From 8f850beb3a2183d78b1f1651cabf6b7765f8c2dd Mon Sep 17 00:00:00 2001 From: zhangxianting Date: Tue, 23 Jul 2024 10:31:19 +0800 Subject: [PATCH] Fix CVE-2024-25638 --- backport-CVE-2024-25638.patch | 995 ++++++++++++++++++++++++++++++++++ dnsjava.spec | 7 +- 2 files changed, 1001 insertions(+), 1 deletion(-) create mode 100644 backport-CVE-2024-25638.patch diff --git a/backport-CVE-2024-25638.patch b/backport-CVE-2024-25638.patch new file mode 100644 index 0000000..3302d16 --- /dev/null +++ b/backport-CVE-2024-25638.patch @@ -0,0 +1,995 @@ +From bc51df1c455e6c9fb7cbd42fcb6d62d16047818d Mon Sep 17 00:00:00 2001 +From: Ingo Bauersachs +Date: Sun, 21 Jul 2024 13:34:12 +0200 +Subject: [PATCH] Fix links to RFCs and IANA registries + +--- + org/xbill/DNS/A6Record.java | 2 ++ + org/xbill/DNS/AAAARecord.java | 2 ++ + org/xbill/DNS/AFSDBRecord.java | 1 + + org/xbill/DNS/APLRecord.java | 2 ++ + org/xbill/DNS/ARecord.java | 2 ++ + org/xbill/DNS/CAARecord.java | 2 ++ + org/xbill/DNS/CDNSKEYRecord.java | 2 ++ + org/xbill/DNS/CDSRecord.java | 2 ++ + org/xbill/DNS/CERTRecord.java | 2 ++ + org/xbill/DNS/CNAMERecord.java | 2 ++ + org/xbill/DNS/ClientSubnetOption.java | 6 ++---- + org/xbill/DNS/DHCIDRecord.java | 2 ++ + org/xbill/DNS/DLVRecord.java | 2 ++ + org/xbill/DNS/DNAMERecord.java | 2 ++ + org/xbill/DNS/DNSKEYRecord.java | 2 ++ + org/xbill/DNS/DSRecord.java | 2 ++ + org/xbill/DNS/EDNSOption.java | 8 ++++++++ + org/xbill/DNS/GPOSRecord.java | 2 ++ + org/xbill/DNS/HINFORecord.java | 2 ++ + org/xbill/DNS/IPSECKEYRecord.java | 13 +++++++++++++ + org/xbill/DNS/ISDNRecord.java | 1 + + org/xbill/DNS/KEYRecord.java | 4 ++++ + org/xbill/DNS/KXRecord.java | 2 ++ + org/xbill/DNS/LOCRecord.java | 2 ++ + org/xbill/DNS/MBRecord.java | 2 ++ + org/xbill/DNS/MDRecord.java | 2 ++ + org/xbill/DNS/MFRecord.java | 2 ++ + org/xbill/DNS/MGRecord.java | 2 ++ + org/xbill/DNS/MINFORecord.java | 2 ++ + org/xbill/DNS/MRRecord.java | 2 ++ + org/xbill/DNS/MXRecord.java | 4 ++++ + org/xbill/DNS/NAPTRRecord.java | 2 ++ + org/xbill/DNS/NSAPRecord.java | 2 ++ + org/xbill/DNS/NSAP_PTRRecord.java | 2 ++ + org/xbill/DNS/NSEC3PARAMRecord.java | 2 ++ + org/xbill/DNS/NSEC3Record.java | 2 ++ + org/xbill/DNS/NSECRecord.java | 2 ++ + org/xbill/DNS/NSIDOption.java | 2 ++ + org/xbill/DNS/NSRecord.java | 2 ++ + org/xbill/DNS/NULLRecord.java | 2 ++ + org/xbill/DNS/NXTRecord.java | 2 ++ + org/xbill/DNS/OPENPGPKEYRecord.java | 3 ++- + org/xbill/DNS/OPTRecord.java | 3 ++- + org/xbill/DNS/Opcode.java | 6 ++++++ + org/xbill/DNS/PTRRecord.java | 2 ++ + org/xbill/DNS/PXRecord.java | 2 ++ + org/xbill/DNS/RPRecord.java | 1 + + org/xbill/DNS/RRSIGRecord.java | 3 ++- + org/xbill/DNS/RTRecord.java | 2 ++ + org/xbill/DNS/SIGRecord.java | 2 ++ + org/xbill/DNS/SMIMEARecord.java | 2 ++ + org/xbill/DNS/SOARecord.java | 2 ++ + org/xbill/DNS/SPFRecord.java | 2 ++ + org/xbill/DNS/SRVRecord.java | 2 ++ + org/xbill/DNS/SSHFPRecord.java | 2 ++ + org/xbill/DNS/TKEYRecord.java | 2 ++ + org/xbill/DNS/TLSARecord.java | 25 +++++++++++++++++++------ + org/xbill/DNS/TSIGRecord.java | 2 ++ + org/xbill/DNS/TXTRecord.java | 2 ++ + org/xbill/DNS/URIRecord.java | 2 +- + org/xbill/DNS/WKSRecord.java | 4 ++++ + org/xbill/DNS/X25Record.java | 1 + + pom.xml | 2 +- + 63 files changed, 164 insertions(+), 15 deletions(-) + +diff --git a/org/xbill/DNS/A6Record.java b/org/xbill/DNS/A6Record.java +index a1c613a..9dd6c42 100644 +--- a/org/xbill/DNS/A6Record.java ++++ b/org/xbill/DNS/A6Record.java +@@ -9,6 +9,8 @@ import java.net.*; + * A6 Record - maps a domain name to an IPv6 address (experimental) + * + * @author Brian Wellington ++ * @see RFC 6563: Moving A6 to Historic ++ * Status + */ + + public class A6Record extends Record { +diff --git a/org/xbill/DNS/AAAARecord.java b/org/xbill/DNS/AAAARecord.java +index 20ed912..6cff364 100644 +--- a/org/xbill/DNS/AAAARecord.java ++++ b/org/xbill/DNS/AAAARecord.java +@@ -9,6 +9,8 @@ import java.net.*; + * IPv6 Address Record - maps a domain name to an IPv6 address + * + * @author Brian Wellington ++ * @see RFC 3596: DNS Extensions to Support ++ * IP Version 6 + */ + + public class AAAARecord extends Record { +diff --git a/org/xbill/DNS/AFSDBRecord.java b/org/xbill/DNS/AFSDBRecord.java +index 4814faa..3858dba 100644 +--- a/org/xbill/DNS/AFSDBRecord.java ++++ b/org/xbill/DNS/AFSDBRecord.java +@@ -8,6 +8,7 @@ package org.xbill.DNS; + * + * + * @author Brian Wellington ++ * @see RFC 1183: New DNS RR Definitions + */ + + public class AFSDBRecord extends U16NameBase { +diff --git a/org/xbill/DNS/APLRecord.java b/org/xbill/DNS/APLRecord.java +index 5940da2..a47eaa4 100644 +--- a/org/xbill/DNS/APLRecord.java ++++ b/org/xbill/DNS/APLRecord.java +@@ -11,6 +11,8 @@ import org.xbill.DNS.utils.*; + * APL - Address Prefix List. See RFC 3123. + * + * @author Brian Wellington ++ * @see RFC 3123: A DNS RR Type for Lists of ++ * Address Prefixes (APL RR) + */ + + /* +diff --git a/org/xbill/DNS/ARecord.java b/org/xbill/DNS/ARecord.java +index 63d1730..534ad6b 100644 +--- a/org/xbill/DNS/ARecord.java ++++ b/org/xbill/DNS/ARecord.java +@@ -9,6 +9,8 @@ import java.io.*; + * Address Record - maps a domain name to an Internet address + * + * @author Brian Wellington ++ * @see RFC 1035: Domain Names - ++ * Implementation and Specification + */ + + public class ARecord extends Record { +diff --git a/org/xbill/DNS/CAARecord.java b/org/xbill/DNS/CAARecord.java +index d5553ec..b24858d 100644 +--- a/org/xbill/DNS/CAARecord.java ++++ b/org/xbill/DNS/CAARecord.java +@@ -9,6 +9,8 @@ import org.xbill.DNS.utils.*; + * Certification Authority Authorization + * + * @author Brian Wellington ++ * @see RFC 6844: DNS Certification ++ * Authority Authorization (CAA) Resource Record + */ + + public class CAARecord extends Record { +diff --git a/org/xbill/DNS/CDNSKEYRecord.java b/org/xbill/DNS/CDNSKEYRecord.java +index b0464c9..ed5a559 100644 +--- a/org/xbill/DNS/CDNSKEYRecord.java ++++ b/org/xbill/DNS/CDNSKEYRecord.java +@@ -7,6 +7,8 @@ import java.security.PublicKey; + * Child DNSKEY record as specified in RFC 8078. + * + * @see DNSSEC ++ * @see RFC 8078: Managing DS Records from ++ * the Parent via CDS/CDNSKEY + */ + public class CDNSKEYRecord extends DNSKEYRecord { + +diff --git a/org/xbill/DNS/CDSRecord.java b/org/xbill/DNS/CDSRecord.java +index 1a14566..1d3b728 100644 +--- a/org/xbill/DNS/CDSRecord.java ++++ b/org/xbill/DNS/CDSRecord.java +@@ -5,6 +5,8 @@ package org.xbill.DNS; + * Child Delegation Signer record as specified in RFC 8078. + * + * @see DNSSEC ++ * @see RFC 8078: Managing DS Records from ++ * the Parent via CDS/CDNSKEY + */ + public class CDSRecord extends DSRecord { + +diff --git a/org/xbill/DNS/CERTRecord.java b/org/xbill/DNS/CERTRecord.java +index 39bcef3..883128d 100644 +--- a/org/xbill/DNS/CERTRecord.java ++++ b/org/xbill/DNS/CERTRecord.java +@@ -11,6 +11,8 @@ import org.xbill.DNS.utils.*; + * @see KEYRecord + * + * @author Brian Wellington ++ * @see RFC 4398: Storing Certificates in ++ * the Domain Name System (DNS) + */ + + public class CERTRecord extends Record { +diff --git a/org/xbill/DNS/CNAMERecord.java b/org/xbill/DNS/CNAMERecord.java +index 8db9453..42dae6e 100644 +--- a/org/xbill/DNS/CNAMERecord.java ++++ b/org/xbill/DNS/CNAMERecord.java +@@ -6,6 +6,8 @@ package org.xbill.DNS; + * CNAME Record - maps an alias to its real name + * + * @author Brian Wellington ++ * @see RFC 1035: Domain Names - ++ * Implementation and Specification + */ + + public class CNAMERecord extends SingleCompressedNameBase { +diff --git a/org/xbill/DNS/ClientSubnetOption.java b/org/xbill/DNS/ClientSubnetOption.java +index 9a9252a..ddf5f01 100644 +--- a/org/xbill/DNS/ClientSubnetOption.java ++++ b/org/xbill/DNS/ClientSubnetOption.java +@@ -6,9 +6,7 @@ import java.net.*; + import java.util.regex.*; + + /** +- * The Client Subnet EDNS Option, defined in +- * http://tools.ietf.org/html/draft-vandergaast-edns-client-subnet-00 +- * ("Client subnet in DNS requests"). ++ * The Client Subnet EDNS Option. + * + * The option is used to convey information about the IP address of the + * originating client, so that an authoritative server can make decisions +@@ -25,7 +23,7 @@ import java.util.regex.*; + * + * + * @see OPTRecord +- * ++ * @see RFC 7871 + * @author Brian Wellington + * @author Ming Zhou <mizhou@bnivideo.com>, Beaumaris Networks + */ +diff --git a/org/xbill/DNS/DHCIDRecord.java b/org/xbill/DNS/DHCIDRecord.java +index e160a8c..8cbde25 100644 +--- a/org/xbill/DNS/DHCIDRecord.java ++++ b/org/xbill/DNS/DHCIDRecord.java +@@ -9,6 +9,8 @@ import org.xbill.DNS.utils.base64; + * DHCID - Dynamic Host Configuration Protocol (DHCP) ID (RFC 4701) + * + * @author Brian Wellington ++ * @see RFC 4701: A DNS Resource Record (RR) ++ * for Encoding Dynamic Host Configuration Protocol (DHCP) Information (DHCID RR) + */ + + public class DHCIDRecord extends Record { +diff --git a/org/xbill/DNS/DLVRecord.java b/org/xbill/DNS/DLVRecord.java +index 8acc90f..c30d7f0 100644 +--- a/org/xbill/DNS/DLVRecord.java ++++ b/org/xbill/DNS/DLVRecord.java +@@ -13,6 +13,8 @@ import org.xbill.DNS.utils.*; + * + * @author David Blacka + * @author Brian Wellington ++ * @see RFC 4431: The DNSSEC Lookaside ++ * Validation (DLV) DNS Resource Record + */ + + public class DLVRecord extends Record { +diff --git a/org/xbill/DNS/DNAMERecord.java b/org/xbill/DNS/DNAMERecord.java +index cbb322f..bb72224 100644 +--- a/org/xbill/DNS/DNAMERecord.java ++++ b/org/xbill/DNS/DNAMERecord.java +@@ -6,6 +6,8 @@ package org.xbill.DNS; + * DNAME Record - maps a nonterminal alias (subtree) to a different domain + * + * @author Brian Wellington ++ * @see RFC 6672: DNAME Redirection in the ++ * DNS + */ + + public class DNAMERecord extends SingleNameBase { +diff --git a/org/xbill/DNS/DNSKEYRecord.java b/org/xbill/DNS/DNSKEYRecord.java +index e485438..93f659c 100644 +--- a/org/xbill/DNS/DNSKEYRecord.java ++++ b/org/xbill/DNS/DNSKEYRecord.java +@@ -12,6 +12,8 @@ import java.security.PublicKey; + * @see DNSSEC + * + * @author Brian Wellington ++ * @see RFC 4034: Resource Records for the ++ * DNS Security Extensions + */ + + public class DNSKEYRecord extends KEYBase { +diff --git a/org/xbill/DNS/DSRecord.java b/org/xbill/DNS/DSRecord.java +index 444683a..2df9cca 100644 +--- a/org/xbill/DNS/DSRecord.java ++++ b/org/xbill/DNS/DSRecord.java +@@ -12,6 +12,8 @@ import org.xbill.DNS.utils.*; + * + * @author David Blacka + * @author Brian Wellington ++ * @see RFC 4034: Resource Records for the ++ * DNS Security Extensions + */ + + public class DSRecord extends Record { +diff --git a/org/xbill/DNS/EDNSOption.java b/org/xbill/DNS/EDNSOption.java +index 66891cd..b4569f8 100644 +--- a/org/xbill/DNS/EDNSOption.java ++++ b/org/xbill/DNS/EDNSOption.java +@@ -22,6 +22,13 @@ public static class Code { + /** Client Subnet, defined in draft-vandergaast-edns-client-subnet-02 */ + public final static int CLIENT_SUBNET = 8; + ++ /** ++ * Report Channel. ++ * ++ * @see RFC 9567 ++ */ ++ public static final int REPORT_CHANNEL = 18; ++ + private static Mnemonic codes = new Mnemonic("EDNS Option Codes", + Mnemonic.CASE_UPPER); + +@@ -32,6 +39,7 @@ public static class Code { + + codes.add(NSID, "NSID"); + codes.add(CLIENT_SUBNET, "CLIENT_SUBNET"); ++ codes.add(REPORT_CHANNEL, "Report-Channel"); + } + + /** +diff --git a/org/xbill/DNS/GPOSRecord.java b/org/xbill/DNS/GPOSRecord.java +index 688d567..0d3bf0f 100644 +--- a/org/xbill/DNS/GPOSRecord.java ++++ b/org/xbill/DNS/GPOSRecord.java +@@ -8,6 +8,8 @@ import java.io.*; + * Geographical Location - describes the physical location of a host. + * + * @author Brian Wellington ++ * @see RFC 1712: DNS Encoding of ++ * Geographical Location + */ + + public class GPOSRecord extends Record { +diff --git a/org/xbill/DNS/HINFORecord.java b/org/xbill/DNS/HINFORecord.java +index 18fed32..4571600 100644 +--- a/org/xbill/DNS/HINFORecord.java ++++ b/org/xbill/DNS/HINFORecord.java +@@ -8,6 +8,8 @@ import java.io.*; + * Host Information - describes the CPU and OS of a host + * + * @author Brian Wellington ++ * @see RFC 1035: Domain Names - ++ * Implementation and Specification + */ + + public class HINFORecord extends Record { +diff --git a/org/xbill/DNS/IPSECKEYRecord.java b/org/xbill/DNS/IPSECKEYRecord.java +index 7eb2956..90c9acd 100644 +--- a/org/xbill/DNS/IPSECKEYRecord.java ++++ b/org/xbill/DNS/IPSECKEYRecord.java +@@ -10,6 +10,8 @@ import org.xbill.DNS.utils.*; + * IPsec Keying Material (RFC 4025) + * + * @author Brian Wellington ++ * @see RFC 4025: A Method for Storing IPsec ++ * Keying Material in DNS + */ + + public class IPSECKEYRecord extends Record { +@@ -19,7 +21,18 @@ private static final long serialVersionUID = 3050449702765909687L; + public static class Algorithm { + private Algorithm() {} + ++ /** ++ * A DSA key is present. ++ * ++ * @see RFC 2536 ++ */ + public static final int DSA = 1; ++ ++ /** ++ * A RSA key is present. ++ * ++ * @see RFC 3110 ++ */ + public static final int RSA = 2; + } + +diff --git a/org/xbill/DNS/ISDNRecord.java b/org/xbill/DNS/ISDNRecord.java +index 8f9b629..2757693 100644 +--- a/org/xbill/DNS/ISDNRecord.java ++++ b/org/xbill/DNS/ISDNRecord.java +@@ -8,6 +8,7 @@ import java.io.*; + * ISDN - identifies the ISDN number and subaddress associated with a name. + * + * @author Brian Wellington ++ * @see RFC 1183: New DNS RR Definitions + */ + + public class ISDNRecord extends Record { +diff --git a/org/xbill/DNS/KEYRecord.java b/org/xbill/DNS/KEYRecord.java +index 3d2e01c..cc29a40 100644 +--- a/org/xbill/DNS/KEYRecord.java ++++ b/org/xbill/DNS/KEYRecord.java +@@ -12,6 +12,10 @@ import java.util.*; + * @see DNSSEC + * + * @author Brian Wellington ++ * @see RFC 2535: Domain Name System ++ * Security Extensions ++ * @see RFC 3755: Legacy Resolver ++ * Compatibility for Delegation Signer (DS) + */ + + public class KEYRecord extends KEYBase { +diff --git a/org/xbill/DNS/KXRecord.java b/org/xbill/DNS/KXRecord.java +index 481d21b..57e23e0 100644 +--- a/org/xbill/DNS/KXRecord.java ++++ b/org/xbill/DNS/KXRecord.java +@@ -6,6 +6,8 @@ package org.xbill.DNS; + * Key Exchange - delegation of authority + * + * @author Brian Wellington ++ * @see RFC 2230: Key Exchange Delegation ++ * Record for the DNS + */ + + public class KXRecord extends U16NameBase { +diff --git a/org/xbill/DNS/LOCRecord.java b/org/xbill/DNS/LOCRecord.java +index 4eddc15..361c8d8 100644 +--- a/org/xbill/DNS/LOCRecord.java ++++ b/org/xbill/DNS/LOCRecord.java +@@ -9,6 +9,8 @@ import java.text.*; + * Location - describes the physical location of hosts, networks, subnets. + * + * @author Brian Wellington ++ * @see RFC 1876: A Means for Expressing ++ * Location Information in the Domain Name System + */ + + public class LOCRecord extends Record { +diff --git a/org/xbill/DNS/MBRecord.java b/org/xbill/DNS/MBRecord.java +index 6b65edf..986ae6e 100644 +--- a/org/xbill/DNS/MBRecord.java ++++ b/org/xbill/DNS/MBRecord.java +@@ -6,6 +6,8 @@ package org.xbill.DNS; + * Mailbox Record - specifies a host containing a mailbox. + * + * @author Brian Wellington ++ * @see RFC 883: Domain Names - ++ * Implementation and Specification + */ + + public class MBRecord extends SingleNameBase { +diff --git a/org/xbill/DNS/MDRecord.java b/org/xbill/DNS/MDRecord.java +index dbf51af..8a9de6b 100644 +--- a/org/xbill/DNS/MDRecord.java ++++ b/org/xbill/DNS/MDRecord.java +@@ -7,6 +7,8 @@ package org.xbill.DNS; + * for a domain (obsolete) + * + * @author Brian Wellington ++ * @see RFC 973: Domain System Changes and ++ * Observations + */ + + public class MDRecord extends SingleNameBase { +diff --git a/org/xbill/DNS/MFRecord.java b/org/xbill/DNS/MFRecord.java +index ff293d7..beafe87 100644 +--- a/org/xbill/DNS/MFRecord.java ++++ b/org/xbill/DNS/MFRecord.java +@@ -7,6 +7,8 @@ package org.xbill.DNS; + * for a domain (obsolete) + * + * @author Brian Wellington ++ * @see RFC 973: Domain System Changes and ++ * Observations + */ + + public class MFRecord extends SingleNameBase { +diff --git a/org/xbill/DNS/MGRecord.java b/org/xbill/DNS/MGRecord.java +index 5752f49..90ebb5a 100644 +--- a/org/xbill/DNS/MGRecord.java ++++ b/org/xbill/DNS/MGRecord.java +@@ -6,6 +6,8 @@ package org.xbill.DNS; + * Mail Group Record - specifies a mailbox which is a member of a mail group. + * + * @author Brian Wellington ++ * @see RFC 883: Domain Names - ++ * Implementation and Specification + */ + + public class MGRecord extends SingleNameBase { +diff --git a/org/xbill/DNS/MINFORecord.java b/org/xbill/DNS/MINFORecord.java +index 4324cda..07392b0 100644 +--- a/org/xbill/DNS/MINFORecord.java ++++ b/org/xbill/DNS/MINFORecord.java +@@ -10,6 +10,8 @@ import java.io.*; + * mailing list/mailbox. + * + * @author Brian Wellington ++ * @see RFC 883: Domain Names - ++ * Implementation and Specification + */ + + public class MINFORecord extends Record { +diff --git a/org/xbill/DNS/MRRecord.java b/org/xbill/DNS/MRRecord.java +index a7ff4fc..1e70425 100644 +--- a/org/xbill/DNS/MRRecord.java ++++ b/org/xbill/DNS/MRRecord.java +@@ -6,6 +6,8 @@ package org.xbill.DNS; + * Mailbox Rename Record - specifies a rename of a mailbox. + * + * @author Brian Wellington ++ * @see RFC 883: Domain Names - ++ * Implementation and Specification + */ + + public class MRRecord extends SingleNameBase { +diff --git a/org/xbill/DNS/MXRecord.java b/org/xbill/DNS/MXRecord.java +index 111977d..f1a6fc4 100644 +--- a/org/xbill/DNS/MXRecord.java ++++ b/org/xbill/DNS/MXRecord.java +@@ -6,6 +6,10 @@ package org.xbill.DNS; + * Mail Exchange - specifies where mail to a domain is sent + * + * @author Brian Wellington ++ * @see RFC 1035: Domain Names - ++ * Implementation and Specification ++ * @see RFC 7505: A "Null MX" No Service ++ * Resource Record for Domains That Accept No Mail + */ + + public class MXRecord extends U16NameBase { +diff --git a/org/xbill/DNS/NAPTRRecord.java b/org/xbill/DNS/NAPTRRecord.java +index da2ec6d..a58940a 100644 +--- a/org/xbill/DNS/NAPTRRecord.java ++++ b/org/xbill/DNS/NAPTRRecord.java +@@ -9,6 +9,8 @@ import java.io.*; + * to an existing string will produce a new domain. + * + * @author Chuck Santos ++ * @see RFC 3403: Dynamic Delegation ++ * Discovery System (DDDS) Part Three: The Domain Name System (DNS) Database + */ + + public class NAPTRRecord extends Record { +diff --git a/org/xbill/DNS/NSAPRecord.java b/org/xbill/DNS/NSAPRecord.java +index a6b2031..3b04e3f 100644 +--- a/org/xbill/DNS/NSAPRecord.java ++++ b/org/xbill/DNS/NSAPRecord.java +@@ -9,6 +9,8 @@ import org.xbill.DNS.utils.*; + * NSAP Address Record. + * + * @author Brian Wellington ++ * @see RFC 1706: DNS NSAP Resource ++ * Records + */ + + public class NSAPRecord extends Record { +diff --git a/org/xbill/DNS/NSAP_PTRRecord.java b/org/xbill/DNS/NSAP_PTRRecord.java +index ecc609f..cfbe471 100644 +--- a/org/xbill/DNS/NSAP_PTRRecord.java ++++ b/org/xbill/DNS/NSAP_PTRRecord.java +@@ -7,6 +7,8 @@ package org.xbill.DNS; + * a hostname. + * + * @author Brian Wellington ++ * @see RFC 1706: DNS NSAP Resource ++ * Records + */ + + public class NSAP_PTRRecord extends SingleNameBase { +diff --git a/org/xbill/DNS/NSEC3PARAMRecord.java b/org/xbill/DNS/NSEC3PARAMRecord.java +index d663a62..81e2ab1 100644 +--- a/org/xbill/DNS/NSEC3PARAMRecord.java ++++ b/org/xbill/DNS/NSEC3PARAMRecord.java +@@ -16,6 +16,8 @@ import org.xbill.DNS.utils.base16; + * + * @author Brian Wellington + * @author David Blacka ++ * @see RFC 5155: DNS Security (DNSSEC) ++ * Hashed Authenticated Denial of Existence + */ + + public class NSEC3PARAMRecord extends Record { +diff --git a/org/xbill/DNS/NSEC3Record.java b/org/xbill/DNS/NSEC3Record.java +index aa086b8..f971611 100644 +--- a/org/xbill/DNS/NSEC3Record.java ++++ b/org/xbill/DNS/NSEC3Record.java +@@ -17,6 +17,8 @@ import org.xbill.DNS.utils.*; + * + * @author Brian Wellington + * @author David Blacka ++ * @see RFC 5155: DNS Security (DNSSEC) ++ * Hashed Authenticated Denial of Existence + */ + + public class NSEC3Record extends Record { +diff --git a/org/xbill/DNS/NSECRecord.java b/org/xbill/DNS/NSECRecord.java +index e523e37..3b5567a 100644 +--- a/org/xbill/DNS/NSECRecord.java ++++ b/org/xbill/DNS/NSECRecord.java +@@ -14,6 +14,8 @@ import java.io.*; + * + * @author Brian Wellington + * @author David Blacka ++ * @see RFC 4034: Resource Records for the ++ * DNS Security Extensions + */ + + public class NSECRecord extends Record { +diff --git a/org/xbill/DNS/NSIDOption.java b/org/xbill/DNS/NSIDOption.java +index 7bcbcd5..e9203b7 100644 +--- a/org/xbill/DNS/NSIDOption.java ++++ b/org/xbill/DNS/NSIDOption.java +@@ -8,6 +8,8 @@ package org.xbill.DNS; + * @see OPTRecord + * + * @author Brian Wellington ++ * @see RFC 5001: DNS Name Server Identifier ++ * (NSID) Option + */ + public class NSIDOption extends GenericEDNSOption { + +diff --git a/org/xbill/DNS/NSRecord.java b/org/xbill/DNS/NSRecord.java +index 2908da4..83b37e0 100644 +--- a/org/xbill/DNS/NSRecord.java ++++ b/org/xbill/DNS/NSRecord.java +@@ -6,6 +6,8 @@ package org.xbill.DNS; + * Name Server Record - contains the name server serving the named zone + * + * @author Brian Wellington ++ * @see RFC 1035: Domain Names - ++ * Implementation and Specification + */ + + public class NSRecord extends SingleCompressedNameBase { +diff --git a/org/xbill/DNS/NULLRecord.java b/org/xbill/DNS/NULLRecord.java +index fa46d61..f82a300 100644 +--- a/org/xbill/DNS/NULLRecord.java ++++ b/org/xbill/DNS/NULLRecord.java +@@ -9,6 +9,8 @@ import java.io.*; + * hold arbitrary data. + * + * @author Brian Wellington ++ * @see RFC 1035: Domain Names - ++ * Implementation and Specification + */ + + public class NULLRecord extends Record { +diff --git a/org/xbill/DNS/NXTRecord.java b/org/xbill/DNS/NXTRecord.java +index ad04e01..bf0ff0b 100644 +--- a/org/xbill/DNS/NXTRecord.java ++++ b/org/xbill/DNS/NXTRecord.java +@@ -12,6 +12,8 @@ import java.util.*; + * failed query for data in a DNSSEC-signed zone. + * + * @author Brian Wellington ++ * @see RFC 2065: Domain Name System ++ * Security Extensions + */ + + public class NXTRecord extends Record { +diff --git a/org/xbill/DNS/OPENPGPKEYRecord.java b/org/xbill/DNS/OPENPGPKEYRecord.java +index 359fb67..7af5ca1 100644 +--- a/org/xbill/DNS/OPENPGPKEYRecord.java ++++ b/org/xbill/DNS/OPENPGPKEYRecord.java +@@ -10,7 +10,8 @@ import org.xbill.DNS.utils.base64; + * + * @author Brian Wellington + * @author Valentin Hauner +- * ++ * @see RFC 7929: DNS-Based Authentication ++ * of Named Entities (DANE) Bindings for OpenPGP + */ + public class OPENPGPKEYRecord extends Record { + +diff --git a/org/xbill/DNS/OPTRecord.java b/org/xbill/DNS/OPTRecord.java +index cedbb39..fe1b325 100644 +--- a/org/xbill/DNS/OPTRecord.java ++++ b/org/xbill/DNS/OPTRecord.java +@@ -16,7 +16,8 @@ import java.util.*; + * + * @see Message + * @see Resolver +- * ++ * @see RFC 6891: Extension Mechanisms for ++ * DNS + * @author Brian Wellington + */ + +diff --git a/org/xbill/DNS/Opcode.java b/org/xbill/DNS/Opcode.java +index dadbca1..059c43c 100644 +--- a/org/xbill/DNS/Opcode.java ++++ b/org/xbill/DNS/Opcode.java +@@ -27,6 +27,12 @@ public static final int NOTIFY = 4; + /** A dynamic update message */ + public static final int UPDATE = 5; + ++/** ++ * DNS Stateful Operations (DSO). ++ * ++ * @see RFC 8490 ++ */ ++ + private static Mnemonic opcodes = new Mnemonic("DNS Opcode", + Mnemonic.CASE_UPPER); + +diff --git a/org/xbill/DNS/PTRRecord.java b/org/xbill/DNS/PTRRecord.java +index 89be578..d473d8e 100644 +--- a/org/xbill/DNS/PTRRecord.java ++++ b/org/xbill/DNS/PTRRecord.java +@@ -7,6 +7,8 @@ package org.xbill.DNS; + * a hostname. + * + * @author Brian Wellington ++ * @see RFC 1035: Domain Names - ++ * Implementation and Specification + */ + + public class PTRRecord extends SingleCompressedNameBase { +diff --git a/org/xbill/DNS/PXRecord.java b/org/xbill/DNS/PXRecord.java +index a407241..58fe86e 100644 +--- a/org/xbill/DNS/PXRecord.java ++++ b/org/xbill/DNS/PXRecord.java +@@ -8,6 +8,8 @@ import java.io.*; + * X.400 mail mapping record. + * + * @author Brian Wellington ++ * @see RFC 2163: Using the Internet DNS to ++ * Distribute MIXER Conformant Global Address Mapping (MCGAM) + */ + + public class PXRecord extends Record { +diff --git a/org/xbill/DNS/RPRecord.java b/org/xbill/DNS/RPRecord.java +index 4c9017f..f25b807 100644 +--- a/org/xbill/DNS/RPRecord.java ++++ b/org/xbill/DNS/RPRecord.java +@@ -10,6 +10,7 @@ import java.io.*; + * + * @author Tom Scola (tscola@research.att.com) + * @author Brian Wellington ++ * @see RFC 1183: New DNS RR Definitions + */ + + public class RPRecord extends Record { +diff --git a/org/xbill/DNS/RRSIGRecord.java b/org/xbill/DNS/RRSIGRecord.java +index c092839..afc12ec 100644 +--- a/org/xbill/DNS/RRSIGRecord.java ++++ b/org/xbill/DNS/RRSIGRecord.java +@@ -11,7 +11,8 @@ import java.util.*; + * @see RRset + * @see DNSSEC + * @see KEYRecord +- * ++ * @see RFC 4034: Resource Records for the ++ * DNS Security Extensions + * @author Brian Wellington + */ + +diff --git a/org/xbill/DNS/RTRecord.java b/org/xbill/DNS/RTRecord.java +index 549731e..0cc28ce 100644 +--- a/org/xbill/DNS/RTRecord.java ++++ b/org/xbill/DNS/RTRecord.java +@@ -6,6 +6,8 @@ package org.xbill.DNS; + * Route Through Record - lists a route preference and intermediate host. + * + * @author Brian Wellington ++ * @see RFC 1035: Domain Names - ++ * Implementation and Specification + */ + + public class RTRecord extends U16NameBase { +diff --git a/org/xbill/DNS/SIGRecord.java b/org/xbill/DNS/SIGRecord.java +index 8b6f58d..e1765c1 100644 +--- a/org/xbill/DNS/SIGRecord.java ++++ b/org/xbill/DNS/SIGRecord.java +@@ -13,6 +13,8 @@ import java.util.*; + * @see KEYRecord + * + * @author Brian Wellington ++ * @see KEYRecord RFC 2535: Domain Name ++ * System Security Extensions + */ + + public class SIGRecord extends SIGBase { +diff --git a/org/xbill/DNS/SMIMEARecord.java b/org/xbill/DNS/SMIMEARecord.java +index 09132c2..af80e89 100644 +--- a/org/xbill/DNS/SMIMEARecord.java ++++ b/org/xbill/DNS/SMIMEARecord.java +@@ -9,6 +9,8 @@ import org.xbill.DNS.utils.*; + * S/MIME cert association, draft-ietf-dane-smime. + * + * @author Brian Wellington ++ * @see RFC 8162: Using Secure DNS to ++ * Associate Certificates with Domain Names for S/MIME + */ + + public class SMIMEARecord extends Record { +diff --git a/org/xbill/DNS/SOARecord.java b/org/xbill/DNS/SOARecord.java +index 7f27077..c85ce91 100644 +--- a/org/xbill/DNS/SOARecord.java ++++ b/org/xbill/DNS/SOARecord.java +@@ -8,6 +8,8 @@ import java.io.*; + * Start of Authority - describes properties of a zone. + * + * @author Brian Wellington ++ * @see RFC 1035: Domain Names - ++ * Implementation and Specification + */ + + public class SOARecord extends Record { +diff --git a/org/xbill/DNS/SPFRecord.java b/org/xbill/DNS/SPFRecord.java +index a286220..700f021 100644 +--- a/org/xbill/DNS/SPFRecord.java ++++ b/org/xbill/DNS/SPFRecord.java +@@ -8,6 +8,8 @@ import java.util.*; + * Sender Policy Framework (RFC 4408, experimental) + * + * @author Brian Wellington ++ * @see RFC 7208: Sender Policy Framework ++ * (SPF) for Authorizing Use of Domains in Email, Version 1 + */ + + public class SPFRecord extends TXTBase { +diff --git a/org/xbill/DNS/SRVRecord.java b/org/xbill/DNS/SRVRecord.java +index c0635fb..4bc78b0 100644 +--- a/org/xbill/DNS/SRVRecord.java ++++ b/org/xbill/DNS/SRVRecord.java +@@ -11,6 +11,8 @@ import java.io.*; + * _http._tcp.example.com (if HTTP used SRV records) + * + * @author Brian Wellington ++ * @see RFC 2782: A DNS RR for specifying ++ * the location of services (DNS SRV) + */ + + public class SRVRecord extends Record { +diff --git a/org/xbill/DNS/SSHFPRecord.java b/org/xbill/DNS/SSHFPRecord.java +index 079741e..fc27306 100644 +--- a/org/xbill/DNS/SSHFPRecord.java ++++ b/org/xbill/DNS/SSHFPRecord.java +@@ -9,6 +9,8 @@ import org.xbill.DNS.utils.*; + * SSH Fingerprint - stores the fingerprint of an SSH host key. + * + * @author Brian Wellington ++ * @see RFC 4255: Using DNS to Securely ++ * Publish Secure Shell (SSH) Key Fingerprints + */ + + public class SSHFPRecord extends Record { +diff --git a/org/xbill/DNS/TKEYRecord.java b/org/xbill/DNS/TKEYRecord.java +index 4dcbb5c..3096f54 100644 +--- a/org/xbill/DNS/TKEYRecord.java ++++ b/org/xbill/DNS/TKEYRecord.java +@@ -12,6 +12,8 @@ import org.xbill.DNS.utils.*; + * @see TSIG + * + * @author Brian Wellington ++ * @see RFC 2930: Secret Key Establishment ++ * for DNS (TKEY RR) + */ + + public class TKEYRecord extends Record { +diff --git a/org/xbill/DNS/TLSARecord.java b/org/xbill/DNS/TLSARecord.java +index 48e2e80..8401bb8 100644 +--- a/org/xbill/DNS/TLSARecord.java ++++ b/org/xbill/DNS/TLSARecord.java +@@ -9,6 +9,8 @@ import org.xbill.DNS.utils.*; + * Transport Layer Security Authentication + * + * @author Brian Wellington ++ * @see RFC 6698: The DNS-Based ++ * Authentication of Named Entities (DANE) Transport Layer Security (TLS) Protocol: TLSA + */ + + public class TLSARecord extends Record { +@@ -28,15 +30,18 @@ public static class Selector { + private Selector() {} + + /** +- * Full certificate; the Certificate binary structure defined in +- * [RFC5280] ++ * Full certificate; the Certificate binary structure. ++ * ++ * @see RFC 5280 + */ + public static final int FULL_CERTIFICATE = 0; + + /** +- * SubjectPublicKeyInfo; DER-encoded binary structure defined in +- * [RFC5280] ++ * SubjectPublicKeyInfo; DER-encoded binary structure. ++ * ++ * @see RFC 5280 + */ ++ + public static final int SUBJECT_PUBLIC_KEY_INFO = 1; + } + +@@ -46,10 +51,18 @@ public static class MatchingType { + /** Exact match on selected content */ + public static final int EXACT = 0; + +- /** SHA-256 hash of selected content [RFC6234] */ ++ /** ++ * SHA-256 hash of selected content. ++ * ++ * @see RFC 6234 ++ */ + public static final int SHA256 = 1; + +- /** SHA-512 hash of selected content [RFC6234] */ ++ /** ++ * SHA-512 hash of selected content. ++ * ++ * @see RFC 6234 ++ */ + public static final int SHA512 = 2; + } + +diff --git a/org/xbill/DNS/TSIGRecord.java b/org/xbill/DNS/TSIGRecord.java +index c7ce9ed..ffeafc7 100644 +--- a/org/xbill/DNS/TSIGRecord.java ++++ b/org/xbill/DNS/TSIGRecord.java +@@ -12,6 +12,8 @@ import org.xbill.DNS.utils.*; + * sender and receiver of a message, using a shared key. + * @see Resolver + * @see TSIG ++ * @see RFC 2845: Secret Key Transaction ++ * Authentication for DNS (TSIG) + * + * @author Brian Wellington + */ +diff --git a/org/xbill/DNS/TXTRecord.java b/org/xbill/DNS/TXTRecord.java +index ea5de04..e0e2de5 100644 +--- a/org/xbill/DNS/TXTRecord.java ++++ b/org/xbill/DNS/TXTRecord.java +@@ -8,6 +8,8 @@ import java.util.*; + * Text - stores text strings + * + * @author Brian Wellington ++ * @see RFC 1035: Domain Names - ++ * Implementation and Specification + */ + + public class TXTRecord extends TXTBase { +diff --git a/org/xbill/DNS/URIRecord.java b/org/xbill/DNS/URIRecord.java +index 4859150..282b12a 100644 +--- a/org/xbill/DNS/URIRecord.java ++++ b/org/xbill/DNS/URIRecord.java +@@ -9,7 +9,7 @@ import java.io.*; + * Uniform Resource Identifier (URI) DNS Resource Record + * + * @author Anthony Kirby +- * @see http://tools.ietf.org/html/draft-faltstrom-uri ++ * @see http://tools.ietf.org/html/draft-faltstrom-uri + */ + + public class URIRecord extends Record { +diff --git a/org/xbill/DNS/WKSRecord.java b/org/xbill/DNS/WKSRecord.java +index 10b61be..f87e9f9 100644 +--- a/org/xbill/DNS/WKSRecord.java ++++ b/org/xbill/DNS/WKSRecord.java +@@ -10,6 +10,8 @@ import java.util.*; + * Well Known Services - Lists services offered by this host. + * + * @author Brian Wellington ++ * @see RFC 1035: Domain Names - ++ * Implementation and Specification + */ + + public class WKSRecord extends Record { +@@ -19,6 +21,8 @@ private static final long serialVersionUID = -9104259763909119805L; + public static class Protocol { + /** + * IP protocol identifiers. This is basically copied out of RFC 1010. ++ * ++ * @see RFC 1010: Assigned Numbers + */ + + private Protocol() {} +diff --git a/org/xbill/DNS/X25Record.java b/org/xbill/DNS/X25Record.java +index 1349a1e..c940853 100644 +--- a/org/xbill/DNS/X25Record.java ++++ b/org/xbill/DNS/X25Record.java +@@ -9,6 +9,7 @@ import java.io.*; + * X.121 numbering plan associated with a name. + * + * @author Brian Wellington ++ * @see RFC 1183: New DNS RR Definitions + */ + + public class X25Record extends Record { +diff --git a/pom.xml b/pom.xml +index f428e2b..017eec6 100644 +--- a/pom.xml ++++ b/pom.xml +@@ -1,6 +1,6 @@ + + + + 4.0.0 +-- +2.33.0 + diff --git a/dnsjava.spec b/dnsjava.spec index 850fbf4..78506d3 100644 --- a/dnsjava.spec +++ b/dnsjava.spec @@ -1,12 +1,13 @@ %global do_not_test 1 Name: dnsjava Version: 2.1.9 -Release: 1 +Release: 2 Summary: Java DNS implementation License: BSD and MIT URL: http://www.dnsjava.org/ Source0: https://github.com/dnsjava/dnsjava/archive/refs/tags/v%{version}.tar.gz Patch0: dnsjava-2.0.6-java1.5.target.patch +Patch1: backport-CVE-2024-25638.patch BuildRequires: ant aqute-bnd javapackages-local ant-junit BuildRequires: maven-local BuildRequires: mvn(org.apache.felix:maven-bundle-plugin) @@ -41,6 +42,7 @@ rm -rf doc/ find -name "*.class" -print -delete find -name "*.jar" -print -delete %patch0 -p1 -b .java1.5 +%patch1 -p1 -b .CVE-2024-25638 iconv -f iso8859-1 -t utf8 Changelog > Changelog.tmp touch -r Changelog Changelog.tmp mv -f Changelog.tmp Changelog @@ -72,6 +74,9 @@ ant -Dj2se.javadoc=%{_javadocdir}/java run_tests %license LICENSE %changelog +* Tue Jul 23 2024 zhangxianting - 2.1.9-2 +- Fix CVE-2024-25638 + * Wed Jun 01 2022 yaoxin - 2.1.9-1 - Update to 2.1.9 -- Gitee