Update deps

vendor/github.com/jedisct1/go-dnsstamps/dnsstamps.go

@@ -11,7 +11,11 @@ import (
 	"strings"
 )
 
-const DefaultPort = 443
+const (
+	DefaultPort    = 443
+	DefaultDNSPort = 53
+	StampScheme    = "sdns://"
+)
 
 type ServerInformalProperties uint64
 
@@ -97,7 +101,10 @@ func NewServerStampFromString(stampStr string) (ServerStamp, error) {
 	if len(bin) < 1 {
 		return ServerStamp{}, errors.New("Stamp is too short")
 	}
-	if bin[0] == uint8(StampProtoTypeDNSCrypt) {
+
+	if bin[0] == uint8(StampProtoTypePlain) {
+		return newPlainDNSServerStamp(bin)
+	} else if bin[0] == uint8(StampProtoTypeDNSCrypt) {
 		return newDNSCryptServerStamp(bin)
 	} else if bin[0] == uint8(StampProtoTypeDoH) {
 		return newDoHServerStamp(bin)
@@ -112,7 +119,7 @@ func NewServerStampFromString(stampStr string) (ServerStamp, error) {
 }
 
 func NewRelayAndServerStampFromString(stampStr string) (ServerStamp, ServerStamp, error) {
-	if !strings.HasPrefix(stampStr, "sdns://") {
+	if !strings.HasPrefix(stampStr, StampScheme) {
 		return ServerStamp{}, ServerStamp{}, errors.New("Stamps are expected to start with \"sdns://\"")
 	}
 	stampStr = stampStr[7:]
@@ -120,11 +127,11 @@ func NewRelayAndServerStampFromString(stampStr string) (ServerStamp, ServerStamp
 	if len(parts) != 2 {
 		return ServerStamp{}, ServerStamp{}, errors.New("This is not a relay+server stamp")
 	}
-	relayStamp, err := NewServerStampFromString("sdns://" + parts[0])
+	relayStamp, err := NewServerStampFromString(StampScheme + parts[0])
 	if err != nil {
 		return ServerStamp{}, ServerStamp{}, err
 	}
-	serverStamp, err := NewServerStampFromString("sdns://" + parts[1])
+	serverStamp, err := NewServerStampFromString(StampScheme + parts[1])
 	if err != nil {
 		return ServerStamp{}, ServerStamp{}, err
 	}
@@ -137,6 +144,49 @@ func NewRelayAndServerStampFromString(stampStr string) (ServerStamp, ServerStamp
 	return relayStamp, serverStamp, nil
 }
 
+// id(u8)=0x00 props 0x00 addrLen(1) serverAddr
+func newPlainDNSServerStamp(bin []byte) (ServerStamp, error) {
+	stamp := ServerStamp{Proto: StampProtoTypePlain}
+	if len(bin) < 1+8+1+1 {
+		return stamp, errors.New("Stamp is too short")
+	}
+	stamp.Props = ServerInformalProperties(binary.LittleEndian.Uint64(bin[1:9]))
+	binLen := len(bin)
+	pos := 9
+
+	length := int(bin[pos])
+	if 1+length > binLen-pos {
+		return stamp, errors.New("Invalid stamp")
+	}
+	pos++
+	stamp.ServerAddrStr = string(bin[pos : pos+length])
+	pos += length
+
+	colIndex := strings.LastIndex(stamp.ServerAddrStr, ":")
+	bracketIndex := strings.LastIndex(stamp.ServerAddrStr, "]")
+	if colIndex < bracketIndex {
+		colIndex = -1
+	}
+	if colIndex < 0 {
+		colIndex = len(stamp.ServerAddrStr) // DefaultDNSPort
+		stamp.ServerAddrStr = fmt.Sprintf("%s:%d", stamp.ServerAddrStr, DefaultDNSPort)
+	}
+	if colIndex >= len(stamp.ServerAddrStr)-1 {
+		return stamp, errors.New("Invalid stamp (empty port)")
+	}
+	ipOnly := stamp.ServerAddrStr[:colIndex]
+	if err := validatePort(stamp.ServerAddrStr[colIndex+1:]); err != nil {
+		return stamp, errors.New("Invalid stamp (port range)")
+	}
+	if net.ParseIP(strings.TrimRight(strings.TrimLeft(ipOnly, "["), "]")) == nil {
+		return stamp, errors.New("Invalid stamp (IP address)")
+	}
+	if pos != binLen {
+		return stamp, errors.New("Invalid stamp (garbage after end)")
+	}
+	return stamp, nil
+}
+
 // id(u8)=0x01 props addrLen(1) serverAddr pkStrlen(1) pkStr providerNameLen(1) providerName
 
 func newDNSCryptServerStamp(bin []byte) (ServerStamp, error) {
@@ -169,8 +219,7 @@ func newDNSCryptServerStamp(bin []byte) (ServerStamp, error) {
 		return stamp, errors.New("Invalid stamp (empty port)")
 	}
 	ipOnly := stamp.ServerAddrStr[:colIndex]
-	portOnly := stamp.ServerAddrStr[colIndex+1:]
-	if _, err := strconv.ParseUint(portOnly, 10, 16); err != nil {
+	if err := validatePort(stamp.ServerAddrStr[colIndex+1:]); err != nil {
 		return stamp, errors.New("Invalid stamp (port range)")
 	}
 	if net.ParseIP(strings.TrimRight(strings.TrimLeft(ipOnly, "["), "]")) == nil {
@@ -268,8 +317,7 @@ func newDoHServerStamp(bin []byte) (ServerStamp, error) {
 			return stamp, errors.New("Invalid stamp (empty port)")
 		}
 		ipOnly := stamp.ServerAddrStr[:colIndex]
-		portOnly := stamp.ServerAddrStr[colIndex+1:]
-		if _, err := strconv.ParseUint(portOnly, 10, 16); err != nil {
+		if err := validatePort(stamp.ServerAddrStr[colIndex+1:]); err != nil {
 			return stamp, errors.New("Invalid stamp (port range)")
 		}
 		if net.ParseIP(strings.TrimRight(strings.TrimLeft(ipOnly, "["), "]")) == nil {
@@ -344,8 +392,7 @@ func newDNSCryptRelayStamp(bin []byte) (ServerStamp, error) {
 		return stamp, errors.New("Invalid stamp (empty port)")
 	}
 	ipOnly := stamp.ServerAddrStr[:colIndex]
-	portOnly := stamp.ServerAddrStr[colIndex+1:]
-	if _, err := strconv.ParseUint(portOnly, 10, 16); err != nil {
+	if err := validatePort(stamp.ServerAddrStr[colIndex+1:]); err != nil {
 		return stamp, errors.New("Invalid stamp (port range)")
 	}
 	if net.ParseIP(strings.TrimRight(strings.TrimLeft(ipOnly, "["), "]")) == nil {
@@ -426,8 +473,7 @@ func newODoHRelayStamp(bin []byte) (ServerStamp, error) {
 			return stamp, errors.New("Invalid stamp (empty port)")
 		}
 		ipOnly := stamp.ServerAddrStr[:colIndex]
-		portOnly := stamp.ServerAddrStr[colIndex+1:]
-		if _, err := strconv.ParseUint(portOnly, 10, 16); err != nil {
+		if err := validatePort(stamp.ServerAddrStr[colIndex+1:]); err != nil {
 			return stamp, errors.New("Invalid stamp (port range)")
 		}
 		if net.ParseIP(strings.TrimRight(strings.TrimLeft(ipOnly, "["), "]")) == nil {
@@ -438,8 +484,17 @@ func newODoHRelayStamp(bin []byte) (ServerStamp, error) {
 	return stamp, nil
 }
 
+func validatePort(port string) error {
+	if _, err := strconv.ParseUint(port, 10, 16); err != nil {
+		return errors.New("Invalid port")
+	}
+	return nil
+}
+
 func (stamp *ServerStamp) String() string {
-	if stamp.Proto == StampProtoTypeDNSCrypt {
+	if stamp.Proto == StampProtoTypePlain {
+		return stamp.plainStrng()
+	} else if stamp.Proto == StampProtoTypeDNSCrypt {
 		return stamp.dnsCryptString()
 	} else if stamp.Proto == StampProtoTypeDoH {
 		return stamp.dohString()
@@ -453,6 +508,22 @@ func (stamp *ServerStamp) String() string {
 	panic("Unsupported protocol")
 }
 
+func (stamp *ServerStamp) plainStrng() string {
+	bin := make([]uint8, 9)
+	bin[0] = uint8(StampProtoTypePlain)
+	binary.LittleEndian.PutUint64(bin[1:9], uint64(stamp.Props))
+
+	serverAddrStr := stamp.ServerAddrStr
+	if strings.HasSuffix(serverAddrStr, ":"+strconv.Itoa(DefaultDNSPort)) {
+		serverAddrStr = serverAddrStr[:len(serverAddrStr)-1-len(strconv.Itoa(DefaultDNSPort))]
+	}
+	bin = append(bin, uint8(len(serverAddrStr)))
+	bin = append(bin, []uint8(serverAddrStr)...)
+	str := base64.RawURLEncoding.EncodeToString(bin)
+
+	return StampScheme + str
+}
+
 func (stamp *ServerStamp) dnsCryptString() string {
 	bin := make([]uint8, 9)
 	bin[0] = uint8(StampProtoTypeDNSCrypt)
@@ -473,7 +544,7 @@ func (stamp *ServerStamp) dnsCryptString() string {
 
 	str := base64.RawURLEncoding.EncodeToString(bin)
 
-	return "sdns://" + str
+	return StampScheme + str
 }
 
 func (stamp *ServerStamp) dohString() string {
@@ -510,7 +581,7 @@ func (stamp *ServerStamp) dohString() string {
 
 	str := base64.RawURLEncoding.EncodeToString(bin)
 
-	return "sdns://" + str
+	return StampScheme + str
 }
 
 func (stamp *ServerStamp) oDohTargetString() string {
@@ -526,7 +597,7 @@ func (stamp *ServerStamp) oDohTargetString() string {
 
 	str := base64.RawURLEncoding.EncodeToString(bin)
 
-	return "sdns://" + str
+	return StampScheme + str
 }
 
 func (stamp *ServerStamp) dnsCryptRelayString() string {
@@ -542,7 +613,7 @@ func (stamp *ServerStamp) dnsCryptRelayString() string {
 
 	str := base64.RawURLEncoding.EncodeToString(bin)
 
-	return "sdns://" + str
+	return StampScheme + str
 }
 
 func (stamp *ServerStamp) oDohRelayString() string {
@@ -579,5 +650,5 @@ func (stamp *ServerStamp) oDohRelayString() string {
 
 	str := base64.RawURLEncoding.EncodeToString(bin)
 
-	return "sdns://" + str
+	return StampScheme + str
 }

vendor/github.com/miekg/dns/README.md

@@ -83,6 +83,8 @@ A not-so-up-to-date-list-that-may-be-actually-current:
 * https://github.com/egbakou/domainverifier
 * https://github.com/semihalev/sdns
 * https://github.com/wintbiit/NineDNS
+* https://linuxcontainers.org/incus/
+* https://ifconfig.es
 
 
 Send pull request if you want to be listed here.

vendor/github.com/miekg/dns/defaults.go

@@ -198,10 +198,12 @@ func IsDomainName(s string) (labels int, ok bool) {
 		off    int
 		begin  int
 		wasDot bool
+		escape bool
 	)
 	for i := 0; i < len(s); i++ {
 		switch s[i] {
 		case '\\':
+			escape = !escape
 			if off+1 > lenmsg {
 				return labels, false
 			}
@@ -217,6 +219,7 @@ func IsDomainName(s string) (labels int, ok bool) {
 
 			wasDot = false
 		case '.':
+			escape = false
 			if i == 0 && len(s) > 1 {
 				// leading dots are not legal except for the root zone
 				return labels, false
@@ -243,10 +246,13 @@ func IsDomainName(s string) (labels int, ok bool) {
 			labels++
 			begin = i + 1
 		default:
+			escape = false
 			wasDot = false
 		}
 	}
-
+	if escape {
+		return labels, false
+	}
 	return labels, true
 }
 

vendor/github.com/miekg/dns/msg.go

@@ -714,7 +714,7 @@ func (h *MsgHdr) String() string {
 	return s
 }
 
-// Pack packs a Msg: it is converted to to wire format.
+// Pack packs a Msg: it is converted to wire format.
 // If the dns.Compress is true the message will be in compressed wire format.
 func (dns *Msg) Pack() (msg []byte, err error) {
 	return dns.PackBuffer(nil)

vendor/github.com/miekg/dns/scan.go

@@ -101,12 +101,13 @@ type ttlState struct {
 	isByDirective bool   // isByDirective indicates whether ttl was set by a $TTL directive
 }
 
-// NewRR reads the RR contained in the string s. Only the first RR is returned.
+// NewRR reads a string s and returns the first RR.
 // If s contains no records, NewRR will return nil with no error.
 //
-// The class defaults to IN and TTL defaults to 3600. The full zone file syntax
-// like $TTL, $ORIGIN, etc. is supported. All fields of the returned RR are
-// set, except RR.Header().Rdlength which is set to 0.
+// The class defaults to IN, TTL defaults to 3600, and
+// origin for resolving relative domain names defaults to the DNS root (.).
+// Full zone file syntax is supported, including directives like $TTL and $ORIGIN.
+// All fields of the returned RR are set from the read data, except RR.Header().Rdlength which is set to 0.
 func NewRR(s string) (RR, error) {
 	if len(s) > 0 && s[len(s)-1] != '\n' { // We need a closing newline
 		return ReadRR(strings.NewReader(s+"\n"), "")
@@ -1282,7 +1283,7 @@ func stringToCm(token string) (e, m uint8, ok bool) {
 			cmeters *= 10
 		}
 	}
-	// This slighly ugly condition will allow omitting the 'meter' part, like .01 (meaning 0.01m = 1cm).
+	// This slightly ugly condition will allow omitting the 'meter' part, like .01 (meaning 0.01m = 1cm).
 	if !hasCM || mStr != "" {
 		meters, err = strconv.Atoi(mStr)
 		// RFC1876 states the max value is 90000000.00.  The latter two conditions enforce it.

vendor/github.com/miekg/dns/scan_rr.go

@@ -51,25 +51,21 @@ func endingToTxtSlice(c *zlexer, errstr string) ([]string, *ParseError) {
 		switch l.value {
 		case zString:
 			empty = false
-			if len(l.token) > 255 {
-				// split up tokens that are larger than 255 into 255-chunks
-				sx := []string{}
-				p, i := 0, 255
-				for {
-					if i <= len(l.token) {
-						sx = append(sx, l.token[p:i])
-					} else {
-						sx = append(sx, l.token[p:])
-						break
+			// split up tokens that are larger than 255 into 255-chunks
+			sx := []string{}
+			p := 0
+			for {
+				i := escapedStringOffset(l.token[p:], 255)
+				if i != -1 && p+i != len(l.token) {
+					sx = append(sx, l.token[p:p+i])
+				} else {
+					sx = append(sx, l.token[p:])
+					break
 
-					}
-					p, i = p+255, i+255
 				}
-				s = append(s, sx...)
-				break
+				p += i
 			}
-
-			s = append(s, l.token)
+			s = append(s, sx...)
 		case zBlank:
 			if quote {
 				// zBlank can only be seen in between txt parts.
@@ -1920,3 +1916,32 @@ func (rr *APL) parse(c *zlexer, o string) *ParseError {
 	rr.Prefixes = prefixes
 	return nil
 }
+
+// escapedStringOffset finds the offset within a string (which may contain escape
+// sequences) that corresponds to a certain byte offset. If the input offset is
+// out of bounds, -1 is returned.
+func escapedStringOffset(s string, byteOffset int) int {
+	if byteOffset == 0 {
+		return 0
+	}
+
+	offset := 0
+	for i := 0; i < len(s); i++ {
+		offset += 1
+
+		// Skip escape sequences
+		if s[i] != '\\' {
+			// Not an escape sequence; nothing to do.
+		} else if isDDD(s[i+1:]) {
+			i += 3
+		} else {
+			i++
+		}
+
+		if offset >= byteOffset {
+			return i + 1
+		}
+	}
+
+	return -1
+}

vendor/github.com/miekg/dns/xfr.go

@@ -1,6 +1,7 @@
 package dns
 
 import (
+	"crypto/tls"
 	"fmt"
 	"time"
 )
@@ -20,6 +21,7 @@ type Transfer struct {
 	TsigProvider   TsigProvider      // An implementation of the TsigProvider interface. If defined it replaces TsigSecret and is used for all TSIG operations.
 	TsigSecret     map[string]string // Secret(s) for Tsig map[<zonename>]<base64 secret>, zonename must be in canonical form (lowercase, fqdn, see RFC 4034 Section 6.2)
 	tsigTimersOnly bool
+	TLS            *tls.Config // TLS config. If Xfr over TLS will be attempted
 }
 
 func (t *Transfer) tsigProvider() TsigProvider {
@@ -57,7 +59,11 @@ func (t *Transfer) In(q *Msg, a string) (env chan *Envelope, err error) {
 	}
 
 	if t.Conn == nil {
-		t.Conn, err = DialTimeout("tcp", a, timeout)
+		if t.TLS != nil {
+			t.Conn, err = DialTimeoutWithTLS("tcp-tls", a, t.TLS, timeout)
+		} else {
+			t.Conn, err = DialTimeout("tcp", a, timeout)
+		}
 		if err != nil {
 			return nil, err
 		}
@@ -182,7 +188,7 @@ func (t *Transfer) inIxfr(q *Msg, c chan *Envelope) {
 			if v, ok := rr.(*SOA); ok {
 				if v.Serial == serial {
 					n++
-					// quit if it's a full axfr or the the servers' SOA is repeated the third time
+					// quit if it's a full axfr or the servers' SOA is repeated the third time
 					if axfr && n == 2 || n == 3 {
 						c <- &Envelope{in.Answer, nil}
 						return