From 0bee44fde425dc2d4aae357e4f77d03b0a4d8b08 Mon Sep 17 00:00:00 2001 From: zhangxianting Date: Tue, 23 Jul 2024 10:21:31 +0800 Subject: [PATCH] Fix CVE-2024-25638 (cherry picked from commit 8521d6ab31f25853241c3cf5aee7f0552fe1ed40) --- backport-CVE-2024-25638.patch | 1604 +++++++++++++++++++++++++++++++++ dnsjava.spec | 7 +- 2 files changed, 1610 insertions(+), 1 deletion(-) create mode 100644 backport-CVE-2024-25638.patch diff --git a/backport-CVE-2024-25638.patch b/backport-CVE-2024-25638.patch new file mode 100644 index 0000000..7b2f3a7 --- /dev/null +++ b/backport-CVE-2024-25638.patch @@ -0,0 +1,1604 @@ +From bc51df1c455e6c9fb7cbd42fcb6d62d16047818d Mon Sep 17 00:00:00 2001 +From: Ingo Bauersachs +Date: Sun, 21 Jul 2024 13:34:12 +0200 +Subject: [PATCH] Fix links to RFCs and IANA registries + +--- + EXAMPLES.md | 2 +- + README.adoc | 8 +- + pom.xml | 2 +- + src/main/java/org/xbill/DNS/A6Record.java | 3 +- + src/main/java/org/xbill/DNS/AAAARecord.java | 4 +- + src/main/java/org/xbill/DNS/AFSDBRecord.java | 2 +- + src/main/java/org/xbill/DNS/APLRecord.java | 4 +- + src/main/java/org/xbill/DNS/ARecord.java | 4 +- + src/main/java/org/xbill/DNS/CAARecord.java | 4 +- + .../java/org/xbill/DNS/CDNSKEYRecord.java | 4 +- + src/main/java/org/xbill/DNS/CDSRecord.java | 4 +- + src/main/java/org/xbill/DNS/CERTRecord.java | 4 +- + src/main/java/org/xbill/DNS/CNAMERecord.java | 4 +- + .../org/xbill/DNS/ClientSubnetOption.java | 4 +- + src/main/java/org/xbill/DNS/CookieOption.java | 3 +- + src/main/java/org/xbill/DNS/DHCIDRecord.java | 4 +- + src/main/java/org/xbill/DNS/DLVRecord.java | 4 +- + src/main/java/org/xbill/DNS/DNAMERecord.java | 3 +- + src/main/java/org/xbill/DNS/DNSKEYRecord.java | 4 +- + src/main/java/org/xbill/DNS/DNSSEC.java | 3 +- + src/main/java/org/xbill/DNS/DSRecord.java | 4 +- + src/main/java/org/xbill/DNS/DohResolver.java | 6 +- + src/main/java/org/xbill/DNS/EDNSOption.java | 108 +++++++++++++++--- + .../xbill/DNS/ExtendedErrorCodeOption.java | 4 +- + src/main/java/org/xbill/DNS/GPOSRecord.java | 4 +- + src/main/java/org/xbill/DNS/HINFORecord.java | 4 +- + src/main/java/org/xbill/DNS/HTTPSRecord.java | 5 +- + .../java/org/xbill/DNS/IPSECKEYRecord.java | 22 +++- + src/main/java/org/xbill/DNS/ISDNRecord.java | 2 +- + src/main/java/org/xbill/DNS/KEYRecord.java | 8 +- + src/main/java/org/xbill/DNS/KXRecord.java | 4 +- + src/main/java/org/xbill/DNS/LOCRecord.java | 4 +- + src/main/java/org/xbill/DNS/MBRecord.java | 4 +- + src/main/java/org/xbill/DNS/MDRecord.java | 2 +- + src/main/java/org/xbill/DNS/MFRecord.java | 2 +- + src/main/java/org/xbill/DNS/MGRecord.java | 4 +- + src/main/java/org/xbill/DNS/MINFORecord.java | 4 +- + src/main/java/org/xbill/DNS/MRRecord.java | 4 +- + src/main/java/org/xbill/DNS/MXRecord.java | 8 +- + src/main/java/org/xbill/DNS/NAPTRRecord.java | 4 +- + src/main/java/org/xbill/DNS/NSAPRecord.java | 3 +- + .../java/org/xbill/DNS/NSAP_PTRRecord.java | 3 +- + .../java/org/xbill/DNS/NSEC3PARAMRecord.java | 4 +- + src/main/java/org/xbill/DNS/NSEC3Record.java | 4 +- + src/main/java/org/xbill/DNS/NSECRecord.java | 4 +- + src/main/java/org/xbill/DNS/NSIDOption.java | 4 +- + src/main/java/org/xbill/DNS/NSRecord.java | 4 +- + src/main/java/org/xbill/DNS/NULLRecord.java | 4 +- + src/main/java/org/xbill/DNS/NXTRecord.java | 4 +- + src/main/java/org/xbill/DNS/NioTcpClient.java | 2 +- + src/main/java/org/xbill/DNS/NioUdpClient.java | 2 +- + .../java/org/xbill/DNS/OPENPGPKEYRecord.java | 4 +- + src/main/java/org/xbill/DNS/OPTRecord.java | 3 +- + src/main/java/org/xbill/DNS/Opcode.java | 6 +- + src/main/java/org/xbill/DNS/PTRRecord.java | 4 +- + src/main/java/org/xbill/DNS/PXRecord.java | 4 +- + src/main/java/org/xbill/DNS/RPRecord.java | 2 +- + src/main/java/org/xbill/DNS/RRSIGRecord.java | 4 +- + src/main/java/org/xbill/DNS/RTRecord.java | 4 +- + src/main/java/org/xbill/DNS/SIGRecord.java | 4 +- + src/main/java/org/xbill/DNS/SMIMEARecord.java | 4 +- + src/main/java/org/xbill/DNS/SOARecord.java | 4 +- + src/main/java/org/xbill/DNS/SPFRecord.java | 4 +- + src/main/java/org/xbill/DNS/SRVRecord.java | 4 +- + src/main/java/org/xbill/DNS/SSHFPRecord.java | 4 +- + src/main/java/org/xbill/DNS/SVCBBase.java | 3 +- + src/main/java/org/xbill/DNS/SVCBRecord.java | 3 +- + src/main/java/org/xbill/DNS/TKEYRecord.java | 4 +- + src/main/java/org/xbill/DNS/TLSARecord.java | 28 ++++- + src/main/java/org/xbill/DNS/TSIG.java | 4 +- + src/main/java/org/xbill/DNS/TSIGRecord.java | 2 +- + src/main/java/org/xbill/DNS/TXTRecord.java | 4 +- + .../org/xbill/DNS/TcpKeepaliveOption.java | 2 +- + src/main/java/org/xbill/DNS/Type.java | 25 ++-- + src/main/java/org/xbill/DNS/URIRecord.java | 4 +- + src/main/java/org/xbill/DNS/WKSRecord.java | 6 +- + src/main/java/org/xbill/DNS/X25Record.java | 2 +- + .../org/xbill/DNS/lookup/LookupSession.java | 2 +- + .../DNS/lookup/NoSuchRRSetException.java | 5 +- + .../org/xbill/DNS/dnssec/ResolveExample.java | 4 +- + 80 files changed, 294 insertions(+), 178 deletions(-) + +diff --git a/EXAMPLES.md b/EXAMPLES.md +index 18a0eaf..bdb4b24 100644 +--- a/EXAMPLES.md ++++ b/EXAMPLES.md +@@ -144,7 +144,7 @@ public class ResolveExample { + + // Send the same queries using the validating resolver with the + // trust anchor of the root zone +- // http://data.iana.org/root-anchors/root-anchors.xml ++ // https://data.iana.org/root-anchors/root-anchors.xml + ValidatingResolver vr = new ValidatingResolver(sr); + vr.loadTrustAnchors(new ByteArrayInputStream(ROOT.getBytes(StandardCharsets.US_ASCII))); + System.out.println("\n\nValidating resolver:"); +diff --git a/README.adoc b/README.adoc +index 9a0aebd..9c76545 100644 +--- a/README.adoc ++++ b/README.adoc +@@ -122,7 +122,7 @@ Do NOT use it. + |5000 + + .2+|org.jitsi.dnssec.nsec3.iterations.N +-3+a|Maximum iteration count for the NSEC3 hashing function depending on the key size N. The defaults are from https://www.rfc-editor.org/rfc/rfc5155.html#section-10.3[RFC5155]. ++3+a|Maximum iteration count for the NSEC3 hashing function depending on the key size N. The defaults are from https://datatracker.ietf.org/doc/html/rfc5155#section-10.3[RFC5155]. + |Integer + 2+a|- 1024 bit keys: 150 iterations + - 2048 bit keys: 500 iterations +@@ -169,7 +169,7 @@ https://www.rfc-editor.org/rfc/rfc8624.html#section-3.1[RFC8624] for recommended + .2+|dnsjava.dnssec.digest_enabled.ID + 3+|Enable or disable a DS record digest algorithm. + See +-https://www.rfc-editor.org/rfc/rfc8624.html#section-3.3[RFC8624] for recommended values. ++https://datatracker.ietf.org/doc/html/rfc8624#section-3.3[RFC8624] for recommended values. + |Boolean + 2+|Disable SHA.1: + `dnsjava.dnssec.digest_enabled.1=false` +@@ -219,7 +219,7 @@ To migrate from dnssecjava, replace `org.jitsi` with `org.xbill.DNS` in Java pac + Validated, secure responses contain the DNS `AD`-flag, while responses that failed validation return the `SERVFAIL`-RCode. + Insecure responses return the actual return code without the `AD`-flag set. + The reason why the validation failed or is insecure is provided as a localized string in the additional section under the record ./65280/TXT (a TXT record for the owner name of the root zone in the private query class `ValidatingResolver.VALIDATION_REASON_QCLASS`). +-The Extended DNS Errors (EDE, https://www.rfc-editor.org/rfc/rfc8914.html[RFC8914]) also provides the failure reason, although in less detail. ++The Extended DNS Errors (EDE, https://datatracker.ietf.org/doc/html/rfc8914[RFC8914]) also provides the failure reason, although in less detail. + + The link:EXAMPLES.md[examples] contain a small demo. + +@@ -230,7 +230,7 @@ The most important changes are: + + * Requires at least Java 8 + +-* Uses http://www.slf4j.org/[slf4j] for logging and thus needs `slf4j-api` ++* Uses https://www.slf4j.org/[slf4j] for logging and thus needs `slf4j-api` + on the classpath + + * The link:USAGE.md[command line tools] were moved to the `org.xbill.DNS.tools` +diff --git a/pom.xml b/pom.xml +index 0135f64..b2edf41 100644 +--- a/pom.xml ++++ b/pom.xml +@@ -1,6 +1,6 @@ + + + + 4.0.0 +diff --git a/src/main/java/org/xbill/DNS/A6Record.java b/src/main/java/org/xbill/DNS/A6Record.java +index 3d8441e..7f19152 100644 +--- a/src/main/java/org/xbill/DNS/A6Record.java ++++ b/src/main/java/org/xbill/DNS/A6Record.java +@@ -11,7 +11,8 @@ import java.net.UnknownHostException; + * A6 Record - maps a domain name to an IPv6 address (historic) + * + * @author Brian Wellington +- * @see RFC 6563: Moving A6 to Historic Status ++ * @see RFC 6563: Moving A6 to Historic ++ * Status + */ + public class A6Record extends Record { + private int prefixBits; +diff --git a/src/main/java/org/xbill/DNS/AAAARecord.java b/src/main/java/org/xbill/DNS/AAAARecord.java +index 6f7c4b9..cd9a4be 100644 +--- a/src/main/java/org/xbill/DNS/AAAARecord.java ++++ b/src/main/java/org/xbill/DNS/AAAARecord.java +@@ -11,8 +11,8 @@ import java.net.UnknownHostException; + * IPv6 Address Record - maps a domain name to an IPv6 address + * + * @author Brian Wellington +- * @see RFC 3596: DNS Extensions to Support IP Version +- * 6 ++ * @see RFC 3596: DNS Extensions to Support ++ * IP Version 6 + */ + public class AAAARecord extends Record { + private byte[] address; +diff --git a/src/main/java/org/xbill/DNS/AFSDBRecord.java b/src/main/java/org/xbill/DNS/AFSDBRecord.java +index 6a41251..6ca2f05 100644 +--- a/src/main/java/org/xbill/DNS/AFSDBRecord.java ++++ b/src/main/java/org/xbill/DNS/AFSDBRecord.java +@@ -7,7 +7,7 @@ package org.xbill.DNS; + * AFS Data Base Record - maps a domain name to the name of an AFS cell database server. + * + * @author Brian Wellington +- * @see RFC 1183: New DNS RR Definitions ++ * @see RFC 1183: New DNS RR Definitions + */ + public class AFSDBRecord extends U16NameBase { + AFSDBRecord() {} +diff --git a/src/main/java/org/xbill/DNS/APLRecord.java b/src/main/java/org/xbill/DNS/APLRecord.java +index 3a5d3ee..fab315c 100644 +--- a/src/main/java/org/xbill/DNS/APLRecord.java ++++ b/src/main/java/org/xbill/DNS/APLRecord.java +@@ -19,8 +19,8 @@ import org.xbill.DNS.utils.base16; + * APL - Address Prefix List. + * + * @author Brian Wellington +- * @see RFC 3123: A DNS RR Type for Lists of Address +- * Prefixes (APL RR) ++ * @see RFC 3123: A DNS RR Type for Lists of ++ * Address Prefixes (APL RR) + */ + public class APLRecord extends Record { + +diff --git a/src/main/java/org/xbill/DNS/ARecord.java b/src/main/java/org/xbill/DNS/ARecord.java +index a4739fc..4cccc55 100644 +--- a/src/main/java/org/xbill/DNS/ARecord.java ++++ b/src/main/java/org/xbill/DNS/ARecord.java +@@ -11,8 +11,8 @@ import java.net.UnknownHostException; + * Address Record - maps a domain name to an Internet address + * + * @author Brian Wellington +- * @see RFC 1035: Domain Names - Implementation and +- * Specification ++ * @see RFC 1035: Domain Names - ++ * Implementation and Specification + */ + public class ARecord extends Record { + private int addr; +diff --git a/src/main/java/org/xbill/DNS/CAARecord.java b/src/main/java/org/xbill/DNS/CAARecord.java +index 47a4dd2..2fc61ce 100644 +--- a/src/main/java/org/xbill/DNS/CAARecord.java ++++ b/src/main/java/org/xbill/DNS/CAARecord.java +@@ -9,8 +9,8 @@ import java.io.IOException; + * Certification Authority Authorization + * + * @author Brian Wellington +- * @see RFC 6844: DNS Certification Authority +- * Authorization (CAA) Resource Record ++ * @see RFC 6844: DNS Certification ++ * Authority Authorization (CAA) Resource Record + */ + public class CAARecord extends Record { + public static class Flags { +diff --git a/src/main/java/org/xbill/DNS/CDNSKEYRecord.java b/src/main/java/org/xbill/DNS/CDNSKEYRecord.java +index 8879027..778ac69 100644 +--- a/src/main/java/org/xbill/DNS/CDNSKEYRecord.java ++++ b/src/main/java/org/xbill/DNS/CDNSKEYRecord.java +@@ -7,8 +7,8 @@ import java.security.PublicKey; + * Child DNSKEY record as specified in RFC 8078. + * + * @see DNSSEC +- * @see RFC 8078: Managing DS Records from the Parent +- * via CDS/CDNSKEY ++ * @see RFC 8078: Managing DS Records from ++ * the Parent via CDS/CDNSKEY + */ + public class CDNSKEYRecord extends DNSKEYRecord { + CDNSKEYRecord() {} +diff --git a/src/main/java/org/xbill/DNS/CDSRecord.java b/src/main/java/org/xbill/DNS/CDSRecord.java +index d3e8382..c9eee1f 100644 +--- a/src/main/java/org/xbill/DNS/CDSRecord.java ++++ b/src/main/java/org/xbill/DNS/CDSRecord.java +@@ -5,8 +5,8 @@ package org.xbill.DNS; + * Child Delegation Signer record as specified in RFC 8078. + * + * @see DNSSEC +- * @see RFC 8078: Managing DS Records from the Parent +- * via CDS/CDNSKEY ++ * @see RFC 8078: Managing DS Records from ++ * the Parent via CDS/CDNSKEY + */ + public class CDSRecord extends DSRecord { + CDSRecord() {} +diff --git a/src/main/java/org/xbill/DNS/CERTRecord.java b/src/main/java/org/xbill/DNS/CERTRecord.java +index 624f600..5ab7fd0 100644 +--- a/src/main/java/org/xbill/DNS/CERTRecord.java ++++ b/src/main/java/org/xbill/DNS/CERTRecord.java +@@ -12,8 +12,8 @@ import org.xbill.DNS.utils.base64; + * + * @see KEYRecord + * @author Brian Wellington +- * @see RFC 4398: Storing Certificates in the Domain +- * Name System (DNS) ++ * @see RFC 4398: Storing Certificates in ++ * the Domain Name System (DNS) + */ + public class CERTRecord extends Record { + +diff --git a/src/main/java/org/xbill/DNS/CNAMERecord.java b/src/main/java/org/xbill/DNS/CNAMERecord.java +index 0359cf3..5033d9f 100644 +--- a/src/main/java/org/xbill/DNS/CNAMERecord.java ++++ b/src/main/java/org/xbill/DNS/CNAMERecord.java +@@ -7,8 +7,8 @@ package org.xbill.DNS; + * CNAME Record - maps an alias to its real name + * + * @author Brian Wellington +- * @see RFC 1035: Domain Names - Implementation and +- * Specification ++ * @see RFC 1035: Domain Names - ++ * Implementation and Specification + */ + public class CNAMERecord extends SingleCompressedNameBase { + CNAMERecord() {} +diff --git a/src/main/java/org/xbill/DNS/ClientSubnetOption.java b/src/main/java/org/xbill/DNS/ClientSubnetOption.java +index 8d2730a..6d8df8d 100644 +--- a/src/main/java/org/xbill/DNS/ClientSubnetOption.java ++++ b/src/main/java/org/xbill/DNS/ClientSubnetOption.java +@@ -7,8 +7,7 @@ import java.net.InetAddress; + import java.net.UnknownHostException; + + /** +- * The Client Subnet EDNS Option, defined in Client +- * subnet in DNS requests. ++ * The Client Subnet EDNS Option. + * + *

The option is used to convey information about the IP address of the originating client, so + * that an authoritative server can make decisions based on this address, rather than the address of +@@ -22,6 +21,7 @@ import java.net.UnknownHostException; + * length (where the final octet is padded with bits set to 0) + * + * @see OPTRecord ++ * @see RFC 7871 + * @author Brian Wellington + * @author Ming Zhou <mizhou@bnivideo.com>, Beaumaris Networks + */ +diff --git a/src/main/java/org/xbill/DNS/CookieOption.java b/src/main/java/org/xbill/DNS/CookieOption.java +index 17f2247..5228f31 100644 +--- a/src/main/java/org/xbill/DNS/CookieOption.java ++++ b/src/main/java/org/xbill/DNS/CookieOption.java +@@ -6,9 +6,10 @@ import java.util.Optional; + import org.xbill.DNS.utils.base16; + + /** +- * Cookie EDNS0 Option, as defined in https://tools.ietf.org/html/rfc7873 ++ * Cookie EDNS0 Option. + * + * @see OPTRecord ++ * @see RFC 7873 + * @author Klaus Malorny + */ + public class CookieOption extends EDNSOption { +diff --git a/src/main/java/org/xbill/DNS/DHCIDRecord.java b/src/main/java/org/xbill/DNS/DHCIDRecord.java +index 827c976..be39470 100644 +--- a/src/main/java/org/xbill/DNS/DHCIDRecord.java ++++ b/src/main/java/org/xbill/DNS/DHCIDRecord.java +@@ -10,8 +10,8 @@ import org.xbill.DNS.utils.base64; + * DHCID - Dynamic Host Configuration Protocol (DHCP) ID (RFC 4701) + * + * @author Brian Wellington +- * @see RFC 4701: A DNS Resource Record (RR) for +- * Encoding Dynamic Host Configuration Protocol (DHCP) Information (DHCID RR) ++ * @see RFC 4701: A DNS Resource Record (RR) ++ * for Encoding Dynamic Host Configuration Protocol (DHCP) Information (DHCID RR) + */ + public class DHCIDRecord extends Record { + private byte[] data; +diff --git a/src/main/java/org/xbill/DNS/DLVRecord.java b/src/main/java/org/xbill/DNS/DLVRecord.java +index f890427..c6d8ff6 100644 +--- a/src/main/java/org/xbill/DNS/DLVRecord.java ++++ b/src/main/java/org/xbill/DNS/DLVRecord.java +@@ -14,8 +14,8 @@ import org.xbill.DNS.utils.base16; + * @see DSRecord + * @author David Blacka + * @author Brian Wellington +- * @see RFC 4431: The DNSSEC Lookaside Validation +- * (DLV) DNS Resource Record ++ * @see RFC 4431: The DNSSEC Lookaside ++ * Validation (DLV) DNS Resource Record + */ + public class DLVRecord extends Record { + +diff --git a/src/main/java/org/xbill/DNS/DNAMERecord.java b/src/main/java/org/xbill/DNS/DNAMERecord.java +index 429aae5..d088d8f 100644 +--- a/src/main/java/org/xbill/DNS/DNAMERecord.java ++++ b/src/main/java/org/xbill/DNS/DNAMERecord.java +@@ -7,7 +7,8 @@ package org.xbill.DNS; + * DNAME Record - maps a nonterminal alias (subtree) to a different domain + * + * @author Brian Wellington +- * @see RFC 6672: DNAME Redirection in the DNS ++ * @see RFC 6672: DNAME Redirection in the ++ * DNS + */ + public class DNAMERecord extends SingleNameBase { + DNAMERecord() {} +diff --git a/src/main/java/org/xbill/DNS/DNSKEYRecord.java b/src/main/java/org/xbill/DNS/DNSKEYRecord.java +index 438fa1d..d0d9b34 100644 +--- a/src/main/java/org/xbill/DNS/DNSKEYRecord.java ++++ b/src/main/java/org/xbill/DNS/DNSKEYRecord.java +@@ -12,8 +12,8 @@ import java.security.PublicKey; + * + * @see DNSSEC + * @author Brian Wellington +- * @see RFC 4034: Resource Records for the DNS +- * Security Extensions ++ * @see RFC 4034: Resource Records for the ++ * DNS Security Extensions + */ + public class DNSKEYRecord extends KEYBase { + +diff --git a/src/main/java/org/xbill/DNS/DNSSEC.java b/src/main/java/org/xbill/DNS/DNSSEC.java +index dbf684a..1b11631 100644 +--- a/src/main/java/org/xbill/DNS/DNSSEC.java ++++ b/src/main/java/org/xbill/DNS/DNSSEC.java +@@ -43,8 +43,9 @@ public class DNSSEC { + private Algorithm() {} + + /** +- * Delete DS record in parent zone, RFC8078. ++ * Delete DS record in parent zone. + * ++ * @see RFC 8078 + * @since 3.5 + */ + public static final int DELETE = 0; +diff --git a/src/main/java/org/xbill/DNS/DSRecord.java b/src/main/java/org/xbill/DNS/DSRecord.java +index bcfeeed..9970d02 100644 +--- a/src/main/java/org/xbill/DNS/DSRecord.java ++++ b/src/main/java/org/xbill/DNS/DSRecord.java +@@ -13,8 +13,8 @@ import org.xbill.DNS.utils.base16; + * @see DNSSEC + * @author David Blacka + * @author Brian Wellington +- * @see RFC 4034: Resource Records for the DNS +- * Security Extensions ++ * @see RFC 4034: Resource Records for the ++ * DNS Security Extensions + */ + public class DSRecord extends Record { + +diff --git a/src/main/java/org/xbill/DNS/DohResolver.java b/src/main/java/org/xbill/DNS/DohResolver.java +index 6e7d73f..0933ef1 100644 +--- a/src/main/java/org/xbill/DNS/DohResolver.java ++++ b/src/main/java/org/xbill/DNS/DohResolver.java +@@ -35,9 +35,9 @@ import org.xbill.DNS.AsyncSemaphore.Permit; + import org.xbill.DNS.utils.base64; + + /** +- * Proof-of-concept DNS over HTTP (DoH) resolver. +- * This class is not suitable for high load scenarios because of the shortcomings of Java's built-in +- * HTTP clients. For more control, implement your own {@link Resolver} using e.g. DNS over HTTP (DoH) ++ * resolver. This class is not suitable for high load scenarios because of the shortcomings of ++ * Java's built-in HTTP clients. For more control, implement your own {@link Resolver} using e.g. OkHttp. + * + *

On Java 8, it uses HTTP/1.1, which is against the recommendation of RFC 8484 to use HTTP/2 and +diff --git a/src/main/java/org/xbill/DNS/EDNSOption.java b/src/main/java/org/xbill/DNS/EDNSOption.java +index 4de7ad1..81906f8 100644 +--- a/src/main/java/org/xbill/DNS/EDNSOption.java ++++ b/src/main/java/org/xbill/DNS/EDNSOption.java +@@ -22,54 +22,129 @@ public abstract class EDNSOption { + public static class Code { + private Code() {} + +- /** Apple's DNS Long-Lived Queries protocol, draft-sekar-dns-llq-06 */ ++ /** ++ * Apple's DNS Long-Lived Queries protocol. ++ * ++ * @see RFC 8764 ++ */ + public static final int LLQ = 1; + +- /** Dynamic DNS Update Leases, draft-sekar-dns-ul-02 */ ++ /** ++ * Dynamic DNS Update Leases. ++ * ++ * @see draft-sekar-dns-ul-03 ++ */ + public static final int UL = 2; + +- /** Name Server Identifier, RFC 5001 */ ++ /** ++ * Name Server Identifier. ++ * ++ * @see RFC 5001 ++ */ + public static final int NSID = 3; + +- /** DNSSEC Algorithm Understood (DAU), RFC 6975 */ ++ /** ++ * DNSSEC Algorithm Understood (DAU). ++ * ++ * @see RFC 6975 ++ */ + public static final int DAU = 5; + +- /** DNSSEC DS Hash Understood (DHU), RFC 6975 */ ++ /** ++ * DNSSEC DS Hash Understood (DHU). ++ * ++ * @see RFC 8764 ++ */ + public static final int DHU = 6; + +- /** DNSSEC NSEC3 Hash Understood (N3U), RFC 6975 */ ++ /** ++ * DNSSEC NSEC3 Hash Understood (N3U). ++ * ++ * @see RFC 6975 ++ */ + public static final int N3U = 7; + +- /** Client Subnet, RFC 7871 */ ++ /** ++ * Client Subnet. ++ * ++ * @see RFC 7871 ++ */ + public static final int CLIENT_SUBNET = 8; + +- /** (EDNS) EXPIRE Option, RFC 7314 */ ++ /** ++ * (EDNS) EXPIRE Option. ++ * ++ * @see RFC 7314 ++ */ + public static final int EDNS_EXPIRE = 9; + +- /** Cookie, RFC 7873 */ ++ /** ++ * Cookie. ++ * ++ * @see RFC 7873 ++ */ + public static final int COOKIE = 10; + +- /** TCP Keepalive, RFC 7828 */ ++ /** ++ * TCP Keepalive. ++ * ++ * @see RFC 7828 ++ */ + public static final int TCP_KEEPALIVE = 11; + +- /** EDNS(0) Padding Option, RFC 7830 */ ++ /** ++ * EDNS(0) Padding Option. ++ * ++ * @see RFC 7830 ++ */ + public static final int PADDING = 12; + +- /** CHAIN Query Requests in DNS, RFC 7901 */ ++ /** ++ * CHAIN Query Requests in DNS. ++ * ++ * @see RFC 7901 ++ */ + public static final int CHAIN = 13; + +- /** Signaling Trust Anchor Knowledge in DNS Security Extensions (DNSSEC), RFC 8145 */ ++ /** ++ * Signaling Trust Anchor Knowledge in DNS Security Extensions (DNSSEC). ++ * ++ * @see RFC 8145 ++ */ + public static final int EDNS_KEY_TAG = 14; + +- /** Extended DNS Errors, RFC 8914. */ ++ /** ++ * Extended DNS Errors. ++ * ++ * @see RFC 8914 ++ */ + public static final int EDNS_EXTENDED_ERROR = 15; + +- /** DNS EDNS Tags, draft-bellis-dnsop-edns-tags-01 */ ++ /** ++ * DNS EDNS Tags. ++ * ++ * @see draft-bellis-dnsop-edns-tags-01 ++ */ + public static final int EDNS_CLIENT_TAG = 16; + +- /** DNS EDNS Tags, draft-bellis-dnsop-edns-tags-01 */ ++ /** ++ * DNS EDNS Tags. ++ * ++ * @see draft-bellis-dnsop-edns-tags-01 ++ */ + public static final int EDNS_SERVER_TAG = 17; + ++ /** ++ * Report Channel. ++ * ++ * @see RFC 9567 ++ * @since 3.6 ++ */ ++ public static final int REPORT_CHANNEL = 18; ++ + private static final Mnemonic codes = + new Mnemonic("EDNS Option Codes", Mnemonic.CASE_SENSITIVE); + +@@ -95,6 +170,7 @@ public abstract class EDNSOption { + codes.add(EDNS_EXTENDED_ERROR, "Extended_DNS_Error"); + codes.add(EDNS_CLIENT_TAG, "EDNS-Client-Tag"); + codes.add(EDNS_SERVER_TAG, "EDNS-Server-Tag"); ++ codes.add(REPORT_CHANNEL, "Report-Channel"); + } + + /** Converts an EDNS Option Code into its textual representation */ +diff --git a/src/main/java/org/xbill/DNS/ExtendedErrorCodeOption.java b/src/main/java/org/xbill/DNS/ExtendedErrorCodeOption.java +index d511465..6f04fba 100644 +--- a/src/main/java/org/xbill/DNS/ExtendedErrorCodeOption.java ++++ b/src/main/java/org/xbill/DNS/ExtendedErrorCodeOption.java +@@ -40,7 +40,9 @@ public class ExtendedErrorCodeOption extends EDNSOption { + + /** + * The resolver attempted to perform DNSSEC validation, but validation ended in the Indeterminate +- * state [RFC4035]. ++ * state. ++ * ++ * @see RFC 1712: DNS Encoding of Geographical +- * Location ++ * @see RFC 1712: DNS Encoding of ++ * Geographical Location + */ + public class GPOSRecord extends Record { + private byte[] latitude, longitude, altitude; +diff --git a/src/main/java/org/xbill/DNS/HINFORecord.java b/src/main/java/org/xbill/DNS/HINFORecord.java +index 6981ee6..06d32ec 100644 +--- a/src/main/java/org/xbill/DNS/HINFORecord.java ++++ b/src/main/java/org/xbill/DNS/HINFORecord.java +@@ -9,8 +9,8 @@ import java.io.IOException; + * Host Information - describes the CPU and OS of a host + * + * @author Brian Wellington +- * @see RFC 1035: Domain Names - Implementation and +- * Specification ++ * @see RFC 1035: Domain Names - ++ * Implementation and Specification + */ + public class HINFORecord extends Record { + private byte[] cpu, os; +diff --git a/src/main/java/org/xbill/DNS/HTTPSRecord.java b/src/main/java/org/xbill/DNS/HTTPSRecord.java +index 56659f4..785401c 100644 +--- a/src/main/java/org/xbill/DNS/HTTPSRecord.java ++++ b/src/main/java/org/xbill/DNS/HTTPSRecord.java +@@ -4,11 +4,10 @@ package org.xbill.DNS; + import java.util.List; + + /** +- * HTTPS Service Location and Parameter Binding Record ++ * HTTPS Service Location and Parameter Binding Record. + * +- * @see draft-ietf-dnsop-svcb-https + * @since 3.3 ++ * @see RFC 9460 + */ + public class HTTPSRecord extends SVCBBase { + HTTPSRecord() {} +diff --git a/src/main/java/org/xbill/DNS/IPSECKEYRecord.java b/src/main/java/org/xbill/DNS/IPSECKEYRecord.java +index 5a2439d..59c5be2 100644 +--- a/src/main/java/org/xbill/DNS/IPSECKEYRecord.java ++++ b/src/main/java/org/xbill/DNS/IPSECKEYRecord.java +@@ -12,8 +12,8 @@ import org.xbill.DNS.utils.base64; + * IPsec Keying Material (RFC 4025) + * + * @author Brian Wellington +- * @see RFC 4025: A Method for Storing IPsec Keying +- * Material in DNS ++ * @see RFC 4025: A Method for Storing IPsec ++ * Keying Material in DNS + */ + public class IPSECKEYRecord extends Record { + /** +@@ -24,13 +24,25 @@ public class IPSECKEYRecord extends Record { + public static class Algorithm { + private Algorithm() {} + +- /** A DSA key is present, in the format defined in [RFC2536] */ ++ /** ++ * A DSA key is present. ++ * ++ * @see RFC 2536 ++ */ + public static final int DSA = 1; + +- /** A RSA key is present, in the format defined in [RFC3110] */ ++ /** ++ * A RSA key is present. ++ * ++ * @see RFC 3110 ++ */ + public static final int RSA = 2; + +- /** An ECDSA key is present, in the format defined in [RFC6605] */ ++ /** ++ * An ECDSA key is present. ++ * ++ * @see RFC 6605 ++ */ + public static final int ECDSA = 3; + } + +diff --git a/src/main/java/org/xbill/DNS/ISDNRecord.java b/src/main/java/org/xbill/DNS/ISDNRecord.java +index 329f4e7..4e27574 100644 +--- a/src/main/java/org/xbill/DNS/ISDNRecord.java ++++ b/src/main/java/org/xbill/DNS/ISDNRecord.java +@@ -9,7 +9,7 @@ import java.io.IOException; + * ISDN - identifies the ISDN number and subaddress associated with a name. + * + * @author Brian Wellington +- * @see RFC 1183: New DNS RR Definitions ++ * @see RFC 1183: New DNS RR Definitions + */ + public class ISDNRecord extends Record { + private byte[] address; +diff --git a/src/main/java/org/xbill/DNS/KEYRecord.java b/src/main/java/org/xbill/DNS/KEYRecord.java +index f5b40cb..2335964 100644 +--- a/src/main/java/org/xbill/DNS/KEYRecord.java ++++ b/src/main/java/org/xbill/DNS/KEYRecord.java +@@ -14,10 +14,10 @@ import java.util.StringTokenizer; + * @see DNSSEC + * @see DNSKEYRecord + * @author Brian Wellington +- * @see RFC 2535: Domain Name System Security +- * Extensions +- * @see RFC 3755: Legacy Resolver Compatibility for +- * Delegation Signer (DS) ++ * @see RFC 2535: Domain Name System ++ * Security Extensions ++ * @see RFC 3755: Legacy Resolver ++ * Compatibility for Delegation Signer (DS) + */ + public class KEYRecord extends KEYBase { + /** KEY protocol identifiers. */ +diff --git a/src/main/java/org/xbill/DNS/KXRecord.java b/src/main/java/org/xbill/DNS/KXRecord.java +index 5918bfa..7ea5cf9 100644 +--- a/src/main/java/org/xbill/DNS/KXRecord.java ++++ b/src/main/java/org/xbill/DNS/KXRecord.java +@@ -7,8 +7,8 @@ package org.xbill.DNS; + * Key Exchange - delegation of authority + * + * @author Brian Wellington +- * @see RFC 2230: Key Exchange Delegation Record for +- * the DNS ++ * @see RFC 2230: Key Exchange Delegation ++ * Record for the DNS + */ + public class KXRecord extends U16NameBase { + KXRecord() {} +diff --git a/src/main/java/org/xbill/DNS/LOCRecord.java b/src/main/java/org/xbill/DNS/LOCRecord.java +index 60d5724..25d06db 100644 +--- a/src/main/java/org/xbill/DNS/LOCRecord.java ++++ b/src/main/java/org/xbill/DNS/LOCRecord.java +@@ -11,8 +11,8 @@ import java.text.NumberFormat; + * Location - describes the physical location of hosts, networks, subnets. + * + * @author Brian Wellington +- * @see RFC 1876: A Means for Expressing Location +- * Information in the Domain Name System ++ * @see RFC 1876: A Means for Expressing ++ * Location Information in the Domain Name System + */ + public class LOCRecord extends Record { + private static final NumberFormat w2; +diff --git a/src/main/java/org/xbill/DNS/MBRecord.java b/src/main/java/org/xbill/DNS/MBRecord.java +index 626df3f..a2fbc91 100644 +--- a/src/main/java/org/xbill/DNS/MBRecord.java ++++ b/src/main/java/org/xbill/DNS/MBRecord.java +@@ -7,8 +7,8 @@ package org.xbill.DNS; + * Mailbox Record - specifies a host containing a mailbox. + * + * @author Brian Wellington +- * @see RFC 883: Domain Names - Implementation and +- * Specification ++ * @see RFC 883: Domain Names - ++ * Implementation and Specification + */ + public class MBRecord extends SingleNameBase { + MBRecord() {} +diff --git a/src/main/java/org/xbill/DNS/MDRecord.java b/src/main/java/org/xbill/DNS/MDRecord.java +index 84077db..78c6a18 100644 +--- a/src/main/java/org/xbill/DNS/MDRecord.java ++++ b/src/main/java/org/xbill/DNS/MDRecord.java +@@ -7,7 +7,7 @@ package org.xbill.DNS; + * Mail Destination Record - specifies a mail agent which delivers mail for a domain (obsolete) + * + * @author Brian Wellington +- * @see RFC 973: Domain System Changes and ++ * @see RFC 973: Domain System Changes and + * Observations + */ + public class MDRecord extends SingleNameBase { +diff --git a/src/main/java/org/xbill/DNS/MFRecord.java b/src/main/java/org/xbill/DNS/MFRecord.java +index 55828b6..0e0d59c 100644 +--- a/src/main/java/org/xbill/DNS/MFRecord.java ++++ b/src/main/java/org/xbill/DNS/MFRecord.java +@@ -7,7 +7,7 @@ package org.xbill.DNS; + * Mail Forwarder Record - specifies a mail agent which forwards mail for a domain (obsolete) + * + * @author Brian Wellington +- * @see RFC 973: Domain System Changes and ++ * @see RFC 973: Domain System Changes and + * Observations + */ + public class MFRecord extends SingleNameBase { +diff --git a/src/main/java/org/xbill/DNS/MGRecord.java b/src/main/java/org/xbill/DNS/MGRecord.java +index 4d0d0fb..fd5077b 100644 +--- a/src/main/java/org/xbill/DNS/MGRecord.java ++++ b/src/main/java/org/xbill/DNS/MGRecord.java +@@ -7,8 +7,8 @@ package org.xbill.DNS; + * Mail Group Record - specifies a mailbox which is a member of a mail group. + * + * @author Brian Wellington +- * @see RFC 883: Domain Names - Implementation and +- * Specification ++ * @see RFC 883: Domain Names - ++ * Implementation and Specification + */ + public class MGRecord extends SingleNameBase { + MGRecord() {} +diff --git a/src/main/java/org/xbill/DNS/MINFORecord.java b/src/main/java/org/xbill/DNS/MINFORecord.java +index 242600f..a730095 100644 +--- a/src/main/java/org/xbill/DNS/MINFORecord.java ++++ b/src/main/java/org/xbill/DNS/MINFORecord.java +@@ -10,8 +10,8 @@ import java.io.IOException; + * address to receive error messages relating to the mailing list/mailbox. + * + * @author Brian Wellington +- * @see RFC 883: Domain Names - Implementation and +- * Specification ++ * @see RFC 883: Domain Names - ++ * Implementation and Specification + */ + public class MINFORecord extends Record { + private Name responsibleAddress; +diff --git a/src/main/java/org/xbill/DNS/MRRecord.java b/src/main/java/org/xbill/DNS/MRRecord.java +index 574997e..68e9f15 100644 +--- a/src/main/java/org/xbill/DNS/MRRecord.java ++++ b/src/main/java/org/xbill/DNS/MRRecord.java +@@ -7,8 +7,8 @@ package org.xbill.DNS; + * Mailbox Rename Record - specifies a rename of a mailbox. + * + * @author Brian Wellington +- * @see RFC 883: Domain Names - Implementation and +- * Specification ++ * @see RFC 883: Domain Names - ++ * Implementation and Specification + */ + public class MRRecord extends SingleNameBase { + MRRecord() {} +diff --git a/src/main/java/org/xbill/DNS/MXRecord.java b/src/main/java/org/xbill/DNS/MXRecord.java +index 8a6689f..f5ec13c 100644 +--- a/src/main/java/org/xbill/DNS/MXRecord.java ++++ b/src/main/java/org/xbill/DNS/MXRecord.java +@@ -7,10 +7,10 @@ package org.xbill.DNS; + * Mail Exchange - specifies where mail to a domain is sent + * + * @author Brian Wellington +- * @see RFC 1035: Domain Names - Implementation and +- * Specification +- * @see RFC 7505: A "Null MX" No Service Resource +- * Record for Domains That Accept No Mail ++ * @see RFC 1035: Domain Names - ++ * Implementation and Specification ++ * @see RFC 7505: A "Null MX" No Service ++ * Resource Record for Domains That Accept No Mail + */ + public class MXRecord extends U16NameBase { + MXRecord() {} +diff --git a/src/main/java/org/xbill/DNS/NAPTRRecord.java b/src/main/java/org/xbill/DNS/NAPTRRecord.java +index da3bf9a..6b07fe8 100644 +--- a/src/main/java/org/xbill/DNS/NAPTRRecord.java ++++ b/src/main/java/org/xbill/DNS/NAPTRRecord.java +@@ -10,8 +10,8 @@ import java.io.IOException; + * will produce a new domain. + * + * @author Chuck Santos +- * @see RFC 3403: Dynamic Delegation Discovery System +- * (DDDS) Part Three: The Domain Name System (DNS) Database ++ * @see RFC 3403: Dynamic Delegation ++ * Discovery System (DDDS) Part Three: The Domain Name System (DNS) Database + */ + public class NAPTRRecord extends Record { + private int order, preference; +diff --git a/src/main/java/org/xbill/DNS/NSAPRecord.java b/src/main/java/org/xbill/DNS/NSAPRecord.java +index 3be0047..8b88175 100644 +--- a/src/main/java/org/xbill/DNS/NSAPRecord.java ++++ b/src/main/java/org/xbill/DNS/NSAPRecord.java +@@ -11,7 +11,8 @@ import org.xbill.DNS.utils.base16; + * NSAP Address Record. + * + * @author Brian Wellington +- * @see RFC 1706: DNS NSAP Resource Records ++ * @see RFC 1706: DNS NSAP Resource ++ * Records + */ + public class NSAPRecord extends Record { + private byte[] address; +diff --git a/src/main/java/org/xbill/DNS/NSAP_PTRRecord.java b/src/main/java/org/xbill/DNS/NSAP_PTRRecord.java +index 8e1da00..478ddd1 100644 +--- a/src/main/java/org/xbill/DNS/NSAP_PTRRecord.java ++++ b/src/main/java/org/xbill/DNS/NSAP_PTRRecord.java +@@ -7,7 +7,8 @@ package org.xbill.DNS; + * NSAP Pointer Record - maps a domain name representing an NSAP Address to a hostname. (obsolete) + * + * @author Brian Wellington +- * @see RFC 1706: DNS NSAP Resource Records ++ * @see RFC 1706: DNS NSAP Resource ++ * Records + */ + public class NSAP_PTRRecord extends SingleNameBase { + NSAP_PTRRecord() {} +diff --git a/src/main/java/org/xbill/DNS/NSEC3PARAMRecord.java b/src/main/java/org/xbill/DNS/NSEC3PARAMRecord.java +index 9875040..f82f34c 100644 +--- a/src/main/java/org/xbill/DNS/NSEC3PARAMRecord.java ++++ b/src/main/java/org/xbill/DNS/NSEC3PARAMRecord.java +@@ -15,8 +15,8 @@ import org.xbill.DNS.utils.base16; + * + * @author Brian Wellington + * @author David Blacka +- * @see RFC 5155: DNS Security (DNSSEC) Hashed +- * Authenticated Denial of Existence ++ * @see RFC 5155: DNS Security (DNSSEC) ++ * Hashed Authenticated Denial of Existence + */ + public class NSEC3PARAMRecord extends Record { + private int hashAlg; +diff --git a/src/main/java/org/xbill/DNS/NSEC3Record.java b/src/main/java/org/xbill/DNS/NSEC3Record.java +index 8fe2dfe..b97b3b5 100644 +--- a/src/main/java/org/xbill/DNS/NSEC3Record.java ++++ b/src/main/java/org/xbill/DNS/NSEC3Record.java +@@ -18,8 +18,8 @@ import org.xbill.DNS.utils.base32; + * + * @author Brian Wellington + * @author David Blacka +- * @see RFC 5155: DNS Security (DNSSEC) Hashed +- * Authenticated Denial of Existence ++ * @see RFC 5155: DNS Security (DNSSEC) ++ * Hashed Authenticated Denial of Existence + */ + public class NSEC3Record extends Record { + +diff --git a/src/main/java/org/xbill/DNS/NSECRecord.java b/src/main/java/org/xbill/DNS/NSECRecord.java +index cf28f5d..6737594 100644 +--- a/src/main/java/org/xbill/DNS/NSECRecord.java ++++ b/src/main/java/org/xbill/DNS/NSECRecord.java +@@ -14,8 +14,8 @@ import java.io.IOException; + * + * @author Brian Wellington + * @author David Blacka +- * @see RFC 4034: Resource Records for the DNS +- * Security Extensions ++ * @see RFC 4034: Resource Records for the ++ * DNS Security Extensions + */ + public class NSECRecord extends Record { + private Name next; +diff --git a/src/main/java/org/xbill/DNS/NSIDOption.java b/src/main/java/org/xbill/DNS/NSIDOption.java +index 31dcef4..477e36e 100644 +--- a/src/main/java/org/xbill/DNS/NSIDOption.java ++++ b/src/main/java/org/xbill/DNS/NSIDOption.java +@@ -8,8 +8,8 @@ package org.xbill.DNS; + * + * @see OPTRecord + * @author Brian Wellington +- * @see RFC 5001: DNS Name Server Identifier (NSID) +- * Option ++ * @see RFC 5001: DNS Name Server Identifier ++ * (NSID) Option + */ + public class NSIDOption extends GenericEDNSOption { + NSIDOption() { +diff --git a/src/main/java/org/xbill/DNS/NSRecord.java b/src/main/java/org/xbill/DNS/NSRecord.java +index 1c48370..e5a0757 100644 +--- a/src/main/java/org/xbill/DNS/NSRecord.java ++++ b/src/main/java/org/xbill/DNS/NSRecord.java +@@ -7,8 +7,8 @@ package org.xbill.DNS; + * Name Server Record - contains the name server serving the named zone + * + * @author Brian Wellington +- * @see RFC 1035: Domain Names - Implementation and +- * Specification ++ * @see RFC 1035: Domain Names - ++ * Implementation and Specification + */ + public class NSRecord extends SingleCompressedNameBase { + NSRecord() {} +diff --git a/src/main/java/org/xbill/DNS/NULLRecord.java b/src/main/java/org/xbill/DNS/NULLRecord.java +index 00e1a29..a96554f 100644 +--- a/src/main/java/org/xbill/DNS/NULLRecord.java ++++ b/src/main/java/org/xbill/DNS/NULLRecord.java +@@ -9,8 +9,8 @@ import java.io.IOException; + * The NULL Record. This has no defined purpose, but can be used to hold arbitrary data. + * + * @author Brian Wellington +- * @see RFC 1035: Domain Names - Implementation and +- * Specification ++ * @see RFC 1035: Domain Names - ++ * Implementation and Specification + */ + public class NULLRecord extends Record { + private byte[] data; +diff --git a/src/main/java/org/xbill/DNS/NXTRecord.java b/src/main/java/org/xbill/DNS/NXTRecord.java +index 9c600ed..ac1347f 100644 +--- a/src/main/java/org/xbill/DNS/NXTRecord.java ++++ b/src/main/java/org/xbill/DNS/NXTRecord.java +@@ -12,8 +12,8 @@ import java.util.BitSet; + * signifies a failed query for data in a DNSSEC-signed zone. + * + * @author Brian Wellington +- * @see RFC 2065: Domain Name System Security +- * Extensions ++ * @see RFC 2065: Domain Name System ++ * Security Extensions + */ + public class NXTRecord extends Record { + private Name next; +diff --git a/src/main/java/org/xbill/DNS/NioTcpClient.java b/src/main/java/org/xbill/DNS/NioTcpClient.java +index aacc189..80b7a42 100644 +--- a/src/main/java/org/xbill/DNS/NioTcpClient.java ++++ b/src/main/java/org/xbill/DNS/NioTcpClient.java +@@ -89,7 +89,7 @@ final class NioTcpClient extends NioClient { + queryData); + + // combine length+message to avoid multiple TCP packets +- // https://tools.ietf.org/html/rfc7766#section-8 ++ // https://datatracker.ietf.org/doc/html/rfc7766#section-8 + ByteBuffer buffer = ByteBuffer.allocate(queryData.length + 2); + buffer.put((byte) (queryData.length >>> 8)); + buffer.put((byte) (queryData.length & 0xFF)); +diff --git a/src/main/java/org/xbill/DNS/NioUdpClient.java b/src/main/java/org/xbill/DNS/NioUdpClient.java +index 3cd218a..3653f71 100644 +--- a/src/main/java/org/xbill/DNS/NioUdpClient.java ++++ b/src/main/java/org/xbill/DNS/NioUdpClient.java +@@ -31,7 +31,7 @@ final class NioUdpClient extends NioClient { + private static final Queue pendingTransactions = new ConcurrentLinkedQueue<>(); + + static { +- // https://tools.ietf.org/html/rfc6335#section-6 ++ // https://datatracker.ietf.org/doc/html/rfc6335#section-6 + int ephemeralStartDefault = 49152; + int ephemeralEndDefault = 65535; + +diff --git a/src/main/java/org/xbill/DNS/OPENPGPKEYRecord.java b/src/main/java/org/xbill/DNS/OPENPGPKEYRecord.java +index 1801b8a..362a905 100644 +--- a/src/main/java/org/xbill/DNS/OPENPGPKEYRecord.java ++++ b/src/main/java/org/xbill/DNS/OPENPGPKEYRecord.java +@@ -9,8 +9,8 @@ import org.xbill.DNS.utils.base64; + * + * @author Brian Wellington + * @author Valentin Hauner +- * @see RFC 7929: DNS-Based Authentication of Named +- * Entities (DANE) Bindings for OpenPGP ++ * @see RFC 7929: DNS-Based Authentication ++ * of Named Entities (DANE) Bindings for OpenPGP + */ + public class OPENPGPKEYRecord extends Record { + private byte[] cert; +diff --git a/src/main/java/org/xbill/DNS/OPTRecord.java b/src/main/java/org/xbill/DNS/OPTRecord.java +index f026113..a8d7cae 100644 +--- a/src/main/java/org/xbill/DNS/OPTRecord.java ++++ b/src/main/java/org/xbill/DNS/OPTRecord.java +@@ -18,7 +18,8 @@ import java.util.List; + * + * @see Message + * @see Resolver +- * @see RFC 6891: Extension Mechanisms for DNS ++ * @see RFC 6891: Extension Mechanisms for ++ * DNS + * @author Brian Wellington + */ + public class OPTRecord extends Record { +diff --git a/src/main/java/org/xbill/DNS/Opcode.java b/src/main/java/org/xbill/DNS/Opcode.java +index 2445736..b3d9a0d 100644 +--- a/src/main/java/org/xbill/DNS/Opcode.java ++++ b/src/main/java/org/xbill/DNS/Opcode.java +@@ -25,7 +25,11 @@ public final class Opcode { + /** A dynamic update message */ + public static final int UPDATE = 5; + +- /** DNS Stateful Operations (DSO, RFC8490) */ ++ /** ++ * DNS Stateful Operations (DSO). ++ * ++ * @see RFC 8490 ++ */ + public static final int DSO = 6; + + private static final Mnemonic opcodes = new Mnemonic("DNS Opcode", Mnemonic.CASE_UPPER); +diff --git a/src/main/java/org/xbill/DNS/PTRRecord.java b/src/main/java/org/xbill/DNS/PTRRecord.java +index 2ecaffe..68c139d 100644 +--- a/src/main/java/org/xbill/DNS/PTRRecord.java ++++ b/src/main/java/org/xbill/DNS/PTRRecord.java +@@ -7,8 +7,8 @@ package org.xbill.DNS; + * Pointer Record - maps a domain name representing an Internet Address to a hostname. + * + * @author Brian Wellington +- * @see RFC 1035: Domain Names - Implementation and +- * Specification ++ * @see RFC 1035: Domain Names - ++ * Implementation and Specification + */ + public class PTRRecord extends SingleCompressedNameBase { + PTRRecord() {} +diff --git a/src/main/java/org/xbill/DNS/PXRecord.java b/src/main/java/org/xbill/DNS/PXRecord.java +index c81db60..135de5d 100644 +--- a/src/main/java/org/xbill/DNS/PXRecord.java ++++ b/src/main/java/org/xbill/DNS/PXRecord.java +@@ -9,8 +9,8 @@ import java.io.IOException; + * X.400 mail mapping record. + * + * @author Brian Wellington +- * @see RFC 2163: Using the Internet DNS to Distribute +- * MIXER Conformant Global Address Mapping (MCGAM) ++ * @see RFC 2163: Using the Internet DNS to ++ * Distribute MIXER Conformant Global Address Mapping (MCGAM) + */ + public class PXRecord extends Record { + private int preference; +diff --git a/src/main/java/org/xbill/DNS/RPRecord.java b/src/main/java/org/xbill/DNS/RPRecord.java +index 461306b..93c7eb5 100644 +--- a/src/main/java/org/xbill/DNS/RPRecord.java ++++ b/src/main/java/org/xbill/DNS/RPRecord.java +@@ -11,7 +11,7 @@ import java.io.IOException; + * + * @author Tom Scola (tscola@research.att.com) + * @author Brian Wellington +- * @see RFC 1183: New DNS RR Definitions ++ * @see RFC 1183: New DNS RR Definitions + */ + public class RPRecord extends Record { + private Name mailbox; +diff --git a/src/main/java/org/xbill/DNS/RRSIGRecord.java b/src/main/java/org/xbill/DNS/RRSIGRecord.java +index 701973c..a7fef0c 100644 +--- a/src/main/java/org/xbill/DNS/RRSIGRecord.java ++++ b/src/main/java/org/xbill/DNS/RRSIGRecord.java +@@ -14,8 +14,8 @@ import java.util.Date; + * @see RRset + * @see DNSSEC + * @see KEYRecord +- * @see RFC 4034: Resource Records for the DNS +- * Security Extensions ++ * @see RFC 4034: Resource Records for the ++ * DNS Security Extensions + * @author Brian Wellington + */ + public class RRSIGRecord extends SIGBase { +diff --git a/src/main/java/org/xbill/DNS/RTRecord.java b/src/main/java/org/xbill/DNS/RTRecord.java +index a66b69e..143cfec 100644 +--- a/src/main/java/org/xbill/DNS/RTRecord.java ++++ b/src/main/java/org/xbill/DNS/RTRecord.java +@@ -7,8 +7,8 @@ package org.xbill.DNS; + * Route Through Record - lists a route preference and intermediate host. + * + * @author Brian Wellington +- * @see RFC 1035: Domain Names - Implementation and +- * Specification ++ * @see RFC 1035: Domain Names - ++ * Implementation and Specification + */ + public class RTRecord extends U16NameBase { + RTRecord() {} +diff --git a/src/main/java/org/xbill/DNS/SIGRecord.java b/src/main/java/org/xbill/DNS/SIGRecord.java +index e25c2d0..9a012bd 100644 +--- a/src/main/java/org/xbill/DNS/SIGRecord.java ++++ b/src/main/java/org/xbill/DNS/SIGRecord.java +@@ -13,8 +13,8 @@ import java.util.Date; + * + * @see RRset + * @see DNSSEC +- * @see KEYRecord RFC 2535: Domain Name System +- * Security Extensions ++ * @see KEYRecord RFC 2535: Domain Name ++ * System Security Extensions + * @author Brian Wellington + */ + public class SIGRecord extends SIGBase { +diff --git a/src/main/java/org/xbill/DNS/SMIMEARecord.java b/src/main/java/org/xbill/DNS/SMIMEARecord.java +index fe3b502..d98302e 100644 +--- a/src/main/java/org/xbill/DNS/SMIMEARecord.java ++++ b/src/main/java/org/xbill/DNS/SMIMEARecord.java +@@ -6,8 +6,8 @@ package org.xbill.DNS; + /** + * S/MIME cert association + * +- * @see RFC 8162: Using Secure DNS to Associate +- * Certificates with Domain Names for S/MIME ++ * @see RFC 8162: Using Secure DNS to ++ * Associate Certificates with Domain Names for S/MIME + * @author Brian Wellington + */ + public class SMIMEARecord extends TLSARecord { +diff --git a/src/main/java/org/xbill/DNS/SOARecord.java b/src/main/java/org/xbill/DNS/SOARecord.java +index 58e97af..4eceb55 100644 +--- a/src/main/java/org/xbill/DNS/SOARecord.java ++++ b/src/main/java/org/xbill/DNS/SOARecord.java +@@ -9,8 +9,8 @@ import java.io.IOException; + * Start of Authority - describes properties of a zone. + * + * @author Brian Wellington +- * @see RFC 1035: Domain Names - Implementation and +- * Specification ++ * @see RFC 1035: Domain Names - ++ * Implementation and Specification + */ + public class SOARecord extends Record { + private Name host, admin; +diff --git a/src/main/java/org/xbill/DNS/SPFRecord.java b/src/main/java/org/xbill/DNS/SPFRecord.java +index 01a993c..074b4b0 100644 +--- a/src/main/java/org/xbill/DNS/SPFRecord.java ++++ b/src/main/java/org/xbill/DNS/SPFRecord.java +@@ -9,8 +9,8 @@ import java.util.List; + * Sender Policy Framework (discontinued in RFC 7208) + * + * @author Brian Wellington +- * @see RFC 7208: Sender Policy Framework (SPF) for +- * Authorizing Use of Domains in Email, Version 1 ++ * @see RFC 7208: Sender Policy Framework ++ * (SPF) for Authorizing Use of Domains in Email, Version 1 + */ + public class SPFRecord extends TXTBase { + SPFRecord() {} +diff --git a/src/main/java/org/xbill/DNS/SRVRecord.java b/src/main/java/org/xbill/DNS/SRVRecord.java +index be0805a..b48be11 100644 +--- a/src/main/java/org/xbill/DNS/SRVRecord.java ++++ b/src/main/java/org/xbill/DNS/SRVRecord.java +@@ -11,8 +11,8 @@ import java.io.IOException; + * (for the secure SIP protocol) and _http._tcp.example.com (if HTTP used SRV records) + * + * @author Brian Wellington +- * @see RFC 2782: A DNS RR for specifying the location +- * of services (DNS SRV) ++ * @see RFC 2782: A DNS RR for specifying ++ * the location of services (DNS SRV) + */ + public class SRVRecord extends Record { + private int priority, weight, port; +diff --git a/src/main/java/org/xbill/DNS/SSHFPRecord.java b/src/main/java/org/xbill/DNS/SSHFPRecord.java +index ccf9a81..4d7e971 100644 +--- a/src/main/java/org/xbill/DNS/SSHFPRecord.java ++++ b/src/main/java/org/xbill/DNS/SSHFPRecord.java +@@ -10,8 +10,8 @@ import org.xbill.DNS.utils.base16; + * SSH Fingerprint - stores the fingerprint of an SSH host key. + * + * @author Brian Wellington +- * @see RFC 4255: Using DNS to Securely Publish Secure +- * Shell (SSH) Key Fingerprints ++ * @see RFC 4255: Using DNS to Securely ++ * Publish Secure Shell (SSH) Key Fingerprints + */ + public class SSHFPRecord extends Record { + public static class Algorithm { +diff --git a/src/main/java/org/xbill/DNS/SVCBBase.java b/src/main/java/org/xbill/DNS/SVCBBase.java +index 695f9da..19ae05a 100644 +--- a/src/main/java/org/xbill/DNS/SVCBBase.java ++++ b/src/main/java/org/xbill/DNS/SVCBBase.java +@@ -20,9 +20,8 @@ import org.xbill.DNS.utils.base64; + /** + * Implements common functionality for SVCB and HTTPS records + * +- * @see draft-ietf-dnsop-svcb-https + * @since 3.3 ++ * @see RFC 9460 + */ + public abstract class SVCBBase extends Record { + protected int svcPriority; +diff --git a/src/main/java/org/xbill/DNS/SVCBRecord.java b/src/main/java/org/xbill/DNS/SVCBRecord.java +index bed4de0..1785e52 100644 +--- a/src/main/java/org/xbill/DNS/SVCBRecord.java ++++ b/src/main/java/org/xbill/DNS/SVCBRecord.java +@@ -6,9 +6,8 @@ import java.util.List; + /** + * Service Location and Parameter Binding Record + * +- * @see draft-ietf-dnsop-svcb-https + * @since 3.3 ++ * @see RFC 9460 + */ + public class SVCBRecord extends SVCBBase { + SVCBRecord() {} +diff --git a/src/main/java/org/xbill/DNS/TKEYRecord.java b/src/main/java/org/xbill/DNS/TKEYRecord.java +index 0664604..27b5bb1 100644 +--- a/src/main/java/org/xbill/DNS/TKEYRecord.java ++++ b/src/main/java/org/xbill/DNS/TKEYRecord.java +@@ -13,8 +13,8 @@ import org.xbill.DNS.utils.base64; + * + * @see TSIG + * @author Brian Wellington +- * @see RFC 2930: Secret Key Establishment for DNS +- * (TKEY RR) ++ * @see RFC 2930: Secret Key Establishment ++ * for DNS (TKEY RR) + */ + public class TKEYRecord extends Record { + private Name alg; +diff --git a/src/main/java/org/xbill/DNS/TLSARecord.java b/src/main/java/org/xbill/DNS/TLSARecord.java +index 1499180..46714fc 100644 +--- a/src/main/java/org/xbill/DNS/TLSARecord.java ++++ b/src/main/java/org/xbill/DNS/TLSARecord.java +@@ -10,8 +10,8 @@ import org.xbill.DNS.utils.base16; + * Transport Layer Security Authentication + * + * @author Brian Wellington +- * @see RFC 6698: The DNS-Based Authentication of +- * Named Entities (DANE) Transport Layer Security (TLS) Protocol: TLSA ++ * @see RFC 6698: The DNS-Based ++ * Authentication of Named Entities (DANE) Transport Layer Security (TLS) Protocol: TLSA + */ + public class TLSARecord extends Record { + public static class CertificateUsage { +@@ -26,10 +26,18 @@ public class TLSARecord extends Record { + public static class Selector { + private Selector() {} + +- /** Full certificate; the Certificate binary structure defined in [RFC5280] */ ++ /** ++ * Full certificate; the Certificate binary structure. ++ * ++ * @see RFC 5280 ++ */ + public static final int FULL_CERTIFICATE = 0; + +- /** SubjectPublicKeyInfo; DER-encoded binary structure defined in [RFC5280] */ ++ /** ++ * SubjectPublicKeyInfo; DER-encoded binary structure. ++ * ++ * @see RFC 5280 ++ */ + public static final int SUBJECT_PUBLIC_KEY_INFO = 1; + } + +@@ -39,10 +47,18 @@ public class TLSARecord extends Record { + /** Exact match on selected content */ + public static final int EXACT = 0; + +- /** SHA-256 hash of selected content [RFC6234] */ ++ /** ++ * SHA-256 hash of selected content. ++ * ++ * @see RFC 6234 ++ */ + public static final int SHA256 = 1; + +- /** SHA-512 hash of selected content [RFC6234] */ ++ /** ++ * SHA-512 hash of selected content. ++ * ++ * @see RFC 6234 ++ */ + public static final int SHA512 = 2; + } + +diff --git a/src/main/java/org/xbill/DNS/TSIG.java b/src/main/java/org/xbill/DNS/TSIG.java +index 29ecbea..ac62da9 100644 +--- a/src/main/java/org/xbill/DNS/TSIG.java ++++ b/src/main/java/org/xbill/DNS/TSIG.java +@@ -665,7 +665,7 @@ public class TSIG { + } + + // validate time after the signature, as per +- // https://www.rfc-editor.org/rfc/rfc8945.html#section-5.4 ++ // https://datatracker.ietf.org/doc/html/rfc8945#section-5.4 + int badtime = verifyTime(tsig); + if (badtime != Rcode.NOERROR) { + return badtime; +@@ -804,7 +804,7 @@ public class TSIG { + * Creates an instance to sign multiple message for use in a stream. + * + *

This class creates a {@link TSIGRecord} on every message to conform with RFC 8945, 5.3.1. ++ * href="https://datatracker.ietf.org/doc/html/rfc8945#section-5.3.1">RFC 8945, 5.3.1. + * + * @param key The TSIG key used to create the signature records. + * @param queryTsig The initial TSIG records, e.g. from a query to a server. +diff --git a/src/main/java/org/xbill/DNS/TSIGRecord.java b/src/main/java/org/xbill/DNS/TSIGRecord.java +index 2296994..fd00e0b 100644 +--- a/src/main/java/org/xbill/DNS/TSIGRecord.java ++++ b/src/main/java/org/xbill/DNS/TSIGRecord.java +@@ -15,7 +15,7 @@ import org.xbill.DNS.utils.base64; + * + * @see Resolver + * @see TSIG +- * @see RFC 2845: Secret Key Transaction ++ * @see RFC 2845: Secret Key Transaction + * Authentication for DNS (TSIG) + * @author Brian Wellington + */ +diff --git a/src/main/java/org/xbill/DNS/TXTRecord.java b/src/main/java/org/xbill/DNS/TXTRecord.java +index 6f338e4..221555f 100644 +--- a/src/main/java/org/xbill/DNS/TXTRecord.java ++++ b/src/main/java/org/xbill/DNS/TXTRecord.java +@@ -9,8 +9,8 @@ import java.util.List; + * Text - stores text strings + * + * @author Brian Wellington +- * @see RFC 1035: Domain Names - Implementation and +- * Specification ++ * @see RFC 1035: Domain Names - ++ * Implementation and Specification + */ + public class TXTRecord extends TXTBase { + TXTRecord() {} +diff --git a/src/main/java/org/xbill/DNS/TcpKeepaliveOption.java b/src/main/java/org/xbill/DNS/TcpKeepaliveOption.java +index ea42698..f9e279f 100644 +--- a/src/main/java/org/xbill/DNS/TcpKeepaliveOption.java ++++ b/src/main/java/org/xbill/DNS/TcpKeepaliveOption.java +@@ -7,7 +7,7 @@ import java.util.Optional; + import java.util.OptionalInt; + + /** +- * TCP Keepalive EDNS0 Option, as defined in https://tools.ietf.org/html/rfc7828 ++ * TCP Keepalive EDNS0 Option, as defined in https://datatracker.ietf.org/doc/html/rfc7828 + * + * @see OPTRecord + * @author Klaus Malorny +diff --git a/src/main/java/org/xbill/DNS/Type.java b/src/main/java/org/xbill/DNS/Type.java +index b87c38d..ebf2e41 100644 +--- a/src/main/java/org/xbill/DNS/Type.java ++++ b/src/main/java/org/xbill/DNS/Type.java +@@ -104,18 +104,18 @@ public final class Type { + public static final int NXT = 30; + + /** +- * Endpoint identifier ++ * DNS Resource Records for Nimrod Routing Architecture, Endpoint identifier. + * +- * @see DNS Resource Records for +- * Nimrod Routing Architecture ++ * @see draft-ietf-nimrod-dns + */ + public static final int EID = 31; + + /** +- * Nimrod locator ++ * DNS Resource Records for Nimrod Routing Architecture, Nimrod locator. + * +- * @see DNS Resource Records for +- * Nimrod Routing Architecture ++ * @see draft-ietf-nimrod-dns + */ + public static final int NIMLOC = 32; + +@@ -188,7 +188,8 @@ public final class Type { + /** + * Zone Status (ZS). + * +- * @see draft-reid-dnsext-zs-01 ++ * @see draft-reid-dnsext-zs-01 + */ + public static final int NINFO = 56; + +@@ -196,7 +197,7 @@ public final class Type { + * RKEY DNS Resource Record, used for encryption of NAPTR records. + * + * @see draft-reid-dnsext-rkey-00 ++ * href="https://datatracker.ietf.org/doc/html/draft-reid-dnsext-zs-01">draft-reid-dnsext-rkey-01 + */ + public static final int RKEY = 57; + +@@ -204,7 +205,7 @@ public final class Type { + * DNSSEC Trust Anchor History Service. + * + * @see draft-wijngaards-dnsop-trust-history-02 ++ * href="https://datatracker.ietf.org/doc/html/draft-wijngaards-dnsop-trust-history-02">draft-wijngaards-dnsop-trust-history-02 + */ + public static final int TALINK = 58; + +@@ -226,16 +227,14 @@ public final class Type { + /** + * Service Location and Parameter Binding + * +- * @see draft-ietf-dnsop-svcb-https ++ * @see RFC 9460 + */ + public static final int SVCB = 64; + + /** + * HTTPS Service Location and Parameter Binding + * +- * @see draft-ietf-dnsop-svcb-https ++ * @see RFC 9460 + */ + public static final int HTTPS = 65; + +diff --git a/src/main/java/org/xbill/DNS/URIRecord.java b/src/main/java/org/xbill/DNS/URIRecord.java +index c1035bb..f36e258 100644 +--- a/src/main/java/org/xbill/DNS/URIRecord.java ++++ b/src/main/java/org/xbill/DNS/URIRecord.java +@@ -10,8 +10,8 @@ import java.io.IOException; + * Uniform Resource Identifier (URI) DNS Resource Record + * + * @author Anthony Kirby +- * @see RFC 7553: The Uniform Resource Identifier +- * (URI) DNS Resource Record ++ * @see RFC 7553: The Uniform Resource ++ * Identifier (URI) DNS Resource Record + */ + public class URIRecord extends Record { + private int priority, weight; +diff --git a/src/main/java/org/xbill/DNS/WKSRecord.java b/src/main/java/org/xbill/DNS/WKSRecord.java +index dfac7d8..d726650 100644 +--- a/src/main/java/org/xbill/DNS/WKSRecord.java ++++ b/src/main/java/org/xbill/DNS/WKSRecord.java +@@ -14,14 +14,14 @@ import java.util.List; + * Well Known Services - Lists services offered by this host. + * + * @author Brian Wellington +- * @see RFC 1035: Domain Names - Implementation and +- * Specification ++ * @see RFC 1035: Domain Names - ++ * Implementation and Specification + */ + public class WKSRecord extends Record { + /** + * IP protocol identifiers. This is basically copied out of RFC 1010. + * +- * @see RFC 1010: Assigned Numbers ++ * @see RFC 1010: Assigned Numbers + */ + public static class Protocol { + +diff --git a/src/main/java/org/xbill/DNS/X25Record.java b/src/main/java/org/xbill/DNS/X25Record.java +index 80ec9c2..9b2ca5d 100644 +--- a/src/main/java/org/xbill/DNS/X25Record.java ++++ b/src/main/java/org/xbill/DNS/X25Record.java +@@ -10,7 +10,7 @@ import java.io.IOException; + * associated with a name. + * + * @author Brian Wellington +- * @see RFC 1183: New DNS RR Definitions ++ * @see RFC 1183: New DNS RR Definitions + */ + public class X25Record extends Record { + private byte[] address; +diff --git a/src/main/java/org/xbill/DNS/lookup/LookupSession.java b/src/main/java/org/xbill/DNS/lookup/LookupSession.java +index 2236b15..4abce77 100644 +--- a/src/main/java/org/xbill/DNS/lookup/LookupSession.java ++++ b/src/main/java/org/xbill/DNS/lookup/LookupSession.java +@@ -482,7 +482,7 @@ public class LookupSession { + private Message maybeAddToCache(Message message) { + for (RRset set : message.getSectionRRsets(Section.ANSWER)) { + if ((set.getType() == Type.CNAME || set.getType() == Type.DNAME) && set.size() != 1) { +- throw new InvalidZoneDataException("Multiple CNAME RRs not allowed, see RFC1034 3.6.2"); ++ throw new InvalidZoneDataException("Multiple CNAME RRs not allowed, see RFC 1034 3.6.2"); + } + } + Optional.ofNullable(caches.get(message.getQuestion().getDClass())) +diff --git a/src/main/java/org/xbill/DNS/lookup/NoSuchRRSetException.java b/src/main/java/org/xbill/DNS/lookup/NoSuchRRSetException.java +index 2002d88..cb7b6fc 100644 +--- a/src/main/java/org/xbill/DNS/lookup/NoSuchRRSetException.java ++++ b/src/main/java/org/xbill/DNS/lookup/NoSuchRRSetException.java +@@ -5,7 +5,10 @@ import org.xbill.DNS.Name; + + /** + * Thrown to indicate that records of the name and type queried does not exist, corresponding to the +- * NXRRSET return code as specified in RFC2136 Section 2.2. ++ * NXRRSET return code as specified in RFC 2136 Section 2.2. ++ * ++ * @since 3.4 ++ * @see RFC 2136 + */ + public class NoSuchRRSetException extends LookupFailedException { + public NoSuchRRSetException(Name name, int type) { +diff --git a/src/test/java/org/xbill/DNS/dnssec/ResolveExample.java b/src/test/java/org/xbill/DNS/dnssec/ResolveExample.java +index bcc7f18..f578f0a 100644 +--- a/src/test/java/org/xbill/DNS/dnssec/ResolveExample.java ++++ b/src/test/java/org/xbill/DNS/dnssec/ResolveExample.java +@@ -21,7 +21,7 @@ class ResolveExample { + static String ROOT = + ". IN DS 20326 8 2 E06D44B80B8F1D39A95C0B0D7C65D08458E880409BBC683457104237C7F8EC8D"; + +- static void main(String[] args) throws Exception { ++ public static void main(String[] args) throws Exception { + // Send two sample queries using a standard DNSJAVA resolver + SimpleResolver sr = new SimpleResolver("8.8.8.8"); + System.out.println("Standard resolver:"); +@@ -30,7 +30,7 @@ class ResolveExample { + + // Send the same queries using the validating resolver with the + // trust anchor of the root zone +- // http://data.iana.org/root-anchors/root-anchors.xml ++ // https://data.iana.org/root-anchors/root-anchors.xml + ValidatingResolver vr = new ValidatingResolver(sr); + vr.loadTrustAnchors(new ByteArrayInputStream(ROOT.getBytes("ASCII"))); + vr.loadTrustAnchors(new ByteArrayInputStream(ROOT.getBytes(StandardCharsets.US_ASCII))); +-- +2.33.0 + diff --git a/dnsjava.spec b/dnsjava.spec index 35b193e..04d4838 100644 --- a/dnsjava.spec +++ b/dnsjava.spec @@ -1,11 +1,12 @@ %global do_not_test 1 Name: dnsjava Version: 3.5.3 -Release: 1 +Release: 2 Summary: Java DNS implementation License: BSD and MIT URL: http://www.dnsjava.org/ Source0: https://github.com/dnsjava/dnsjava/archive/v%{version}/%{name}-%{version}.tar.gz +Patch0: backport-CVE-2024-25638.patch BuildRequires: aqute-bnd javapackages-local BuildRequires: maven-local BuildRequires: mvn(org.apache.felix:maven-bundle-plugin) @@ -43,6 +44,7 @@ Javadoc for %{name}. rm -rf doc/ find -name "*.class" -print -delete find -name "*.jar" -print -delete +%patch0 -p1 -b .CVE-2024-25638 iconv -f iso8859-1 -t utf8 Changelog > Changelog.tmp touch -r Changelog Changelog.tmp mv -f Changelog.tmp Changelog @@ -72,6 +74,9 @@ cp -rf target/xmvn-apidocs/* %{buildroot}%{_javadocdir}/%{name} %license LICENSE %changelog +* Tue Jul 23 2024 zhangxianting - 3.5.3-2 +- Fix CVE-2024-25638 + * Tue Feb 20 2024 Ge Wang - 3.5.3-1 - Update to 3.5.3 -- Gitee