Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package ldns for openSUSE:Factory checked in at 2026-06-11 17:26:40 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/ldns (Old) and /work/SRC/openSUSE:Factory/.ldns.new.1981 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "ldns" Thu Jun 11 17:26:40 2026 rev:24 rq:1358586 version:1.9.2 Changes: -------- --- /work/SRC/openSUSE:Factory/ldns/ldns.changes 2026-05-12 19:26:41.763156181 +0200 +++ /work/SRC/openSUSE:Factory/.ldns.new.1981/ldns.changes 2026-06-11 17:27:04.477609581 +0200 @@ -1,0 +2,8 @@ +Wed Jun 10 12:14:16 UTC 2026 - Adam Majer <[email protected]> + +- Update to version 1.9.2 + Insufficient verification that responses belong to a query + (CVE-2026-10846, bsc#1267670) +- ldns.keyring: updated from https://nlnetlabs.nl/signing-keys/ + +------------------------------------------------------------------- Old: ---- ldns-1.9.0.tar.gz ldns-1.9.0.tar.gz.asc New: ---- ldns-1.9.2.tar.gz ldns-1.9.2.tar.gz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ ldns.spec ++++++ --- /var/tmp/diff_new_pack.ZBuuPY/_old 2026-06-11 17:27:05.353646318 +0200 +++ /var/tmp/diff_new_pack.ZBuuPY/_new 2026-06-11 17:27:05.357646485 +0200 @@ -19,7 +19,7 @@ %define libname libldns3 Name: ldns -Version: 1.9.0 +Version: 1.9.2 Release: 0 Summary: A library for developing the Domain Name System License: BSD-3-Clause ++++++ _scmsync.obsinfo ++++++ --- /var/tmp/diff_new_pack.ZBuuPY/_old 2026-06-11 17:27:05.417649002 +0200 +++ /var/tmp/diff_new_pack.ZBuuPY/_new 2026-06-11 17:27:05.421649170 +0200 @@ -1,6 +1,6 @@ -mtime: 1778488176 -commit: 85b669d0366ea2d801eae053346057b21a32593dbc0035713305fc686d3ed0a4 +mtime: 1781106222 +commit: 1876cdfb7e1dee5e2b613d2777a47060a826067c8d1e235699f34181a6911d7e url: https://src.opensuse.org/dns/ldns -revision: 85b669d0366ea2d801eae053346057b21a32593dbc0035713305fc686d3ed0a4 +revision: 1876cdfb7e1dee5e2b613d2777a47060a826067c8d1e235699f34181a6911d7e projectscmsync: https://src.opensuse.org/dns/_ObsPrj.git ++++++ build.specials.obscpio ++++++ ++++++ build.specials.obscpio ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/.gitignore new/.gitignore --- old/.gitignore 1970-01-01 01:00:00.000000000 +0100 +++ new/.gitignore 2026-06-10 17:43:42.000000000 +0200 @@ -0,0 +1 @@ +.osc ++++++ ldns-1.9.0.tar.gz -> ldns-1.9.2.tar.gz ++++++ ++++ 1687 lines of diff (skipped) ++++ retrying with extended exclude list diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/ldns-1.9.0/Changelog new/ldns-1.9.2/Changelog --- old/ldns-1.9.0/Changelog 2025-12-04 16:45:51.000000000 +0100 +++ new/ldns-1.9.2/Changelog 2026-06-10 16:06:08.000000000 +0200 @@ -1,3 +1,11 @@ +1.9.2 2026-06-10 + * Fix to set VERSION_INFO to create .so.3 instead of .so.11 which will + be reserved for a future 1.10.0 release + +1.9.1 2026-06-10 + * Bugfix: Insufficient verification that responses belong to a + query (CVE-2026-10846). Thanks Pablo Ruiz from 'codecome.ai' + 1.9.0 2025-12-04 * PR #246: Make ldns_calc_keytag() available for CDNSKEY RR Thanks tgreenx and pnax diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/ldns-1.9.0/configure.ac new/ldns-1.9.2/configure.ac --- old/ldns-1.9.0/configure.ac 2025-12-04 16:45:51.000000000 +0100 +++ new/ldns-1.9.2/configure.ac 2026-06-10 16:06:08.000000000 +0200 @@ -6,7 +6,7 @@ # must be numbers. ac_defun because of later processing. m4_define([VERSION_MAJOR],[1]) m4_define([VERSION_MINOR],[9]) -m4_define([VERSION_MICRO],[0]) +m4_define([VERSION_MICRO],[2]) AC_INIT([ldns],m4_defn([VERSION_MAJOR]).m4_defn([VERSION_MINOR]).m4_defn([VERSION_MICRO]),[[email protected]],[libdns]) AC_CONFIG_SRCDIR([packet.c]) # needed to build correct soname @@ -32,10 +32,13 @@ # ldns-1.8.1 had libversion 5:0:2 # ldns-1.8.1 had libversion 6:0:3 # ldns-1.8.2 had libversion 7:0:4 -# ldns-1.8.3 has libversion 8:0:5 -# ldns-1.9.0 will have libversion 9:0:6 (new behaviour for dnssec_rrs_add_rr) +# ldns-1.8.3 had libversion 8:0:5 +# ldns-1.8.4 had libversion 9:0:6 +# ldns-1.9.0 had libversion 9:0:6 (though it should have had 10:0:0) +# ldns-1.9.1 had libversion 11:0:0 (but should have had 10:0:7 with 11:0:0 reserved for the ldns-1.10.0 release) +# ldns-1.9.2 has libversion 12:0:9 # -AC_SUBST(VERSION_INFO, [9:0:6]) +AC_SUBST(VERSION_INFO, [12:0:9]) AC_USE_SYSTEM_EXTENSIONS if test "$ac_cv_header_minix_config_h" = "yes"; then diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/ldns-1.9.0/doc/ldns_manpages new/ldns-1.9.2/doc/ldns_manpages --- old/ldns-1.9.0/doc/ldns_manpages 2025-12-04 16:46:07.000000000 +0100 +++ new/ldns-1.9.2/doc/ldns_manpages 2026-06-10 16:06:24.000000000 +0200 @@ -1,43 +1,53 @@ -ldns_rr_mx_preference -ldns_rr_mx_exchange -ldns_rdf2buffer_str_a -ldns_rdf2buffer_str_aaaa -ldns_rdf2buffer_str_str -ldns_rdf2buffer_str_b64 -ldns_rdf2buffer_str_hex -ldns_rdf2buffer_str_type -ldns_rdf2buffer_str_class -ldns_rdf2buffer_str_alg -ldns_rdf2buffer_str_loc -ldns_rdf2buffer_str_unknown -ldns_rdf2buffer_str_nsap -ldns_rdf2buffer_str_wks -ldns_rdf2buffer_str_nsec -ldns_rdf2buffer_str_period -ldns_rdf2buffer_str_tsigtime -ldns_rdf2buffer_str_apl -ldns_rdf2buffer_str_int16_data -ldns_rdf2buffer_str_int16 -ldns_rdf2buffer_str_ipseckey -ldns_rdf_address_reverse -ldns_duration_type -ldns_duration_create -ldns_duration_create_from_string -ldns_duration_cleanup -ldns_duration_compare -ldns_duration2string -ldns_duration2time -ldns_rr_descriptor -ldns_rr_descript -ldns_rr_descriptor_minimum -ldns_rr_descriptor_maximum -ldns_rr_descriptor_field_type -ldns_str2period -ldns_get_rr_class_by_name -ldns_get_rr_type_by_name -ldns_rr_list_cat -ldns_rr_list_push_rr -ldns_rr_list_pop_rr +ldns_buffer_flip +ldns_buffer_rewind +ldns_buffer_position +ldns_buffer_set_position +ldns_buffer_skip +ldns_rr_set_owner +ldns_rr_set_ttl +ldns_rr_set_type +ldns_rr_set_rd_count +ldns_rr_set_class +ldns_rr_set_rdf +ldns_rr2canonical +ldns_b32_ntop_calculate_size +ldns_b32_pton_calculate_size +ldns_b64_ntop_calculate_size +ldns_b64_pton_calculate_size +ldns_rr_new +ldns_rr_new_frm_type +ldns_rr_new_frm_str +ldns_rr_new_frm_fp +ldns_rr_free +ldns_rr_print +ldns_dnssec_trust_tree_new +ldns_dnssec_trust_tree_free +ldns_dnssec_trust_tree_depth +ldns_dnssec_derive_trust_tree +ldns_dnssec_trust_tree_contains_keys +ldns_dnssec_trust_tree_print +ldns_dnssec_trust_tree_print_sm +ldns_dnssec_trust_tree_add_parent +ldns_dnssec_derive_trust_tree_normal_rrset +ldns_dnssec_derive_trust_tree_dnskey_rrset +ldns_dnssec_derive_trust_tree_ds_rrset +ldns_dnssec_derive_trust_tree_no_sig +ldns_key_set_algorithm +ldns_key_set_rsa_key +ldns_key_set_dsa_key +ldns_key_set_hmac_key +ldns_key_set_origttl +ldns_key_set_inception +ldns_key_set_expiration +ldns_key_set_pubkey_owner +ldns_key_set_keytag +ldns_key_set_flags +ldns_key_list_set_key_count +ldns_key_algo_supported +ldns_key_list_new +ldns_bget_token +ldns_bgetc +ldns_bskipcs ldns_buffer ldns_buffer_new ldns_buffer_new_frm_data @@ -48,21 +58,44 @@ ldns_buffer_export ldns_buffer_export2str ldns_buffer2str -ldns_rr_push_rdf -ldns_rr_pop_rdf -ldns_update_zocount -ldns_update_prcount -ldns_update_upcount -ldns_update_adcount -ldns_algorithm -ldns_rr_dnskey_flags -ldns_rr_dnskey_set_flags -ldns_rr_dnskey_protocol -ldns_rr_dnskey_set_protocol -ldns_rr_dnskey_algorithm -ldns_rr_dnskey_set_algorithm -ldns_rr_dnskey_key -ldns_rr_dnskey_set_key +ldns_rdf_size +ldns_rdf_get_type +ldns_rdf_data +ldns_rdf_compare +ldns_octet +ldns_pkt_id +ldns_pkt_qr +ldns_pkt_aa +ldns_pkt_tc +ldns_pkt_rd +ldns_pkt_cd +ldns_pkt_ra +ldns_pkt_ad +ldns_pkt_get_opcode +ldns_pkt_get_rcode +ldns_pkt_qdcount +ldns_pkt_ancount +ldns_pkt_nscount +ldns_pkt_arcount +ldns_pkt_answerfrom +ldns_pkt_querytime +ldns_pkt_size +ldns_pkt_tsig +ldns_pkt_question +ldns_pkt_answer +ldns_pkt_authority +ldns_pkt_additional +ldns_pkt_get_section_clone +ldns_pkt_rr_list_by_name +ldns_pkt_rr_list_by_type +ldns_pkt_rr_list_by_name_and_type +ldns_get_rr_list_addr_by_name +ldns_get_rr_list_name_by_addr +ldns_sign_public_dsa +ldns_sign_public_rsamd5 +ldns_sign_public_rsasha1 +ldns_rr_set_push_rr +ldns_rr_set_pop_rr ldns_buffer_limit ldns_buffer_set_limit ldns_buffer_capacity @@ -72,82 +105,26 @@ ldns_buffer_begin ldns_buffer_end ldns_buffer_current -ldns_zone_rrs -ldns_zone_soa -ldns_pkt_set_flags -ldns_pkt_set_id -ldns_pkt_set_qr -ldns_pkt_set_aa -ldns_pkt_set_tc -ldns_pkt_set_rd -ldns_pkt_set_cd -ldns_pkt_set_ra -ldns_pkt_set_ad -ldns_pkt_set_opcode -ldns_pkt_set_rcode -ldns_pkt_set_qdcount -ldns_pkt_set_ancount -ldns_pkt_set_nscount -ldns_pkt_set_arcount -ldns_pkt_set_answerfrom -ldns_pkt_set_querytime -ldns_pkt_set_size -ldns_pkt_set_section_count -ldns_pkt_set_tsig -ldns_pkt_verify -ldns_rr2str -ldns_pkt2str -ldns_rdf2str -ldns_rr_list2str -ldns_key2str -ldns_fget_token -ldns_fskipcs -ldns_pkt -ldns_pkt_section -ldns_pkt_type -ldns_zone_sort -ldns_zone_glue_rr_list -ldns_rr2canonical -ldns_rdf_size -ldns_rdf_get_type -ldns_rdf_data -ldns_rdf_compare -ldns_rr_list_rr_count -ldns_rr_list_set_rr_count -ldns_dnssec_trust_tree_new -ldns_dnssec_trust_tree_free -ldns_dnssec_trust_tree_depth -ldns_dnssec_derive_trust_tree -ldns_dnssec_trust_tree_contains_keys -ldns_dnssec_trust_tree_print -ldns_dnssec_trust_tree_print_sm -ldns_dnssec_trust_tree_add_parent -ldns_dnssec_derive_trust_tree_normal_rrset -ldns_dnssec_derive_trust_tree_dnskey_rrset -ldns_dnssec_derive_trust_tree_ds_rrset -ldns_dnssec_derive_trust_tree_no_sig -ldns_rr_ns_nsdname -ldns_dname_left_chop -ldns_dname_label_count -ldns_dname_new -ldns_dname_new_frm_str -ldns_dname_new_frm_data -ldns_rr_list_new -ldns_rr_list_free -ldns_pkt_new -ldns_pkt_free -ldns_pkt_print -ldns_pkt_query_new -ldns_pkt_query_new_frm_str -ldns_pkt_reply_type -ldns_zone_set_rrs -ldns_zone_set_soa -ldns_dnssec_rrs_new -ldns_dnssec_rrs_free -ldns_dnssec_rrs_add_rr -ldns_dnssec_rrs_print +ldns_rr_push_rdf +ldns_rr_pop_rdf +ldns_update_pkt_tsig_add +ldns_rr_label_count +ldns_buffer2pkt_wire +ldns_rr_descriptor +ldns_rr_descript +ldns_rr_descriptor_minimum +ldns_rr_descriptor_maximum +ldns_rr_descriptor_field_type +ldns_zone_push_rr +ldns_zone_push_rr_list +ldns_rr_mx_preference +ldns_rr_mx_exchange +ldns_rr +ldns_rr_class +ldns_rr_type +ldns_rr_compress +ldns_rr_list ldns_key2rr -ldns_update_pkt_new ldns_rr_rrsig_typecovered ldns_rr_rrsig_set_typecovered ldns_rr_rrsig_algorithm @@ -166,6 +143,126 @@ ldns_rr_rrsig_set_signame ldns_rr_rrsig_sig ldns_rr_rrsig_set_sig +ldns_rr_compare +ldns_rr_compare_ds +ldns_dnssec_zone_sign +ldns_dnssec_zone_sign_nsec3 +ldns_dnssec_zone_mark_glue +ldns_dnssec_name_node_next_nonglue +ldns_dnssec_zone_create_nsecs +ldns_dnssec_remove_signatures +ldns_dnssec_zone_create_rrsigs +ldns_dnssec_zone_find_rrset +ldns_dnssec_zone_new +ldns_dnssec_zone_free +ldns_dnssec_zone_add_rr +ldns_dnssec_zone_names_print +ldns_dnssec_zone_print +ldns_dnssec_zone_add_empty_nonterminals +ldns_pkt2buffer_str +ldns_pktheader2buffer_str +ldns_rr2buffer_str +ldns_rr_list2buffer_str +ldns_rdf2buffer_str +ldns_key2buffer_str +ldns_pkt2buffer_wire +ldns_rr2buffer_wire +ldns_rdf2buffer_wire +ldns_rrsig2buffer_wire +ldns_rr_rdata2buffer_wire +ldns_zone_sort +ldns_zone_glue_rr_list +ldns_update_zocount +ldns_update_prcount +ldns_update_upcount +ldns_update_adcount +ldns_zone_sign +ldns_zone_sign_nsec3 +ldns_calc_keytag +ldns_calc_keytag_raw +ldns_dnssec_rrs_new +ldns_dnssec_rrs_free +ldns_dnssec_rrs_add_rr +ldns_dnssec_rrs_print +ldns_dname2canonical +ldns_send +ldns_bubblebabble +ldns_rr2wire +ldns_pkt2wire +ldns_rdf2wire +ldns_zone_rr_count +ldns_pkt_new +ldns_pkt_free +ldns_pkt_print +ldns_pkt_query_new +ldns_pkt_query_new_frm_str +ldns_pkt_reply_type +ldns_dane_verify +ldns_dane_verify_rr +ldns_zone +ldns_zone_new +ldns_zone_free +ldns_zone_deep_free +ldns_zone_new_frm_fp +ldns_zone_new_frm_fp_l +ldns_zone_print +ldns_zone_print_fmt +ldns_rdf_set_size +ldns_rdf_set_type +ldns_rdf_set_data +ldns_getaddrinfo +ldns_verify +ldns_verify_rrsig +ldns_verify_rrsig_keylist +ldns_verify_rrsig_keylist_notime +ldns_verify_notime +ldns_pkt +ldns_pkt_section +ldns_pkt_type +ldns_dnssec_data_chain_new +ldns_dnssec_data_chain_free +ldns_dnssec_data_chain_deep_free +ldns_dnssec_build_data_chain +ldns_dnssec_data_chain_print +ldns_sign_public +ldns_rdf2buffer_str_a +ldns_rdf2buffer_str_aaaa +ldns_rdf2buffer_str_str +ldns_rdf2buffer_str_b64 +ldns_rdf2buffer_str_hex +ldns_rdf2buffer_str_type +ldns_rdf2buffer_str_class +ldns_rdf2buffer_str_alg +ldns_rdf2buffer_str_loc +ldns_rdf2buffer_str_unknown +ldns_rdf2buffer_str_nsap +ldns_rdf2buffer_str_wks +ldns_rdf2buffer_str_nsec +ldns_rdf2buffer_str_period +ldns_rdf2buffer_str_tsigtime +ldns_rdf2buffer_str_apl +ldns_rdf2buffer_str_int16_data +ldns_rdf2buffer_str_int16 +ldns_rdf2buffer_str_ipseckey +ldns_create_nsec +ldns_rr_list_rr_count +ldns_rr_list_set_rr_count +ldns_key_rr2ds +ldns_version +ldns_dnssec_data_chain +ldns_dnssec_data_chain_struct +ldns_dnssec_trust_tree +ldns_str2period +ldns_dname_left_chop +ldns_dname_label_count +ldns_rr_list_clone +ldns_update_pkt_new +ldns_get_rr_class_by_name +ldns_get_rr_type_by_name +ldns_dname_compare +ldns_dname_interval +ldns_dname_cat_clone +ldns_dname_cat ldns_buffer_write_at ldns_buffer_write ldns_buffer_write_string_at @@ -184,6 +281,35 @@ ldns_buffer_read_u32 ldns_buffer_write_u32 ldns_buffer_write_u32_at +ldns_dnssec_verify_denial +ldns_dnssec_verify_denial_nsec3 +ldns_rr_rdf +ldns_rr_owner +ldns_rr_rd_count +ldns_rr_ttl +ldns_rr_get_class +ldns_rr2str +ldns_pkt2str +ldns_rdf2str +ldns_rr_list2str +ldns_key2str +ldns_dname_is_subdomain +ldns_dname_str_absolute +ldns_dname_label +ldns_dnssec_zone +ldns_dnssec_name +ldns_dnssec_rrs +ldns_dnssec_rrsets +ldns_dnssec_name_new +ldns_dnssec_name_new_frm_rr +ldns_dnssec_name_free +ldns_dnssec_name_name +ldns_dnssec_name_set_name +ldns_dnssec_name_set_nsec +ldns_dnssec_name_cmp +ldns_dnssec_name_add_rr +ldns_dnssec_name_find_rrset +ldns_dnssec_name_print ldns_key_list_key_count ldns_key_list_key ldns_key_rsa_key @@ -196,36 +322,12 @@ ldns_key_keytag ldns_key_pubkey_owner ldns_key_flags -ldns_rr2wire -ldns_pkt2wire -ldns_rdf2wire -ldns_zone_push_rr -ldns_zone_push_rr_list -ldns_dname_cat_clone -ldns_dname_cat -ldns_key_list_push_key -ldns_key_list_pop_key -ldns_init_random -ldns_sign_public_dsa -ldns_sign_public_rsamd5 -ldns_sign_public_rsasha1 -ldns_buffer2pkt_wire -ldns_rr_new -ldns_rr_new_frm_type -ldns_rr_new_frm_str -ldns_rr_new_frm_fp -ldns_rr_free -ldns_rr_print -ldns_rr -ldns_rr_class -ldns_rr_type -ldns_rr_compress -ldns_rr_list -ldns_zone_sign -ldns_zone_sign_nsec3 -ldns_get_rr_list_addr_by_name -ldns_get_rr_list_name_by_addr -ldns_key_rr2ds +ldns_rr_list_sort +ldns_pkt_tsig_verify +ldns_pkt_tsig_sign +ldns_verify_rrsig_dsa +ldns_verify_rrsig_rsasha1 +ldns_verify_rrsig_rsamd5 ldns_native2rdf_int8 ldns_native2rdf_int16 ldns_native2rdf_int32 @@ -235,72 +337,31 @@ ldns_rdf2native_int32 ldns_rdf2native_sockaddr_storage ldns_rdf2native_time_t -ldns_zone -ldns_zone_new -ldns_zone_free -ldns_zone_deep_free -ldns_zone_new_frm_fp -ldns_zone_new_frm_fp_l -ldns_zone_print -ldns_zone_print_fmt -ldns_wire2rr -ldns_wire2pkt -ldns_wire2rdf -ldns_wire2dname -ldns_dane_verify -ldns_dane_verify_rr -ldns_verify -ldns_verify_rrsig -ldns_verify_rrsig_keylist -ldns_verify_rrsig_keylist_notime -ldns_verify_notime -ldns_zone_rr_count -ldns_key_set_algorithm -ldns_key_set_rsa_key -ldns_key_set_dsa_key -ldns_key_set_hmac_key -ldns_key_set_origttl -ldns_key_set_inception -ldns_key_set_expiration -ldns_key_set_pubkey_owner -ldns_key_set_keytag -ldns_key_set_flags -ldns_key_list_set_key_count -ldns_key_algo_supported -ldns_dnssec_name_new -ldns_dnssec_name_new_frm_rr -ldns_dnssec_name_free -ldns_dnssec_name_name -ldns_dnssec_name_set_name -ldns_dnssec_name_set_nsec -ldns_dnssec_name_cmp -ldns_dnssec_name_add_rr -ldns_dnssec_name_find_rrset -ldns_dnssec_name_print -ldns_bubblebabble -ldns_key -ldns_key_list_new +ldns_axfr_start +ldns_axfr_next +ldns_axfr_abort +ldns_axfr_complete +ldns_axfr_last_pkt ldns_tcp_send_query ldns_tcp_read_wire ldns_tcp_connect -ldns_pkt2buffer_str -ldns_pktheader2buffer_str -ldns_rr2buffer_str -ldns_rr_list2buffer_str -ldns_rdf2buffer_str -ldns_key2buffer_str -ldns_pkt2buffer_wire -ldns_rr2buffer_wire -ldns_rdf2buffer_wire -ldns_rrsig2buffer_wire -ldns_rr_rdata2buffer_wire -ldns_send -ldns_update_pkt_tsig_add -ldns_dnssec_data_chain_new -ldns_dnssec_data_chain_free -ldns_dnssec_data_chain_deep_free -ldns_dnssec_build_data_chain -ldns_dnssec_data_chain_print +ldns_rr_ns_nsdname +ldns_dane_create_tlsa_rr +ldns_dane_create_tlsa_owner +ldns_dane_cert2rdf +ldns_dane_select_certificate +ldns_rr_list_new +ldns_rr_list_free +ldns_key_buf2dsa +ldns_key_buf2rsa +ldns_rr_dnskey_flags +ldns_rr_dnskey_set_flags +ldns_rr_dnskey_protocol +ldns_rr_dnskey_set_protocol +ldns_rr_dnskey_algorithm +ldns_rr_dnskey_set_algorithm +ldns_rr_dnskey_key +ldns_rr_dnskey_set_key ldns_get_rr_list_hosts_frm_file ldns_get_rr_list_hosts_frm_fp ldns_get_rr_list_hosts_frm_fp_l @@ -310,78 +371,83 @@ ldns_dnssec_rrsets_set_type ldns_dnssec_rrsets_add_rr ldns_dnssec_rrsets_print -ldns_dnssec_verify_denial -ldns_dnssec_verify_denial_nsec3 -ldns_pkt_tsig_verify -ldns_pkt_tsig_sign -ldns_buffer_flip -ldns_buffer_rewind -ldns_buffer_position -ldns_buffer_set_position -ldns_buffer_skip -ldns_rdf_new -ldns_rdf_clone -ldns_rdf_new_frm_data -ldns_rdf_new_frm_str -ldns_rdf_new_frm_fp -ldns_rdf_free -ldns_rdf_deep_free -ldns_rdf_print -ldns_rr_label_count -ldns_dname2canonical -ldns_axfr_start -ldns_axfr_next -ldns_axfr_abort -ldns_axfr_complete -ldns_axfr_last_pkt -ldns_bget_token -ldns_bgetc -ldns_bskipcs -ldns_pkt_id -ldns_pkt_qr -ldns_pkt_aa -ldns_pkt_tc -ldns_pkt_rd -ldns_pkt_cd -ldns_pkt_ra -ldns_pkt_ad -ldns_pkt_get_opcode -ldns_pkt_get_rcode -ldns_pkt_qdcount -ldns_pkt_ancount -ldns_pkt_nscount -ldns_pkt_arcount -ldns_pkt_answerfrom -ldns_pkt_querytime -ldns_pkt_size -ldns_pkt_tsig -ldns_pkt_question -ldns_pkt_answer -ldns_pkt_authority -ldns_pkt_additional -ldns_pkt_get_section_clone -ldns_pkt_rr_list_by_name -ldns_pkt_rr_list_by_type -ldns_pkt_rr_list_by_name_and_type -ldns_dname_compare -ldns_dname_interval +ldns_pkt_set_flags +ldns_pkt_set_id +ldns_pkt_set_qr +ldns_pkt_set_aa +ldns_pkt_set_tc +ldns_pkt_set_rd +ldns_pkt_set_cd +ldns_pkt_set_ra +ldns_pkt_set_ad +ldns_pkt_set_opcode +ldns_pkt_set_rcode +ldns_pkt_set_qdcount +ldns_pkt_set_ancount +ldns_pkt_set_nscount +ldns_pkt_set_arcount +ldns_pkt_set_answerfrom +ldns_pkt_set_querytime +ldns_pkt_set_size +ldns_pkt_set_section_count +ldns_pkt_set_tsig +ldns_pkt_edns +ldns_pkt_edns_udp_size +ldns_pkt_edns_extended_rcode +ldns_pkt_edns_version +ldns_pkt_edns_z +ldns_pkt_edns_data +ldns_pkt_set_edns_udp_size +ldns_pkt_set_edns_extended_rcode +ldns_pkt_set_edns_version +ldns_pkt_set_edns_z +ldns_pkt_set_edns_data +ldns_key_list_push_key +ldns_key_list_pop_key +ldns_is_rrset +ldns_zone_rrs +ldns_zone_soa +ldns_algorithm +ldns_key +ldns_key_free +ldns_key_deep_free +ldns_key_list_free ldns_update_set_zocount ldns_update_set_prcount ldns_update_set_upcount ldns_update_set_adcount +ldns_dname_new +ldns_dname_new_frm_str +ldns_dname_new_frm_data +ldns_key_new +ldns_key_new_frm_algorithm +ldns_key_new_frm_fp +ldns_key_new_frm_fp_l +ldns_key_new_frm_fp_rsa +ldns_key_new_frm_fp_rsa_l +ldns_key_new_frm_fp_dsa +ldns_key_new_frm_fp_dsa_l +ldns_rr_uncompressed_size +ldns_wire2rr +ldns_wire2pkt +ldns_wire2rdf +ldns_wire2dname ldns_get_errorstr_by_id ldns_status -ldns_key_free -ldns_key_deep_free -ldns_key_list_free -ldns_rr_list_sort -ldns_dnssec_zone_sign -ldns_dnssec_zone_sign_nsec3 -ldns_dnssec_zone_mark_glue -ldns_dnssec_name_node_next_nonglue -ldns_dnssec_zone_create_nsecs -ldns_dnssec_remove_signatures -ldns_dnssec_zone_create_rrsigs +ldns_init_random +ldns_rdf_address_reverse +ldns_fget_token +ldns_fskipcs +ldns_zone_set_rrs +ldns_zone_set_soa +ldns_pkt_verify +ldns_duration_type +ldns_duration_create +ldns_duration_create_from_string +ldns_duration_cleanup +ldns_duration_compare +ldns_duration2string +ldns_duration2time ldns_key_print ldns_buffer_remaining_at ldns_buffer_remaining @@ -389,82 +455,16 @@ ldns_buffer_available ldns_buffer_status ldns_buffer_status_ok -ldns_rdf_set_size -ldns_rdf_set_type -ldns_rdf_set_data -ldns_key_buf2dsa -ldns_key_buf2rsa -ldns_b32_ntop_calculate_size -ldns_b32_pton_calculate_size -ldns_b64_ntop_calculate_size -ldns_b64_pton_calculate_size -ldns_rr_compare -ldns_rr_compare_ds -ldns_calc_keytag -ldns_calc_keytag_raw ldns_rdf ldns_rdf_type -ldns_dnssec_zone_find_rrset -ldns_dnssec_zone_new -ldns_dnssec_zone_free -ldns_dnssec_zone_add_rr -ldns_dnssec_zone_names_print -ldns_dnssec_zone_print -ldns_dnssec_zone_add_empty_nonterminals -ldns_create_nsec -ldns_dane_create_tlsa_rr -ldns_dane_create_tlsa_owner -ldns_dane_cert2rdf -ldns_dane_select_certificate -ldns_getaddrinfo -ldns_rr_set_push_rr -ldns_rr_set_pop_rr -ldns_key_new -ldns_key_new_frm_algorithm -ldns_key_new_frm_fp -ldns_key_new_frm_fp_l -ldns_key_new_frm_fp_rsa -ldns_key_new_frm_fp_rsa_l -ldns_key_new_frm_fp_dsa -ldns_key_new_frm_fp_dsa_l -ldns_octet -ldns_rr_list_clone -ldns_dnssec_zone -ldns_dnssec_name -ldns_dnssec_rrs -ldns_dnssec_rrsets -ldns_version -ldns_rr_rdf -ldns_rr_owner -ldns_rr_rd_count -ldns_rr_ttl -ldns_rr_get_class -ldns_rr_set_owner -ldns_rr_set_ttl -ldns_rr_set_type -ldns_rr_set_rd_count -ldns_rr_set_class -ldns_rr_set_rdf -ldns_pkt_edns -ldns_pkt_edns_udp_size -ldns_pkt_edns_extended_rcode -ldns_pkt_edns_version -ldns_pkt_edns_z -ldns_pkt_edns_data -ldns_pkt_set_edns_udp_size -ldns_pkt_set_edns_extended_rcode -ldns_pkt_set_edns_version -ldns_pkt_set_edns_z -ldns_pkt_set_edns_data -ldns_sign_public -ldns_dnssec_data_chain -ldns_dnssec_data_chain_struct -ldns_dnssec_trust_tree -ldns_verify_rrsig_dsa -ldns_verify_rrsig_rsasha1 -ldns_verify_rrsig_rsamd5 -ldns_dname_is_subdomain -ldns_dname_str_absolute -ldns_dname_label -ldns_is_rrset -ldns_rr_uncompressed_size +ldns_rr_list_cat +ldns_rr_list_push_rr +ldns_rr_list_pop_rr +ldns_rdf_new +ldns_rdf_clone +ldns_rdf_new_frm_data +ldns_rdf_new_frm_str +ldns_rdf_new_frm_fp +ldns_rdf_free +ldns_rdf_deep_free +ldns_rdf_print diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/ldns-1.9.0/error.c new/ldns-1.9.2/error.c --- old/ldns-1.9.0/error.c 2025-12-04 16:45:51.000000000 +0100 +++ new/ldns-1.9.2/error.c 2026-06-10 16:06:08.000000000 +0200 @@ -191,6 +191,12 @@ "at least 2 bytes of option data" }, { LDNS_STATUS_EQUAL_RR, "An identical RR already existed in the zone" }, + { LDNS_STATUS_ID_DID_NOT_MATCH, + "Response ID did not match the query ID" }, + { LDNS_STATUS_QDCOUNT_MUST_BE_ONE, + "The query section MUST contain exactly one question" }, + { LDNS_STATUS_QUERY_DID_NOT_MATCH, + "The question in the response did not match the query" }, { 0, NULL } }; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/ldns-1.9.0/examples/ldns-testns.1 new/ldns-1.9.2/examples/ldns-testns.1 --- old/ldns-1.9.0/examples/ldns-testns.1 2025-12-04 16:45:51.000000000 +0100 +++ new/ldns-1.9.2/examples/ldns-testns.1 2026-06-10 16:06:08.000000000 +0200 @@ -47,6 +47,16 @@ Bind to IP6 address instead of IP4. Use together with -p. .TP +\fB-l\fR \fIIP address\fR +Bind to the specified IPv4 or IPv6 address. + +.TP +\fB-a\fR \fIIP address\fR +IPv4 or IPv6 address to answer from withthe ADJUST change_address directory +(see below). This can only be used in combination with the \fB-l\fR option +with an address of the same family. + +.TP \fBdatafile\fR The data file is read on start up. It contains queries and the packets that should be sent in answer to those queries. The data file format is @@ -92,9 +102,18 @@ ADJUST copy_id ; 'copy_id' copies the ID from the query to the answer. -; 'sleep=10' sleeps for 10 seconds before giving the answer (TCP is open) +ADJUST change_id ; answer with a different ID than the query had + +ADJUST change_port ; answer from a different port than the query was + ; sent to. UDP only (silently ignored on TCP) + +ADJUST change_address ; answer from a different address than the query + ; was sent to. UDP only (silently ignored on TCP) + +ADJUST [sleep=<num>] ; sleep before giving any reply + ; 'sleep=10' sleeps for 10 seconds before giving + ; the answer (TCP is open) -ADJUST [sleep=<num>] ; sleep before giving any reply ADJUST [packet_sleep=<num>] ; sleep before this packet in sequence SECTION QUESTION diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/ldns-1.9.0/examples/ldns-testns.c new/ldns-1.9.2/examples/ldns-testns.c --- old/ldns-1.9.0/examples/ldns-testns.c 2025-12-04 16:45:51.000000000 +0100 +++ new/ldns-1.9.2/examples/ldns-testns.c 2026-06-10 16:06:08.000000000 +0200 @@ -126,7 +126,6 @@ */ -struct sockaddr_storage; #include "config.h" #include <ldns/ldns.h> #include "ldns-testpkts.h" @@ -181,6 +180,8 @@ printf(" -f forks given number extra instances, default none.\n"); printf(" -v more verbose, prints queries, answers and matching.\n"); printf(" -6 listen on IP6 any address, instead of IP4 any address.\n"); + printf(" -l listen on the specified address.\n"); + printf(" -a alternative address to answer from with MATCH change_address (-l MUST be provided too).\n"); printf("The program answers queries with canned replies from the datafile.\n"); exit(EXIT_FAILURE); } @@ -217,45 +218,85 @@ va_end(args); } -static int bind_port(int sock, int port, int fam) -{ - struct sockaddr_in addr; -#if defined(AF_INET6) && defined(HAVE_GETADDRINFO) - if(fam == AF_INET6) { - struct sockaddr_in6 addr6; - memset(&addr6, 0, sizeof(addr6)); - addr6.sin6_family = AF_INET6; - addr6.sin6_port = (in_port_t)htons((uint16_t)port); -# if HAVE_DECL_IN6ADDR_ANY - addr6.sin6_addr = in6addr_any; -# else - memset(&addr6.sin6_addr, 0, sizeof(addr6.sin6_addr)); -# endif - return bind(sock, (struct sockaddr *)&addr6, (socklen_t) sizeof(addr6)); - } -#endif - -#ifndef S_SPLINT_S - addr.sin_family = AF_INET; -#endif - addr.sin_port = (in_port_t)htons((uint16_t)port); - addr.sin_addr.s_addr = INADDR_ANY; - return bind(sock, (struct sockaddr *)&addr, (socklen_t) sizeof(addr)); +typedef union { + struct sockaddr_storage ss; + struct sockaddr sa; + struct sockaddr_in s4; + struct sockaddr_in6 s6; +} addr_type; + +static int bind_addr_port(int sock, addr_type* addr, int port) +{ + switch(addr->ss.ss_family) { + case AF_INET: + addr->s4.sin_port = (in_port_t)htons((uint16_t)port); + break; + case AF_INET6: + addr->s6.sin6_port = (in_port_t)htons((uint16_t)port); + break; + default: + break; + } + return bind( sock, &addr->sa + , (socklen_t)( addr->ss.ss_family == AF_INET + ? sizeof(struct sockaddr_in) + : addr->ss.ss_family == AF_INET6 + ? sizeof(struct sockaddr_in6) + : 0)); } +/** shared by the service, main and send_udp routines (forked and threaded) */ +static int alt_addr_udp_sock; struct handle_udp_userdata { int udp_sock; struct sockaddr_storage addr_him; socklen_t hislen; }; + static void -send_udp(uint8_t* buf, size_t len, void* data) +send_udp(uint8_t* buf, size_t len, void* data, bool change_port, bool change_addr) { struct handle_udp_userdata *userdata = (struct handle_udp_userdata*)data; /* udp send reply */ ssize_t nb; - nb = sendto(userdata->udp_sock, (void*)buf, len, 0, - (struct sockaddr*)&userdata->addr_him, userdata->hislen); + if(!change_port && !change_addr) + nb = sendto(userdata->udp_sock, (void*)buf, len, 0, + (struct sockaddr*)&userdata->addr_him, userdata->hislen); + else if(change_port) { + int fam = ((struct sockaddr*)&userdata->addr_him)->sa_family; + int alt_udp_sock = socket(fam, SOCK_DGRAM, 0); + bool random_port_success = false; + addr_type any_addr; + + memset(&any_addr.ss, 0, sizeof(any_addr.ss)); + any_addr.ss.ss_family = fam; + + while (!random_port_success) { + int port = (random() % 64510) + 1025; + log_msg("trying to bind to port %d\n", port); + random_port_success = true; + if (bind_addr_port(alt_udp_sock, &any_addr, port)) { +#ifdef EADDRINUSE + if (errno != EADDRINUSE) { +#elif defined(USE_WINSOCK) + if (WSAGetLastError() != WSAEADDRINUSE) { +#else + if (1) { +#endif + perror("bind()"); + exit(-1); + } else { + random_port_success = false; + } + } + } + nb = sendto(alt_udp_sock, (void*)buf, len, 0, + (struct sockaddr*)&userdata->addr_him, userdata->hislen); + close(alt_udp_sock); + } else { + nb = sendto(alt_addr_udp_sock, (void*)buf, len, 0, + (struct sockaddr*)&userdata->addr_him, userdata->hislen); + } if(nb == -1) log_msg("sendto(): %s\n", strerror(errno)); else if((size_t)nb != len) @@ -326,10 +367,12 @@ int s; }; static void -send_tcp(uint8_t* buf, size_t len, void* data) +send_tcp(uint8_t* buf, size_t len, void* data, bool change_port, bool change_addr) { struct handle_tcp_userdata *userdata = (struct handle_tcp_userdata*)data; uint16_t tcplen; + (void)change_port; /* change_port is not applicable to TCP */ + (void)change_addr; /* change_addr is not applicable to TCP */ /* tcp send reply */ tcplen = htons(len); write_n_bytes(userdata->s, (uint8_t*)&tcplen, sizeof(tcplen)); @@ -500,26 +543,65 @@ /* network */ int fam = AF_INET; bool random_port_success; + bool have_addr = false; + bool have_alt_addr = false; + addr_type addr; + addr_type alt_addr; #ifdef USE_WINSOCK WSADATA wsa_data; #endif - + memset(&addr, 0, sizeof(addr)); + addr.s4.sin_family = AF_INET; + addr.s4.sin_addr.s_addr = INADDR_ANY; + memset(&alt_addr, 0, sizeof(alt_addr)); + alt_addr_udp_sock = -1; + /* parse arguments */ srandom(time(NULL) ^ getpid()); logfile = stdout; prog_name = argv[0]; log_msg("%s: start\n", prog_name); - while((c = getopt(argc, argv, "6f:p:rv")) != -1) { + while((c = getopt(argc, argv, "6a:f:l:p:rv")) != -1) { switch(c) { case '6': #ifdef AF_INET6 fam = AF_INET6; + addr.s6.sin6_family = AF_INET; +# if HAVE_DECL_IN6ADDR_ANY + addr.s6.sin6_addr = in6addr_any; +# endif #else log_msg("cannot -6: no IP6 available\n"); exit(1); #endif break; + case 'a': + if(inet_pton(AF_INET, optarg, (void*)&alt_addr.s4.sin_addr) == 1) { + alt_addr.s4.sin_family = AF_INET; + have_alt_addr = true; + break; /* correct alternative ipv4 address */ + } else if(inet_pton(AF_INET6, optarg, (void*)&alt_addr.s6.sin6_addr) == 1) { + alt_addr.s6.sin6_family = AF_INET6; + have_alt_addr = true; + break; /* correct alternative ipv6 address */ + } + log_msg("error: cannot parse alternative address\n"); + exit(1); + break; + case 'l': + if(inet_pton(AF_INET, optarg, (void*)&addr.s4.sin_addr) == 1) { + addr.s4.sin_family = AF_INET; + have_addr = true; + break; /* correct ipv4 address */ + } else if(inet_pton(AF_INET6, optarg, (void*)&addr.s6.sin6_addr) == 1) { + addr.s6.sin6_family = AF_INET6; + have_addr = true; + break; /* correct ipv6 address */ + } + log_msg("error: cannot parse address\n"); + exit(1); + break; case 'r': port = 0; break; @@ -547,6 +629,13 @@ if(argc == 0 || argc > 1) usage(); + + if(have_alt_addr && !have_addr) + error("Alternative address MUST be configured next to an address specified with -l\n"); + + if(have_alt_addr && have_addr + && addr.ss.ss_family != alt_addr.ss.ss_family) + error("A specified and alternative address MUST be of same IP family\n"); datafile = argv[0]; log_msg("Reading datafile %s\n", datafile); @@ -566,6 +655,9 @@ if((tcp_sock = socket(fam, SOCK_STREAM, 0)) < 0) { error("tcp socket(): %s\n", strerror(errno)); } + if(have_alt_addr && (alt_addr_udp_sock = socket(fam, SOCK_DGRAM, 0)) < 0) { + error("alt_addr_udp socket(): %s\n", strerror(errno)); + } c = 1; if(setsockopt(tcp_sock, SOL_SOCKET, SO_REUSEADDR, (void*)&c, (socklen_t) sizeof(int)) < 0) { error("setsockopt(SO_REUSEADDR): %s\n", strerror(errno)); @@ -573,22 +665,25 @@ /* bind ip4 */ if (port > 0) { - if (bind_port(udp_sock, port, fam)) { + if (bind_addr_port(udp_sock, &addr, port)) { error("cannot bind(): %s\n", strerror(errno)); } - if (bind_port(tcp_sock, port, fam)) { + if (bind_addr_port(tcp_sock, &addr, port)) { error("cannot bind(): %s\n", strerror(errno)); } if (listen(tcp_sock, CONN_BACKLOG) < 0) { error("listen(): %s\n", strerror(errno)); } + if(have_alt_addr && bind_addr_port(alt_addr_udp_sock, &alt_addr, port)) { + error("cannot bind(): %s\n", strerror(errno)); + } } else { random_port_success = false; while (!random_port_success) { port = (random() % 64510) + 1025; log_msg("trying to bind to port %d\n", port); random_port_success = true; - if (bind_port(udp_sock, port, fam)) { + if (bind_addr_port(udp_sock, &addr, port)) { #ifdef EADDRINUSE if (errno != EADDRINUSE) { #elif defined(USE_WINSOCK) @@ -603,7 +698,7 @@ } } if (random_port_success) { - if (bind_port(tcp_sock, port, fam)) { + if (bind_addr_port(tcp_sock, &addr, port)) { #ifdef EADDRINUSE if (errno != EADDRINUSE) { #elif defined(USE_WINSOCK) @@ -622,12 +717,28 @@ if (listen(tcp_sock, CONN_BACKLOG) < 0) { error("listen(): %s\n", strerror(errno)); } + if (have_alt_addr && bind_addr_port(alt_addr_udp_sock, &alt_addr, port)) { +#ifdef EADDRINUSE + if (errno != EADDRINUSE) { +#elif defined(USE_WINSOCK) + if (WSAGetLastError()!=WSAEADDRINUSE){ +#else + if (1) { +#endif + perror("bind()"); + return -1; + } else { + random_port_success = false; + } + } } - } } log_msg("Listening on port %d\n", port); - + if(alt_addr.ss.ss_family == AF_INET) + alt_addr.s4.sin_port = (in_port_t)htons((uint16_t)port); + else if(alt_addr.ss.ss_family == AF_INET6) + alt_addr.s6.sin6_port = (in_port_t)htons((uint16_t)port); /* forky! */ if(forknum > 0) forkit(forknum); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/ldns-1.9.0/examples/ldns-testpkts.c new/ldns-1.9.2/examples/ldns-testpkts.c --- old/ldns-1.9.0/examples/ldns-testpkts.c 2025-12-04 16:45:51.000000000 +0100 +++ new/ldns-1.9.2/examples/ldns-testpkts.c 2026-06-10 16:06:08.000000000 +0200 @@ -223,6 +223,12 @@ return; if(str_keyword(&parse, "copy_id")) { e->copy_id = true; + } else if(str_keyword(&parse, "change_id")) { + e->change_id = true; + } else if(str_keyword(&parse, "change_port")) { + e->change_port = true; + } else if(str_keyword(&parse, "change_address")) { + e->change_addr = true; } else if(str_keyword(&parse, "copy_query")) { e->copy_query = true; } else if(str_keyword(&parse, "sleep=")) { @@ -259,6 +265,9 @@ e->match_udp_size = 0; e->reply_list = NULL; e->copy_id = false; + e->change_id = false; + e->change_port = false; + e->change_addr = false; e->copy_query = false; e->sleeptime = 0; e->next = NULL; @@ -839,6 +848,8 @@ /* copy & adjust packet */ if(match->copy_id) ldns_pkt_set_id(answer_pkt, ldns_pkt_id(query_pkt)); + if(match->change_id) + ldns_pkt_set_id(answer_pkt, 65535 - ldns_pkt_id(query_pkt)); if(match->copy_query) { ldns_rr_list* list = ldns_pkt_get_section_clone(query_pkt, LDNS_SECTION_QUESTION); @@ -861,7 +872,8 @@ */ void handle_query(uint8_t* inbuf, ssize_t inlen, struct entry* entries, int* count, - enum transport_type transport, void (*sendfunc)(uint8_t*, size_t, void*), + enum transport_type transport, + void (*sendfunc)(uint8_t*, size_t, void*, bool, bool), void* userdata, FILE* verbose_out) { ldns_status status; @@ -932,6 +944,10 @@ ldns_write_uint16(outbuf, ldns_pkt_id(query_pkt)); } + if(entry->change_id) { + ldns_write_uint16(outbuf, + 65535 - ldns_pkt_id(query_pkt)); + } } } else { answer_pkt = ldns_pkt_clone(p->reply); @@ -959,7 +975,7 @@ verbose(3, "wakeup for next packet " "(slept %d secs)\n", p->packet_sleep); } - sendfunc(outbuf, answer_size, userdata); + sendfunc(outbuf, answer_size, userdata, entry->change_port, entry->change_addr); LDNS_FREE(outbuf); outbuf = NULL; answer_size = 0; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/ldns-1.9.0/examples/ldns-testpkts.h new/ldns-1.9.2/examples/ldns-testpkts.h --- old/ldns-1.9.0/examples/ldns-testpkts.h 2025-12-04 16:45:51.000000000 +0100 +++ new/ldns-1.9.2/examples/ldns-testpkts.h 2026-06-10 16:06:08.000000000 +0200 @@ -199,6 +199,12 @@ /** how to adjust the reply packet */ /** copy over the ID from the query into the answer */ bool copy_id; + /** answer with a different ID than the query had */ + bool change_id; + /** answer from a different port than the query was sent to */ + bool change_port; + /** answer from a different address than the query was sent to */ + bool change_addr; /** copy the query nametypeclass from query into the answer */ bool copy_query; /** in seconds */ @@ -270,7 +276,7 @@ */ void handle_query(uint8_t* inbuf, ssize_t inlen, struct entry* entries, int* count, enum transport_type transport, - void (*sendfunc)(uint8_t*, size_t, void*), void* userdata, + void (*sendfunc)(uint8_t*, size_t, void*, bool, bool), void* userdata, FILE* verbose_out); #endif /* LDNS_TESTPKTS_H */ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/ldns-1.9.0/ldns/error.h new/ldns-1.9.2/ldns/error.h --- old/ldns-1.9.0/ldns/error.h 2025-12-04 16:45:51.000000000 +0100 +++ new/ldns-1.9.2/ldns/error.h 2026-06-10 16:06:08.000000000 +0200 @@ -144,7 +144,10 @@ LDNS_STATUS_INVALID_SVCPARAM_VALUE, LDNS_STATUS_NOT_EDE, LDNS_STATUS_EDE_OPTION_MALFORMED, - LDNS_STATUS_EQUAL_RR + LDNS_STATUS_EQUAL_RR, + LDNS_STATUS_ID_DID_NOT_MATCH, + LDNS_STATUS_QDCOUNT_MUST_BE_ONE, + LDNS_STATUS_QUERY_DID_NOT_MATCH }; typedef enum ldns_enum_status ldns_status; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/ldns-1.9.0/net.c new/ldns-1.9.2/net.c --- old/ldns-1.9.0/net.c 2025-12-04 16:45:51.000000000 +0100 +++ new/ldns-1.9.2/net.c 2026-06-10 16:06:08.000000000 +0200 @@ -441,6 +441,50 @@ return ldns_udp_bgsend_from(qbin, to, tolen, NULL, 0, timeout); } +/** helper sockaddr compare function. returns -1, 0 or 1. */ +static int +ldns_sockaddr_cmp(const struct sockaddr_storage* addr1, socklen_t len1, + const struct sockaddr_storage* addr2, socklen_t len2) +{ + struct sockaddr_in* p1_in = (struct sockaddr_in*)addr1; + struct sockaddr_in* p2_in = (struct sockaddr_in*)addr2; + struct sockaddr_in6* p1_in6 = (struct sockaddr_in6*)addr1; + struct sockaddr_in6* p2_in6 = (struct sockaddr_in6*)addr2; + if(len1 < len2) + return -1; + if(len1 > len2) + return 1; + assert(len1 == len2); + if( p1_in->sin_family < p2_in->sin_family) + return -1; + if( p1_in->sin_family > p2_in->sin_family) + return 1; + assert( p1_in->sin_family == p2_in->sin_family ); + /* compare ip4 */ + if( p1_in->sin_family == AF_INET ) { + /* just order it, ntohs not required */ + if(p1_in->sin_port < p2_in->sin_port) + return -1; + if(p1_in->sin_port > p2_in->sin_port) + return 1; + assert(p1_in->sin_port == p2_in->sin_port); + return memcmp(&p1_in->sin_addr, &p2_in->sin_addr, + sizeof(p1_in->sin_addr)); + } else if (p1_in6->sin6_family == AF_INET6) { + /* just order it, ntohs not required */ + if(p1_in6->sin6_port < p2_in6->sin6_port) + return -1; + if(p1_in6->sin6_port > p2_in6->sin6_port) + return 1; + assert(p1_in6->sin6_port == p2_in6->sin6_port); + return memcmp(&p1_in6->sin6_addr, &p2_in6->sin6_addr, + sizeof(p1_in6->sin6_addr)); + } else { + /* eek unknown type, perform this comparison for sanity. */ + return memcmp(addr1, addr2, len1); + } +} + static ldns_status ldns_udp_send_from(uint8_t **result, ldns_buffer *qbin, const struct sockaddr_storage *to , socklen_t tolen, @@ -449,6 +493,8 @@ { int sockfd; uint8_t *answer; + struct sockaddr_storage reply_addr; + socklen_t reply_addr_len; sockfd = ldns_udp_bgsend_from(qbin, to, tolen, from, fromlen, timeout); @@ -467,13 +513,21 @@ * but returns a 'NETWORK_ERROR' much like a timeout. */ ldns_sock_nonblock(sockfd); - answer = ldns_udp_read_wire(sockfd, answer_size, NULL, NULL); + reply_addr_len = sizeof(reply_addr); + memset(&reply_addr, 0, reply_addr_len); + answer = ldns_udp_read_wire(sockfd, answer_size, &reply_addr, + &reply_addr_len); close_socket(sockfd); if (!answer) { /* oops */ return LDNS_STATUS_NETWORK_ERR; } + /* Check that the reply came from the to addr. */ + if(ldns_sockaddr_cmp(to, tolen, &reply_addr, reply_addr_len) != 0) { + free(answer); + return LDNS_STATUS_NETWORK_ERR; + } *result = answer; return LDNS_STATUS_OK; @@ -512,6 +566,10 @@ assert(r != NULL); + /* The query should at least have one question */ + if(ldns_buffer_limit(qb) < 6 || ldns_buffer_read_u16_at(qb, 4) != 1) + return LDNS_STATUS_QDCOUNT_MUST_BE_ONE; + status = LDNS_STATUS_OK; rtt = ldns_resolver_rtt(r); ns_array = ldns_resolver_nameservers(r); @@ -599,6 +657,16 @@ ldns_resolver_set_nameserver_rtt(r, i, LDNS_RESOLV_RTT_INF); status = send_status; } + if(reply_bytes && ldns_buffer_limit(qb) >= 2) { + uint16_t txid = ldns_buffer_read_u16_at(qb, 0); + if(reply_size < 2 || + ldns_read_uint16(reply_bytes) != txid) { + status = LDNS_STATUS_ID_DID_NOT_MATCH; + LDNS_FREE(reply_bytes); + reply_bytes = NULL; + reply_size = 0; + } + } /* obey the fail directive */ if (!reply_bytes) { @@ -608,7 +676,7 @@ LDNS_FREE(src); } LDNS_FREE(ns); - return LDNS_STATUS_ERR; + return status ? status : LDNS_STATUS_ERR; } else { LDNS_FREE(ns); continue; @@ -670,6 +738,26 @@ #endif /* HAVE_SSL */ LDNS_FREE(reply_bytes); + if (reply) { + ldns_pkt *query = NULL; + + if(ldns_pkt_qdcount(reply) != 1) { + status = LDNS_STATUS_QDCOUNT_MUST_BE_ONE; + ldns_pkt_free(reply); + reply = NULL; + + } else if(ldns_wire2pkt(&query + , ldns_buffer_begin(qb) + , ldns_buffer_position(qb)) != LDNS_STATUS_OK + || ldns_pkt_qdcount(query) != 1 + || ldns_rr_compare(ldns_rr_list_rr(ldns_pkt_question(query),0) + ,ldns_rr_list_rr(ldns_pkt_question(reply),0))){ + status = LDNS_STATUS_QUERY_DID_NOT_MATCH; + ldns_pkt_free(reply); + reply = NULL; + } + ldns_pkt_free(query); + } if (result) { *result = reply; } ++++++ ldns.keyring ++++++ --- /var/tmp/diff_new_pack.ZBuuPY/_old 2026-06-11 17:27:11.405900118 +0200 +++ /var/tmp/diff_new_pack.ZBuuPY/_new 2026-06-11 17:27:11.405900118 +0200 @@ -1,52 +1,25 @@ -----BEGIN PGP PUBLIC KEY BLOCK----- -mQINBE1s81EBEACuJzGgccrmYEAzHc//vBq66gH7orM0GtKfQZHh4uR1FMxZXl07 -WevUYNuBywTpinU9rpY1Q3S4w6QgNklgpsaHXmbOpyFjJ8FpllV8TRPiXiNrNxTp -Mnlb6InoszopX69tkBVHTP6cJkNgPx6R4BM0ARqEGQmOL8mAcoWyGVzbsamuGRai -a54zs/kc3i9yiqEzRkoQmfwr7sr49n7gOpmaqXvonOSiUvgEziep77emMcqVa/qZ -xR1r7KUq85qTNTqsQwl2cQdKS7WwOeuG6ZIJmJ1bakriKzLBYF5xIHKSYJW0ZA20 -tNFrVKgTkEjiXvAJh4HlJEIi35tqa/IzWUJSc1ainhBjxbwSl8BRq5aaPgwB+xXi -DqY6BrQW1slvl5TF2A6Xr7JJ0rkH3EZgXxABAZ3WJ3RLwq1z8jnNYj+UW/mSLsbO -tgfOiBhFUXMZneHvVVvz6F6XAtyrejDl5sD2gnzm1VDfK6T6bvLtR7zrkWre0lpy -cDmgmUKgaEiXzfLvwT9RaWk8GdqU2GG+QOiwf+hT0peDieuodjMr59sUbx7GqVe/ -45rJBRSx+HCl2Jm7Th2Xr0kpStCd7ebVoEq9wpMyu+dM9wOTtibA9P3+9u4rAdim -pAdQxEbhWbRNCng2EVhThbqRK3cTZLbtqKaWgAJqa/IQVpL9b5ps8Z4JVQARAQAB -tCNXaWxsZW0gVG9vcm9wIDx3aWxsZW1AbmxuZXRsYWJzLm5sPokCPgQTAQIAKAIb -IwYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AFAlbUE5oFCRDr7kkACgkQ5fj4IS93 -pJiGfA/8C1+/M+EaQItVzQ/iPCbagBTqWOSispMzJne9gmimJzPs+lxgnrXOuYlI -BywHpWB2Jmz45h+Cc4+di48WQfV9tHENn9MVFkwKzSdcY6v5eot6xSY5FRHS226M -PR9UJ8/z5PvlizZUVbbM+Ngxg3Rx045Q0FnQm0o5VasEJ1PoR3CSiELJoZ13ukTk -5pQlKyVknUKH1E1ds+Xtg1jpZBqiLiBzcLkKWYqBvrXI6XAEPr+woRgj3xV8P24U -j232uK7xoe82jWIeZWXt/AbHBSmNOWPIgMd9i3FjdeTDml5sZSy3BlDYMr8hINen -hYLhdLpJnXwPcsaj0ivcV+xSjLtSh0mE4gudcVhk5XR1M6emSlATC6+Bqn0M9JNT -n4SHhkNSyo87aPwKqWFDlvjAZlRyPym9miJBlzech2uOlYSk6GFuead7MpGAipf5 -PwNNRKDMDi3y+H47YG2izbrqj3cOZdqZmErwrzCU8xVkxzY/EY6w/MNMFNeqmXVG -xzIZ8y9KAjH6JO96M/AxS4mXHJh1ocfHtSm90Ahy/HPJK+2+5+IgkAymKsvyIbvj -s7FccMUo+OiSPWYi+xO/NXA4pBlUuGmV55Kog7ym1flzo8OD9uHfLPrVORBHgnsI -Tbzf9vgJ0emy8fxMCkzFT334gC1OVhD1ff1frbPXyVbcGI8AO+q5Ag0ETWzzUQEQ -AKTs4hWz94K66PtsHj/cBtHmJCJx9BsHP8eoUjd4iBR7cWgTTgt1PGCNBzCPGIuU -ia808dqxu1L8OWjQpwXDCjXqAibn0mCJMRONVszxJKkjYnZGKGOo8cg7OmQBZyEd -6qrfxVf/dwHLsdQTJZzz9bGOxuYVAAu0q3PHW5gGFc+pp3eN47qzGMxEjsoETj/c -laxjqisohG13/hkP6PvDoD7OOdOGdQQP8b4GRBD6rZ/FqMLv4C80zDnzCH1rLpNG -Qplf1any06WTAsDL4f6gEALH62TIxOX4U7WxeuvHxyKXOAuN+ex/MvF2az124Ybc -WC7t1dqVW3ys20zKaememyXSKxV6aMn4KBcJF3CdM1oABZDyviL9el7Q/yQylpZC -6El4QowaPIOAuzOdIc6cuM6PTWvBArcKVgQhWfJshfeFmfkxpz/hWc9K40yCjmb+ -hPZIr3RbXSsQItUUkBqOSMHNroIgX+IaWMq3e7yMHdMqlKr0lU52lfBbfECjleB/ -NO4K3SGJBPzTgLtze+LsWxSJQoQMWKv6ISwQrW3rsmUjqgQNrSGROX3rRy8Nvuzr -avs4a3FmdUpHIWw2KfY2M6AsX9HBFuRsimgqFjQm5VbqXA7NtHJCnA1RvqXlg/iJ -5w+DElHosxwjHS+UbejDGmVQ+ITqlh3991osPjZq1Iy1ABEBAAGJAiUEGAECAA8C -GwwFAlbUE5oFCRDr7kkACgkQ5fj4IS93pJjBwxAAnko5CSFDX/ZqW97satNacACH -SAOOM8/jz1p2QtJSwbrbLsJRMpN1mSnjXWPBTmXoP4SGHGtxTVZxrYCpSMEHMqOV -4yK3QlUnQXnf+CSvo2Ud3rpCh/lFLVHqG2Sy5Ietf/T+GGsoPd9DIdTHO0aFlW2y -RQPxSrbYpv1v2aACgRO4114qkex2j36diqlLod/OU4OQ51nuSesjTrUM9Fz6ikBJ -1UDjakjAXe/HiRxUmdv4LANCmso+Gn17Co5lUdpn3fa8zTwNNAgLm6RBiBSSdaYE -xM9ir6pHrcWL5N+iZKnVmfE5CBufziZq7V1E3I4FRuvDN4echbf58c6YxBQDsd9V -ZMJeFWY60w4JEXpHQdt129GS1FN/2PQ8NmAUXYCkYYk6Lv1tnGJCSLnD3ObLyWm+ -sjA5yAK2H8WU+nutsDF63yFJujNMpmB3bi9+699TzsyQNVKd2fH38cgk1gZFb6Nb -x9+lrTIwzAJJlOu8UwbR0HgGuRmrWp0EIm3tcy4xqWF3CavnM22BAOKKKH+qnwx8 -BRrx58coHQFMswW4W7Bo+jpKbQJ4RV2cXUEbmHbYUoXDHZyv/RzOI46dXAoWFc3o -CoqLqpsZYZstJ4UJHXB5aHi1zxJDwzKxsflmSKfIUr3glRWCy/ylcPMEXzPBb3qb -GFMUboioUjqLuNV4SSY= -=n3Or +mQGNBGc7H5IBDADOZfJwZ6zZ/4JbbR2hef4261/zh7YpdjUREUs0dMQSbf+x7sAE +50JgvLQWlvA8sDHzbUMQ9cAYZBGGE6iHb50KboeEfuiP5BdiLe8XWKlo1EIh+Idz +0+e1binxwvXV1/9ACm/UHPRuWjkG7vrP+mVRuhfKglO6xSDxV1cwjYTRtvRtQx8D ++kTdZzprvtzkU7OIWeczKFJRhVHzNDHYFG9SuxvDA9cbVm1KPVJEkRBwoSBPeB0z +Z3LSib2uT6Lc/ghAijOwIpR+zNYKOYxRhzoFArrLa0Fs4nq6//LA42/aVjSienEJ +SR5CVUbZy14WuUsYCkV+ZoORVRYZOcjtPG7FUKDXKzY9/iNhEAZ3OMK7Np2Xq/YO +gaOiUDFXLHU1n2UVH1rwkMiS2o4EMqvO7gINmnL/ccpI2wj2QrQ+JZ9y1Xky7dQM +LIIbtp40e0kGocgyba484rW17xlvXRxb1Pjn93JygD6WcraLLNh9jq87hW/J37qi +S4DL+GUe10H8SeEAEQEAAbQ6TkxuZXQgTGFicyByZWxlYXNlcyBzaWduaW5nIGtl +eSBHMiA8cmVsZWFzZXNAbmxuZXRsYWJzLm5sPokBzgQTAQoAOBYhBCMQGGkMTZA+ +9BkUaqFEMj3qrN9FBQJnOx+SAhsDBQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJ +EKFEMj3qrN9FZigL/0aVsJ48oe7vko1Mwg9DucFoCL8CESAarA40in1Bauq7p/pT +l5UcNnFPLO8HBAHWGWtDI63pEhNzHacPzSI94GKS4TUMGzCV1H/c0KnxB7wAO55b +HEQOZJ+kFRBFXWxbXORtp86NZuyCvVoSA4QAcnCf4m5ZEBb72H2cmy8xP+/HLkbS +rpr5pyoUWtCYM8FxnjM3bClXSGOlWNl9cSXLqyyVjxvc7cOAS8ytL/zoVStoBmi/ +OwQbeJfAiqDMnipBJNzOHlfniKXE0FGDozKCHWP88ifs8A8OUNtJng7cNq7EQf9K +vTvbJCcF4akUUcXnx4gv9Z1ZQ93Jg5X7h+0MP7Ut4z9hKSIAOowru7GXGEt256Ja +eE1nSviDcqUtZpyqCLjpCDFGPMwSPzSwlPXjJVlVxPkDvPuNt2LUIEd8BR8Wo7z+ +NA5uM/zTHkQXEdUgCcl/rHy6moHYV3Q+YbMb17zU37a5vLb+wQ74doaiYo3b8KoV +K6vVKMmB0qru6ERJ3g== +=4R8U -----END PGP PUBLIC KEY BLOCK-----
