include /usr/share/dpkg/buildflags.mk export DPKG_GENSYMBOLS_CHECK_LEVEL=4 -PYVERS=$(shell py3versions -vd) - -CONFIGFLAGS=--disable-rpath --enable-gost --enable-gost-anyway --enable-ed25519 --disable-ldns-config - -%: - dh $@ --with python3 +# the main python version (single) +PYVER=$(shell py3versions -vd) +# extra python versions to build if any (plural) +# To enable multiple pyversions: +# Build-Depends: python3-all-dev vs python3-dev in d/control. +#PYVERS=$(filter-out ${PYVER},$(shell py3versions -vs)) +# This does not (yet) work for different python versions, b/c each next install +# rule below overrides python module files installed by the previous install, +# so we end up with just the last module. Also, the upstream build system has +# bugs building pyldns in a subdir. +# We can do a loop over $PYVERS in build target and run make _ldns.la in turn, +# with all python-related definitions taken directly from python$vers-config, +# removing ldns_wrapper.*o before each step, and saving resulting _ldns.la +# under a version-specific name. But this is too ugly already. Upstream should +# grow up a real module description file like setup.py and whole thing will be +# built automatically from there instead of using all the wrong custom +# commands, and it will automatically build things for multiple versions too, +# so we'll no need to override many targets in there. +# For now, build only for a single pyversion is supported. +PYVERS= + +CONFIGFLAGS=--disable-rpath --enable-gost --enable-gost-anyway --enable-ed25519 --disable-ldns-config \ + --with-trust-anchor=/usr/share/dns/root.key + +build-arch build-indep build \ +install-indep install-arch install \ +binary-arch binary-indep binary \ +clean \ +: %: + dh $@ override_dh_auto_configure: - dh_auto_configure -- $(CONFIGFLAGS) --with-examples --with-drill + PYTHON_VERSION=${PYVER} dh_auto_configure -- $(CONFIGFLAGS) --with-examples --with-drill --with-pyldns for pyvers in $(PYVERS); do \ PYTHON_VERSION=$$pyvers dh_auto_configure -B build/python-$$pyvers -- $(CONFIGFLAGS) --with-pyldns; \ done override_dh_auto_build: - dh_auto_build - dh_auto_build -- doc + ${MAKE} all doc for pyvers in $(PYVERS); do \ - dh_auto_build -B build/python-$$pyvers;\ + ${MAKE} -C build/python-$$pyvers pyldns;\ done override_dh_auto_install: - dh_auto_install - dh_auto_install -- install-doc + ${MAKE} DESTDIR=${CURDIR}/debian/tmp install install-doc for pyvers in $(PYVERS); do \ - dh_auto_install -B build/python-$$pyvers;\ + ${MAKE} DESTDIR=${CURDIR}/debian/tmp -C build/python-$$pyvers install-pyldns install-pyldnsx;\ done + # upstream wrongly builds static library for the python module (.a & .la) + rm -fv debian/tmp/usr/lib/python3/dist-packages/_ldns.*a override_dh_auto_clean: - dh_auto_clean +# upstream Makefile (as of 1.8.1) in distclean does *uninstall* +# (which will try removing things from running system if DESTDIR= isn't given) +# And generally does not work at all, removing libtool before using it. +# Use realclean and remove remnaints which are not removed. +# Note upstream removes the doxygen-generated manpages [real]clean too, the +# ones shipped in the upstream tarball, and a few surrounding files too, +# so the cleaned up source wont be the same anyway. +# These files are (re)generated during build, though. + [ ! -f Makefile ] || ${MAKE} realclean + rm -rf .libs/ + rm -f _ldns.la ldns_wrapper.*o linktest.*o +# remove the python-variant subdirs if any rm -rf build/ -override_dh_strip: - dh_strip -O--dbgsym-migration='libldns1-dbg (<< 1.7.0~)' - -override_dh_install: - install -d -m 755 $(CURDIR)/debian/tmp/usr/lib/$(DEB_HOST_MULTIARCH)/pkgconfig/ - install -m 644 packaging/libldns.pc $(CURDIR)/debian/tmp/usr/lib/$(DEB_HOST_MULTIARCH)/pkgconfig/ - dh_install -X.la -X_ldns.a - -override_dh_missing: - dh_missing --fail-missing - override_dh_auto_test: # tests in Makefile.in are not distributed - : diff -Nru ldns-1.7.1/debian/upstream/signing-key.asc ldns-1.8.1/debian/upstream/signing-key.asc --- ldns-1.7.1/debian/upstream/signing-key.asc 1970-01-01 00:00:00.000000000 +0000 +++ ldns-1.8.1/debian/upstream/signing-key.asc 2022-04-25 08:33:02.000000000 +0000 @@ -0,0 +1,76 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQINBE1s81EBEACuJzGgccrmYEAzHc//vBq66gH7orM0GtKfQZHh4uR1FMxZXl07 +WevUYNuBywTpinU9rpY1Q3S4w6QgNklgpsaHXmbOpyFjJ8FpllV8TRPiXiNrNxTp +Mnlb6InoszopX69tkBVHTP6cJkNgPx6R4BM0ARqEGQmOL8mAcoWyGVzbsamuGRai +a54zs/kc3i9yiqEzRkoQmfwr7sr49n7gOpmaqXvonOSiUvgEziep77emMcqVa/qZ +xR1r7KUq85qTNTqsQwl2cQdKS7WwOeuG6ZIJmJ1bakriKzLBYF5xIHKSYJW0ZA20 +tNFrVKgTkEjiXvAJh4HlJEIi35tqa/IzWUJSc1ainhBjxbwSl8BRq5aaPgwB+xXi +DqY6BrQW1slvl5TF2A6Xr7JJ0rkH3EZgXxABAZ3WJ3RLwq1z8jnNYj+UW/mSLsbO +tgfOiBhFUXMZneHvVVvz6F6XAtyrejDl5sD2gnzm1VDfK6T6bvLtR7zrkWre0lpy +cDmgmUKgaEiXzfLvwT9RaWk8GdqU2GG+QOiwf+hT0peDieuodjMr59sUbx7GqVe/ +45rJBRSx+HCl2Jm7Th2Xr0kpStCd7ebVoEq9wpMyu+dM9wOTtibA9P3+9u4rAdim +pAdQxEbhWbRNCng2EVhThbqRK3cTZLbtqKaWgAJqa/IQVpL9b5ps8Z4JVQARAQAB +tCNXaWxsZW0gVG9vcm9wIDx3aWxsZW1AbmxuZXRsYWJzLm5sPokCPgQTAQIAKAUC +TWzzUQIbIwUJCWYBgAYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AACgkQ5fj4IS93 +pJhdWw/+KJuX99jk5avFN4t9bbfDlfmMPXh+P7WYY4xB6ImupAy+WzAB2UfHGEyS +nv5q0eMq6aywgCgjhwuxScOnvfu1kWAdjAmbO907PdzLA7TWEdx0HZxJw7W4dlSi +HfthjP5gh/Fys9xmOp9MDa2BR26+W2/ZZhZDg7w5MDpmJyo/5qC5qBPU4knGudrP +dIpJqXmz+iQDbkcJnh0k7TMQzAQ0Hgvzr9TjZaBM0HW30d/2B6O4c4q/iFp9yVkl +F4XKYmuMm0dvREOWU2FUN8cVsaWGI2Ey4fibDkqdLYTkA+ZzPJCpbsBB0UmUsZ7A +0jFTu5TZBZhRkBNT3bYLnELt9xWvbuTvER5a/VYJKh92Yqcq+A+HaEJTJKinM1yA +WkmxxNPcJ5tpEUpcWSY4/yKpY7000tS8wxmXK5nBl/oxwhuJ5ifzbOgRKX/3B/U+ +bCWNq0B7fWGOwpYxelZcLIt0CjkkTY+CCVhC9vhESNzim7KSx+FQcrAMBPKg9M1w +Dy5zSLcD90vLjV9CNfvSgk9RWFLqm+BiVfiNgaUEbR9zDpvxA7MzX18D10rC7GWB +Tdkg6YW1ejtODGmfMQOrAzzPNqWwN7Nmg2VIS1ikRi15QU0nFwydtChb7HLSSpZU +NUuZbRPBSymU9nJeNvt2bVenntchw8okgiE5DX1vpl+Gf6b6E2mJAj4EEwECACgC +GyMGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheABQJW1BOaBQkQ6+5JAAoJEOX4+CEv +d6SYhnwP/AtfvzPhGkCLVc0P4jwm2oAU6ljkorKTMyZ3vYJopicz7PpcYJ61zrmJ +SAcsB6VgdiZs+OYfgnOPnYuPFkH1fbRxDZ/TFRZMCs0nXGOr+XqLesUmORUR0ttu +jD0fVCfP8+T75Ys2VFW2zPjYMYN0cdOOUNBZ0JtKOVWrBCdT6EdwkohCyaGdd7pE +5OaUJSslZJ1Ch9RNXbPl7YNY6WQaoi4gc3C5ClmKgb61yOlwBD6/sKEYI98VfD9u +FI9t9riu8aHvNo1iHmVl7fwGxwUpjTljyIDHfYtxY3Xkw5pebGUstwZQ2DK/ISDX +p4WC4XS6SZ18D3LGo9Ir3FfsUoy7UodJhOILnXFYZOV0dTOnpkpQEwuvgap9DPST +U5+Eh4ZDUsqPO2j8CqlhQ5b4wGZUcj8pvZoiQZc3nIdrjpWEpOhhbnmnezKRgIqX ++T8DTUSgzA4t8vh+O2Btos266o93DmXamZhK8K8wlPMVZMc2PxGOsPzDTBTXqpl1 +RscyGfMvSgIx+iTvejPwMUuJlxyYdaHHx7UpvdAIcvxzySvtvufiIJAMpirL8iG7 +47OxXHDFKPjokj1mIvsTvzVwOKQZVLhpleeSqIO8ptX5c6PDg/bh3yz61TkQR4J7 +CE283/b4CdHpsvH8TApMxU99+IAtTlYQ9X39X62z18lW3BiPADvqiQJPBBMBAgA5 +AhsjBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgBYhBNw07l2yQXvMFR5RAOX4+CEv +d6SYBQJeCb+wAAoJEOX4+CEvd6SYsQ4P/RbnQYVbk59L9pneTsF+gGBJgSmCzfBQ +/EUK+TDguxERxItJ0T2MV8haHuwaJLXI/+RAZmv/JSdHnycCMav17HIH3RWyARCp +SVuSzmcKpBlmsxxlGAcIHQiK1hmp7AF+X8Y43+aoClMRBeBMlLvTCLrrzbxfsDII +DqQ+BR8OXlX/M4TQYqbx6M20oggSexw0dTCk2nBMX8R6BToWjoiHj9sy+mBHK0KA +iLW12ZYRN7IqMvsBIgZkvSRmRN+FBlX5Xk2BOgOcwXE/Kd2+/nsWKnaZRI+QABZG +GCoCkvv3sL8oylzWYIrjeDqAPbUo/TV7nLPUGdJzT00nuG4sdgMVApEEJ9tRm4l7 +QpKJulGCY0RhpZPWzEHLGo9tOZYOC9FfLhMaGQ+bbXAupEAJWbKZ38qIUd1oHk3N +bOsLkLR5ZIKzajOIO7JLN/z/vWwjyk3COoEin/zMDxkj0BmsKSDN64R7IoFyNbw7 +zeImTHZL0ILQoGuvK9OLZDCK0df5bEmcaU4U0tAbh+n3/oQO49QQqCZupqKigKAP +JThodg8WlSsdNzxpqNqEnb3BxeRaQiubqsGZbNP/7TmPKusyXQehKZkiqHCC0Yet +bD5ucLEFlXYk7KcMTSf7PjOHw3itDW+8Je7foJxH/rZgVOWItUqjCQW2o76iboM7 +wwHCz8WhifD8uQINBE1s81EBEACk7OIVs/eCuuj7bB4/3AbR5iQicfQbBz/HqFI3 +eIgUe3FoE04LdTxgjQcwjxiLlImvNPHasbtS/Dlo0KcFwwo16gIm59JgiTETjVbM +8SSpI2J2RihjqPHIOzpkAWchHeqq38VX/3cBy7HUEyWc8/WxjsbmFQALtKtzx1uY +BhXPqad3jeO6sxjMRI7KBE4/3JWsY6orKIRtd/4ZD+j7w6A+zjnThnUED/G+BkQQ ++q2fxajC7+AvNMw58wh9ay6TRkKZX9Wp8tOlkwLAy+H+oBACx+tkyMTl+FO1sXrr +x8cilzgLjfnsfzLxdms9duGG3Fgu7dXalVt8rNtMymnpnpsl0isVemjJ+CgXCRdw +nTNaAAWQ8r4i/Xpe0P8kMpaWQuhJeEKMGjyDgLsznSHOnLjOj01rwQK3ClYEIVny +bIX3hZn5Mac/4VnPSuNMgo5m/oT2SK90W10rECLVFJAajkjBza6CIF/iGljKt3u8 +jB3TKpSq9JVOdpXwW3xAo5XgfzTuCt0hiQT804C7c3vi7FsUiUKEDFir+iEsEK1t +67JlI6oEDa0hkTl960cvDb7s62r7OGtxZnVKRyFsNin2NjOgLF/RwRbkbIpoKhY0 +JuVW6lwOzbRyQpwNUb6l5YP4iecPgxJR6LMcIx0vlG3owxplUPiE6pYd/fdaLD42 +atSMtQARAQABiQI2BBgBAgAgAhsMFiEE3DTuXbJBe8wVHlEA5fj4IS93pJgFAl4J +v7AACgkQ5fj4IS93pJidDBAApQ3wXU3cbmtGB3KitGNf340S9lKfqwUBlmyeCQ7V +9afLfP0+gZL2fc6sp2o7ZT013C91YQvK4Ui/7eyl3oyfoNJgtJ+qOD2L5gYLcCJA +2hFH5VfUVZD9Nq0Uumr6jUtvLTixYAGEqJzqkLF4I9djYLMTsNJ9S0zAGw+F4rgm +GlA23pTj7vHbhAgdvFyK+lOrn1Xt9kHwmlSCg3WTsMQB6z0wR3WI4ozpm5wqDHVD +d6VpLwONFbucmX5T15q59rcFW3f4nd4vcutDp6nggM0SRAmg7AnK0HNVAlwaQTSl +2RKM7iMShyw1xBFVNqE5rO5hVTJh7OocPFSW0AmoG7GOfLJHbNlrIMKhfzb5QjSO +25vDPWsUyoJ3MgPyfc8+fQCWZwcCxI2cK/iYiEj62h9zpud01y60lkyOhgDUyYSG +DHVNK1Cm0BA/9lE3BXZNkVHbSDBBZXWn/lH8ZOU/eiU10L06PLQCYUwEtlvHs8jv +kdUnbC0Xxqru+jaKW0QzWTXOGXRK7k6/9MQGromGoPlTOmok9Xq1PPvoQRd/HnwD +EWF9WTK2J4tcI8jSRBNZ96d7F30NQA0Khr9N9ggQ6LtgckZjH8OmN9I99OEPFMZ9 +a3RZowguk6r5hMUDjrx9BbnGB5W8mUE2vLh1PVdeBVt78f4I3ursLRjU2DXVU587 +rlc= +=Yf4W +-----END PGP PUBLIC KEY BLOCK----- diff -Nru ldns-1.7.1/debian/watch ldns-1.8.1/debian/watch --- ldns-1.7.1/debian/watch 2020-06-15 12:47:30.000000000 +0000 +++ ldns-1.8.1/debian/watch 2022-04-25 08:33:02.000000000 +0000 @@ -1,3 +1,4 @@ -version=3 -opts=uversionmangle=s/(\d)[_\.\-\+]?((RC|rc|pre|dev|beta|alpha|b|a)[\-\.]?\d*)$/$1~$2/,dversionmangle=s/\+(debian|dfsg|ds|deb)\d*$// \ - http://www.nlnetlabs.nl/ldns/ (?:.*/)?ldns[_\-\.]?(\d\S+)\.(?:tgz|tbz2|txz|tar\.(?:gz|bz2|xz)) +version=4 +# we can probably mangle 1.6.9rc1 into 1.6.9~rc1 +opts="pgpsigurlmangle=s/$/.asc/" \ + https://www.nlnetlabs.nl/downloads/ldns/ .*/ldns@ANY_VERSION@@ARCHIVE_EXT@ diff -Nru ldns-1.7.1/dnssec.c ldns-1.8.1/dnssec.c --- ldns-1.7.1/dnssec.c 2019-07-26 15:07:44.000000000 +0000 +++ ldns-1.8.1/dnssec.c 2021-12-03 07:45:47.000000000 +0000 @@ -332,6 +332,7 @@ } #ifdef HAVE_SSL +#ifdef USE_DSA DSA * ldns_key_buf2dsa(const ldns_buffer *key) { @@ -407,6 +408,7 @@ #endif /* OPENSSL_VERSION_NUMBER */ return dsa; } +#endif /* USE_DSA */ RSA * ldns_key_buf2rsa(const ldns_buffer *key) @@ -432,7 +434,7 @@ return NULL; /* need some smart comment here XXX*/ /* the exponent is too large so it's places - * futher...???? */ + * further...???? */ memmove(&int16, key+1, 2); exp = ntohs(int16); offset = 3; @@ -910,7 +912,7 @@ cur_rrsets = from->rrsets; while (cur_rrsets) { /* Do not include non-authoritative rrsets on the delegation point - * in the type bitmap. Potentionally not skipping insecure + * in the type bitmap. Potentially not skipping insecure * delegation should have been done earlier, in function * ldns_dnssec_zone_create_nsec3s, or even earlier in: * ldns_dnssec_zone_sign_nsec3_flg . @@ -1332,6 +1334,8 @@ ldns_rdf *salt_rdf = ldns_nsec3_salt(nsec3_rr); if (salt_rdf && ldns_rdf_size(salt_rdf) > 0) { salt_length = ldns_rdf_data(salt_rdf)[0]; + if((size_t)salt_length+1 > ldns_rdf_size(salt_rdf)) + return NULL; salt = LDNS_XMALLOC(uint8_t, salt_length); if(!salt) return NULL; memcpy(salt, &ldns_rdf_data(salt_rdf)[1], salt_length); @@ -1904,7 +1908,7 @@ const ldns_rdf *sig_rdf) { /* convert from two BIGNUMs in the rdata buffer, to ASN notation. - * ASN preable: 30440220 0220 + * ASN preamble: 30440220 0220 * the '20' is the length of that field (=bnsize). * the '44' is the total remaining length. * if negative, start with leading zero. diff -Nru ldns-1.7.1/dnssec_sign.c ldns-1.8.1/dnssec_sign.c --- ldns-1.7.1/dnssec_sign.c 2019-07-26 15:07:44.000000000 +0000 +++ ldns-1.8.1/dnssec_sign.c 2021-12-03 07:45:47.000000000 +0000 @@ -24,6 +24,9 @@ #endif #endif /* HAVE_SSL */ +#define LDNS_SIGN_WITH_ZONEMD ( LDNS_SIGN_WITH_ZONEMD_SIMPLE_SHA384 \ + | LDNS_SIGN_WITH_ZONEMD_SIMPLE_SHA512 ) + ldns_rr * ldns_create_empty_rrsig(const ldns_rr_list *rrset, const ldns_key *current_key) @@ -413,11 +416,14 @@ { EC_KEY* ec; const EC_GROUP* g; -#ifdef HAVE_EVP_PKEY_BASE_ID +#ifdef HAVE_EVP_PKEY_GET_BASE_ID + if(EVP_PKEY_get_base_id(pkey) != EVP_PKEY_EC) + return 0; +#elif defined(HAVE_EVP_PKEY_BASE_ID) if(EVP_PKEY_base_id(pkey) != EVP_PKEY_EC) return 0; #else - if(EVP_PKEY_type(key->type) != EVP_PKEY_EC) + if(EVP_PKEY_type(pkey->type) != EVP_PKEY_EC) return 0; #endif ec = EVP_PKEY_get1_EC_KEY(pkey); @@ -529,7 +535,9 @@ #ifdef USE_DSA #ifndef S_SPLINT_S /* unfortunately, OpenSSL output is different from DNS DSA format */ -# ifdef HAVE_EVP_PKEY_BASE_ID +# ifdef HAVE_EVP_PKEY_GET_BASE_ID + if (EVP_PKEY_get_base_id(key) == EVP_PKEY_DSA) { +# elif defined(HAVE_EVP_PKEY_BASE_ID) if (EVP_PKEY_base_id(key) == EVP_PKEY_DSA) { # else if (EVP_PKEY_type(key->type) == EVP_PKEY_DSA) { @@ -541,7 +549,9 @@ #endif #if defined(USE_ECDSA) if( -# ifdef HAVE_EVP_PKEY_BASE_ID +# ifdef HAVE_EVP_PKEY_GET_BASE_ID + EVP_PKEY_get_base_id(key) +# elif defined(HAVE_EVP_PKEY_BASE_ID) EVP_PKEY_base_id(key) # else EVP_PKEY_type(key->type) @@ -655,7 +665,7 @@ /* ldns_rr_list_push_rr() * returns false when unable * to increase the capacity - * of the ldsn_rr_list + * of the ldns_rr_list */ } } @@ -691,7 +701,7 @@ /* When the cut is caused by a delegation, below_delegation will be 1. * When caused by a DNAME, below_delegation will be 0. */ - int below_delegation = -1; /* init suppresses comiler warning */ + int below_delegation = -1; /* init suppresses compiler warning */ ldns_status s; if (!zone || !zone->names) { @@ -713,7 +723,7 @@ * FIXME! If there are labels in between the SOA and * the cut, going from the authoritative space (below * the SOA) up into occluded space again, will not be - * detected with the contruct below! + * detected with the construct below! */ if (ldns_dname_is_subdomain(owner, cut) && !ldns_dnssec_rrsets_contains_type( @@ -812,17 +822,24 @@ uint32_t nsec_ttl; ldns_dnssec_rrsets *soa; - /* the TTL of NSEC rrs should be set to the minimum TTL of - * the zone SOA (RFC4035 Section 2.3) + /* The TTL value for any NSEC RR SHOULD be the same TTL value as the + * lesser of the MINIMUM field of the SOA record and the TTL of the SOA + * itself. This matches the definition of the TTL for negative + * responses in [RFC2308]. (draft-ietf-dnsop-nsec-ttl-01 update of + * RFC4035 Section 2.3) */ soa = ldns_dnssec_name_find_rrset(zone->soa, LDNS_RR_TYPE_SOA); /* did the caller actually set it? if not, * fall back to default ttl */ - if (soa && soa->rrs && soa->rrs->rr - && (ldns_rr_rdf(soa->rrs->rr, 6) != NULL)) { - nsec_ttl = ldns_rdf2native_int32(ldns_rr_rdf(soa->rrs->rr, 6)); + if (soa && soa->rrs && soa->rrs->rr) { + ldns_rr *soa_rr = soa->rrs->rr; + ldns_rdf *min_rdf = ldns_rr_rdf(soa_rr, 6); + + nsec_ttl = min_rdf == NULL + || ldns_rr_ttl(soa_rr) < ldns_rdf2native_int32(min_rdf) + ? ldns_rr_ttl(soa_rr) : ldns_rdf2native_int32(min_rdf); } else { nsec_ttl = LDNS_DEFAULT_TTL; } @@ -906,17 +923,24 @@ return LDNS_STATUS_ERR; } - /* the TTL of NSEC rrs should be set to the minimum TTL of - * the zone SOA (RFC4035 Section 2.3) + /* The TTL value for any NSEC RR SHOULD be the same TTL value as the + * lesser of the MINIMUM field of the SOA record and the TTL of the SOA + * itself. This matches the definition of the TTL for negative + * responses in [RFC2308]. (draft-ietf-dnsop-nsec-ttl-01 update of + * RFC4035 Section 2.3) */ soa = ldns_dnssec_name_find_rrset(zone->soa, LDNS_RR_TYPE_SOA); /* did the caller actually set it? if not, * fall back to default ttl */ - if (soa && soa->rrs && soa->rrs->rr - && ldns_rr_rdf(soa->rrs->rr, 6) != NULL) { - nsec_ttl = ldns_rdf2native_int32(ldns_rr_rdf(soa->rrs->rr, 6)); + if (soa && soa->rrs && soa->rrs->rr) { + ldns_rr *soa_rr = soa->rrs->rr; + ldns_rdf *min_rdf = ldns_rr_rdf(soa_rr, 6); + + nsec_ttl = min_rdf == NULL + || ldns_rr_ttl(soa_rr) < ldns_rdf2native_int32(min_rdf) + ? ldns_rr_ttl(soa_rr) : ldns_rdf2native_int32(min_rdf); } else { nsec_ttl = LDNS_DEFAULT_TTL; } @@ -1365,6 +1389,8 @@ return ldns_dnssec_zone_sign_flg(zone, new_rrs, key_list, func, arg, 0); } +ldns_status dnssec_zone_equip_zonemd(ldns_dnssec_zone *zone, + ldns_rr_list *new_rrs, ldns_key_list *key_list, int flags); ldns_status ldns_dnssec_zone_sign_flg(ldns_dnssec_zone *zone, ldns_rr_list *new_rrs, @@ -1374,25 +1400,46 @@ int flags) { ldns_status result = LDNS_STATUS_OK; + ldns_dnssec_rrsets zonemd_rrset; + bool zonemd_added = false; if (!zone || !new_rrs || !key_list) { return LDNS_STATUS_ERR; } + if (flags & LDNS_SIGN_WITH_ZONEMD) { + ldns_dnssec_rrsets **rrsets_ref = &zone->soa->rrsets; + while (*rrsets_ref + && (*rrsets_ref)->type < LDNS_RR_TYPE_ZONEMD) + rrsets_ref = &(*rrsets_ref)->next; + if (!*rrsets_ref + || (*rrsets_ref)->type > LDNS_RR_TYPE_ZONEMD) { + zonemd_rrset.rrs = NULL; + zonemd_rrset.type = LDNS_RR_TYPE_ZONEMD; + zonemd_rrset.signatures = NULL; + zonemd_rrset.next = *rrsets_ref; + *rrsets_ref = &zonemd_rrset; + zonemd_added = true; + } + } /* zone is already sorted */ result = ldns_dnssec_zone_mark_glue(zone); if (result != LDNS_STATUS_OK) { return result; } - /* check whether we need to add nsecs */ - if (zone->names && !((ldns_dnssec_name *)zone->names->root->data)->nsec) { + if ((flags & LDNS_SIGN_NO_KEYS_NO_NSECS) + && ldns_key_list_key_count(key_list) < 1) + ; /* pass */ + + else if (zone->names + && !((ldns_dnssec_name *)zone->names->root->data)->nsec) { + result = ldns_dnssec_zone_create_nsecs(zone, new_rrs); if (result != LDNS_STATUS_OK) { return result; } } - result = ldns_dnssec_zone_create_rrsigs_flg(zone, new_rrs, key_list, @@ -1400,7 +1447,18 @@ arg, flags); - return result; + if (zonemd_added) { + ldns_dnssec_rrsets **rrsets_ref + = &zone->soa->rrsets; + + while (*rrsets_ref + && (*rrsets_ref)->type < LDNS_RR_TYPE_ZONEMD) + rrsets_ref = &(*rrsets_ref)->next; + *rrsets_ref = zonemd_rrset.next; + } + return flags & LDNS_SIGN_WITH_ZONEMD + ? dnssec_zone_equip_zonemd(zone, new_rrs, key_list, flags) + : result; } ldns_status @@ -1436,6 +1494,8 @@ { ldns_rr *nsec3, *nsec3param; ldns_status result = LDNS_STATUS_OK; + bool zonemd_added = false; + ldns_dnssec_rrsets zonemd_rrset; /* zone is already sorted */ result = ldns_dnssec_zone_mark_glue(zone); @@ -1454,7 +1514,13 @@ } nsec3 = ((ldns_dnssec_name *)zone->names->root->data)->nsec; - if (nsec3 && ldns_rr_get_type(nsec3) == LDNS_RR_TYPE_NSEC3) { + + /* check whether we need to add nsecs */ + if ((signflags & LDNS_SIGN_NO_KEYS_NO_NSECS) + && ldns_key_list_key_count(key_list) < 1) + ; /* pass */ + + else if (nsec3 && ldns_rr_get_type(nsec3) == LDNS_RR_TYPE_NSEC3) { /* no need to recreate */ } else { if (!ldns_dnssec_zone_find_rrset(zone, @@ -1481,6 +1547,23 @@ } ldns_rr_list_push_rr(new_rrs, nsec3param); } + if (signflags & LDNS_SIGN_WITH_ZONEMD) { + ldns_dnssec_rrsets **rrsets_ref + = &zone->soa->rrsets; + + while (*rrsets_ref + && (*rrsets_ref)->type < LDNS_RR_TYPE_ZONEMD) + rrsets_ref = &(*rrsets_ref)->next; + if (!*rrsets_ref + || (*rrsets_ref)->type > LDNS_RR_TYPE_ZONEMD) { + zonemd_rrset.rrs = NULL; + zonemd_rrset.type = LDNS_RR_TYPE_ZONEMD; + zonemd_rrset.signatures = NULL; + zonemd_rrset.next = *rrsets_ref; + *rrsets_ref = &zonemd_rrset; + zonemd_added = true; + } + } result = ldns_dnssec_zone_create_nsec3s_mkmap(zone, new_rrs, algorithm, @@ -1489,6 +1572,15 @@ salt_length, salt, map); + if (zonemd_added) { + ldns_dnssec_rrsets **rrsets_ref + = &zone->soa->rrsets; + + while (*rrsets_ref + && (*rrsets_ref)->type < LDNS_RR_TYPE_ZONEMD) + rrsets_ref = &(*rrsets_ref)->next; + *rrsets_ref = zonemd_rrset.next; + } if (result != LDNS_STATUS_OK) { return result; } @@ -1501,8 +1593,12 @@ arg, signflags); } + if (result || !zone->names) + return result; - return result; + return signflags & LDNS_SIGN_WITH_ZONEMD + ? dnssec_zone_equip_zonemd(zone, new_rrs, key_list, signflags) + : result; } ldns_status diff -Nru ldns-1.7.1/dnssec_verify.c ldns-1.8.1/dnssec_verify.c --- ldns-1.7.1/dnssec_verify.c 2019-07-26 15:07:44.000000000 +0000 +++ ldns-1.8.1/dnssec_verify.c 2021-12-03 07:45:47.000000000 +0000 @@ -21,7 +21,7 @@ ldns_dnssec_data_chain *nc = LDNS_CALLOC(ldns_dnssec_data_chain, 1); if(!nc) return NULL; /* - * not needed anymore because CALLOC initalizes everything to zero. + * not needed anymore because CALLOC initializes everything to zero. nc->rrset = NULL; nc->parent_type = 0; @@ -597,7 +597,9 @@ if (tree->parent_status[i] == LDNS_STATUS_SSL_ERR) { printf("; SSL Error: "); +#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(HAVE_LIBRESSL) ERR_load_crypto_strings(); +#endif ERR_print_errors_fp(stdout); printf("\n"); } @@ -1501,7 +1503,7 @@ ldns_rr_list *rrsigs) { ldns_rdf *rr_name; - ldns_rdf *wildcard_name; + ldns_rdf *wildcard_name = NULL; ldns_rdf *chopped_dname; ldns_rr *cur_nsec; size_t i; @@ -1512,14 +1514,19 @@ bool type_covered = false; bool wildcard_covered = false; bool wildcard_type_covered = false; + bool rr_name_is_root = false; - wildcard_name = ldns_dname_new_frm_str("*"); rr_name = ldns_rr_owner(rr); - chopped_dname = ldns_dname_left_chop(rr_name); - result = ldns_dname_cat(wildcard_name, chopped_dname); - ldns_rdf_deep_free(chopped_dname); - if (result != LDNS_STATUS_OK) { - return result; + rr_name_is_root = ldns_rdf_size(rr_name) == 1 + && *ldns_rdf_data(rr_name) == 0; + if (!rr_name_is_root) { + wildcard_name = ldns_dname_new_frm_str("*"); + chopped_dname = ldns_dname_left_chop(rr_name); + result = ldns_dname_cat(wildcard_name, chopped_dname); + ldns_rdf_deep_free(chopped_dname); + if (result != LDNS_STATUS_OK) { + return result; + } } for (i = 0; i < ldns_rr_list_rr_count(nsecs); i++) { @@ -1546,6 +1553,9 @@ name_covered = true; } + if (rr_name_is_root) + continue; + if (ldns_dname_compare(wildcard_name, ldns_rr_owner(cur_nsec)) == 0) { if (ldns_nsec_bitmap_covers_type(ldns_nsec_get_bitmap(cur_nsec), @@ -1566,6 +1576,9 @@ return LDNS_STATUS_DNSSEC_NSEC_RR_NOT_COVERED; } + if (rr_name_is_root) + return LDNS_STATUS_OK; + if (wildcard_type_covered || !wildcard_covered) { return LDNS_STATUS_DNSSEC_NSEC_WILDCARD_NOT_COVERED; } @@ -2390,8 +2403,12 @@ ldns_rr_list *good_keys) { ldns_status result; - ldns_rr_list *valid = ldns_rr_list_new(); - if (!valid) + ldns_rr_list *valid; + + if (!good_keys) + valid = NULL; + + else if (!(valid = ldns_rr_list_new())) return LDNS_STATUS_MEM_ERR; result = ldns_verify_rrsig_keylist_notime(rrset, rrsig, keys, valid); diff -Nru ldns-1.7.1/dnssec_zone.c ldns-1.8.1/dnssec_zone.c --- ldns-1.7.1/dnssec_zone.c 2019-07-26 15:07:44.000000000 +0000 +++ ldns-1.8.1/dnssec_zone.c 2021-12-03 07:45:47.000000000 +0000 @@ -323,7 +323,7 @@ return NULL; } /* - * not needed anymore because CALLOC initalizes everything to zero. + * not needed anymore because CALLOC initializes everything to zero. new_name->name = NULL; new_name->rrsets = NULL; @@ -370,9 +370,10 @@ ldns_dnssec_rrs_free_internal(name->nsec_signatures, deep); } if (name->hashed_name) { - if (deep) { - ldns_rdf_deep_free(name->hashed_name); - } + /* Hashed name is always allocated when signing, + * so always deep free + */ + ldns_rdf_deep_free(name->hashed_name); } LDNS_FREE(name); } @@ -588,7 +589,7 @@ /* When the zone is first read into an list and then inserted into an * ldns_dnssec_zone (rbtree) the nodes of the rbtree are allocated close (next) * to each other. Because ldns-verify-zone (the only program that uses this - * function) uses the rbtree mostly for sequentual walking, this results + * function) uses the rbtree mostly for sequential walking, this results * in a speed increase (of 15% on linux) because we have less CPU-cache misses. */ #define FASTER_DNSSEC_ZONE_NEW_FRM_FP 1 /* Because of L2 cache efficiency */ @@ -604,9 +605,13 @@ LDNS_FREE(node); } +ldns_status _ldns_rr_new_frm_fp_l_internal(ldns_rr **newrr, FILE *fp, + uint32_t *default_ttl, ldns_rdf **origin, ldns_rdf **prev, + int *line_nr, bool *explicit_ttl); + ldns_status ldns_dnssec_zone_new_frm_fp_l(ldns_dnssec_zone** z, FILE* fp, const ldns_rdf* origin, - uint32_t ttl, ldns_rr_class ATTR_UNUSED(c), int* line_nr) + uint32_t default_ttl, ldns_rr_class ATTR_UNUSED(c), int* line_nr) { ldns_rr* cur_rr; size_t i; @@ -636,13 +641,19 @@ #ifdef FASTER_DNSSEC_ZONE_NEW_FRM_FP ldns_zone* zone = NULL; #else - uint32_t my_ttl = ttl; + ldns_rr *prev_rr = NULL; + uint32_t my_ttl = default_ttl; + /* RFC 1035 Section 5.1, says 'Omitted class and TTL values are default + * to the last explicitly stated values.' + */ + bool ttl_from_TTL = false; + bool explicit_ttl = false; #endif ldns_rbtree_init(&todo_nsec3_ents, ldns_dname_compare_v); #ifdef FASTER_DNSSEC_ZONE_NEW_FRM_FP - status = ldns_zone_new_frm_fp_l(&zone, fp, origin,ttl, c, line_nr); + status = ldns_zone_new_frm_fp_l(&zone, fp, origin, default_ttl, c, line_nr); if (status != LDNS_STATUS_OK) goto error; #endif @@ -672,13 +683,61 @@ status = LDNS_STATUS_OK; #else while (!feof(fp)) { + /* If ttl came from $TTL line, then it should be the default. + * (RFC 2308 Section 4) + * Otherwise it "defaults to the last explicitly stated value" + * (RFC 1035 Section 5.1) + */ + if (ttl_from_TTL) + my_ttl = default_ttl; status = ldns_rr_new_frm_fp_l(&cur_rr, fp, &my_ttl, &my_origin, - &my_prev, line_nr); - + &my_prev, line_nr, &explicit_ttl); #endif switch (status) { case LDNS_STATUS_OK: +#ifndef FASTER_DNSSEC_ZONE_NEW_FRM_FP + if (explicit_ttl) { + if (!ttl_from_TTL) { + /* No $TTL, so ttl "defaults to the + * last explicitly stated value" + * (RFC 1035 Section 5.1) + */ + my_ttl = ldns_rr_ttl(cur_rr); + } + /* When ttl is implicit, try to adhere to the rules as + * much as posssible. (also for compatibility with bind) + * This was changed when fixing an issue with ZONEMD + * which hashes the TTL too. + */ + } else if (ldns_rr_get_type(cur_rr) == LDNS_RR_TYPE_SIG + || ldns_rr_get_type(cur_rr) == LDNS_RR_TYPE_RRSIG) { + if (ldns_rr_rd_count(cur_rr) >= 4 + && ldns_rdf_get_type(ldns_rr_rdf(cur_rr, 3)) == LDNS_RDF_TYPE_INT32) + + /* SIG without explicit ttl get ttl + * from the original_ttl field + * (RFC 2535 Section 7.2) + * + * Similarly for RRSIG, but stated less + * specifically in the spec. + * (RFC 4034 Section 3) + */ + ldns_rr_set_ttl(cur_rr, + ldns_rdf2native_int32( + ldns_rr_rdf(rr, 3))); + + } else if (prev_rr + && ldns_rr_get_type(prev_rr) == ldns_rr_get_type(cur_rr) + && ldns_dname_compare( ldns_rr_owner(prev_rr) + , ldns_rr_owner(cur_rr)) == 0) + /* "TTLs of all RRs in an RRSet must be the same" + * (RFC 2881 Section 5.2) + */ + ldns_rr_set_ttl(cur_rr, ldns_rr_ttl(prev_rr)); + + prev_rr = cur_rr; +#endif status = ldns_dnssec_zone_add_rr(newzone, cur_rr); if (status == LDNS_STATUS_DNSSEC_NSEC3_ORIGINAL_NOT_FOUND) { @@ -698,9 +757,16 @@ break; + case LDNS_STATUS_SYNTAX_TTL: /* the ttl was set*/ +#ifndef FASTER_DNSSEC_ZONE_NEW_FRM_FP + default_ttl = my_ttl; + ttl_from_TTL = true; +#endif + status = LDNS_STATUS_OK; + break; + case LDNS_STATUS_SYNTAX_EMPTY: /* empty line was seen */ - case LDNS_STATUS_SYNTAX_TTL: /* the ttl was set*/ case LDNS_STATUS_SYNTAX_ORIGIN: /* the origin was set*/ status = LDNS_STATUS_OK; break; @@ -793,10 +859,21 @@ LDNS_FREE(node); } +static void +ldns_hashed_names_node_free(ldns_rbnode_t *node, void *arg) { + (void) arg; + LDNS_FREE(node); +} + void ldns_dnssec_zone_free(ldns_dnssec_zone *zone) { if (zone) { + if (zone->hashed_names) { + ldns_traverse_postorder(zone->hashed_names, + ldns_hashed_names_node_free, NULL); + LDNS_FREE(zone->hashed_names); + } if (zone->names) { /* destroy all name structures within the tree */ ldns_traverse_postorder(zone->names, @@ -812,6 +889,11 @@ ldns_dnssec_zone_deep_free(ldns_dnssec_zone *zone) { if (zone) { + if (zone->hashed_names) { + ldns_traverse_postorder(zone->hashed_names, + ldns_hashed_names_node_free, NULL); + LDNS_FREE(zone->hashed_names); + } if (zone->names) { /* destroy all name structures within the tree */ ldns_traverse_postorder(zone->names, @@ -834,12 +916,6 @@ ldns_dnssec_name* name, ldns_rr* nsec3rr); static void -ldns_hashed_names_node_free(ldns_rbnode_t *node, void *arg) { - (void) arg; - LDNS_FREE(node); -} - -static void ldns_dnssec_zone_hashed_names_from_nsec3( ldns_dnssec_zone* zone, ldns_rr* nsec3rr) { @@ -908,20 +984,22 @@ static ldns_rbnode_t * ldns_dnssec_zone_find_nsec3_original(ldns_dnssec_zone *zone, ldns_rr *rr) { ldns_rdf *hashed_name; + ldns_rbnode_t *to_return; - hashed_name = ldns_dname_label(ldns_rr_owner(rr), 0); - if (hashed_name == NULL) { - return NULL; - } if (ldns_rr_get_type(rr) == LDNS_RR_TYPE_NSEC3 && ! zone->_nsec3params){ ldns_dnssec_zone_hashed_names_from_nsec3(zone, rr); } if (zone->hashed_names == NULL) { - ldns_rdf_deep_free(hashed_name); return NULL; } - return ldns_rbtree_search(zone->hashed_names, hashed_name); + hashed_name = ldns_dname_label(ldns_rr_owner(rr), 0); + if (hashed_name == NULL) { + return NULL; + } + to_return = ldns_rbtree_search(zone->hashed_names, hashed_name); + ldns_rdf_deep_free(hashed_name); + return to_return; } ldns_status @@ -1127,6 +1205,7 @@ } node = ldns_rbtree_search(nsec3s, ent_hashed_name); + ldns_rdf_deep_free(ent_hashed_name); if (!node) { ldns_rdf_deep_free(l1); ldns_rdf_deep_free(l2); @@ -1201,3 +1280,706 @@ } return false; } + +/* + * Stuff for calculating and verifying zone digests + */ +typedef enum dnssec_zone_rr_iter_state { + DNSSEC_ZONE_RR_ITER_LT_RRSIG + , DNSSEC_ZONE_RR_ITER_RRSIGs_NO_NSEC + , DNSSEC_ZONE_RR_ITER_REST + , DNSSEC_ZONE_RR_ITER_RRSIGs_NSEC + , DNSSEC_ZONE_RR_ITER_RRSIGs_NSEC_REST + , DNSSEC_ZONE_RR_ITER_NSEC3 + , DNSSEC_ZONE_RR_ITER_FINI +} dnssec_zone_rr_iter_state; + +typedef struct dnssec_zone_rr_iter { + ldns_dnssec_zone *zone; + ldns_rbnode_t *node; + ldns_dnssec_name *name; + ldns_dnssec_rrsets *rrsets; + ldns_dnssec_rrs *rrs; + ldns_dnssec_rrsets *rrsets4rrsigs; + ldns_rbnode_t *nsec3_node; + ldns_dnssec_name *nsec3_name; + dnssec_zone_rr_iter_state state; + ldns_rdf *apex_name; + uint8_t apex_labs; +} dnssec_zone_rr_iter; + +INLINE void +dnssec_zone_rr_iter_set_state_for_next_name(dnssec_zone_rr_iter *i) +{ + /* Make sure the i->name is "in zone" (i.e. below the apex) */ + if (i->apex_name) { + ldns_rdf *name = (ldns_rdf *)i->node->key; + + while (i->name && name != i->apex_name /* not apex */ + + && ( ldns_dname_label_count(name) != i->apex_labs + || ldns_dname_compare(name, i->apex_name)) /* not apex */ + + && !ldns_dname_is_subdomain(name, i->apex_name) /* no sub */) { + + /* next name */ + i->node = ldns_rbtree_next(i->node); + if (i->node == LDNS_RBTREE_NULL) + i->name = NULL; + else { + i->name = (ldns_dnssec_name *)i->node->data; + name = (ldns_rdf *)i->node->key; + } + } + } + /* determine state */ + if (!i->name) { + if (!i->nsec3_name) + i->state = DNSSEC_ZONE_RR_ITER_FINI; + else { + i->rrs = i->nsec3_name->nsec_signatures; + i->state = DNSSEC_ZONE_RR_ITER_NSEC3; + } + } else if (!i->nsec3_name) { + i->rrsets = i->name->rrsets; + i->state = DNSSEC_ZONE_RR_ITER_LT_RRSIG; + + } else if (ldns_dname_compare( ldns_rr_owner(i->nsec3_name->nsec) + , (ldns_rdf *)i->node->key) < 0) { + i->rrs = i->nsec3_name->nsec_signatures; + i->state = DNSSEC_ZONE_RR_ITER_NSEC3; + } else { + i->rrsets = i->name->rrsets; + i->state = DNSSEC_ZONE_RR_ITER_LT_RRSIG; + } +} + +/** + * Iterate over the RR's in the ldns_dnssec_zone in canonical order. + * There are three possible paths through the RR's in a ldns_dnssec_name. + * + * 1. There is no NSEC: + * + * 1.1. All the RRs in the name->rrsets with type < RRSIG, + * state: DNSSEC_ZONE_RR_ITER_LT_RRSIG + * + * 1.2. Then all the RRSIGs from name->rrsets (likely none) + * state: DNSSEC_ZONE_RR_ITER_RRSIGs_NO_NSEC + * + * 1.3. Finally the remaining RRs in name->rrsets (type > RRSIG) + * state: DNSSEC_ZONE_RR_ITER_REST + * + * + * 2. There is a NSEC of type NSEC with this name: + * + * 2.1. All the RRs in the name->rrsets with type < RRSIG, + * state: DNSSEC_ZONE_RR_ITER_LT_RRSIG + * + * 2.2. Then all the RRSIGs from name->rrsets with type < NSEC + * state: DNSSEC_ZONE_RR_ITER_RRSIGs_NO_NSEC + * + * 2.3. Then the signatures of the NSEC RR, followed by + * the signatures of the remaining name->rrsets (type > NSEC), + * followed by the NSEC rr. + * state: DNSSEC_ZONE_RR_ITER_RRSIGs_NO_NSEC + * + * 2.4. Finally the remaining RRs in name->rrsets (type > RRSIG) + * state: DNSSEC_ZONE_RR_ITER_REST + * + * + * 3. There is a NSEC of type NSEC3 for this name: + * + * 3.1. If the NSEC3 name is before the name for other RRsets in the zone, + * Then all signatures of the NSEC3 RR, followed by the NSEC3 + * state: DNSSEC_ZONE_RR_ITER_NSEC3 + * + * otherwise follow path for "no NSEC" for the name for other RRsets + */ +static ldns_rr * +dnssec_zone_rr_iter_next(dnssec_zone_rr_iter *i) +{ + ldns_rr *nsec3; + + for (;;) { + if (i->rrs) { + ldns_rr *rr = i->rrs->rr; + i->rrs = i->rrs->next; + return rr; + } + switch (i->state) { + case DNSSEC_ZONE_RR_ITER_LT_RRSIG: + if (i->rrsets + && i->rrsets->type < LDNS_RR_TYPE_RRSIG) { + + i->rrs = i->rrsets->rrs; + i->rrsets = i->rrsets->next; + break; + } + i->rrsets4rrsigs = i->name->rrsets; + if (i->name->nsec && ldns_rr_get_type(i->name->nsec) + == LDNS_RR_TYPE_NSEC) { + + i->state = DNSSEC_ZONE_RR_ITER_RRSIGs_NSEC; + break; + } + i->state = DNSSEC_ZONE_RR_ITER_RRSIGs_NO_NSEC; + /* fallthrough */ + + case DNSSEC_ZONE_RR_ITER_RRSIGs_NO_NSEC: + if (i->rrsets4rrsigs) { + i->rrs = i->rrsets4rrsigs->signatures; + i->rrsets4rrsigs = i->rrsets4rrsigs->next; + break; + } + i->state = DNSSEC_ZONE_RR_ITER_REST; + /* fallthrough */ + + case DNSSEC_ZONE_RR_ITER_REST: + if (i->rrsets) { + i->rrs = i->rrsets->rrs; + i->rrsets = i->rrsets->next; + break; + } + /* next name */ + i->node = ldns_rbtree_next(i->node); + i->name = i->node == LDNS_RBTREE_NULL ? NULL + : (ldns_dnssec_name *)i->node->data; + + dnssec_zone_rr_iter_set_state_for_next_name(i); + break; + + case DNSSEC_ZONE_RR_ITER_RRSIGs_NSEC: + if (i->rrsets4rrsigs + && i->rrsets4rrsigs->type < LDNS_RR_TYPE_NSEC) { + + i->rrs = i->rrsets4rrsigs->signatures; + i->rrsets4rrsigs = i->rrsets4rrsigs->next; + break; + } + i->state = DNSSEC_ZONE_RR_ITER_RRSIGs_NSEC_REST; + i->rrs = i->name->nsec_signatures; + break; + + case DNSSEC_ZONE_RR_ITER_RRSIGs_NSEC_REST: + if (i->rrsets4rrsigs) { + i->rrs = i->rrsets4rrsigs->signatures; + i->rrsets4rrsigs = i->rrsets4rrsigs->next; + break; + } + i->state = DNSSEC_ZONE_RR_ITER_REST; + return i->name->nsec; + + case DNSSEC_ZONE_RR_ITER_NSEC3: + nsec3 = i->nsec3_name->nsec; + + /* next nsec3 */ + do { + i->nsec3_node + = ldns_rbtree_next(i->nsec3_node); + i->nsec3_name + = i->nsec3_node == LDNS_RBTREE_NULL ? NULL + : (ldns_dnssec_name*)i->nsec3_node->data; + + /* names for glue can be in the hashed_names + * tree, but will not have a NSEC3 + */ + } while (i->nsec3_name && !i->nsec3_name->nsec); + + dnssec_zone_rr_iter_set_state_for_next_name(i); + return nsec3; + + case DNSSEC_ZONE_RR_ITER_FINI: + return NULL; + } + } +} + +static ldns_rr * +dnssec_zone_rr_iter_first(dnssec_zone_rr_iter *i, ldns_dnssec_zone *zone) +{ + if (!i || !zone) + return NULL; + + memset(i, 0, sizeof(*i)); + i->zone = zone; + if (zone->soa && zone->soa->name) { + i->apex_name = zone->soa->name; + i->apex_labs = ldns_dname_label_count(i->apex_name); + } else + i->apex_name = NULL; + + + i->node = ldns_rbtree_first(zone->names); + i->name = i->node == LDNS_RBTREE_NULL ? NULL + : (ldns_dnssec_name *)i->node->data; + + if (zone->hashed_names) { + do { + i->nsec3_node = ldns_rbtree_first(zone->hashed_names); + i->nsec3_name = i->nsec3_node == LDNS_RBTREE_NULL ?NULL + : (ldns_dnssec_name*)i->nsec3_node->data; + } while (i->nsec3_name && !i->nsec3_name->nsec); + } + dnssec_zone_rr_iter_set_state_for_next_name(i); + return dnssec_zone_rr_iter_next(i); +} + +enum enum_zonemd_scheme { + ZONEMD_SCHEME_FIRST = 1, + ZONEMD_SCHEME_SIMPLE = 1, + ZONEMD_SCHEME_LAST = 1 +}; +typedef enum enum_zonemd_scheme zonemd_scheme; + +enum enum_zonemd_hash { + ZONEMD_HASH_FIRST = 1, + ZONEMD_HASH_SHA384 = 1, + ZONEMD_HASH_SHA512 = 2, + ZONEMD_HASH_LAST = 2 +}; +typedef enum enum_zonemd_hash zonemd_hash; + +struct struct_zone_digester { + ldns_sha384_CTX sha384_CTX; + ldns_sha512_CTX sha512_CTX; + unsigned simple_sha384 : 1; + unsigned simple_sha512 : 1; + unsigned double_sha384 : 1; + unsigned double_sha512 : 1; +}; +typedef struct struct_zone_digester zone_digester; + +INLINE bool zone_digester_set(zone_digester *zd) +{ return zd && (zd->simple_sha384 || zd->simple_sha512); } + +INLINE void zone_digester_init(zone_digester *zd) +{ memset(zd, 0, sizeof(*zd)); } + +static ldns_status +zone_digester_add(zone_digester *zd, zonemd_scheme scheme, zonemd_hash hash) +{ + if (!zd) + return LDNS_STATUS_NULL; + + switch (scheme) { + case ZONEMD_SCHEME_SIMPLE: + switch (hash) { + case ZONEMD_HASH_SHA384: + if (zd->double_sha384) + return LDNS_STATUS_ZONEMD_DOUBLE_OCCURRENCE; + + else if (zd->simple_sha384) { + zd->simple_sha384 = 0; + zd->double_sha384 = 1; + return LDNS_STATUS_ZONEMD_DOUBLE_OCCURRENCE; + } + ldns_sha384_init(&zd->sha384_CTX); + zd->simple_sha384 = 1; + break; + + case ZONEMD_HASH_SHA512: + if (zd->double_sha512) + return LDNS_STATUS_ZONEMD_DOUBLE_OCCURRENCE; + + else if (zd->simple_sha512) { + zd->simple_sha512 = 0; + zd->double_sha512 = 1; + return LDNS_STATUS_ZONEMD_DOUBLE_OCCURRENCE; + } + ldns_sha512_init(&zd->sha512_CTX); + zd->simple_sha512 = 1; + break; + default: + return LDNS_STATUS_ZONEMD_UNKNOWN_HASH; + } + break; + default: + return LDNS_STATUS_ZONEMD_UNKNOWN_SCHEME; + } + return LDNS_STATUS_OK; +} + +static ldns_status +zone_digester_update(zone_digester *zd, ldns_rr *rr) +{ + uint8_t data[65536]; + ldns_buffer buf; + ldns_status st; + + buf._data = data; + buf._position = 0; + buf._limit = sizeof(data); + buf._capacity = sizeof(data); + buf._fixed = 1; + buf._status = LDNS_STATUS_OK; + + if ((st = ldns_rr2buffer_wire_canonical(&buf, rr, LDNS_SECTION_ANSWER))) + return st; + + if (zd->simple_sha384) + ldns_sha384_update(&zd->sha384_CTX, data, buf._position); + + if (zd->simple_sha512) + ldns_sha512_update(&zd->sha512_CTX, data, buf._position); + + return LDNS_STATUS_OK; +} + +INLINE ldns_rr * +new_zonemd(ldns_rr *soa, zonemd_hash hash) +{ + ldns_rr *rr = NULL; + uint8_t *data = NULL; + ldns_rdf *rdf; + size_t md_len = hash == ZONEMD_HASH_SHA384 + ? LDNS_SHA384_DIGEST_LENGTH + : LDNS_SHA512_DIGEST_LENGTH; + + if (!(rr = ldns_rr_new_frm_type(LDNS_RR_TYPE_ZONEMD))) + return NULL; + + if (!(rdf = ldns_rdf_clone(ldns_rr_owner(soa)))) + goto error; + + ldns_rr_set_owner(rr, rdf); + ldns_rr_set_class(rr, ldns_rr_get_class(soa)); + ldns_rr_set_ttl(rr, ldns_rr_ttl(soa)); + + if (!(rdf = ldns_rdf_clone(ldns_rr_rdf(soa, 2)))) + goto error; + ldns_rr_set_rdf(rr, rdf, 0); + + if (!(rdf = ldns_native2rdf_int8(LDNS_RDF_TYPE_INT8, 1))) + goto error; + ldns_rr_set_rdf(rr, rdf, 1); + + if (!(rdf = ldns_native2rdf_int8(LDNS_RDF_TYPE_INT8, hash))) + goto error; + ldns_rr_set_rdf(rr, rdf, 2); + + if (!(data = LDNS_XMALLOC(uint8_t, md_len))) + goto error; + + if (!(rdf = ldns_rdf_new(LDNS_RDF_TYPE_HEX, md_len, data))) + goto error; + ldns_rr_set_rdf(rr, rdf, 3); + + return rr; +error: + if (data) + LDNS_FREE(data); + ldns_rr_free(rr); + return NULL; +} + +static ldns_rr_list * +zone_digester_export( + zone_digester *zd, ldns_rr *soa, ldns_status *ret_st) +{ + ldns_status st = LDNS_STATUS_OK; + ldns_rr_list *rr_list = NULL; + ldns_rr *sha384 = NULL; + ldns_rr *sha512 = NULL; + + if (!zd || !soa) + st = LDNS_STATUS_NULL; + + else if (ldns_rr_get_type(soa) != LDNS_RR_TYPE_SOA + || ldns_rr_rd_count(soa) < 3) + st = LDNS_STATUS_ZONEMD_INVALID_SOA; + + else if (!(rr_list = ldns_rr_list_new())) + st = LDNS_STATUS_MEM_ERR; + + else if (zd->simple_sha384 + && !(sha384 = new_zonemd(soa, ZONEMD_HASH_SHA384))) + st = LDNS_STATUS_MEM_ERR; + + else if (zd->simple_sha512 + && !(sha512 = new_zonemd(soa, ZONEMD_HASH_SHA512))) + st = LDNS_STATUS_MEM_ERR; + + else if (zd->simple_sha384 + && !ldns_rr_list_push_rr(rr_list, sha384)) + st = LDNS_STATUS_MEM_ERR; + + else if (zd->simple_sha512 + && !ldns_rr_list_push_rr(rr_list, sha512)) { + if (zd->simple_sha384) + sha384 = NULL; /* deleted by ldns_rr_list_deep_free */ + st = LDNS_STATUS_MEM_ERR; + + } else { + if (sha384) + ldns_sha384_final( ldns_rdf_data(ldns_rr_rdf(sha384,3)) + , &zd->sha384_CTX); + if (sha512) + ldns_sha512_final( ldns_rdf_data(ldns_rr_rdf(sha512,3)) + , &zd->sha512_CTX); + return rr_list; + } + if (ret_st) + *ret_st = st; + if (sha384) + ldns_rr_free(sha384); + if (sha512) + ldns_rr_free(sha512); + if (rr_list) + ldns_rr_list_deep_free(rr_list); + return NULL; +} + +static ldns_status +ldns_digest_zone(ldns_dnssec_zone *zone, zone_digester *zd) +{ + ldns_status st = LDNS_STATUS_OK; + dnssec_zone_rr_iter rr_iter; + ldns_rr *rr; + ldns_rdf *apex_name; /* name of zone apex */ + + if (!zone || !zd || !zone->soa || !zone->soa->name) + return LDNS_STATUS_NULL; + + apex_name = zone->soa->name; + for ( rr = dnssec_zone_rr_iter_first(&rr_iter, zone) + ; rr && !st + ; rr = dnssec_zone_rr_iter_next(&rr_iter)) { + /* Skip apex ZONEMD RRs */ + if (ldns_rr_get_type(rr) == LDNS_RR_TYPE_ZONEMD + && !ldns_dname_compare(ldns_rr_owner(rr), apex_name)) + continue; + /* Skip RRSIGs for apex ZONEMD RRs */ + if (ldns_rr_get_type(rr) == LDNS_RR_TYPE_RRSIG + && LDNS_RR_TYPE_ZONEMD == ldns_rdf2rr_type( + ldns_rr_rrsig_typecovered(rr)) + && !ldns_dname_compare(ldns_rr_owner(rr), apex_name)) + continue; + st = zone_digester_update(zd, rr); + } + return st; +} + +ldns_status +ldns_dnssec_zone_verify_zonemd(ldns_dnssec_zone *zone) +{ + ldns_dnssec_rrsets *zonemd, *soa; + zone_digester zd; + ldns_dnssec_rrs *rrs; + ldns_rr *soa_rr; + ldns_status st; + uint8_t simple_sha384[LDNS_SHA384_DIGEST_LENGTH]; + uint8_t simple_sha512[LDNS_SHA512_DIGEST_LENGTH]; + size_t valid_zonemds; + + if (!zone) + return LDNS_STATUS_NULL; + + zonemd = ldns_dnssec_zone_find_rrset( + zone, zone->soa->name, LDNS_RR_TYPE_ZONEMD); + if (!zonemd) { + ldns_rbnode_t *nsec3_node; + + /* we need proof of non-existence for ZONEMD at the apex */ + if (zone->soa->nsec) { + if (ldns_nsec_bitmap_covers_type(ldns_nsec_get_bitmap( + zone->soa->nsec), + LDNS_RR_TYPE_ZONEMD)) + return LDNS_STATUS_NO_ZONEMD; + + } else if (!zone->soa->hashed_name || !zone->hashed_names) + return LDNS_STATUS_NO_ZONEMD; + + else if (LDNS_RBTREE_NULL == + (nsec3_node = ldns_rbtree_search( zone->hashed_names + , zone->soa->hashed_name))) + return LDNS_STATUS_NO_ZONEMD; + else { + ldns_dnssec_name *nsec3 + = (ldns_dnssec_name *)nsec3_node->data; + if (ldns_nsec_bitmap_covers_type(ldns_nsec_get_bitmap( + nsec3->nsec), + LDNS_RR_TYPE_ZONEMD)) + return LDNS_STATUS_NO_ZONEMD; + } + /* ZONEMD at apex does really not exist */ + return LDNS_STATUS_OK; + } + soa = ldns_dnssec_zone_find_rrset( + zone, zone->soa->name, LDNS_RR_TYPE_SOA); + if (!soa || !soa->rrs || !soa->rrs->rr) + return LDNS_STATUS_ZONEMD_INVALID_SOA; + + soa_rr = soa->rrs->rr; + if (ldns_rr_get_type(soa_rr) != LDNS_RR_TYPE_SOA + || ldns_rr_rd_count(soa_rr) < 3) + return LDNS_STATUS_ZONEMD_INVALID_SOA; + + zone_digester_init(&zd); + for (rrs = zonemd->rrs; rrs; rrs = rrs->next) { + if (!rrs->rr + || ldns_rr_get_type(rrs->rr) != LDNS_RR_TYPE_ZONEMD + || ldns_rr_rd_count(rrs->rr) < 4) + continue; + + /* serial should match SOA's serial */ + if (ldns_rdf2native_int32(ldns_rr_rdf(soa_rr, 2)) + != ldns_rdf2native_int32(ldns_rr_rdf(rrs->rr, 0))) + continue; + + /* Add (scheme, hash) to digester */ + zone_digester_add(&zd, + ldns_rdf2native_int8(ldns_rr_rdf(rrs->rr, 1)), + ldns_rdf2native_int8(ldns_rr_rdf(rrs->rr, 2))); + } + if (!zone_digester_set(&zd)) + return LDNS_STATUS_NO_VALID_ZONEMD; + + if ((st = ldns_digest_zone(zone, &zd))) + return st; + + if (zd.simple_sha384) + ldns_sha384_final(simple_sha384, &zd.sha384_CTX); + if (zd.simple_sha512) + ldns_sha512_final(simple_sha512, &zd.sha512_CTX); + + valid_zonemds = 0; + for (rrs = zonemd->rrs; rrs; rrs = rrs->next) { + if (!rrs->rr + || ldns_rr_get_type(rrs->rr) != LDNS_RR_TYPE_ZONEMD + || ldns_rr_rd_count(rrs->rr) < 4) + continue; + + /* serial should match SOA's serial */ + if (ldns_rdf2native_int32(ldns_rr_rdf(soa_rr, 2)) + != ldns_rdf2native_int32(ldns_rr_rdf(rrs->rr, 0))) + continue; + + if (ZONEMD_SCHEME_SIMPLE != + ldns_rdf2native_int8(ldns_rr_rdf(rrs->rr, 1))) + continue; + + if (ZONEMD_HASH_SHA384 + == ldns_rdf2native_int8(ldns_rr_rdf(rrs->rr,2)) + && LDNS_SHA384_DIGEST_LENGTH + == ldns_rdf_size(ldns_rr_rdf(rrs->rr, 3)) + && memcmp( simple_sha384 + , ldns_rdf_data(ldns_rr_rdf(rrs->rr, 3)) + , LDNS_SHA384_DIGEST_LENGTH) == 0) + + valid_zonemds += 1; + + if (ZONEMD_HASH_SHA512 + == ldns_rdf2native_int8(ldns_rr_rdf(rrs->rr,2)) + && LDNS_SHA512_DIGEST_LENGTH + == ldns_rdf_size(ldns_rr_rdf(rrs->rr, 3)) + && memcmp( simple_sha512 + , ldns_rdf_data(ldns_rr_rdf(rrs->rr, 3)) + , LDNS_SHA512_DIGEST_LENGTH) == 0) + + valid_zonemds += 1; + } + return valid_zonemds ? LDNS_STATUS_OK : LDNS_STATUS_NO_VALID_ZONEMD; +} + +#ifdef HAVE_SSL +static ldns_status +rr_list2dnssec_rrs(ldns_rr_list *rr_list, ldns_dnssec_rrs **rrs, + ldns_rr_list *new_rrs) +{ + ldns_rr *rr = NULL; + + if (!rr_list || !rrs) + return LDNS_STATUS_NULL; + + if (ldns_rr_list_rr_count(rr_list) == 0) + return LDNS_STATUS_OK; + + if (!*rrs) { + if (!(*rrs = ldns_dnssec_rrs_new())) + return LDNS_STATUS_MEM_ERR; + (*rrs)->rr = ldns_rr_list_pop_rr(rr_list); + if (new_rrs) + ldns_rr_list_push_rr(new_rrs, (*rrs)->rr); + } + while ((rr = ldns_rr_list_pop_rr(rr_list))) { + ldns_status st; + + if ((st = ldns_dnssec_rrs_add_rr(*rrs, rr))) { + ldns_rr_list_push_rr(rr_list, rr); + return st; + } else if (new_rrs) + ldns_rr_list_push_rr(new_rrs, rr); + } + return LDNS_STATUS_OK; +} + + +ldns_status +dnssec_zone_equip_zonemd(ldns_dnssec_zone *zone, + ldns_rr_list *new_rrs, ldns_key_list *key_list, int signflags) +{ + ldns_status st = LDNS_STATUS_OK; + zone_digester zd; + ldns_rr_list *zonemd_rr_list = NULL; + ldns_rr_list *zonemd_rrsigs = NULL; + ldns_dnssec_rrsets *soa_rrset; + ldns_rr *soa_rr = NULL; + ldns_dnssec_rrsets **rrset_ref; + ldns_dnssec_rrsets *zonemd_rrset; + + zone_digester_init(&zd); + if (signflags & LDNS_SIGN_WITH_ZONEMD_SIMPLE_SHA384) + zone_digester_add(&zd, ZONEMD_SCHEME_SIMPLE + , ZONEMD_HASH_SHA384); + + if (signflags & LDNS_SIGN_WITH_ZONEMD_SIMPLE_SHA512) + zone_digester_add(&zd, ZONEMD_SCHEME_SIMPLE + , ZONEMD_HASH_SHA512); + + if ((st = ldns_digest_zone(zone, &zd))) + return st; + + soa_rrset = ldns_dnssec_zone_find_rrset( + zone, zone->soa->name, LDNS_RR_TYPE_SOA); + if (!soa_rrset || !soa_rrset->rrs || !soa_rrset->rrs->rr) + return LDNS_STATUS_ZONEMD_INVALID_SOA; + soa_rr = soa_rrset->rrs->rr; + + if (!(zonemd_rr_list = zone_digester_export(&zd, soa_rr, &st))) + return st; + + /* - replace or add ZONEMD rrset */ + rrset_ref = &zone->soa->rrsets; /* scan rrsets at apex */ + while (*rrset_ref && (*rrset_ref)->type < LDNS_RR_TYPE_ZONEMD) + rrset_ref = &(*rrset_ref)->next; + if (*rrset_ref && (*rrset_ref)->type == LDNS_RR_TYPE_ZONEMD) { + /* reuse zonemd rrset */ + zonemd_rrset = *rrset_ref; + ldns_dnssec_rrs_free(zonemd_rrset->rrs); + zonemd_rrset->rrs = NULL; + ldns_dnssec_rrs_free(zonemd_rrset->signatures); + zonemd_rrset->signatures = NULL; + } else { + /* insert zonemd rrset */ + zonemd_rrset = ldns_dnssec_rrsets_new(); + if (!zonemd_rrset) { + ldns_rr_list_deep_free(zonemd_rr_list); + return LDNS_STATUS_MEM_ERR; + } + zonemd_rrset->type = LDNS_RR_TYPE_ZONEMD; + zonemd_rrset->next = *rrset_ref; + *rrset_ref = zonemd_rrset; + } + if ((zonemd_rrsigs = ldns_sign_public(zonemd_rr_list, key_list))) + st = rr_list2dnssec_rrs( zonemd_rrsigs + , &zonemd_rrset->signatures, new_rrs); + if (!st) + st = rr_list2dnssec_rrs( zonemd_rr_list + , &zonemd_rrset->rrs, new_rrs); + ldns_rr_list_deep_free(zonemd_rr_list); + ldns_rr_list_deep_free(zonemd_rrsigs); + return st; +} + +#endif /* HAVE_SSL */ + diff -Nru ldns-1.7.1/doc/API-header.xml ldns-1.8.1/doc/API-header.xml --- ldns-1.7.1/doc/API-header.xml 2019-07-26 15:07:44.000000000 +0000 +++ ldns-1.8.1/doc/API-header.xml 2021-12-03 07:45:47.000000000 +0000 @@ -68,7 +68,7 @@
LibDNS (or lDNS) is modelled after the Net::DNS perl library. It has -been shown that Net::DNS can be used vefficiently for +been shown that Net::DNS can be used efficiently for programming DNS aware applications. We want to bring the same level of efficiency to C programmers. @@ -99,7 +99,7 @@ As said, lDNS is modelled after Net::DNS, therefor its application API looks very much like the one used for Net::DNS. Some modification are made -ofcourse, because not all functionality of Perl can be caught in C. +of course, because not all functionality of Perl can be caught in C. diff -Nru ldns-1.7.1/doc/API.xml ldns-1.8.1/doc/API.xml --- ldns-1.7.1/doc/API.xml 2019-07-26 15:07:44.000000000 +0000 +++ ldns-1.8.1/doc/API.xml 2021-12-03 07:45:47.000000000 +0000 @@ -68,7 +68,7 @@
LibDNS (or lDNS) is modelled after the Net::DNS perl library. It has -been shown that Net::DNS can be used vefficiently for +been shown that Net::DNS can be used efficiently for programming DNS aware applications. We want to bring the same level of efficiency to C programmers. @@ -99,7 +99,7 @@ As said, lDNS is modelled after Net::DNS, therefor its application API looks very much like the one used for Net::DNS. Some modification are made -ofcourse, because not all functionality of Perl can be caught in C. +of course, because not all functionality of Perl can be caught in C. @@ -336,7 +336,7 @@ section of the packet. - + Prints the packet data on the standard output in an ASCII format similar to that used in DNS zone files. See RFC1035. @@ -400,7 +400,7 @@
A small example, which queries a nameserver on localhost -to diplay the MX records for miek.nl. +to display the MX records for miek.nl. diff -Nru ldns-1.7.1/doc/dns-lib-implementations ldns-1.8.1/doc/dns-lib-implementations --- ldns-1.7.1/doc/dns-lib-implementations 2019-07-26 15:07:44.000000000 +0000 +++ ldns-1.8.1/doc/dns-lib-implementations 2021-12-03 07:45:47.000000000 +0000 @@ -20,7 +20,7 @@ libfiredns is a library for handling asynchronous DNS requests. It provides a very simple interface for sending -requests and parsing reponses, as well as low-timeout +requests and parsing responses, as well as low-timeout blocking functions. libfiredns functions have much lower timeouts than the stock functions and tend to be faster because they send requests to all configured system diff -Nru ldns-1.7.1/doc/function_manpages ldns-1.8.1/doc/function_manpages --- ldns-1.7.1/doc/function_manpages 2019-07-26 15:07:44.000000000 +0000 +++ ldns-1.8.1/doc/function_manpages 2021-12-03 07:45:47.000000000 +0000 @@ -121,7 +121,7 @@ ### MIEK TOT HIER TOT HIER -# errr.h +# error.h ldns_get_errorstr_by_id, ldns_status - errors ### net.h @@ -169,7 +169,7 @@ ldns_rr_descriptor, ldns_rr_descript, ldns_rr_descriptor_minimum, ldns_rr_descriptor_maximum, ldns_rr_descriptor_field_type | ldns_rr, ldns_rdf - rdata field descriptors # packet.h -ldns_pkt, ldns_pkt_section, ldns_pkt_type | ldns_pkt_new, ldns_pkt_free, ldns_pkt_print, ldns_pkt_query_new, ldns_pkt_query_new_frm_str, ldns_pkt_reply_type, ldns_pkt_id, ldns_pkt_qr, ldns_pkt_aa, ldns_pkt_tc, ldns_pkt_rd, ldns_pkt_cd, ldns_pkt_ra, ldns_pkt_ad, ldns_pkt_get_opcode, ldns_pkt_get_rcode, ldns_pkt_qdcount, ldns_pkt_ancount, ldns_pkt_nscount, ldns_pkt_arcount, ldns_pkt_answerfrom, ldns_pkt_querytime, ldns_pkt_size, ldns_pkt_tsig, ldns_pkt_question, ldns_pkt_answer, ldns_pkt_authority, ldns_pkt_additional, ldns_pkt_get_section_clone, ldns_pkt_rr_list_by_name, ldns_pkt_rr_list_by_type, ldns_pkt_rr_list_by_name_and_type, ldns_pkt_set_flags, ldns_pkt_set_id, ldns_pkt_set_qr, ldns_pkt_set_aa, ldns_pkt_set_tc, ldns_pkt_set_rd, ldns_pkt_set_cd, ldns_pkt_set_ra, ldns_pkt_set_ad, ldns_pkt_set_opcode, ldns_pkt_set_rcode, ldns_pkt_set_qdcount, ldns_pkt_set_ancount, ldns_pkt_set_nscount, ldns_pkt_set_arcount, ldns_pkt_set_answerfrom, ldns_pkt_set_querytime, ldns_pkt_set_size, ldns_pkt_set_section_count, ldns_pkt_set_tsig, ldns_pkt_edns, ldns_pkt_edns_udp_size, ldns_pkt_edns_extended_rcode, ldns_pkt_edns_version, ldns_pkt_edns_z, ldns_pkt_edns_unassigned, ldns_pkt_edns_data, ldns_pkt_set_edns_udp_size, ldns_pkt_set_edns_extended_rcode, ldns_pkt_set_edns_version, ldns_pkt_set_edns_z, ldns_pkt_set_edns_unassigned, ldns_pkt_set_edns_data - request or anser packets types +ldns_pkt, ldns_pkt_section, ldns_pkt_type | ldns_pkt_new, ldns_pkt_free, ldns_pkt_print, ldns_pkt_query_new, ldns_pkt_query_new_frm_str, ldns_pkt_reply_type, ldns_pkt_id, ldns_pkt_qr, ldns_pkt_aa, ldns_pkt_tc, ldns_pkt_rd, ldns_pkt_cd, ldns_pkt_ra, ldns_pkt_ad, ldns_pkt_get_opcode, ldns_pkt_get_rcode, ldns_pkt_qdcount, ldns_pkt_ancount, ldns_pkt_nscount, ldns_pkt_arcount, ldns_pkt_answerfrom, ldns_pkt_querytime, ldns_pkt_size, ldns_pkt_tsig, ldns_pkt_question, ldns_pkt_answer, ldns_pkt_authority, ldns_pkt_additional, ldns_pkt_get_section_clone, ldns_pkt_rr_list_by_name, ldns_pkt_rr_list_by_type, ldns_pkt_rr_list_by_name_and_type, ldns_pkt_set_flags, ldns_pkt_set_id, ldns_pkt_set_qr, ldns_pkt_set_aa, ldns_pkt_set_tc, ldns_pkt_set_rd, ldns_pkt_set_cd, ldns_pkt_set_ra, ldns_pkt_set_ad, ldns_pkt_set_opcode, ldns_pkt_set_rcode, ldns_pkt_set_qdcount, ldns_pkt_set_ancount, ldns_pkt_set_nscount, ldns_pkt_set_arcount, ldns_pkt_set_answerfrom, ldns_pkt_set_querytime, ldns_pkt_set_size, ldns_pkt_set_section_count, ldns_pkt_set_tsig, ldns_pkt_edns, ldns_pkt_edns_udp_size, ldns_pkt_edns_extended_rcode, ldns_pkt_edns_version, ldns_pkt_edns_z, ldns_pkt_edns_unassigned, ldns_pkt_edns_data, ldns_pkt_set_edns_udp_size, ldns_pkt_set_edns_extended_rcode, ldns_pkt_set_edns_version, ldns_pkt_set_edns_z, ldns_pkt_set_edns_unassigned, ldns_pkt_set_edns_data - request or answer packets types ldns_pkt_new, ldns_pkt_free, ldns_pkt_print, ldns_pkt_query_new, ldns_pkt_query_new_frm_str, ldns_pkt_reply_type | ldns_pkt - ldns_pkt creation, destruction and printing # gets diff -Nru ldns-1.7.1/doc/ldns_manpages ldns-1.8.1/doc/ldns_manpages --- ldns-1.7.1/doc/ldns_manpages 2019-07-26 15:08:00.000000000 +0000 +++ ldns-1.8.1/doc/ldns_manpages 2021-12-03 07:46:09.000000000 +0000 @@ -1,51 +1,133 @@ +ldns_dnssec_verify_denial +ldns_dnssec_verify_denial_nsec3 +ldns_rr_uncompressed_size +ldns_zone_rrs +ldns_zone_soa +ldns_rr_set_owner +ldns_rr_set_ttl +ldns_rr_set_type +ldns_rr_set_rd_count +ldns_rr_set_class +ldns_rr_set_rdf +ldns_rr_push_rdf +ldns_rr_pop_rdf +ldns_rr_dnskey_flags +ldns_rr_dnskey_set_flags +ldns_rr_dnskey_protocol +ldns_rr_dnskey_set_protocol +ldns_rr_dnskey_algorithm +ldns_rr_dnskey_set_algorithm +ldns_rr_dnskey_key +ldns_rr_dnskey_set_key +ldns_rr_compare +ldns_rr_compare_ds +ldns_get_rr_list_hosts_frm_file +ldns_get_rr_list_hosts_frm_fp +ldns_get_rr_list_hosts_frm_fp_l +ldns_pkt_id +ldns_pkt_qr +ldns_pkt_aa +ldns_pkt_tc +ldns_pkt_rd +ldns_pkt_cd +ldns_pkt_ra +ldns_pkt_ad +ldns_pkt_get_opcode +ldns_pkt_get_rcode +ldns_pkt_qdcount +ldns_pkt_ancount +ldns_pkt_nscount +ldns_pkt_arcount +ldns_pkt_answerfrom +ldns_pkt_querytime +ldns_pkt_size +ldns_pkt_tsig +ldns_pkt_question +ldns_pkt_answer +ldns_pkt_authority +ldns_pkt_additional +ldns_pkt_get_section_clone +ldns_pkt_rr_list_by_name +ldns_pkt_rr_list_by_type +ldns_pkt_rr_list_by_name_and_type +ldns_dnssec_zone_sign +ldns_dnssec_zone_sign_nsec3 +ldns_dnssec_zone_mark_glue +ldns_dnssec_name_node_next_nonglue +ldns_dnssec_zone_create_nsecs +ldns_dnssec_remove_signatures +ldns_dnssec_zone_create_rrsigs +ldns_fget_token +ldns_fskipcs ldns_dnssec_data_chain_new ldns_dnssec_data_chain_free ldns_dnssec_data_chain_deep_free ldns_dnssec_build_data_chain ldns_dnssec_data_chain_print -ldns_rdf -ldns_rdf_type -ldns_send -ldns_key_list_push_key -ldns_key_list_pop_key -ldns_get_rr_list_hosts_frm_file -ldns_get_rr_list_hosts_frm_fp -ldns_get_rr_list_hosts_frm_fp_l -ldns_zone_rr_count -ldns_key_set_algorithm -ldns_key_set_rsa_key -ldns_key_set_dsa_key -ldns_key_set_hmac_key -ldns_key_set_origttl -ldns_key_set_inception -ldns_key_set_expiration -ldns_key_set_pubkey_owner -ldns_key_set_keytag -ldns_key_set_flags -ldns_key_list_set_key_count -ldns_key_algo_supported -ldns_dnssec_name_new -ldns_dnssec_name_new_frm_rr -ldns_dnssec_name_free -ldns_dnssec_name_name -ldns_dnssec_name_set_name -ldns_dnssec_name_set_nsec -ldns_dnssec_name_cmp -ldns_dnssec_name_add_rr -ldns_dnssec_name_find_rrset -ldns_dnssec_name_print -ldns_dnssec_zone -ldns_dnssec_name -ldns_dnssec_rrs -ldns_dnssec_rrsets -ldns_verify -ldns_verify_rrsig -ldns_verify_rrsig_keylist -ldns_verify_rrsig_keylist_notime -ldns_verify_notime -ldns_bubblebabble -ldns_algorithm -ldns_str2period +ldns_dname_cat_clone +ldns_dname_cat +ldns_dnssec_rrs_new +ldns_dnssec_rrs_free +ldns_dnssec_rrs_add_rr +ldns_dnssec_rrs_print +ldns_sign_public_dsa +ldns_sign_public_rsamd5 +ldns_sign_public_rsasha1 +ldns_buffer_flip +ldns_buffer_rewind +ldns_buffer_position +ldns_buffer_set_position +ldns_buffer_skip +ldns_update_zocount +ldns_update_prcount +ldns_update_upcount +ldns_update_adcount +ldns_update_pkt_new +ldns_zone_sort +ldns_zone_glue_rr_list +ldns_duration_type +ldns_duration_create +ldns_duration_create_from_string +ldns_duration_cleanup +ldns_duration_compare +ldns_duration2string +ldns_duration2time +ldns_rdf_set_size +ldns_rdf_set_type +ldns_rdf_set_data +ldns_rr +ldns_rr_class +ldns_rr_type +ldns_rr_compress +ldns_rr_list +ldns_native2rdf_int8 +ldns_native2rdf_int16 +ldns_native2rdf_int32 +ldns_native2rdf_int16_data +ldns_rdf2native_int8 +ldns_rdf2native_int16 +ldns_rdf2native_int32 +ldns_rdf2native_sockaddr_storage +ldns_rdf2native_time_t +ldns_rdf2buffer_str_a +ldns_rdf2buffer_str_aaaa +ldns_rdf2buffer_str_str +ldns_rdf2buffer_str_b64 +ldns_rdf2buffer_str_hex +ldns_rdf2buffer_str_type +ldns_rdf2buffer_str_class +ldns_rdf2buffer_str_alg +ldns_rdf2buffer_str_loc +ldns_rdf2buffer_str_unknown +ldns_rdf2buffer_str_nsap +ldns_rdf2buffer_str_wks +ldns_rdf2buffer_str_nsec +ldns_rdf2buffer_str_period +ldns_rdf2buffer_str_tsigtime +ldns_rdf2buffer_str_apl +ldns_rdf2buffer_str_int16_data +ldns_rdf2buffer_str_int16 +ldns_rdf2buffer_str_ipseckey ldns_pkt_edns ldns_pkt_edns_udp_size ldns_pkt_edns_extended_rcode @@ -57,34 +139,20 @@ ldns_pkt_set_edns_version ldns_pkt_set_edns_z ldns_pkt_set_edns_data -ldns_native2rdf_int8 -ldns_native2rdf_int16 -ldns_native2rdf_int32 -ldns_native2rdf_int16_data -ldns_rdf2native_int8 -ldns_rdf2native_int16 -ldns_rdf2native_int32 -ldns_rdf2native_sockaddr_storage -ldns_rdf2native_time_t -ldns_dnssec_rrsets_new -ldns_dnssec_rrsets_free -ldns_dnssec_rrsets_type -ldns_dnssec_rrsets_set_type -ldns_dnssec_rrsets_add_rr -ldns_dnssec_rrsets_print -ldns_rr_list_cat -ldns_rr_list_push_rr -ldns_rr_list_pop_rr -ldns_is_rrset -ldns_key_list_new -ldns_init_random -ldns_rr_list_rr_count -ldns_rr_list_set_rr_count -ldns_bget_token -ldns_bgetc -ldns_bskipcs -ldns_pkt_verify -ldns_version +ldns_axfr_start +ldns_axfr_next +ldns_axfr_abort +ldns_axfr_complete +ldns_axfr_last_pkt +ldns_rr_rdf +ldns_rr_owner +ldns_rr_rd_count +ldns_rr_ttl +ldns_rr_get_class +ldns_get_errorstr_by_id +ldns_status +ldns_dname_left_chop +ldns_dname_label_count ldns_rr_rrsig_typecovered ldns_rr_rrsig_set_typecovered ldns_rr_rrsig_algorithm @@ -103,17 +171,6 @@ ldns_rr_rrsig_set_signame ldns_rr_rrsig_sig ldns_rr_rrsig_set_sig -ldns_key_new -ldns_key_new_frm_algorithm -ldns_key_new_frm_fp -ldns_key_new_frm_fp_l -ldns_key_new_frm_fp_rsa -ldns_key_new_frm_fp_rsa_l -ldns_key_new_frm_fp_dsa -ldns_key_new_frm_fp_dsa_l -ldns_zone_rrs -ldns_zone_soa -ldns_key_print ldns_zone ldns_zone_new ldns_zone_free @@ -122,83 +179,101 @@ ldns_zone_new_frm_fp_l ldns_zone_print ldns_zone_print_fmt -ldns_pkt_set_flags -ldns_pkt_set_id -ldns_pkt_set_qr -ldns_pkt_set_aa -ldns_pkt_set_tc -ldns_pkt_set_rd -ldns_pkt_set_cd -ldns_pkt_set_ra -ldns_pkt_set_ad -ldns_pkt_set_opcode -ldns_pkt_set_rcode -ldns_pkt_set_qdcount -ldns_pkt_set_ancount -ldns_pkt_set_nscount -ldns_pkt_set_arcount -ldns_pkt_set_answerfrom -ldns_pkt_set_querytime -ldns_pkt_set_size -ldns_pkt_set_section_count -ldns_pkt_set_tsig -ldns_axfr_start -ldns_axfr_next -ldns_axfr_abort -ldns_axfr_complete -ldns_axfr_last_pkt -ldns_rdf2buffer_str_a -ldns_rdf2buffer_str_aaaa -ldns_rdf2buffer_str_str -ldns_rdf2buffer_str_b64 -ldns_rdf2buffer_str_hex -ldns_rdf2buffer_str_type -ldns_rdf2buffer_str_class -ldns_rdf2buffer_str_alg -ldns_rdf2buffer_str_loc -ldns_rdf2buffer_str_unknown -ldns_rdf2buffer_str_nsap -ldns_rdf2buffer_str_wks -ldns_rdf2buffer_str_nsec -ldns_rdf2buffer_str_period -ldns_rdf2buffer_str_tsigtime -ldns_rdf2buffer_str_apl -ldns_rdf2buffer_str_int16_data -ldns_rdf2buffer_str_int16 -ldns_rdf2buffer_str_ipseckey +ldns_create_nsec +ldns_dname_new +ldns_dname_new_frm_str +ldns_dname_new_frm_data +ldns_rr_new +ldns_rr_new_frm_type +ldns_rr_new_frm_str +ldns_rr_new_frm_fp +ldns_rr_free +ldns_rr_print +ldns_verify_rrsig_dsa +ldns_verify_rrsig_rsasha1 +ldns_verify_rrsig_rsamd5 +ldns_key_rr2ds +ldns_key_new +ldns_key_new_frm_algorithm +ldns_key_new_frm_fp +ldns_key_new_frm_fp_l +ldns_key_new_frm_fp_rsa +ldns_key_new_frm_fp_rsa_l +ldns_key_new_frm_fp_dsa +ldns_key_new_frm_fp_dsa_l +ldns_dane_create_tlsa_rr +ldns_dane_create_tlsa_owner +ldns_dane_cert2rdf +ldns_dane_select_certificate +ldns_verify +ldns_verify_rrsig +ldns_verify_rrsig_keylist +ldns_verify_rrsig_keylist_notime +ldns_verify_notime +ldns_pkt_new +ldns_pkt_free +ldns_pkt_print +ldns_pkt_query_new +ldns_pkt_query_new_frm_str +ldns_pkt_reply_type +ldns_rdf_address_reverse +ldns_key +ldns_key_list_key_count +ldns_key_list_key +ldns_key_rsa_key +ldns_key_dsa_key +ldns_key_algorithm +ldns_key_hmac_key +ldns_key_origttl +ldns_key_inception +ldns_key_expiration +ldns_key_keytag +ldns_key_pubkey_owner +ldns_key_flags +ldns_rr2str +ldns_pkt2str +ldns_rdf2str +ldns_rr_list2str +ldns_key2str +ldns_key_buf2dsa +ldns_key_buf2rsa +ldns_dnssec_zone_find_rrset +ldns_dnssec_zone_new +ldns_dnssec_zone_free +ldns_dnssec_zone_add_rr +ldns_dnssec_zone_names_print +ldns_dnssec_zone_print +ldns_dnssec_zone_add_empty_nonterminals +ldns_rr_list_rr_count +ldns_rr_list_set_rr_count +ldns_version +ldns_dname2canonical +ldns_octet +ldns_dnssec_zone +ldns_dnssec_name +ldns_dnssec_rrs +ldns_dnssec_rrsets +ldns_pkt +ldns_pkt_section +ldns_pkt_type +ldns_bget_token +ldns_bgetc +ldns_bskipcs +ldns_rdf +ldns_rdf_type +ldns_bubblebabble +ldns_send ldns_rr_mx_preference ldns_rr_mx_exchange -ldns_buffer -ldns_buffer_new -ldns_buffer_new_frm_data -ldns_buffer_clear -ldns_buffer_printf -ldns_buffer_free -ldns_buffer_copy -ldns_buffer_export -ldns_buffer_export2str -ldns_buffer2str -ldns_get_rr_list_addr_by_name -ldns_get_rr_list_name_by_addr -ldns_rdf_set_size -ldns_rdf_set_type -ldns_rdf_set_data -ldns_zone_push_rr -ldns_zone_push_rr_list -ldns_rr2wire -ldns_pkt2wire -ldns_rdf2wire -ldns_dname_left_chop -ldns_dname_label_count -ldns_wire2rr -ldns_wire2pkt -ldns_wire2rdf -ldns_wire2dname -ldns_buffer_flip -ldns_buffer_rewind -ldns_buffer_position -ldns_buffer_set_position -ldns_buffer_skip +ldns_rr2canonical +ldns_rdf_new +ldns_rdf_clone +ldns_rdf_new_frm_data +ldns_rdf_new_frm_str +ldns_rdf_new_frm_fp +ldns_rdf_free +ldns_rdf_deep_free +ldns_rdf_print ldns_dnssec_trust_tree_new ldns_dnssec_trust_tree_free ldns_dnssec_trust_tree_depth @@ -211,25 +286,40 @@ ldns_dnssec_derive_trust_tree_dnskey_rrset ldns_dnssec_derive_trust_tree_ds_rrset ldns_dnssec_derive_trust_tree_no_sig -ldns_pkt -ldns_pkt_section -ldns_pkt_type +ldns_pkt_tsig_verify +ldns_pkt_tsig_sign +ldns_rr_ns_nsdname +ldns_calc_keytag +ldns_calc_keytag_raw ldns_dname_is_subdomain ldns_dname_str_absolute ldns_dname_label -ldns_rr_descriptor -ldns_rr_descript -ldns_rr_descriptor_minimum -ldns_rr_descriptor_maximum -ldns_rr_descriptor_field_type -ldns_dane_create_tlsa_rr -ldns_dane_create_tlsa_owner -ldns_dane_cert2rdf -ldns_dane_select_certificate -ldns_dname_new -ldns_dname_new_frm_str -ldns_dname_new_frm_data -ldns_update_pkt_tsig_add +ldns_str2period +ldns_dnssec_rrsets_new +ldns_dnssec_rrsets_free +ldns_dnssec_rrsets_type +ldns_dnssec_rrsets_set_type +ldns_dnssec_rrsets_add_rr +ldns_dnssec_rrsets_print +ldns_b32_ntop_calculate_size +ldns_b32_pton_calculate_size +ldns_b64_ntop_calculate_size +ldns_b64_pton_calculate_size +ldns_getaddrinfo +ldns_algorithm +ldns_key_free +ldns_key_deep_free +ldns_key_list_free +ldns_zone_push_rr +ldns_zone_push_rr_list +ldns_rr_list_new +ldns_rr_list_free +ldns_buffer_remaining_at +ldns_buffer_remaining +ldns_buffer_available_at +ldns_buffer_available +ldns_buffer_status +ldns_buffer_status_ok ldns_buffer_write_at ldns_buffer_write ldns_buffer_write_string_at @@ -248,173 +338,49 @@ ldns_buffer_read_u32 ldns_buffer_write_u32 ldns_buffer_write_u32_at -ldns_key_list_key_count -ldns_key_list_key -ldns_key_rsa_key -ldns_key_dsa_key -ldns_key_algorithm -ldns_key_hmac_key -ldns_key_origttl -ldns_key_inception -ldns_key_expiration -ldns_key_keytag -ldns_key_pubkey_owner -ldns_key_flags -ldns_tcp_send_query -ldns_tcp_read_wire -ldns_tcp_connect -ldns_rr_compare -ldns_rr_compare_ds +ldns_key_list_new ldns_sign_public -ldns_rr_list_sort -ldns_dnssec_verify_denial -ldns_dnssec_verify_denial_nsec3 -ldns_dnssec_zone_sign -ldns_dnssec_zone_sign_nsec3 -ldns_dnssec_zone_mark_glue -ldns_dnssec_name_node_next_nonglue -ldns_dnssec_zone_create_nsecs -ldns_dnssec_remove_signatures -ldns_dnssec_zone_create_rrsigs -ldns_dnssec_rrs_new -ldns_dnssec_rrs_free -ldns_dnssec_rrs_add_rr -ldns_dnssec_rrs_print -ldns_pkt_tsig_verify -ldns_pkt_tsig_sign -ldns_octet -ldns_rr_uncompressed_size -ldns_rr_dnskey_flags -ldns_rr_dnskey_set_flags -ldns_rr_dnskey_protocol -ldns_rr_dnskey_set_protocol -ldns_rr_dnskey_algorithm -ldns_rr_dnskey_set_algorithm -ldns_rr_dnskey_key -ldns_rr_dnskey_set_key -ldns_update_pkt_new -ldns_buffer_limit -ldns_buffer_set_limit -ldns_buffer_capacity -ldns_buffer_set_capacity -ldns_buffer_reserve -ldns_buffer_at -ldns_buffer_begin -ldns_buffer_end -ldns_buffer_current -ldns_dname_cat_clone -ldns_dname_cat -ldns_rr2str -ldns_pkt2str -ldns_rdf2str -ldns_rr_list2str -ldns_key2str -ldns_rdf_new -ldns_rdf_clone -ldns_rdf_new_frm_data -ldns_rdf_new_frm_str -ldns_rdf_new_frm_fp -ldns_rdf_free -ldns_rdf_deep_free -ldns_rdf_print -ldns_get_errorstr_by_id -ldns_status -ldns_key_buf2dsa -ldns_key_buf2rsa -ldns_dname_compare -ldns_dname_interval -ldns_duration_type -ldns_duration_create -ldns_duration_create_from_string -ldns_duration_cleanup -ldns_duration_compare -ldns_duration2string -ldns_duration2time -ldns_dname2canonical -ldns_rr_list_new -ldns_rr_list_free -ldns_rr_rdf -ldns_rr_owner -ldns_rr_rd_count -ldns_rr_ttl -ldns_rr_get_class -ldns_zone_sign -ldns_zone_sign_nsec3 -ldns_rdf_address_reverse -ldns_rr_push_rdf -ldns_rr_pop_rdf -ldns_sign_public_dsa -ldns_sign_public_rsamd5 -ldns_sign_public_rsasha1 -ldns_rr_label_count -ldns_zone_sort -ldns_zone_glue_rr_list -ldns_rr_set_owner -ldns_rr_set_ttl -ldns_rr_set_type -ldns_rr_set_rd_count -ldns_rr_set_class -ldns_rr_set_rdf -ldns_pkt_id -ldns_pkt_qr -ldns_pkt_aa -ldns_pkt_tc -ldns_pkt_rd -ldns_pkt_cd -ldns_pkt_ra -ldns_pkt_ad -ldns_pkt_get_opcode -ldns_pkt_get_rcode -ldns_pkt_qdcount -ldns_pkt_ancount -ldns_pkt_nscount -ldns_pkt_arcount -ldns_pkt_answerfrom -ldns_pkt_querytime -ldns_pkt_size -ldns_pkt_tsig -ldns_pkt_question -ldns_pkt_answer -ldns_pkt_authority -ldns_pkt_additional -ldns_pkt_get_section_clone -ldns_pkt_rr_list_by_name -ldns_pkt_rr_list_by_type -ldns_pkt_rr_list_by_name_and_type -ldns_dnssec_data_chain -ldns_dnssec_data_chain_struct -ldns_dnssec_trust_tree ldns_rdf_size ldns_rdf_get_type ldns_rdf_data ldns_rdf_compare -ldns_buffer_remaining_at -ldns_buffer_remaining -ldns_buffer_available_at -ldns_buffer_available -ldns_buffer_status -ldns_buffer_status_ok -ldns_verify_rrsig_dsa -ldns_verify_rrsig_rsasha1 -ldns_verify_rrsig_rsamd5 -ldns_get_rr_class_by_name -ldns_get_rr_type_by_name -ldns_create_nsec -ldns_key_rr2ds -ldns_rr -ldns_rr_class -ldns_rr_type -ldns_rr_compress -ldns_rr_list -ldns_rr_list_clone -ldns_rr_ns_nsdname -ldns_getaddrinfo -ldns_dane_verify -ldns_dane_verify_rr ldns_update_set_zocount ldns_update_set_prcount ldns_update_set_upcount ldns_update_set_adcount +ldns_buffer2pkt_wire +ldns_dnssec_name_new +ldns_dnssec_name_new_frm_rr +ldns_dnssec_name_free +ldns_dnssec_name_name +ldns_dnssec_name_set_name +ldns_dnssec_name_set_nsec +ldns_dnssec_name_cmp +ldns_dnssec_name_add_rr +ldns_dnssec_name_find_rrset +ldns_dnssec_name_print +ldns_pkt_set_flags +ldns_pkt_set_id +ldns_pkt_set_qr +ldns_pkt_set_aa +ldns_pkt_set_tc +ldns_pkt_set_rd +ldns_pkt_set_cd +ldns_pkt_set_ra +ldns_pkt_set_ad +ldns_pkt_set_opcode +ldns_pkt_set_rcode +ldns_pkt_set_qdcount +ldns_pkt_set_ancount +ldns_pkt_set_nscount +ldns_pkt_set_arcount +ldns_pkt_set_answerfrom +ldns_pkt_set_querytime +ldns_pkt_set_size +ldns_pkt_set_section_count +ldns_pkt_set_tsig +ldns_rr_set_push_rr +ldns_rr_set_pop_rr ldns_pkt2buffer_str ldns_pktheader2buffer_str ldns_rr2buffer_str @@ -426,45 +392,79 @@ ldns_rdf2buffer_wire ldns_rrsig2buffer_wire ldns_rr_rdata2buffer_wire -ldns_rr2canonical -ldns_key -ldns_calc_keytag -ldns_calc_keytag_raw -ldns_key_free -ldns_key_deep_free -ldns_key_list_free -ldns_dnssec_zone_find_rrset -ldns_dnssec_zone_new -ldns_dnssec_zone_free -ldns_dnssec_zone_add_rr -ldns_dnssec_zone_names_print -ldns_dnssec_zone_print -ldns_dnssec_zone_add_empty_nonterminals +ldns_key_list_push_key +ldns_key_list_pop_key +ldns_update_pkt_tsig_add ldns_zone_set_rrs ldns_zone_set_soa +ldns_init_random +ldns_key_print +ldns_rr_descriptor +ldns_rr_descript +ldns_rr_descriptor_minimum +ldns_rr_descriptor_maximum +ldns_rr_descriptor_field_type +ldns_rr_label_count +ldns_is_rrset +ldns_buffer_limit +ldns_buffer_set_limit +ldns_buffer_capacity +ldns_buffer_set_capacity +ldns_buffer_reserve +ldns_buffer_at +ldns_buffer_begin +ldns_buffer_end +ldns_buffer_current +ldns_tcp_send_query +ldns_tcp_read_wire +ldns_tcp_connect +ldns_dnssec_data_chain +ldns_dnssec_data_chain_struct +ldns_dnssec_trust_tree +ldns_rr2wire +ldns_pkt2wire +ldns_rdf2wire +ldns_dane_verify +ldns_dane_verify_rr +ldns_buffer +ldns_buffer_new +ldns_buffer_new_frm_data +ldns_buffer_clear +ldns_buffer_printf +ldns_buffer_free +ldns_buffer_copy +ldns_buffer_export +ldns_buffer_export2str +ldns_buffer2str +ldns_rr_list_clone +ldns_get_rr_class_by_name +ldns_get_rr_type_by_name +ldns_rr_list_sort +ldns_rr_list_cat +ldns_rr_list_push_rr +ldns_rr_list_pop_rr ldns_key2rr -ldns_fget_token -ldns_fskipcs -ldns_b32_ntop_calculate_size -ldns_b32_pton_calculate_size -ldns_b64_ntop_calculate_size -ldns_b64_pton_calculate_size -ldns_pkt_new -ldns_pkt_free -ldns_pkt_print -ldns_pkt_query_new -ldns_pkt_query_new_frm_str -ldns_pkt_reply_type -ldns_rr_new -ldns_rr_new_frm_type -ldns_rr_new_frm_str -ldns_rr_new_frm_fp -ldns_rr_free -ldns_rr_print -ldns_buffer2pkt_wire -ldns_rr_set_push_rr -ldns_rr_set_pop_rr -ldns_update_zocount -ldns_update_prcount -ldns_update_upcount -ldns_update_adcount +ldns_wire2rr +ldns_wire2pkt +ldns_wire2rdf +ldns_wire2dname +ldns_zone_sign +ldns_zone_sign_nsec3 +ldns_pkt_verify +ldns_key_set_algorithm +ldns_key_set_rsa_key +ldns_key_set_dsa_key +ldns_key_set_hmac_key +ldns_key_set_origttl +ldns_key_set_inception +ldns_key_set_expiration +ldns_key_set_pubkey_owner +ldns_key_set_keytag +ldns_key_set_flags +ldns_key_list_set_key_count +ldns_key_algo_supported +ldns_dname_compare +ldns_dname_interval +ldns_get_rr_list_addr_by_name +ldns_get_rr_list_name_by_addr +ldns_zone_rr_count diff -Nru ldns-1.7.1/doc/man/man3/ldns_algorithm.3 ldns-1.8.1/doc/man/man3/ldns_algorithm.3 --- ldns-1.7.1/doc/man/man3/ldns_algorithm.3 2019-07-26 15:08:00.000000000 +0000 +++ ldns-1.8.1/doc/man/man3/ldns_algorithm.3 2021-12-03 07:46:09.000000000 +0000 @@ -26,14 +26,22 @@ .br LDNS_DH = 2, .br +#if LDNS_BUILD_CONFIG_USE_DSA +.br LDNS_DSA = 3, .br +#endif /* LDNS_BUILD_CONFIG_USE_DSA */ +.br LDNS_ECC = 4, .br LDNS_RSASHA1 = 5, .br +#if LDNS_BUILD_CONFIG_USE_DSA +.br LDNS_DSA_NSEC3 = 6, .br +#endif /* LDNS_BUILD_CONFIG_USE_DSA */ +.br LDNS_RSASHA1_NSEC3 = 7, .br LDNS_RSASHA256 = 8, /* RFC 5702 */ @@ -46,25 +54,17 @@ .br LDNS_ECDSAP384SHA384 = 14, /* RFC 6605 */ .br -#ifdef USE_ED25519 -.br - /* this ifdef is internal to ldns, because we do not want to export -.br - * the symbol. Users can define it if they want access, -.br - * the feature is not fully implemented at this time and openssl -.br - * does not support it fully either (also for ED448). */ +#if LDNS_BUILD_CONFIG_USE_ED25519 .br - LDNS_ED25519 = 15, /* draft-ietf-curdle-dnskey-ed25519 */ + LDNS_ED25519 = 15, /* RFC 8080 */ .br -#endif +#endif /* LDNS_BUILD_CONFIG_USE_ED25519 */ .br -#ifdef USE_ED448 +#if LDNS_BUILD_CONFIG_USE_ED448 .br - LDNS_ED448 = 16, /* draft-ietf-curdle-dnskey-ed448 */ + LDNS_ED448 = 16, /* RFC 8080 */ .br -#endif +#endif /* LDNS_BUILD_CONFIG_USE_ED448 */ .br LDNS_INDIRECT = 252, .br diff -Nru ldns-1.7.1/doc/man/man3/ldns_axfr_abort.3 ldns-1.8.1/doc/man/man3/ldns_axfr_abort.3 --- ldns-1.7.1/doc/man/man3/ldns_axfr_abort.3 2019-07-26 15:08:00.000000000 +0000 +++ ldns-1.8.1/doc/man/man3/ldns_axfr_abort.3 2021-12-03 07:46:09.000000000 +0000 @@ -54,7 +54,7 @@ .HP \fIldns_axfr_last_pkt\fR() Returns a pointer to the last ldns_pkt that was sent by the server in the \%AXFR transfer -uasable for instance to get the error code on failure +usable for instance to get the error code on failure \.br \fBres\fR: the resolver that was used in the axfr transfer \.br diff -Nru ldns-1.7.1/doc/man/man3/ldns_axfr_complete.3 ldns-1.8.1/doc/man/man3/ldns_axfr_complete.3 --- ldns-1.7.1/doc/man/man3/ldns_axfr_complete.3 2019-07-26 15:08:00.000000000 +0000 +++ ldns-1.8.1/doc/man/man3/ldns_axfr_complete.3 2021-12-03 07:46:09.000000000 +0000 @@ -54,7 +54,7 @@ .HP \fIldns_axfr_last_pkt\fR() Returns a pointer to the last ldns_pkt that was sent by the server in the \%AXFR transfer -uasable for instance to get the error code on failure +usable for instance to get the error code on failure \.br \fBres\fR: the resolver that was used in the axfr transfer \.br diff -Nru ldns-1.7.1/doc/man/man3/ldns_axfr_last_pkt.3 ldns-1.8.1/doc/man/man3/ldns_axfr_last_pkt.3 --- ldns-1.7.1/doc/man/man3/ldns_axfr_last_pkt.3 2019-07-26 15:08:00.000000000 +0000 +++ ldns-1.8.1/doc/man/man3/ldns_axfr_last_pkt.3 2021-12-03 07:46:09.000000000 +0000 @@ -54,7 +54,7 @@ .HP \fIldns_axfr_last_pkt\fR() Returns a pointer to the last ldns_pkt that was sent by the server in the \%AXFR transfer -uasable for instance to get the error code on failure +usable for instance to get the error code on failure \.br \fBres\fR: the resolver that was used in the axfr transfer \.br diff -Nru ldns-1.7.1/doc/man/man3/ldns_axfr_next.3 ldns-1.8.1/doc/man/man3/ldns_axfr_next.3 --- ldns-1.7.1/doc/man/man3/ldns_axfr_next.3 2019-07-26 15:08:00.000000000 +0000 +++ ldns-1.8.1/doc/man/man3/ldns_axfr_next.3 2021-12-03 07:46:09.000000000 +0000 @@ -54,7 +54,7 @@ .HP \fIldns_axfr_last_pkt\fR() Returns a pointer to the last ldns_pkt that was sent by the server in the \%AXFR transfer -uasable for instance to get the error code on failure +usable for instance to get the error code on failure \.br \fBres\fR: the resolver that was used in the axfr transfer \.br diff -Nru ldns-1.7.1/doc/man/man3/ldns_axfr_start.3 ldns-1.8.1/doc/man/man3/ldns_axfr_start.3 --- ldns-1.7.1/doc/man/man3/ldns_axfr_start.3 2019-07-26 15:08:00.000000000 +0000 +++ ldns-1.8.1/doc/man/man3/ldns_axfr_start.3 2021-12-03 07:46:09.000000000 +0000 @@ -54,7 +54,7 @@ .HP \fIldns_axfr_last_pkt\fR() Returns a pointer to the last ldns_pkt that was sent by the server in the \%AXFR transfer -uasable for instance to get the error code on failure +usable for instance to get the error code on failure \.br \fBres\fR: the resolver that was used in the axfr transfer \.br diff -Nru ldns-1.7.1/doc/man/man3/ldns_dnssec_name_add_rr.3 ldns-1.8.1/doc/man/man3/ldns_dnssec_name_add_rr.3 --- ldns-1.7.1/doc/man/man3/ldns_dnssec_name_add_rr.3 2019-07-26 15:08:00.000000000 +0000 +++ ldns-1.8.1/doc/man/man3/ldns_dnssec_name_add_rr.3 2021-12-03 07:46:09.000000000 +0000 @@ -84,7 +84,7 @@ .HP \fIldns_dnssec_name_cmp\fR() Compares the domain names of the two arguments in their -canonical ordening. +canonical ordering. \.br \fBa\fR: The first dnssec_name to compare @@ -92,7 +92,7 @@ \fBb\fR: The second dnssec_name to compare \.br Returns -1 if the domain name of a comes before that of b in canonical -ordening, 1 if it is the other way around, and 0 if they are +ordering, 1 if it is the other way around, and 0 if they are equal .PP .HP diff -Nru ldns-1.7.1/doc/man/man3/ldns_dnssec_name_cmp.3 ldns-1.8.1/doc/man/man3/ldns_dnssec_name_cmp.3 --- ldns-1.7.1/doc/man/man3/ldns_dnssec_name_cmp.3 2019-07-26 15:08:00.000000000 +0000 +++ ldns-1.8.1/doc/man/man3/ldns_dnssec_name_cmp.3 2021-12-03 07:46:09.000000000 +0000 @@ -84,7 +84,7 @@ .HP \fIldns_dnssec_name_cmp\fR() Compares the domain names of the two arguments in their -canonical ordening. +canonical ordering. \.br \fBa\fR: The first dnssec_name to compare @@ -92,7 +92,7 @@ \fBb\fR: The second dnssec_name to compare \.br Returns -1 if the domain name of a comes before that of b in canonical -ordening, 1 if it is the other way around, and 0 if they are +ordering, 1 if it is the other way around, and 0 if they are equal .PP .HP diff -Nru ldns-1.7.1/doc/man/man3/ldns_dnssec_name_find_rrset.3 ldns-1.8.1/doc/man/man3/ldns_dnssec_name_find_rrset.3 --- ldns-1.7.1/doc/man/man3/ldns_dnssec_name_find_rrset.3 2019-07-26 15:08:00.000000000 +0000 +++ ldns-1.8.1/doc/man/man3/ldns_dnssec_name_find_rrset.3 2021-12-03 07:46:09.000000000 +0000 @@ -84,7 +84,7 @@ .HP \fIldns_dnssec_name_cmp\fR() Compares the domain names of the two arguments in their -canonical ordening. +canonical ordering. \.br \fBa\fR: The first dnssec_name to compare @@ -92,7 +92,7 @@ \fBb\fR: The second dnssec_name to compare \.br Returns -1 if the domain name of a comes before that of b in canonical -ordening, 1 if it is the other way around, and 0 if they are +ordering, 1 if it is the other way around, and 0 if they are equal .PP .HP diff -Nru ldns-1.7.1/doc/man/man3/ldns_dnssec_name_free.3 ldns-1.8.1/doc/man/man3/ldns_dnssec_name_free.3 --- ldns-1.7.1/doc/man/man3/ldns_dnssec_name_free.3 2019-07-26 15:08:00.000000000 +0000 +++ ldns-1.8.1/doc/man/man3/ldns_dnssec_name_free.3 2021-12-03 07:46:09.000000000 +0000 @@ -84,7 +84,7 @@ .HP \fIldns_dnssec_name_cmp\fR() Compares the domain names of the two arguments in their -canonical ordening. +canonical ordering. \.br \fBa\fR: The first dnssec_name to compare @@ -92,7 +92,7 @@ \fBb\fR: The second dnssec_name to compare \.br Returns -1 if the domain name of a comes before that of b in canonical -ordening, 1 if it is the other way around, and 0 if they are +ordering, 1 if it is the other way around, and 0 if they are equal .PP .HP diff -Nru ldns-1.7.1/doc/man/man3/ldns_dnssec_name_name.3 ldns-1.8.1/doc/man/man3/ldns_dnssec_name_name.3 --- ldns-1.7.1/doc/man/man3/ldns_dnssec_name_name.3 2019-07-26 15:08:00.000000000 +0000 +++ ldns-1.8.1/doc/man/man3/ldns_dnssec_name_name.3 2021-12-03 07:46:09.000000000 +0000 @@ -84,7 +84,7 @@ .HP \fIldns_dnssec_name_cmp\fR() Compares the domain names of the two arguments in their -canonical ordening. +canonical ordering. \.br \fBa\fR: The first dnssec_name to compare @@ -92,7 +92,7 @@ \fBb\fR: The second dnssec_name to compare \.br Returns -1 if the domain name of a comes before that of b in canonical -ordening, 1 if it is the other way around, and 0 if they are +ordering, 1 if it is the other way around, and 0 if they are equal .PP .HP diff -Nru ldns-1.7.1/doc/man/man3/ldns_dnssec_name_new.3 ldns-1.8.1/doc/man/man3/ldns_dnssec_name_new.3 --- ldns-1.7.1/doc/man/man3/ldns_dnssec_name_new.3 2019-07-26 15:08:00.000000000 +0000 +++ ldns-1.8.1/doc/man/man3/ldns_dnssec_name_new.3 2021-12-03 07:46:09.000000000 +0000 @@ -84,7 +84,7 @@ .HP \fIldns_dnssec_name_cmp\fR() Compares the domain names of the two arguments in their -canonical ordening. +canonical ordering. \.br \fBa\fR: The first dnssec_name to compare @@ -92,7 +92,7 @@ \fBb\fR: The second dnssec_name to compare \.br Returns -1 if the domain name of a comes before that of b in canonical -ordening, 1 if it is the other way around, and 0 if they are +ordering, 1 if it is the other way around, and 0 if they are equal .PP .HP diff -Nru ldns-1.7.1/doc/man/man3/ldns_dnssec_name_new_frm_rr.3 ldns-1.8.1/doc/man/man3/ldns_dnssec_name_new_frm_rr.3 --- ldns-1.7.1/doc/man/man3/ldns_dnssec_name_new_frm_rr.3 2019-07-26 15:08:00.000000000 +0000 +++ ldns-1.8.1/doc/man/man3/ldns_dnssec_name_new_frm_rr.3 2021-12-03 07:46:09.000000000 +0000 @@ -84,7 +84,7 @@ .HP \fIldns_dnssec_name_cmp\fR() Compares the domain names of the two arguments in their -canonical ordening. +canonical ordering. \.br \fBa\fR: The first dnssec_name to compare @@ -92,7 +92,7 @@ \fBb\fR: The second dnssec_name to compare \.br Returns -1 if the domain name of a comes before that of b in canonical -ordening, 1 if it is the other way around, and 0 if they are +ordering, 1 if it is the other way around, and 0 if they are equal .PP .HP diff -Nru ldns-1.7.1/doc/man/man3/ldns_dnssec_name_print.3 ldns-1.8.1/doc/man/man3/ldns_dnssec_name_print.3 --- ldns-1.7.1/doc/man/man3/ldns_dnssec_name_print.3 2019-07-26 15:08:00.000000000 +0000 +++ ldns-1.8.1/doc/man/man3/ldns_dnssec_name_print.3 2021-12-03 07:46:09.000000000 +0000 @@ -84,7 +84,7 @@ .HP \fIldns_dnssec_name_cmp\fR() Compares the domain names of the two arguments in their -canonical ordening. +canonical ordering. \.br \fBa\fR: The first dnssec_name to compare @@ -92,7 +92,7 @@ \fBb\fR: The second dnssec_name to compare \.br Returns -1 if the domain name of a comes before that of b in canonical -ordening, 1 if it is the other way around, and 0 if they are +ordering, 1 if it is the other way around, and 0 if they are equal .PP .HP diff -Nru ldns-1.7.1/doc/man/man3/ldns_dnssec_name_set_name.3 ldns-1.8.1/doc/man/man3/ldns_dnssec_name_set_name.3 --- ldns-1.7.1/doc/man/man3/ldns_dnssec_name_set_name.3 2019-07-26 15:08:00.000000000 +0000 +++ ldns-1.8.1/doc/man/man3/ldns_dnssec_name_set_name.3 2021-12-03 07:46:09.000000000 +0000 @@ -84,7 +84,7 @@ .HP \fIldns_dnssec_name_cmp\fR() Compares the domain names of the two arguments in their -canonical ordening. +canonical ordering. \.br \fBa\fR: The first dnssec_name to compare @@ -92,7 +92,7 @@ \fBb\fR: The second dnssec_name to compare \.br Returns -1 if the domain name of a comes before that of b in canonical -ordening, 1 if it is the other way around, and 0 if they are +ordering, 1 if it is the other way around, and 0 if they are equal .PP .HP diff -Nru ldns-1.7.1/doc/man/man3/ldns_dnssec_name_set_nsec.3 ldns-1.8.1/doc/man/man3/ldns_dnssec_name_set_nsec.3 --- ldns-1.7.1/doc/man/man3/ldns_dnssec_name_set_nsec.3 2019-07-26 15:08:00.000000000 +0000 +++ ldns-1.8.1/doc/man/man3/ldns_dnssec_name_set_nsec.3 2021-12-03 07:46:09.000000000 +0000 @@ -84,7 +84,7 @@ .HP \fIldns_dnssec_name_cmp\fR() Compares the domain names of the two arguments in their -canonical ordening. +canonical ordering. \.br \fBa\fR: The first dnssec_name to compare @@ -92,7 +92,7 @@ \fBb\fR: The second dnssec_name to compare \.br Returns -1 if the domain name of a comes before that of b in canonical -ordening, 1 if it is the other way around, and 0 if they are +ordering, 1 if it is the other way around, and 0 if they are equal .PP .HP diff -Nru ldns-1.7.1/doc/man/man3/ldns_dnssec_rrsets_add_rr.3 ldns-1.8.1/doc/man/man3/ldns_dnssec_rrsets_add_rr.3 --- ldns-1.7.1/doc/man/man3/ldns_dnssec_rrsets_add_rr.3 2019-07-26 15:08:00.000000000 +0000 +++ ldns-1.8.1/doc/man/man3/ldns_dnssec_rrsets_add_rr.3 2021-12-03 07:46:09.000000000 +0000 @@ -73,7 +73,7 @@ .PP .HP \fIldns_dnssec_rrsets_print\fR() -Print the given list of rrsets to the fiven file descriptor +Print the given list of rrsets to the given file descriptor \.br \fBout\fR: the file descriptor to print to diff -Nru ldns-1.7.1/doc/man/man3/ldns_dnssec_rrsets_free.3 ldns-1.8.1/doc/man/man3/ldns_dnssec_rrsets_free.3 --- ldns-1.7.1/doc/man/man3/ldns_dnssec_rrsets_free.3 2019-07-26 15:08:00.000000000 +0000 +++ ldns-1.8.1/doc/man/man3/ldns_dnssec_rrsets_free.3 2021-12-03 07:46:09.000000000 +0000 @@ -73,7 +73,7 @@ .PP .HP \fIldns_dnssec_rrsets_print\fR() -Print the given list of rrsets to the fiven file descriptor +Print the given list of rrsets to the given file descriptor \.br \fBout\fR: the file descriptor to print to diff -Nru ldns-1.7.1/doc/man/man3/ldns_dnssec_rrsets_new.3 ldns-1.8.1/doc/man/man3/ldns_dnssec_rrsets_new.3 --- ldns-1.7.1/doc/man/man3/ldns_dnssec_rrsets_new.3 2019-07-26 15:08:00.000000000 +0000 +++ ldns-1.8.1/doc/man/man3/ldns_dnssec_rrsets_new.3 2021-12-03 07:46:09.000000000 +0000 @@ -73,7 +73,7 @@ .PP .HP \fIldns_dnssec_rrsets_print\fR() -Print the given list of rrsets to the fiven file descriptor +Print the given list of rrsets to the given file descriptor \.br \fBout\fR: the file descriptor to print to diff -Nru ldns-1.7.1/doc/man/man3/ldns_dnssec_rrsets_print.3 ldns-1.8.1/doc/man/man3/ldns_dnssec_rrsets_print.3 --- ldns-1.7.1/doc/man/man3/ldns_dnssec_rrsets_print.3 2019-07-26 15:08:00.000000000 +0000 +++ ldns-1.8.1/doc/man/man3/ldns_dnssec_rrsets_print.3 2021-12-03 07:46:09.000000000 +0000 @@ -73,7 +73,7 @@ .PP .HP \fIldns_dnssec_rrsets_print\fR() -Print the given list of rrsets to the fiven file descriptor +Print the given list of rrsets to the given file descriptor \.br \fBout\fR: the file descriptor to print to diff -Nru ldns-1.7.1/doc/man/man3/ldns_dnssec_rrsets_set_type.3 ldns-1.8.1/doc/man/man3/ldns_dnssec_rrsets_set_type.3 --- ldns-1.7.1/doc/man/man3/ldns_dnssec_rrsets_set_type.3 2019-07-26 15:08:00.000000000 +0000 +++ ldns-1.8.1/doc/man/man3/ldns_dnssec_rrsets_set_type.3 2021-12-03 07:46:09.000000000 +0000 @@ -73,7 +73,7 @@ .PP .HP \fIldns_dnssec_rrsets_print\fR() -Print the given list of rrsets to the fiven file descriptor +Print the given list of rrsets to the given file descriptor \.br \fBout\fR: the file descriptor to print to diff -Nru ldns-1.7.1/doc/man/man3/ldns_dnssec_rrsets_type.3 ldns-1.8.1/doc/man/man3/ldns_dnssec_rrsets_type.3 --- ldns-1.7.1/doc/man/man3/ldns_dnssec_rrsets_type.3 2019-07-26 15:08:00.000000000 +0000 +++ ldns-1.8.1/doc/man/man3/ldns_dnssec_rrsets_type.3 2021-12-03 07:46:09.000000000 +0000 @@ -73,7 +73,7 @@ .PP .HP \fIldns_dnssec_rrsets_print\fR() -Print the given list of rrsets to the fiven file descriptor +Print the given list of rrsets to the given file descriptor \.br \fBout\fR: the file descriptor to print to diff -Nru ldns-1.7.1/doc/man/man3/ldns_key2buffer_str.3 ldns-1.8.1/doc/man/man3/ldns_key2buffer_str.3 --- ldns-1.7.1/doc/man/man3/ldns_key2buffer_str.3 2019-07-26 15:08:00.000000000 +0000 +++ ldns-1.8.1/doc/man/man3/ldns_key2buffer_str.3 2021-12-03 07:46:09.000000000 +0000 @@ -156,7 +156,7 @@ Converts an rr's rdata to wireformat, while excluding the ownername and all the stuff before the rdata. This is needed in \%DNSSEC keytag calculation, the ds -calcalution from the key and maybe elsewhere. +calculation from the key and maybe elsewhere. \.br \fB*output\fR: buffer where to put the result diff -Nru ldns-1.7.1/doc/man/man3/ldns_key_algorithm.3 ldns-1.8.1/doc/man/man3/ldns_key_algorithm.3 --- ldns-1.7.1/doc/man/man3/ldns_key_algorithm.3 2019-07-26 15:08:00.000000000 +0000 +++ ldns-1.8.1/doc/man/man3/ldns_key_algorithm.3 2021-12-03 07:46:09.000000000 +0000 @@ -105,7 +105,7 @@ \.br \fBk\fR: the key \.br -Returns the experiration date +Returns the expiration date .PP .HP \fIldns_key_keytag\fR() diff -Nru ldns-1.7.1/doc/man/man3/ldns_key_algo_supported.3 ldns-1.8.1/doc/man/man3/ldns_key_algo_supported.3 --- ldns-1.7.1/doc/man/man3/ldns_key_algo_supported.3 2019-07-26 15:08:00.000000000 +0000 +++ ldns-1.8.1/doc/man/man3/ldns_key_algo_supported.3 2021-12-03 07:46:09.000000000 +0000 @@ -125,7 +125,7 @@ \.br \fBkey\fR: the key \.br -\fBcount\fR: the cuont +\fBcount\fR: the count .PP .HP \fIldns_key_algo_supported\fR() diff -Nru ldns-1.7.1/doc/man/man3/ldns_key_dsa_key.3 ldns-1.8.1/doc/man/man3/ldns_key_dsa_key.3 --- ldns-1.7.1/doc/man/man3/ldns_key_dsa_key.3 2019-07-26 15:08:00.000000000 +0000 +++ ldns-1.8.1/doc/man/man3/ldns_key_dsa_key.3 2021-12-03 07:46:09.000000000 +0000 @@ -105,7 +105,7 @@ \.br \fBk\fR: the key \.br -Returns the experiration date +Returns the expiration date .PP .HP \fIldns_key_keytag\fR() diff -Nru ldns-1.7.1/doc/man/man3/ldns_key_expiration.3 ldns-1.8.1/doc/man/man3/ldns_key_expiration.3 --- ldns-1.7.1/doc/man/man3/ldns_key_expiration.3 2019-07-26 15:08:00.000000000 +0000 +++ ldns-1.8.1/doc/man/man3/ldns_key_expiration.3 2021-12-03 07:46:09.000000000 +0000 @@ -105,7 +105,7 @@ \.br \fBk\fR: the key \.br -Returns the experiration date +Returns the expiration date .PP .HP \fIldns_key_keytag\fR() diff -Nru ldns-1.7.1/doc/man/man3/ldns_key_flags.3 ldns-1.8.1/doc/man/man3/ldns_key_flags.3 --- ldns-1.7.1/doc/man/man3/ldns_key_flags.3 2019-07-26 15:08:00.000000000 +0000 +++ ldns-1.8.1/doc/man/man3/ldns_key_flags.3 2021-12-03 07:46:09.000000000 +0000 @@ -105,7 +105,7 @@ \.br \fBk\fR: the key \.br -Returns the experiration date +Returns the expiration date .PP .HP \fIldns_key_keytag\fR() diff -Nru ldns-1.7.1/doc/man/man3/ldns_key_hmac_key.3 ldns-1.8.1/doc/man/man3/ldns_key_hmac_key.3 --- ldns-1.7.1/doc/man/man3/ldns_key_hmac_key.3 2019-07-26 15:08:00.000000000 +0000 +++ ldns-1.8.1/doc/man/man3/ldns_key_hmac_key.3 2021-12-03 07:46:09.000000000 +0000 @@ -105,7 +105,7 @@ \.br \fBk\fR: the key \.br -Returns the experiration date +Returns the expiration date .PP .HP \fIldns_key_keytag\fR() diff -Nru ldns-1.7.1/doc/man/man3/ldns_key_inception.3 ldns-1.8.1/doc/man/man3/ldns_key_inception.3 --- ldns-1.7.1/doc/man/man3/ldns_key_inception.3 2019-07-26 15:08:00.000000000 +0000 +++ ldns-1.8.1/doc/man/man3/ldns_key_inception.3 2021-12-03 07:46:09.000000000 +0000 @@ -105,7 +105,7 @@ \.br \fBk\fR: the key \.br -Returns the experiration date +Returns the expiration date .PP .HP \fIldns_key_keytag\fR() diff -Nru ldns-1.7.1/doc/man/man3/ldns_key_keytag.3 ldns-1.8.1/doc/man/man3/ldns_key_keytag.3 --- ldns-1.7.1/doc/man/man3/ldns_key_keytag.3 2019-07-26 15:08:00.000000000 +0000 +++ ldns-1.8.1/doc/man/man3/ldns_key_keytag.3 2021-12-03 07:46:09.000000000 +0000 @@ -105,7 +105,7 @@ \.br \fBk\fR: the key \.br -Returns the experiration date +Returns the expiration date .PP .HP \fIldns_key_keytag\fR() diff -Nru ldns-1.7.1/doc/man/man3/ldns_key_list_key.3 ldns-1.8.1/doc/man/man3/ldns_key_list_key.3 --- ldns-1.7.1/doc/man/man3/ldns_key_list_key.3 2019-07-26 15:08:00.000000000 +0000 +++ ldns-1.8.1/doc/man/man3/ldns_key_list_key.3 2021-12-03 07:46:09.000000000 +0000 @@ -105,7 +105,7 @@ \.br \fBk\fR: the key \.br -Returns the experiration date +Returns the expiration date .PP .HP \fIldns_key_keytag\fR() diff -Nru ldns-1.7.1/doc/man/man3/ldns_key_list_key_count.3 ldns-1.8.1/doc/man/man3/ldns_key_list_key_count.3 --- ldns-1.7.1/doc/man/man3/ldns_key_list_key_count.3 2019-07-26 15:08:00.000000000 +0000 +++ ldns-1.8.1/doc/man/man3/ldns_key_list_key_count.3 2021-12-03 07:46:09.000000000 +0000 @@ -105,7 +105,7 @@ \.br \fBk\fR: the key \.br -Returns the experiration date +Returns the expiration date .PP .HP \fIldns_key_keytag\fR() diff -Nru ldns-1.7.1/doc/man/man3/ldns_key_list_set_key_count.3 ldns-1.8.1/doc/man/man3/ldns_key_list_set_key_count.3 --- ldns-1.7.1/doc/man/man3/ldns_key_list_set_key_count.3 2019-07-26 15:08:00.000000000 +0000 +++ ldns-1.8.1/doc/man/man3/ldns_key_list_set_key_count.3 2021-12-03 07:46:09.000000000 +0000 @@ -125,7 +125,7 @@ \.br \fBkey\fR: the key \.br -\fBcount\fR: the cuont +\fBcount\fR: the count .PP .HP \fIldns_key_algo_supported\fR() diff -Nru ldns-1.7.1/doc/man/man3/ldns_key_origttl.3 ldns-1.8.1/doc/man/man3/ldns_key_origttl.3 --- ldns-1.7.1/doc/man/man3/ldns_key_origttl.3 2019-07-26 15:08:00.000000000 +0000 +++ ldns-1.8.1/doc/man/man3/ldns_key_origttl.3 2021-12-03 07:46:09.000000000 +0000 @@ -105,7 +105,7 @@ \.br \fBk\fR: the key \.br -Returns the experiration date +Returns the expiration date .PP .HP \fIldns_key_keytag\fR() diff -Nru ldns-1.7.1/doc/man/man3/ldns_key_pubkey_owner.3 ldns-1.8.1/doc/man/man3/ldns_key_pubkey_owner.3 --- ldns-1.7.1/doc/man/man3/ldns_key_pubkey_owner.3 2019-07-26 15:08:00.000000000 +0000 +++ ldns-1.8.1/doc/man/man3/ldns_key_pubkey_owner.3 2021-12-03 07:46:09.000000000 +0000 @@ -105,7 +105,7 @@ \.br \fBk\fR: the key \.br -Returns the experiration date +Returns the expiration date .PP .HP \fIldns_key_keytag\fR() diff -Nru ldns-1.7.1/doc/man/man3/ldns_key_rsa_key.3 ldns-1.8.1/doc/man/man3/ldns_key_rsa_key.3 --- ldns-1.7.1/doc/man/man3/ldns_key_rsa_key.3 2019-07-26 15:08:00.000000000 +0000 +++ ldns-1.8.1/doc/man/man3/ldns_key_rsa_key.3 2021-12-03 07:46:09.000000000 +0000 @@ -105,7 +105,7 @@ \.br \fBk\fR: the key \.br -Returns the experiration date +Returns the expiration date .PP .HP \fIldns_key_keytag\fR() diff -Nru ldns-1.7.1/doc/man/man3/ldns_key_set_algorithm.3 ldns-1.8.1/doc/man/man3/ldns_key_set_algorithm.3 --- ldns-1.7.1/doc/man/man3/ldns_key_set_algorithm.3 2019-07-26 15:08:00.000000000 +0000 +++ ldns-1.8.1/doc/man/man3/ldns_key_set_algorithm.3 2021-12-03 07:46:09.000000000 +0000 @@ -125,7 +125,7 @@ \.br \fBkey\fR: the key \.br -\fBcount\fR: the cuont +\fBcount\fR: the count .PP .HP \fIldns_key_algo_supported\fR() diff -Nru ldns-1.7.1/doc/man/man3/ldns_key_set_dsa_key.3 ldns-1.8.1/doc/man/man3/ldns_key_set_dsa_key.3 --- ldns-1.7.1/doc/man/man3/ldns_key_set_dsa_key.3 2019-07-26 15:08:00.000000000 +0000 +++ ldns-1.8.1/doc/man/man3/ldns_key_set_dsa_key.3 2021-12-03 07:46:09.000000000 +0000 @@ -125,7 +125,7 @@ \.br \fBkey\fR: the key \.br -\fBcount\fR: the cuont +\fBcount\fR: the count .PP .HP \fIldns_key_algo_supported\fR() diff -Nru ldns-1.7.1/doc/man/man3/ldns_key_set_expiration.3 ldns-1.8.1/doc/man/man3/ldns_key_set_expiration.3 --- ldns-1.7.1/doc/man/man3/ldns_key_set_expiration.3 2019-07-26 15:08:00.000000000 +0000 +++ ldns-1.8.1/doc/man/man3/ldns_key_set_expiration.3 2021-12-03 07:46:09.000000000 +0000 @@ -125,7 +125,7 @@ \.br \fBkey\fR: the key \.br -\fBcount\fR: the cuont +\fBcount\fR: the count .PP .HP \fIldns_key_algo_supported\fR() diff -Nru ldns-1.7.1/doc/man/man3/ldns_key_set_flags.3 ldns-1.8.1/doc/man/man3/ldns_key_set_flags.3 --- ldns-1.7.1/doc/man/man3/ldns_key_set_flags.3 2019-07-26 15:08:00.000000000 +0000 +++ ldns-1.8.1/doc/man/man3/ldns_key_set_flags.3 2021-12-03 07:46:09.000000000 +0000 @@ -125,7 +125,7 @@ \.br \fBkey\fR: the key \.br -\fBcount\fR: the cuont +\fBcount\fR: the count .PP .HP \fIldns_key_algo_supported\fR() diff -Nru ldns-1.7.1/doc/man/man3/ldns_key_set_hmac_key.3 ldns-1.8.1/doc/man/man3/ldns_key_set_hmac_key.3 --- ldns-1.7.1/doc/man/man3/ldns_key_set_hmac_key.3 2019-07-26 15:08:00.000000000 +0000 +++ ldns-1.8.1/doc/man/man3/ldns_key_set_hmac_key.3 2021-12-03 07:46:09.000000000 +0000 @@ -125,7 +125,7 @@ \.br \fBkey\fR: the key \.br -\fBcount\fR: the cuont +\fBcount\fR: the count .PP .HP \fIldns_key_algo_supported\fR() diff -Nru ldns-1.7.1/doc/man/man3/ldns_key_set_inception.3 ldns-1.8.1/doc/man/man3/ldns_key_set_inception.3 --- ldns-1.7.1/doc/man/man3/ldns_key_set_inception.3 2019-07-26 15:08:00.000000000 +0000 +++ ldns-1.8.1/doc/man/man3/ldns_key_set_inception.3 2021-12-03 07:46:09.000000000 +0000 @@ -125,7 +125,7 @@ \.br \fBkey\fR: the key \.br -\fBcount\fR: the cuont +\fBcount\fR: the count .PP .HP \fIldns_key_algo_supported\fR() diff -Nru ldns-1.7.1/doc/man/man3/ldns_key_set_keytag.3 ldns-1.8.1/doc/man/man3/ldns_key_set_keytag.3 --- ldns-1.7.1/doc/man/man3/ldns_key_set_keytag.3 2019-07-26 15:08:00.000000000 +0000 +++ ldns-1.8.1/doc/man/man3/ldns_key_set_keytag.3 2021-12-03 07:46:09.000000000 +0000 @@ -125,7 +125,7 @@ \.br \fBkey\fR: the key \.br -\fBcount\fR: the cuont +\fBcount\fR: the count .PP .HP \fIldns_key_algo_supported\fR() diff -Nru ldns-1.7.1/doc/man/man3/ldns_key_set_origttl.3 ldns-1.8.1/doc/man/man3/ldns_key_set_origttl.3 --- ldns-1.7.1/doc/man/man3/ldns_key_set_origttl.3 2019-07-26 15:08:00.000000000 +0000 +++ ldns-1.8.1/doc/man/man3/ldns_key_set_origttl.3 2021-12-03 07:46:09.000000000 +0000 @@ -125,7 +125,7 @@ \.br \fBkey\fR: the key \.br -\fBcount\fR: the cuont +\fBcount\fR: the count .PP .HP \fIldns_key_algo_supported\fR() diff -Nru ldns-1.7.1/doc/man/man3/ldns_key_set_pubkey_owner.3 ldns-1.8.1/doc/man/man3/ldns_key_set_pubkey_owner.3 --- ldns-1.7.1/doc/man/man3/ldns_key_set_pubkey_owner.3 2019-07-26 15:08:00.000000000 +0000 +++ ldns-1.8.1/doc/man/man3/ldns_key_set_pubkey_owner.3 2021-12-03 07:46:09.000000000 +0000 @@ -125,7 +125,7 @@ \.br \fBkey\fR: the key \.br -\fBcount\fR: the cuont +\fBcount\fR: the count .PP .HP \fIldns_key_algo_supported\fR() diff -Nru ldns-1.7.1/doc/man/man3/ldns_key_set_rsa_key.3 ldns-1.8.1/doc/man/man3/ldns_key_set_rsa_key.3 --- ldns-1.7.1/doc/man/man3/ldns_key_set_rsa_key.3 2019-07-26 15:08:00.000000000 +0000 +++ ldns-1.8.1/doc/man/man3/ldns_key_set_rsa_key.3 2021-12-03 07:46:09.000000000 +0000 @@ -125,7 +125,7 @@ \.br \fBkey\fR: the key \.br -\fBcount\fR: the cuont +\fBcount\fR: the count .PP .HP \fIldns_key_algo_supported\fR() diff -Nru ldns-1.7.1/doc/man/man3/ldns_pkt2buffer_str.3 ldns-1.8.1/doc/man/man3/ldns_pkt2buffer_str.3 --- ldns-1.7.1/doc/man/man3/ldns_pkt2buffer_str.3 2019-07-26 15:08:00.000000000 +0000 +++ ldns-1.8.1/doc/man/man3/ldns_pkt2buffer_str.3 2021-12-03 07:46:09.000000000 +0000 @@ -156,7 +156,7 @@ Converts an rr's rdata to wireformat, while excluding the ownername and all the stuff before the rdata. This is needed in \%DNSSEC keytag calculation, the ds -calcalution from the key and maybe elsewhere. +calculation from the key and maybe elsewhere. \.br \fB*output\fR: buffer where to put the result diff -Nru ldns-1.7.1/doc/man/man3/ldns_pkt2buffer_wire.3 ldns-1.8.1/doc/man/man3/ldns_pkt2buffer_wire.3 --- ldns-1.7.1/doc/man/man3/ldns_pkt2buffer_wire.3 2019-07-26 15:08:00.000000000 +0000 +++ ldns-1.8.1/doc/man/man3/ldns_pkt2buffer_wire.3 2021-12-03 07:46:09.000000000 +0000 @@ -156,7 +156,7 @@ Converts an rr's rdata to wireformat, while excluding the ownername and all the stuff before the rdata. This is needed in \%DNSSEC keytag calculation, the ds -calcalution from the key and maybe elsewhere. +calculation from the key and maybe elsewhere. \.br \fB*output\fR: buffer where to put the result diff -Nru ldns-1.7.1/doc/man/man3/ldns_pkt.3 ldns-1.8.1/doc/man/man3/ldns_pkt.3 --- ldns-1.7.1/doc/man/man3/ldns_pkt.3 2019-07-26 15:08:00.000000000 +0000 +++ ldns-1.8.1/doc/man/man3/ldns_pkt.3 2021-12-03 07:46:09.000000000 +0000 @@ -1,7 +1,7 @@ .ad l .TH ldns 3 "30 May 2006" .SH NAME -ldns_pkt, ldns_pkt_section, ldns_pkt_type \- request or anser packets types +ldns_pkt, ldns_pkt_section, ldns_pkt_type \- request or answer packets types .SH SYNOPSIS #include diff -Nru ldns-1.7.1/doc/man/man3/ldns_pkt_aa.3 ldns-1.8.1/doc/man/man3/ldns_pkt_aa.3 --- ldns-1.7.1/doc/man/man3/ldns_pkt_aa.3 2019-07-26 15:08:00.000000000 +0000 +++ ldns-1.8.1/doc/man/man3/ldns_pkt_aa.3 2021-12-03 07:46:09.000000000 +0000 @@ -134,11 +134,11 @@ .PP .HP \fIldns_pkt_get_rcode\fR() -Return the packet's respons code +Return the packet's response code \.br \fBp\fR: the packet \.br -Returns the respons code +Returns the response code .PP .HP \fIldns_pkt_qdcount\fR() diff -Nru ldns-1.7.1/doc/man/man3/ldns_pkt_ad.3 ldns-1.8.1/doc/man/man3/ldns_pkt_ad.3 --- ldns-1.7.1/doc/man/man3/ldns_pkt_ad.3 2019-07-26 15:08:00.000000000 +0000 +++ ldns-1.8.1/doc/man/man3/ldns_pkt_ad.3 2021-12-03 07:46:09.000000000 +0000 @@ -134,11 +134,11 @@ .PP .HP \fIldns_pkt_get_rcode\fR() -Return the packet's respons code +Return the packet's response code \.br \fBp\fR: the packet \.br -Returns the respons code +Returns the response code .PP .HP \fIldns_pkt_qdcount\fR() diff -Nru ldns-1.7.1/doc/man/man3/ldns_pkt_additional.3 ldns-1.8.1/doc/man/man3/ldns_pkt_additional.3 --- ldns-1.7.1/doc/man/man3/ldns_pkt_additional.3 2019-07-26 15:08:00.000000000 +0000 +++ ldns-1.8.1/doc/man/man3/ldns_pkt_additional.3 2021-12-03 07:46:09.000000000 +0000 @@ -134,11 +134,11 @@ .PP .HP \fIldns_pkt_get_rcode\fR() -Return the packet's respons code +Return the packet's response code \.br \fBp\fR: the packet \.br -Returns the respons code +Returns the response code .PP .HP \fIldns_pkt_qdcount\fR() diff -Nru ldns-1.7.1/doc/man/man3/ldns_pkt_ancount.3 ldns-1.8.1/doc/man/man3/ldns_pkt_ancount.3 --- ldns-1.7.1/doc/man/man3/ldns_pkt_ancount.3 2019-07-26 15:08:00.000000000 +0000 +++ ldns-1.8.1/doc/man/man3/ldns_pkt_ancount.3 2021-12-03 07:46:09.000000000 +0000 @@ -134,11 +134,11 @@ .PP .HP \fIldns_pkt_get_rcode\fR() -Return the packet's respons code +Return the packet's response code \.br \fBp\fR: the packet \.br -Returns the respons code +Returns the response code .PP .HP \fIldns_pkt_qdcount\fR() diff -Nru ldns-1.7.1/doc/man/man3/ldns_pkt_answer.3 ldns-1.8.1/doc/man/man3/ldns_pkt_answer.3 --- ldns-1.7.1/doc/man/man3/ldns_pkt_answer.3 2019-07-26 15:08:00.000000000 +0000 +++ ldns-1.8.1/doc/man/man3/ldns_pkt_answer.3 2021-12-03 07:46:09.000000000 +0000 @@ -134,11 +134,11 @@ .PP .HP \fIldns_pkt_get_rcode\fR() -Return the packet's respons code +Return the packet's response code \.br \fBp\fR: the packet \.br -Returns the respons code +Returns the response code .PP .HP \fIldns_pkt_qdcount\fR() diff -Nru ldns-1.7.1/doc/man/man3/ldns_pkt_answerfrom.3 ldns-1.8.1/doc/man/man3/ldns_pkt_answerfrom.3 --- ldns-1.7.1/doc/man/man3/ldns_pkt_answerfrom.3 2019-07-26 15:08:00.000000000 +0000 +++ ldns-1.8.1/doc/man/man3/ldns_pkt_answerfrom.3 2021-12-03 07:46:09.000000000 +0000 @@ -134,11 +134,11 @@ .PP .HP \fIldns_pkt_get_rcode\fR() -Return the packet's respons code +Return the packet's response code \.br \fBp\fR: the packet \.br -Returns the respons code +Returns the response code .PP .HP \fIldns_pkt_qdcount\fR() diff -Nru ldns-1.7.1/doc/man/man3/ldns_pkt_arcount.3 ldns-1.8.1/doc/man/man3/ldns_pkt_arcount.3 --- ldns-1.7.1/doc/man/man3/ldns_pkt_arcount.3 2019-07-26 15:08:00.000000000 +0000 +++ ldns-1.8.1/doc/man/man3/ldns_pkt_arcount.3 2021-12-03 07:46:09.000000000 +0000 @@ -134,11 +134,11 @@ .PP .HP \fIldns_pkt_get_rcode\fR() -Return the packet's respons code +Return the packet's response code \.br \fBp\fR: the packet \.br -Returns the respons code +Returns the response code .PP .HP \fIldns_pkt_qdcount\fR() diff -Nru ldns-1.7.1/doc/man/man3/ldns_pkt_authority.3 ldns-1.8.1/doc/man/man3/ldns_pkt_authority.3 --- ldns-1.7.1/doc/man/man3/ldns_pkt_authority.3 2019-07-26 15:08:00.000000000 +0000 +++ ldns-1.8.1/doc/man/man3/ldns_pkt_authority.3 2021-12-03 07:46:09.000000000 +0000 @@ -134,11 +134,11 @@ .PP .HP \fIldns_pkt_get_rcode\fR() -Return the packet's respons code +Return the packet's response code \.br \fBp\fR: the packet \.br -Returns the respons code +Returns the response code .PP .HP \fIldns_pkt_qdcount\fR() diff -Nru ldns-1.7.1/doc/man/man3/ldns_pkt_cd.3 ldns-1.8.1/doc/man/man3/ldns_pkt_cd.3 --- ldns-1.7.1/doc/man/man3/ldns_pkt_cd.3 2019-07-26 15:08:00.000000000 +0000 +++ ldns-1.8.1/doc/man/man3/ldns_pkt_cd.3 2021-12-03 07:46:09.000000000 +0000 @@ -134,11 +134,11 @@ .PP .HP \fIldns_pkt_get_rcode\fR() -Return the packet's respons code +Return the packet's response code \.br \fBp\fR: the packet \.br -Returns the respons code +Returns the response code .PP .HP \fIldns_pkt_qdcount\fR() diff -Nru ldns-1.7.1/doc/man/man3/ldns_pkt_get_opcode.3 ldns-1.8.1/doc/man/man3/ldns_pkt_get_opcode.3 --- ldns-1.7.1/doc/man/man3/ldns_pkt_get_opcode.3 2019-07-26 15:08:00.000000000 +0000 +++ ldns-1.8.1/doc/man/man3/ldns_pkt_get_opcode.3 2021-12-03 07:46:09.000000000 +0000 @@ -134,11 +134,11 @@ .PP .HP \fIldns_pkt_get_rcode\fR() -Return the packet's respons code +Return the packet's response code \.br \fBp\fR: the packet \.br -Returns the respons code +Returns the response code .PP .HP \fIldns_pkt_qdcount\fR() diff -Nru ldns-1.7.1/doc/man/man3/ldns_pkt_get_rcode.3 ldns-1.8.1/doc/man/man3/ldns_pkt_get_rcode.3 --- ldns-1.7.1/doc/man/man3/ldns_pkt_get_rcode.3 2019-07-26 15:08:00.000000000 +0000 +++ ldns-1.8.1/doc/man/man3/ldns_pkt_get_rcode.3 2021-12-03 07:46:09.000000000 +0000 @@ -134,11 +134,11 @@ .PP .HP \fIldns_pkt_get_rcode\fR() -Return the packet's respons code +Return the packet's response code \.br \fBp\fR: the packet \.br -Returns the respons code +Returns the response code .PP .HP \fIldns_pkt_qdcount\fR() diff -Nru ldns-1.7.1/doc/man/man3/ldns_pkt_get_section_clone.3 ldns-1.8.1/doc/man/man3/ldns_pkt_get_section_clone.3 --- ldns-1.7.1/doc/man/man3/ldns_pkt_get_section_clone.3 2019-07-26 15:08:00.000000000 +0000 +++ ldns-1.8.1/doc/man/man3/ldns_pkt_get_section_clone.3 2021-12-03 07:46:09.000000000 +0000 @@ -134,11 +134,11 @@ .PP .HP \fIldns_pkt_get_rcode\fR() -Return the packet's respons code +Return the packet's response code \.br \fBp\fR: the packet \.br -Returns the respons code +Returns the response code .PP .HP \fIldns_pkt_qdcount\fR() diff -Nru ldns-1.7.1/doc/man/man3/ldns_pktheader2buffer_str.3 ldns-1.8.1/doc/man/man3/ldns_pktheader2buffer_str.3 --- ldns-1.7.1/doc/man/man3/ldns_pktheader2buffer_str.3 2019-07-26 15:08:00.000000000 +0000 +++ ldns-1.8.1/doc/man/man3/ldns_pktheader2buffer_str.3 2021-12-03 07:46:09.000000000 +0000 @@ -156,7 +156,7 @@ Converts an rr's rdata to wireformat, while excluding the ownername and all the stuff before the rdata. This is needed in \%DNSSEC keytag calculation, the ds -calcalution from the key and maybe elsewhere. +calculation from the key and maybe elsewhere. \.br \fB*output\fR: buffer where to put the result diff -Nru ldns-1.7.1/doc/man/man3/ldns_pkt_id.3 ldns-1.8.1/doc/man/man3/ldns_pkt_id.3 --- ldns-1.7.1/doc/man/man3/ldns_pkt_id.3 2019-07-26 15:08:00.000000000 +0000 +++ ldns-1.8.1/doc/man/man3/ldns_pkt_id.3 2021-12-03 07:46:09.000000000 +0000 @@ -134,11 +134,11 @@ .PP .HP \fIldns_pkt_get_rcode\fR() -Return the packet's respons code +Return the packet's response code \.br \fBp\fR: the packet \.br -Returns the respons code +Returns the response code .PP .HP \fIldns_pkt_qdcount\fR() diff -Nru ldns-1.7.1/doc/man/man3/ldns_pkt_nscount.3 ldns-1.8.1/doc/man/man3/ldns_pkt_nscount.3 --- ldns-1.7.1/doc/man/man3/ldns_pkt_nscount.3 2019-07-26 15:08:00.000000000 +0000 +++ ldns-1.8.1/doc/man/man3/ldns_pkt_nscount.3 2021-12-03 07:46:09.000000000 +0000 @@ -134,11 +134,11 @@ .PP .HP \fIldns_pkt_get_rcode\fR() -Return the packet's respons code +Return the packet's response code \.br \fBp\fR: the packet \.br -Returns the respons code +Returns the response code .PP .HP \fIldns_pkt_qdcount\fR() diff -Nru ldns-1.7.1/doc/man/man3/ldns_pkt_qdcount.3 ldns-1.8.1/doc/man/man3/ldns_pkt_qdcount.3 --- ldns-1.7.1/doc/man/man3/ldns_pkt_qdcount.3 2019-07-26 15:08:00.000000000 +0000 +++ ldns-1.8.1/doc/man/man3/ldns_pkt_qdcount.3 2021-12-03 07:46:09.000000000 +0000 @@ -134,11 +134,11 @@ .PP .HP \fIldns_pkt_get_rcode\fR() -Return the packet's respons code +Return the packet's response code \.br \fBp\fR: the packet \.br -Returns the respons code +Returns the response code .PP .HP \fIldns_pkt_qdcount\fR() diff -Nru ldns-1.7.1/doc/man/man3/ldns_pkt_qr.3 ldns-1.8.1/doc/man/man3/ldns_pkt_qr.3 --- ldns-1.7.1/doc/man/man3/ldns_pkt_qr.3 2019-07-26 15:08:00.000000000 +0000 +++ ldns-1.8.1/doc/man/man3/ldns_pkt_qr.3 2021-12-03 07:46:09.000000000 +0000 @@ -134,11 +134,11 @@ .PP .HP \fIldns_pkt_get_rcode\fR() -Return the packet's respons code +Return the packet's response code \.br \fBp\fR: the packet \.br -Returns the respons code +Returns the response code .PP .HP \fIldns_pkt_qdcount\fR() diff -Nru ldns-1.7.1/doc/man/man3/ldns_pkt_querytime.3 ldns-1.8.1/doc/man/man3/ldns_pkt_querytime.3 --- ldns-1.7.1/doc/man/man3/ldns_pkt_querytime.3 2019-07-26 15:08:00.000000000 +0000 +++ ldns-1.8.1/doc/man/man3/ldns_pkt_querytime.3 2021-12-03 07:46:09.000000000 +0000 @@ -134,11 +134,11 @@ .PP .HP \fIldns_pkt_get_rcode\fR() -Return the packet's respons code +Return the packet's response code \.br \fBp\fR: the packet \.br -Returns the respons code +Returns the response code .PP .HP \fIldns_pkt_qdcount\fR() diff -Nru ldns-1.7.1/doc/man/man3/ldns_pkt_question.3 ldns-1.8.1/doc/man/man3/ldns_pkt_question.3 --- ldns-1.7.1/doc/man/man3/ldns_pkt_question.3 2019-07-26 15:08:00.000000000 +0000 +++ ldns-1.8.1/doc/man/man3/ldns_pkt_question.3 2021-12-03 07:46:09.000000000 +0000 @@ -134,11 +134,11 @@ .PP .HP \fIldns_pkt_get_rcode\fR() -Return the packet's respons code +Return the packet's response code \.br \fBp\fR: the packet \.br -Returns the respons code +Returns the response code .PP .HP \fIldns_pkt_qdcount\fR() diff -Nru ldns-1.7.1/doc/man/man3/ldns_pkt_ra.3 ldns-1.8.1/doc/man/man3/ldns_pkt_ra.3 --- ldns-1.7.1/doc/man/man3/ldns_pkt_ra.3 2019-07-26 15:08:00.000000000 +0000 +++ ldns-1.8.1/doc/man/man3/ldns_pkt_ra.3 2021-12-03 07:46:09.000000000 +0000 @@ -134,11 +134,11 @@ .PP .HP \fIldns_pkt_get_rcode\fR() -Return the packet's respons code +Return the packet's response code \.br \fBp\fR: the packet \.br -Returns the respons code +Returns the response code .PP .HP \fIldns_pkt_qdcount\fR() diff -Nru ldns-1.7.1/doc/man/man3/ldns_pkt_rd.3 ldns-1.8.1/doc/man/man3/ldns_pkt_rd.3 --- ldns-1.7.1/doc/man/man3/ldns_pkt_rd.3 2019-07-26 15:08:00.000000000 +0000 +++ ldns-1.8.1/doc/man/man3/ldns_pkt_rd.3 2021-12-03 07:46:09.000000000 +0000 @@ -134,11 +134,11 @@ .PP .HP \fIldns_pkt_get_rcode\fR() -Return the packet's respons code +Return the packet's response code \.br \fBp\fR: the packet \.br -Returns the respons code +Returns the response code .PP .HP \fIldns_pkt_qdcount\fR() diff -Nru ldns-1.7.1/doc/man/man3/ldns_pkt_rr_list_by_name.3 ldns-1.8.1/doc/man/man3/ldns_pkt_rr_list_by_name.3 --- ldns-1.7.1/doc/man/man3/ldns_pkt_rr_list_by_name.3 2019-07-26 15:08:00.000000000 +0000 +++ ldns-1.8.1/doc/man/man3/ldns_pkt_rr_list_by_name.3 2021-12-03 07:46:09.000000000 +0000 @@ -134,11 +134,11 @@ .PP .HP \fIldns_pkt_get_rcode\fR() -Return the packet's respons code +Return the packet's response code \.br \fBp\fR: the packet \.br -Returns the respons code +Returns the response code .PP .HP \fIldns_pkt_qdcount\fR() diff -Nru ldns-1.7.1/doc/man/man3/ldns_pkt_rr_list_by_name_and_type.3 ldns-1.8.1/doc/man/man3/ldns_pkt_rr_list_by_name_and_type.3 --- ldns-1.7.1/doc/man/man3/ldns_pkt_rr_list_by_name_and_type.3 2019-07-26 15:08:00.000000000 +0000 +++ ldns-1.8.1/doc/man/man3/ldns_pkt_rr_list_by_name_and_type.3 2021-12-03 07:46:09.000000000 +0000 @@ -134,11 +134,11 @@ .PP .HP \fIldns_pkt_get_rcode\fR() -Return the packet's respons code +Return the packet's response code \.br \fBp\fR: the packet \.br -Returns the respons code +Returns the response code .PP .HP \fIldns_pkt_qdcount\fR() diff -Nru ldns-1.7.1/doc/man/man3/ldns_pkt_rr_list_by_type.3 ldns-1.8.1/doc/man/man3/ldns_pkt_rr_list_by_type.3 --- ldns-1.7.1/doc/man/man3/ldns_pkt_rr_list_by_type.3 2019-07-26 15:08:00.000000000 +0000 +++ ldns-1.8.1/doc/man/man3/ldns_pkt_rr_list_by_type.3 2021-12-03 07:46:09.000000000 +0000 @@ -134,11 +134,11 @@ .PP .HP \fIldns_pkt_get_rcode\fR() -Return the packet's respons code +Return the packet's response code \.br \fBp\fR: the packet \.br -Returns the respons code +Returns the response code .PP .HP \fIldns_pkt_qdcount\fR() diff -Nru ldns-1.7.1/doc/man/man3/ldns_pkt_section.3 ldns-1.8.1/doc/man/man3/ldns_pkt_section.3 --- ldns-1.7.1/doc/man/man3/ldns_pkt_section.3 2019-07-26 15:08:00.000000000 +0000 +++ ldns-1.8.1/doc/man/man3/ldns_pkt_section.3 2021-12-03 07:46:09.000000000 +0000 @@ -1,7 +1,7 @@ .ad l .TH ldns 3 "30 May 2006" .SH NAME -ldns_pkt, ldns_pkt_section, ldns_pkt_type \- request or anser packets types +ldns_pkt, ldns_pkt_section, ldns_pkt_type \- request or answer packets types .SH SYNOPSIS #include diff -Nru ldns-1.7.1/doc/man/man3/ldns_pkt_set_aa.3 ldns-1.8.1/doc/man/man3/ldns_pkt_set_aa.3 --- ldns-1.7.1/doc/man/man3/ldns_pkt_set_aa.3 2019-07-26 15:08:00.000000000 +0000 +++ ldns-1.8.1/doc/man/man3/ldns_pkt_set_aa.3 2021-12-03 07:46:09.000000000 +0000 @@ -137,7 +137,7 @@ .PP .HP \fIldns_pkt_set_rcode\fR() -Set the packet's respons code +Set the packet's response code \.br \fBp\fR: the packet \.br diff -Nru ldns-1.7.1/doc/man/man3/ldns_pkt_set_ad.3 ldns-1.8.1/doc/man/man3/ldns_pkt_set_ad.3 --- ldns-1.7.1/doc/man/man3/ldns_pkt_set_ad.3 2019-07-26 15:08:00.000000000 +0000 +++ ldns-1.8.1/doc/man/man3/ldns_pkt_set_ad.3 2021-12-03 07:46:09.000000000 +0000 @@ -137,7 +137,7 @@ .PP .HP \fIldns_pkt_set_rcode\fR() -Set the packet's respons code +Set the packet's response code \.br \fBp\fR: the packet \.br diff -Nru ldns-1.7.1/doc/man/man3/ldns_pkt_set_ancount.3 ldns-1.8.1/doc/man/man3/ldns_pkt_set_ancount.3 --- ldns-1.7.1/doc/man/man3/ldns_pkt_set_ancount.3 2019-07-26 15:08:00.000000000 +0000 +++ ldns-1.8.1/doc/man/man3/ldns_pkt_set_ancount.3 2021-12-03 07:46:09.000000000 +0000 @@ -137,7 +137,7 @@ .PP .HP \fIldns_pkt_set_rcode\fR() -Set the packet's respons code +Set the packet's response code \.br \fBp\fR: the packet \.br diff -Nru ldns-1.7.1/doc/man/man3/ldns_pkt_set_answerfrom.3 ldns-1.8.1/doc/man/man3/ldns_pkt_set_answerfrom.3 --- ldns-1.7.1/doc/man/man3/ldns_pkt_set_answerfrom.3 2019-07-26 15:08:00.000000000 +0000 +++ ldns-1.8.1/doc/man/man3/ldns_pkt_set_answerfrom.3 2021-12-03 07:46:09.000000000 +0000 @@ -137,7 +137,7 @@ .PP .HP \fIldns_pkt_set_rcode\fR() -Set the packet's respons code +Set the packet's response code \.br \fBp\fR: the packet \.br diff -Nru ldns-1.7.1/doc/man/man3/ldns_pkt_set_arcount.3 ldns-1.8.1/doc/man/man3/ldns_pkt_set_arcount.3 --- ldns-1.7.1/doc/man/man3/ldns_pkt_set_arcount.3 2019-07-26 15:08:00.000000000 +0000 +++ ldns-1.8.1/doc/man/man3/ldns_pkt_set_arcount.3 2021-12-03 07:46:09.000000000 +0000 @@ -137,7 +137,7 @@ .PP .HP \fIldns_pkt_set_rcode\fR() -Set the packet's respons code +Set the packet's response code \.br \fBp\fR: the packet \.br diff -Nru ldns-1.7.1/doc/man/man3/ldns_pkt_set_cd.3 ldns-1.8.1/doc/man/man3/ldns_pkt_set_cd.3 --- ldns-1.7.1/doc/man/man3/ldns_pkt_set_cd.3 2019-07-26 15:08:00.000000000 +0000 +++ ldns-1.8.1/doc/man/man3/ldns_pkt_set_cd.3 2021-12-03 07:46:09.000000000 +0000 @@ -137,7 +137,7 @@ .PP .HP \fIldns_pkt_set_rcode\fR() -Set the packet's respons code +Set the packet's response code \.br \fBp\fR: the packet \.br diff -Nru ldns-1.7.1/doc/man/man3/ldns_pkt_set_flags.3 ldns-1.8.1/doc/man/man3/ldns_pkt_set_flags.3 --- ldns-1.7.1/doc/man/man3/ldns_pkt_set_flags.3 2019-07-26 15:08:00.000000000 +0000 +++ ldns-1.8.1/doc/man/man3/ldns_pkt_set_flags.3 2021-12-03 07:46:09.000000000 +0000 @@ -137,7 +137,7 @@ .PP .HP \fIldns_pkt_set_rcode\fR() -Set the packet's respons code +Set the packet's response code \.br \fBp\fR: the packet \.br diff -Nru ldns-1.7.1/doc/man/man3/ldns_pkt_set_id.3 ldns-1.8.1/doc/man/man3/ldns_pkt_set_id.3 --- ldns-1.7.1/doc/man/man3/ldns_pkt_set_id.3 2019-07-26 15:08:00.000000000 +0000 +++ ldns-1.8.1/doc/man/man3/ldns_pkt_set_id.3 2021-12-03 07:46:09.000000000 +0000 @@ -137,7 +137,7 @@ .PP .HP \fIldns_pkt_set_rcode\fR() -Set the packet's respons code +Set the packet's response code \.br \fBp\fR: the packet \.br diff -Nru ldns-1.7.1/doc/man/man3/ldns_pkt_set_nscount.3 ldns-1.8.1/doc/man/man3/ldns_pkt_set_nscount.3 --- ldns-1.7.1/doc/man/man3/ldns_pkt_set_nscount.3 2019-07-26 15:08:00.000000000 +0000 +++ ldns-1.8.1/doc/man/man3/ldns_pkt_set_nscount.3 2021-12-03 07:46:09.000000000 +0000 @@ -137,7 +137,7 @@ .PP .HP \fIldns_pkt_set_rcode\fR() -Set the packet's respons code +Set the packet's response code \.br \fBp\fR: the packet \.br diff -Nru ldns-1.7.1/doc/man/man3/ldns_pkt_set_opcode.3 ldns-1.8.1/doc/man/man3/ldns_pkt_set_opcode.3 --- ldns-1.7.1/doc/man/man3/ldns_pkt_set_opcode.3 2019-07-26 15:08:00.000000000 +0000 +++ ldns-1.8.1/doc/man/man3/ldns_pkt_set_opcode.3 2021-12-03 07:46:09.000000000 +0000 @@ -137,7 +137,7 @@ .PP .HP \fIldns_pkt_set_rcode\fR() -Set the packet's respons code +Set the packet's response code \.br \fBp\fR: the packet \.br diff -Nru ldns-1.7.1/doc/man/man3/ldns_pkt_set_qdcount.3 ldns-1.8.1/doc/man/man3/ldns_pkt_set_qdcount.3 --- ldns-1.7.1/doc/man/man3/ldns_pkt_set_qdcount.3 2019-07-26 15:08:00.000000000 +0000 +++ ldns-1.8.1/doc/man/man3/ldns_pkt_set_qdcount.3 2021-12-03 07:46:09.000000000 +0000 @@ -137,7 +137,7 @@ .PP .HP \fIldns_pkt_set_rcode\fR() -Set the packet's respons code +Set the packet's response code \.br \fBp\fR: the packet \.br diff -Nru ldns-1.7.1/doc/man/man3/ldns_pkt_set_qr.3 ldns-1.8.1/doc/man/man3/ldns_pkt_set_qr.3 --- ldns-1.7.1/doc/man/man3/ldns_pkt_set_qr.3 2019-07-26 15:08:00.000000000 +0000 +++ ldns-1.8.1/doc/man/man3/ldns_pkt_set_qr.3 2021-12-03 07:46:09.000000000 +0000 @@ -137,7 +137,7 @@ .PP .HP \fIldns_pkt_set_rcode\fR() -Set the packet's respons code +Set the packet's response code \.br \fBp\fR: the packet \.br diff -Nru ldns-1.7.1/doc/man/man3/ldns_pkt_set_querytime.3 ldns-1.8.1/doc/man/man3/ldns_pkt_set_querytime.3 --- ldns-1.7.1/doc/man/man3/ldns_pkt_set_querytime.3 2019-07-26 15:08:00.000000000 +0000 +++ ldns-1.8.1/doc/man/man3/ldns_pkt_set_querytime.3 2021-12-03 07:46:09.000000000 +0000 @@ -137,7 +137,7 @@ .PP .HP \fIldns_pkt_set_rcode\fR() -Set the packet's respons code +Set the packet's response code \.br \fBp\fR: the packet \.br diff -Nru ldns-1.7.1/doc/man/man3/ldns_pkt_set_ra.3 ldns-1.8.1/doc/man/man3/ldns_pkt_set_ra.3 --- ldns-1.7.1/doc/man/man3/ldns_pkt_set_ra.3 2019-07-26 15:08:00.000000000 +0000 +++ ldns-1.8.1/doc/man/man3/ldns_pkt_set_ra.3 2021-12-03 07:46:09.000000000 +0000 @@ -137,7 +137,7 @@ .PP .HP \fIldns_pkt_set_rcode\fR() -Set the packet's respons code +Set the packet's response code \.br \fBp\fR: the packet \.br diff -Nru ldns-1.7.1/doc/man/man3/ldns_pkt_set_rcode.3 ldns-1.8.1/doc/man/man3/ldns_pkt_set_rcode.3 --- ldns-1.7.1/doc/man/man3/ldns_pkt_set_rcode.3 2019-07-26 15:08:00.000000000 +0000 +++ ldns-1.8.1/doc/man/man3/ldns_pkt_set_rcode.3 2021-12-03 07:46:09.000000000 +0000 @@ -137,7 +137,7 @@ .PP .HP \fIldns_pkt_set_rcode\fR() -Set the packet's respons code +Set the packet's response code \.br \fBp\fR: the packet \.br diff -Nru ldns-1.7.1/doc/man/man3/ldns_pkt_set_rd.3 ldns-1.8.1/doc/man/man3/ldns_pkt_set_rd.3 --- ldns-1.7.1/doc/man/man3/ldns_pkt_set_rd.3 2019-07-26 15:08:00.000000000 +0000 +++ ldns-1.8.1/doc/man/man3/ldns_pkt_set_rd.3 2021-12-03 07:46:09.000000000 +0000 @@ -137,7 +137,7 @@ .PP .HP \fIldns_pkt_set_rcode\fR() -Set the packet's respons code +Set the packet's response code \.br \fBp\fR: the packet \.br diff -Nru ldns-1.7.1/doc/man/man3/ldns_pkt_set_section_count.3 ldns-1.8.1/doc/man/man3/ldns_pkt_set_section_count.3 --- ldns-1.7.1/doc/man/man3/ldns_pkt_set_section_count.3 2019-07-26 15:08:00.000000000 +0000 +++ ldns-1.8.1/doc/man/man3/ldns_pkt_set_section_count.3 2021-12-03 07:46:09.000000000 +0000 @@ -137,7 +137,7 @@ .PP .HP \fIldns_pkt_set_rcode\fR() -Set the packet's respons code +Set the packet's response code \.br \fBp\fR: the packet \.br diff -Nru ldns-1.7.1/doc/man/man3/ldns_pkt_set_size.3 ldns-1.8.1/doc/man/man3/ldns_pkt_set_size.3 --- ldns-1.7.1/doc/man/man3/ldns_pkt_set_size.3 2019-07-26 15:08:00.000000000 +0000 +++ ldns-1.8.1/doc/man/man3/ldns_pkt_set_size.3 2021-12-03 07:46:09.000000000 +0000 @@ -137,7 +137,7 @@ .PP .HP \fIldns_pkt_set_rcode\fR() -Set the packet's respons code +Set the packet's response code \.br \fBp\fR: the packet \.br diff -Nru ldns-1.7.1/doc/man/man3/ldns_pkt_set_tc.3 ldns-1.8.1/doc/man/man3/ldns_pkt_set_tc.3 --- ldns-1.7.1/doc/man/man3/ldns_pkt_set_tc.3 2019-07-26 15:08:00.000000000 +0000 +++ ldns-1.8.1/doc/man/man3/ldns_pkt_set_tc.3 2021-12-03 07:46:09.000000000 +0000 @@ -137,7 +137,7 @@ .PP .HP \fIldns_pkt_set_rcode\fR() -Set the packet's respons code +Set the packet's response code \.br \fBp\fR: the packet \.br diff -Nru ldns-1.7.1/doc/man/man3/ldns_pkt_set_tsig.3 ldns-1.8.1/doc/man/man3/ldns_pkt_set_tsig.3 --- ldns-1.7.1/doc/man/man3/ldns_pkt_set_tsig.3 2019-07-26 15:08:00.000000000 +0000 +++ ldns-1.8.1/doc/man/man3/ldns_pkt_set_tsig.3 2021-12-03 07:46:09.000000000 +0000 @@ -137,7 +137,7 @@ .PP .HP \fIldns_pkt_set_rcode\fR() -Set the packet's respons code +Set the packet's response code \.br \fBp\fR: the packet \.br diff -Nru ldns-1.7.1/doc/man/man3/ldns_pkt_size.3 ldns-1.8.1/doc/man/man3/ldns_pkt_size.3 --- ldns-1.7.1/doc/man/man3/ldns_pkt_size.3 2019-07-26 15:08:00.000000000 +0000 +++ ldns-1.8.1/doc/man/man3/ldns_pkt_size.3 2021-12-03 07:46:09.000000000 +0000 @@ -134,11 +134,11 @@ .PP .HP \fIldns_pkt_get_rcode\fR() -Return the packet's respons code +Return the packet's response code \.br \fBp\fR: the packet \.br -Returns the respons code +Returns the response code .PP .HP \fIldns_pkt_qdcount\fR() diff -Nru ldns-1.7.1/doc/man/man3/ldns_pkt_tc.3 ldns-1.8.1/doc/man/man3/ldns_pkt_tc.3 --- ldns-1.7.1/doc/man/man3/ldns_pkt_tc.3 2019-07-26 15:08:00.000000000 +0000 +++ ldns-1.8.1/doc/man/man3/ldns_pkt_tc.3 2021-12-03 07:46:09.000000000 +0000 @@ -134,11 +134,11 @@ .PP .HP \fIldns_pkt_get_rcode\fR() -Return the packet's respons code +Return the packet's response code \.br \fBp\fR: the packet \.br -Returns the respons code +Returns the response code .PP .HP \fIldns_pkt_qdcount\fR() diff -Nru ldns-1.7.1/doc/man/man3/ldns_pkt_tsig.3 ldns-1.8.1/doc/man/man3/ldns_pkt_tsig.3 --- ldns-1.7.1/doc/man/man3/ldns_pkt_tsig.3 2019-07-26 15:08:00.000000000 +0000 +++ ldns-1.8.1/doc/man/man3/ldns_pkt_tsig.3 2021-12-03 07:46:09.000000000 +0000 @@ -134,11 +134,11 @@ .PP .HP \fIldns_pkt_get_rcode\fR() -Return the packet's respons code +Return the packet's response code \.br \fBp\fR: the packet \.br -Returns the respons code +Returns the response code .PP .HP \fIldns_pkt_qdcount\fR() diff -Nru ldns-1.7.1/doc/man/man3/ldns_pkt_type.3 ldns-1.8.1/doc/man/man3/ldns_pkt_type.3 --- ldns-1.7.1/doc/man/man3/ldns_pkt_type.3 2019-07-26 15:08:00.000000000 +0000 +++ ldns-1.8.1/doc/man/man3/ldns_pkt_type.3 2021-12-03 07:46:09.000000000 +0000 @@ -1,7 +1,7 @@ .ad l .TH ldns 3 "30 May 2006" .SH NAME -ldns_pkt, ldns_pkt_section, ldns_pkt_type \- request or anser packets types +ldns_pkt, ldns_pkt_section, ldns_pkt_type \- request or answer packets types .SH SYNOPSIS #include diff -Nru ldns-1.7.1/doc/man/man3/ldns_rdf2buffer_str.3 ldns-1.8.1/doc/man/man3/ldns_rdf2buffer_str.3 --- ldns-1.7.1/doc/man/man3/ldns_rdf2buffer_str.3 2019-07-26 15:08:00.000000000 +0000 +++ ldns-1.8.1/doc/man/man3/ldns_rdf2buffer_str.3 2021-12-03 07:46:09.000000000 +0000 @@ -156,7 +156,7 @@ Converts an rr's rdata to wireformat, while excluding the ownername and all the stuff before the rdata. This is needed in \%DNSSEC keytag calculation, the ds -calcalution from the key and maybe elsewhere. +calculation from the key and maybe elsewhere. \.br \fB*output\fR: buffer where to put the result diff -Nru ldns-1.7.1/doc/man/man3/ldns_rdf2buffer_wire.3 ldns-1.8.1/doc/man/man3/ldns_rdf2buffer_wire.3 --- ldns-1.7.1/doc/man/man3/ldns_rdf2buffer_wire.3 2019-07-26 15:08:00.000000000 +0000 +++ ldns-1.8.1/doc/man/man3/ldns_rdf2buffer_wire.3 2021-12-03 07:46:09.000000000 +0000 @@ -156,7 +156,7 @@ Converts an rr's rdata to wireformat, while excluding the ownername and all the stuff before the rdata. This is needed in \%DNSSEC keytag calculation, the ds -calcalution from the key and maybe elsewhere. +calculation from the key and maybe elsewhere. \.br \fB*output\fR: buffer where to put the result diff -Nru ldns-1.7.1/doc/man/man3/ldns_rdf.3 ldns-1.8.1/doc/man/man3/ldns_rdf.3 --- ldns-1.7.1/doc/man/man3/ldns_rdf.3 2019-07-26 15:08:00.000000000 +0000 +++ ldns-1.8.1/doc/man/man3/ldns_rdf.3 2021-12-03 07:46:09.000000000 +0000 @@ -251,6 +251,12 @@ .br .br + \fBdraft-ietf-dnsop-svcb-https *:\fR +.br + LDNS_RDF_TYPE_SVCPARAMS, +.br + +.br /* Aliases */ .br LDNS_RDF_TYPE_BITMAP = LDNS_RDF_TYPE_NSEC diff -Nru ldns-1.7.1/doc/man/man3/ldns_rdf_clone.3 ldns-1.8.1/doc/man/man3/ldns_rdf_clone.3 --- ldns-1.7.1/doc/man/man3/ldns_rdf_clone.3 2019-07-26 15:08:00.000000000 +0000 +++ ldns-1.8.1/doc/man/man3/ldns_rdf_clone.3 2021-12-03 07:46:09.000000000 +0000 @@ -33,7 +33,7 @@ \fIldns_rdf_new\fR() allocates a new rdf structure and fills it. This function \%DOES \%NOT copy the contents from -the buffer, unlinke ldns_rdf_new_frm_data() +the buffer, unlike ldns_rdf_new_frm_data() \.br \fBtype\fR: type of the rdf \.br @@ -55,7 +55,7 @@ \fIldns_rdf_new_frm_data\fR() allocates a new rdf structure and fills it. This function _does_ copy the contents from -the buffer, unlinke ldns_rdf_new() +the buffer, unlike ldns_rdf_new() \.br \fBtype\fR: type of the rdf \.br diff -Nru ldns-1.7.1/doc/man/man3/ldns_rdf_deep_free.3 ldns-1.8.1/doc/man/man3/ldns_rdf_deep_free.3 --- ldns-1.7.1/doc/man/man3/ldns_rdf_deep_free.3 2019-07-26 15:08:00.000000000 +0000 +++ ldns-1.8.1/doc/man/man3/ldns_rdf_deep_free.3 2021-12-03 07:46:09.000000000 +0000 @@ -33,7 +33,7 @@ \fIldns_rdf_new\fR() allocates a new rdf structure and fills it. This function \%DOES \%NOT copy the contents from -the buffer, unlinke ldns_rdf_new_frm_data() +the buffer, unlike ldns_rdf_new_frm_data() \.br \fBtype\fR: type of the rdf \.br @@ -55,7 +55,7 @@ \fIldns_rdf_new_frm_data\fR() allocates a new rdf structure and fills it. This function _does_ copy the contents from -the buffer, unlinke ldns_rdf_new() +the buffer, unlike ldns_rdf_new() \.br \fBtype\fR: type of the rdf \.br diff -Nru ldns-1.7.1/doc/man/man3/ldns_rdf_free.3 ldns-1.8.1/doc/man/man3/ldns_rdf_free.3 --- ldns-1.7.1/doc/man/man3/ldns_rdf_free.3 2019-07-26 15:08:00.000000000 +0000 +++ ldns-1.8.1/doc/man/man3/ldns_rdf_free.3 2021-12-03 07:46:09.000000000 +0000 @@ -33,7 +33,7 @@ \fIldns_rdf_new\fR() allocates a new rdf structure and fills it. This function \%DOES \%NOT copy the contents from -the buffer, unlinke ldns_rdf_new_frm_data() +the buffer, unlike ldns_rdf_new_frm_data() \.br \fBtype\fR: type of the rdf \.br @@ -55,7 +55,7 @@ \fIldns_rdf_new_frm_data\fR() allocates a new rdf structure and fills it. This function _does_ copy the contents from -the buffer, unlinke ldns_rdf_new() +the buffer, unlike ldns_rdf_new() \.br \fBtype\fR: type of the rdf \.br diff -Nru ldns-1.7.1/doc/man/man3/ldns_rdf_new.3 ldns-1.8.1/doc/man/man3/ldns_rdf_new.3 --- ldns-1.7.1/doc/man/man3/ldns_rdf_new.3 2019-07-26 15:08:00.000000000 +0000 +++ ldns-1.8.1/doc/man/man3/ldns_rdf_new.3 2021-12-03 07:46:09.000000000 +0000 @@ -33,7 +33,7 @@ \fIldns_rdf_new\fR() allocates a new rdf structure and fills it. This function \%DOES \%NOT copy the contents from -the buffer, unlinke ldns_rdf_new_frm_data() +the buffer, unlike ldns_rdf_new_frm_data() \.br \fBtype\fR: type of the rdf \.br @@ -55,7 +55,7 @@ \fIldns_rdf_new_frm_data\fR() allocates a new rdf structure and fills it. This function _does_ copy the contents from -the buffer, unlinke ldns_rdf_new() +the buffer, unlike ldns_rdf_new() \.br \fBtype\fR: type of the rdf \.br diff -Nru ldns-1.7.1/doc/man/man3/ldns_rdf_new_frm_data.3 ldns-1.8.1/doc/man/man3/ldns_rdf_new_frm_data.3 --- ldns-1.7.1/doc/man/man3/ldns_rdf_new_frm_data.3 2019-07-26 15:08:00.000000000 +0000 +++ ldns-1.8.1/doc/man/man3/ldns_rdf_new_frm_data.3 2021-12-03 07:46:09.000000000 +0000 @@ -33,7 +33,7 @@ \fIldns_rdf_new\fR() allocates a new rdf structure and fills it. This function \%DOES \%NOT copy the contents from -the buffer, unlinke ldns_rdf_new_frm_data() +the buffer, unlike ldns_rdf_new_frm_data() \.br \fBtype\fR: type of the rdf \.br @@ -55,7 +55,7 @@ \fIldns_rdf_new_frm_data\fR() allocates a new rdf structure and fills it. This function _does_ copy the contents from -the buffer, unlinke ldns_rdf_new() +the buffer, unlike ldns_rdf_new() \.br \fBtype\fR: type of the rdf \.br diff -Nru ldns-1.7.1/doc/man/man3/ldns_rdf_new_frm_fp.3 ldns-1.8.1/doc/man/man3/ldns_rdf_new_frm_fp.3 --- ldns-1.7.1/doc/man/man3/ldns_rdf_new_frm_fp.3 2019-07-26 15:08:00.000000000 +0000 +++ ldns-1.8.1/doc/man/man3/ldns_rdf_new_frm_fp.3 2021-12-03 07:46:09.000000000 +0000 @@ -33,7 +33,7 @@ \fIldns_rdf_new\fR() allocates a new rdf structure and fills it. This function \%DOES \%NOT copy the contents from -the buffer, unlinke ldns_rdf_new_frm_data() +the buffer, unlike ldns_rdf_new_frm_data() \.br \fBtype\fR: type of the rdf \.br @@ -55,7 +55,7 @@ \fIldns_rdf_new_frm_data\fR() allocates a new rdf structure and fills it. This function _does_ copy the contents from -the buffer, unlinke ldns_rdf_new() +the buffer, unlike ldns_rdf_new() \.br \fBtype\fR: type of the rdf \.br diff -Nru ldns-1.7.1/doc/man/man3/ldns_rdf_new_frm_str.3 ldns-1.8.1/doc/man/man3/ldns_rdf_new_frm_str.3 --- ldns-1.7.1/doc/man/man3/ldns_rdf_new_frm_str.3 2019-07-26 15:08:00.000000000 +0000 +++ ldns-1.8.1/doc/man/man3/ldns_rdf_new_frm_str.3 2021-12-03 07:46:09.000000000 +0000 @@ -33,7 +33,7 @@ \fIldns_rdf_new\fR() allocates a new rdf structure and fills it. This function \%DOES \%NOT copy the contents from -the buffer, unlinke ldns_rdf_new_frm_data() +the buffer, unlike ldns_rdf_new_frm_data() \.br \fBtype\fR: type of the rdf \.br @@ -55,7 +55,7 @@ \fIldns_rdf_new_frm_data\fR() allocates a new rdf structure and fills it. This function _does_ copy the contents from -the buffer, unlinke ldns_rdf_new() +the buffer, unlike ldns_rdf_new() \.br \fBtype\fR: type of the rdf \.br diff -Nru ldns-1.7.1/doc/man/man3/ldns_rdf_print.3 ldns-1.8.1/doc/man/man3/ldns_rdf_print.3 --- ldns-1.7.1/doc/man/man3/ldns_rdf_print.3 2019-07-26 15:08:00.000000000 +0000 +++ ldns-1.8.1/doc/man/man3/ldns_rdf_print.3 2021-12-03 07:46:09.000000000 +0000 @@ -33,7 +33,7 @@ \fIldns_rdf_new\fR() allocates a new rdf structure and fills it. This function \%DOES \%NOT copy the contents from -the buffer, unlinke ldns_rdf_new_frm_data() +the buffer, unlike ldns_rdf_new_frm_data() \.br \fBtype\fR: type of the rdf \.br @@ -55,7 +55,7 @@ \fIldns_rdf_new_frm_data\fR() allocates a new rdf structure and fills it. This function _does_ copy the contents from -the buffer, unlinke ldns_rdf_new() +the buffer, unlike ldns_rdf_new() \.br \fBtype\fR: type of the rdf \.br diff -Nru ldns-1.7.1/doc/man/man3/ldns_rdf_type.3 ldns-1.8.1/doc/man/man3/ldns_rdf_type.3 --- ldns-1.7.1/doc/man/man3/ldns_rdf_type.3 2019-07-26 15:08:00.000000000 +0000 +++ ldns-1.8.1/doc/man/man3/ldns_rdf_type.3 2021-12-03 07:46:09.000000000 +0000 @@ -251,6 +251,12 @@ .br .br + \fBdraft-ietf-dnsop-svcb-https *:\fR +.br + LDNS_RDF_TYPE_SVCPARAMS, +.br + +.br /* Aliases */ .br LDNS_RDF_TYPE_BITMAP = LDNS_RDF_TYPE_NSEC diff -Nru ldns-1.7.1/doc/man/man3/ldns_rr2buffer_str.3 ldns-1.8.1/doc/man/man3/ldns_rr2buffer_str.3 --- ldns-1.7.1/doc/man/man3/ldns_rr2buffer_str.3 2019-07-26 15:08:00.000000000 +0000 +++ ldns-1.8.1/doc/man/man3/ldns_rr2buffer_str.3 2021-12-03 07:46:09.000000000 +0000 @@ -156,7 +156,7 @@ Converts an rr's rdata to wireformat, while excluding the ownername and all the stuff before the rdata. This is needed in \%DNSSEC keytag calculation, the ds -calcalution from the key and maybe elsewhere. +calculation from the key and maybe elsewhere. \.br \fB*output\fR: buffer where to put the result diff -Nru ldns-1.7.1/doc/man/man3/ldns_rr2buffer_wire.3 ldns-1.8.1/doc/man/man3/ldns_rr2buffer_wire.3 --- ldns-1.7.1/doc/man/man3/ldns_rr2buffer_wire.3 2019-07-26 15:08:00.000000000 +0000 +++ ldns-1.8.1/doc/man/man3/ldns_rr2buffer_wire.3 2021-12-03 07:46:09.000000000 +0000 @@ -156,7 +156,7 @@ Converts an rr's rdata to wireformat, while excluding the ownername and all the stuff before the rdata. This is needed in \%DNSSEC keytag calculation, the ds -calcalution from the key and maybe elsewhere. +calculation from the key and maybe elsewhere. \.br \fB*output\fR: buffer where to put the result diff -Nru ldns-1.7.1/doc/man/man3/ldns_rr.3 ldns-1.8.1/doc/man/man3/ldns_rr.3 --- ldns-1.7.1/doc/man/man3/ldns_rr.3 2019-07-26 15:08:00.000000000 +0000 +++ ldns-1.8.1/doc/man/man3/ldns_rr.3 2021-12-03 07:46:09.000000000 +0000 @@ -456,7 +456,11 @@ .br LDNS_RR_TYPE_CSYNC = 62, /* RFC 7477 */ .br - LDNS_RR_TYPE_ZONEMD = 63, /* draft-wessels-dns-zone-digest */ + LDNS_RR_TYPE_ZONEMD = 63, /* draft-ietf-dnsop-dns-zone-digest */ +.br + LDNS_RR_TYPE_SVCB = 64, /* draft-ietf-dnsop-svcb-https */ +.br + LDNS_RR_TYPE_HTTPS = 65, /* draft-ietf-dnsop-svcb-https */ .br .br diff -Nru ldns-1.7.1/doc/man/man3/ldns_rr_class.3 ldns-1.8.1/doc/man/man3/ldns_rr_class.3 --- ldns-1.7.1/doc/man/man3/ldns_rr_class.3 2019-07-26 15:08:00.000000000 +0000 +++ ldns-1.8.1/doc/man/man3/ldns_rr_class.3 2021-12-03 07:46:09.000000000 +0000 @@ -456,7 +456,11 @@ .br LDNS_RR_TYPE_CSYNC = 62, /* RFC 7477 */ .br - LDNS_RR_TYPE_ZONEMD = 63, /* draft-wessels-dns-zone-digest */ + LDNS_RR_TYPE_ZONEMD = 63, /* draft-ietf-dnsop-dns-zone-digest */ +.br + LDNS_RR_TYPE_SVCB = 64, /* draft-ietf-dnsop-svcb-https */ +.br + LDNS_RR_TYPE_HTTPS = 65, /* draft-ietf-dnsop-svcb-https */ .br .br diff -Nru ldns-1.7.1/doc/man/man3/ldns_rr_compress.3 ldns-1.8.1/doc/man/man3/ldns_rr_compress.3 --- ldns-1.7.1/doc/man/man3/ldns_rr_compress.3 2019-07-26 15:08:00.000000000 +0000 +++ ldns-1.8.1/doc/man/man3/ldns_rr_compress.3 2021-12-03 07:46:09.000000000 +0000 @@ -456,7 +456,11 @@ .br LDNS_RR_TYPE_CSYNC = 62, /* RFC 7477 */ .br - LDNS_RR_TYPE_ZONEMD = 63, /* draft-wessels-dns-zone-digest */ + LDNS_RR_TYPE_ZONEMD = 63, /* draft-ietf-dnsop-dns-zone-digest */ +.br + LDNS_RR_TYPE_SVCB = 64, /* draft-ietf-dnsop-svcb-https */ +.br + LDNS_RR_TYPE_HTTPS = 65, /* draft-ietf-dnsop-svcb-https */ .br .br diff -Nru ldns-1.7.1/doc/man/man3/ldns_rr_list2buffer_str.3 ldns-1.8.1/doc/man/man3/ldns_rr_list2buffer_str.3 --- ldns-1.7.1/doc/man/man3/ldns_rr_list2buffer_str.3 2019-07-26 15:08:00.000000000 +0000 +++ ldns-1.8.1/doc/man/man3/ldns_rr_list2buffer_str.3 2021-12-03 07:46:09.000000000 +0000 @@ -156,7 +156,7 @@ Converts an rr's rdata to wireformat, while excluding the ownername and all the stuff before the rdata. This is needed in \%DNSSEC keytag calculation, the ds -calcalution from the key and maybe elsewhere. +calculation from the key and maybe elsewhere. \.br \fB*output\fR: buffer where to put the result diff -Nru ldns-1.7.1/doc/man/man3/ldns_rr_list.3 ldns-1.8.1/doc/man/man3/ldns_rr_list.3 --- ldns-1.7.1/doc/man/man3/ldns_rr_list.3 2019-07-26 15:08:00.000000000 +0000 +++ ldns-1.8.1/doc/man/man3/ldns_rr_list.3 2021-12-03 07:46:09.000000000 +0000 @@ -456,7 +456,11 @@ .br LDNS_RR_TYPE_CSYNC = 62, /* RFC 7477 */ .br - LDNS_RR_TYPE_ZONEMD = 63, /* draft-wessels-dns-zone-digest */ + LDNS_RR_TYPE_ZONEMD = 63, /* draft-ietf-dnsop-dns-zone-digest */ +.br + LDNS_RR_TYPE_SVCB = 64, /* draft-ietf-dnsop-svcb-https */ +.br + LDNS_RR_TYPE_HTTPS = 65, /* draft-ietf-dnsop-svcb-https */ .br .br diff -Nru ldns-1.7.1/doc/man/man3/ldns_rr_rdata2buffer_wire.3 ldns-1.8.1/doc/man/man3/ldns_rr_rdata2buffer_wire.3 --- ldns-1.7.1/doc/man/man3/ldns_rr_rdata2buffer_wire.3 2019-07-26 15:08:00.000000000 +0000 +++ ldns-1.8.1/doc/man/man3/ldns_rr_rdata2buffer_wire.3 2021-12-03 07:46:09.000000000 +0000 @@ -156,7 +156,7 @@ Converts an rr's rdata to wireformat, while excluding the ownername and all the stuff before the rdata. This is needed in \%DNSSEC keytag calculation, the ds -calcalution from the key and maybe elsewhere. +calculation from the key and maybe elsewhere. \.br \fB*output\fR: buffer where to put the result diff -Nru ldns-1.7.1/doc/man/man3/ldns_rr_rrsig_algorithm.3 ldns-1.8.1/doc/man/man3/ldns_rr_rrsig_algorithm.3 --- ldns-1.7.1/doc/man/man3/ldns_rr_rrsig_algorithm.3 2019-07-26 15:08:00.000000000 +0000 +++ ldns-1.8.1/doc/man/man3/ldns_rr_rrsig_algorithm.3 2021-12-03 07:46:09.000000000 +0000 @@ -131,11 +131,11 @@ .PP .HP \fIldns_rr_rrsig_set_expiration\fR() -sets the expireation date of a \%LDNS_RR_TYPE_RRSIG rr +sets the expiration date of a \%LDNS_RR_TYPE_RRSIG rr \.br \fBr\fR: the rr to use \.br -\fBf\fR: the expireation date to set +\fBf\fR: the expiration date to set \.br Returns true on success, false otherwise .PP diff -Nru ldns-1.7.1/doc/man/man3/ldns_rr_rrsig_expiration.3 ldns-1.8.1/doc/man/man3/ldns_rr_rrsig_expiration.3 --- ldns-1.7.1/doc/man/man3/ldns_rr_rrsig_expiration.3 2019-07-26 15:08:00.000000000 +0000 +++ ldns-1.8.1/doc/man/man3/ldns_rr_rrsig_expiration.3 2021-12-03 07:46:09.000000000 +0000 @@ -131,11 +131,11 @@ .PP .HP \fIldns_rr_rrsig_set_expiration\fR() -sets the expireation date of a \%LDNS_RR_TYPE_RRSIG rr +sets the expiration date of a \%LDNS_RR_TYPE_RRSIG rr \.br \fBr\fR: the rr to use \.br -\fBf\fR: the expireation date to set +\fBf\fR: the expiration date to set \.br Returns true on success, false otherwise .PP diff -Nru ldns-1.7.1/doc/man/man3/ldns_rr_rrsig_inception.3 ldns-1.8.1/doc/man/man3/ldns_rr_rrsig_inception.3 --- ldns-1.7.1/doc/man/man3/ldns_rr_rrsig_inception.3 2019-07-26 15:08:00.000000000 +0000 +++ ldns-1.8.1/doc/man/man3/ldns_rr_rrsig_inception.3 2021-12-03 07:46:09.000000000 +0000 @@ -131,11 +131,11 @@ .PP .HP \fIldns_rr_rrsig_set_expiration\fR() -sets the expireation date of a \%LDNS_RR_TYPE_RRSIG rr +sets the expiration date of a \%LDNS_RR_TYPE_RRSIG rr \.br \fBr\fR: the rr to use \.br -\fBf\fR: the expireation date to set +\fBf\fR: the expiration date to set \.br Returns true on success, false otherwise .PP diff -Nru ldns-1.7.1/doc/man/man3/ldns_rr_rrsig_keytag.3 ldns-1.8.1/doc/man/man3/ldns_rr_rrsig_keytag.3 --- ldns-1.7.1/doc/man/man3/ldns_rr_rrsig_keytag.3 2019-07-26 15:08:00.000000000 +0000 +++ ldns-1.8.1/doc/man/man3/ldns_rr_rrsig_keytag.3 2021-12-03 07:46:09.000000000 +0000 @@ -131,11 +131,11 @@ .PP .HP \fIldns_rr_rrsig_set_expiration\fR() -sets the expireation date of a \%LDNS_RR_TYPE_RRSIG rr +sets the expiration date of a \%LDNS_RR_TYPE_RRSIG rr \.br \fBr\fR: the rr to use \.br -\fBf\fR: the expireation date to set +\fBf\fR: the expiration date to set \.br Returns true on success, false otherwise .PP diff -Nru ldns-1.7.1/doc/man/man3/ldns_rr_rrsig_labels.3 ldns-1.8.1/doc/man/man3/ldns_rr_rrsig_labels.3 --- ldns-1.7.1/doc/man/man3/ldns_rr_rrsig_labels.3 2019-07-26 15:08:00.000000000 +0000 +++ ldns-1.8.1/doc/man/man3/ldns_rr_rrsig_labels.3 2021-12-03 07:46:09.000000000 +0000 @@ -131,11 +131,11 @@ .PP .HP \fIldns_rr_rrsig_set_expiration\fR() -sets the expireation date of a \%LDNS_RR_TYPE_RRSIG rr +sets the expiration date of a \%LDNS_RR_TYPE_RRSIG rr \.br \fBr\fR: the rr to use \.br -\fBf\fR: the expireation date to set +\fBf\fR: the expiration date to set \.br Returns true on success, false otherwise .PP diff -Nru ldns-1.7.1/doc/man/man3/ldns_rr_rrsig_origttl.3 ldns-1.8.1/doc/man/man3/ldns_rr_rrsig_origttl.3 --- ldns-1.7.1/doc/man/man3/ldns_rr_rrsig_origttl.3 2019-07-26 15:08:00.000000000 +0000 +++ ldns-1.8.1/doc/man/man3/ldns_rr_rrsig_origttl.3 2021-12-03 07:46:09.000000000 +0000 @@ -131,11 +131,11 @@ .PP .HP \fIldns_rr_rrsig_set_expiration\fR() -sets the expireation date of a \%LDNS_RR_TYPE_RRSIG rr +sets the expiration date of a \%LDNS_RR_TYPE_RRSIG rr \.br \fBr\fR: the rr to use \.br -\fBf\fR: the expireation date to set +\fBf\fR: the expiration date to set \.br Returns true on success, false otherwise .PP diff -Nru ldns-1.7.1/doc/man/man3/ldns_rr_rrsig_set_algorithm.3 ldns-1.8.1/doc/man/man3/ldns_rr_rrsig_set_algorithm.3 --- ldns-1.7.1/doc/man/man3/ldns_rr_rrsig_set_algorithm.3 2019-07-26 15:08:00.000000000 +0000 +++ ldns-1.8.1/doc/man/man3/ldns_rr_rrsig_set_algorithm.3 2021-12-03 07:46:09.000000000 +0000 @@ -131,11 +131,11 @@ .PP .HP \fIldns_rr_rrsig_set_expiration\fR() -sets the expireation date of a \%LDNS_RR_TYPE_RRSIG rr +sets the expiration date of a \%LDNS_RR_TYPE_RRSIG rr \.br \fBr\fR: the rr to use \.br -\fBf\fR: the expireation date to set +\fBf\fR: the expiration date to set \.br Returns true on success, false otherwise .PP diff -Nru ldns-1.7.1/doc/man/man3/ldns_rr_rrsig_set_expiration.3 ldns-1.8.1/doc/man/man3/ldns_rr_rrsig_set_expiration.3 --- ldns-1.7.1/doc/man/man3/ldns_rr_rrsig_set_expiration.3 2019-07-26 15:08:00.000000000 +0000 +++ ldns-1.8.1/doc/man/man3/ldns_rr_rrsig_set_expiration.3 2021-12-03 07:46:09.000000000 +0000 @@ -131,11 +131,11 @@ .PP .HP \fIldns_rr_rrsig_set_expiration\fR() -sets the expireation date of a \%LDNS_RR_TYPE_RRSIG rr +sets the expiration date of a \%LDNS_RR_TYPE_RRSIG rr \.br \fBr\fR: the rr to use \.br -\fBf\fR: the expireation date to set +\fBf\fR: the expiration date to set \.br Returns true on success, false otherwise .PP diff -Nru ldns-1.7.1/doc/man/man3/ldns_rr_rrsig_set_inception.3 ldns-1.8.1/doc/man/man3/ldns_rr_rrsig_set_inception.3 --- ldns-1.7.1/doc/man/man3/ldns_rr_rrsig_set_inception.3 2019-07-26 15:08:00.000000000 +0000 +++ ldns-1.8.1/doc/man/man3/ldns_rr_rrsig_set_inception.3 2021-12-03 07:46:09.000000000 +0000 @@ -131,11 +131,11 @@ .PP .HP \fIldns_rr_rrsig_set_expiration\fR() -sets the expireation date of a \%LDNS_RR_TYPE_RRSIG rr +sets the expiration date of a \%LDNS_RR_TYPE_RRSIG rr \.br \fBr\fR: the rr to use \.br -\fBf\fR: the expireation date to set +\fBf\fR: the expiration date to set \.br Returns true on success, false otherwise .PP diff -Nru ldns-1.7.1/doc/man/man3/ldns_rr_rrsig_set_keytag.3 ldns-1.8.1/doc/man/man3/ldns_rr_rrsig_set_keytag.3 --- ldns-1.7.1/doc/man/man3/ldns_rr_rrsig_set_keytag.3 2019-07-26 15:08:00.000000000 +0000 +++ ldns-1.8.1/doc/man/man3/ldns_rr_rrsig_set_keytag.3 2021-12-03 07:46:09.000000000 +0000 @@ -131,11 +131,11 @@ .PP .HP \fIldns_rr_rrsig_set_expiration\fR() -sets the expireation date of a \%LDNS_RR_TYPE_RRSIG rr +sets the expiration date of a \%LDNS_RR_TYPE_RRSIG rr \.br \fBr\fR: the rr to use \.br -\fBf\fR: the expireation date to set +\fBf\fR: the expiration date to set \.br Returns true on success, false otherwise .PP diff -Nru ldns-1.7.1/doc/man/man3/ldns_rr_rrsig_set_labels.3 ldns-1.8.1/doc/man/man3/ldns_rr_rrsig_set_labels.3 --- ldns-1.7.1/doc/man/man3/ldns_rr_rrsig_set_labels.3 2019-07-26 15:08:00.000000000 +0000 +++ ldns-1.8.1/doc/man/man3/ldns_rr_rrsig_set_labels.3 2021-12-03 07:46:09.000000000 +0000 @@ -131,11 +131,11 @@ .PP .HP \fIldns_rr_rrsig_set_expiration\fR() -sets the expireation date of a \%LDNS_RR_TYPE_RRSIG rr +sets the expiration date of a \%LDNS_RR_TYPE_RRSIG rr \.br \fBr\fR: the rr to use \.br -\fBf\fR: the expireation date to set +\fBf\fR: the expiration date to set \.br Returns true on success, false otherwise .PP diff -Nru ldns-1.7.1/doc/man/man3/ldns_rr_rrsig_set_origttl.3 ldns-1.8.1/doc/man/man3/ldns_rr_rrsig_set_origttl.3 --- ldns-1.7.1/doc/man/man3/ldns_rr_rrsig_set_origttl.3 2019-07-26 15:08:00.000000000 +0000 +++ ldns-1.8.1/doc/man/man3/ldns_rr_rrsig_set_origttl.3 2021-12-03 07:46:09.000000000 +0000 @@ -131,11 +131,11 @@ .PP .HP \fIldns_rr_rrsig_set_expiration\fR() -sets the expireation date of a \%LDNS_RR_TYPE_RRSIG rr +sets the expiration date of a \%LDNS_RR_TYPE_RRSIG rr \.br \fBr\fR: the rr to use \.br -\fBf\fR: the expireation date to set +\fBf\fR: the expiration date to set \.br Returns true on success, false otherwise .PP diff -Nru ldns-1.7.1/doc/man/man3/ldns_rr_rrsig_set_sig.3 ldns-1.8.1/doc/man/man3/ldns_rr_rrsig_set_sig.3 --- ldns-1.7.1/doc/man/man3/ldns_rr_rrsig_set_sig.3 2019-07-26 15:08:00.000000000 +0000 +++ ldns-1.8.1/doc/man/man3/ldns_rr_rrsig_set_sig.3 2021-12-03 07:46:09.000000000 +0000 @@ -131,11 +131,11 @@ .PP .HP \fIldns_rr_rrsig_set_expiration\fR() -sets the expireation date of a \%LDNS_RR_TYPE_RRSIG rr +sets the expiration date of a \%LDNS_RR_TYPE_RRSIG rr \.br \fBr\fR: the rr to use \.br -\fBf\fR: the expireation date to set +\fBf\fR: the expiration date to set \.br Returns true on success, false otherwise .PP diff -Nru ldns-1.7.1/doc/man/man3/ldns_rr_rrsig_set_signame.3 ldns-1.8.1/doc/man/man3/ldns_rr_rrsig_set_signame.3 --- ldns-1.7.1/doc/man/man3/ldns_rr_rrsig_set_signame.3 2019-07-26 15:08:00.000000000 +0000 +++ ldns-1.8.1/doc/man/man3/ldns_rr_rrsig_set_signame.3 2021-12-03 07:46:09.000000000 +0000 @@ -131,11 +131,11 @@ .PP .HP \fIldns_rr_rrsig_set_expiration\fR() -sets the expireation date of a \%LDNS_RR_TYPE_RRSIG rr +sets the expiration date of a \%LDNS_RR_TYPE_RRSIG rr \.br \fBr\fR: the rr to use \.br -\fBf\fR: the expireation date to set +\fBf\fR: the expiration date to set \.br Returns true on success, false otherwise .PP diff -Nru ldns-1.7.1/doc/man/man3/ldns_rr_rrsig_set_typecovered.3 ldns-1.8.1/doc/man/man3/ldns_rr_rrsig_set_typecovered.3 --- ldns-1.7.1/doc/man/man3/ldns_rr_rrsig_set_typecovered.3 2019-07-26 15:08:00.000000000 +0000 +++ ldns-1.8.1/doc/man/man3/ldns_rr_rrsig_set_typecovered.3 2021-12-03 07:46:09.000000000 +0000 @@ -131,11 +131,11 @@ .PP .HP \fIldns_rr_rrsig_set_expiration\fR() -sets the expireation date of a \%LDNS_RR_TYPE_RRSIG rr +sets the expiration date of a \%LDNS_RR_TYPE_RRSIG rr \.br \fBr\fR: the rr to use \.br -\fBf\fR: the expireation date to set +\fBf\fR: the expiration date to set \.br Returns true on success, false otherwise .PP diff -Nru ldns-1.7.1/doc/man/man3/ldns_rr_rrsig_sig.3 ldns-1.8.1/doc/man/man3/ldns_rr_rrsig_sig.3 --- ldns-1.7.1/doc/man/man3/ldns_rr_rrsig_sig.3 2019-07-26 15:08:00.000000000 +0000 +++ ldns-1.8.1/doc/man/man3/ldns_rr_rrsig_sig.3 2021-12-03 07:46:09.000000000 +0000 @@ -131,11 +131,11 @@ .PP .HP \fIldns_rr_rrsig_set_expiration\fR() -sets the expireation date of a \%LDNS_RR_TYPE_RRSIG rr +sets the expiration date of a \%LDNS_RR_TYPE_RRSIG rr \.br \fBr\fR: the rr to use \.br -\fBf\fR: the expireation date to set +\fBf\fR: the expiration date to set \.br Returns true on success, false otherwise .PP diff -Nru ldns-1.7.1/doc/man/man3/ldns_rr_rrsig_signame.3 ldns-1.8.1/doc/man/man3/ldns_rr_rrsig_signame.3 --- ldns-1.7.1/doc/man/man3/ldns_rr_rrsig_signame.3 2019-07-26 15:08:00.000000000 +0000 +++ ldns-1.8.1/doc/man/man3/ldns_rr_rrsig_signame.3 2021-12-03 07:46:09.000000000 +0000 @@ -131,11 +131,11 @@ .PP .HP \fIldns_rr_rrsig_set_expiration\fR() -sets the expireation date of a \%LDNS_RR_TYPE_RRSIG rr +sets the expiration date of a \%LDNS_RR_TYPE_RRSIG rr \.br \fBr\fR: the rr to use \.br -\fBf\fR: the expireation date to set +\fBf\fR: the expiration date to set \.br Returns true on success, false otherwise .PP diff -Nru ldns-1.7.1/doc/man/man3/ldns_rr_rrsig_typecovered.3 ldns-1.8.1/doc/man/man3/ldns_rr_rrsig_typecovered.3 --- ldns-1.7.1/doc/man/man3/ldns_rr_rrsig_typecovered.3 2019-07-26 15:08:00.000000000 +0000 +++ ldns-1.8.1/doc/man/man3/ldns_rr_rrsig_typecovered.3 2021-12-03 07:46:09.000000000 +0000 @@ -131,11 +131,11 @@ .PP .HP \fIldns_rr_rrsig_set_expiration\fR() -sets the expireation date of a \%LDNS_RR_TYPE_RRSIG rr +sets the expiration date of a \%LDNS_RR_TYPE_RRSIG rr \.br \fBr\fR: the rr to use \.br -\fBf\fR: the expireation date to set +\fBf\fR: the expiration date to set \.br Returns true on success, false otherwise .PP diff -Nru ldns-1.7.1/doc/man/man3/ldns_rr_set_class.3 ldns-1.8.1/doc/man/man3/ldns_rr_set_class.3 --- ldns-1.7.1/doc/man/man3/ldns_rr_set_class.3 2019-07-26 15:08:00.000000000 +0000 +++ ldns-1.8.1/doc/man/man3/ldns_rr_set_class.3 2021-12-03 07:46:09.000000000 +0000 @@ -86,7 +86,7 @@ \.br \fBposition\fR: the position the set the rdf \.br -Returns the old value in the rr, \%NULL on failyre +Returns the old value in the rr, \%NULL on failure .PP .SH AUTHOR The ldns team at NLnet Labs. diff -Nru ldns-1.7.1/doc/man/man3/ldns_rr_set_owner.3 ldns-1.8.1/doc/man/man3/ldns_rr_set_owner.3 --- ldns-1.7.1/doc/man/man3/ldns_rr_set_owner.3 2019-07-26 15:08:00.000000000 +0000 +++ ldns-1.8.1/doc/man/man3/ldns_rr_set_owner.3 2021-12-03 07:46:09.000000000 +0000 @@ -86,7 +86,7 @@ \.br \fBposition\fR: the position the set the rdf \.br -Returns the old value in the rr, \%NULL on failyre +Returns the old value in the rr, \%NULL on failure .PP .SH AUTHOR The ldns team at NLnet Labs. diff -Nru ldns-1.7.1/doc/man/man3/ldns_rr_set_rd_count.3 ldns-1.8.1/doc/man/man3/ldns_rr_set_rd_count.3 --- ldns-1.7.1/doc/man/man3/ldns_rr_set_rd_count.3 2019-07-26 15:08:00.000000000 +0000 +++ ldns-1.8.1/doc/man/man3/ldns_rr_set_rd_count.3 2021-12-03 07:46:09.000000000 +0000 @@ -86,7 +86,7 @@ \.br \fBposition\fR: the position the set the rdf \.br -Returns the old value in the rr, \%NULL on failyre +Returns the old value in the rr, \%NULL on failure .PP .SH AUTHOR The ldns team at NLnet Labs. diff -Nru ldns-1.7.1/doc/man/man3/ldns_rr_set_rdf.3 ldns-1.8.1/doc/man/man3/ldns_rr_set_rdf.3 --- ldns-1.7.1/doc/man/man3/ldns_rr_set_rdf.3 2019-07-26 15:08:00.000000000 +0000 +++ ldns-1.8.1/doc/man/man3/ldns_rr_set_rdf.3 2021-12-03 07:46:09.000000000 +0000 @@ -86,7 +86,7 @@ \.br \fBposition\fR: the position the set the rdf \.br -Returns the old value in the rr, \%NULL on failyre +Returns the old value in the rr, \%NULL on failure .PP .SH AUTHOR The ldns team at NLnet Labs. diff -Nru ldns-1.7.1/doc/man/man3/ldns_rr_set_ttl.3 ldns-1.8.1/doc/man/man3/ldns_rr_set_ttl.3 --- ldns-1.7.1/doc/man/man3/ldns_rr_set_ttl.3 2019-07-26 15:08:00.000000000 +0000 +++ ldns-1.8.1/doc/man/man3/ldns_rr_set_ttl.3 2021-12-03 07:46:09.000000000 +0000 @@ -86,7 +86,7 @@ \.br \fBposition\fR: the position the set the rdf \.br -Returns the old value in the rr, \%NULL on failyre +Returns the old value in the rr, \%NULL on failure .PP .SH AUTHOR The ldns team at NLnet Labs. diff -Nru ldns-1.7.1/doc/man/man3/ldns_rr_set_type.3 ldns-1.8.1/doc/man/man3/ldns_rr_set_type.3 --- ldns-1.7.1/doc/man/man3/ldns_rr_set_type.3 2019-07-26 15:08:00.000000000 +0000 +++ ldns-1.8.1/doc/man/man3/ldns_rr_set_type.3 2021-12-03 07:46:09.000000000 +0000 @@ -86,7 +86,7 @@ \.br \fBposition\fR: the position the set the rdf \.br -Returns the old value in the rr, \%NULL on failyre +Returns the old value in the rr, \%NULL on failure .PP .SH AUTHOR The ldns team at NLnet Labs. diff -Nru ldns-1.7.1/doc/man/man3/ldns_rrsig2buffer_wire.3 ldns-1.8.1/doc/man/man3/ldns_rrsig2buffer_wire.3 --- ldns-1.7.1/doc/man/man3/ldns_rrsig2buffer_wire.3 2019-07-26 15:08:00.000000000 +0000 +++ ldns-1.8.1/doc/man/man3/ldns_rrsig2buffer_wire.3 2021-12-03 07:46:09.000000000 +0000 @@ -156,7 +156,7 @@ Converts an rr's rdata to wireformat, while excluding the ownername and all the stuff before the rdata. This is needed in \%DNSSEC keytag calculation, the ds -calcalution from the key and maybe elsewhere. +calculation from the key and maybe elsewhere. \.br \fB*output\fR: buffer where to put the result diff -Nru ldns-1.7.1/doc/man/man3/ldns_rr_type.3 ldns-1.8.1/doc/man/man3/ldns_rr_type.3 --- ldns-1.7.1/doc/man/man3/ldns_rr_type.3 2019-07-26 15:08:00.000000000 +0000 +++ ldns-1.8.1/doc/man/man3/ldns_rr_type.3 2021-12-03 07:46:09.000000000 +0000 @@ -456,7 +456,11 @@ .br LDNS_RR_TYPE_CSYNC = 62, /* RFC 7477 */ .br - LDNS_RR_TYPE_ZONEMD = 63, /* draft-wessels-dns-zone-digest */ + LDNS_RR_TYPE_ZONEMD = 63, /* draft-ietf-dnsop-dns-zone-digest */ +.br + LDNS_RR_TYPE_SVCB = 64, /* draft-ietf-dnsop-svcb-https */ +.br + LDNS_RR_TYPE_HTTPS = 65, /* draft-ietf-dnsop-svcb-https */ .br .br diff -Nru ldns-1.7.1/drill/ChangeLog.22-nov-2005 ldns-1.8.1/drill/ChangeLog.22-nov-2005 --- ldns-1.7.1/drill/ChangeLog.22-nov-2005 2019-07-26 15:07:44.000000000 +0000 +++ ldns-1.8.1/drill/ChangeLog.22-nov-2005 2021-12-03 07:45:47.000000000 +0000 @@ -11,7 +11,7 @@ * Lint fixes for the code * Bugzilla was setup for drill * Bug #97 (drill); -S crash was fixed - * Add -Q (quiet) flag was added. This supresses output from drill. + * Add -Q (quiet) flag was added. This suppresses output from drill. 1.0-pre2: 20 Jun 2005: drill-team * Second prerelease @@ -60,7 +60,7 @@ - CERT RR supported - LOC RR support * All non supported RRs are handled as unknown - * If no namservers found in /etc/resolv.conf + * If no nameservers found in /etc/resolv.conf default to 127.0.0.1 * Various bugs fixed - Close sockets after using them @@ -74,7 +74,7 @@ * Dig is no longer needed to build drill 0.7: Oct 21 2004: Miek - * reworked interal code + * reworked internal code * DNSSEC is working, except the secure resolving * build updates * more sane options parsing diff -Nru ldns-1.7.1/drill/chasetrace.c ldns-1.8.1/drill/chasetrace.c --- ldns-1.7.1/drill/chasetrace.c 2019-07-26 15:07:44.000000000 +0000 +++ ldns-1.8.1/drill/chasetrace.c 2021-12-03 07:45:47.000000000 +0000 @@ -171,7 +171,7 @@ } /* transfer some properties of local_res to res, - * because they were given on the commandline */ + * because they were given on the command line */ ldns_resolver_set_ip6(res, ldns_resolver_ip6(local_res)); ldns_resolver_set_port(res, diff -Nru ldns-1.7.1/drill/drill.1.in ldns-1.8.1/drill/drill.1.in --- ldns-1.7.1/drill/drill.1.in 2019-07-26 15:07:44.000000000 +0000 +++ ldns-1.8.1/drill/drill.1.in 2021-12-03 07:45:47.000000000 +0000 @@ -19,7 +19,7 @@ ] .SH DESCRIPTION -\fBdrill\fR is a tool to designed to get all sorts of information out of the +\fBdrill\fR is a tool designed to get all sorts of information out of the DNS. It is specifically designed to be used with DNSSEC. .PP The name \fBdrill\fR is a pun on \fBdig\fR. With \fBdrill\fR you should be able diff -Nru ldns-1.7.1/drill/drill.c ldns-1.8.1/drill/drill.c --- ldns-1.7.1/drill/drill.c 2019-07-26 15:07:44.000000000 +0000 +++ ldns-1.8.1/drill/drill.c 2021-12-03 07:45:47.000000000 +0000 @@ -59,7 +59,7 @@ fprintf(stream, "\t-6\t\tstay on ip6\n"); fprintf(stream, "\t-a\t\tfallback to EDNS0 and TCP if the answer is truncated\n"); fprintf(stream, "\t-b \tuse as the buffer size (defaults to 512 b)\n"); - fprintf(stream, "\t-c \tuse file for rescursive nameserver configuration" + fprintf(stream, "\t-c \tuse file for recursive nameserver configuration" "\n\t\t\t(/etc/resolv.conf)\n"); fprintf(stream, "\t-k \tspecify a file that contains a trusted DNSSEC key [**]\n"); fprintf(stream, "\t\t\tUsed to verify any signatures in the current answer.\n"); @@ -173,6 +173,8 @@ int r; WSADATA wsa_data; #endif + ldns_output_format_storage fmt_storage; + ldns_output_format* fmt = ldns_output_format_init(&fmt_storage); int_type = -1; serv = NULL; type = 0; int_clas = -1; name = NULL; clas = 0; @@ -247,6 +249,7 @@ verbosity = atoi(optarg); break; case 'Q': + fmt->flags |= LDNS_FMT_SHORT; verbosity = -1; break; case 'f': @@ -879,8 +882,8 @@ mesg("No packet received"); result = EXIT_FAILURE; } else { + ldns_pkt_print_fmt(stdout, fmt, pkt); if (verbosity != -1) { - ldns_pkt_print(stdout, pkt); if (ldns_pkt_tc(pkt)) { fprintf(stdout, "\n;; WARNING: The answer packet was truncated; you might want to\n"); @@ -994,9 +997,17 @@ xfree(tsig_algorithm); #ifdef HAVE_SSL - CRYPTO_cleanup_all_ex_data(); - ERR_free_strings(); - EVP_cleanup(); +#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(HAVE_LIBRESSL) +#ifdef HAVE_CRYPTO_CLEANUP_ALL_EX_DATA + CRYPTO_cleanup_all_ex_data (); +#endif +#ifdef HAVE_ERR_FREE_STRINGS + ERR_free_strings (); +#endif +#ifdef HAVE_EVP_CLEANUP + EVP_cleanup (); +#endif +#endif #endif #ifdef USE_WINSOCK WSACleanup(); diff -Nru ldns-1.7.1/drill/securetrace.c ldns-1.8.1/drill/securetrace.c --- ldns-1.7.1/drill/securetrace.c 2019-07-26 15:07:44.000000000 +0000 +++ ldns-1.8.1/drill/securetrace.c 2021-12-03 07:45:47.000000000 +0000 @@ -137,7 +137,7 @@ ldns_rr_list *correct_key_list; ldns_rr_list *trusted_ds_rrs; bool new_keys_trusted = false; - ldns_rr_list *current_correct_keys; + ldns_rr_list *current_correct_keys = NULL; ldns_rr_list *dataset; ldns_rr_list *nsec_rrs = NULL; @@ -520,8 +520,8 @@ labels[i-1]); printf(", but valid CNAME"); } else { - printf("[B] Unable to verify de" - "nial of existence for "); + printf(BOGUS " Unable to verify " + "denial of existence for "); ldns_rdf_print(stdout, labels[i-1]); printf(", because of BOGUS CNAME"); @@ -644,7 +644,7 @@ printf(";; No DS for "); ldns_rdf_print(stdout, labels[i - 1]); } else { - printf("[B] Unable to verify denial of existence for "); + printf(BOGUS " Unable to verify denial of existence for "); ldns_rdf_print(stdout, labels[i - 1]); printf(" DS: %s\n", ldns_get_errorstr_by_id(status)); } @@ -748,7 +748,7 @@ } printf("\n"); } else { - printf("[B] Unable to verify denial of existence for "); + printf(BOGUS " Unable to verify denial of existence for "); ldns_rdf_print(stdout, name); printf(" type "); if (descriptor && descriptor->_name) { @@ -774,7 +774,7 @@ ldns_rr_list_deep_free(ds_sig_list); ds_sig_list = NULL; } - printf(";;" SELF " self sig OK; " BOGUS " bogus; " TRUST " trusted\n"); + printf(";;" SELF " self sig OK; " BOGUS " bogus; " TRUST " trusted; " UNSIGNED " unsigned\n"); /* verbose mode? printf("Trusted keys:\n"); ldns_rr_list_print(stdout, trusted_keys); diff -Nru ldns-1.7.1/duration.c ldns-1.8.1/duration.c --- ldns-1.7.1/duration.c 2019-07-26 15:07:44.000000000 +0000 +++ ldns-1.8.1/duration.c 2021-12-03 07:45:47.000000000 +0000 @@ -190,121 +190,51 @@ /** - * Get the number of digits in a number. - * + * Helper func for ldns_duration2string below. If t > 0, + * scan print t and c on buf, forwarding buf. Return 0 on success. */ -static size_t -digits_in_number(time_t duration) +static inline int dur_scan_print(char **buf, char *eob, char c, time_t t) { - unsigned int i = (unsigned int) duration; - size_t n = 1; - - while (i >= 100000000) { - n += 8; - i /= 100000000; + if (t > 0) { + int r = snprintf(*buf, eob - *buf, "%u%c", (unsigned)t, c); + if (r < 0 || (*buf += r) >= eob) + return -1; } - if (i >= 10000) { n += 4; i /= 10000; } - if (i >= 100 ) { n += 2; i /= 100; } - if (i >= 10 ) { n += 1; } - return n; + return 0; } - /** * Convert a duration to a string. * */ char* -ldns_duration2string(const ldns_duration_type* duration) +ldns_duration2string(const ldns_duration_type* d) { - char* str = NULL; - size_t count = 2; - int T = 0; - char num[sizeof(unsigned int) + 2]; - - if (!duration) { - return NULL; - } - - if (duration->years > 0) { - count = count + 1 + digits_in_number(duration->years); - } - if (duration->months > 0) { - count = count + 1 + digits_in_number(duration->months); - } - if (duration->weeks > 0) { - count = count + 1 + digits_in_number(duration->weeks); - } - if (duration->days > 0) { - count = count + 1 + digits_in_number(duration->days); - } - if (duration->hours > 0) { - count = count + 1 + digits_in_number(duration->hours); - T = 1; - } - if (duration->minutes > 0) { - count = count + 1 + digits_in_number(duration->minutes); - T = 1; - } - if (duration->seconds > 0) { - count = count + 1 + digits_in_number(duration->seconds); - T = 1; - } - if (T) { - count++; - } - - if (!(str = (char*) calloc(count, sizeof(char)))) - return NULL; - str[0] = 'P'; - str[1] = '\0'; - - if (duration->years > 0) { - count = digits_in_number(duration->years); - assert(count <= sizeof(num) - 2); - snprintf(num, count+2, "%uY", (unsigned int) duration->years); - str = strncat(str, num, count+2); - } - if (duration->months > 0) { - count = digits_in_number(duration->months); - assert(count <= sizeof(num) - 2); - snprintf(num, count+2, "%uM", (unsigned int) duration->months); - str = strncat(str, num, count+2); - } - if (duration->weeks > 0) { - count = digits_in_number(duration->weeks); - assert(count <= sizeof(num) - 2); - snprintf(num, count+2, "%uW", (unsigned int) duration->weeks); - str = strncat(str, num, count+2); - } - if (duration->days > 0) { - count = digits_in_number(duration->days); - assert(count <= sizeof(num) - 2); - snprintf(num, count+2, "%uD", (unsigned int) duration->days); - str = strncat(str, num, count+2); - } - if (T) { - str = strcat(str, "T"); - } - if (duration->hours > 0) { - count = digits_in_number(duration->hours); - assert(count <= sizeof(num) - 2); - snprintf(num, count+2, "%uH", (unsigned int) duration->hours); - str = strncat(str, num, count+2); - } - if (duration->minutes > 0) { - count = digits_in_number(duration->minutes); - assert(count <= sizeof(num) - 2); - snprintf(num, count+2, "%uM", (unsigned int) duration->minutes); - str = strncat(str, num, count+2); - } - if (duration->seconds > 0) { - count = digits_in_number(duration->seconds); - assert(count <= sizeof(num) - 2); - snprintf(num, count+2, "%uS", (unsigned int) duration->seconds); - str = strncat(str, num, count+2); - } - return str; + /* Max string size should be 7 * 40 + 3 on a 127 bits machine + * So 300 (< 273) is more than enough. + */ + char buf[300] = "P0D", *eob = buf + sizeof(buf), *p = buf + 1; + + if (!d) + return NULL; + + if (dur_scan_print(&p, eob, 'Y', d->years) + || dur_scan_print(&p, eob, 'M', d->months) + || dur_scan_print(&p, eob, 'W', d->weeks) + || dur_scan_print(&p, eob, 'D', d->days)) + return NULL; + + if (d->hours || d->minutes || d->seconds) { + if (p > (eob - 2)) + return NULL; /* Error; no space left on buf for 'T' */ + + *p++ = 'T'; *p = 0; + if (dur_scan_print(&p, eob, 'H', d->hours) + || dur_scan_print(&p, eob, 'M', d->minutes) + || dur_scan_print(&p, eob, 'S', d->seconds)) + return NULL; + } + return strdup(buf); } diff -Nru ldns-1.7.1/error.c ldns-1.8.1/error.c --- ldns-1.7.1/error.c 2019-07-26 15:07:44.000000000 +0000 +++ ldns-1.8.1/error.c 2021-12-03 07:45:47.000000000 +0000 @@ -1,6 +1,6 @@ /* * a error2str function to make sense of all the - * error codes we have laying ardoun + * error codes we have laying around * * a Net::DNS like library for C * LibDNS Team @ NLnet Labs @@ -157,6 +157,33 @@ "X509_STORE_CTX_set0_dane() functions within OpenSSL >= 1.1.0 " "to be able to verify the DANE-TA usage type." }, #endif + { LDNS_STATUS_ZONEMD_DOUBLE_OCCURRENCE, "A ZONEMD with the same " + " and hash algorithm occurred more than once." }, + { LDNS_STATUS_ZONEMD_UNKNOWN_SCHEME, "Unknown ZONEMD " }, + { LDNS_STATUS_ZONEMD_UNKNOWN_HASH, "Unknown ZONEMD hash algorithm" }, + { LDNS_STATUS_ZONEMD_INVALID_SOA, + "Missing or invalid SOA to associate with ZONEMD RR" }, + { LDNS_STATUS_NO_ZONEMD, + "NSEC(3) RRs indicate that a ZONEMD exists, " + "but it is not found in the zone" }, + { LDNS_STATUS_NO_VALID_ZONEMD, + "No ZONEMD matching the zone data was found" }, + { LDNS_STATUS_SYNTAX_SVCPARAM_KEY_ERR, "Syntax error in a key in " + "the ServiceParam rdata field of SVCB or HTTPS RR" }, + { LDNS_STATUS_SYNTAX_SVCPARAM_VALUE_ERR, "Syntax error in a value in " + "the ServiceParam rdata field of SVCB or HTTPS RR" }, + { LDNS_STATUS_RESERVED_SVCPARAM_KEY, + "key65535 is reserved and MUST NOT be used " + "in the ServiceParam rdata field of SVCB or HTTPS RR" }, + { LDNS_STATUS_NO_SVCPARAM_VALUE_EXPECTED, + "A value was found for a key that SHOULD not have a value " + "in the ServiceParam rdata field of SVCB or HTTPS RR" }, + { LDNS_STATUS_SVCPARAM_KEY_MORE_THAN_ONCE, + "A key was found more than once " + "in the ServiceParam rdata field of SVCB or HTTPS RR" }, + { LDNS_STATUS_INVALID_SVCPARAM_VALUE, + "Invalid wireformat of a value " + "in the ServiceParam rdata field of SVCB or HTTPS RR" }, { 0, NULL } }; diff -Nru ldns-1.7.1/examples/ldns-compare-zones.1 ldns-1.8.1/examples/ldns-compare-zones.1 --- ldns-1.7.1/examples/ldns-compare-zones.1 2019-07-26 15:07:44.000000000 +0000 +++ ldns-1.8.1/examples/ldns-compare-zones.1 2021-12-03 07:45:47.000000000 +0000 @@ -32,7 +32,7 @@ From resource records whose owner names are in both zone files, but with different resource records, print the unchanged records too (a.k.a. changed++). .TP \fB-u\fR -Print resource records whose owner names are in both zone files, and which resource records are the same. (a.k.a. unchaged) +Print resource records whose owner names are in both zone files, and which resource records are the same. (a.k.a. unchanged) .TP \fB-i\fR Print resource records whose owner names are present only in ZONEFILE2 (a.k.a. inserted) diff -Nru ldns-1.7.1/examples/ldns-compare-zones.c ldns-1.8.1/examples/ldns-compare-zones.c --- ldns-1.7.1/examples/ldns-compare-zones.c 2019-07-26 15:07:44.000000000 +0000 +++ ldns-1.8.1/examples/ldns-compare-zones.c 2021-12-03 07:45:47.000000000 +0000 @@ -133,7 +133,7 @@ LDNS_RR_CLASS_IN, &line_nr1); if (s != LDNS_STATUS_OK) { fclose(fp1); - fprintf(stderr, "%s: %s at %d\n", + fprintf(stderr, "%s: %s at line %d\n", fn1, ldns_get_errorstr_by_id(s), line_nr1); @@ -153,7 +153,7 @@ if (s != LDNS_STATUS_OK) { ldns_zone_deep_free(z1); fclose(fp2); - fprintf(stderr, "%s: %s at %d\n", + fprintf(stderr, "%s: %s at line %d\n", fn2, ldns_get_errorstr_by_id(s), line_nr2); @@ -232,7 +232,6 @@ rr_chg = rr_cmp = -1; } if (rr_cmp < 0) { - i++; if ((rrx != NULL) && (ldns_dname_compare(ldns_rr_owner(rr1), ldns_rr_owner(rrx) ) != 0)) { @@ -254,8 +253,8 @@ printf("%c-", op); ldns_rr_print(stdout, rr1); } + i++; } else if (rr_cmp > 0) { - j++; if ((rrx != NULL) && (ldns_dname_compare(ldns_rr_owner(rr2), ldns_rr_owner(rrx) ) != 0)) { @@ -277,9 +276,8 @@ printf("%c+", op); ldns_rr_print(stdout, rr2); } - } else { - i++; j++; + } else { if ((rrx != NULL) && (ldns_dname_compare(ldns_rr_owner(rr1), ldns_rr_owner(rrx) ) != 0)) { @@ -294,6 +292,7 @@ ldns_dname_compare(ldns_rr_owner(rr1), ldns_rr_owner(ldns_rr_list_rr(rrl1, k))) == 0 ; k++); + for ( l = j + 1 ; l < rrc2 && @@ -308,14 +307,14 @@ nc1 = k - i; nc2 = l - j; for ( k = i + 1, l = j + 1 - ; k < nc1 && l < nc2 && - ldns_rr_compare(ldns_rr_list_rr(rrl1, k), - ldns_rr_list_rr(rrl2, l)) == 0 + ; (k - i) < nc1 && (l - j) < nc2 && + ldns_rr_compare(ldns_rr_list_rr(rrl1, k), + ldns_rr_list_rr(rrl2, l)) == 0 ; k++, l++); - if (k < nc1) { + if ((k - i) < nc1) { op = OP_CHG; num_chg++; - } else { + } else { op = OP_EQ; num_eq++; } @@ -326,6 +325,8 @@ printf("%c=", op); ldns_rr_print(stdout, rr1); } + i++; + j++; } } diff -Nru ldns-1.7.1/examples/ldns-dane.c ldns-1.8.1/examples/ldns-dane.c --- ldns-1.7.1/examples/ldns-dane.c 2019-07-26 15:07:44.000000000 +0000 +++ ldns-1.8.1/examples/ldns-dane.c 2021-12-03 07:45:47.000000000 +0000 @@ -1175,7 +1175,9 @@ #if OPENSSL_VERSION_NUMBER >= 0x10100000 && ! defined(HAVE_LIBRESSL) size_t j, usable_tlsas = 0; +# ifdef USE_DANE_VERIFY X509_STORE_CTX *store_ctx = NULL; +# endif /* USE_DANE_VERIFY */ #endif /* OPENSSL_VERSION_NUMBER >= 0x10100000 */ bool print_tlsa_as_type52 = false; @@ -1209,9 +1211,9 @@ int ai_family = AF_UNSPEC; int transport = LDNS_DANE_TRANSPORT_TCP; - char* name_str = NULL; /* supress uninitialized warning */ + char* name_str = NULL; /* suppress uninitialized warning */ ldns_rdf* name; - uint16_t port = 0; /* supress uninitialized warning */ + uint16_t port = 0; /* suppress uninitialized warning */ ldns_resolver* res = NULL; ldns_rdf* nameserver_rdf = NULL; @@ -1680,9 +1682,11 @@ assert(0); } - /* ssl inititalize */ +#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(HAVE_LIBRESSL) + /* ssl initialize */ SSL_load_error_strings(); SSL_library_init(); +#endif /* ssl load validation store */ if (! assume_pkix_validity || CAfile || CApath) { @@ -1703,6 +1707,20 @@ if (ctx && SSL_CTX_dane_enable(ctx) <= 0) { ssl_err("could not SSL_CTX_dane_enable"); } + + /* Use TLSv1.0 or above for connection. */ + long flags = 0; +# ifdef SSL_OP_NO_SSLv2 + flags |= SSL_OP_NO_SSLv2; +# endif +# ifdef SSL_OP_NO_SSLv3 + flags |= SSL_OP_NO_SSLv3; +# endif +# ifdef SSL_OP_NO_COMPRESSION + flags |= SSL_OP_NO_COMPRESSION; +# endif + SSL_CTX_set_options(ctx, flags); + if (CAfile || CApath) { if (!SSL_CTX_load_verify_locations(ctx, CAfile, CApath)) ssl_err("could not set verify locations\n"); diff -Nru ldns-1.7.1/examples/ldns-dpa.1 ldns-1.8.1/examples/ldns-dpa.1 --- ldns-1.7.1/examples/ldns-dpa.1 2019-07-26 15:07:44.000000000 +0000 +++ ldns-1.8.1/examples/ldns-dpa.1 2021-12-03 07:45:47.000000000 +0000 @@ -112,7 +112,7 @@ .TP ldns-dpa \-u packetsize \-p test.tr -Count all different packetsizes in test.tr and show the precentages. +Count all different packetsizes in test.tr and show the percentages. .TP ldns-dpa \-f "edns=1&qr=0" \-of edns.tr test.tr diff -Nru ldns-1.7.1/examples/ldns-gen-zone.c ldns-1.8.1/examples/ldns-gen-zone.c --- ldns-1.7.1/examples/ldns-gen-zone.c 2019-07-26 15:07:44.000000000 +0000 +++ ldns-1.8.1/examples/ldns-gen-zone.c 2021-12-03 07:45:47.000000000 +0000 @@ -169,7 +169,7 @@ } s = ldns_zone_new_frm_fp_l(&z, fp, origin, 0, LDNS_RR_CLASS_IN, &line_nr); if (s != LDNS_STATUS_OK) { - fprintf(stderr, "%s at %d\n", ldns_get_errorstr_by_id(s), line_nr); + fprintf(stderr, "%s at line %d\n", ldns_get_errorstr_by_id(s), line_nr); exit(EXIT_FAILURE); } if (!ldns_zone_soa(z)) { diff -Nru ldns-1.7.1/examples/ldns-keyfetcher.c ldns-1.8.1/examples/ldns-keyfetcher.c --- ldns-1.7.1/examples/ldns-keyfetcher.c 2019-07-26 15:07:44.000000000 +0000 +++ ldns-1.8.1/examples/ldns-keyfetcher.c 2021-12-03 07:45:47.000000000 +0000 @@ -1,6 +1,6 @@ /* * ldns-keyfetcher retrieves the DNSKEYS for a certain domain - * It traces the authoritatives nameservers down from the root + * It traces the authoritative nameservers down from the root * And uses TCP, to minimize spoofing danger. * * (c) NLnet Labs, 2006 - 2008 @@ -74,7 +74,7 @@ } /* transfer some properties of local_res to res, - * because they were given on the commandline */ + * because they were given on the command line */ ldns_resolver_set_ip6(res, ldns_resolver_ip6(local_res)); ldns_resolver_set_port(res, @@ -143,7 +143,7 @@ /* remove the old nameserver from the resolver */ while((pop = ldns_resolver_pop_nameserver(res))) { ldns_rdf_deep_free(pop); } - /* also check for new_nss emptyness */ + /* also check for new_nss emptiness */ if (!new_nss_aaaa && !new_nss_a) { /* diff -Nru ldns-1.7.1/examples/ldns-keygen.1 ldns-1.8.1/examples/ldns-keygen.1 --- ldns-1.7.1/examples/ldns-keygen.1 2019-07-26 15:07:44.000000000 +0000 +++ ldns-1.8.1/examples/ldns-keygen.1 2021-12-03 07:45:47.000000000 +0000 @@ -44,6 +44,16 @@ default to /dev/random. .TP +\fB-s\fR +ldns-keygen will create symbolic links named \fB.private\fR to +the new generated private key, \fB.key\fR to the public DNSKEY +and \fB.ds\fR to the file containing DS record data. + +.TP +\fB-f\fR +force symlinks to be overwritten if they exist. + +.TP \fB-v\fR Show the version and exit diff -Nru ldns-1.7.1/examples/ldns-keygen.c ldns-1.8.1/examples/ldns-keygen.c --- ldns-1.7.1/examples/ldns-keygen.c 2019-07-26 15:07:44.000000000 +0000 +++ ldns-1.8.1/examples/ldns-keygen.c 2021-12-03 07:45:47.000000000 +0000 @@ -14,11 +14,12 @@ #include #include #include +#include #ifdef HAVE_SSL static void usage(FILE *fp, char *prog) { - fprintf(fp, "%s -a [-b bits] [-r /dev/random] [-v] domain\n", + fprintf(fp, "%s -a [-b bits] [-r /dev/random] [-s] [-f] [-v] domain\n", prog); fprintf(fp, " generate a new key pair for domain\n"); fprintf(fp, " -a \tuse the specified algorithm (-a list to"); @@ -27,6 +28,8 @@ fprintf(fp, " -b \tspecify the keylength\n"); fprintf(fp, " -r \tspecify a random device (defaults to /dev/random)\n"); fprintf(fp, "\t\tto seed the random generator with\n"); + fprintf(fp, " -s\t\tcreate additional symlinks with constant names\n"); + fprintf(fp, " -f\t\tforce override of existing symlinks\n"); fprintf(fp, " -v\t\tshow the version and exit\n"); fprintf(fp, " The following files will be created:\n"); fprintf(fp, " K++.key\tPublic key in RR format\n"); @@ -47,6 +50,37 @@ } } +static int +remove_symlink(const char *symlink_name) +{ + int result; + + if ((result = unlink(symlink_name)) == -1) { + if (errno == ENOENT) { + /* it's OK if the link simply didn't exist */ + result = 0; + } else { + /* error if unlink fail */ + fprintf(stderr, "Can't delete symlink %s: %s\n", symlink_name, strerror(errno)); + } + } + return result; +} + +static int +create_symlink(const char *symlink_destination, const char *symlink_name) +{ + int result = 0; + + if (!symlink_name) + return result; /* no arg "-s" at all */ + + if ((result = symlink(symlink_destination, symlink_name)) == -1) { + fprintf(stderr, "Unable to create symlink %s -> %s: %s\n", symlink_name, symlink_destination, strerror(errno)); + } + return result; +} + int main(int argc, char *argv[]) { @@ -64,6 +98,8 @@ FILE *random; char *filename; char *owner; + bool symlink_create; + bool symlink_override; ldns_signing_algorithm algorithm; ldns_rdf *domain; @@ -75,8 +111,10 @@ algorithm = 0; random = NULL; ksk = false; /* don't create a ksk per default */ + symlink_create = false; + symlink_override = false; - while ((c = getopt(argc, argv, "a:kb:r:v")) != -1) { + while ((c = getopt(argc, argv, "a:kb:r:sfv")) != -1) { switch (c) { case 'a': if (algorithm != 0) { @@ -112,6 +150,12 @@ exit(EXIT_FAILURE); } break; + case 's': + symlink_create = true; + break; + case 'f': + symlink_override = true; + break; case 'v': printf("DNSSEC key generator version %s (ldns version %s)\n", LDNS_VERSION, ldns_version()); exit(EXIT_SUCCESS); @@ -148,6 +192,7 @@ exit(1); } break; +#ifdef USE_DSA case LDNS_SIGN_DSA: case LDNS_SIGN_DSA_NSEC3: if (bits < 512 || bits > 1024) { @@ -156,6 +201,7 @@ exit(1); } break; +#endif /* USE_DSA */ #ifdef USE_GOST case LDNS_SIGN_ECC_GOST: if(!ldns_key_EVP_load_gost_id()) { @@ -303,6 +349,19 @@ break; } + /* maybe a symlinks should be removed */ + if (symlink_create && symlink_override) { + if (remove_symlink(".key") != 0) { + exit(EXIT_FAILURE); + } + if (remove_symlink(".private") != 0) { + exit(EXIT_FAILURE); + } + if (remove_symlink(".ds") != 0) { + exit(EXIT_FAILURE); + } + } + /* print the public key RR to .key */ filename = LDNS_XMALLOC(char, strlen(owner) + 17); snprintf(filename, strlen(owner) + 16, "K%s+%03u+%05u.key", owner, algorithm, (unsigned int) ldns_key_keytag(key)); @@ -321,6 +380,11 @@ ldns_rr_print(file, pubkey); ldns_rr_set_question(pubkey, false); fclose(file); + if (symlink_create) { + if (create_symlink(filename, ".key") != 0) { + goto silentfail; + } + } LDNS_FREE(filename); } @@ -340,6 +404,11 @@ ldns_key_print(file, key); fclose(file); + if (symlink_create) { + if (create_symlink(filename, ".private") != 0) { + goto silentfail; + } + } LDNS_FREE(filename); /* print the DS to .ds */ @@ -366,6 +435,11 @@ ldns_rr_print(file, ds); ldns_rr_set_question(ds, false); fclose(file); + if (symlink_create) { + if (create_symlink(filename, ".ds") != 0) { + goto silentfail; + } + } LDNS_FREE(filename); } } @@ -379,6 +453,7 @@ fail: fprintf(stderr, "Unable to open %s: %s\n", filename, strerror(errno)); +silentfail: ldns_key_deep_free(key); free(owner); ldns_rr_free(pubkey); diff -Nru ldns-1.7.1/examples/ldns-notify.1 ldns-1.8.1/examples/ldns-notify.1 --- ldns-1.7.1/examples/ldns-notify.1 2019-07-26 15:07:44.000000000 +0000 +++ ldns-1.8.1/examples/ldns-notify.1 2021-12-03 07:45:47.000000000 +0000 @@ -41,7 +41,7 @@ .TP \fB-y key:data[:algo] \fR -Use the given TSIG key and base64-data, and optinally an algorithm to sign +Use the given TSIG key and base64-data, and optionally an algorithm to sign the NOTIFY. The algorithm defaults to hmac-md5.sig-alg.reg.int. .TP diff -Nru ldns-1.7.1/examples/ldns-read-zone.c ldns-1.8.1/examples/ldns-read-zone.c --- ldns-1.7.1/examples/ldns-read-zone.c 2019-07-26 15:07:44.000000000 +0000 +++ ldns-1.8.1/examples/ldns-read-zone.c 2021-12-03 07:45:47.000000000 +0000 @@ -258,7 +258,7 @@ fclose(fp); if (s != LDNS_STATUS_OK) { - fprintf(stderr, "%s at %d\n", + fprintf(stderr, "%s at line %d\n", ldns_get_errorstr_by_id(s), line_nr); exit(EXIT_FAILURE); diff -Nru ldns-1.7.1/examples/ldns-resolver.1 ldns-1.8.1/examples/ldns-resolver.1 --- ldns-1.7.1/examples/ldns-resolver.1 2019-07-26 15:07:44.000000000 +0000 +++ ldns-1.8.1/examples/ldns-resolver.1 2021-12-03 07:45:47.000000000 +0000 @@ -7,7 +7,7 @@ .SH DESCRIPTION \fBldns-resolver\fR tries to create a resolver from a resolv.conf file. -This is only useful to test the library for robusteness with input data. +This is only useful to test the library for robustness with input data. .SH OPTIONS \fBldns-resolver\fR takes a filename of the resolv.conf file as input. diff -Nru ldns-1.7.1/examples/ldns-resolver.c ldns-1.8.1/examples/ldns-resolver.c --- ldns-1.7.1/examples/ldns-resolver.c 2019-07-26 15:07:44.000000000 +0000 +++ ldns-1.8.1/examples/ldns-resolver.c 2021-12-03 07:45:47.000000000 +0000 @@ -1,6 +1,6 @@ /* * ldns-resolver tries to create a resolver structure from /dev/urandom - * this is only useful to test the library for robusteness with input data + * this is only useful to test the library for robustness with input data * * (c) NLnet Labs 2006 - 2008 * See the file LICENSE for the license diff -Nru ldns-1.7.1/examples/ldns-rrsig.1 ldns-1.8.1/examples/ldns-rrsig.1 --- ldns-1.7.1/examples/ldns-rrsig.1 2019-07-26 15:07:44.000000000 +0000 +++ ldns-1.8.1/examples/ldns-rrsig.1 2021-12-03 07:45:47.000000000 +0000 @@ -13,7 +13,7 @@ \fBldns-rrsig\fR is used to print the expiration and inception date of a RRSIG. The first argument is a domain name. \fBldns-rrsig\fR will query the authoritative servers for that domain to get a list of RRSIGs. -It will then print out the inception and experiration dates for the RRSIG +It will then print out the inception and expiration dates for the RRSIG covering the SOA record. .PP If the second argument \fBtype\fR is given the RRSIG covering that type will be shown. diff -Nru ldns-1.7.1/examples/ldns-rrsig.c ldns-1.8.1/examples/ldns-rrsig.c --- ldns-1.7.1/examples/ldns-rrsig.c 2019-07-26 15:07:44.000000000 +0000 +++ ldns-1.8.1/examples/ldns-rrsig.c 2021-12-03 07:45:47.000000000 +0000 @@ -2,7 +2,7 @@ * ldns-rrsig prints out the inception and expiration dates in a more readable * way than the normal RRSIG presentation format * - * for a particulary domain + * for a particularly domain * (c) NLnet Labs, 2005 - 2008 * See the file LICENSE for the license */ @@ -180,7 +180,7 @@ for(i = 0; i < ldns_rr_list_rr_count(rrsig_type); i++) { memset(&incep, 0, sizeof(incep)); - if (ldns_serial_arithmitics_gmtime_r( + if (ldns_serial_arithmetics_gmtime_r( ldns_rdf2native_time_t( ldns_rr_rrsig_inception( ldns_rr_list_rr(rrsig_type, i))), @@ -192,7 +192,7 @@ incep_buf[0] = '\0'; } memset(&expir, 0, sizeof(expir)); - if (ldns_serial_arithmitics_gmtime_r( + if (ldns_serial_arithmetics_gmtime_r( ldns_rdf2native_time_t( ldns_rr_rrsig_expiration( ldns_rr_list_rr(rrsig_type, i))), diff -Nru ldns-1.7.1/examples/ldns-signzone.1 ldns-1.8.1/examples/ldns-signzone.1 --- ldns-1.7.1/examples/ldns-signzone.1 2019-07-26 15:07:44.000000000 +0000 +++ ldns-1.8.1/examples/ldns-signzone.1 2021-12-03 07:45:47.000000000 +0000 @@ -34,7 +34,7 @@ \fB-b\fR Augments the zone and the RR's with extra comment texts for a more readable layout, easier to debug. DS records will have a bubblebabble version of -the data in the comment text, NSEC3 records will have the original NSEC3 +the data in the comment text, NSEC3 records will have the unhashed owner names in the comment text. Without this option, only DNSKEY RR's will have their Key Tag annotated in @@ -66,10 +66,24 @@ Use this as the origin of the zone .TP +\fB-u\fR +set SOA serial to the number of seconds since 1-1-1970 + +.TP \fB-v\fR Print the version and exit .TP +\fB-z\fR \fI[scheme:]hash\fR +Calculate the zone's digest and add those as ZONEMD RRs. The (optional) +`scheme' must be `simple` (or 1) and `hash' should be `sha384' (or 1) or +`sha512' (or 2). This option can be given more than once. + +.TP +\fB-Z\fR +Allow ZONEMDs to be added without signing + +.TP \fB-A\fR Sign the DNSKEY record with all keys. By default it is signed with a minimal number of keys, to keep the response size for the DNSKEY query diff -Nru ldns-1.7.1/examples/ldns-signzone.c ldns-1.8.1/examples/ldns-signzone.c --- ldns-1.7.1/examples/ldns-signzone.c 2019-07-26 15:07:44.000000000 +0000 +++ ldns-1.8.1/examples/ldns-signzone.c 2021-12-03 07:45:47.000000000 +0000 @@ -44,6 +44,11 @@ fprintf(fp, " -o \torigin for the zone\n"); fprintf(fp, " -u\t\tset SOA serial to the number of seconds since 1-1-1970\n"); fprintf(fp, " -v\t\tprint version and exit\n"); + fprintf(fp, " -z <[scheme:]hash>\tAdd ZONEMD resource record\n"); + fprintf(fp, "\t\t should be \"simple\" (or 1)\n"); + fprintf(fp, "\t\t should be \"sha384\" or \"sha512\" (or 1 or 2)\n"); + fprintf(fp, "\t\tthis option can be given more than once\n"); + fprintf(fp, " -Z\t\tAllow ZONEMDs to be added without signing\n"); fprintf(fp, " -A\t\tsign DNSKEY with all keys instead of minimal\n"); fprintf(fp, " -U\t\tSign with every unique algorithm in the provided keys\n"); #ifndef OPENSSL_NO_ENGINE @@ -72,10 +77,14 @@ fprintf ( fp, "\n " ); __LIST ( RSAMD5 ); +#ifdef USE_DSA __LIST ( DSA ); +#endif __LIST ( RSASHA1 ); fprintf ( fp, "\n " ); +#ifdef USE_DSA __LIST ( DSA_NSEC3 ); +#endif __LIST ( RSASHA1_NSEC3 ); __LIST ( RSASHA256 ); fprintf ( fp, "\n " ); @@ -328,7 +337,7 @@ #ifndef OPENSSL_NO_ENGINE /* - * For keys coming from the engine (-k or -K), parse algoritm specification. + * For keys coming from the engine (-k or -K), parse algorithm specification. */ static enum ldns_enum_signing_algorithm parse_algspec ( const char * const p ) @@ -350,11 +359,15 @@ __MATCH ( RSAMD5 ); __MATCH ( RSASHA1 ); +#ifdef USE_DSA __MATCH ( DSA ); +#endif __MATCH ( RSASHA1_NSEC3 ); __MATCH ( RSASHA256 ); __MATCH ( RSASHA512 ); +#ifdef USE_DSA __MATCH ( DSA_NSEC3 ); +#endif __MATCH ( ECC_GOST ); __MATCH ( ECDSAP256SHA256 ); __MATCH ( ECDSAP384SHA384 ); @@ -419,8 +432,10 @@ case LDNS_SIGN_RSASHA1_NSEC3: case LDNS_SIGN_RSASHA256: case LDNS_SIGN_RSASHA512: +#ifdef USE_DSA case LDNS_SIGN_DSA: case LDNS_SIGN_DSA_NSEC3: +#endif case LDNS_SIGN_ECC_GOST: #ifdef USE_ECDSA case LDNS_SIGN_ECDSAP256SHA256: @@ -526,17 +541,64 @@ shutdown_openssl ( ENGINE * const e ) { if ( e != NULL ) { +#ifdef HAVE_ENGINE_FREE ENGINE_free ( e ); +#endif +#ifdef HAVE_ENGINE_CLEANUP ENGINE_cleanup (); +#endif } +#ifdef HAVE_CONF_MODULES_UNLOAD CONF_modules_unload ( 1 ); +#endif +#ifdef HAVE_EVP_CLEANUP EVP_cleanup (); +#endif +#ifdef HAVE_CRYPTO_CLEANUP_ALL_EX_DATA CRYPTO_cleanup_all_ex_data (); +#endif +#ifdef HAVE_ERR_FREE_STRINGS ERR_free_strings (); +#endif } #endif +int str2zonemd_signflag(const char *str, const char **reason) +{ + char *colon; + + static const char *reasons[] = { + "Unknown , should be \"simple\"" + , "Syntax error in , should be \"sha384\" or \"sha512\"" + , "Unknown , should be \"sha384\" or \"sha512\"" + }; + + if (!str) + return LDNS_STATUS_NULL; + + if ((colon = strchr(str, ':'))) { + if ((colon - str != 1 || str[0] != '1') + && (colon - str != 6 || strncasecmp(str, "simple", 6))) { + if (reason) *reason = reasons[0]; + return 0; + } + + if (strchr(colon + 1, ':')) { + if (reason) *reason = reasons[1]; + return 0; + } + return str2zonemd_signflag(colon + 1, reason); + } + if (!strcasecmp(str, "1") || !strcasecmp(str, "sha384")) + return LDNS_SIGN_WITH_ZONEMD_SIMPLE_SHA384; + if (!strcasecmp(str, "2") || !strcasecmp(str, "sha512")) + return LDNS_SIGN_WITH_ZONEMD_SIMPLE_SHA512; + + if (reason) *reason = reasons[2]; + return 0; +} + int main(int argc, char *argv[]) { @@ -596,14 +658,18 @@ ldns_output_format_storage fmt_st; ldns_output_format* fmt = ldns_output_format_init(&fmt_st); - + + /* For parson zone digest parameters */ + int flag; + const char *reason = NULL; + prog = strdup(argv[0]); inception = 0; expiration = 0; keys = ldns_key_list_new(); - while ((c = getopt(argc, argv, "a:bde:f:i:k:no:ps:t:uvAUE:K:")) != -1) { + while ((c = getopt(argc, argv, "a:bde:f:i:k:no:ps:t:uvz:ZAUE:K:")) != -1) { switch (c) { case 'a': nsec3_algorithm = (uint8_t) atoi(optarg); @@ -649,7 +715,7 @@ } break; case 'f': - outputfile_name = LDNS_XMALLOC(char, MAX_FILENAME_LEN); + outputfile_name = LDNS_XMALLOC(char, MAX_FILENAME_LEN + 1); strncpy(outputfile_name, optarg, MAX_FILENAME_LEN); break; case 'i': @@ -695,6 +761,21 @@ printf("zone signer version %s (ldns version %s)\n", LDNS_VERSION, ldns_version()); exit(EXIT_SUCCESS); break; + case 'z': + flag = str2zonemd_signflag(optarg, &reason); + if (flag) + signflags |= flag; + else { + fprintf( stderr + , "%s\nwith zone digest parameters:" + " \"%s\"\n" + , reason, optarg); + exit(EXIT_FAILURE); + } + break; + case 'Z': + signflags |= LDNS_SIGN_NO_KEYS_NO_NSECS; + break; case 'A': signflags |= LDNS_SIGN_DNSKEY_WITH_ZSK; break; @@ -909,8 +990,9 @@ inception, expiration ); #endif - - if (ldns_key_list_key_count(keys) < 1) { + if (ldns_key_list_key_count(keys) < 1 + && !(signflags & LDNS_SIGN_NO_KEYS_NO_NSECS)) { + fprintf(stderr, "Error: no keys to sign with. Aborting.\n\n"); usage(stderr, prog); exit(EXIT_FAILURE); @@ -941,11 +1023,27 @@ ldns_rr_list_rr(ldns_zone_rrs(orig_zone), i)); } } - /* list to store newly created rrs, so we can free them later */ added_rrs = ldns_rr_list_new(); if (use_nsec3) { + if (verbosity < 1) + ; /* pass */ + + else if (nsec3_iterations > 500) + fprintf(stderr, "Warning! NSEC3 iterations larger than " + "500 may cause validating resolvers to return " + "SERVFAIL!\n" + "See: https://datatracker.ietf.org/doc/html/" + "draft-hardaker-dnsop-nsec3-guidance-03#section-4\n"); + + else if (nsec3_iterations > 100) + fprintf(stderr, "Warning! NSEC3 iterations larger than " + "100 may cause validating resolvers to return " + "insecure responses!\n" + "See: https://datatracker.ietf.org/doc/html/" + "draft-hardaker-dnsop-nsec3-guidance-03#section-4\n"); + result = ldns_dnssec_zone_sign_nsec3_flg_mkmap(signed_zone, added_rrs, keys, @@ -995,9 +1093,17 @@ #ifdef HAVE_SSL if (ERR_peek_error()) { +#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(HAVE_LIBRESSL) +#ifdef HAVE_ERR_LOAD_CRYPTO_STRINGS ERR_load_crypto_strings(); +#endif +#endif ERR_print_errors_fp(stderr); - ERR_free_strings(); +#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(HAVE_LIBRESSL) +#ifdef HAVE_ERR_FREE_STRINGS + ERR_free_strings (); +#endif +#endif } #endif exit(EXIT_FAILURE); @@ -1012,13 +1118,17 @@ ldns_dnssec_zone_free(signed_zone); ldns_zone_deep_free(orig_zone); ldns_rr_list_deep_free(added_rrs); - + ldns_rdf_deep_free(origin); LDNS_FREE(outputfile_name); #ifndef OPENSSL_NO_ENGINE shutdown_openssl ( engine ); #else - CRYPTO_cleanup_all_ex_data(); +#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(HAVE_LIBRESSL) +#ifdef HAVE_CRYPTO_CLEANUP_ALL_EX_DATA + CRYPTO_cleanup_all_ex_data (); +#endif +#endif #endif free(prog); diff -Nru ldns-1.7.1/examples/ldns-test-edns.c ldns-1.8.1/examples/ldns-test-edns.c --- ldns-1.7.1/examples/ldns-test-edns.c 2019-07-26 15:07:44.000000000 +0000 +++ ldns-1.8.1/examples/ldns-test-edns.c 2021-12-03 07:45:47.000000000 +0000 @@ -180,7 +180,7 @@ /* test EDNS0 presence, of OPT record */ /* LDNS forgets during pkt parse, but we test the ARCOUNT; - * 0 additionals means no EDNS(on the wire), and after parsing the + * 0 additional means no EDNS(on the wire), and after parsing the * same additional RRs as before means no EDNS OPT */ if(LDNS_ARCOUNT(wire) == 0 || ldns_pkt_arcount(p) == LDNS_ARCOUNT(wire)) { diff -Nru ldns-1.7.1/examples/ldns-testns.c ldns-1.8.1/examples/ldns-testns.c --- ldns-1.7.1/examples/ldns-testns.c 2019-07-26 15:07:44.000000000 +0000 +++ ldns-1.8.1/examples/ldns-testns.c 2021-12-03 07:45:47.000000000 +0000 @@ -149,6 +149,14 @@ #include #include +#ifdef HAVE_TARGETCONDITIONALS_H +#include +#endif + +#if defined(TARGET_OS_TV) || defined(TARGET_OS_WATCH) +#undef HAVE_FORK +#endif + #define INBUF_SIZE 4096 /* max size for incoming queries */ #define DEFAULT_PORT 53 /* default if no -p port is specified */ #define CONN_BACKLOG 256 /* connections queued up for tcp */ @@ -337,25 +345,58 @@ } userdata.s = s; - /* tcp recv */ - if (read_n_bytes(s, (uint8_t*)&tcplen, sizeof(tcplen))) - return; - tcplen = ntohs(tcplen); - if(tcplen >= INBUF_SIZE) { - log_msg("query %d bytes too large, buffer %d bytes.\n", - tcplen, INBUF_SIZE); + while(1) { + /* tcp recv */ + if (read_n_bytes(s, (uint8_t*)&tcplen, sizeof(tcplen))) { #ifndef USE_WINSOCK - close(s); + close(s); #else - closesocket(s); + closesocket(s); #endif - return; - } - if (read_n_bytes(s, inbuf, tcplen)) - return; + return; + } + tcplen = ntohs(tcplen); + if(tcplen >= INBUF_SIZE) { + log_msg("query %d bytes too large, buffer %d bytes.\n", + tcplen, INBUF_SIZE); +#ifndef USE_WINSOCK + close(s); +#else + closesocket(s); +#endif + return; + } + if (read_n_bytes(s, inbuf, tcplen)) { +#ifndef USE_WINSOCK + close(s); +#else + closesocket(s); +#endif + return; + } + + handle_query(inbuf, (ssize_t) tcplen, entries, count, transport_tcp, + send_tcp, &userdata, do_verbose?logfile:0); - handle_query(inbuf, (ssize_t) tcplen, entries, count, transport_tcp, - send_tcp, &userdata, do_verbose?logfile:0); + /* another query straight away? */ + if(1) { + fd_set rset; + struct timeval tv; + int ret; + FD_ZERO(&rset); + FD_SET(s, &rset); + tv.tv_sec = 0; + tv.tv_usec = 100*1000; + ret = select(s+1, &rset, NULL, NULL, &tv); + if(ret < 0) { + error("select(): %s\n", strerror(errno)); + } + if(ret == 0) { + /* timeout */ + break; + } + } + } #ifndef USE_WINSOCK close(s); #else @@ -410,7 +451,7 @@ int i; for(i=0; ireply_list) { verbose(1, "no answer packet for this query, no reply.\n"); ldns_pkt_free(query_pkt); - ldns_rdf_free(stop_command); + ldns_rdf_deep_free(stop_command); return; } for(p = entry->reply_list; p; p = p->next) @@ -874,7 +874,7 @@ if (status != LDNS_STATUS_OK) { verbose(1, "Error creating answer: %s\n", ldns_get_errorstr_by_id(status)); ldns_pkt_free(query_pkt); - ldns_rdf_free(stop_command); + ldns_rdf_deep_free(stop_command); return; } ldns_pkt_free(answer_pkt); @@ -899,7 +899,7 @@ if (status != LDNS_STATUS_OK) { verbose(1, "Error creating answer: %s\n", ldns_get_errorstr_by_id(status)); ldns_pkt_free(query_pkt); - ldns_rdf_free(stop_command); + ldns_rdf_deep_free(stop_command); return; } ldns_pkt_free(answer_pkt); @@ -922,7 +922,7 @@ answer_size = 0; } ldns_pkt_free(query_pkt); - ldns_rdf_free(stop_command); + ldns_rdf_deep_free(stop_command); } /** delete the list of reply packets */ diff -Nru ldns-1.7.1/examples/ldns-verify-zone.1.in ldns-1.8.1/examples/ldns-verify-zone.1.in --- ldns-1.7.1/examples/ldns-verify-zone.1.in 2019-07-26 15:07:44.000000000 +0000 +++ ldns-1.8.1/examples/ldns-verify-zone.1.in 2021-12-03 07:45:47.000000000 +0000 @@ -13,6 +13,8 @@ Each name is checked for an NSEC(3), if appropriate. +If ZONEMD resource records are present, one of them needs to match the zone content. + .SH OPTIONS .TP \fB-h\fR @@ -72,6 +74,17 @@ 5: Print the zone after it has been read, the result, any errors, and the names that are being checked +.TP +\fB-Z\fR +Requires a valid ZONEMD RR to be present. When given once, this option will +permit verifying only the ZONEMD RR of an unsigned zone. When given more than +once, the zone needs to be validly DNSSEC signed as well. + +.TP +\fB-ZZZ\fR +When three times a \fB-Z\fR option is given, the ZONEMD RR to be verified is +considered "detached" and does not need to have valid signatures. + .LP \fIperiod\fRs are given in ISO 8601 duration format: .RS diff -Nru ldns-1.7.1/examples/ldns-verify-zone.c ldns-1.8.1/examples/ldns-verify-zone.c --- ldns-1.7.1/examples/ldns-verify-zone.c 2019-07-26 15:07:44.000000000 +0000 +++ ldns-1.8.1/examples/ldns-verify-zone.c 2021-12-03 07:45:47.000000000 +0000 @@ -113,7 +113,9 @@ if (status != LDNS_STATUS_OK) { print_rr_error(stream, rr, ldns_get_errorstr_by_id(status)); if (verbosity > 0 && status == LDNS_STATUS_SSL_ERR) { +#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(HAVE_LIBRESSL) ERR_load_crypto_strings(); +#endif ERR_print_errors_fp(stream); } } @@ -168,53 +170,31 @@ verify_rrs(ldns_rr_list* rrset_rrs, ldns_dnssec_rrs* cur_sig, ldns_rr_list* keys) { - ldns_rr_list* good_keys; ldns_status status, result = LDNS_STATUS_OK; - int one_signature_verified = 0; ldns_dnssec_rrs *cur_sig_bak = cur_sig; - int is_dnskey_rrset = ldns_rr_list_rr_count(rrset_rrs) > 0 && - ldns_rr_get_type(ldns_rr_list_rr(rrset_rrs, 0)) == LDNS_RR_TYPE_DNSKEY; + /* A single valid signature validates the RRset */ while (cur_sig) { - good_keys = ldns_rr_list_new(); - status = ldns_verify_rrsig_keylist_time(rrset_rrs, cur_sig->rr, - keys, check_time, good_keys); + if (ldns_verify_rrsig_keylist_time( rrset_rrs, cur_sig->rr + , keys, check_time, NULL) + || rrsig_check_time_margins(cur_sig->rr)) + cur_sig = cur_sig->next; + else + return LDNS_STATUS_OK; + } + /* Without any valid signature, do print all errors. */ + for (cur_sig = cur_sig_bak; cur_sig; cur_sig = cur_sig->next) { + status = ldns_verify_rrsig_keylist_time(rrset_rrs, + cur_sig->rr, keys, check_time, NULL); status = status ? status - : rrsig_check_time_margins(cur_sig->rr); - if (status == LDNS_STATUS_OK) { - one_signature_verified += 1; - - } else if (!is_dnskey_rrset && (!no_nomatch_msg || - status != LDNS_STATUS_CRYPTO_NO_MATCHING_KEYTAG_DNSKEY)) { - - print_rrs_status_error(myerr, rrset_rrs, status, - cur_sig); - } + : rrsig_check_time_margins(cur_sig->rr); + if (!status) + ; /* pass */ + else if (!no_nomatch_msg || status != + LDNS_STATUS_CRYPTO_NO_MATCHING_KEYTAG_DNSKEY) + print_rrs_status_error( + myerr, rrset_rrs, status, cur_sig); update_error(&result, status); - ldns_rr_list_free(good_keys); - cur_sig = cur_sig->next; - } - if (one_signature_verified) - return LDNS_STATUS_OK; - - else if (is_dnskey_rrset && - result == LDNS_STATUS_CRYPTO_NO_MATCHING_KEYTAG_DNSKEY) { - - /* Without any valid signature, do print all errors - * with DNSKEYs too. - */ - for (cur_sig = cur_sig_bak; cur_sig; cur_sig = cur_sig->next) { - good_keys = ldns_rr_list_new(); - status = ldns_verify_rrsig_keylist_time(rrset_rrs, - cur_sig->rr, keys, check_time, good_keys); - status = status ? status - : rrsig_check_time_margins(cur_sig->rr); - if (!no_nomatch_msg || status != - LDNS_STATUS_CRYPTO_NO_MATCHING_KEYTAG_DNSKEY) - print_rrs_status_error( - myerr, rrset_rrs, status, cur_sig); - ldns_rr_list_free(good_keys); - } } return result; } @@ -429,7 +409,8 @@ static ldns_status verify_dnssec_name(ldns_rdf *zone_name, ldns_dnssec_zone* zone, - ldns_rbnode_t *cur_node, ldns_rr_list *keys) + ldns_rbnode_t *cur_node, ldns_rr_list *keys, + bool detached_zonemd) { ldns_status result = LDNS_STATUS_OK; ldns_status status; @@ -490,7 +471,10 @@ cur_rrset->type == LDNS_RR_TYPE_DS)) || (!on_delegation_point && cur_rrset->type != LDNS_RR_TYPE_RRSIG && - cur_rrset->type != LDNS_RR_TYPE_NSEC)) { + cur_rrset->type != LDNS_RR_TYPE_NSEC && + + ( cur_rrset->type != LDNS_RR_TYPE_ZONEMD + || !detached_zonemd || cur_rrset->signatures))) { status = verify_dnssec_rrset(zone_name, name->name, cur_rrset, keys); @@ -634,7 +618,8 @@ static ldns_status verify_dnssec_zone(ldns_dnssec_zone *dnssec_zone, ldns_rdf *zone_name, - ldns_rr_list *keys, bool apexonly, int percentage) + ldns_rr_list *keys, bool apexonly, int percentage, + bool detached_zonemd) { ldns_rbnode_t *cur_node; ldns_dnssec_rrsets *cur_key_rrset; @@ -675,7 +660,7 @@ */ assert( cur_node->data == dnssec_zone->soa ); /* - * Allthough the percentage option doesn't make sense + * Although the percentage option doesn't make sense * here, we set it to 100 to force the first node to * be checked. */ @@ -686,7 +671,8 @@ if (percentage == 100 || ((random() % 100) >= 100 - percentage)) { status = verify_dnssec_name(zone_name, - dnssec_zone, cur_node, keys); + dnssec_zone, cur_node, keys, + detached_zonemd); update_error(&result, status); if (apexonly) break; @@ -707,6 +693,8 @@ "and verifies all signatures\n"); fprintf(out, "It also checks the NSEC(3) chain, but it " "will error on opted-out delegations\n"); + fprintf(out, "It also checks whether ZONEMDs are present, and if so, " + "needs one of them to match the zone's data.\n"); fprintf(out, "\nOPTIONS:\n"); fprintf(out, "\t-h\t\tshow this text\n"); fprintf(out, "\t-a\t\tapex only, check only the zone apex\n"); @@ -734,6 +722,12 @@ "for validating it regardless.\n"); fprintf(out, "\t-v\t\tshows the version and exits\n"); fprintf(out, "\t-V [0-5]\tset verbosity level (default 3)\n"); + fprintf(out, "\t-Z\t\tRequires a valid ZONEMD RR to be present.\n"); + fprintf(out, "\t\t\tWhen given once, this option will permit verifying" + "\n\t\t\tjust the ZONEMD RR of an unsigned zone. When given " + "\n\t\t\tmore than once, the zone needs to be validly DNSSEC" + "\n\t\t\tsigned as well. With three times a -Z option (-ZZZ)" + "\n\t\t\ta ZONEMD RR without signatures is allowed."); fprintf(out, "\ns are given in ISO 8601 duration format: " "P[n]Y[n]M[n]DT[n]H[n]M[n]S\n"); fprintf(out, "\nif no file is given standard input is read\n"); @@ -756,12 +750,14 @@ ldns_rr_list *keys = ldns_rr_list_new(); size_t nkeys = 0; const char *progname = argv[0]; + int zonemd_required = 0; + ldns_dnssec_rrsets *zonemd_rrset; check_time = ldns_time(NULL); myout = stdout; myerr = stderr; - while ((c = getopt(argc, argv, "ae:hi:k:vV:p:St:")) != -1) { + while ((c = getopt(argc, argv, "ae:hi:k:vV:p:St:Z")) != -1) { switch(c) { case 'a': apexonly = true; @@ -857,6 +853,9 @@ case 'V': verbosity = atoi(optarg); break; + case 'Z': + zonemd_required += 1; + break; } } if (do_sigchase && nkeys == 0) { @@ -895,53 +894,71 @@ s = ldns_dnssec_zone_new_frm_fp_l(&dnssec_zone, fp, NULL, 0, LDNS_RR_CLASS_IN, &line_nr); - if (s == LDNS_STATUS_OK) { - if (!dnssec_zone->soa) { - if (verbosity > 0) { - fprintf(myerr, - "; Error: no SOA in the zone\n"); - } - exit(EXIT_FAILURE); + if (s != LDNS_STATUS_OK) { + if (verbosity > 0) { + fprintf(myerr, "%s at line %d\n", + ldns_get_errorstr_by_id(s), line_nr); } - - result = ldns_dnssec_zone_mark_glue(dnssec_zone); - if (result != LDNS_STATUS_OK) { - if (verbosity > 0) { - fprintf(myerr, - "There were errors identifying the " - "glue in the zone\n"); - } + exit(EXIT_FAILURE); + } + if (!dnssec_zone->soa) { + if (verbosity > 0) { + fprintf(myerr, + "; Error: no SOA in the zone\n"); } - if (verbosity >= 5) { - ldns_dnssec_zone_print(myout, dnssec_zone); + exit(EXIT_FAILURE); + } + + result = ldns_dnssec_zone_mark_glue(dnssec_zone); + if (result != LDNS_STATUS_OK) { + if (verbosity > 0) { + fprintf(myerr, + "There were errors identifying the " + "glue in the zone\n"); } + } + if (verbosity >= 5) { + ldns_dnssec_zone_print(myout, dnssec_zone); + } + zonemd_rrset = ldns_dnssec_zone_find_rrset(dnssec_zone, + dnssec_zone->soa->name, LDNS_RR_TYPE_ZONEMD); + if (zonemd_required == 1 + && !ldns_dnssec_zone_find_rrset(dnssec_zone, + dnssec_zone->soa->name, LDNS_RR_TYPE_DNSKEY)) + result = LDNS_STATUS_OK; + else result = verify_dnssec_zone(dnssec_zone, dnssec_zone->soa->name, keys, apexonly, - percentage); + percentage, zonemd_required > 2); - if (result == LDNS_STATUS_OK) { - if (verbosity >= 3) { - fprintf(myout, - "Zone is verified and complete\n"); - } - } else { - if (verbosity > 0) { - fprintf(myerr, - "There were errors in the zone\n"); - } - } + if (zonemd_rrset) { + ldns_status zonemd_result + = ldns_dnssec_zone_verify_zonemd(dnssec_zone); + + if (zonemd_result) + fprintf( myerr, "Could not validate zone digest: %s\n" + , ldns_get_errorstr_by_id(zonemd_result)); - ldns_dnssec_zone_deep_free(dnssec_zone); - } else { - if (verbosity > 0) { - fprintf(myerr, "%s at %d\n", - ldns_get_errorstr_by_id(s), line_nr); + else if (verbosity > 3) + fprintf( myout + , "Zone digest matched the zone content\n"); + + if (zonemd_result) + result = zonemd_result; + + } else if (zonemd_required) + result = LDNS_STATUS_NO_ZONEMD; + + if (result == LDNS_STATUS_OK) { + if (verbosity >= 3) { + fprintf(myout, "Zone is verified and complete\n"); } - exit(EXIT_FAILURE); - } - fclose(fp); + } else if (verbosity > 0) + fprintf(myerr, "There were errors in the zone\n"); + ldns_dnssec_zone_deep_free(dnssec_zone); + fclose(fp); exit(result); } diff -Nru ldns-1.7.1/examples/ldns-walk.c ldns-1.8.1/examples/ldns-walk.c --- ldns-1.7.1/examples/ldns-walk.c 2019-07-26 15:07:44.000000000 +0000 +++ ldns-1.8.1/examples/ldns-walk.c 2021-12-03 07:45:47.000000000 +0000 @@ -169,7 +169,7 @@ ldns_pkt_print(stdout, answer_pkt); } /* hmm, this does not give us the right records - * when askking for type NS above the delegation + * when asking for type NS above the delegation * (or, in fact, when the delegated zone is * served by this server either) * do we need to special case NS like NSEC? @@ -608,7 +608,7 @@ } if (!next_dname) { /* apparently the zone also has prepended data (i.e. a.example and www.a.example, - * The www comes after the a but befpre a\\000, so we need to make another name (\\000.a) + * The www comes after the a but before a\\000, so we need to make another name (\\000.a) */ if (last_dname_p) { ldns_rdf_deep_free(last_dname_p); diff -Nru ldns-1.7.1/.gitlab-ci.yml ldns-1.8.1/.gitlab-ci.yml --- ldns-1.7.1/.gitlab-ci.yml 2019-07-26 15:07:44.000000000 +0000 +++ ldns-1.8.1/.gitlab-ci.yml 1970-01-01 00:00:00.000000000 +0000 @@ -1,6 +0,0 @@ -before_script: - - git submodule update --init - -tpkg-tests: - script: - - test/test_ci.sh ldns-team@nlnetlabs.nl diff -Nru ldns-1.7.1/host2str.c ldns-1.8.1/host2str.c --- ldns-1.7.1/host2str.c 2019-07-26 15:07:44.000000000 +0000 +++ ldns-1.8.1/host2str.c 2021-12-03 07:45:47.000000000 +0000 @@ -49,10 +49,14 @@ ldns_lookup_table ldns_algorithms[] = { { LDNS_RSAMD5, "RSAMD5" }, { LDNS_DH, "DH" }, +#ifdef USE_DSA { LDNS_DSA, "DSA" }, +#endif /* USE_DSA */ { LDNS_ECC, "ECC" }, { LDNS_RSASHA1, "RSASHA1" }, +#ifdef USE_DSA { LDNS_DSA_NSEC3, "DSA-NSEC3-SHA1" }, +#endif /* USE_DSA */ { LDNS_RSASHA1_NSEC3, "RSASHA1-NSEC3-SHA1" }, #ifdef USE_SHA2 { LDNS_RSASHA256, "RSASHA256"}, @@ -414,7 +418,7 @@ char date_buf[16]; memset(&tm, 0, sizeof(tm)); - if (ldns_serial_arithmitics_gmtime_r(ldns_rdf2native_int32(rdf), time(NULL), &tm) + if (ldns_serial_arithmetics_gmtime_r(ldns_rdf2native_int32(rdf), time(NULL), &tm) && strftime(date_buf, 15, "%Y%m%d%H%M%S", &tm)) { ldns_buffer_printf(output, "%s", date_buf); } @@ -709,8 +713,8 @@ uint32_t longitude; uint32_t latitude; uint32_t altitude; - char northerness; - char easterness; + char latitude_hemisphere; + char longitude_hemisphere; uint32_t h; uint32_t m; double s; @@ -734,10 +738,10 @@ altitude = ldns_read_uint32(&ldns_rdf_data(rdf)[12]); if (latitude > equator) { - northerness = 'N'; + latitude_hemisphere = 'N'; latitude = latitude - equator; } else { - northerness = 'S'; + latitude_hemisphere = 'S'; latitude = equator - latitude; } h = latitude / (1000 * 60 * 60); @@ -746,13 +750,13 @@ latitude = latitude % (1000 * 60); s = (double) latitude / 1000.0; ldns_buffer_printf(output, "%02u %02u %0.3f %c ", - h, m, s, northerness); + h, m, s, latitude_hemisphere); if (longitude > equator) { - easterness = 'E'; + longitude_hemisphere = 'E'; longitude = longitude - equator; } else { - easterness = 'W'; + longitude_hemisphere = 'W'; longitude = equator - longitude; } h = longitude / (1000 * 60 * 60); @@ -761,8 +765,7 @@ longitude = longitude % (1000 * 60); s = (double) longitude / (1000.0); ldns_buffer_printf(output, "%02u %02u %0.3f %c ", - h, m, s, easterness); - + h, m, s, longitude_hemisphere); s = ((double) altitude) / 100; s -= 100000; @@ -851,6 +854,8 @@ endservent(); #endif } + /* exit from loop before integer overflow */ + if(current_service == 65535) { break; } } return ldns_buffer_status(output); } @@ -1299,7 +1304,7 @@ return ldns_buffer_status(output); } -/* implementation mimiced from ldns_rdf2buffer_str_ipseckey */ +/* implementation mimicked from ldns_rdf2buffer_str_ipseckey */ ldns_status ldns_rdf2buffer_str_amtrelay(ldns_buffer *output, const ldns_rdf *rdf) { @@ -1386,6 +1391,231 @@ return ldns_buffer_status(output); } +#ifdef RRTYPE_SVCB_HTTPS +ldns_status svcparam_key2buffer_str(ldns_buffer *output, uint16_t key); + +static ldns_status +svcparam_mandatory2buffer_str(ldns_buffer *output, size_t sz, uint8_t *data) +{ + if (sz % 2) + return LDNS_STATUS_INVALID_SVCPARAM_VALUE; + + svcparam_key2buffer_str(output, ldns_read_uint16(data)); + for (data += 2, sz -= 2; sz; data += 2, sz -= 2) { + ldns_buffer_write_u8(output, ','); + svcparam_key2buffer_str(output, ldns_read_uint16(data)); + } + return ldns_buffer_status(output); +} + +static ldns_status +svcparam_alpn2buffer_str(ldns_buffer *output, size_t sz, uint8_t *data) +{ + uint8_t *eod = data + sz, *dp; + bool quote = false; + size_t i; + + for (dp = data; dp < eod && !quote; dp += 1 + *dp) { + if (dp + 1 + *dp > eod) + return LDNS_STATUS_INVALID_SVCPARAM_VALUE; + + for (i = 0; i < *dp; i++) + if (isspace(dp[i + 1])) + break; + quote = i < *dp; + } + if (quote) + ldns_buffer_write_u8(output, '"'); + while (data < eod) { + uint8_t *eot = data + 1 + *data; + + if (eot > eod) + return LDNS_STATUS_INVALID_SVCPARAM_VALUE; + + if (eod - data < (int)sz) + ldns_buffer_write_u8(output, ','); + + for (data += 1; data < eot; data += 1) { + uint8_t ch = *data; + + if (isprint(ch) || ch == '\t') { + if (ch == '"' || ch == ',' || ch == '\\') + ldns_buffer_write_u8(output, '\\'); + ldns_buffer_write_u8(output, ch); + } else + ldns_buffer_printf(output, "\\%03u" + , (unsigned)ch); + } + } + if (quote) + ldns_buffer_write_u8(output, '"'); + return ldns_buffer_status(output); +} + +static ldns_status +svcparam_port2buffer_str(ldns_buffer *output, size_t sz, uint8_t *data) +{ + if (sz != 2) + return LDNS_STATUS_INVALID_SVCPARAM_VALUE; + ldns_buffer_printf(output, "%d", (int)ldns_read_uint16(data)); + return ldns_buffer_status(output); +} + +static ldns_status +svcparam_ipv4hint2buffer_str(ldns_buffer *output, size_t sz, uint8_t *data) +{ + char str[INET_ADDRSTRLEN]; + + if (sz % 4 || !inet_ntop(AF_INET, data, str, INET_ADDRSTRLEN)) + return LDNS_STATUS_INVALID_SVCPARAM_VALUE; + + ldns_buffer_write_string(output, str); + + for (data += 4, sz -= 4; sz ; data += 4, sz -= 4 ) { + ldns_buffer_write_u8(output, ','); + if (!inet_ntop(AF_INET, data, str, INET_ADDRSTRLEN)) + return LDNS_STATUS_INVALID_SVCPARAM_VALUE; + + ldns_buffer_write_string(output, str); + } + return ldns_buffer_status(output); +} + +static ldns_status +svcparam_echconfig2buffer_str(ldns_buffer *output, size_t sz, uint8_t *data) +{ + size_t str_sz = ldns_b64_ntop_calculate_size(sz); + int written; + + if (!ldns_buffer_reserve(output, str_sz)) + return LDNS_STATUS_MEM_ERR; + + written = ldns_b64_ntop( data, sz + , (char *)ldns_buffer_current(output), str_sz); + if (written > 0) + ldns_buffer_skip(output, written); + else + return LDNS_STATUS_INVALID_SVCPARAM_VALUE; + + return ldns_buffer_status(output); +} + +static ldns_status +svcparam_ipv6hint2buffer_str(ldns_buffer *output, size_t sz, uint8_t *data) +{ + char str[INET6_ADDRSTRLEN]; + + if (sz % 16 || !inet_ntop(AF_INET6, data, str, INET6_ADDRSTRLEN)) + return LDNS_STATUS_INVALID_SVCPARAM_VALUE; + + ldns_buffer_write_string(output, str); + + for (data += 16, sz -= 16; sz ; data += 16, sz -= 16) { + ldns_buffer_write_u8(output, ','); + if (!inet_ntop(AF_INET6, data, str, INET6_ADDRSTRLEN)) + return LDNS_STATUS_INVALID_SVCPARAM_VALUE; + + ldns_buffer_write_string(output, str); + } + return ldns_buffer_status(output); +} + +static ldns_status +svcparam_value2buffer_str(ldns_buffer *output, size_t sz, uint8_t *data) +{ + uint8_t *eod = data + sz, *dp; + bool quote = false; + + for (dp = data; dp < eod && !isspace(*dp); dp++) + ; /* pass */ + + if ((quote = dp < eod)) + ldns_buffer_write_u8(output, '"'); + + for (dp = data; dp < eod; dp++) { + uint8_t ch = *dp; + + if (isprint(ch) || ch == '\t') { + if (ch == '"' || ch == '\\') + ldns_buffer_write_u8(output, '\\'); + ldns_buffer_write_u8(output, ch); + } else + ldns_buffer_printf(output, "\\%03u", (unsigned)ch); + } + if (quote) + ldns_buffer_write_u8(output, '"'); + return ldns_buffer_status(output); +} + +ldns_status +ldns_rdf2buffer_str_svcparams(ldns_buffer *output, const ldns_rdf *rdf) +{ + uint8_t *data, *dp, *next_dp = NULL; + size_t sz; + ldns_status st; + + if (!output) + return LDNS_STATUS_NULL; + + if (!rdf || !(data = ldns_rdf_data(rdf)) || !(sz = ldns_rdf_size(rdf))) + /* No svcparams is just fine. Just nothing to print. */ + return LDNS_STATUS_OK; + + for (dp = data; dp + 4 < data + sz; dp = next_dp) { + ldns_svcparam_key key = ldns_read_uint16(dp); + uint16_t val_sz = ldns_read_uint16(dp + 2); + + if ((next_dp = dp + 4 + val_sz) > data + sz) + return LDNS_STATUS_RDATA_OVERFLOW; + + if (dp > data) + ldns_buffer_write_u8(output, ' '); + + if ((st = svcparam_key2buffer_str(output, key))) + return st; + + if (val_sz == 0) + continue; + dp += 4; + ldns_buffer_write_u8(output, '='); + switch (key) { + case LDNS_SVCPARAM_KEY_MANDATORY: + st = svcparam_mandatory2buffer_str(output, val_sz, dp); + break; + case LDNS_SVCPARAM_KEY_ALPN: + st = svcparam_alpn2buffer_str(output, val_sz, dp); + break; + case LDNS_SVCPARAM_KEY_NO_DEFAULT_ALPN: + return LDNS_STATUS_NO_SVCPARAM_VALUE_EXPECTED; + case LDNS_SVCPARAM_KEY_PORT: + st = svcparam_port2buffer_str(output, val_sz, dp); + break; + case LDNS_SVCPARAM_KEY_IPV4HINT: + st = svcparam_ipv4hint2buffer_str(output, val_sz, dp); + break; + case LDNS_SVCPARAM_KEY_ECHCONFIG: + st = svcparam_echconfig2buffer_str(output, val_sz, dp); + break; + case LDNS_SVCPARAM_KEY_IPV6HINT: + st = svcparam_ipv6hint2buffer_str(output, val_sz, dp); + break; + default: + st = svcparam_value2buffer_str(output, val_sz, dp); + break; + } + if (st) + return st; + } + return ldns_buffer_status(output); +} +#else /* #ifdef RRTYPE_SVCB_HTTPS */ +ldns_status +ldns_rdf2buffer_str_svcparams(ldns_buffer *output, const ldns_rdf *rdf) +{ + (void)output; (void)rdf; + return LDNS_STATUS_NOT_IMPL; +} +#endif /* #ifdef RRTYPE_SVCB_HTTPS */ static ldns_status ldns_rdf2buffer_str_fmt(ldns_buffer *buffer, @@ -1505,6 +1735,9 @@ case LDNS_RDF_TYPE_AMTRELAY: res = ldns_rdf2buffer_str_amtrelay(buffer, rdf); break; + case LDNS_RDF_TYPE_SVCPARAMS: + res = ldns_rdf2buffer_str_svcparams(buffer, rdf); + break; } } else { /** This will write mangled RRs */ @@ -1584,45 +1817,50 @@ fmt_st = (ldns_output_format_storage*) ldns_output_format_default; } - if (!rr) { - if (LDNS_COMMENT_NULLS & fmt_st->flags) { - ldns_buffer_printf(output, "; (null)\n"); + if (!(fmt_st->flags & LDNS_FMT_SHORT)) { + if (!rr) { + if (LDNS_COMMENT_NULLS & fmt_st->flags) { + ldns_buffer_printf(output, "; (null)\n"); + } + return ldns_buffer_status(output); + } + if (ldns_rr_owner(rr)) { + status = ldns_rdf2buffer_str_dname(output, ldns_rr_owner(rr)); + } + if (status != LDNS_STATUS_OK) { + return status; } - return ldns_buffer_status(output); - } - if (ldns_rr_owner(rr)) { - status = ldns_rdf2buffer_str_dname(output, ldns_rr_owner(rr)); - } - if (status != LDNS_STATUS_OK) { - return status; - } - /* TTL should NOT be printed if it is a question */ - if (!ldns_rr_is_question(rr)) { - ldns_buffer_printf(output, "\t%d", ldns_rr_ttl(rr)); - } + /* TTL should NOT be printed if it is a question */ + if (!ldns_rr_is_question(rr)) { + ldns_buffer_printf(output, "\t%u", (unsigned)ldns_rr_ttl(rr)); + } - ldns_buffer_printf(output, "\t"); - status = ldns_rr_class2buffer_str(output, ldns_rr_get_class(rr)); - if (status != LDNS_STATUS_OK) { - return status; - } - ldns_buffer_printf(output, "\t"); + ldns_buffer_printf(output, "\t"); + status = ldns_rr_class2buffer_str(output, ldns_rr_get_class(rr)); + if (status != LDNS_STATUS_OK) { + return status; + } + ldns_buffer_printf(output, "\t"); - if (ldns_output_format_covers_type(fmt, ldns_rr_get_type(rr))) { - return ldns_rr2buffer_str_rfc3597(output, rr); - } - status = ldns_rr_type2buffer_str(output, ldns_rr_get_type(rr)); - if (status != LDNS_STATUS_OK) { - return status; - } + if (ldns_output_format_covers_type(fmt, ldns_rr_get_type(rr))) { + return ldns_rr2buffer_str_rfc3597(output, rr); + } + status = ldns_rr_type2buffer_str(output, ldns_rr_get_type(rr)); + if (status != LDNS_STATUS_OK) { + return status; + } - if (ldns_rr_rd_count(rr) > 0) { - ldns_buffer_printf(output, "\t"); - } else if (!ldns_rr_is_question(rr)) { - ldns_buffer_printf(output, "\t\\# 0"); - } + if (ldns_rr_rd_count(rr) > 0) { + ldns_buffer_printf(output, "\t"); + } else if (!ldns_rr_is_question(rr)) { + ldns_buffer_printf(output, "\t\\# 0"); + } + } else if (ldns_rr_rd_count(rr) == 0) { + /* assert(fmt_st->flags & LDNS_FMT_SHORT); */ + ldns_buffer_printf(output, "# 0"); + } for (i = 0; i < ldns_rr_rd_count(rr); i++) { /* ldns_rdf2buffer_str handles NULL input fine! */ if ((fmt_st->flags & LDNS_FMT_ZEROIZE_RRSIGS) && @@ -1758,7 +1996,7 @@ node->data )); } - ldns_rdf_free(key); + ldns_rdf_deep_free(key); } key = ldns_b32_ext2dname( ldns_nsec3_next_owner(rr)); @@ -1776,7 +2014,7 @@ node->data )); } - ldns_rdf_free(key); + ldns_rdf_deep_free(key); } } ldns_buffer_printf(output, "}"); @@ -1878,13 +2116,18 @@ char *tmp; struct timeval time; time_t time_tt; + int short_fmt = fmt && (fmt->flags & LDNS_FMT_SHORT); if (!pkt) { ldns_buffer_printf(output, "null"); return LDNS_STATUS_OK; } - if (ldns_buffer_status_ok(output)) { + if (!ldns_buffer_status_ok(output)) { + return ldns_buffer_status(output); + } + + if (!short_fmt) { status = ldns_pktheader2buffer_str(output, pkt); if (status != LDNS_STATUS_OK) { return status; @@ -1906,15 +2149,16 @@ ldns_buffer_printf(output, "\n"); ldns_buffer_printf(output, ";; ANSWER SECTION:\n"); - for (i = 0; i < ldns_pkt_ancount(pkt); i++) { - status = ldns_rr2buffer_str_fmt(output, fmt, - ldns_rr_list_rr( - ldns_pkt_answer(pkt), i)); - if (status != LDNS_STATUS_OK) { - return status; - } - + } + for (i = 0; i < ldns_pkt_ancount(pkt); i++) { + status = ldns_rr2buffer_str_fmt(output, fmt, + ldns_rr_list_rr( + ldns_pkt_answer(pkt), i)); + if (status != LDNS_STATUS_OK) { + return status; } + } + if (!short_fmt) { ldns_buffer_printf(output, "\n"); ldns_buffer_printf(output, ";; AUTHORITY SECTION:\n"); @@ -1940,7 +2184,7 @@ } ldns_buffer_printf(output, "\n"); - /* add some futher fields */ + /* add some further fields */ ldns_buffer_printf(output, ";; Query time: %d msec\n", ldns_pkt_querytime(pkt)); if (ldns_pkt_edns(pkt)) { @@ -1984,8 +2228,6 @@ ldns_buffer_printf(output, ";; MSG SIZE rcvd: %d\n", (int)ldns_pkt_size(pkt)); - } else { - return ldns_buffer_status(output); } return status; } @@ -2133,7 +2375,9 @@ unsigned char *bignum; #ifdef HAVE_SSL RSA *rsa; +#ifdef USE_DSA DSA *dsa; +#endif /* USE_DSA */ #endif /* HAVE_SSL */ if (!k) { @@ -2243,6 +2487,7 @@ RSA_free(rsa); break; +#ifdef USE_DSA case LDNS_SIGN_DSA: case LDNS_SIGN_DSA_NSEC3: dsa = ldns_key_dsa_key(k); @@ -2283,6 +2528,7 @@ goto error; } break; +#endif /* USE_DSA */ case LDNS_SIGN_ECC_GOST: /* no format defined, use blob */ #if defined(HAVE_SSL) && defined(USE_GOST) diff -Nru ldns-1.7.1/host2wire.c ldns-1.8.1/host2wire.c --- ldns-1.7.1/host2wire.c 2019-07-26 15:07:44.000000000 +0000 +++ ldns-1.8.1/host2wire.c 2021-12-03 07:45:47.000000000 +0000 @@ -375,6 +375,20 @@ ldns_status ldns_pkt2buffer_wire(ldns_buffer *buffer, const ldns_pkt *packet) { + ldns_status status; + ldns_rbtree_t *compression_data = ldns_rbtree_create((int (*)(const void *, const void *))ldns_dname_compare); + + status = ldns_pkt2buffer_wire_compress(buffer, packet, compression_data); + + ldns_traverse_postorder(compression_data,compression_node_free,NULL); + ldns_rbtree_free(compression_data); + + return status; +} + +ldns_status +ldns_pkt2buffer_wire_compress(ldns_buffer *buffer, const ldns_pkt *packet, ldns_rbtree_t *compression_data) +{ ldns_rr_list *rr_list; uint16_t i; @@ -382,8 +396,6 @@ ldns_rr *edns_rr; uint8_t edata[4]; - ldns_rbtree_t *compression_data = ldns_rbtree_create((int (*)(const void *, const void *))ldns_dname_compare); - (void) ldns_hdr2buffer_wire(buffer, packet); rr_list = ldns_pkt_question(packet); @@ -443,9 +455,6 @@ ldns_pkt_tsig(packet), LDNS_SECTION_ADDITIONAL, compression_data); } - ldns_traverse_postorder(compression_data,compression_node_free,NULL); - ldns_rbtree_free(compression_data); - return LDNS_STATUS_OK; } diff -Nru ldns-1.7.1/install-sh ldns-1.8.1/install-sh --- ldns-1.7.1/install-sh 2019-07-26 15:07:45.000000000 +0000 +++ ldns-1.8.1/install-sh 2021-12-03 07:45:49.000000000 +0000 @@ -1,7 +1,7 @@ #!/bin/sh # install - install a program, script, or datafile -scriptversion=2018-03-11.20; # UTC +scriptversion=2020-11-14.01; # UTC # This originates from X11R5 (mit/util/scripts/install.sh), which was # later released in X11R6 (xc/config/util/install.sh) with the @@ -69,6 +69,11 @@ # Desired mode of installed file. mode=0755 +# Create dirs (including intermediate dirs) using mode 755. +# This is like GNU 'install' as of coreutils 8.32 (2020). +mkdir_umask=22 + +backupsuffix= chgrpcmd= chmodcmd=$chmodprog chowncmd= @@ -99,18 +104,28 @@ --version display version info and exit. -c (ignored) - -C install only if different (preserve the last data modification time) + -C install only if different (preserve data modification time) -d create directories instead of installing files. -g GROUP $chgrpprog installed files to GROUP. -m MODE $chmodprog installed files to MODE. -o USER $chownprog installed files to USER. + -p pass -p to $cpprog. -s $stripprog installed files. + -S SUFFIX attempt to back up existing files, with suffix SUFFIX. -t DIRECTORY install into DIRECTORY. -T report an error if DSTFILE is a directory. Environment variables override the default commands: CHGRPPROG CHMODPROG CHOWNPROG CMPPROG CPPROG MKDIRPROG MVPROG RMPROG STRIPPROG + +By default, rm is invoked with -f; when overridden with RMPROG, +it's up to you to specify -f if you want it. + +If -S is not specified, no backups are attempted. + +Email bug reports to bug-automake@gnu.org. +Automake home page: https://www.gnu.org/software/automake/ " while test $# -ne 0; do @@ -137,8 +152,13 @@ -o) chowncmd="$chownprog $2" shift;; + -p) cpprog="$cpprog -p";; + -s) stripcmd=$stripprog;; + -S) backupsuffix="$2" + shift;; + -t) is_target_a_directory=always dst_arg=$2 @@ -255,6 +275,10 @@ dstdir=$dst test -d "$dstdir" dstdir_status=$? + # Don't chown directories that already exist. + if test $dstdir_status = 0; then + chowncmd="" + fi else # Waiting for this to be detected by the "$cpprog $src $dsttmp" command @@ -301,22 +325,6 @@ if test $dstdir_status != 0; then case $posix_mkdir in '') - # Create intermediate dirs using mode 755 as modified by the umask. - # This is like FreeBSD 'install' as of 1997-10-28. - umask=`umask` - case $stripcmd.$umask in - # Optimize common cases. - *[2367][2367]) mkdir_umask=$umask;; - .*0[02][02] | .[02][02] | .[02]) mkdir_umask=22;; - - *[0-7]) - mkdir_umask=`expr $umask + 22 \ - - $umask % 100 % 40 + $umask % 20 \ - - $umask % 10 % 4 + $umask % 2 - `;; - *) mkdir_umask=$umask,go-w;; - esac - # With -d, create the new directory with the user-specified mode. # Otherwise, rely on $mkdir_umask. if test -n "$dir_arg"; then @@ -326,52 +334,49 @@ fi posix_mkdir=false - case $umask in - *[123567][0-7][0-7]) - # POSIX mkdir -p sets u+wx bits regardless of umask, which - # is incompatible with FreeBSD 'install' when (umask & 300) != 0. - ;; - *) - # Note that $RANDOM variable is not portable (e.g. dash); Use it - # here however when possible just to lower collision chance. - tmpdir=${TMPDIR-/tmp}/ins$RANDOM-$$ - - trap 'ret=$?; rmdir "$tmpdir/a/b" "$tmpdir/a" "$tmpdir" 2>/dev/null; exit $ret' 0 - - # Because "mkdir -p" follows existing symlinks and we likely work - # directly in world-writeable /tmp, make sure that the '$tmpdir' - # directory is successfully created first before we actually test - # 'mkdir -p' feature. - if (umask $mkdir_umask && - $mkdirprog $mkdir_mode "$tmpdir" && - exec $mkdirprog $mkdir_mode -p -- "$tmpdir/a/b") >/dev/null 2>&1 - then - if test -z "$dir_arg" || { - # Check for POSIX incompatibilities with -m. - # HP-UX 11.23 and IRIX 6.5 mkdir -m -p sets group- or - # other-writable bit of parent directory when it shouldn't. - # FreeBSD 6.1 mkdir -m -p sets mode of existing directory. - test_tmpdir="$tmpdir/a" - ls_ld_tmpdir=`ls -ld "$test_tmpdir"` - case $ls_ld_tmpdir in - d????-?r-*) different_mode=700;; - d????-?--*) different_mode=755;; - *) false;; - esac && - $mkdirprog -m$different_mode -p -- "$test_tmpdir" && { - ls_ld_tmpdir_1=`ls -ld "$test_tmpdir"` - test "$ls_ld_tmpdir" = "$ls_ld_tmpdir_1" - } - } - then posix_mkdir=: - fi - rmdir "$tmpdir/a/b" "$tmpdir/a" "$tmpdir" - else - # Remove any dirs left behind by ancient mkdir implementations. - rmdir ./$mkdir_mode ./-p ./-- "$tmpdir" 2>/dev/null - fi - trap '' 0;; - esac;; + # The $RANDOM variable is not portable (e.g., dash). Use it + # here however when possible just to lower collision chance. + tmpdir=${TMPDIR-/tmp}/ins$RANDOM-$$ + + trap ' + ret=$? + rmdir "$tmpdir/a/b" "$tmpdir/a" "$tmpdir" 2>/dev/null + exit $ret + ' 0 + + # Because "mkdir -p" follows existing symlinks and we likely work + # directly in world-writeable /tmp, make sure that the '$tmpdir' + # directory is successfully created first before we actually test + # 'mkdir -p'. + if (umask $mkdir_umask && + $mkdirprog $mkdir_mode "$tmpdir" && + exec $mkdirprog $mkdir_mode -p -- "$tmpdir/a/b") >/dev/null 2>&1 + then + if test -z "$dir_arg" || { + # Check for POSIX incompatibilities with -m. + # HP-UX 11.23 and IRIX 6.5 mkdir -m -p sets group- or + # other-writable bit of parent directory when it shouldn't. + # FreeBSD 6.1 mkdir -m -p sets mode of existing directory. + test_tmpdir="$tmpdir/a" + ls_ld_tmpdir=`ls -ld "$test_tmpdir"` + case $ls_ld_tmpdir in + d????-?r-*) different_mode=700;; + d????-?--*) different_mode=755;; + *) false;; + esac && + $mkdirprog -m$different_mode -p -- "$test_tmpdir" && { + ls_ld_tmpdir_1=`ls -ld "$test_tmpdir"` + test "$ls_ld_tmpdir" = "$ls_ld_tmpdir_1" + } + } + then posix_mkdir=: + fi + rmdir "$tmpdir/a/b" "$tmpdir/a" "$tmpdir" + else + # Remove any dirs left behind by ancient mkdir implementations. + rmdir ./$mkdir_mode ./-p ./-- "$tmpdir" 2>/dev/null + fi + trap '' 0;; esac if @@ -382,7 +387,7 @@ then : else - # The umask is ridiculous, or mkdir does not conform to POSIX, + # mkdir does not conform to POSIX, # or it failed possibly due to a race condition. Create the # directory the slow way, step by step, checking for races as we go. @@ -411,7 +416,7 @@ prefixes= else if $posix_mkdir; then - (umask=$mkdir_umask && + (umask $mkdir_umask && $doit_exec $mkdirprog $mkdir_mode -p -- "$dstdir") && break # Don't fail if two instances are running concurrently. test -d "$prefix" || exit 1 @@ -451,7 +456,18 @@ trap 'ret=$?; rm -f "$dsttmp" "$rmtmp" && exit $ret' 0 # Copy the file name to the temp name. - (umask $cp_umask && $doit_exec $cpprog "$src" "$dsttmp") && + (umask $cp_umask && + { test -z "$stripcmd" || { + # Create $dsttmp read-write so that cp doesn't create it read-only, + # which would cause strip to fail. + if test -z "$doit"; then + : >"$dsttmp" # No need to fork-exec 'touch'. + else + $doit touch "$dsttmp" + fi + } + } && + $doit_exec $cpprog "$src" "$dsttmp") && # and set any options; do chmod last to preserve setuid bits. # @@ -477,6 +493,13 @@ then rm -f "$dsttmp" else + # If $backupsuffix is set, and the file being installed + # already exists, attempt a backup. Don't worry if it fails, + # e.g., if mv doesn't support -f. + if test -n "$backupsuffix" && test -f "$dst"; then + $doit $mvcmd -f "$dst" "$dst$backupsuffix" 2>/dev/null + fi + # Rename the file to the real destination. $doit $mvcmd -f "$dsttmp" "$dst" 2>/dev/null || @@ -491,9 +514,9 @@ # file should still install successfully. { test ! -f "$dst" || - $doit $rmcmd -f "$dst" 2>/dev/null || + $doit $rmcmd "$dst" 2>/dev/null || { $doit $mvcmd -f "$dst" "$rmtmp" 2>/dev/null && - { $doit $rmcmd -f "$rmtmp" 2>/dev/null; :; } + { $doit $rmcmd "$rmtmp" 2>/dev/null; :; } } || { echo "$0: cannot unlink or rename $dst" >&2 (exit 1); exit 1 diff -Nru ldns-1.7.1/keys.c ldns-1.8.1/keys.c --- ldns-1.7.1/keys.c 2019-07-26 15:07:44.000000000 +0000 +++ ldns-1.8.1/keys.c 2021-12-03 07:45:47.000000000 +0000 @@ -15,6 +15,7 @@ #include #ifdef HAVE_SSL +#include #include #include #include @@ -83,7 +84,7 @@ if (!newkey) { return NULL; } else { - /* some defaults - not sure wether to do this */ + /* some defaults - not sure whether to do this */ ldns_key_set_use(newkey, true); ldns_key_set_flags(newkey, LDNS_KEY_ZONE_KEY); ldns_key_set_origttl(newkey, 0); @@ -775,7 +776,7 @@ } /* I could use functions again, but that seems an overkill, - * allthough this also looks tedious + * although this also looks tedious */ /* Modules, rsa->n */ @@ -904,6 +905,7 @@ return NULL; } +#ifdef USE_DSA DSA * ldns_key_new_frm_fp_dsa(FILE *f) { @@ -1014,6 +1016,7 @@ BN_free(pub_key); return NULL; } +#endif /* USE_DSA */ unsigned char * ldns_key_new_frm_fp_hmac(FILE *f, size_t *hmac_size) @@ -1148,9 +1151,9 @@ #endif /* HAVE_EVP_PKEY_KEYGEN */ #endif /* HAVE_SSL */ break; +#ifdef USE_DSA case LDNS_SIGN_DSA: case LDNS_SIGN_DSA_NSEC3: -#ifdef USE_DSA #ifdef HAVE_SSL # if OPENSSL_VERSION_NUMBER < 0x00908000L d = DSA_generate_parameters((int)size, NULL, 0, NULL, NULL, NULL, NULL); @@ -1443,7 +1446,7 @@ size_t ldns_key_list_key_count(const ldns_key_list *key_list) { - return key_list->_key_count; + return key_list ? key_list->_key_count : 0; } ldns_key * @@ -1877,10 +1880,10 @@ #endif size++; break; +#ifdef USE_DSA case LDNS_SIGN_DSA: ldns_rr_push_rdf(pubkey, ldns_native2rdf_int8(LDNS_RDF_TYPE_ALG, LDNS_DSA)); -#ifdef USE_DSA #ifdef HAVE_SSL dsa = ldns_key_dsa_key(k); if (dsa) { @@ -1900,10 +1903,10 @@ #endif /* HAVE_SSL */ #endif /* USE_DSA */ break; +#ifdef USE_DSA case LDNS_SIGN_DSA_NSEC3: ldns_rr_push_rdf(pubkey, ldns_native2rdf_int8(LDNS_RDF_TYPE_ALG, LDNS_DSA_NSEC3)); -#ifdef USE_DSA #ifdef HAVE_SSL dsa = ldns_key_dsa_key(k); if (dsa) { @@ -2164,7 +2167,9 @@ ldns_lookup_table aliases[] = { /* from bind dnssec-keygen */ {LDNS_SIGN_HMACMD5, "HMAC-MD5"}, +#ifdef USE_DSA {LDNS_SIGN_DSA_NSEC3, "NSEC3DSA"}, +#endif /* USE_DSA */ {LDNS_SIGN_RSASHA1_NSEC3, "NSEC3RSASHA1"}, /* old ldns usage, now RFC names */ #ifdef USE_DSA diff -Nru ldns-1.7.1/ldns/common.h.in ldns-1.8.1/ldns/common.h.in --- ldns-1.7.1/ldns/common.h.in 2019-07-26 15:07:44.000000000 +0000 +++ ldns-1.8.1/ldns/common.h.in 2021-12-03 07:45:47.000000000 +0000 @@ -27,6 +27,9 @@ #define LDNS_BUILD_CONFIG_USE_DANE @ldns_build_config_use_dane@ #define LDNS_BUILD_CONFIG_HAVE_B32_PTON @ldns_build_config_have_b32_pton@ #define LDNS_BUILD_CONFIG_HAVE_B32_NTOP @ldns_build_config_have_b32_ntop@ +#define LDNS_BUILD_CONFIG_USE_DSA @ldns_build_config_use_dsa@ +#define LDNS_BUILD_CONFIG_USE_ED25519 @ldns_build_config_use_ed25519@ +#define LDNS_BUILD_CONFIG_USE_ED448 @ldns_build_config_use_ed448@ /* * HAVE_STDBOOL_H is not available when distributed as a library, but no build diff -Nru ldns-1.7.1/ldns/config.h.in ldns-1.8.1/ldns/config.h.in --- ldns-1.7.1/ldns/config.h.in 2019-07-26 15:07:50.000000000 +0000 +++ ldns-1.8.1/ldns/config.h.in 2021-12-03 07:45:56.000000000 +0000 @@ -30,6 +30,15 @@ /* Define to 1 if you have the `calloc' function. */ #undef HAVE_CALLOC +/* Define to 1 if you have the `CONF_modules_unload' function. */ +#undef HAVE_CONF_MODULES_UNLOAD + +/* Define to 1 if you have the `CRYPTO_cleanup_all_ex_data' function. */ +#undef HAVE_CRYPTO_CLEANUP_ALL_EX_DATA + +/* Define to 1 if you have the `CRYPTO_memcmp' function. */ +#undef HAVE_CRYPTO_MEMCMP + /* Define to 1 if you have the `ctime_r' function. */ #undef HAVE_CTIME_R @@ -39,6 +48,10 @@ /* Is a CAPATH given at configure time */ #undef HAVE_DANE_CA_PATH +/* Define to 1 if you have the declaration of `EVP_PKEY_base_id', and to 0 if + you don't. */ +#undef HAVE_DECL_EVP_PKEY_BASE_ID + /* Define to 1 if you have the declaration of `NID_ED25519', and to 0 if you don't. */ #undef HAVE_DECL_NID_ED25519 @@ -79,21 +92,33 @@ /* Define to 1 if you have the `endservent' function. */ #undef HAVE_ENDSERVENT -/* Define to 1 if you have the `ENGINE_load_cryptodev' function. */ -#undef HAVE_ENGINE_LOAD_CRYPTODEV +/* Define to 1 if you have the `ENGINE_cleanup' function. */ +#undef HAVE_ENGINE_CLEANUP + +/* Define to 1 if you have the `ENGINE_free' function. */ +#undef HAVE_ENGINE_FREE + +/* Define to 1 if you have the `ERR_free_strings' function. */ +#undef HAVE_ERR_FREE_STRINGS /* Define to 1 if you have the `ERR_load_crypto_strings' function. */ #undef HAVE_ERR_LOAD_CRYPTO_STRINGS +/* Define to 1 if you have the `EVP_cleanup' function. */ +#undef HAVE_EVP_CLEANUP + /* Define to 1 if you have the `EVP_dss1' function. */ #undef HAVE_EVP_DSS1 /* Define to 1 if you have the `EVP_MD_CTX_new' function. */ #undef HAVE_EVP_MD_CTX_NEW -/* Define to 1 if you have the `EVP_PKEY_base_id' function. */ +/* Define to 1 if you have the EVP_PKEY_base_id function or macro. */ #undef HAVE_EVP_PKEY_BASE_ID +/* Define to 1 if you have the `EVP_PKEY_get_base_id' function. */ +#undef HAVE_EVP_PKEY_GET_BASE_ID + /* Define to 1 if you have the `EVP_PKEY_keygen' function. */ #undef HAVE_EVP_PKEY_KEYGEN @@ -112,6 +137,9 @@ /* Define to 1 if you have the `fork' function. */ #undef HAVE_FORK +/* if fork is available for compile */ +#undef HAVE_FORK_AVAILABLE + /* Whether getaddrinfo is available */ #undef HAVE_GETADDRINFO @@ -121,9 +149,6 @@ /* Define to 1 if you have the `gmtime_r' function. */ #undef HAVE_GMTIME_R -/* If you have HMAC_Update */ -#undef HAVE_HMAC_UPDATE - /* Define to 1 if you have the `inet_aton' function. */ #undef HAVE_INET_ATON @@ -154,10 +179,6 @@ /* Define to 1 if you have the `localtime_r' function. */ #undef HAVE_LOCALTIME_R -/* Define to 1 if your system has a GNU libc compatible `malloc' function, and - to 0 otherwise. */ -#undef HAVE_MALLOC - /* Define to 1 if you have the `memmove' function. */ #undef HAVE_MEMMOVE @@ -200,9 +221,18 @@ /* Define to 1 if you have the header file. */ #undef HAVE_NET_IF_H +/* Define to 1 if you have the header file. */ +#undef HAVE_OPENSSL_CONF_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_OPENSSL_ENGINE_H + /* Define to 1 if you have the header file. */ #undef HAVE_OPENSSL_ERR_H +/* Define to 1 if you have the header file. */ +#undef HAVE_OPENSSL_EVP_H + /* Define to 1 if you have the `OPENSSL_init_crypto' function. */ #undef HAVE_OPENSSL_INIT_CRYPTO @@ -227,10 +257,6 @@ /* Define to 1 if you have the `random' function. */ #undef HAVE_RANDOM -/* Define to 1 if your system has a GNU libc compatible `realloc' function, - and to 0 otherwise. */ -#undef HAVE_REALLOC - /* Define to 1 if you have the `sleep' function. */ #undef HAVE_SLEEP @@ -282,6 +308,9 @@ /* define if you have sys/types.h */ #undef HAVE_SYS_TYPES_H +/* Define to 1 if you have the header file. */ +#undef HAVE_TARGETCONDITIONALS_H + /* Define to 1 if you have the `timegm' function. */ #undef HAVE_TIMEGM @@ -357,6 +386,9 @@ /* Define this to enable RR type RKEY. */ #undef RRTYPE_RKEY +/* Define this to enable RR types SVCB and HTTPS. */ +#undef RRTYPE_SVCB_HTTPS + /* Define this to enable RR type TA. */ #undef RRTYPE_TA @@ -482,15 +514,9 @@ /* Define to `size_t' if does not define. */ #undef intptr_t -/* Define to rpl_malloc if the replacement function should be used. */ -#undef malloc - /* Define to `int' if does not define. */ #undef pid_t -/* Define to rpl_realloc if the replacement function should be used. */ -#undef realloc - /* Define to `unsigned int' if does not define. */ #undef size_t diff -Nru ldns-1.7.1/ldns/dnssec_sign.h ldns-1.8.1/ldns/dnssec_sign.h --- ldns-1.7.1/ldns/dnssec_sign.h 2019-07-26 15:07:44.000000000 +0000 +++ ldns-1.8.1/ldns/dnssec_sign.h 2021-12-03 07:45:47.000000000 +0000 @@ -12,8 +12,11 @@ /* sign functions */ /** Sign flag that makes DNSKEY type signed by all keys, not only by SEP keys*/ -#define LDNS_SIGN_DNSKEY_WITH_ZSK 1 -#define LDNS_SIGN_WITH_ALL_ALGORITHMS 2 +#define LDNS_SIGN_DNSKEY_WITH_ZSK 1 +#define LDNS_SIGN_WITH_ALL_ALGORITHMS 2 +#define LDNS_SIGN_NO_KEYS_NO_NSECS 4 +#define LDNS_SIGN_WITH_ZONEMD_SIMPLE_SHA384 8 +#define LDNS_SIGN_WITH_ZONEMD_SIMPLE_SHA512 16 /** * Create an empty RRSIG RR (i.e. without the actual signature data) diff -Nru ldns-1.7.1/ldns/dnssec_zone.h ldns-1.8.1/ldns/dnssec_zone.h --- ldns-1.7.1/ldns/dnssec_zone.h 2019-07-26 15:07:44.000000000 +0000 +++ ldns-1.8.1/ldns/dnssec_zone.h 2021-12-03 07:45:47.000000000 +0000 @@ -93,7 +93,7 @@ ldns_dnssec_name *soa; /** tree of ldns_dnssec_names */ ldns_rbtree_t *names; - /** tree of ldns_dnssec_names by nsec3 hashes (when applicible) */ + /** tree of ldns_dnssec_names by nsec3 hashes (when applicable) */ ldns_rbtree_t *hashed_names; /** points to the first added NSEC3 rr whose parameters will be * assumed for all subsequent NSEC3 rr's and which will be used @@ -204,7 +204,7 @@ ldns_status ldns_dnssec_rrsets_add_rr(ldns_dnssec_rrsets *rrsets, ldns_rr *rr); /** - * Print the given list of rrsets to the fiven file descriptor + * Print the given list of rrsets to the given file descriptor * * \param[in] out the file descriptor to print to * \param[in] rrsets the list of RRsets to print @@ -215,7 +215,7 @@ bool follow); /** - * Print the given list of rrsets to the fiven file descriptor + * Print the given list of rrsets to the given file descriptor * * \param[in] out the file descriptor to print to * \param[in] fmt the format of the textual representation @@ -297,12 +297,12 @@ /** * Compares the domain names of the two arguments in their - * canonical ordening. + * canonical ordering. * * \param[in] a The first dnssec_name to compare * \param[in] b The second dnssec_name to compare * \return -1 if the domain name of a comes before that of b in canonical - * ordening, 1 if it is the other way around, and 0 if they are + * ordering, 1 if it is the other way around, and 0 if they are * equal */ int ldns_dnssec_name_cmp(const void *a, const void *b); @@ -476,6 +476,8 @@ */ bool ldns_dnssec_zone_is_nsec3_optout(const ldns_dnssec_zone* zone); +ldns_status ldns_dnssec_zone_verify_zonemd(ldns_dnssec_zone *zone); + #ifdef __cplusplus } #endif diff -Nru ldns-1.7.1/ldns/error.h ldns-1.8.1/ldns/error.h --- ldns-1.7.1/ldns/error.h 2019-07-26 15:07:44.000000000 +0000 +++ ldns-1.8.1/ldns/error.h 2021-12-03 07:45:47.000000000 +0000 @@ -129,7 +129,19 @@ LDNS_STATUS_RDATA_OVERFLOW, LDNS_STATUS_SYNTAX_SUPERFLUOUS_TEXT_ERR, LDNS_STATUS_NSEC3_DOMAINNAME_OVERFLOW, - LDNS_STATUS_DANE_NEED_OPENSSL_GE_1_1_FOR_DANE_TA + LDNS_STATUS_DANE_NEED_OPENSSL_GE_1_1_FOR_DANE_TA, + LDNS_STATUS_ZONEMD_DOUBLE_OCCURRENCE, + LDNS_STATUS_ZONEMD_UNKNOWN_SCHEME, + LDNS_STATUS_ZONEMD_UNKNOWN_HASH, + LDNS_STATUS_ZONEMD_INVALID_SOA, + LDNS_STATUS_NO_ZONEMD, + LDNS_STATUS_NO_VALID_ZONEMD, + LDNS_STATUS_SYNTAX_SVCPARAM_KEY_ERR, + LDNS_STATUS_SYNTAX_SVCPARAM_VALUE_ERR, + LDNS_STATUS_RESERVED_SVCPARAM_KEY, + LDNS_STATUS_NO_SVCPARAM_VALUE_EXPECTED, + LDNS_STATUS_SVCPARAM_KEY_MORE_THAN_ONCE, + LDNS_STATUS_INVALID_SVCPARAM_VALUE }; typedef enum ldns_enum_status ldns_status; diff -Nru ldns-1.7.1/ldns/host2str.h ldns-1.8.1/ldns/host2str.h --- ldns-1.7.1/ldns/host2str.h 2019-07-26 15:07:44.000000000 +0000 +++ ldns-1.8.1/ldns/host2str.h 2021-12-03 07:45:47.000000000 +0000 @@ -65,6 +65,8 @@ #define LDNS_FMT_ZEROIZE_RRSIGS (1 << 9) #define LDNS_FMT_PAD_SOA_SERIAL (1 << 10) #define LDNS_FMT_RFC3597 (1 << 11) /* yes */ +/** Prints only answer section of packets and only rdata of RRs **/ +#define LDNS_FMT_SHORT (1 << 12) #define LDNS_FMT_FLAGS_WITH_DATA 2 @@ -76,11 +78,11 @@ /** * Output format specifier * - * Determines how Packets, Resource Records and Resource record data fiels are + * Determines how Packets, Resource Records and Resource record data field are * formatted when printing or converting to string. * Currently it is only used to specify what aspects of a Resource Record are * annotated in the comment section of the textual representation the record. - * This is speciefed with flags and potential exra data (such as for example + * This is specified with flags and potential extra data (such as for example * a lookup map of hashes to real names for annotation NSEC3 records). */ struct ldns_struct_output_format @@ -110,7 +112,7 @@ */ extern const ldns_output_format *ldns_output_format_nocomments; /** - * Standard output format record that annotated only DNSKEY RR's with commenti + * Standard output format record that annotated only DNSKEY RR's with comment * text. */ extern const ldns_output_format *ldns_output_format_onlykeyids; @@ -646,6 +648,14 @@ ldns_status ldns_rdf2buffer_str_amtrelay(ldns_buffer *output, const ldns_rdf *rdf); +/** + * Converts an LDNS_RDF_TYPE_SVCPARAMS rdata element to presentation format. + * \param[in] *rdf The rdata to convert + * \param[in] *output The buffer to add the data to + * \return LDNS_STATUS_OK on success, and error status on failure + */ +ldns_status ldns_rdf2buffer_str_svcparams(ldns_buffer *output, + const ldns_rdf *rdf); /** * Converts the data in the rdata field to presentation format and diff -Nru ldns-1.7.1/ldns/host2wire.h ldns-1.8.1/ldns/host2wire.h --- ldns-1.7.1/ldns/host2wire.h 2019-07-26 15:07:44.000000000 +0000 +++ ldns-1.8.1/ldns/host2wire.h 2021-12-03 07:45:47.000000000 +0000 @@ -130,7 +130,7 @@ * Converts an rr's rdata to wireformat, while excluding * the ownername and all the stuff before the rdata. * This is needed in DNSSEC keytag calculation, the ds - * calcalution from the key and maybe elsewhere. + * calculation from the key and maybe elsewhere. * * \param[out] *output buffer where to put the result * \param[in] *rr rr to operate on @@ -147,6 +147,15 @@ ldns_status ldns_pkt2buffer_wire(ldns_buffer *output, const ldns_pkt *pkt); /** + * Copies the packet data to the buffer in wire format + * \param[out] *output buffer to append the result to + * \param[in] *pkt packet to convert + * \param[out] *compression_data data structure holding state for compression + * \return ldns_status + */ +ldns_status ldns_pkt2buffer_wire_compress(ldns_buffer *output, const ldns_pkt *pkt, ldns_rbtree_t *compression_data); + +/** * Copies the rr_list data to the buffer in wire format * \param[out] *output buffer to append the result to * \param[in] *rrlist rr_list to to convert diff -Nru ldns-1.7.1/ldns/keys.h ldns-1.8.1/ldns/keys.h --- ldns-1.7.1/ldns/keys.h 2019-07-26 15:07:44.000000000 +0000 +++ ldns-1.8.1/ldns/keys.h 2021-12-03 07:45:47.000000000 +0000 @@ -45,26 +45,26 @@ { LDNS_RSAMD5 = 1, /* RFC 4034,4035 */ LDNS_DH = 2, +#if LDNS_BUILD_CONFIG_USE_DSA LDNS_DSA = 3, +#endif /* LDNS_BUILD_CONFIG_USE_DSA */ LDNS_ECC = 4, LDNS_RSASHA1 = 5, +#if LDNS_BUILD_CONFIG_USE_DSA LDNS_DSA_NSEC3 = 6, +#endif /* LDNS_BUILD_CONFIG_USE_DSA */ LDNS_RSASHA1_NSEC3 = 7, LDNS_RSASHA256 = 8, /* RFC 5702 */ LDNS_RSASHA512 = 10, /* RFC 5702 */ LDNS_ECC_GOST = 12, /* RFC 5933 */ LDNS_ECDSAP256SHA256 = 13, /* RFC 6605 */ LDNS_ECDSAP384SHA384 = 14, /* RFC 6605 */ -#ifdef USE_ED25519 - /* this ifdef is internal to ldns, because we do not want to export - * the symbol. Users can define it if they want access, - * the feature is not fully implemented at this time and openssl - * does not support it fully either (also for ED448). */ - LDNS_ED25519 = 15, /* draft-ietf-curdle-dnskey-ed25519 */ -#endif -#ifdef USE_ED448 - LDNS_ED448 = 16, /* draft-ietf-curdle-dnskey-ed448 */ -#endif +#if LDNS_BUILD_CONFIG_USE_ED25519 + LDNS_ED25519 = 15, /* RFC 8080 */ +#endif /* LDNS_BUILD_CONFIG_USE_ED25519 */ +#if LDNS_BUILD_CONFIG_USE_ED448 + LDNS_ED448 = 16, /* RFC 8080 */ +#endif /* LDNS_BUILD_CONFIG_USE_ED448 */ LDNS_INDIRECT = 252, LDNS_PRIVATEDNS = 253, LDNS_PRIVATEOID = 254 @@ -90,20 +90,24 @@ { LDNS_SIGN_RSAMD5 = LDNS_RSAMD5, LDNS_SIGN_RSASHA1 = LDNS_RSASHA1, +#if LDNS_BUILD_CONFIG_USE_DSA LDNS_SIGN_DSA = LDNS_DSA, +#endif /* LDNS_BUILD_CONFIG_USE_DSA */ LDNS_SIGN_RSASHA1_NSEC3 = LDNS_RSASHA1_NSEC3, LDNS_SIGN_RSASHA256 = LDNS_RSASHA256, LDNS_SIGN_RSASHA512 = LDNS_RSASHA512, +#if LDNS_BUILD_CONFIG_USE_DSA LDNS_SIGN_DSA_NSEC3 = LDNS_DSA_NSEC3, +#endif /* LDNS_BUILD_CONFIG_USE_DSA */ LDNS_SIGN_ECC_GOST = LDNS_ECC_GOST, LDNS_SIGN_ECDSAP256SHA256 = LDNS_ECDSAP256SHA256, LDNS_SIGN_ECDSAP384SHA384 = LDNS_ECDSAP384SHA384, -#ifdef USE_ED25519 +#if LDNS_BUILD_CONFIG_USE_ED25519 LDNS_SIGN_ED25519 = LDNS_ED25519, -#endif -#ifdef USE_ED448 +#endif /* LDNS_BUILD_CONFIG_USE_ED25519 */ +#if LDNS_BUILD_CONFIG_USE_ED448 LDNS_SIGN_ED448 = LDNS_ED448, -#endif +#endif /* LDNS_BUILD_CONFIG_USE_ED448 */ LDNS_SIGN_HMACMD5 = 157, /* not official! This type is for TSIG, not DNSSEC */ LDNS_SIGN_HMACSHA1 = 158, /* not official! This type is for TSIG, not DNSSEC */ LDNS_SIGN_HMACSHA256 = 159, /* ditto */ @@ -242,9 +246,7 @@ * \return NULL on failure otherwise a RSA structure */ RSA *ldns_key_new_frm_fp_rsa(FILE *fp); -#endif /* LDNS_BUILD_CONFIG_HAVE_SSL */ -#if LDNS_BUILD_CONFIG_HAVE_SSL /** * frm_fp helper function. This function parses the * remainder of the (RSA) priv. key file generated from bind9 @@ -253,9 +255,9 @@ * \return NULL on failure otherwise a RSA structure */ RSA *ldns_key_new_frm_fp_rsa_l(FILE *fp, int *line_nr); -#endif /* LDNS_BUILD_CONFIG_HAVE_SSL */ -#if LDNS_BUILD_CONFIG_HAVE_SSL + +# if LDNS_BUILD_CONFIG_USE_DSA /** * frm_fp helper function. This function parses the * remainder of the (DSA) priv. key file @@ -263,9 +265,7 @@ * \return NULL on failure otherwise a RSA structure */ DSA *ldns_key_new_frm_fp_dsa(FILE *fp); -#endif /* LDNS_BUILD_CONFIG_HAVE_SSL */ -#if LDNS_BUILD_CONFIG_HAVE_SSL /** * frm_fp helper function. This function parses the * remainder of the (DSA) priv. key file @@ -274,9 +274,8 @@ * \return NULL on failure otherwise a RSA structure */ DSA *ldns_key_new_frm_fp_dsa_l(FILE *fp, int *line_nr); -#endif /* LDNS_BUILD_CONFIG_HAVE_SSL */ +# endif /* LDNS_BUILD_CONFIG_USE_DSA */ -#if LDNS_BUILD_CONFIG_HAVE_SSL /** * frm_fp helper function. This function parses the * remainder of the (HMAC-MD5) key file @@ -286,9 +285,7 @@ * \return NULL on failure otherwise a newly allocated char buffer */ unsigned char *ldns_key_new_frm_fp_hmac(FILE *fp, size_t *hmac_size); -#endif -#if LDNS_BUILD_CONFIG_HAVE_SSL /** * frm_fp helper function. This function parses the * remainder of the (HMAC-MD5) key file @@ -301,13 +298,14 @@ unsigned char *ldns_key_new_frm_fp_hmac_l(FILE *fp, int *line_nr, size_t *hmac_size); #endif /* LDNS_BUILD_CONFIG_HAVE_SSL */ -/* acces write functions */ +/* access write functions */ /** * Set the key's algorithm * \param[in] k the key * \param[in] l the algorithm */ void ldns_key_set_algorithm(ldns_key *k, ldns_signing_algorithm l); + #if LDNS_BUILD_CONFIG_HAVE_SSL /** * Set the key's evp key @@ -324,6 +322,7 @@ */ void ldns_key_set_rsa_key(ldns_key *k, RSA *r); +# if LDNS_BUILD_CONFIG_USE_DSA /** * Set the key's dsa data * The dsa data should be freed by the user. @@ -331,6 +330,7 @@ * \param[in] d the dsa data */ void ldns_key_set_dsa_key(ldns_key *k, DSA *d); +# endif /* LDNS_BUILD_CONFIG_USE_DSA */ /** * Assign the key's rsa data @@ -340,6 +340,7 @@ */ void ldns_key_assign_rsa_key(ldns_key *k, RSA *r); +# if LDNS_BUILD_CONFIG_USE_DSA /** * Assign the key's dsa data * The dsa data will be freed automatically when the key is freed. @@ -347,6 +348,7 @@ * \param[in] d the dsa data */ void ldns_key_assign_dsa_key(ldns_key *k, DSA *d); +# endif /* LDNS_BUILD_CONFIG_USE_DSA */ /** * Get the PKEY id for GOST, loads GOST into openssl as a side effect. @@ -423,7 +425,7 @@ /** * Set the keylist's key count to count * \param[in] key the key - * \param[in] count the cuont + * \param[in] count the count */ void ldns_key_list_set_key_count(ldns_key_list *key, size_t count); @@ -463,13 +465,13 @@ * \return the RSA * structure in the key */ EVP_PKEY *ldns_key_evp_key(const ldns_key *k); -#endif /* LDNS_BUILD_CONFIG_HAVE_SSL */ +# if LDNS_BUILD_CONFIG_USE_DSA /** * returns the (openssl) DSA struct contained in the key */ -#if LDNS_BUILD_CONFIG_HAVE_SSL DSA *ldns_key_dsa_key(const ldns_key *k); +# endif /* LDNS_BUILD_CONFIG_USE_DSA */ #endif /* LDNS_BUILD_CONFIG_HAVE_SSL */ /** @@ -523,7 +525,7 @@ /** * return the key's expiration date * \param[in] k the key - * \return the experiration date + * \return the expiration date */ uint32_t ldns_key_expiration(const ldns_key *k); /** diff -Nru ldns-1.7.1/ldns/net.h.in ldns-1.8.1/ldns/net.h.in --- ldns-1.7.1/ldns/net.h.in 2019-07-26 15:07:44.000000000 +0000 +++ ldns-1.8.1/ldns/net.h.in 2021-12-03 07:45:47.000000000 +0000 @@ -30,7 +30,7 @@ */ /** - * Sends a buffer to an ip using udp and return the respons as a ldns_pkt + * Sends a buffer to an ip using udp and return the response as a ldns_pkt * \param[in] qbin the ldns_buffer to be send * \param[in] to the ip addr to send to * \param[in] tolen length of the ip addr @@ -90,7 +90,7 @@ int ldns_tcp_bgsend(ldns_buffer *qbin, const struct sockaddr_storage *to, socklen_t tolen, struct timeval timeout); /** - * Sends a buffer to an ip using tcp and return the respons as a ldns_pkt + * Sends a buffer to an ip using tcp and return the response as a ldns_pkt * \param[in] qbin the ldns_buffer to be send * \param[in] qbin the ldns_buffer to be send * \param[in] to the ip addr to send to @@ -233,7 +233,7 @@ * returns an rdf with the sockaddr info. works for ip4 and ip6 * \param[in] sock the struct sockaddr_storage to convert * \param[in] port what port was used. When NULL this is not set - * \return ldns_rdf* wth the address + * \return ldns_rdf* with the address */ ldns_rdf * ldns_sockaddr_storage2rdf(const struct sockaddr_storage *sock, uint16_t *port); @@ -241,7 +241,7 @@ * Prepares the resolver for an axfr query * The query is sent and the answers can be read with ldns_axfr_next * \param[in] resolver the resolver to use - * \param[in] domain the domain to exfr + * \param[in] domain the domain to axfr * \param[in] c the class to use * \return ldns_status the status of the transfer */ diff -Nru ldns-1.7.1/ldns/packet.h ldns-1.8.1/ldns/packet.h --- ldns-1.7.1/ldns/packet.h 2019-07-26 15:07:44.000000000 +0000 +++ ldns-1.8.1/ldns/packet.h 2021-12-03 07:45:47.000000000 +0000 @@ -355,9 +355,9 @@ */ ldns_pkt_opcode ldns_pkt_get_opcode(const ldns_pkt *p); /** - * Return the packet's respons code + * Return the packet's response code * \param[in] p the packet - * \return the respons code + * \return the response code */ ldns_pkt_rcode ldns_pkt_get_rcode(const ldns_pkt *p); /** @@ -586,7 +586,7 @@ */ void ldns_pkt_set_opcode(ldns_pkt *p, ldns_pkt_opcode c); /** - * Set the packet's respons code + * Set the packet's response code * \param[in] p the packet * \param[in] c the rcode */ @@ -849,7 +849,7 @@ void ldns_pkt_set_question(ldns_pkt *p, ldns_rr_list *rr); /** - * directly set the auhority section + * directly set the authority section * \param[in] p packet to operate on * \param[in] rr rrlist to set */ diff -Nru ldns-1.7.1/ldns/parse.h ldns-1.8.1/ldns/parse.h --- ldns-1.7.1/ldns/parse.h 2019-07-26 15:07:44.000000000 +0000 +++ ldns-1.8.1/ldns/parse.h 2021-12-03 07:45:47.000000000 +0000 @@ -69,6 +69,32 @@ */ ssize_t ldns_fget_token_l(FILE *f, char *token, const char *delim, size_t limit, int *line_nr); +/** + * returns a token/char from the stream f. + * This function deals with ( and ) in the stream, + * and ignores when it finds them. + * \param[in] *f the file to read from + * \param[out] **token this should be a reference to a string buffer in which + * the token is put. A new buffer will be allocated when + * *token is NULL and fixed is false. If the buffer is too + * small to hold the token, the buffer is reallocated with + * double the size (of limit). + * If fixed is true, the string buffer may not be NULL + * and limit must be set to the buffer size. In that case + * no reallocations will be done. + * \param[in,out] *limit reference to the size of the token buffer. Will be + * reset to the new limit of the token buffer if the + * buffer is reallocated. + * \param [in] fixed If fixed is false, the token buffer is allowed to grow + * when needed (by way of reallocation). If true, the token + * buffer will not be resized. + * \param[in] *delim chars at which the parsing should stop + * \param[in] line_nr pointer to an integer containing the current line number (for debugging purposes) + * \return LDNS_STATUS_OK on success, LDNS_STATUS_SYNTAX_EMPTY when no token + * was read and an error otherwise. + */ +ldns_status ldns_fget_token_l_st(FILE *f, char **token, size_t *limit, bool fixed, const char *delim, int *line_nr); + /** * returns a token/char from the buffer b. * This function deals with ( and ) in the buffer, diff -Nru ldns-1.7.1/ldns/rdata.h ldns-1.8.1/ldns/rdata.h --- ldns-1.7.1/ldns/rdata.h 2019-07-26 15:07:44.000000000 +0000 +++ ldns-1.8.1/ldns/rdata.h 2021-12-03 07:45:47.000000000 +0000 @@ -142,6 +142,9 @@ /** draft-ietf-mboned-driad-amt-discovery **/ LDNS_RDF_TYPE_AMTRELAY, + /** draft-ietf-dnsop-svcb-https **/ + LDNS_RDF_TYPE_SVCPARAMS, + /* Aliases */ LDNS_RDF_TYPE_BITMAP = LDNS_RDF_TYPE_NSEC }; @@ -165,7 +168,22 @@ }; typedef enum ldns_enum_cert_algorithm ldns_cert_algorithm; - +/** + * keys types in SVCPARAMS rdata fields + */ +enum ldns_enum_svcparam_key +{ + LDNS_SVCPARAM_KEY_MANDATORY = 0, + LDNS_SVCPARAM_KEY_ALPN = 1, + LDNS_SVCPARAM_KEY_NO_DEFAULT_ALPN = 2, + LDNS_SVCPARAM_KEY_PORT = 3, + LDNS_SVCPARAM_KEY_IPV4HINT = 4, + LDNS_SVCPARAM_KEY_ECHCONFIG = 5, + LDNS_SVCPARAM_KEY_IPV6HINT = 6, + LDNS_SVCPARAM_KEY_LAST_KEY = 6, + LDNS_SVCPARAM_KEY_RESERVED = 65535 +}; +typedef enum ldns_enum_svcparam_key ldns_svcparam_key; /** * Resource record data field. @@ -243,7 +261,7 @@ /** * allocates a new rdf structure and fills it. * This function DOES NOT copy the contents from - * the buffer, unlinke ldns_rdf_new_frm_data() + * the buffer, unlike ldns_rdf_new_frm_data() * \param[in] type type of the rdf * \param[in] size size of the buffer * \param[in] data pointer to the buffer to be copied @@ -254,7 +272,7 @@ /** * allocates a new rdf structure and fills it. * This function _does_ copy the contents from - * the buffer, unlinke ldns_rdf_new() + * the buffer, unlike ldns_rdf_new() * \param[in] type type of the rdf * \param[in] size size of the buffer * \param[in] data pointer to the buffer to be copied diff -Nru ldns-1.7.1/ldns/resolver.h ldns-1.8.1/ldns/resolver.h --- ldns-1.7.1/ldns/resolver.h 2019-07-26 15:07:44.000000000 +0000 +++ ldns-1.8.1/ldns/resolver.h 2021-12-03 07:45:47.000000000 +0000 @@ -250,7 +250,7 @@ /** * Get the resolver's DNSSEC anchors * \param[in] r the resolver - * \return an rr_list containg trusted DNSSEC anchors + * \return an rr_list containing trusted DNSSEC anchors */ ldns_rr_list * ldns_resolver_dnssec_anchors(const ldns_resolver *r); /** @@ -730,7 +730,7 @@ ldns_status ldns_resolver_new_frm_file(ldns_resolver **r, const char *filename); /** - * Frees the allocated space for this resolver. Only frees the resolver pionter! You should probably be using _deep_free. + * Frees the allocated space for this resolver. Only frees the resolver pointer! You should probably be using _deep_free. * \param res resolver to free */ void ldns_resolver_free(ldns_resolver *res); @@ -766,7 +766,7 @@ /** * Returns a pointer to the last ldns_pkt that was sent by the server in the AXFR transfer - * uasable for instance to get the error code on failure + * usable for instance to get the error code on failure * \param[in] res the resolver that was used in the axfr transfer * \return ldns_pkt the last packet sent */ diff -Nru ldns-1.7.1/ldns/rr_functions.h ldns-1.8.1/ldns/rr_functions.h --- ldns-1.7.1/ldns/rr_functions.h 2019-07-26 15:07:44.000000000 +0000 +++ ldns-1.8.1/ldns/rr_functions.h 2021-12-03 07:45:47.000000000 +0000 @@ -121,9 +121,9 @@ */ ldns_rdf* ldns_rr_rrsig_expiration(const ldns_rr *r); /** - * sets the expireation date of a LDNS_RR_TYPE_RRSIG rr + * sets the expiration date of a LDNS_RR_TYPE_RRSIG rr * \param[in] r the rr to use - * \param[in] f the expireation date to set + * \param[in] f the expiration date to set * \return true on success, false otherwise */ bool ldns_rr_rrsig_set_expiration(ldns_rr *r, ldns_rdf *f); diff -Nru ldns-1.7.1/ldns/rr.h ldns-1.8.1/ldns/rr.h --- ldns-1.7.1/ldns/rr.h 2019-07-26 15:07:44.000000000 +0000 +++ ldns-1.8.1/ldns/rr.h 2021-12-03 07:45:47.000000000 +0000 @@ -191,7 +191,9 @@ LDNS_RR_TYPE_CDNSKEY = 60, /* RFC 7344 */ LDNS_RR_TYPE_OPENPGPKEY = 61, /* RFC 7929 */ LDNS_RR_TYPE_CSYNC = 62, /* RFC 7477 */ - LDNS_RR_TYPE_ZONEMD = 63, /* draft-wessels-dns-zone-digest */ + LDNS_RR_TYPE_ZONEMD = 63, /* draft-ietf-dnsop-dns-zone-digest */ + LDNS_RR_TYPE_SVCB = 64, /* draft-ietf-dnsop-svcb-https */ + LDNS_RR_TYPE_HTTPS = 65, /* draft-ietf-dnsop-svcb-https */ LDNS_RR_TYPE_SPF = 99, /* RFC 4408 */ @@ -525,7 +527,7 @@ * \param[in] *rr the rr to operate on * \param[in] *f the rdf to set * \param[in] position the position the set the rdf - * \return the old value in the rr, NULL on failyre + * \return the old value in the rr, NULL on failure */ ldns_rdf* ldns_rr_set_rdf(ldns_rr *rr, const ldns_rdf *f, size_t position); @@ -815,7 +817,7 @@ bool ldns_rr_compare_ds(const ldns_rr *rr1, const ldns_rr *rr2); /** - * compares two rr listss. + * compares two rr lists. * \param[in] rrl1 the first one * \param[in] rrl2 the second one * \return 0 if equal diff -Nru ldns-1.7.1/ldns/sha1.h ldns-1.8.1/ldns/sha1.h --- ldns-1.7.1/ldns/sha1.h 2019-07-26 15:07:44.000000000 +0000 +++ ldns-1.8.1/ldns/sha1.h 2021-12-03 07:45:47.000000000 +0000 @@ -1,6 +1,13 @@ #ifndef LDNS_SHA1_H #define LDNS_SHA1_H +#include /* uint32_t and friends */ +#include /* size_t and NULL */ + +#if LDNS_BUILD_CONFIG_HAVE_INTTYPES_H +# include +#endif + #ifdef __cplusplus extern "C" { #endif @@ -29,7 +36,7 @@ * available * \return the SHA1 digest of the given data */ -unsigned char *ldns_sha1(unsigned char *data, unsigned int data_len, unsigned char *digest); +unsigned char *ldns_sha1(const unsigned char *data, unsigned int data_len, unsigned char *digest); #ifdef __cplusplus } diff -Nru ldns-1.7.1/ldns/sha2.h ldns-1.8.1/ldns/sha2.h --- ldns-1.7.1/ldns/sha2.h 2019-07-26 15:07:44.000000000 +0000 +++ ldns-1.8.1/ldns/sha2.h 2021-12-03 07:45:47.000000000 +0000 @@ -46,23 +46,16 @@ #ifndef __LDNS_SHA2_H__ #define __LDNS_SHA2_H__ -#ifdef __cplusplus -extern "C" { -#endif - - -/* - * Import u_intXX_t size_t type definitions from system headers. You - * may need to change this, or define these things yourself in this - * file. - */ -#include +#include /* uint32_t and friends */ +#include /* size_t and NULL */ #if LDNS_BUILD_CONFIG_HAVE_INTTYPES_H +# include +#endif -#include - -#endif /* LDNS_BUILD_CONFIG_HAVE_INTTYPES_H */ +#ifdef __cplusplus +extern "C" { +#endif /*** SHA-256/384/512 Various Length Definitions ***********************/ @@ -116,7 +109,7 @@ * available * \return the SHA1 digest of the given data */ -unsigned char *ldns_sha256(unsigned char *data, unsigned int data_len, unsigned char *digest); +unsigned char *ldns_sha256(const unsigned char *data, unsigned int data_len, unsigned char *digest); /** * Convenience function to digest a fixed block of data at once. @@ -128,7 +121,7 @@ * available * \return the SHA1 digest of the given data */ -unsigned char *ldns_sha384(unsigned char *data, unsigned int data_len, unsigned char *digest); +unsigned char *ldns_sha384(const unsigned char *data, unsigned int data_len, unsigned char *digest); /** * Convenience function to digest a fixed block of data at once. @@ -140,7 +133,7 @@ * available * \return the SHA1 digest of the given data */ -unsigned char *ldns_sha512(unsigned char *data, unsigned int data_len, unsigned char *digest); +unsigned char *ldns_sha512(const unsigned char *data, unsigned int data_len, unsigned char *digest); #ifdef __cplusplus } diff -Nru ldns-1.7.1/ldns/str2host.h ldns-1.8.1/ldns/str2host.h --- ldns-1.7.1/ldns/str2host.h 2019-07-26 15:07:44.000000000 +0000 +++ ldns-1.8.1/ldns/str2host.h 2021-12-03 07:45:47.000000000 +0000 @@ -312,16 +312,26 @@ ldns_status ldns_str2rdf_hip(ldns_rdf **rd, const char *str); /** - * Concert a" " encoding + * Convert a " " encoding * of the value field as specified in Section 4.3.1 of * [draft-ietf-mboned-driad-amt-discovery], encoded as wireformat as specified in - * ection 4.2 of [draft-ietf-mboned-driad-amt-discovery] + * Section 4.2 of [draft-ietf-mboned-driad-amt-discovery] * \param[in] rd the rdf where to put the data * \param[in] str the string to be converted * \return ldns_status */ ldns_status ldns_str2rdf_amtrelay(ldns_rdf **rd, const char *str); +/** + * Convert a series of "key[=]" encodings to wireformat as described in + * [draft-ietf-dnsop-svcb-https]. + * \param[in] rd the rdf where to put the data + * \param[in] str the string to be converted + * \return ldns_status + */ +ldns_status ldns_str2rdf_svcparams(ldns_rdf **rd, const char *str); + + #ifdef __cplusplus } #endif diff -Nru ldns-1.7.1/ldns/util.h.in ldns-1.8.1/ldns/util.h.in --- ldns-1.7.1/ldns/util.h.in 2019-07-26 15:07:44.000000000 +0000 +++ ldns-1.8.1/ldns/util.h.in 2021-12-03 07:45:47.000000000 +0000 @@ -274,19 +274,22 @@ /** * The function interprets time as the number of seconds since epoch - * with respect to now using serial arithmitics (rfc1982). + * with respect to now using serial arithmetics (rfc1982). * That number of seconds is then converted to broken-out time information. * This is especially useful when converting the inception and expiration * fields of RRSIG records. * * \param[in] time number of seconds since epoch (midnight, January 1st, 1970) - * to be intepreted as a serial arithmitics number relative to now. + * to be interpreted as a serial arithmetics number relative to now. * \param[in] now number of seconds since epoch (midnight, January 1st, 1970) * to which the time value is compared to determine the final value. * \param[out] result the struct with the broken-out time information * \return result on success or NULL on error */ -struct tm * ldns_serial_arithmitics_gmtime_r(int32_t time, time_t now, struct tm *result); +struct tm * ldns_serial_arithmetics_gmtime_r(int32_t time, time_t now, struct tm *result); + +/* previously used wrong spelling */ +#define ldns_serial_arithmitics_gmtime_r ldns_serial_arithmetics_gmtime_r /** * Seed the random function. diff -Nru ldns-1.7.1/libdns.doxygen ldns-1.8.1/libdns.doxygen --- ldns-1.7.1/libdns.doxygen 2019-07-26 15:07:44.000000000 +0000 +++ ldns-1.8.1/libdns.doxygen 2021-12-03 07:45:47.000000000 +0000 @@ -1456,7 +1456,7 @@ FORMULA_FONTSIZE = 10 -# Use the FORMULA_TRANPARENT tag to determine whether or not the images +# Use the FORMULA_TRANSPARENT tag to determine whether or not the images # generated for formulas are transparent PNGs. Transparent PNGs are not # supported properly for IE 6.0, but are supported on all modern browsers. # diff -Nru ldns-1.7.1/ltmain.sh ldns-1.8.1/ltmain.sh --- ldns-1.7.1/ltmain.sh 2019-07-26 15:07:48.000000000 +0000 +++ ldns-1.8.1/ltmain.sh 2021-12-03 07:45:54.000000000 +0000 @@ -31,7 +31,7 @@ PROGRAM=libtool PACKAGE=libtool -VERSION="2.4.6 Debian-2.4.6-10" +VERSION="2.4.6 Debian-2.4.6-15" package_revision=2.4.6 @@ -387,7 +387,7 @@ # putting '$debug_cmd' at the start of all your functions, you can get # bash to show function call trace with: # -# debug_cmd='eval echo "${FUNCNAME[0]} $*" >&2' bash your-script-name +# debug_cmd='echo "${FUNCNAME[0]} $*" >&2' bash your-script-name debug_cmd=${debug_cmd-":"} exit_cmd=: @@ -2141,7 +2141,7 @@ compiler: $LTCC compiler flags: $LTCFLAGS linker: $LD (gnu? $with_gnu_ld) - version: $progname $scriptversion Debian-2.4.6-10 + version: $progname $scriptversion Debian-2.4.6-15 automake: `($AUTOMAKE --version) 2>/dev/null |$SED 1q` autoconf: `($AUTOCONF --version) 2>/dev/null |$SED 1q` @@ -7368,10 +7368,12 @@ # -stdlib=* select c++ std lib with clang # -fsanitize=* Clang/GCC memory and address sanitizer # -fuse-ld=* Linker select flags for GCC + # -static-* direct GCC to link specific libraries statically + # -fcilkplus Cilk Plus language extension features for C/C++ -64|-mips[0-9]|-r[0-9][0-9]*|-xarch=*|-xtarget=*|+DA*|+DD*|-q*|-m*| \ -t[45]*|-txscale*|-p|-pg|--coverage|-fprofile-*|-F*|@*|-tp=*|--sysroot=*| \ -O*|-g*|-flto*|-fwhopr*|-fuse-linker-plugin|-fstack-protector*|-stdlib=*| \ - -specs=*|-fsanitize=*|-fuse-ld=*) + -specs=*|-fsanitize=*|-fuse-ld=*|-static-*|-fcilkplus) func_quote_for_eval "$arg" arg=$func_quote_for_eval_result func_append compile_command " $arg" diff -Nru ldns-1.7.1/m4/ax_config_feature.m4 ldns-1.8.1/m4/ax_config_feature.m4 --- ldns-1.7.1/m4/ax_config_feature.m4 2019-07-26 15:07:44.000000000 +0000 +++ ldns-1.8.1/m4/ax_config_feature.m4 2021-12-03 07:45:47.000000000 +0000 @@ -1,5 +1,5 @@ # =========================================================================== -# http://www.gnu.org/software/autoconf-archive/ax_config_feature.html +# https://www.gnu.org/software/autoconf-archive/ax_config_feature.html # =========================================================================== # # SYNOPSIS @@ -73,7 +73,7 @@ # Public License for more details. # # You should have received a copy of the GNU General Public License along -# with this program. If not, see . +# with this program. If not, see . # # As a special exception, the respective Autoconf Macro's copyright owner # gives unlimited permission to copy, distribute and modify the configure @@ -88,7 +88,7 @@ # modified version of the Autoconf Macro, you may extend this special # exception to the GPL to apply to your modified version as well. -#serial 10 +#serial 11 AC_DEFUN([AX_CONFIG_FEATURE],[ dnl m4_pushdef([FEATURE], patsubst([$1], -, _))dnl diff -Nru ldns-1.7.1/m4/ax_have_poll.m4 ldns-1.8.1/m4/ax_have_poll.m4 --- ldns-1.7.1/m4/ax_have_poll.m4 2019-07-26 15:07:44.000000000 +0000 +++ ldns-1.8.1/m4/ax_have_poll.m4 2021-12-03 07:45:47.000000000 +0000 @@ -1,5 +1,5 @@ # =========================================================================== -# http://www.gnu.org/software/autoconf-archive/ax_have_poll.html +# https://www.gnu.org/software/autoconf-archive/ax_have_poll.html # =========================================================================== # # SYNOPSIS @@ -34,7 +34,7 @@ # and this notice are preserved. This file is offered as-is, without any # warranty. -#serial 7 +#serial 8 AC_DEFUN([AX_HAVE_POLL], [dnl AC_MSG_CHECKING([for poll(2)]) diff -Nru ldns-1.7.1/m4/libtool.m4 ldns-1.8.1/m4/libtool.m4 --- ldns-1.7.1/m4/libtool.m4 2019-07-26 15:07:48.000000000 +0000 +++ ldns-1.8.1/m4/libtool.m4 2021-12-03 07:45:54.000000000 +0000 @@ -1041,8 +1041,8 @@ _LT_EOF echo "$LTCC $LTCFLAGS -c -o conftest.o conftest.c" >&AS_MESSAGE_LOG_FD $LTCC $LTCFLAGS -c -o conftest.o conftest.c 2>&AS_MESSAGE_LOG_FD - echo "$AR cru libconftest.a conftest.o" >&AS_MESSAGE_LOG_FD - $AR cru libconftest.a conftest.o 2>&AS_MESSAGE_LOG_FD + echo "$AR cr libconftest.a conftest.o" >&AS_MESSAGE_LOG_FD + $AR cr libconftest.a conftest.o 2>&AS_MESSAGE_LOG_FD echo "$RANLIB libconftest.a" >&AS_MESSAGE_LOG_FD $RANLIB libconftest.a 2>&AS_MESSAGE_LOG_FD cat > conftest.c << _LT_EOF @@ -1071,11 +1071,11 @@ # to the OS version, if on x86, and 10.4, the deployment # target defaults to 10.4. Don't you love it? case ${MACOSX_DEPLOYMENT_TARGET-10.0},$host in - 10.0,*86*-darwin8*|10.0,*-darwin[[91]]*) + 10.0,*86*-darwin8*|10.0,*-darwin[[912]]*) _lt_dar_allow_undefined='$wl-undefined ${wl}dynamic_lookup' ;; 10.[[012]][[,.]]*) _lt_dar_allow_undefined='$wl-flat_namespace $wl-undefined ${wl}suppress' ;; - 10.*) + 10.*|11.*) _lt_dar_allow_undefined='$wl-undefined ${wl}dynamic_lookup' ;; esac ;; @@ -1492,7 +1492,7 @@ m4_defun([_LT_PROG_AR], [AC_CHECK_TOOLS(AR, [ar], false) : ${AR=ar} -: ${AR_FLAGS=cru} +: ${AR_FLAGS=cr} _LT_DECL([], [AR], [1], [The archiver]) _LT_DECL([], [AR_FLAGS], [1], [Flags to create an archive]) diff -Nru ldns-1.7.1/Makefile.in ldns-1.8.1/Makefile.in --- ldns-1.7.1/Makefile.in 2019-07-26 15:07:44.000000000 +0000 +++ ldns-1.8.1/Makefile.in 2021-12-03 07:45:47.000000000 +0000 @@ -40,15 +40,29 @@ # override $U variable which is used by autotools for deansification (for # K&R C compilers), but causes problems if $U is defined in the env). U= + +# set all of the tools due to cross-compiles. libtool uses most of them. +# https://www.gnu.org/software/make/manual/html_node/Implicit-Variables.html CC = @CC@ +CXX = @CXX@ +CPP = @CPP@ +LD = @LD@ +AS = @AS@ +AR = @AR@ +RANLIB = @RANLIB@ +STRIP = @STRIP@ + +# Unbound project specific flags CFLAGS = @CFLAGS@ CPPFLAGS = -I. -I$(srcdir) @CPPFLAGS@ @DEFS@ -DLDNS_TRUST_ANCHOR_FILE="\"$(LDNS_TRUST_ANCHOR_FILE)\"" +ARFLAGS = @ARFLAGS@ LDFLAGS = @LDFLAGS@ + LIBS = @LIBS@ LIBOBJDIR = compat/ LIBOBJS = @LIBOBJS@ PYTHON_CPPFLAGS = @PYTHON_CPPFLAGS@ -PYTHON_LDFLAGS = @PYTHON_LDFLAGS@ +PYTHON_LIBS = @PYTHON_LIBS@ PYTHON_X_CFLAGS = @PYTHON_X_CFLAGS@ LIBSSL_CPPFLAGS = @LIBSSL_CPPFLAGS@ LIBSSL_LDFLAGS = @LIBSSL_LDFLAGS@ @@ -72,15 +86,15 @@ LINTFLAGS += -D"_RuneLocale=int" DEPFLAG = @DEPFLAG@ -INSTALL = $(srcdir)/install-sh +INSTALL = $(srcdir)/install-sh LIBLOBJS = $(LIBOBJS:.o=.lo) -LDNS_LOBJS = buffer.lo dane.lo dname.lo dnssec.lo dnssec_sign.lo dnssec_verify.lo dnssec_zone.lo duration.lo error.lo higher.lo host2str.lo host2wire.lo keys.lo net.lo packet.lo parse.lo radix.lo rbtree.lo rdata.lo resolver.lo rr.lo rr_functions.lo sha1.lo sha2.lo str2host.lo tsig.lo update.lo util.lo wire2host.lo zone.lo +LDNS_LOBJS = buffer.lo dane.lo dname.lo dnssec.lo dnssec_sign.lo dnssec_verify.lo dnssec_zone.lo duration.lo error.lo higher.lo host2str.lo host2wire.lo keys.lo net.lo packet.lo parse.lo radix.lo rbtree.lo rdata.lo resolver.lo rr.lo rr_functions.lo sha1.lo sha2.lo str2host.lo tsig.lo update.lo util.lo wire2host.lo zone.lo LDNS_LOBJS_EX = ^linktest\.c$$ LDNS_ALL_LOBJS = $(LDNS_LOBJS) $(LIBLOBJS) LIB = libldns.la -LDNS_HEADERS = buffer.h dane.h dname.h dnssec.h dnssec_sign.h dnssec_verify.h dnssec_zone.h duration.h error.h higher.h host2str.h host2wire.h keys.h ldns.h packet.h parse.h radix.h rbtree.h rdata.h resolver.h rr_functions.h rr.h sha1.h sha2.h str2host.h tsig.h update.h wire2host.h zone.h +LDNS_HEADERS = buffer.h dane.h dname.h dnssec.h dnssec_sign.h dnssec_verify.h dnssec_zone.h duration.h error.h higher.h host2str.h host2wire.h keys.h ldns.h packet.h parse.h radix.h rbtree.h rdata.h resolver.h rr_functions.h rr.h sha1.h sha2.h str2host.h tsig.h update.h wire2host.h zone.h LDNS_HEADERS_EX = ^config\.h|common\.h|util\.h|net\.h$$ LDNS_HEADERS_GEN= common.h util.h net.h @@ -89,8 +103,8 @@ DRILL_LOBJS = drill/chasetrace.lo drill/dnssec.lo drill/drill.lo drill/drill_util.lo drill/error.lo drill/root.lo drill/securetrace.lo drill/work.lo EXAMPLE_LOBJS = examples/ldns-chaos.lo examples/ldns-compare-zones.lo examples/ldns-dane.lo examples/ldnsd.lo examples/ldns-dpa.lo examples/ldns-gen-zone.lo examples/ldns-key2ds.lo examples/ldns-keyfetcher.lo examples/ldns-keygen.lo examples/ldns-mx.lo examples/ldns-notify.lo examples/ldns-nsec3-hash.lo examples/ldns-read-zone.lo examples/ldns-resolver.lo examples/ldns-revoke.lo examples/ldns-rrsig.lo examples/ldns-signzone.lo examples/ldns-test-edns.lo examples/ldns-testns.lo examples/ldns-testpkts.lo examples/ldns-update.lo examples/ldns-verify-zone.lo examples/ldns-version.lo examples/ldns-walk.lo examples/ldns-zcat.lo examples/ldns-zsplit.lo -EXAMPLE_PROGS = examples/ldns-chaos examples/ldns-compare-zones examples/ldnsd examples/ldns-gen-zone examples/ldns-key2ds examples/ldns-keyfetcher examples/ldns-keygen examples/ldns-mx examples/ldns-notify examples/ldns-read-zone examples/ldns-resolver examples/ldns-rrsig examples/ldns-test-edns examples/ldns-update examples/ldns-version examples/ldns-walk examples/ldns-zcat examples/ldns-zsplit -EX_PROGS_BASENM = ldns-chaos ldns-compare-zones ldns-dane ldnsd ldns-dpa ldns-gen-zone ldns-key2ds ldns-keyfetcher ldns-keygen ldns-mx ldns-notify ldns-nsec3-hash ldns-read-zone ldns-resolver ldns-revoke ldns-rrsig ldns-signzone ldns-test-edns ldns-testns ldns-testpkts ldns-update ldns-verify-zone ldns-version ldns-walk ldns-zcat ldns-zsplit +EXAMPLE_PROGS = examples/ldns-chaos examples/ldns-compare-zones examples/ldnsd examples/ldns-gen-zone examples/ldns-key2ds examples/ldns-keyfetcher examples/ldns-keygen examples/ldns-mx examples/ldns-notify examples/ldns-read-zone examples/ldns-resolver examples/ldns-rrsig examples/ldns-test-edns examples/ldns-update examples/ldns-version examples/ldns-walk examples/ldns-zcat examples/ldns-zsplit +EX_PROGS_BASENM = ldns-chaos ldns-compare-zones ldns-dane ldnsd ldns-dpa ldns-gen-zone ldns-key2ds ldns-keyfetcher ldns-keygen ldns-mx ldns-notify ldns-nsec3-hash ldns-read-zone ldns-resolver ldns-revoke ldns-rrsig ldns-signzone ldns-test-edns ldns-testns ldns-testpkts ldns-update ldns-verify-zone ldns-version ldns-walk ldns-zcat ldns-zsplit EXAMPLE_PROGS_EX= ^examples/ldns-testpkts\.c|examples/ldns-testns\.c|examples/ldns-dane\.c|examples/ldns-dpa\.c|examples/ldns-nsec3-hash\.c|examples/ldns-revoke\.c|examples/ldns-signzone\.c|examples/ldns-verify-zone\.c$$ TESTNS = examples/ldns-testns TESTNS_LOBJS = examples/ldns-testns.lo examples/ldns-testpkts.lo @@ -118,6 +132,10 @@ .c.lo: $(COMP_LIB) $(LIBSSL_CPPFLAGS) -c $< -o $@ +# Need libtool compile +.c.o: + $(COMP_LIB) $(LIBSSL_CPPFLAGS) -c $< -o $@ + $(LDNS_LOBJS) $(LIBLOBJS) $(DRILL_LOBJS) $(EXAMPLE_LOBJS): $(COMP_LIB) $(LIBSSL_CPPFLAGS) -c $(srcdir)/$(@:.lo=.c) -o $@ @@ -130,12 +148,14 @@ @if test ! -d include ; then $(INSTALL) -d include; fi @if test ! -h include/ldns ; then ln -s ../ldns include/ldns || echo "include/ldns exists"; fi +# builddir/ is used by 60-compile-builddir putdown-builddir: rm -f include/ldns lib config.h test ! -d include || rmdir include || : if test -d examples -a ! -f examples/README; then rmdir examples || : ; fi if test -d drill -a ! -f drill/README ; then rmdir drill || : ; fi if test -d compat -a ! -f compat/malloc.c; then rmdir compat || : ; fi + rm -rf builddir/ drill: no-drill-config-h drill/drill drill/drill.1 no-drill-config-h: @@ -148,7 +168,7 @@ fi drill/drill: $(DRILL_LOBJS) $(LIB) $(LIBLOBJS) - $(LINK_EXE) $(DRILL_LOBJS) $(LIBLOBJS) $(LIBS) $(LIBSSL_LIBS) -lldns -o drill/drill + $(LINK_EXE) $(DRILL_LOBJS) $(LIBLOBJS) $(LIB) $(LIBSSL_LIBS) $(LIBS) -o drill/drill drill/drill.1: $(srcdir)/drill/drill.1.in $(edit) $(srcdir)/drill/drill.1.in > drill/drill.1 @@ -178,22 +198,25 @@ exit -1 ; \ fi +# Need LIBSSL_LIBS $(EXAMPLE_PROGS): - $(LINK_EXE) $@.lo $(LIBLOBJS) $(LIBS) -lldns -o $@ + $(LINK_EXE) $@.lo $(LIBLOBJS) $(LIB) $(LIBSSL_LIBS) $(LIBS) -o $@ +# Need LIBSSL_LIBS $(TESTNS): - $(LINK_EXE) $(TESTNS_LOBJS) $(LIBLOBJS) $(LIBS) -lldns -o $(TESTNS) + $(LINK_EXE) $(TESTNS_LOBJS) $(LIBLOBJS) $(LIB) $(LIBSSL_LIBS) $(LIBS) -o $(TESTNS) +# Need LIBSSL_LIBS $(LDNS_DPA): - $(LINK_EXE) $(LDNS_DPA_LOBJS) $(LIBLOBJS) $(LIBS) $(LIBPCAP_LIBS) -lldns \ + $(LINK_EXE) $(LDNS_DPA_LOBJS) $(LIBLOBJS) $(LIB) $(LIBPCAP_LIBS) $(LIBSSL_LIBS) $(LIBS) \ -o $(LDNS_DPA) $(LDNS_DANE): - $(LINK_EXE) $(LDNS_DANE_LOBJS) $(LIBLOBJS) -lldns $(LIBS) $(LIBSSL_SSL_LIBS) \ + $(LINK_EXE) $(LDNS_DANE_LOBJS) $(LIBLOBJS) $(LIB) $(LIBSSL_SSL_LIBS) $(LIBS) \ -o $(LDNS_DANE) $(EX_SSL_PROGS): - $(LINK_EXE) $@.lo $(LIBLOBJS) $(LIBS) $(LIBSSL_LIBS) -lldns -o $@ + $(LINK_EXE) $@.lo $(LIBLOBJS) $(LIB) $(LIBSSL_LIBS) $(LIBS) -o $@ examples/ldns-dane.1: $(srcdir)/examples/ldns-dane.1.in $(edit) $(srcdir)/examples/ldns-dane.1.in > examples/ldns-dane.1 @@ -221,14 +244,14 @@ test ! -d $(DESTDIR)$(bindir) || rmdir -p $(DESTDIR)$(bindir) || : ; clean-examples: - $(LIBTOOL) --mode clean rm -f $(EXAMPLE_PROGS) + $(LIBTOOL) --mode clean rm -f $(EXAMPLE_PROGS) $(LIBTOOL) --mode clean rm -f $(TESTNS) $(LDNS_DPA) $(LDNS_DANE) $(EX_SSL_PROGS) $(LIBTOOL) --mode clean rm -f $(EXAMPLE_LOBJS) $(LIBTOOL) --mode clean rm -f examples/ldns-dane.1 examples/ldns-verify-zone.1 linktest: $(srcdir)/linktest.c libldns.la $(COMP_LIB) $(LIBSSL_CPPFLAGS) -c $(srcdir)/linktest.c -o linktest.lo - $(LINK_EXE) linktest.lo $(LIBS) $(LIBSSL_LIBS) -lldns -o linktest + $(LINK_EXE) linktest.lo $(LIB) $(LIBSSL_LIBS) $(LIBS) -o linktest lib: libldns.la @@ -252,7 +275,7 @@ doc: manpages $(doxygen) @$(INSTALL) -d doc -manpages: $(srcdir)/doc/function_manpages +manpages: $(srcdir)/doc/function_manpages @$(INSTALL) -d doc/man/man3 @if [ -f $(srcdir)/doc/man/man3/ldns_rr.3 ] ; \ then \ @@ -274,7 +297,7 @@ | grep -v ^doxygen | grep -v ^cat > doc/ldns_manpages; \ fi -manpage-create-errors: $(srcdir)/doc/function_manpages +manpage-create-errors: $(srcdir)/doc/function_manpages @$(INSTALL) -d doc @cat $(srcdir)/ldns/*.h \ | $(srcdir)/doc/doxyparse.pl -e \ @@ -300,8 +323,8 @@ ldns_wrapper.lo: $(pywrapdir)/ldns_wrapper.c ldns/config.h $(COMP_LIB) -I./include/ldns $(LIBSSL_CPPFLAGS) $(PYTHON_CPPFLAGS) $(PYTHON_X_CFLAGS) -c $(pywrapdir)/ldns_wrapper.c -o $@ -_ldns.la: ldns_wrapper.lo libldns.la - $(LIBTOOL) --tag=CC --mode=link $(CC) $(CFLAGS) $(PYTHON_CFLAGS) $(LDFLAGS) $(PYTHON_LDFLAGS) -module -version-info $(version_info) -no-undefined -o $@ ldns_wrapper.lo -rpath $(python_site) -L. -L.libs -lldns $(LIBS) +_ldns.la: ldns_wrapper.lo libldns.la + $(LIBTOOL) --tag=CC --mode=link $(CC) $(CFLAGS) $(PYTHON_CFLAGS) $(LDFLAGS) -module -version-info $(version_info) -no-undefined -o $@ ldns_wrapper.lo -rpath $(python_site) -L. -L.libs $(LIB) $(PYTHON_LIBS) $(LIBS) $(p5_dns_ldns_dir)/Makefile: $(p5_dns_ldns_dir)/Makefile.PL BUILDDIR=`pwd`; cd $(p5_dns_ldns_dir); LD_LIBRARY_PATH="$$BUILDDIR/.libs:$$LD_LIBRARY_PATH" DYLD_LIBRARY_PATH="$$BUILDDIR/.libs:$$DYLD_LIBRARY_PATH" $(PERL) Makefile.PL LIBS="-L$$BUILDDIR/.libs -lldns" INC="-I$$BUILDDIR" @@ -327,7 +350,7 @@ uninstall: uninstall-manpages @UNINSTALL_CONFIG@ uninstall-h uninstall-lib uninstall-pc $(pyldns_uninst) $(pyldnsx_uninst) @UNINSTALL_P5_DNS_LDNS@ @UNINSTALL_DRILL@ @UNINSTALL_EXAMPLES@ -destclean: uninstall +distclean: uninstall install-config: $(INSTALL) -d $(DESTDIR)$(bindir) @@ -370,8 +393,8 @@ test ! -d $(DESTDIR)$(includedir)/ldns || rmdir -p $(DESTDIR)$(includedir)/ldns || echo "ok, dir already gone" exit 0 -packaging/libldns.pc: packaging/libldns.pc.in - ./config.status $@ +packaging/libldns.pc: $(srcdir)/packaging/libldns.pc.in + ./config.status --file=$@ install-pc: packaging/libldns.pc $(INSTALL) -m 644 packaging/libldns.pc $(DESTDIR)$(libdir)/pkgconfig/ldns.pc @@ -385,7 +408,7 @@ $(LIBTOOL) --mode=install cp libldns.la $(DESTDIR)$(libdir) $(LIBTOOL) --mode=finish $(DESTDIR)$(libdir) -uninstall-lib: +uninstall-lib: $(LIBTOOL) --mode=uninstall rm -f $(DESTDIR)$(libdir)/libldns.la test ! -d $(DESTDIR)$(libdir) || rmdir -p $(DESTDIR)$(libdir) || echo "ok, dir already gone" @@ -395,7 +418,7 @@ $(LIBTOOL) --mode=install cp _ldns.la $(DESTDIR)$(python_site) $(LIBTOOL) --mode=finish $(DESTDIR)$(python_site) -uninstall-pyldns: +uninstall-pyldns: rm -f $(DESTDIR)$(python_site)/ldns/* test ! -d $(DESTDIR)$(python_site)/ldns || rmdir $(DESTDIR)$(python_site)/ldns || echo "ok, dir already gone" @@ -450,7 +473,7 @@ rm -f doc/ldns_manpages distclean: realclean - rm -fr autom4te.cache + rm -fr autom4te.cache rm -f config.guess config.sub configure ltmain.sh ldns/config.h.in ## No need for changes here diff -Nru ldns-1.7.1/net.c ldns-1.8.1/net.c --- ldns-1.7.1/net.c 2019-07-26 15:07:44.000000000 +0000 +++ ldns-1.8.1/net.c 2021-12-03 07:45:47.000000000 +0000 @@ -463,7 +463,7 @@ } /* set to nonblocking, so if the checksum is bad, it becomes - * an EGAIN error and the ldns_udp_send function does not block, + * an EAGAIN error and the ldns_udp_send function does not block, * but returns a 'NETWORK_ERROR' much like a timeout. */ ldns_sock_nonblock(sockfd); diff -Nru ldns-1.7.1/packaging/fedora/ldns.spec ldns-1.8.1/packaging/fedora/ldns.spec --- ldns-1.7.1/packaging/fedora/ldns.spec 2019-07-26 15:07:44.000000000 +0000 +++ ldns-1.8.1/packaging/fedora/ldns.spec 2021-12-03 07:45:47.000000000 +0000 @@ -125,7 +125,7 @@ * Wed Jun 08 2011 Paul Wouters - 1.6.10-1 - Updated to 1.6.10 -- commented out build dependancies for svn snapshots +- commented out build dependencies for svn snapshots * Sun Mar 27 2011 Paul Wouters - 1.6.9-1 - Updated to 1.6.9 diff -Nru ldns-1.7.1/packaging/ldns-config.in ldns-1.8.1/packaging/ldns-config.in --- ldns-1.7.1/packaging/ldns-config.in 2019-07-26 15:07:44.000000000 +0000 +++ ldns-1.8.1/packaging/ldns-config.in 2021-12-03 07:45:47.000000000 +0000 @@ -1,25 +1,40 @@ #!/bin/sh +prefix="@prefix@" +exec_prefix="@exec_prefix@" VERSION="@PACKAGE_VERSION@" -LDFLAGS="@LDFLAGS@ @LIBSSL_LDFLAGS@ @PYTHON_LDFLAGS@" +CFLAGS="@CFLAGS@" +CPPFLAGS="@CPPFLAGS@ @LIBSSL_CPPFLAGS@" +LDFLAGS="@LDFLAGS@ @LIBSSL_LDFLAGS@" +PYTHON_CPPFLAGS="@PYTHON_CPPFLAGS@" +PYTHON_LDFLAGS="@PYTHON_LDFLAGS@" LIBS="@LIBS@ @LIBSSL_LIBS@" LIBDIR="@libdir@" INCLUDEDIR="@includedir@" LIBVERSION="@VERSION_INFO@" + for arg in $@ do if [ $arg = "--cflags" ] then echo "-I${INCLUDEDIR}" fi + if [ $arg = "--python-cflags" ] + then + echo "${PYTHON_CPPFLAGS} -I${INCLUDEDIR}" + fi if [ $arg = "--libs" ] then echo "${LDFLAGS} -L${LIBDIR} ${LIBS} -lldns" fi + if [ $arg = "--python-libs" ] + then + echo "${LDFLAGS} ${PYTHON_LDFLAGS} -L${LIBDIR} ${LIBS} -lldns" + fi if [ $arg = "-h" ] || [ $arg = "--help" ] then - echo "Usage: $0 [--cflags] [--libs] [--version]" + echo "Usage: $0 [--cflags] [--python-cflags] [--libs] [--python-libs] [--version]" fi if [ $arg = "--version" ] then diff -Nru ldns-1.7.1/parse.c ldns-1.8.1/parse.c --- ldns-1.7.1/parse.c 2019-07-26 15:07:44.000000000 +0000 +++ ldns-1.8.1/parse.c 2021-12-03 07:45:47.000000000 +0000 @@ -27,31 +27,45 @@ return ldns_fget_token_l(f, token, delim, limit, NULL); } -ssize_t -ldns_fget_token_l(FILE *f, char *token, const char *delim, size_t limit, int *line_nr) +ldns_status +ldns_fget_token_l_st(FILE *f, char **token, size_t *limit, bool fixed + , const char *delim, int *line_nr) { int c, prev_c; - int p; /* 0 -> no parenthese seen, >0 nr of ( seen */ + int p; /* 0 -> no parentheses seen, >0 nr of ( seen */ int com, quoted; - char *t; + char *t, *old_token; size_t i; const char *d; const char *del; - /* standard delimeters */ + /* standard delimiters */ if (!delim) { /* from isspace(3) */ del = LDNS_PARSE_NORMAL; } else { del = delim; } + if (!token || !limit) + return LDNS_STATUS_NULL; + if (fixed) { + if (*token == NULL || *limit == 0) + return LDNS_STATUS_NULL; + + } else if (*token == NULL) { + *limit = LDNS_MAX_LINELEN; + if (!(*token = LDNS_XMALLOC(char, *limit + 1))) + return LDNS_STATUS_MEM_ERR; + + } else if (*limit == 0) + return LDNS_STATUS_ERR; p = 0; i = 0; com = 0; quoted = 0; prev_c = 0; - t = token; + t = *token; if (del[0] == '"') { quoted = 1; } @@ -79,7 +93,8 @@ if (p < 0) { /* more ) then ( - close off the string */ *t = '\0'; - return 0; + return i == 0 ? LDNS_STATUS_SYNTAX_EMPTY + : LDNS_STATUS_OK; } /* do something with comments ; */ @@ -113,14 +128,27 @@ continue; } - if (c == '\n' && p != 0 && t > token) { + if (c == '\n' && p != 0 && t > *token) { /* in parentheses */ if (line_nr) { *line_nr = *line_nr + 1; } - if (limit > 0 && (i >= limit || (size_t)(t-token) >= limit)) { - *t = '\0'; - return -1; + if (*limit > 0 + && (i >= *limit || (size_t)(t - *token) >= *limit)) { + if (fixed) { + *t = '\0'; + return LDNS_STATUS_SYNTAX_ERR; + } + old_token = *token; + *limit *= 2; + *token = LDNS_XREALLOC(*token, char, *limit + 1); + if (*token == NULL) { + *token = old_token; + *t = '\0'; + return LDNS_STATUS_MEM_ERR; + } + if (*token != old_token) + t = *token + (t - old_token); } *t++ = ' '; prev_c = c; @@ -139,30 +167,42 @@ if (c != '\0' && c != '\n') { i++; } - if (limit > 0 && (i >= limit || (size_t)(t-token) >= limit)) { - *t = '\0'; - return -1; + if (*limit > 0 + && (i >= *limit || (size_t)(t - *token) >= *limit)) { + if (fixed) { + *t = '\0'; + return LDNS_STATUS_SYNTAX_ERR; + } + old_token = *token; + *limit *= 2; + *token = LDNS_XREALLOC(*token, char, *limit + 1); + if (*token == NULL) { + *token = old_token; + *t = '\0'; + return LDNS_STATUS_MEM_ERR; + } + if (*token != old_token) + t = *token + (t - old_token); } if (c != '\0' && c != '\n') { *t++ = c; } + if (c == '\n' && line_nr) { + *line_nr = *line_nr + 1; + } if (c == '\\' && prev_c == '\\') prev_c = 0; else prev_c = c; } *t = '\0'; if (c == EOF) { - return (ssize_t)i; + return i == 0 ? LDNS_STATUS_SYNTAX_EMPTY : LDNS_STATUS_OK; } - if (i == 0) { - /* nothing read */ - return -1; - } if (p != 0) { - return -1; + return LDNS_STATUS_SYNTAX_ERR; } - return (ssize_t)i; + return i == 0 ? LDNS_STATUS_SYNTAX_EMPTY : LDNS_STATUS_OK; tokenread: if(*del == '"') /* do not skip over quotes, they are significant */ @@ -170,10 +210,21 @@ else ldns_fskipcs_l(f, del, line_nr); *t = '\0'; if (p != 0) { - return -1; + return LDNS_STATUS_SYNTAX_ERR; } + return i == 0 ? LDNS_STATUS_SYNTAX_EMPTY : LDNS_STATUS_OK; +} - return (ssize_t)i; + +ssize_t +ldns_fget_token_l(FILE *f, char *token, const char *delim, size_t limit, int *line_nr) +{ + if (limit == 0) + limit = LDNS_MAX_LINELEN; + if (ldns_fget_token_l_st(f, &token, &limit, true, delim, line_nr)) + return -1; + else + return (ssize_t)strlen(token); } ssize_t @@ -223,7 +274,7 @@ ldns_bget_token(ldns_buffer *b, char *token, const char *delim, size_t limit) { int c, lc; - int p; /* 0 -> no parenthese seen, >0 nr of ( seen */ + int p; /* 0 -> no parentheses seen, >0 nr of ( seen */ int com, quoted; char *t; size_t i; diff -Nru ldns-1.7.1/rbtree.c ldns-1.8.1/rbtree.c --- ldns-1.7.1/rbtree.c 2019-07-26 15:07:44.000000000 +0000 +++ ldns-1.8.1/rbtree.c 2021-12-03 07:45:47.000000000 +0000 @@ -71,7 +71,7 @@ static void ldns_rbtree_delete_fixup(ldns_rbtree_t* rbtree, ldns_rbnode_t* child, ldns_rbnode_t* child_parent); /* - * Creates a new red black tree, intializes and returns a pointer to it. + * Creates a new red black tree, initializes and returns a pointer to it. * * Return NULL on failure. * diff -Nru ldns-1.7.1/rdata.c ldns-1.8.1/rdata.c --- ldns-1.7.1/rdata.c 2019-07-26 15:07:44.000000000 +0000 +++ ldns-1.8.1/rdata.c 2021-12-03 07:45:47.000000000 +0000 @@ -363,6 +363,9 @@ case LDNS_RDF_TYPE_AMTRELAY: status = ldns_str2rdf_amtrelay(&rdf, str); break; + case LDNS_RDF_TYPE_SVCPARAMS: + status = ldns_str2rdf_svcparams(&rdf, str); + break; case LDNS_RDF_TYPE_NONE: default: /* default default ??? */ diff -Nru ldns-1.7.1/README ldns-1.8.1/README --- ldns-1.7.1/README 2019-07-26 15:07:44.000000000 +0000 +++ ldns-1.8.1/README 2021-12-03 07:45:47.000000000 +0000 @@ -51,11 +51,11 @@ consists of: o Willem Toorop o Wouter Wijngaards - o Matthijs Mekking Former main developers: o Jelte Jansen o Miek Gieben + o Matthijs Mekking * Credits We have received patches from the following people, thanks! @@ -70,6 +70,7 @@ o Havard Eidnes o Leo Baltus o Dag-Erling Smørgrav + o Felipe Gasper INFORMATION FOR SPECIFIC OPERATING SYSTEMS diff -Nru ldns-1.7.1/README-Travis.md ldns-1.8.1/README-Travis.md --- ldns-1.7.1/README-Travis.md 1970-01-01 00:00:00.000000000 +0000 +++ ldns-1.8.1/README-Travis.md 2021-12-03 07:45:47.000000000 +0000 @@ -0,0 +1,274 @@ +# Travis Testing + +LDNS 1.7.1 and above leverage Travis CI to increase coverage of compilers and platforms. Compilers include Clang and GCC; while platforms include Android, iOS, Linux, and OS X on AMD64, Aarch64, PowerPC and s390x hardware. + +Android is tested on armv7a, aarch64, x86 and x86_64. The Android recipes build and install OpenSSL, and then builds LDNS. The testing is tailored for Android NDK-r19 and above, and includes NDK-r20 and NDK-r21. Mips and Mips64 are not tested because they are no longer supported under current NDKs. + +iOS is tested for iPhoneOS, WatchOS, AppleTVOS, iPhoneSimulator, AppleTVSimulator and WatchSimulator. The testing uses Xcode 10 on OS X 10.13. + +The LDNS Travis configuration file `.travis.yml` does not use top-level keys like `os:` and `compiler:` so there is no matrix expansion. Instead LDNS specifies the exact job to run under the `jobs:` and `include:` keys. + +## Typical recipe + +A typical recipe tests Clang and GCC on various hardware. The hardware includes AMD64, Aarch64, PowerPC and s390x. PowerPC is a little-endian platform, and s390x is a big-endian platform. There are pairs of recipes that are similar to the following. + +``` +- os: linux + name: GCC on Linux, Aarch64 + compiler: gcc + arch: arm64 + dist: bionic +- os: linux + name: Clang on Linux, Aarch64 + compiler: clang + arch: arm64 + dist: bionic +``` + +OS X provides a single recipe to test Clang. GCC is not tested because GCC is an alias for Clang. + +## Sanitizer builds + +Two sanitizer builds are tested using Clang and GCC, for a total of four builds. The first sanitizer is Undefined Behavior sanitizer (UBsan), and the second is Address sanitizer (Asan). The sanitizers are only run on AMD64 hardware. Note the environment includes `UBSAN=yes` or `ASAN=yes` for the sanitizer builds. + +The recipes are similar to the following. + +``` +- os: linux + name: UBsan, GCC on Linux, Amd64 + compiler: gcc + arch: amd64 + dist: bionic + env: UBSAN=yes +- os: linux + name: UBsan, Clang on Linux, Amd64 + compiler: clang + arch: amd64 + dist: bionic + env: UBSAN=yes +``` + +When the Travis script encounters a sanitizer it uses different `CFLAGS` and configuration string. + +``` +if [ "$UBSAN" = "yes" ]; then + export CFLAGS="-DNDEBUG -g2 -O3 -fsanitize=undefined -fno-sanitize-recover" + bash test/test_ci.sh +elif [ "$ASAN" = "yes" ]; then + export CFLAGS="-DNDEBUG -g2 -O3 -fsanitize=address" + bash test/test_ci.sh +... +``` + +## Android builds + +Travis tests Android builds for the armv7a, aarch64, x86 and x86_64 architectures. The builds are trickier than other builds for several reasons. The testing requires installation of the Android NDK and SDK, it requires a cross-compile, and requires OpenSSL prerequisites. The Android cross-compiles also require care to set the Autotools triplet, the OpenSSL triplet, the toolchain path, the tool variables, and the sysroot. The discussion below detail the steps of the Android recipes. + +### Android job + +The first step sets environmental variables for the cross-compile using the Travis job. A typical job with variables is shown below. + +``` +- os: linux + name: Android armv7a, Linux, Amd64 + compiler: clang + arch: amd64 + dist: bionic + env: + - ANDROID=yes + - AUTOTOOLS_HOST=armv7a-linux-androideabi + - OPENSSL_HOST=android-arm + - ANDROID_CPU=armv7a + - ANDROID_API=23 + - ANDROID_PREFIX="$HOME/android$ANDROID_API-$ANDROID_CPU" + - ANDROID_SDK_ROOT="$HOME/android-sdk" + - ANDROID_NDK_ROOT="$HOME/android-ndk" +``` + +### ANDROID_NDK_ROOT + +The second step for Android is to set the environmental variables `ANDROID_NDK_ROOT` and `ANDROID_SDK_ROOT`. This is an important step because the NDK and SDK use the variables internally to locate their own tools. Also see [Recommended NDK Directory?](https://groups.google.com/forum/#!topic/android-ndk/qZjhOaynHXc) on the android-ndk mailing list. (Many folks miss this step, or use incorrect variables like `ANDROID_NDK_HOME` or `ANDROID_SDK_HOME`). + +If you are working from a developer machine you probably already have the necessary tools installed. You should ensure `ANDROID_NDK_ROOT` and `ANDROID_SDK_ROOT` are set properly. + +### Tool installation + +The second step installs tools needed for OpenSSL, Expat and LDNS. This step is handled in by the script `contrib/android/install_tools.sh`. The tools include curl, tar, zip, unzip and java. + +``` +before_script: + - | + if [ "$ANDROID" = "yes" ]; then + ./contrib/android/install_tools.sh + elif [ "$IOS" = "yes" ]; then + ./contrib/ios/install_tools.sh + fi +``` + +### NDK installation + +The third step installs the NDK and SDK. This step is handled in by the script `contrib/android/install_ndk.sh`. The script uses `ANDROID_NDK_ROOT` and `ANDROID_SDK_ROOT` to place the NDK and SDK in the `$HOME` directory. + +If you are working from a developer machine you probably already have a NDK and SDK installed. + +### Android environment + +The fourth step sets the Android cross-compile environment using the script `contrib/android/setenv_android.sh`. The script is `sourced` so the variables in the script are available to the calling shell. The script sets variables like `CC`, `CXX`, `AS` and `AR`; sets `CFLAGS` and `CXXFLAGS`; sets a `sysroot` so Android headers and libraries are found; and adds the path to the toolchain to `PATH`. + +`contrib/android/setenv_android.sh` knows which toolchain and architecture to select by inspecting environmental variables set by Travis for the job. In particular, the variables `ANDROID_CPU` and `ANDROID_API` tell `contrib/android/setenv_android.sh` which tools and libraries to select. + +The `contrib/android/setenv_android.sh` script specifies the tools in a `case` statement like the following. There is a case for each of the architectures armv7a, aarch64, x86 and x86_64. + +``` +armv8a|aarch64|arm64|arm64-v8a) + CC="aarch64-linux-android$ANDROID_API-clang" + CXX="aarch64-linux-android$ANDROID_API-clang++" + LD="aarch64-linux-android-ld" + AS="aarch64-linux-android-as" + AR="aarch64-linux-android-ar" + RANLIB="aarch64-linux-android-ranlib" + STRIP="aarch64-linux-android-strip" + + CFLAGS="-funwind-tables -fexceptions" + CXXFLAGS="-funwind-tables -fexceptions -frtti" +``` + +### OpenSSL + +The fifth step builds OpenSSL. OpenSSL is built for iOS using the scripts `contrib/android/install_openssl.sh`. The script downloads, configures and installs the latest release version of the OpenSSL libraries. OpenSSL is configured with `--prefix="$ANDROID_PREFIX"` so the headers are placed in `$ANDROID_PREFIX/include` directory, and the libraries are placed in the `$ANDROID_PREFIX/lib` directory. + +`ANDROID_PREFIX` is the value `$HOME/android$ANDROID_API-$ANDROID_CPU`. The libraries will be installed in `$HOME/android23-armv7a`, `$HOME/android23-aarch64`, etc. For Autotools projects, the appropriate `PKG_CONFIG_PATH` is exported. + +`PKG_CONFIG_PATH` is an important variable. It is the userland equivalent to sysroot, and allows Autotools to find non-system headers and libraries for an architecture. Typical `PKG_CONFIG_PATH` are `$HOME/android23-armv7a/lib/pkgconfig` and `$HOME/android23-aarch64/lib/pkgconfig`. + +OpenSSL also uses a custom configuration file called `15-android.conf`. It is a copy of the OpenSSL's project file and located at `contrib/android/15-android.conf`. The LDNS version is copied to the OpenSSL source files after unpacking the OpenSSL distribution. The LDNS version has legacy NDK support removed and some other fixes, like `ANDROID_NDK_ROOT` awareness. The changes mean LDNS's `15-android.conf` will only work with LDNS, with NDK-r19 and above, and a properly set environment. + +OpenSSL is configured with `no-engine`. If you want to include OpenSSL engines then edit `contrib/android/install_openssl.sh` and remove the config option. + +### Android build + +Finally, once OpenSSL are built, then the Travis script configures and builds LDNS. The recipe looks as follows. + +``` +elif [ "$ANDROID" = "yes" ]; then + export AUTOTOOLS_BUILD="$(./config.guess)" + export PKG_CONFIG_PATH="$ANDROID_PREFIX/lib/pkgconfig" + ./contrib/android/install_ndk.sh + source ./contrib/android/setenv_android.sh + ./contrib/android/install_openssl.sh + ./contrib/android/bootstrap_ldns.sh + ./configure \ + --build="$AUTOTOOLS_BUILD" \ + --host="$AUTOTOOLS_HOST" \ + --prefix="$ANDROID_PREFIX" \ + --with-ssl="$ANDROID_PREFIX" \ + --disable-gost \ + --with-drill --with-examples + make -j 2 + make install +``` + +Travis only smoke tests an Android build using a compile, link and install. The self tests are not run. TODO: figure out how to fire up an emulator, push the tests to the device and run them. + +### Android flags + +`contrib/android/setenv_android.sh` uses specific flags for `CFLAGS` and `CXXFLAGS`. They are taken from `ndk-build`, so we consider them the official flag set. It is important to use the same flags across projects to avoid subtle problems due to mixing and matching different flags. + +`CXXFLAGS` includes `-fexceptions` and `-frtti` because exceptions and runtime type info are disabled by default. `CFLAGS` include `-funwind-tables` and `-fexceptions` to ensure C++ exceptions pass through C code, if needed. Also see `docs/CPLUSPLUS-SUPPORT.html` in the NDK docs. + +To inspect the flags used by `ndk-build` for a platform clone ASOP's [ndk-samples](https://github.com/android/ndk-samples/tree/master/hello-jni) and build the `hello-jni` project. Use the `V=1` flag to see the full compiler output from `ndk-build`. + +## iOS builds + +Travis tests iOS builds for the armv7a, armv7s and aarch64 architectures for iPhoneOS, AppleTVOS and WatchOS. iPhoneOS is tested using both 32-bit builds (iPhones) and 64-bit builds (iPads). Travis also tests compiles against the simulators. The builds are trickier than other builds for several reasons. The testing requires a cross-compile, and requires OpenSSL prerequisites. The iOS cross-compiles also require care to set the Autotools triplet, the OpenSSL triplet, the toolchain path, the tool variables, and the sysroot. The discussion below detail the steps of the iOS recipes. + +### iOS job + +The first step sets environmental variables for the cross-compile using the Travis job. A typical job with variables is shown below. + +``` +- os: osx + osx_image: xcode10 + name: Apple iPhone on iOS, armv7 + compiler: clang + env: + - IOS=yes + - AUTOTOOLS_HOST=armv7-apple-ios + - OPENSSL_HOST=ios-cross + - IOS_SDK=iPhoneOS + - IOS_CPU=armv7s + - IOS_PREFIX="$HOME/$IOS_SDK-$IOS_CPU" +``` + +### Tool installation + +The second step installs tools needed for OpenSSL, Expat and LDNS. This step is handled in by the script `contrib/ios/install_tools.sh`. The tools include autotools, curl and perl. The installation happens at the `before_script:` stage of Travis. + +``` +before_script: + - | + if [ "$ANDROID" = "yes" ]; then + ./contrib/android/install_tools.sh + elif [ "$IOS" = "yes" ]; then + ./contrib/ios/install_tools.sh + fi +``` + +### iOS environment + +The third step sets the iOS cross-compile environment using the script `contrib/ios/setenv_ios.sh`. The script is `sourced` so the variables in the script are available to the calling shell. The script sets variables like `CC`, `CXX`, `AS` and `AR`; sets `CFLAGS` and `CXXFLAGS`; sets a `sysroot` so iOS headers and libraries are found; and adds the path to the toolchain to `PATH`. + +`contrib/ios/setenv_ios.sh` knows which toolchain and architecture to select by inspecting environmental variables set by Travis for the job. In particular, the variables `IOS_SDK` and `IOS_CPU` tell `contrib/ios/setenv_ios.sh` which tools and libraries to select. + +The `contrib/ios/setenv_ios.sh` script specifies the tools to use during the cross-compile. For Apple SDKs, the tool names are the same as a desktop. There are no special prefixes for the mobile tools. + +``` +CPP=cpp +CC=clang +CXX=clang++ +LD=ld +AS=as +AR=ar +RANLIB=ranlib +STRIP=strip +``` + +If you are working from a developer machine you probably already have the necessary tools installed. + +### OpenSSL + +The fourth step builds OpenSSL. OpenSSL is built for iOS using the scripts `contrib/ios/install_openssl.sh`. The script downloads, configures and installs the latest release version of the OpenSSL libraries. OpenSSL is configured with `--prefix="$IOS_PREFIX"` so the headers are placed in `$IOS_PREFIX/include` directory, and the libraries are placed in the `$IOS_PREFIX/lib` directory. + +`IOS_PREFIX` is the value `$HOME/$IOS_SDK-$IOS_CPU`. The scheme handles both iOS SDKs and cpu architectures so the pair receives a unique installation directory. The libraries will be installed in `$HOME/iPhoneOS-armv7s`, `$HOME/iPhoneOS-arm64`, `$HOME/iPhoneSimulator-i386`, etc. For Autotools projects, the appropriate `PKG_CONFIG_PATH` is exported. + +`PKG_CONFIG_PATH` is an important variable. It is the userland equivalent to sysroot, and allows Autotools to find non-system headers and libraries for an architecture. Typical `PKG_CONFIG_PATH` are `$HOME/iPhoneOS-armv7s/lib/pkgconfig` and `$HOME/iPhoneOS-arm64/lib/pkgconfig`. + +OpenSSL also uses a custom configuration file called `15-ios.conf`. It is a copy of the OpenSSL's project file and located at `contrib/ios/15-ios.conf`. The LDNS version is copied to the OpenSSL source files after unpacking the OpenSSL distribution. The changes mean LDNS's `15-ios.conf` will only work with LDNS and a properly set environment. + +OpenSSL is configured with `no-engine`. Engines require dynamic loading so engines are disabled permanently in `15-ios.conf`. + +### iOS build + +Finally, once OpenSSL are built, then the Travis script configures and builds LDNS. The full recipe looks as follows. + +``` +elif [ "$IOS" = "yes" ]; then + export AUTOTOOLS_BUILD="$(./config.guess)" + export PKG_CONFIG_PATH="$IOS_PREFIX/lib/pkgconfig" + source ./contrib/ios/setenv_ios.sh + ./contrib/ios/install_openssl.sh + ./contrib/ios/bootstrap_ldns.sh + ./configure \ + --build="$AUTOTOOLS_BUILD" --host="$AUTOTOOLS_HOST" \ + --prefix="$IOS_PREFIX" \ + --with-ssl="$IOS_PREFIX" --disable-gost \ + --with-drill --with-examples + make -j 2 + make install +``` + +Travis only smoke tests an iOS build using a compile, link and install. The self tests are not run. TODO: figure out how to fire up an simulator, push the tests to the device and run them. + +### iOS flags + +`contrib/ios/setenv_ios.sh` uses specific flags for `CFLAGS` and `CXXFLAGS`. They are taken from Xcode, so we consider them the official flag set. It is important to use the same flags across projects to avoid subtle problems due to mixing and matching different flags. diff -Nru ldns-1.7.1/resolver.c ldns-1.8.1/resolver.c --- ldns-1.7.1/resolver.c 2019-07-26 15:07:44.000000000 +0000 +++ ldns-1.8.1/resolver.c 2021-12-03 07:45:47.000000000 +0000 @@ -780,7 +780,7 @@ if(!line_nr) line_nr = &lnr; if(!fp) { - myfp = fopen("/etc/resolv.conf", "r"); + myfp = fopen(LDNS_RESOLV_CONF, "r"); if(!myfp) return LDNS_STATUS_FILE_ERR; } diff -Nru ldns-1.7.1/rr.c ldns-1.8.1/rr.c --- ldns-1.7.1/rr.c 2019-07-26 15:07:44.000000000 +0000 +++ ldns-1.8.1/rr.c 2021-12-03 07:45:47.000000000 +0000 @@ -111,8 +111,9 @@ */ static ldns_status ldns_rr_new_frm_str_internal(ldns_rr **newrr, const char *str, - uint32_t default_ttl, const ldns_rdf *origin, - ldns_rdf **prev, bool question) + uint32_t default_ttl, const ldns_rdf *origin, + ldns_rdf **prev, bool question, + bool *explicit_ttl) { ldns_rr *new; const ldns_rr_descriptor *desc; @@ -198,6 +199,9 @@ } else { ttl_val = default_ttl; } + if (explicit_ttl) + *explicit_ttl = false; + /* we not ASSUMING the TTL is missing and that * the rest of the RR is still there. That is * CLASS TYPE RDATA @@ -217,6 +221,9 @@ strlcpy(type, ttl, type_sz); } } else { + if (explicit_ttl) + *explicit_ttl = true; + if (-1 == ldns_bget_token( rr_buf, clas, "\t\n ", LDNS_SYNTAX_DATALEN)) { @@ -259,7 +266,7 @@ } ldns_buffer_new_frm_data(rd_buf, rdata, strlen(rdata)); - if (strlen(owner) <= 1 && strncmp(owner, "@", 1) == 0) { + if (strncmp(owner, "@", 1) == 0) { if (origin) { ldns_rr_set_owner(new, ldns_rdf_clone(origin)); } else if (prev && *prev) { @@ -347,11 +354,12 @@ switch (ldns_rr_descriptor_field_type(desc, r_cnt)) { case LDNS_RDF_TYPE_B64 : case LDNS_RDF_TYPE_HEX : /* These rdf types may con- */ - case LDNS_RDF_TYPE_LOC : /* tain whitespace, only if */ - case LDNS_RDF_TYPE_WKS : /* it is the last rd field. */ + case LDNS_RDF_TYPE_NSEC : /* tain whitespace, only if */ + case LDNS_RDF_TYPE_LOC : /* it is the last rd field. */ + case LDNS_RDF_TYPE_WKS : case LDNS_RDF_TYPE_IPSECKEY : case LDNS_RDF_TYPE_AMTRELAY : - case LDNS_RDF_TYPE_NSEC : if (r_cnt == r_max - 1) { + case LDNS_RDF_TYPE_SVCPARAMS : if (r_cnt == r_max - 1) { delimiters = "\n"; break; } @@ -365,15 +373,18 @@ ldns_buffer_remaining(rd_buf) > 0){ /* skip spaces */ - while (*(ldns_buffer_current(rd_buf)) == ' ') { + while (ldns_buffer_remaining(rd_buf) > 0 && + *(ldns_buffer_current(rd_buf)) == ' ') { ldns_buffer_skip(rd_buf, 1); } - if (*(ldns_buffer_current(rd_buf)) == '\"') { + if (ldns_buffer_remaining(rd_buf) > 0 && + *(ldns_buffer_current(rd_buf)) == '\"') { delimiters = "\"\0"; ldns_buffer_skip(rd_buf, 1); quoted = true; - } else if (ldns_rr_descriptor_field_type(desc, r_cnt) + } + if (!quoted && ldns_rr_descriptor_field_type(desc, r_cnt) == LDNS_RDF_TYPE_LONG_STR) { status = LDNS_STATUS_SYNTAX_RDATA_ERR; @@ -579,10 +590,12 @@ LDNS_RDF_TYPE_DNAME, ".") ); - } else if (r && rd_strlen >= 1 && origin && - !ldns_dname_str_absolute(rd)) { + } else if (r && rd_strlen >= 1 + && (origin || rr_type == LDNS_RR_TYPE_SOA) + && !ldns_dname_str_absolute(rd)) { - status = ldns_dname_cat(r, origin); + status = ldns_dname_cat(r, origin + ? origin : ldns_rr_owner(new)); if (status != LDNS_STATUS_OK) { goto error; } @@ -600,14 +613,6 @@ } ldns_rr_push_rdf(new, r); } - if (quoted) { - if (ldns_buffer_available(rd_buf, 1)) { - ldns_buffer_skip(rd_buf, 1); - } else { - done = true; - } - } - } /* for (done = false, r_cnt = 0; !done && r_cnt < r_max; r_cnt++) */ LDNS_FREE(rd); LDNS_FREE(xtok); @@ -671,7 +676,8 @@ default_ttl, origin, prev, - false); + false, + NULL); } ldns_status @@ -683,7 +689,8 @@ 0, origin, prev, - true); + true, + NULL); } /* Strip whitespace from the start and the end of . */ @@ -709,44 +716,27 @@ } ldns_status -ldns_rr_new_frm_fp_l(ldns_rr **newrr, FILE *fp, uint32_t *default_ttl, ldns_rdf **origin, ldns_rdf **prev, int *line_nr) +_ldns_rr_new_frm_fp_l_internal(ldns_rr **newrr, FILE *fp, + uint32_t *default_ttl, ldns_rdf **origin, ldns_rdf **prev, + int *line_nr, bool *explicit_ttl) { - char *line; + char *line = NULL; + size_t limit = 0; const char *endptr; /* unused */ ldns_rr *rr; uint32_t ttl; ldns_rdf *tmp; ldns_status s; - ssize_t size; if (default_ttl) { ttl = *default_ttl; } else { ttl = 0; } - - line = LDNS_XMALLOC(char, LDNS_MAX_LINELEN + 1); - if (!line) { - return LDNS_STATUS_MEM_ERR; - } - /* read an entire line in from the file */ - if ((size = ldns_fget_token_l(fp, line, LDNS_PARSE_SKIP_SPACE, LDNS_MAX_LINELEN, line_nr)) == -1) { - LDNS_FREE(line); - /* if last line was empty, we are now at feof, which is not - * always a parse error (happens when for instance last line - * was a comment) - */ - return LDNS_STATUS_SYNTAX_ERR; - } - - /* we can have the situation, where we've read ok, but still got - * no bytes to play with, in this case size is 0 - */ - if (size == 0) { - LDNS_FREE(line); - return LDNS_STATUS_SYNTAX_EMPTY; - } + if ((s = ldns_fget_token_l_st( fp, &line, &limit, false + , LDNS_PARSE_SKIP_SPACE, line_nr))) + return s; if (strncmp(line, "$ORIGIN", 7) == 0 && isspace((unsigned char)line[7])) { if (*origin) { @@ -775,9 +765,11 @@ return LDNS_STATUS_SYNTAX_EMPTY; } else { if (origin && *origin) { - s = ldns_rr_new_frm_str(&rr, (const char*) line, ttl, *origin, prev); + s = ldns_rr_new_frm_str_internal(&rr, (const char*)line, + ttl, *origin, prev, false, explicit_ttl); } else { - s = ldns_rr_new_frm_str(&rr, (const char*) line, ttl, NULL, prev); + s = ldns_rr_new_frm_str_internal(&rr, (const char*)line, + ttl, NULL, prev, false, explicit_ttl); } } LDNS_FREE(line); @@ -792,6 +784,14 @@ return s; } +ldns_status +ldns_rr_new_frm_fp_l(ldns_rr **newrr, FILE *fp, uint32_t *default_ttl, + ldns_rdf **origin, ldns_rdf **prev, int *line_nr) +{ + return _ldns_rr_new_frm_fp_l_internal(newrr, fp, default_ttl, origin, + prev, line_nr, NULL); +} + void ldns_rr_set_owner(ldns_rr *rr, ldns_rdf *owner) { @@ -836,7 +836,7 @@ rd_count = ldns_rr_rd_count(rr); if (position < rd_count) { - /* dicard the old one */ + /* discard the old one */ pop = rr->_rdata_fields[position]; rr->_rdata_fields[position] = (ldns_rdf*)f; return pop; @@ -1968,7 +1968,13 @@ LDNS_RDF_TYPE_INT32, LDNS_RDF_TYPE_INT8, LDNS_RDF_TYPE_INT8, LDNS_RDF_TYPE_HEX }; - +#ifdef RRTYPE_SVCB_HTTPS +static const ldns_rdf_type type_svcb_wireformat[] = { + LDNS_RDF_TYPE_INT16, + LDNS_RDF_TYPE_DNAME, + LDNS_RDF_TYPE_SVCPARAMS +}; +#endif /* nsec3 is some vars, followed by same type of data of nsec */ static const ldns_rdf_type type_nsec3_wireformat[] = { /* LDNS_RDF_TYPE_NSEC3_VARS, LDNS_RDF_TYPE_NSEC3_NEXT_OWNER, LDNS_RDF_TYPE_NSEC*/ @@ -2215,11 +2221,20 @@ #else {LDNS_RR_TYPE_NULL, "TYPE61", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, #endif + /* 62 */ + {LDNS_RR_TYPE_CSYNC, "CSYNC", 3, 3, type_csync_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, + /* 63 */ + {LDNS_RR_TYPE_ZONEMD, "ZONEMD", 4, 4, type_zonemd_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +#ifdef RRTYPE_SVCB_HTTPS + /* 64 */ + {LDNS_RR_TYPE_SVCB, "SVCB", 2, 3, type_svcb_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, + /* 65 */ + {LDNS_RR_TYPE_HTTPS, "HTTPS", 2, 3, type_svcb_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_CSYNC, "CSYNC", 3, 3, type_csync_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_ZONEMD, "ZONEMD", 4, 4, type_zonemd_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +#else {LDNS_RR_TYPE_NULL, "TYPE64", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, {LDNS_RR_TYPE_NULL, "TYPE65", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +#endif {LDNS_RR_TYPE_NULL, "TYPE66", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, {LDNS_RR_TYPE_NULL, "TYPE67", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, {LDNS_RR_TYPE_NULL, "TYPE68", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, @@ -2489,7 +2504,7 @@ /*---------------------------------------------------------------------------* * The functions below return an bitmap RDF with the space required to set * or unset all known RR types. Arguably these functions are better situated - * in rdata.c, however for the space calculation it is necesarry to walk + * in rdata.c, however for the space calculation it is necessary to walk * through rdata_field_descriptors which is not easily possible from anywhere * other than rr.c where it is declared static. * diff -Nru ldns-1.7.1/rr_functions.c ldns-1.8.1/rr_functions.c --- ldns-1.7.1/rr_functions.c 2019-07-26 15:07:44.000000000 +0000 +++ ldns-1.8.1/rr_functions.c 2021-12-03 07:45:47.000000000 +0000 @@ -269,14 +269,17 @@ const size_t len, const ldns_algorithm alg) { +#ifdef USE_DSA /* for DSA keys */ uint8_t t; +#endif /* USE_DSA */ /* for RSA keys */ uint16_t exp; uint16_t int16; switch ((ldns_signing_algorithm)alg) { +#ifdef USE_DSA case LDNS_SIGN_DSA: case LDNS_SIGN_DSA_NSEC3: if (len > 0) { @@ -286,6 +289,7 @@ return 0; } break; +#endif /* USE_DSA */ case LDNS_SIGN_RSAMD5: case LDNS_SIGN_RSASHA1: case LDNS_SIGN_RSASHA1_NSEC3: diff -Nru ldns-1.7.1/sha1.c ldns-1.8.1/sha1.c --- ldns-1.7.1/sha1.c 2019-07-26 15:07:44.000000000 +0000 +++ ldns-1.8.1/sha1.c 2021-12-03 07:45:47.000000000 +0000 @@ -168,7 +168,7 @@ } unsigned char * -ldns_sha1(unsigned char *data, unsigned int data_len, unsigned char *digest) +ldns_sha1(const unsigned char *data, unsigned int data_len, unsigned char *digest) { ldns_sha1_ctx ctx; ldns_sha1_init(&ctx); diff -Nru ldns-1.7.1/sha2.c ldns-1.8.1/sha2.c --- ldns-1.7.1/sha2.c 2019-07-26 15:07:44.000000000 +0000 +++ ldns-1.8.1/sha2.c 2021-12-03 07:45:47.000000000 +0000 @@ -73,7 +73,7 @@ * Please make sure that your system defines BYTE_ORDER. If your * architecture is little-endian, make sure it also defines * LITTLE_ENDIAN and that the two (BYTE_ORDER and LITTLE_ENDIAN) are - * equivilent. + * equivalent. * * If your system does not define the above, then you can do so by * hand like this: @@ -554,7 +554,7 @@ uint64_t* theLongs; } ldns_sha2_buffer_union; -void ldns_sha256_final(sha2_byte digest[], ldns_sha256_CTX* context) { +void ldns_sha256_final(sha2_byte digest[LDNS_SHA256_DIGEST_LENGTH], ldns_sha256_CTX* context) { sha2_word32 *d = (sha2_word32*)digest; size_t usedspace; ldns_sha2_buffer_union cast_var; @@ -621,7 +621,7 @@ } unsigned char * -ldns_sha256(unsigned char *data, unsigned int data_len, unsigned char *digest) +ldns_sha256(const unsigned char *data, unsigned int data_len, unsigned char *digest) { ldns_sha256_CTX ctx; ldns_sha256_init(&ctx); @@ -905,7 +905,7 @@ ldns_sha512_Transform(context, (sha2_word64*)context->buffer); } -void ldns_sha512_final(sha2_byte digest[], ldns_sha512_CTX* context) { +void ldns_sha512_final(sha2_byte digest[LDNS_SHA512_DIGEST_LENGTH], ldns_sha512_CTX* context) { sha2_word64 *d = (sha2_word64*)digest; /* Sanity check: */ @@ -935,7 +935,7 @@ } unsigned char * -ldns_sha512(unsigned char *data, unsigned int data_len, unsigned char *digest) +ldns_sha512(const unsigned char *data, unsigned int data_len, unsigned char *digest) { ldns_sha512_CTX ctx; ldns_sha512_init(&ctx); @@ -958,7 +958,7 @@ ldns_sha512_update((ldns_sha512_CTX*)context, data, len); } -void ldns_sha384_final(sha2_byte digest[], ldns_sha384_CTX* context) { +void ldns_sha384_final(sha2_byte digest[LDNS_SHA384_DIGEST_LENGTH], ldns_sha384_CTX* context) { sha2_word64 *d = (sha2_word64*)digest; /* Sanity check: */ @@ -988,7 +988,7 @@ } unsigned char * -ldns_sha384(unsigned char *data, unsigned int data_len, unsigned char *digest) +ldns_sha384(const unsigned char *data, unsigned int data_len, unsigned char *digest) { ldns_sha384_CTX ctx; ldns_sha384_init(&ctx); diff -Nru ldns-1.7.1/str2host.c ldns-1.8.1/str2host.c --- ldns-1.7.1/str2host.c 2019-07-26 15:07:44.000000000 +0000 +++ ldns-1.8.1/str2host.c 2021-12-03 07:45:47.000000000 +0000 @@ -304,7 +304,7 @@ /* * No special care is taken, all dots are translated into - * label seperators. + * label separators. * Could be made more efficient....we do 3 memcpy's in total... */ ldns_status @@ -344,7 +344,7 @@ pq = buf; label_len = 0; for (s = str; *s; s++, q++) { - if (q > buf + LDNS_MAX_DOMAINLEN) { + if (q >= buf + LDNS_MAX_DOMAINLEN) { return LDNS_STATUS_DOMAINNAME_OVERFLOW; } *q = 0; @@ -378,7 +378,7 @@ /* add root label if last char was not '.' */ if (!ldns_dname_str_absolute(str)) { - if (q > buf + LDNS_MAX_DOMAINLEN) { + if (q >= buf + LDNS_MAX_DOMAINLEN) { return LDNS_STATUS_DOMAINNAME_OVERFLOW; } if (label_len > LDNS_MAX_LABELLEN) { @@ -879,13 +879,16 @@ /* read [.][mM] */ /* into mantissa exponent format for LOC type */ uint32_t meters = 0, cm = 0, val; + char* cm_endstr; while (isblank((unsigned char)*my_str)) { my_str++; } meters = (uint32_t)strtol(my_str, &my_str, 10); if (*my_str == '.') { my_str++; - cm = (uint32_t)strtol(my_str, &my_str, 10); + cm = (uint32_t)strtol(my_str, &cm_endstr, 10); + if (cm_endstr - my_str == 1) cm *= 10; + my_str = cm_endstr; } if (meters >= 1) { *e = 2; @@ -926,8 +929,8 @@ uint8_t vert_pre_b = 1, vert_pre_e = 3; double s = 0.0; - bool northerness; - bool easterness; + bool northern_hemisphere; + bool eastern_hemisphere; char *my_str = (char *) str; @@ -963,9 +966,9 @@ } if (*my_str == 'N') { - northerness = true; + northern_hemisphere = true; } else if (*my_str == 'S') { - northerness = false; + northern_hemisphere = false; } else { return LDNS_STATUS_INVALID_STR; } @@ -979,7 +982,7 @@ latitude = (uint32_t) s; latitude += 1000 * 60 * m; latitude += 1000 * 60 * 60 * h; - if (northerness) { + if (northern_hemisphere) { latitude = equator + latitude; } else { latitude = equator - latitude; @@ -1020,9 +1023,9 @@ } if (*my_str == 'E') { - easterness = true; + eastern_hemisphere = true; } else if (*my_str == 'W') { - easterness = false; + eastern_hemisphere = false; } else { return LDNS_STATUS_INVALID_STR; } @@ -1037,7 +1040,7 @@ longitude += 1000 * 60 * m; longitude += 1000 * 60 * 60 * h; - if (easterness) { + if (eastern_hemisphere) { longitude += equator; } else { longitude = equator - longitude; @@ -1415,8 +1418,8 @@ LDNS_FREE(publickey); LDNS_FREE(token); ldns_buffer_free(str_buf); - ldns_rdf_free(gateway_rdf); - ldns_rdf_free(publickey_rdf); + ldns_rdf_deep_free(gateway_rdf); + ldns_rdf_deep_free(publickey_rdf); LDNS_FREE(data); if(!*rd) return LDNS_STATUS_MEM_ERR; return LDNS_STATUS_OK; @@ -1548,15 +1551,15 @@ } if (!(length = (size_t)(dp - data))) { LDNS_FREE(data); - return LDNS_STATUS_SYNTAX_EMPTY; - } - /* Lose the overmeasure */ - data = LDNS_XREALLOC(dp = data, uint8_t, length); - if (! data) { - LDNS_FREE(dp); - return LDNS_STATUS_MEM_ERR; + data = NULL; + } else { + /* Lose the overmeasure */ + data = LDNS_XREALLOC(dp = data, uint8_t, length); + if (! data) { + LDNS_FREE(dp); + return LDNS_STATUS_MEM_ERR; + } } - /* Create rdf */ *rd = ldns_rdf_new(LDNS_RDF_TYPE_LONG_STR, length, data); if (! *rd) { @@ -1800,3 +1803,626 @@ if(!*rd) return LDNS_STATUS_MEM_ERR; return LDNS_STATUS_OK; } + +#ifdef RRTYPE_SVCB_HTTPS +static int +network_uint16_cmp(const void *a, const void *b) +{ + return ((int)ldns_read_uint16(a)) - ((int)ldns_read_uint16(b)); +} + +static ldns_status parse_svcparam_key(const char **s, ldns_svcparam_key *key); +static ldns_status +parse_svcparam_mandatory(const char **s, uint8_t **dp, uint8_t *eod) +{ + bool quoted = false; + uint8_t *keys = *dp; + int prev_key; + + if (**s == '"') { + *s += 1; + quoted = true; + } + for (;;) { + ldns_status st; + ldns_svcparam_key key; + + if ((st = parse_svcparam_key(s, &key))) + return st; + + if (*dp + 2 > eod) + return LDNS_STATUS_RDATA_OVERFLOW; + + ldns_write_uint16(*dp, key); + *dp += 2; + + if (**s == ',') + *s += 1; + else + break; + } + if (quoted) { + if (**s != '"') + return LDNS_STATUS_INVALID_STR; + *s += 1; + } + if (*dp - keys == 0) + return LDNS_STATUS_SYNTAX_SVCPARAM_VALUE_ERR; + + if (**s && !isspace((unsigned char)**s)) + return LDNS_STATUS_SYNTAX_SVCPARAM_VALUE_ERR; + + /* In draft-ietf-dnsop-svcb-https-02 Section 7: + * + * In wire format, the keys are represented by their numeric + * values in network byte order, concatenated in ascending order. + */ + qsort(keys, (*dp - keys) / 2, 2, network_uint16_cmp); + + /* In draft-ietf-dnsop-svcb-https-02 Section 7: + * + * Keys ...... MUST NOT appear more than once. + */ + prev_key = -1; + while (keys < *dp) { + uint16_t key = ldns_read_uint16(keys); + + if (key == prev_key) { + /* "Be conservative in what you send, + * be liberal in what you accept" + * + * Instead of + * `return LDNS_STATUS_SVCPARAM_KEY_MORE_THAN_ONCE;`, + * + * we eliminate the double occurrence. + */ + memmove(keys - 2, keys, *dp - keys); + *dp -= 2; + } else { + prev_key = key; + keys += 2; + } + } + return LDNS_STATUS_OK; +} + +INLINE bool parse_escape2(uint8_t *ch_p, const char** str_p) +{ *str_p += 1; return parse_escape(ch_p, str_p); } + +static ldns_status +parse_svcparam_alpn(const char **s, uint8_t **dp, uint8_t *eod) +{ + uint8_t *val; + size_t len; + + if (*dp + 1 > eod) + return LDNS_STATUS_RDATA_OVERFLOW; + *dp += 1; + val = *dp; + if (**s == '"') { + *s += 1; + while (**s != '"') { + if (**s == 0) + return LDNS_STATUS_INVALID_STR; + + else if (**s == ',') { + len = *dp - val; + if (len == 0 || len > 255) + return LDNS_STATUS_INVALID_STR; + val[-1] = len; + if (*dp + 1 > eod) + return LDNS_STATUS_RDATA_OVERFLOW; + *dp += 1; + val = *dp; + *s += 1; + + } else if (*dp + 1 > eod) + return LDNS_STATUS_RDATA_OVERFLOW; + + else if (**s != '\\') + *(*dp)++ = (uint8_t)*(*s)++; + + else if (!parse_escape2(*dp, s)) + return LDNS_STATUS_SYNTAX_BAD_ESCAPE; + else + *dp += 1; + } + *s += 1; + + } else while (**s && !isspace((unsigned char)**s)) { + if (**s == ',') { + len = *dp - val; + if (len == 0 || len > 255) + return LDNS_STATUS_INVALID_STR; + val[-1] = len; + if (*dp + 1 > eod) + return LDNS_STATUS_RDATA_OVERFLOW; + *dp += 1; + val = *dp; + *s += 1; + + } else if (*dp + 1 > eod) + return LDNS_STATUS_RDATA_OVERFLOW; + + else if (**s != '\\') + *(*dp)++ = (uint8_t)*(*s)++; + + else if (!parse_escape2(*dp, s)) + return LDNS_STATUS_SYNTAX_BAD_ESCAPE; + else + *dp += 1; + } + len = *dp - val; + if (len == 0 || len > 255) + return LDNS_STATUS_INVALID_STR; + val[-1] = len; + return **s && !isspace((unsigned char)**s) + ? LDNS_STATUS_SYNTAX_SVCPARAM_VALUE_ERR + : LDNS_STATUS_OK; +} + +static ldns_status +parse_svcparam_value(const char **s, uint8_t **dp, uint8_t *eod) +{ + if (**s == '"') { + *s += 1; + while (**s != '"') { + if (**s == 0) + return LDNS_STATUS_INVALID_STR; + + else if (*dp + 1 > eod) + return LDNS_STATUS_RDATA_OVERFLOW; + + else if (**s != '\\') + *(*dp)++ = (uint8_t)*(*s)++; + + else if (!parse_escape2(*dp, s)) + return LDNS_STATUS_SYNTAX_BAD_ESCAPE; + else + *dp += 1; + } + *s += 1; + + } else while (**s && !isspace((unsigned char)**s)) { + if (*dp + 1 > eod) + return LDNS_STATUS_RDATA_OVERFLOW; + + else if (**s != '\\') + *(*dp)++ = (uint8_t)*(*s)++; + + else if (!parse_escape2(*dp, s)) + return LDNS_STATUS_SYNTAX_BAD_ESCAPE; + else + *dp += 1; + } + return **s && !isspace((unsigned char)**s) + ? LDNS_STATUS_SYNTAX_SVCPARAM_VALUE_ERR + : LDNS_STATUS_OK; +} + +static ldns_status +parse_svcparam_port(const char **s, uint8_t **dp, uint8_t *eod) +{ + uint8_t *val = *dp; + ldns_status st; + size_t len; + char num_str[6]; + char *endptr; + unsigned long int num; + + if ((st = parse_svcparam_value(s, dp, eod))) + return st; + len = *dp - val; + if (len == 0 || len > 5) + return LDNS_STATUS_SYNTAX_SVCPARAM_VALUE_ERR; + + memcpy(num_str, val, len); + num_str[len] = 0; + num = strtoul(num_str, &endptr, 10); + if (*endptr) + return LDNS_STATUS_SYNTAX_SVCPARAM_VALUE_ERR; + + ldns_write_uint16(val, num); + *dp = val + 2; + return LDNS_STATUS_OK; +} + +static ldns_status +parse_svcparam_ipv4hint(const char **s, uint8_t **dp, uint8_t *eod) +{ + bool quoted = false; + + if (**s == '"') { + *s += 1; + quoted = true; + } + for (;;) { + const char *ipv4_start = *s; + char ipv4_str[16]; + size_t len; + + while (isdigit((unsigned char)**s) || **s == '.') + *s += 1; + + len = *s - ipv4_start; + if (len == 0 || len > 15) + return LDNS_STATUS_SYNTAX_SVCPARAM_VALUE_ERR; + + if (*dp + 4 > eod) + return LDNS_STATUS_RDATA_OVERFLOW; + + memcpy(ipv4_str, ipv4_start, len); + ipv4_str[len] = 0; + if (inet_pton(AF_INET, ipv4_str, *dp) != 1) + return LDNS_STATUS_SYNTAX_SVCPARAM_VALUE_ERR; + + *dp += 4; + if (**s == ',') + *s += 1; + else + break; + } + if (quoted) { + if (**s != '"') + return LDNS_STATUS_INVALID_STR; + *s += 1; + } + return **s && !isspace((unsigned char)**s) + ? LDNS_STATUS_SYNTAX_SVCPARAM_VALUE_ERR + : LDNS_STATUS_OK; +} + +static ldns_status +parse_svcparam_echconfig(const char **s, uint8_t **dp, uint8_t *eod) +{ + bool quoted = false; + const char *b64_str; + size_t len, pad, out_len; + char in_buf[4096]; + char *in = in_buf; + int out; + + if (**s == '"') { + *s += 1; + quoted = true; + } + b64_str = *s; + while (isalnum((unsigned char)**s) || **s == '+' + || **s == '/' + || **s == '=') + *s += 1; + + len = *s - b64_str; + pad = len % 4; + pad = pad ? 4 - pad : 0; + if (len == 0 || pad == 3) + return LDNS_STATUS_SYNTAX_SVCPARAM_VALUE_ERR; + + if (quoted) { + if (**s != '"') + return LDNS_STATUS_INVALID_STR; + *s += 1; + } + if (**s && !isspace((unsigned char)**s)) + return LDNS_STATUS_SYNTAX_SVCPARAM_VALUE_ERR; + + out_len = ldns_b64_pton_calculate_size(len); + if (*dp + out_len > eod) + return LDNS_STATUS_RDATA_OVERFLOW; + + if (len + pad > sizeof(in_buf) - 1 + && !(in = LDNS_XMALLOC(char, len + pad + 1))) + return LDNS_STATUS_MEM_ERR; + + memcpy(in, b64_str, len); + while (pad--) + in[len++] = '='; + in[len] = 0; + out = ldns_b64_pton(in, *dp, out_len); + if (in != in_buf) + LDNS_FREE(in); + + if (out <= 0) + return LDNS_STATUS_SYNTAX_SVCPARAM_VALUE_ERR; + + *dp += out; + return LDNS_STATUS_OK; +} + +static ldns_status +parse_svcparam_ipv6hint(const char **s, uint8_t **dp, uint8_t *eod) +{ + bool quoted = false; + + if (**s == '"') { + *s += 1; + quoted = true; + } + for (;;) { + const char *ipv6_start = *s; + char ipv6_str[INET6_ADDRSTRLEN]; + size_t len; + + while (isxdigit((unsigned char)**s) || **s == ':' || **s == '.') + *s += 1; + + len = *s - ipv6_start; + if (len == 0 || len > INET6_ADDRSTRLEN) + return LDNS_STATUS_SYNTAX_SVCPARAM_VALUE_ERR; + + if (*dp + 16 > eod) + return LDNS_STATUS_RDATA_OVERFLOW; + + memcpy(ipv6_str, ipv6_start, len); + ipv6_str[len] = 0; + if (inet_pton(AF_INET6, ipv6_str, *dp) != 1) + return LDNS_STATUS_SYNTAX_SVCPARAM_VALUE_ERR; + + *dp += 16; + if (**s == ',') + *s += 1; + else + break; + } + if (quoted) { + if (**s != '"') + return LDNS_STATUS_INVALID_STR; + *s += 1; + } + return **s && !isspace((unsigned char)**s) + ? LDNS_STATUS_SYNTAX_SVCPARAM_VALUE_ERR + : LDNS_STATUS_OK; +} + +struct struct_svcparam_key_def { + const char *str; + size_t len; +}; +typedef struct struct_svcparam_key_def svcparam_key_def; + +static svcparam_key_def svcparam_key_defs[] = { { "mandatory" , 9 } + , { "alpn" , 4 } + , { "no-default-alpn", 15 } + , { "port" , 4 } + , { "ipv4hint" , 8 } + , { "echconfig" , 9 } + , { "ipv6hint" , 8 } }; + +static const size_t svcparam_key_defs_len = sizeof(svcparam_key_defs) + / sizeof(svcparam_key_def); + +/* svcparam_key2buffer_str() should actually be in host2str.c, but we need the + * svcparam_key_defs for it and it is not an exposed symbol anyway. + */ +ldns_status svcparam_key2buffer_str(ldns_buffer *output, uint16_t key) +{ + if (key <= LDNS_SVCPARAM_KEY_LAST_KEY) + ldns_buffer_write_string(output, svcparam_key_defs[key].str); + else + ldns_buffer_printf(output, "key%d", (int)key); + return ldns_buffer_status(output); +} + +static ldns_status +parse_svcparam_key(const char **s, ldns_svcparam_key *key) +{ + size_t i, len; + const char *key_str = *s; + char num_str[6]; + char *endptr; + unsigned long int num; + + /* parse key */ + while (islower((unsigned char)**s) || isdigit((unsigned char)**s) + || **s == '-') + *s += 1; + + len = *s - key_str; + for (i = 0; i < svcparam_key_defs_len; i++) { + if (len == svcparam_key_defs[i].len + && !strncmp(key_str, svcparam_key_defs[i].str, len)) { + *key = i; + return LDNS_STATUS_OK; + } + } + if (len < 4 || len > 8 || strncmp(key_str, "key", 3)) + return LDNS_STATUS_SYNTAX_SVCPARAM_KEY_ERR; + + memcpy(num_str, key_str + 3, len - 3); + num_str[len - 3] = 0; + num = strtoul(num_str, &endptr, 10); + if (*endptr || num > 65535) + return LDNS_STATUS_SYNTAX_SVCPARAM_KEY_ERR; + + /* key65535 is Reserved to be an ("Invalid key"), though there is no + * physiological reason to deny usage. We restrict ourselves to the + * anatomical limitations only to maximize serviceability. + * ``` + * if (num == 65535) + * return LDNS_STATUS_RESERVED_SVCPARAM_KEY; + * ``` + */ + *key = num; + return LDNS_STATUS_OK; +} + +static ldns_status +parse_svcparam(const char **s, uint8_t **dp, uint8_t *eod) +{ + ldns_svcparam_key key; + ldns_status st; + uint8_t *val; + + if (*dp + 4 > eod) + return LDNS_STATUS_RDATA_OVERFLOW; + + if ((st = parse_svcparam_key(s, &key))) + return st; + + ldns_write_uint16(*dp, key); + ldns_write_uint16(*dp + 2, 0); + *dp += 4; + if (isspace((unsigned char)**s) || !**s) + return LDNS_STATUS_OK; + + else if (**s != '=') + return LDNS_STATUS_SYNTAX_ERR; + *s += 1; + val = *dp; + switch(key) { + case LDNS_SVCPARAM_KEY_MANDATORY: + st = parse_svcparam_mandatory(s, dp, eod); + break; + case LDNS_SVCPARAM_KEY_ALPN: + st = parse_svcparam_alpn(s, dp, eod); + break; + case LDNS_SVCPARAM_KEY_NO_DEFAULT_ALPN: + return LDNS_STATUS_NO_SVCPARAM_VALUE_EXPECTED; + case LDNS_SVCPARAM_KEY_PORT: + st = parse_svcparam_port(s, dp, eod); + break; + case LDNS_SVCPARAM_KEY_IPV4HINT: + st = parse_svcparam_ipv4hint(s, dp, eod); + break; + case LDNS_SVCPARAM_KEY_ECHCONFIG: + st = parse_svcparam_echconfig(s, dp, eod); + break; + case LDNS_SVCPARAM_KEY_IPV6HINT: + st = parse_svcparam_ipv6hint(s, dp, eod); + break; + default: + st = parse_svcparam_value(s, dp, eod); + break; + } + if (st) + return st; + ldns_write_uint16(val - 2, *dp - val); + return LDNS_STATUS_OK; +} + +static int +svcparam_ptr_cmp(const void *a, const void *b) +{ + uint8_t *x = *(uint8_t **)a , *y = *(uint8_t **)b; + uint16_t x_type = ldns_read_uint16(x), y_type = ldns_read_uint16(y); + uint16_t x_len , y_len; + + if (x_type != y_type) + return x_type > y_type ? 1 : -1; + + x_len = ldns_read_uint16(x + 2); + y_len = ldns_read_uint16(y + 2); + + return x_len != y_len + ? (x_len > y_len ? 1 : -1) + : (x_len == 0 ? 0 : memcmp(x + 4, y + 4, x_len)); +} + +ldns_status +ldns_str2rdf_svcparams(ldns_rdf **rd, const char *str) +{ + uint8_t *data, *dp, *eod, *p, *new_data; + ldns_status st = LDNS_STATUS_OK; + size_t length, i; + size_t nparams = 0; + uint8_t **svcparams; + int prev_key; + + if (!rd || !str) + return LDNS_STATUS_NULL; + + length = strlen(str); + /* Worst case space requirement. We'll realloc to actual size later. */ + if (!(dp = data = LDNS_XMALLOC(uint8_t, length * 4))) + return LDNS_STATUS_MEM_ERR; + eod = data + length * 4; + + /* Fill data with parsed bytes */ + for (;;) { + while (isspace((unsigned char)*str)) + str += 1; + if(!*str) + break; + if ((st = parse_svcparam(&str, &dp, eod))) { + LDNS_FREE(data); + return st; + } + nparams += 1; + } + + /* draft-ietf-dnsop-svcb-https-02 in Section 2.2: + * + * SvcParamKeys SHALL appear in increasing numeric order + * + * A svcparams array (with pointers to the individual key, value pairs) + * is created to qsort the pairs in increasing numeric order. + */ + if (!(svcparams = LDNS_XMALLOC(uint8_t *, nparams))) { + LDNS_FREE(data); + return LDNS_STATUS_MEM_ERR; + } + for ( p = data, i = 0 + ; p < dp && i < nparams + ; p += 4 + ldns_read_uint16(p + 2)) + svcparams[i++] = p; + + qsort(svcparams, i, sizeof(uint8_t *), svcparam_ptr_cmp); + + /* Write out the (key, value) pairs to a newly allocated data in + * sorted order. + */ + length = dp - data; + if (!(new_data = LDNS_XMALLOC(uint8_t, length))) { + LDNS_FREE(data); + LDNS_FREE(svcparams); + return LDNS_STATUS_MEM_ERR; + } + prev_key = -1; + for ( p = new_data, i = 0 + ; p < new_data + length && i < nparams + ; p += 4 + ldns_read_uint16(p + 2), i += 1) { + uint16_t key = ldns_read_uint16(svcparams[i]); + + /* In draft-ietf-dnsop-svcb-https-02 Section 2.1: + * + * SvcParams ...... keys MUST NOT be repeated. + * + * ldns will not impose this limitation on the library user, + * but we can merge completely equal repetitions into one. + * So, not doing + * ``` + * if (key == prev_key) + * return LDNS_STATUS_SVCPARAM_KEY_MORE_THAN_ONCE; + * ``` + * but instead: + */ + if (key == prev_key && ldns_read_uint16(svcparams[i] + 2) + == ldns_read_uint16(svcparams[i - 1] + 2) + && 0 == memcmp( svcparams[i ] + 4 + , svcparams[i - 1] + 4 + , ldns_read_uint16(svcparams[i] + 2))) { + p -= 4 + ldns_read_uint16(svcparams[i] + 2); + continue; + } + memcpy(p, svcparams[i], 4 + ldns_read_uint16(svcparams[i] + 2)); + prev_key = key; + } + LDNS_FREE(data); + LDNS_FREE(svcparams); + + /* Create rdf */ + *rd = ldns_rdf_new(LDNS_RDF_TYPE_SVCPARAMS, p - new_data, new_data); + if (! *rd) { + LDNS_FREE(new_data); + return LDNS_STATUS_MEM_ERR; + } + return LDNS_STATUS_OK; +} +#else /* #ifdef RRTYPE_SVCB_HTTPS */ +ldns_status +ldns_str2rdf_svcparams(ldns_rdf **rd, const char *str) +{ + (void)rd; (void)str; + return LDNS_STATUS_NOT_IMPL; +} +#endif /* #ifdef RRTYPE_SVCB_HTTPS */ diff -Nru ldns-1.7.1/.travis.yml ldns-1.8.1/.travis.yml --- ldns-1.7.1/.travis.yml 2019-07-26 15:07:44.000000000 +0000 +++ ldns-1.8.1/.travis.yml 1970-01-01 00:00:00.000000000 +0000 @@ -1,35 +0,0 @@ -sudo: false -language: c -addons: - apt: - packages: - - libssl-dev - - python - - valgrind - - lcov - - doxygen - - graphviz - - indent - homebrew: - packages: - - gnu-indent - - doxygen - - openssl - - indent -matrix: - include: - - os: linux - compiler: gcc - env: VALGRIND=true ANALYSIS=true COVERAGE=true DOXYGEN=true -# - os: linux -# compiler: clang -# env: VALGRIND=true ANALYSIS=true COVERAGE=true DOXYGEN=true -# - os: osx -# compiler: gcc -# env: VALGRIND=true ANALYSIS=true COVERAGE=true DOXYGEN=true - - os: osx - compiler: clang - env: VALGRIND=true ANALYSIS=true COVERAGE=true DOXYGEN=true -script: - - test/test_ci.sh - diff -Nru ldns-1.7.1/tsig.c ldns-1.8.1/tsig.c --- ldns-1.7.1/tsig.c 2019-07-26 15:07:44.000000000 +0000 +++ ldns-1.8.1/tsig.c 2021-12-03 07:45:47.000000000 +0000 @@ -196,7 +196,7 @@ return LDNS_STATUS_MEM_ERR; } /* - * prepare the digestable information + * prepare the digestible information */ data_buffer = ldns_buffer_new(LDNS_MAX_PACKETLEN); if (!data_buffer) { @@ -354,7 +354,13 @@ return false; } /* use time insensitive memory compare */ - if(CRYPTO_memcmp(ldns_rdf_data(pkt_mac_rdf), ldns_rdf_data(my_mac_rdf), + if( +#ifdef HAVE_CRYPTO_MEMCMP + CRYPTO_memcmp +#else + memcmp +#endif + (ldns_rdf_data(pkt_mac_rdf), ldns_rdf_data(my_mac_rdf), ldns_rdf_size(my_mac_rdf)) == 0) { ldns_rdf_deep_free(my_mac_rdf); return true; diff -Nru ldns-1.7.1/util.c ldns-1.8.1/util.c --- ldns-1.7.1/util.c 2019-07-26 15:07:44.000000000 +0000 +++ ldns-1.8.1/util.c 2021-12-03 07:45:47.000000000 +0000 @@ -293,25 +293,35 @@ #endif /* SIZEOF_TIME_T <= 4 */ static int64_t -ldns_serial_arithmitics_time(int32_t time, time_t now) +ldns_serial_arithmetics_time(int32_t time, time_t now) { - int32_t offset = time - (int32_t) now; + /* Casting due to https://github.com/NLnetLabs/ldns/issues/71 */ + int32_t offset = (int32_t) ((uint32_t) time - (uint32_t) now); return (int64_t) now + offset; } - struct tm * -ldns_serial_arithmitics_gmtime_r(int32_t time, time_t now, struct tm *result) +ldns_serial_arithmetics_gmtime_r(int32_t time, time_t now, struct tm *result) { #if SIZEOF_TIME_T <= 4 - int64_t secs_since_epoch = ldns_serial_arithmitics_time(time, now); + int64_t secs_since_epoch = ldns_serial_arithmetics_time(time, now); return ldns_gmtime64_r(secs_since_epoch, result); #else - time_t secs_since_epoch = ldns_serial_arithmitics_time(time, now); + time_t secs_since_epoch = ldns_serial_arithmetics_time(time, now); return gmtime_r(&secs_since_epoch, result); #endif } +#ifdef ldns_serial_arithmitics_gmtime_r +#undef ldns_serial_arithmitics_gmtime_r +#endif +/* alias function because of previously used wrong spelling */ +struct tm * +ldns_serial_arithmitics_gmtime_r(int32_t time, time_t now, struct tm *result) +{ + return ldns_serial_arithmetics_gmtime_r(time, now, result); +} + /** * Init the random source * applications should call this if they need entropy data within ldns @@ -377,7 +387,7 @@ RAND_seed(seed, (int) size); #else /* Seed the standard prng, only uses the first - * unsigned sizeof(unsiged int) bytes found in the entropy pool + * unsigned sizeof(unsigned int) bytes found in the entropy pool */ memcpy(&seed_i, seed, sizeof(seed_i)); srandom(seed_i); diff -Nru ldns-1.7.1/wire2host.c ldns-1.8.1/wire2host.c --- ldns-1.7.1/wire2host.c 2019-07-26 15:07:44.000000000 +0000 +++ ldns-1.8.1/wire2host.c 2021-12-03 07:45:47.000000000 +0000 @@ -273,6 +273,7 @@ case LDNS_RDF_TYPE_IPSECKEY: case LDNS_RDF_TYPE_LONG_STR: case LDNS_RDF_TYPE_AMTRELAY: + case LDNS_RDF_TYPE_SVCPARAMS: case LDNS_RDF_TYPE_NONE: /* * Read to end of rr rdata diff -Nru ldns-1.7.1/zone.c ldns-1.8.1/zone.c --- ldns-1.7.1/zone.c 2019-07-26 15:07:44.000000000 +0000 +++ ldns-1.8.1/zone.c 2021-12-03 07:45:47.000000000 +0000 @@ -180,7 +180,7 @@ return z; } -/* we regocnize: +/* we recognize: * $TTL, $ORIGIN */ ldns_status @@ -189,19 +189,28 @@ return ldns_zone_new_frm_fp_l(z, fp, origin, ttl, c, NULL); } +ldns_status _ldns_rr_new_frm_fp_l_internal(ldns_rr **newrr, FILE *fp, + uint32_t *default_ttl, ldns_rdf **origin, ldns_rdf **prev, + int *line_nr, bool *explicit_ttl); + /* XXX: class is never used */ ldns_status -ldns_zone_new_frm_fp_l(ldns_zone **z, FILE *fp, const ldns_rdf *origin, uint32_t ttl, - ldns_rr_class ATTR_UNUSED(c), int *line_nr) +ldns_zone_new_frm_fp_l(ldns_zone **z, FILE *fp, const ldns_rdf *origin, + uint32_t default_ttl, ldns_rr_class ATTR_UNUSED(c), int *line_nr) { ldns_zone *newzone; - ldns_rr *rr; + ldns_rr *rr, *prev_rr = NULL; uint32_t my_ttl; ldns_rdf *my_origin; ldns_rdf *my_prev; bool soa_seen = false; /* 2 soa are an error */ ldns_status s; ldns_status ret; + /* RFC 1035 Section 5.1, says 'Omitted class and TTL values are default + * to the last explicitly stated values.' + */ + bool ttl_from_TTL = false; + bool explicit_ttl = false; /* most cases of error are memory problems */ ret = LDNS_STATUS_MEM_ERR; @@ -210,7 +219,7 @@ my_origin = NULL; my_prev = NULL; - my_ttl = ttl; + my_ttl = default_ttl; if (origin) { my_origin = ldns_rdf_clone(origin); @@ -224,9 +233,58 @@ if (!newzone) goto error; while(!feof(fp)) { - s = ldns_rr_new_frm_fp_l(&rr, fp, &my_ttl, &my_origin, &my_prev, line_nr); + /* If ttl came from $TTL line, then it should be the default. + * (RFC 2308 Section 4) + * Otherwise it "defaults to the last explicitly stated value" + * (RFC 1035 Section 5.1) + */ + if (ttl_from_TTL) + my_ttl = default_ttl; + s = _ldns_rr_new_frm_fp_l_internal(&rr, fp, &my_ttl, &my_origin, + &my_prev, line_nr, &explicit_ttl); switch (s) { case LDNS_STATUS_OK: + if (explicit_ttl) { + if (!ttl_from_TTL) { + /* No $TTL, so ttl "defaults to the + * last explicitly stated value" + * (RFC 1035 Section 5.1) + */ + my_ttl = ldns_rr_ttl(rr); + } + /* When ttl is implicit, try to adhere to the rules as + * much as posssible. (also for compatibility with bind) + * This was changed when fixing an issue with ZONEMD + * which hashes the TTL too. + */ + } else if (ldns_rr_get_type(rr) == LDNS_RR_TYPE_SIG + || ldns_rr_get_type(rr) == LDNS_RR_TYPE_RRSIG) { + if (ldns_rr_rd_count(rr) >= 4 + && ldns_rdf_get_type(ldns_rr_rdf(rr, 3)) == LDNS_RDF_TYPE_INT32) + + /* SIG without explicit ttl get ttl + * from the original_ttl field + * (RFC 2535 Section 7.2) + * + * Similarly for RRSIG, but stated less + * specifically in the spec. + * (RFC 4034 Section 3) + */ + ldns_rr_set_ttl(rr, + ldns_rdf2native_int32( + ldns_rr_rdf(rr, 3))); + + } else if (prev_rr + && ldns_rr_get_type(prev_rr) == ldns_rr_get_type(rr) + && ldns_dname_compare( ldns_rr_owner(prev_rr) + , ldns_rr_owner(rr)) == 0) + + /* "TTLs of all RRs in an RRSet must be the same" + * (RFC 2881 Section 5.2) + */ + ldns_rr_set_ttl(rr, ldns_rr_ttl(prev_rr)); + + prev_rr = rr; if (ldns_rr_get_type(rr) == LDNS_RR_TYPE_SOA) { if (soa_seen) { /* second SOA @@ -245,19 +303,25 @@ } /* a normal RR - as sofar the DNS is normal */ - if (!ldns_zone_push_rr(newzone, rr)) goto error; + if (!ldns_zone_push_rr(newzone, rr)) { + ldns_rr_free(rr); + goto error; + } + break; case LDNS_STATUS_SYNTAX_EMPTY: /* empty line was seen */ case LDNS_STATUS_SYNTAX_TTL: /* the function set the ttl */ + default_ttl = my_ttl; + ttl_from_TTL = true; break; case LDNS_STATUS_SYNTAX_ORIGIN: /* the function set the origin */ break; case LDNS_STATUS_SYNTAX_INCLUDE: ret = LDNS_STATUS_SYNTAX_INCLUDE_ERR_NOTIMPL; - break; + goto error; default: ret = s; goto error;