Update deps

vendor/github.com/jedisct1/go-dnsstamps/dnsstamps.go

@@ -104,32 +104,50 @@ func newDNSCryptServerStamp(bin []byte) (ServerStamp, error) {
 	binLen := len(bin)
 	pos := 9
 
-	len := int(bin[pos])
-	if 1+len >= binLen-pos {
+	length := int(bin[pos])
+	if 1+length >= binLen-pos {
 		return stamp, errors.New("Invalid stamp")
 	}
 	pos++
-	stamp.ServerAddrStr = string(bin[pos : pos+len])
-	pos += len
-	if net.ParseIP(strings.TrimRight(strings.TrimLeft(stamp.ServerAddrStr, "["), "]")) != nil {
+	stamp.ServerAddrStr = string(bin[pos : pos+length])
+	pos += length
+
+	colIndex := strings.LastIndex(stamp.ServerAddrStr, ":")
+	bracketIndex := strings.LastIndex(stamp.ServerAddrStr, "]")
+	if colIndex < bracketIndex {
+		colIndex = -1
+	}
+	if colIndex < 0 {
+		colIndex = len(stamp.ServerAddrStr)
 		stamp.ServerAddrStr = fmt.Sprintf("%s:%d", stamp.ServerAddrStr, DefaultPort)
 	}
+	if colIndex >= len(stamp.ServerAddrStr)-1 {
+		return stamp, errors.New("Invalid stamp (empty port)")
+	}
+	ipOnly := stamp.ServerAddrStr[:colIndex]
+	portOnly := stamp.ServerAddrStr[colIndex+1:]
+	if _, err := strconv.ParseUint(portOnly, 10, 16); err != nil {
+		return stamp, errors.New("Invalid stamp (port range)")
+	}
+	if net.ParseIP(strings.TrimRight(strings.TrimLeft(ipOnly, "["), "]")) == nil {
+		return stamp, errors.New("Invalid stamp (IP address)")
+	}
 
-	len = int(bin[pos])
-	if 1+len >= binLen-pos {
+	length = int(bin[pos])
+	if 1+length >= binLen-pos {
 		return stamp, errors.New("Invalid stamp")
 	}
 	pos++
-	stamp.ServerPk = bin[pos : pos+len]
-	pos += len
+	stamp.ServerPk = bin[pos : pos+length]
+	pos += length
 
-	len = int(bin[pos])
-	if len >= binLen-pos {
+	length = int(bin[pos])
+	if length >= binLen-pos {
 		return stamp, errors.New("Invalid stamp")
 	}
 	pos++
-	stamp.ProviderName = string(bin[pos : pos+len])
-	pos += len
+	stamp.ProviderName = string(bin[pos : pos+length])
+	pos += length
 
 	if pos != binLen {
 		return stamp, errors.New("Invalid stamp (garbage after end)")
@@ -148,52 +166,71 @@ func newDoHServerStamp(bin []byte) (ServerStamp, error) {
 	binLen := len(bin)
 	pos := 9
 
-	len := int(bin[pos])
-	if 1+len >= binLen-pos {
+	length := int(bin[pos])
+	if 1+length >= binLen-pos {
 		return stamp, errors.New("Invalid stamp")
 	}
 	pos++
-	stamp.ServerAddrStr = string(bin[pos : pos+len])
-	pos += len
+	stamp.ServerAddrStr = string(bin[pos : pos+length])
+	pos += length
 
 	for {
 		vlen := int(bin[pos])
-		len = vlen & ^0x80
-		if 1+len >= binLen-pos {
+		length = vlen & ^0x80
+		if 1+length >= binLen-pos {
 			return stamp, errors.New("Invalid stamp")
 		}
 		pos++
-		if len > 0 {
-			stamp.Hashes = append(stamp.Hashes, bin[pos:pos+len])
+		if length > 0 {
+			stamp.Hashes = append(stamp.Hashes, bin[pos:pos+length])
 		}
-		pos += len
+		pos += length
 		if vlen&0x80 != 0x80 {
 			break
 		}
 	}
 
-	len = int(bin[pos])
-	if 1+len >= binLen-pos {
+	length = int(bin[pos])
+	if 1+length >= binLen-pos {
 		return stamp, errors.New("Invalid stamp")
 	}
 	pos++
-	stamp.ProviderName = string(bin[pos : pos+len])
-	pos += len
+	stamp.ProviderName = string(bin[pos : pos+length])
+	pos += length
 
-	len = int(bin[pos])
-	if len >= binLen-pos {
+	length = int(bin[pos])
+	if length >= binLen-pos {
 		return stamp, errors.New("Invalid stamp")
 	}
 	pos++
-	stamp.Path = string(bin[pos : pos+len])
-	pos += len
+	stamp.Path = string(bin[pos : pos+length])
+	pos += length
 
 	if pos != binLen {
 		return stamp, errors.New("Invalid stamp (garbage after end)")
 	}
 
-	if net.ParseIP(strings.TrimRight(strings.TrimLeft(stamp.ServerAddrStr, "["), "]")) != nil {
-		stamp.ServerAddrStr = fmt.Sprintf("%s:%d", stamp.ServerAddrStr, DefaultPort)
+	if len(stamp.ServerAddrStr) > 0 {
+		colIndex := strings.LastIndex(stamp.ServerAddrStr, ":")
+		bracketIndex := strings.LastIndex(stamp.ServerAddrStr, "]")
+		if colIndex < bracketIndex {
+			colIndex = -1
+		}
+		if colIndex < 0 {
+			colIndex = len(stamp.ServerAddrStr)
+			stamp.ServerAddrStr = fmt.Sprintf("%s:%d", stamp.ServerAddrStr, DefaultPort)
+		}
+		if colIndex >= len(stamp.ServerAddrStr)-1 {
+			return stamp, errors.New("Invalid stamp (empty port)")
+		}
+		ipOnly := stamp.ServerAddrStr[:colIndex]
+		portOnly := stamp.ServerAddrStr[colIndex+1:]
+		if _, err := strconv.ParseUint(portOnly, 10, 16); err != nil {
+			return stamp, errors.New("Invalid stamp (port range)")
+		}
+		if net.ParseIP(strings.TrimRight(strings.TrimLeft(ipOnly, "["), "]")) == nil {
+			return stamp, errors.New("Invalid stamp (IP address)")
+		}
 	}
 
 	return stamp, nil

vendor/github.com/jedisct1/xsecretbox/.travis.yml

@@ -1,4 +1,4 @@
 sudo: false
 language: go
 go:
-- 1.10.2
+- 1.x

vendor/github.com/miekg/dns/acceptfunc.go

@@ -19,9 +19,10 @@ var DefaultMsgAcceptFunc MsgAcceptFunc = defaultMsgAcceptFunc
 type MsgAcceptAction int
 
 const (
-	MsgAccept MsgAcceptAction = iota // Accept the message
-	MsgReject                        // Reject the message with a RcodeFormatError
-	MsgIgnore                        // Ignore the error and send nothing back.
+	MsgAccept         MsgAcceptAction = iota // Accept the message
+	MsgReject                                // Reject the message with a RcodeFormatError
+	MsgIgnore                                // Ignore the error and send nothing back.
+	MsgRejectNotImplemented                        // Reject the message with a RcodeNotImplemented
 )
 
 func defaultMsgAcceptFunc(dh Header) MsgAcceptAction {
@@ -32,7 +33,7 @@ func defaultMsgAcceptFunc(dh Header) MsgAcceptAction {
 	// Don't allow dynamic updates, because then the sections can contain a whole bunch of RRs.
 	opcode := int(dh.Bits>>11) & 0xF
 	if opcode != OpcodeQuery && opcode != OpcodeNotify {
-		return MsgReject
+		return MsgRejectNotImplemented
 	}
 
 	if dh.Qdcount != 1 {

vendor/github.com/miekg/dns/msg_truncate.go

@@ -8,8 +8,13 @@ package dns
 // record adding as many records as possible without exceeding the
 // requested buffer size.
 //
-// The TC bit will be set if any answer records were excluded from the
-// message. This indicates to that the client should retry over TCP.
+// The TC bit will be set if any records were excluded from the message.
+// This indicates to that the client should retry over TCP.
+//
+// According to RFC 2181, the TC bit should only be set if not all of the
+// "required" RRs can be included in the response. Unfortunately, we have
+// no way of knowing which RRs are required so we set the TC bit if any RR
+// had to be omitted from the response.
 //
 // The appropriate buffer size can be retrieved from the requests OPT
 // record, if present, and is transport specific otherwise. dns.MinMsgSize
@@ -71,9 +76,9 @@ func (dns *Msg) Truncate(size int) {
 		l, numExtra = truncateLoop(dns.Extra, size, l, compression)
 	}
 
-	// According to RFC 2181, the TC bit should only be set if not all
-	// of the answer RRs can be included in the response.
-	dns.Truncated = len(dns.Answer) > numAnswer
+	// See the function documentation for when we set this.
+	dns.Truncated = len(dns.Answer) > numAnswer ||
+		len(dns.Ns) > numNS || len(dns.Extra) > numExtra
 
 	dns.Answer = dns.Answer[:numAnswer]
 	dns.Ns = dns.Ns[:numNS]

vendor/github.com/miekg/dns/server.go

@@ -560,18 +560,24 @@ func (srv *Server) serveDNS(m []byte, w *response) {
 	req := new(Msg)
 	req.setHdr(dh)
 
-	switch srv.MsgAcceptFunc(dh) {
+	switch action := srv.MsgAcceptFunc(dh); action {
 	case MsgAccept:
 		if req.unpack(dh, m, off) == nil {
 			break
 		}
 
 		fallthrough
-	case MsgReject:
+	case MsgReject, MsgRejectNotImplemented:
+		opcode := req.Opcode
 		req.SetRcodeFormatError(req)
+		req.Zero = false
+		if action == MsgRejectNotImplemented {
+			req.Opcode = opcode
+			req.Rcode = RcodeNotImplemented
+		}
+
 		// Are we allowed to delete any OPT records here?
 		req.Ns, req.Answer, req.Extra = nil, nil, nil
-		req.Zero = false
 
 		w.WriteMsg(req)
 		fallthrough

vendor/github.com/miekg/dns/version.go

@@ -3,7 +3,7 @@ package dns
 import "fmt"
 
 // Version is current version of this library.
-var Version = V{1, 1, 14}
+var Version = V{1, 1, 15}
 
 // V holds the version of this library.
 type V struct {