From nobody Fri May 22 17:24:16 2026
X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4gMXFX4fjjz6fH5j
	for <dev-commits-src-all@mlmmj.nyi.freebsd.org>; Fri, 22 May 2026 17:24:16 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R13" (not verified))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4gMXFX340Fz43k0
	for <dev-commits-src-all@FreeBSD.org>; Fri, 22 May 2026 17:24:16 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1779470656;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=Lze1XRpgxBkk2M0c5v4N2HzAUZc+zGhRiUOgN0ALjGI=;
	b=G7k0bfG2pgGdEJM9sOjQvRp2YsqG1NirgRIzTvhxj+sv7pqEFLg+by9SNKFa/AcBxYN/St
	Lf8mQ5j7eJaqAuBIpFmxc47uMqmtGqfuX3RqkzsjeIxUYjpBpiURdt5bg1iMSFI20joWca
	RpRH3s9EzRf8/kBkhzppU67NIIss7pE90lox1DkXUM6cUiMIjV/ZTgLK0xprcISBNiw6iW
	RrEiUbaLKtKJ65VZH2H1dy9m3cI1KYRQzxw8x1gILOoVYQeEM97Jsbp+C7657y4CoTO1/i
	YH0Oyhoznwe5CJE5zOUQaaLbNADkovbyzJVtSxAc/eVYqAXv3Fl7lMmuTnELdg==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1779470656; a=rsa-sha256; cv=none;
	b=H3k6LRLpBmQCJjy+aKcoPH1OYXcT49wvp0cM7/mbwveTiIADNIBaGmJ1U6Xnf8GMXMJ8D5
	RomK8h+SWPtkzpBCIqS2CWEqoxGILfjLnJsPHqfRDMB0ykeNmEGgiXGyQAhGGo7/AO08Lc
	xUK6PG14E8qbxS2bASswg+Ne06Lre9+bnJGJCvTGJRidetVw0u4swBF3mV5EDLnUnbqGVw
	N4duFz74BHqLuKVoxk0i07rQ91uPXDa3EANR1/tKhxWDsWua3ap8N71s24o7fj/oOxsn5m
	PFEHUIaKnMcvE9Q1mAMoSXeG7n//tiXIgdoHUknfnbq9mh/O509JheT7lXV1xg==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1779470656;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=Lze1XRpgxBkk2M0c5v4N2HzAUZc+zGhRiUOgN0ALjGI=;
	b=Y0T7QjIbtP86ZD+ok1eQRfGeznp4nt4rJJoAszZdIV0zh+XfRcjSWptvGVtsH4/4TFwtEC
	U66MG7Mp6QRQiLdHzcYQ0EYeVl8NbC9LmmD7RbWVFXbDzYaSK+s3CCTjCc/i2pCbUlh6x+
	6g6ss06+ivVdQsk9RgGeYTMwJGUQKN2IIWfPcbwgFfyJ7CCgO5gC3X5Z4zyKWGv+PVNaXR
	7JNWp9eM5Tg9ulkWgri9Y28BRFS/JNCfrwv8BBMUQengXCzMFT/JbGyRKJxRsJLm1WQZ+P
	HqIj5YSFu5OWIJ0sbpUQ9EH0znDHKi3Ohwwju7CtVvvRs0F+2UF4WEYjmQM6/w==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTP id 4gMXFX2YZHzVXq
	for <dev-commits-src-all@FreeBSD.org>; Fri, 22 May 2026 17:24:16 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from git (uid 1279)
	(envelope-from git@FreeBSD.org)
	id 36498
	by gitrepo.freebsd.org (DragonFly Mail Agent v0.13+ on gitrepo.freebsd.org);
	Fri, 22 May 2026 17:24:16 +0000
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org
From: Dag-Erling=?utf-8?Q? Sm=C3=B8rg?=rav <des@FreeBSD.org>
Subject: git: 597a090ff2ab - main - import ldns 1.9.0
List-Id: Commit messages for all branches of the src repository <dev-commits-src-all.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all
List-Help: <mailto:dev-commits-src-all+help@freebsd.org>
List-Post: <mailto:dev-commits-src-all@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-all+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-all+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-all@freebsd.org
Sender: owner-dev-commits-src-all@FreeBSD.org
List-Id: <dev-commits-src-all.FreeBSD.org>
List-Post: <mailto:dev-commits-src-all@FreeBSD.org>
List-Help: <mailto:dev-commits-src-all+help@FreeBSD.org>
List-Subscribe: <mailto:dev-commits-src-all+subscribe@FreeBSD.org>
List-Unsubscribe: <mailto:dev-commits-src-all+unsubscribe@FreeBSD.org>
List-Owner: <mailto:postmaster@FreeBSD.org>
Precedence: list
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: des
X-Git-Repository: src
X-Git-Refname: refs/heads/main
X-Git-Reftype: branch
X-Git-Commit: 597a090ff2ab868242e4ec1cdec7469edbe41c50
Auto-Submitted: auto-generated
Date: Fri, 22 May 2026 17:24:16 +0000
Message-Id: <6a109140.36498.2f2397b6@gitrepo.freebsd.org>

The branch main has been updated by des:

URL: https://cgit.FreeBSD.org/src/commit/?id=597a090ff2ab868242e4ec1cdec7469edbe41c50

commit 597a090ff2ab868242e4ec1cdec7469edbe41c50
Author:     Dag-Erling Smørgrav <des@FreeBSD.org>
AuthorDate: 2026-05-22 13:37:52 +0000
Commit:     Dag-Erling Smørgrav <des@FreeBSD.org>
CommitDate: 2026-05-22 17:23:59 +0000

    import ldns 1.9.0
    
    MFC after:      1 week
    Reviewed by:    emaste
    Differential Revision:  https://reviews.freebsd.org/D57170
---
 contrib/ldns/Changelog           |  46 +++
 contrib/ldns/Makefile.in         |  58 +--
 contrib/ldns/README              |  19 +-
 contrib/ldns/config.guess        |  26 +-
 contrib/ldns/config.sub          | 749 +++++++++++++++++++++++++++++----------
 contrib/ldns/configure           |  94 ++++-
 contrib/ldns/configure.ac        |  41 ++-
 contrib/ldns/dnssec.c            |   4 +-
 contrib/ldns/dnssec_zone.c       |  50 ++-
 contrib/ldns/drill/drill.c       |   2 +-
 contrib/ldns/drill/securetrace.c |   7 +-
 contrib/ldns/error.c             |   2 +
 contrib/ldns/host2str.c          |  60 ++++
 contrib/ldns/host2wire.c         |   2 +-
 contrib/ldns/keys.c              |   2 +
 contrib/ldns/ldns/config.h.in    |  11 +-
 contrib/ldns/ldns/dnssec_zone.h  |  14 +-
 contrib/ldns/ldns/edns.h         |   6 +-
 contrib/ldns/ldns/error.h        |   3 +-
 contrib/ldns/ldns/host2str.h     |  18 +
 contrib/ldns/ldns/packet.h       |  13 +
 contrib/ldns/ldns/rdata.h        |  10 +-
 contrib/ldns/ldns/rr.h           |  20 +-
 contrib/ldns/ldns/str2host.h     |  10 +
 contrib/ldns/ldns/util.h.in      |  22 ++
 contrib/ldns/net.c               |   2 +
 contrib/ldns/packet.c            |  23 +-
 contrib/ldns/rdata.c             |   6 +
 contrib/ldns/resolver.c          |  18 +-
 contrib/ldns/rr.c                | 129 ++++++-
 contrib/ldns/sha1.c              |   2 +-
 contrib/ldns/sha2.c              |  18 +-
 contrib/ldns/str2host.c          |  68 +++-
 contrib/ldns/util.c              |   5 +
 contrib/ldns/wire2host.c         |   3 +
 contrib/ldns/zone.c              |   2 +-
 36 files changed, 1265 insertions(+), 300 deletions(-)

diff --git a/contrib/ldns/Changelog b/contrib/ldns/Changelog
index c7f36767b360..74e2631af72d 100644
--- a/contrib/ldns/Changelog
+++ b/contrib/ldns/Changelog
@@ -1,3 +1,49 @@
+1.9.0	2025-12-04
+	* PR #246: Make ldns_calc_keytag() available for CDNSKEY RR
+	  Thanks tgreenx and pnax
+	* PR #247: Make ldns_key_rr2ds() available for CDNSKEY RR
+	  Thanks tgreenx
+	* PR #248: Make ldns_rr_compare_{ds,ds_dnskey}() available for
+	  CDS and CDNSKEY RRs. Thanks tgreenx
+	* PR #245: Make drill trace use IPv6 when used with -6
+	  Thanks Paul Radford 
+	* Fix #254: Unquoted "value" rdata for CAA records fail to validate.
+	  Follows the long string unquoted syntax from RFC8659, section 4.1.1.
+	* Fix #266: ldns-read-zone -u fails if a type is the only type in a
+	  window and the type modulo 256 is equal to zero.
+	* Fix #271: Intermittent build failure with multi-job
+	  builds (make -j).
+	* Add ldns-verify-zone -s option. It checks all signature results,
+	  instead of passing by when one RRSIG validates. That prints output
+	  for spurious RRSIGs, the failures for them.
+	* Fix RR types NSAP-PTR, GPOS and RESINFO to print unquoted strings.
+	* Fix memory leak when trying to read zones that have equal RRs.
+	  the ldns_dnssec_*_add_rr() functions now return LDNS_STATUS_EQUAL_RR
+	  when an already existing RR is tried to be added. This is a API
+	  change, hence this also bumps the version to 1.9.0
+	* PR #282: ensure returning pkt with LDNS_STATUS_OK. Thanks grobian.
+	* PR #286: Fix RR Type AMTRELAY type nogateway, to print relay '.',
+	  and memory leaks in parsing it.
+	* DSYNC is no longer a draft RR type and compiled by default
+	* RFC 9824 support: Compact Denial of Existence in DNSSEC
+	* The HHIT and BRID draft RR types
+	* PR #249: If RNG is already seeded, return early.
+	  Thanks crrodriguez
+	* PR #221: Improve error messages. Thanks jschauma
+	* PR #256: Use SWIG_AppendOutput to support swig 4.3
+	  Thanks pemensik
+	* PR #188: Homogenize paths for source files during compilation
+	  Thanks duthils
+	* Fix #283: ldns-walk fails after update from 1.8.3 to 1.8.4
+	  Thanks jschauma
+	* PR #200: Allow compiled tests to link to ldns statically via
+	  environment variable. Thanks FGasper and pemensik
+	* PR #220: Optionally exclude ZONEMD RRs in ldns-compare-zone
+	  Thanks gjherbiet
+	* Fix #285: A WALLET RR breaks TXT signing. Thanks bortzmeyer
+	* Fix #287: ldns-verify-zone hangs with missing NSEC3 RRs.
+	  Thanks Roy Arends
+
 1.8.4	2024-07-19
 	* Fix building documentation in build directory.
 	  Thanks Michael Tokarev
diff --git a/contrib/ldns/Makefile.in b/contrib/ldns/Makefile.in
index 32b91576d0d9..b5ca1d3c3adf 100644
--- a/contrib/ldns/Makefile.in
+++ b/contrib/ldns/Makefile.in
@@ -132,11 +132,11 @@ all:	setup-builddir lib linktest manpages @P5_DNS_LDNS@ @PYLDNS@ @DRILL@ @EXAMPL
 .SUFFIXES: .c .o .a .lo .h .i
 
 .c.lo:
-	$(COMP_LIB) $(LIBSSL_CPPFLAGS) -c $< -o $@
+	$(COMP_LIB) $(LIBSSL_CPPFLAGS) -c $(srcdir)/$< -o $@
 
 # Need libtool compile
 .c.o:
-	$(COMP_LIB) $(LIBSSL_CPPFLAGS) -c $< -o $@
+	$(COMP_LIB) $(LIBSSL_CPPFLAGS) -c $(srcdir)/$< -o $@
 
 $(LDNS_LOBJS) $(LIBLOBJS) $(DRILL_LOBJS) $(EXAMPLE_LOBJS):
 	$(COMP_LIB) $(LIBSSL_CPPFLAGS) -c $(srcdir)/$(@:.lo=.c) -o $@
@@ -571,9 +571,9 @@ depend:
 		done; \
 	done
 	for p in $(EXAMPLE_PROGS) $(LDNS_DPA) $(LDNS_DANE) $(EX_SSL_PROGS); do \
-		echo "$$p: $$p.lo $$p.o \$$(LIB)" >> $(DEPEND_TMP) ; done
+		echo "$$p: $$p.lo \$$(LIB)" >> $(DEPEND_TMP) ; done
 	echo "$(TESTNS): `for o in $(TESTNS_LOBJS) ; do \
-				echo -n "$$o $${o%lo}o " ; done` \$$(LIB)" \
+				echo -n "$$o " ; done`\$$(LIB)" \
 			       	>> $(DEPEND_TMP)
 	cp $(DEPEND_TARGET) $(DEPEND_TMP2)
 	head -`egrep -n "# Dependencies" $(DEPEND_TARGET) | tail -1 | sed -e 's/:.*$$//'` $(DEPEND_TMP2) > $(DEPEND_TARGET)
@@ -1114,28 +1114,28 @@ drill/work.lo drill/work.o: $(srcdir)/drill/work.c $(srcdir)/drill/drill.h ldns/
  $(srcdir)/ldns/host2wire.h ldns/net.h $(srcdir)/ldns/str2host.h $(srcdir)/ldns/update.h \
  $(srcdir)/ldns/wire2host.h $(srcdir)/ldns/rr_functions.h $(srcdir)/ldns/parse.h $(srcdir)/ldns/radix.h \
  $(srcdir)/ldns/sha1.h $(srcdir)/ldns/sha2.h
-examples/ldns-chaos: examples/ldns-chaos.lo examples/ldns-chaos.o $(LIB)
-examples/ldns-compare-zones: examples/ldns-compare-zones.lo examples/ldns-compare-zones.o $(LIB)
-examples/ldnsd: examples/ldnsd.lo examples/ldnsd.o $(LIB)
-examples/ldns-gen-zone: examples/ldns-gen-zone.lo examples/ldns-gen-zone.o $(LIB)
-examples/ldns-key2ds: examples/ldns-key2ds.lo examples/ldns-key2ds.o $(LIB)
-examples/ldns-keyfetcher: examples/ldns-keyfetcher.lo examples/ldns-keyfetcher.o $(LIB)
-examples/ldns-keygen: examples/ldns-keygen.lo examples/ldns-keygen.o $(LIB)
-examples/ldns-mx: examples/ldns-mx.lo examples/ldns-mx.o $(LIB)
-examples/ldns-notify: examples/ldns-notify.lo examples/ldns-notify.o $(LIB)
-examples/ldns-read-zone: examples/ldns-read-zone.lo examples/ldns-read-zone.o $(LIB)
-examples/ldns-resolver: examples/ldns-resolver.lo examples/ldns-resolver.o $(LIB)
-examples/ldns-rrsig: examples/ldns-rrsig.lo examples/ldns-rrsig.o $(LIB)
-examples/ldns-test-edns: examples/ldns-test-edns.lo examples/ldns-test-edns.o $(LIB)
-examples/ldns-update: examples/ldns-update.lo examples/ldns-update.o $(LIB)
-examples/ldns-version: examples/ldns-version.lo examples/ldns-version.o $(LIB)
-examples/ldns-walk: examples/ldns-walk.lo examples/ldns-walk.o $(LIB)
-examples/ldns-zcat: examples/ldns-zcat.lo examples/ldns-zcat.o $(LIB)
-examples/ldns-zsplit: examples/ldns-zsplit.lo examples/ldns-zsplit.o $(LIB)
-examples/ldns-dpa: examples/ldns-dpa.lo examples/ldns-dpa.o $(LIB)
-examples/ldns-dane: examples/ldns-dane.lo examples/ldns-dane.o $(LIB)
-examples/ldns-nsec3-hash: examples/ldns-nsec3-hash.lo examples/ldns-nsec3-hash.o $(LIB)
-examples/ldns-revoke: examples/ldns-revoke.lo examples/ldns-revoke.o $(LIB)
-examples/ldns-signzone: examples/ldns-signzone.lo examples/ldns-signzone.o $(LIB)
-examples/ldns-verify-zone: examples/ldns-verify-zone.lo examples/ldns-verify-zone.o $(LIB)
-examples/ldns-testns: examples/ldns-testns.lo examples/ldns-testns.o examples/ldns-testpkts.lo examples/ldns-testpkts.o  $(LIB)
+examples/ldns-chaos: examples/ldns-chaos.lo $(LIB)
+examples/ldns-compare-zones: examples/ldns-compare-zones.lo $(LIB)
+examples/ldnsd: examples/ldnsd.lo $(LIB)
+examples/ldns-gen-zone: examples/ldns-gen-zone.lo $(LIB)
+examples/ldns-key2ds: examples/ldns-key2ds.lo $(LIB)
+examples/ldns-keyfetcher: examples/ldns-keyfetcher.lo $(LIB)
+examples/ldns-keygen: examples/ldns-keygen.lo $(LIB)
+examples/ldns-mx: examples/ldns-mx.lo $(LIB)
+examples/ldns-notify: examples/ldns-notify.lo $(LIB)
+examples/ldns-read-zone: examples/ldns-read-zone.lo $(LIB)
+examples/ldns-resolver: examples/ldns-resolver.lo $(LIB)
+examples/ldns-rrsig: examples/ldns-rrsig.lo $(LIB)
+examples/ldns-test-edns: examples/ldns-test-edns.lo $(LIB)
+examples/ldns-update: examples/ldns-update.lo $(LIB)
+examples/ldns-version: examples/ldns-version.lo $(LIB)
+examples/ldns-walk: examples/ldns-walk.lo $(LIB)
+examples/ldns-zcat: examples/ldns-zcat.lo $(LIB)
+examples/ldns-zsplit: examples/ldns-zsplit.lo $(LIB)
+examples/ldns-dpa: examples/ldns-dpa.lo $(LIB)
+examples/ldns-dane: examples/ldns-dane.lo $(LIB)
+examples/ldns-nsec3-hash: examples/ldns-nsec3-hash.lo $(LIB)
+examples/ldns-revoke: examples/ldns-revoke.lo $(LIB)
+examples/ldns-signzone: examples/ldns-signzone.lo $(LIB)
+examples/ldns-verify-zone: examples/ldns-verify-zone.lo $(LIB)
+examples/ldns-testns: examples/ldns-testns.lo examples/ldns-testpkts.lo $(LIB)
diff --git a/contrib/ldns/README b/contrib/ldns/README
index e07fdc078aa2..fb588f4da586 100644
--- a/contrib/ldns/README
+++ b/contrib/ldns/README
@@ -1,3 +1,21 @@
+DEVELOPMENT VISION
+
+Note: ldns has been in maintenance mode since 2020, with no plans for major
+features. We welcome PRs from contributors who want to add new functionality. 
+We also actively fix bugs, so users can continue to rely on ldns if its 
+current features meet their needs.
+
+We will continue to make occasional use of ldns in an experimental
+setting, such as during an IETF Hackathon to build a proof of concept for an
+Internet Draft.
+
+The natural successor to the ldns library is the domain library for Rust:
+https://github.com/NLnetLabs/domain
+
+We offer drop-in replacements for commonly used ldns example tools in dnst:
+https://github.com/NLnetLabs/dnst
+
+---
 
 Contents: 
 	REQUIREMENTS
@@ -10,7 +28,6 @@ Contents:
 		Solaris
 	KNOWN ISSUES
 		pyldns
-        Your Support
 
 Project page:
 http://www.nlnetlabs.nl/ldns/
diff --git a/contrib/ldns/config.guess b/contrib/ldns/config.guess
index f6d217a49f8f..a9d01fde4617 100755
--- a/contrib/ldns/config.guess
+++ b/contrib/ldns/config.guess
@@ -1,10 +1,10 @@
 #! /bin/sh
 # Attempt to guess a canonical system name.
-#   Copyright 1992-2024 Free Software Foundation, Inc.
+#   Copyright 1992-2025 Free Software Foundation, Inc.
 
 # shellcheck disable=SC2006,SC2268 # see below for rationale
 
-timestamp='2024-01-01'
+timestamp='2025-07-10'
 
 # This file is free software; you can redistribute it and/or modify it
 # under the terms of the GNU General Public License as published by
@@ -60,7 +60,7 @@ version="\
 GNU config.guess ($timestamp)
 
 Originally written by Per Bothner.
-Copyright 1992-2024 Free Software Foundation, Inc.
+Copyright 1992-2025 Free Software Foundation, Inc.
 
 This is free software; see the source for copying conditions.  There is NO
 warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
@@ -123,7 +123,7 @@ set_cc_for_build() {
     dummy=$tmp/dummy
     case ${CC_FOR_BUILD-},${HOST_CC-},${CC-} in
 	,,)    echo "int x;" > "$dummy.c"
-	       for driver in cc gcc c89 c99 ; do
+	       for driver in cc gcc c17 c99 c89 ; do
 		   if ($driver -c -o "$dummy.o" "$dummy.c") >/dev/null 2>&1 ; then
 		       CC_FOR_BUILD=$driver
 		       break
@@ -634,7 +634,8 @@ EOF
 		sed 's/^		//' << EOF > "$dummy.c"
 		#include <sys/systemcfg.h>
 
-		main()
+		int
+		main ()
 			{
 			if (!__power_pc())
 				exit(1);
@@ -718,7 +719,8 @@ EOF
 		#include <stdlib.h>
 		#include <unistd.h>
 
-		int main ()
+		int
+		main ()
 		{
 		#if defined(_SC_KERNEL_BITS)
 		    long bits = sysconf(_SC_KERNEL_BITS);
@@ -1595,8 +1597,11 @@ EOF
     *:Unleashed:*:*)
 	GUESS=$UNAME_MACHINE-unknown-unleashed$UNAME_RELEASE
 	;;
-    *:Ironclad:*:*)
-	GUESS=$UNAME_MACHINE-unknown-ironclad
+    x86_64:[Ii]ronclad:*:*|i?86:[Ii]ronclad:*:*)
+	GUESS=$UNAME_MACHINE-pc-ironclad-mlibc
+	;;
+    *:[Ii]ronclad:*:*)
+	GUESS=$UNAME_MACHINE-unknown-ironclad-mlibc
 	;;
 esac
 
@@ -1621,6 +1626,7 @@ cat > "$dummy.c" <<EOF
 #endif
 #endif
 #endif
+int
 main ()
 {
 #if defined (sony)
@@ -1805,8 +1811,8 @@ fi
 exit 1
 
 # Local variables:
-# eval: (add-hook 'before-save-hook 'time-stamp)
+# eval: (add-hook 'before-save-hook 'time-stamp nil t)
 # time-stamp-start: "timestamp='"
-# time-stamp-format: "%:y-%02m-%02d"
+# time-stamp-format: "%Y-%02m-%02d"
 # time-stamp-end: "'"
 # End:
diff --git a/contrib/ldns/config.sub b/contrib/ldns/config.sub
index 2c6a07ab3c34..3d35cde174de 100755
--- a/contrib/ldns/config.sub
+++ b/contrib/ldns/config.sub
@@ -1,10 +1,10 @@
 #! /bin/sh
 # Configuration validation subroutine script.
-#   Copyright 1992-2024 Free Software Foundation, Inc.
+#   Copyright 1992-2025 Free Software Foundation, Inc.
 
-# shellcheck disable=SC2006,SC2268 # see below for rationale
+# shellcheck disable=SC2006,SC2268,SC2162 # see below for rationale
 
-timestamp='2024-01-01'
+timestamp='2025-07-10'
 
 # This file is free software; you can redistribute it and/or modify it
 # under the terms of the GNU General Public License as published by
@@ -76,7 +76,7 @@ Report bugs and patches to <config-patches@gnu.org>."
 version="\
 GNU config.sub ($timestamp)
 
-Copyright 1992-2024 Free Software Foundation, Inc.
+Copyright 1992-2025 Free Software Foundation, Inc.
 
 This is free software; see the source for copying conditions.  There is NO
 warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
@@ -120,7 +120,6 @@ case $# in
 esac
 
 # Split fields of configuration type
-# shellcheck disable=SC2162
 saved_IFS=$IFS
 IFS="-" read field1 field2 field3 field4 <<EOF
 $1
@@ -142,10 +141,21 @@ case $1 in
 		# parts
 		maybe_os=$field2-$field3
 		case $maybe_os in
-			nto-qnx* | linux-* | uclinux-uclibc* \
-			| uclinux-gnu* | kfreebsd*-gnu* | knetbsd*-gnu* | netbsd*-gnu* \
-			| netbsd*-eabi* | kopensolaris*-gnu* | cloudabi*-eabi* \
-			| storm-chaos* | os2-emx* | rtmk-nova* | managarm-* \
+			  cloudabi*-eabi* \
+			| kfreebsd*-gnu* \
+			| knetbsd*-gnu* \
+			| kopensolaris*-gnu* \
+			| ironclad-* \
+			| linux-* \
+			| managarm-* \
+			| netbsd*-eabi* \
+			| netbsd*-gnu* \
+			| nto-qnx* \
+			| os2-emx* \
+			| rtmk-nova* \
+			| storm-chaos* \
+			| uclinux-gnu* \
+			| uclinux-uclibc* \
 			| windows-* )
 				basic_machine=$field1
 				basic_os=$maybe_os
@@ -161,8 +171,12 @@ case $1 in
 		esac
 		;;
 	*-*)
-		# A lone config we happen to match not fitting any pattern
 		case $field1-$field2 in
+			# Shorthands that happen to contain a single dash
+			convex-c[12] | convex-c3[248])
+				basic_machine=$field2-convex
+				basic_os=
+				;;
 			decstation-3100)
 				basic_machine=mips-dec
 				basic_os=
@@ -170,28 +184,87 @@ case $1 in
 			*-*)
 				# Second component is usually, but not always the OS
 				case $field2 in
-					# Prevent following clause from handling this valid os
+					# Do not treat sunos as a manufacturer
 					sun*os*)
 						basic_machine=$field1
 						basic_os=$field2
 						;;
-					zephyr*)
-						basic_machine=$field1-unknown
-						basic_os=$field2
-						;;
 					# Manufacturers
-					dec* | mips* | sequent* | encore* | pc533* | sgi* | sony* \
-					| att* | 7300* | 3300* | delta* | motorola* | sun[234]* \
-					| unicom* | ibm* | next | hp | isi* | apollo | altos* \
-					| convergent* | ncr* | news | 32* | 3600* | 3100* \
-					| hitachi* | c[123]* | convex* | sun | crds | omron* | dg \
-					| ultra | tti* | harris | dolphin | highlevel | gould \
-					| cbm | ns | masscomp | apple | axis | knuth | cray \
-					| microblaze* | sim | cisco \
-					| oki | wec | wrs | winbond)
+					  3100* \
+					| 32* \
+					| 3300* \
+					| 3600* \
+					| 7300* \
+					| acorn \
+					| altos* \
+					| apollo \
+					| apple \
+					| atari \
+					| att* \
+					| axis \
+					| be \
+					| bull \
+					| cbm \
+					| ccur \
+					| cisco \
+					| commodore \
+					| convergent* \
+					| convex* \
+					| cray \
+					| crds \
+					| dec* \
+					| delta* \
+					| dg \
+					| digital \
+					| dolphin \
+					| encore* \
+					| gould \
+					| harris \
+					| highlevel \
+					| hitachi* \
+					| hp \
+					| ibm* \
+					| intergraph \
+					| isi* \
+					| knuth \
+					| masscomp \
+					| microblaze* \
+					| mips* \
+					| motorola* \
+					| ncr* \
+					| news \
+					| next \
+					| ns \
+					| oki \
+					| omron* \
+					| pc533* \
+					| rebel \
+					| rom68k \
+					| rombug \
+					| semi \
+					| sequent* \
+					| sgi* \
+					| siemens \
+					| sim \
+					| sni \
+					| sony* \
+					| stratus \
+					| sun \
+					| sun[234]* \
+					| tektronix \
+					| tti* \
+					| ultra \
+					| unicom* \
+					| wec \
+					| winbond \
+					| wrs)
 						basic_machine=$field1-$field2
 						basic_os=
 						;;
+					tock* | zephyr*)
+						basic_machine=$field1-unknown
+						basic_os=$field2
+						;;
 					*)
 						basic_machine=$field1
 						basic_os=$field2
@@ -272,26 +345,6 @@ case $1 in
 				basic_machine=arm-unknown
 				basic_os=cegcc
 				;;
-			convex-c1)
-				basic_machine=c1-convex
-				basic_os=bsd
-				;;
-			convex-c2)
-				basic_machine=c2-convex
-				basic_os=bsd
-				;;
-			convex-c32)
-				basic_machine=c32-convex
-				basic_os=bsd
-				;;
-			convex-c34)
-				basic_machine=c34-convex
-				basic_os=bsd
-				;;
-			convex-c38)
-				basic_machine=c38-convex
-				basic_os=bsd
-				;;
 			cray)
 				basic_machine=j90-cray
 				basic_os=unicos
@@ -714,15 +767,26 @@ case $basic_machine in
 		vendor=dec
 		basic_os=tops20
 		;;
-	delta | 3300 | motorola-3300 | motorola-delta \
-	      | 3300-motorola | delta-motorola)
+	delta | 3300 | delta-motorola | 3300-motorola | motorola-delta | motorola-3300)
 		cpu=m68k
 		vendor=motorola
 		;;
-	dpx2*)
+	# This used to be dpx2*, but that gets the RS6000-based
+	# DPX/20 and the x86-based DPX/2-100 wrong.  See
+	# https://oldskool.silicium.org/stations/bull_dpx20.htm
+	# https://www.feb-patrimoine.com/english/bull_dpx2.htm
+	# https://www.feb-patrimoine.com/english/unix_and_bull.htm
+	dpx2 | dpx2[23]00 | dpx2[23]xx)
 		cpu=m68k
 		vendor=bull
-		basic_os=sysv3
+		;;
+	dpx2100 | dpx21xx)
+		cpu=i386
+		vendor=bull
+		;;
+	dpx20)
+		cpu=rs6000
+		vendor=bull
 		;;
 	encore | umax | mmax)
 		cpu=ns32k
@@ -837,18 +901,6 @@ case $basic_machine in
 	next | m*-next)
 		cpu=m68k
 		vendor=next
-		case $basic_os in
-		    openstep*)
-		        ;;
-		    nextstep*)
-			;;
-		    ns2*)
-		      basic_os=nextstep2
-			;;
-		    *)
-		      basic_os=nextstep3
-			;;
-		esac
 		;;
 	np1)
 		cpu=np1
@@ -937,7 +989,6 @@ case $basic_machine in
 		;;
 
 	*-*)
-		# shellcheck disable=SC2162
 		saved_IFS=$IFS
 		IFS="-" read cpu vendor <<EOF
 $basic_machine
@@ -972,15 +1023,19 @@ unset -v basic_machine
 
 # Decode basic machines in the full and proper CPU-Company form.
 case $cpu-$vendor in
-	# Here we handle the default manufacturer of certain CPU types in canonical form. It is in
-	# some cases the only manufacturer, in others, it is the most popular.
+	# Here we handle the default manufacturer of certain CPU types in canonical form.
+	# It is in some cases the only manufacturer, in others, it is the most popular.
+	c[12]-convex | c[12]-unknown | c3[248]-convex | c3[248]-unknown)
+		vendor=convex
+		basic_os=${basic_os:-bsd}
+		;;
 	craynv-unknown)
 		vendor=cray
 		basic_os=${basic_os:-unicosmp}
 		;;
 	c90-unknown | c90-cray)
 		vendor=cray
-		basic_os=${Basic_os:-unicos}
+		basic_os=${basic_os:-unicos}
 		;;
 	fx80-unknown)
 		vendor=alliant
@@ -1026,11 +1081,29 @@ case $cpu-$vendor in
 		vendor=alt
 		basic_os=${basic_os:-linux-gnueabihf}
 		;;
-	dpx20-unknown | dpx20-bull)
-		cpu=rs6000
-		vendor=bull
+
+	# Normalized CPU+vendor pairs that imply an OS, if not otherwise specified
+	m68k-isi)
+		basic_os=${basic_os:-sysv}
+		;;
+	m68k-sony)
+		basic_os=${basic_os:-newsos}
+		;;
+	m68k-tektronix)
+		basic_os=${basic_os:-bsd}
+		;;
+	m88k-harris)
+		basic_os=${basic_os:-sysv3}
+		;;
+	i386-bull | m68k-bull)
+		basic_os=${basic_os:-sysv3}
+		;;
+	rs6000-bull)
 		basic_os=${basic_os:-bosx}
 		;;
+	mips-sni)
+		basic_os=${basic_os:-sysv4}
+		;;
 
 	# Here we normalize CPU types irrespective of the vendor
 	amd64-*)
@@ -1038,7 +1111,7 @@ case $cpu-$vendor in
 		;;
 	blackfin-*)
 		cpu=bfin
-		basic_os=linux
+		basic_os=${basic_os:-linux}
 		;;
 	c54x-*)
 		cpu=tic54x
@@ -1061,7 +1134,7 @@ case $cpu-$vendor in
 		;;
 	m68knommu-*)
 		cpu=m68k
-		basic_os=linux
+		basic_os=${basic_os:-linux}
 		;;
 	m9s12z-* | m68hcs12z-* | hcs12z-* | s12z-*)
 		cpu=s12z
@@ -1071,7 +1144,7 @@ case $cpu-$vendor in
 		;;
 	parisc-*)
 		cpu=hppa
-		basic_os=linux
+		basic_os=${basic_os:-linux}
 		;;
 	pentium-* | p5-* | k5-* | k6-* | nexgen-* | viac3-*)
 		cpu=i586
@@ -1085,9 +1158,6 @@ case $cpu-$vendor in
 	pentium4-*)
 		cpu=i786
 		;;
-	pc98-*)
-		cpu=i386
-		;;
 	ppc-* | ppcbe-*)
 		cpu=powerpc
 		;;
@@ -1121,13 +1191,10 @@ case $cpu-$vendor in
 	tx39el-*)
 		cpu=mipstx39el
 		;;
-	x64-*)
-		cpu=x86_64
-		;;
 	xscale-* | xscalee[bl]-*)
 		cpu=`echo "$cpu" | sed 's/^xscale/arm/'`
 		;;
-	arm64-* | aarch64le-*)
+	arm64-* | aarch64le-* | arm64_32-*)
 		cpu=aarch64
 		;;
 
@@ -1179,90 +1246,228 @@ case $cpu-$vendor in
 		# Recognize the canonical CPU types that are allowed with any
 		# company name.
 		case $cpu in
-			1750a | 580 \
+			  1750a \
+			| 580 \
+			| [cjt]90 \
 			| a29k \
-			| aarch64 | aarch64_be | aarch64c | arm64ec \
+			| aarch64 \
+			| aarch64_be \
+			| aarch64c \
 			| abacus \
-			| alpha | alphaev[4-8] | alphaev56 | alphaev6[78] \
-			| alpha64 | alpha64ev[4-8] | alpha64ev56 | alpha64ev6[78] \
-			| alphapca5[67] | alpha64pca5[67] \
+			| alpha \
+			| alpha64 \
+			| alpha64ev56 \
+			| alpha64ev6[78] \
+			| alpha64ev[4-8] \
+			| alpha64pca5[67] \
+			| alphaev56 \
+			| alphaev6[78] \
+			| alphaev[4-8] \
+			| alphapca5[67] \
 			| am33_2.0 \
 			| amdgcn \
-			| arc | arceb | arc32 | arc64 \
-			| arm | arm[lb]e | arme[lb] | armv* \
-			| avr | avr32 \
+			| arc \
+			| arc32 \
+			| arc64 \
+			| arceb \
+			| arm \
+			| arm64e \
+			| arm64ec \
+			| arm[lb]e \
+			| arme[lb] \
+			| armv* \
 			| asmjs \
+			| avr \
+			| avr32 \
 			| ba \
-			| be32 | be64 \
-			| bfin | bpf | bs2000 \
-			| c[123]* | c30 | [cjt]90 | c4x \
-			| c8051 | clipper | craynv | csky | cydra \
-			| d10v | d30v | dlx | dsp16xx \
-			| e2k | elxsi | epiphany \
-			| f30[01] | f700 | fido | fr30 | frv | ft32 | fx80 \
-			| javascript \
-			| h8300 | h8500 \
-			| hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \
+			| be32 \
+			| be64 \
+			| bfin \
+			| bpf \
+			| bs2000 \
+			| c30 \
+			| c4x \
+			| c8051 \
+			| c[123]* \
+			| clipper \
+			| craynv \
+			| csky \
+			| cydra \
+			| d10v \
+			| d30v \
+			| dlx \
+			| dsp16xx \
+			| e2k \
+			| elxsi \
+			| epiphany \
+			| f30[01] \
+			| f700 \
+			| fido \
+			| fr30 \
+			| frv \
+			| ft32 \
+			| fx80 \
+			| h8300 \
+			| h8500 \
 			| hexagon \
-			| i370 | i*86 | i860 | i960 | ia16 | ia64 \
-			| ip2k | iq2000 \
+			| hppa \
+			| hppa1.[01] \
+			| hppa2.0 \
+			| hppa2.0[nw] \
+			| hppa64 \
+			| i*86 \
+			| i370 \
+			| i860 \
+			| i960 \
+			| ia16 \
+			| ia64 \
+			| intelgt \
+			| ip2k \
+			| iq2000 \
+			| javascript \
 			| k1om \
 			| kvx \
-			| le32 | le64 \
+			| le32 \
+			| le64 \
 			| lm32 \
-			| loongarch32 | loongarch64 \
-			| m32c | m32r | m32rle \
-			| m5200 | m68000 | m680[012346]0 | m68360 | m683?2 | m68k \
-			| m6811 | m68hc11 | m6812 | m68hc12 | m68hcs12x \
-			| m88110 | m88k | maxq | mb | mcore | mep | metag \
-			| microblaze | microblazeel \
+			| loongarch32 \
+			| loongarch64 \
+			| m32c \
+			| m32r \
+			| m32rle \
+			| m5200 \
+			| m68000 \
+			| m680[012346]0 \
+			| m6811 \
+			| m6812 \
+			| m68360 \
+			| m683?2 \
+			| m68hc11 \
+			| m68hc12 \
+			| m68hcs12x \
+			| m68k \
+			| m88110 \
+			| m88k \
+			| maxq \
+			| mb \
+			| mcore \
+			| mep \
+			| metag \
+			| microblaze \
+			| microblazeel \
 			| mips* \
 			| mmix \
-			| mn10200 | mn10300 \
+			| mn10200 \
+			| mn10300 \
 			| moxie \
-			| mt \
 			| msp430 \
+			| mt \
 			| nanomips* \
-			| nds32 | nds32le | nds32be \
+			| nds32 \
+			| nds32be \
+			| nds32le \
 			| nfp \
-			| nios | nios2 | nios2eb | nios2el \
-			| none | np1 | ns16k | ns32k | nvptx \
+			| nios \
+			| nios2 \
+			| nios2eb \
+			| nios2el \
+			| none \
+			| np1 \
+			| ns16k \
+			| ns32k \
+			| nvptx \
 			| open8 \
 			| or1k* \
 			| or32 \
 			| orion \
+			| pdp10 \
+			| pdp11 \
 			| picochip \
-			| pdp10 | pdp11 | pj | pjl | pn | power \
-			| powerpc | powerpc64 | powerpc64le | powerpcle | powerpcspe \
+			| pj \
+			| pjl \
+			| pn \
+			| power \
+			| powerpc \
+			| powerpc64 \
+			| powerpc64le \
+			| powerpcle \
+			| powerpcspe \
 			| pru \
 			| pyramid \
-			| riscv | riscv32 | riscv32be | riscv64 | riscv64be \
-			| rl78 | romp | rs6000 | rx \
-			| s390 | s390x \
+			| riscv \
+			| riscv32 \
+			| riscv32be \
+			| riscv64 \
+			| riscv64be \
+			| rl78 \
+			| romp \
+			| rs6000 \
+			| rx \
+			| s390 \
+			| s390x \
 			| score \
-			| sh | shl \
-			| sh[1234] | sh[24]a | sh[24]ae[lb] | sh[23]e | she[lb] | sh[lb]e \
-			| sh[1234]e[lb] |  sh[12345][lb]e | sh[23]ele | sh64 | sh64le \
-			| sparc | sparc64 | sparc64b | sparc64v | sparc86x | sparclet \
+			| sh \
+			| sh64 \
+			| sh64le \
+			| sh[12345][lb]e \
+			| sh[1234] \
+			| sh[1234]e[lb] \
+			| sh[23]e \
+			| sh[23]ele \
+			| sh[24]a \
+			| sh[24]ae[lb] \
+			| sh[lb]e \
+			| she[lb] \
+			| shl \
+			| sparc \
+			| sparc64 \
+			| sparc64b \
+			| sparc64v \
+			| sparc86x \
+			| sparclet \
 			| sparclite \
-			| sparcv8 | sparcv9 | sparcv9b | sparcv9v | sv1 | sx* \
+			| sparcv8 \
+			| sparcv9 \
+			| sparcv9b \
+			| sparcv9v \
 			| spu \
+			| sv1 \
+			| sx* \
 			| tahoe \
 			| thumbv7* \
-			| tic30 | tic4x | tic54x | tic55x | tic6x | tic80 \
+			| tic30 \
+			| tic4x \
+			| tic54x \
+			| tic55x \
+			| tic6x \
+			| tic80 \
 			| tron \
 			| ubicom32 \
-			| v70 | v850 | v850e | v850e1 | v850es | v850e2 | v850e2v3 \
+			| v70 \
+			| v810 \
+			| v850 \
+			| v850e \
+			| v850e1 \
+			| v850e2 \
+			| v850e2v3 \
+			| v850es \
 			| vax \
 			| vc4 \
 			| visium \
 			| w65 \
-			| wasm32 | wasm64 \
+			| wasm32 \
+			| wasm64 \
 			| we32k \
-			| x86 | x86_64 | xc16x | xgate | xps100 \
-			| xstormy16 | xtensa* \
+			| x86 \
+			| x86_64 \
+			| xc16x \
+			| xgate \
+			| xps100 \
+			| xstormy16 \
+			| xtensa* \
 			| ymp \
-			| z8k | z80)
+			| z80 \
+			| z8k)
 				;;
 
 			*)
@@ -1307,7 +1512,6 @@ case $basic_os in
 		os=`echo "$basic_os" | sed -e 's|nto-qnx|qnx|'`
 		;;
 	*-*)
-		# shellcheck disable=SC2162
 		saved_IFS=$IFS
 		IFS="-" read kernel os <<EOF
 $basic_os
@@ -1319,6 +1523,10 @@ EOF
 		kernel=nto
 		os=`echo "$basic_os" | sed -e 's|nto|qnx|'`
 		;;
+	ironclad*)
+		kernel=ironclad
+		os=`echo "$basic_os" | sed -e 's|ironclad|mlibc|'`
+		;;
 	linux*)
 		kernel=linux
 		os=`echo "$basic_os" | sed -e 's|linux|gnu|'`
@@ -1354,6 +1562,23 @@ case $os in
 	unixware*)
 		os=sysv4.2uw
 		;;
+	# The marketing names for NeXT's operating systems were
+	# NeXTSTEP, NeXTSTEP 2, OpenSTEP 3, OpenSTEP 4.  'openstep' is
+	# mapped to 'openstep3', but 'openstep1' and 'openstep2' are
*** 1985 LINES SKIPPED ***