-
Notifications
You must be signed in to change notification settings - Fork 5
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Upgrade v9.19.17 #5
Commits on Aug 16, 2023
-
Merge branch '4228-fix-heap-use-after-free-in-dns_dispatch_createtcp'…
… into 'main' Attach to the dns_dispatchmgr in the dns_view object Closes #4228 See merge request isc-projects/bind9!8203
Configuration menu - View commit details
-
Copy full SHA for 2c51e93 - Browse repository at this point
Copy the full SHA 2c51e93View commit details -
Clean leftover files in autosign and masterformat
The following files were reported in CI by the legacy system test runner and prevented job to pass. They should be removed. $ if git rev-parse > /dev/null 2>&1; then ( ! grep "^I:.*:file.*not removed$" *.log ); fi autosign.log:I:autosign:file autosign/ns3/kskonly.example.db.jbk not removed autosign.log:I:autosign:file autosign/ns3/optout.example.db.jbk not removed autosign.log:I:autosign:file autosign/ns3/reconf.example.db.jbk not removed masterformat.log:I:masterformat:file masterformat/ns1/signed.db.raw.jbk not removed masterformat.log:I:masterformat:file masterformat/ns1/signed.db.raw.signed not removed masterformat.log:I:masterformat:file masterformat/ns1/signed.db.raw.signed.jnl not removed Don't print an error when the ns*/inactive directory is not present: rmdir: ns*/inactive: No such file or directory Remove nsupdate.out.test file instead of nsupdate.out, as the latter does not exist.
Configuration menu - View commit details
-
Copy full SHA for 8a0da13 - Browse repository at this point
Copy the full SHA 8a0da13View commit details -
Merge branch 'mnowak/clean-leftover-files' into 'main'
Clean leftover files in autosign and masterformat See merge request isc-projects/bind9!8167
Configuration menu - View commit details
-
Copy full SHA for b88f914 - Browse repository at this point
Copy the full SHA b88f914View commit details
Commits on Aug 17, 2023
-
Configuration menu - View commit details
-
Copy full SHA for e27a33e - Browse repository at this point
Copy the full SHA e27a33eView commit details -
Add custom flaky decorator to handle unstable tests
If the flaky plugin for pytest is available, use its decorator to support re-running unstable tests. In case the package is missing, execute the test as usual without attempts to re-run it in case of failure. This is mostly intended to increase the test stability in CI. Using a custom decorator enables us to keep the flaky package as an optional dependency.
Configuration menu - View commit details
-
Copy full SHA for 5b703de - Browse repository at this point
Copy the full SHA 5b703deView commit details -
Mark test_send_timeout as flaky
In some cases, BIND is not fast enough to fill the send buffer and manages to answer all queries, contrary to what the test expects. Repeat the check up to 3 times to limit this test instability.
Configuration menu - View commit details
-
Copy full SHA for 681b23c - Browse repository at this point
Copy the full SHA 681b23cView commit details -
Merge branch '4139-test_send_timeout-check-can-be-unstable' into 'main'
Make the test_send_timeout check more stable Closes #4139 See merge request isc-projects/bind9!8168
Configuration menu - View commit details
-
Copy full SHA for 4970d0c - Browse repository at this point
Copy the full SHA 4970d0cView commit details -
Revert "Exclude dupsigs and keymgr2kasp from cross-version-config-tests"
This reverts commit 4eac32f. With the v9.19.16 release tag merged, the "cross-version-config-tests" GitLab CI job will no longer fail due to the two relevant system tests being absent from the development branch. This makes the pytest filtering expression added to work around that issue unnecessary, so remove it.
Configuration menu - View commit details
-
Copy full SHA for 96e4139 - Browse repository at this point
Copy the full SHA 96e4139View commit details -
Update the release checklist with links to recently implemented tools for automating certain tasks.
Configuration menu - View commit details
-
Copy full SHA for 45bf612 - Browse repository at this point
Copy the full SHA 45bf612View commit details -
Merge branch 'michal/post-release-tweaks' into 'main'
Post-release tweaks (cross-version testing cleanup, release checklist tweaks) See merge request isc-projects/bind9!8210
Configuration menu - View commit details
-
Copy full SHA for 159c880 - Browse repository at this point
Copy the full SHA 159c880View commit details
Commits on Aug 21, 2023
-
Parse statschannel Content-Length: more carefully
A negative or excessively large Content-Length could cause a crash by making `INSIST(httpd->consume != 0)` fail.
Configuration menu - View commit details
-
Copy full SHA for 26e10e8 - Browse repository at this point
Copy the full SHA 26e10e8View commit details -
Configuration menu - View commit details
-
Copy full SHA for 1ba538f - Browse repository at this point
Copy the full SHA 1ba538fView commit details -
Merge branch '4125-statschannel-content-length-overflow' into 'main'
Parse statschannel Content-Length: more carefully Closes #4125 See merge request isc-projects/bind9!8018
Configuration menu - View commit details
-
Copy full SHA for f965726 - Browse repository at this point
Copy the full SHA f965726View commit details -
ci: use pytest system test runner on OpenBSD
A supported pytest version finally made it to OpenBSD repositories, allowing us to run system tests with the pytest runner.
Configuration menu - View commit details
-
Copy full SHA for 8846877 - Browse repository at this point
Copy the full SHA 8846877View commit details -
ci: run out-of-tree system tests with pytest runner
Out-of-tree builds are built in a directory that is different from source directory. The build directory doesn't contain the non-compiled test files from bin/tests/system which are the test cases required by the pytest runner. In order to run the system tests for out-of-tree build, copy over the contents (tests) of bin/tests/system/ from the source directory into the build directory. Then, it is possible to invoke the pytest runner inside the build directory.
Configuration menu - View commit details
-
Copy full SHA for d49d9ec - Browse repository at this point
Copy the full SHA d49d9ecView commit details -
Configuration menu - View commit details
-
Copy full SHA for bc66bf1 - Browse repository at this point
Copy the full SHA bc66bf1View commit details -
Configuration menu - View commit details
-
Copy full SHA for b1a9d1f - Browse repository at this point
Copy the full SHA b1a9d1fView commit details -
Merge branch '4246-remove-legacy-test-runner-from-ci' into 'main'
Use pytest runner for out-of-tree and OpenBSD system tests in CI Closes #4246 See merge request isc-projects/bind9!8193
Configuration menu - View commit details
-
Copy full SHA for f52dd73 - Browse repository at this point
Copy the full SHA f52dd73View commit details -
Configuration menu - View commit details
-
Copy full SHA for 58a8de5 - Browse repository at this point
Copy the full SHA 58a8de5View commit details -
Merge branch '4125-release-notes' into 'main'
Add release note for [GL #4125] Closes #4125 See merge request isc-projects/bind9!8216
Configuration menu - View commit details
-
Copy full SHA for 838dc9b - Browse repository at this point
Copy the full SHA 838dc9bView commit details -
Create symlinks to test artifacts for pytest runner
While temporary directories are useful for test execution to keep everything clean, they are difficult to work with manually. Create a symlink for each test artifact directory with a stable and predictable path. The symlink always either points to the latest artifacts, or is missing in case the last run succeeded. Ensure these symlinked directories aren't detected as test suites by the pytest runner.
Configuration menu - View commit details
-
Copy full SHA for e1ca5c8 - Browse repository at this point
Copy the full SHA e1ca5c8View commit details -
Improve tempdir logging for pytest runner
At the end of the test, display the symlink path to the artifact directory in case it's preserved. Log the full tempdir name in debug log.
Configuration menu - View commit details
-
Copy full SHA for f91d0b1 - Browse repository at this point
Copy the full SHA f91d0b1View commit details -
Silence pylint's refactoring suggestions for system_test_dir()
While it'd be fairly easy to split the function up into smaller ones, the readability wouldn't be improved in this case. Silence the suggestions instead.
Configuration menu - View commit details
-
Copy full SHA for 83ddca7 - Browse repository at this point
Copy the full SHA 83ddca7View commit details -
Add clean-local target to clean pytest runner artifacts
The command finds all directories in bin/tests/system which contain an underscore. Underscore indicates either a temporary directory (_tmp_), a symlink to test artifacts (TESTNAME_MODULENAME), or a python-related cache. Using underscore for a system test name is invalid and a hyphen must be used instead.
Configuration menu - View commit details
-
Copy full SHA for d66ff81 - Browse repository at this point
Copy the full SHA d66ff81View commit details -
Configuration menu - View commit details
-
Copy full SHA for 355dc73 - Browse repository at this point
Copy the full SHA 355dc73View commit details -
Merge branch '4252-pytest-symlink-to-test-artifacts' into 'main'
Create symlinks to test artifacts for pytest runner Closes #4252 See merge request isc-projects/bind9!8194
Configuration menu - View commit details
-
Copy full SHA for 1a958b7 - Browse repository at this point
Copy the full SHA 1a958b7View commit details -
Limit the number of inactive handles kept for reuse
Instead of growing and never shrinking the list of the inactive handles (to be reused mostly on the UDP connections), limit the number of maximum number of inactive handles kept to 64. Instead of caching the inactive handles for all listening sockets, enable the caching on on UDP listening sockets. For TCP, the handles were cached for each accepted socket thus reusing the handles only for long-standing TCP connections, but not reusing the handles across different TCP streams.
Configuration menu - View commit details
-
Copy full SHA for f36e118 - Browse repository at this point
Copy the full SHA f36e118View commit details -
Limit the memory pool for the uvreqs
Set the number of maximum free items for the uvreq memory pool to 64.
Configuration menu - View commit details
-
Copy full SHA for 0c9cf8f - Browse repository at this point
Copy the full SHA 0c9cf8fView commit details -
Configuration menu - View commit details
-
Copy full SHA for db7c501 - Browse repository at this point
Copy the full SHA db7c501View commit details -
Merge branch '4265-remove-caching-of-netmgr-sockets-and-uvreqs' into …
…'main' Limit the number of inactive handles and uvreqs kept for reuse Closes #4265 See merge request isc-projects/bind9!8206
Configuration menu - View commit details
-
Copy full SHA for a5884c2 - Browse repository at this point
Copy the full SHA a5884c2View commit details -
Make Debian 12 "bookworm" the base image
Just replace "bullseye" with "bookworm" and reintroduce Debian 11 "bullseye" later.
Configuration menu - View commit details
-
Copy full SHA for 2d18c57 - Browse repository at this point
Copy the full SHA 2d18c57View commit details -
Configuration menu - View commit details
-
Copy full SHA for 5e1120d - Browse repository at this point
Copy the full SHA 5e1120dView commit details -
Drop unneeded -Wno-compound-token-split-by-macro option
Debian 12 has Perl 5.36 and the option is no longer needed.
Configuration menu - View commit details
-
Copy full SHA for a330ab2 - Browse repository at this point
Copy the full SHA a330ab2View commit details -
Disable mandoc stylistic warning
We are not concerned by the "input text line longer than 80 bytes" stylistic warning.
Configuration menu - View commit details
-
Copy full SHA for 7929168 - Browse repository at this point
Copy the full SHA 7929168View commit details -
Drop PKCS11 testing from "sid", restore it on "clang:bookworm"
The gcc:sid:amd64 job was used to test PKCS11 via the OpenSSL engine API but is now designated for future PKCS11 testing via the provider API. The ability to use PKCS11 via engine API in clang:bookworm:amd64 has been restored using only deprecated APIs in OpenSSL 3.
Configuration menu - View commit details
-
Copy full SHA for cfb06da - Browse repository at this point
Copy the full SHA cfb06daView commit details -
Drop unnecessary gcovr workarounds
Many problems of the Debian 11 gcovr version were fixed in the Debian 12 one. Replace workarounds we accumulated over the years with two new, simple ones.
Configuration menu - View commit details
-
Copy full SHA for 55f5aa0 - Browse repository at this point
Copy the full SHA 55f5aa0View commit details -
Move clang:bullseye PKCS11 testing to gcc:bullseye
Move clang:bullseye:amd64 PKCS11 testing to the gcc:bullseye:amd64 job to evenly represent compilers in PKCS11 testing.
Configuration menu - View commit details
-
Copy full SHA for 077d824 - Browse repository at this point
Copy the full SHA 077d824View commit details -
Merge branch '3893-make-debian-12-bookworm-base-image' into 'main'
Make Debian 12 "bookworm" the base image See merge request isc-projects/bind9!8075
Configuration menu - View commit details
-
Copy full SHA for 1e16d41 - Browse repository at this point
Copy the full SHA 1e16d41View commit details -
Add support for User Statically Defined Tracing (USDT) probes
This adds support for User Statically Defined Tracing (USDT). On Linux, this uses the header from SystemTap and dtrace utility, but the support is universal as long as dtrace is available. Also add the required infrastructure to add probes to libisc, libdns and libns libraries, where most of the probes will be.
Configuration menu - View commit details
-
Copy full SHA for 784d055 - Browse repository at this point
Copy the full SHA 784d055View commit details -
Add tracing probes to the custom isc_rwlock implementation
Add tracing probes to ISC own isc_rwlock implementation to allow fine-grained tracing. The pthread rwlock already has probes inside glibc, and it's difficult to add probes to headers included from the other libraries.
Configuration menu - View commit details
-
Copy full SHA for dcd6021 - Browse repository at this point
Copy the full SHA dcd6021View commit details -
Add tracing probes to the isc_job unit
Add tracing probes to isc_job unit: * libisc:job_cb_before - before the job callback is called * libisc:job_cb_after - after the job callback is called
Configuration menu - View commit details
-
Copy full SHA for 2484a37 - Browse repository at this point
Copy the full SHA 2484a37View commit details -
Add tracing probes to the dns_xfrin unit
Add tracing probes to incoming transfers, so we can accurately measure the individual events when sending, receiving and parsing the incoming transfers.
Configuration menu - View commit details
-
Copy full SHA for 96ccba5 - Browse repository at this point
Copy the full SHA 96ccba5View commit details -
Add a probe when the response rate limiting drops or slips query
Add a trace point that would report when a query gets dropped or slipped by rate limits. It reports the client IP, the zone, and the RRL result code. Co-authored-by: Paul Frieden <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for d332f07 - Browse repository at this point
Copy the full SHA d332f07View commit details -
Add zone name to the LIBDNS_XFRIN probes
We already print the formatted zone name via the xfrin_log() function, generate the text once and store it in xfr->info static buffer. Then we can reuse the string to pass it to the LIBDNS_XFRIN probes.
Configuration menu - View commit details
-
Copy full SHA for 9b85876 - Browse repository at this point
Copy the full SHA 9b85876View commit details -
Configuration menu - View commit details
-
Copy full SHA for 52cabc6 - Browse repository at this point
Copy the full SHA 52cabc6View commit details -
Merge branch '4041-add-userspace-tracing' into 'main'
Add support for userspace tracing via USDT Closes #4041 See merge request isc-projects/bind9!7872
Configuration menu - View commit details
-
Copy full SHA for 664d7c6 - Browse repository at this point
Copy the full SHA 664d7c6View commit details -
Compile system test binaries during make
Using check_PROGRAMS would postpone compiling the binaries needed by system tests until `make check` would be called. Since it's preferable to invoke pytest directly to run the system test suite, compile these binaries without installing them during `make all` instead by using noinst_PROGRAMS. This removes the need to use TESTS= make -e check hack invoked from pytest to work around this issue.
Configuration menu - View commit details
-
Copy full SHA for 21980b4 - Browse repository at this point
Copy the full SHA 21980b4View commit details -
Resolve scan-build issue in dummylib.c
Value stored to 'rdatap' is never read. Remove the line which has no effect.
Configuration menu - View commit details
-
Copy full SHA for 145bec5 - Browse repository at this point
Copy the full SHA 145bec5View commit details -
ci: Disable dnsrps for respdiff jobs compiled with ASAN/TSAN
The dnsrps build assumes that dlopen is available from libc. This assumption isn't met when attempting to build with address or thread sanitizer on debian (bullseye, bookworm). Disable dnsrps build to avoid the issue, since it's not needed anyway for our respdiff tests. See commit b396f55 for more info about the dnsrps build.
Configuration menu - View commit details
-
Copy full SHA for 0422415 - Browse repository at this point
Copy the full SHA 0422415View commit details -
Merge branch '4249-compile-test-files-during-make' into 'main'
Compile system test binaries during make Closes #4249 See merge request isc-projects/bind9!8189
Configuration menu - View commit details
-
Copy full SHA for 344f0bb - Browse repository at this point
Copy the full SHA 344f0bbView commit details -
prevent query_coveringnsec() from running twice
when synthesizing a new CNAME, we now check whether the target matches the query already being processed. if so, we do not restart the query; this prevents a waste of resources.
Configuration menu - View commit details
-
Copy full SHA for 0ae8b2e - Browse repository at this point
Copy the full SHA 0ae8b2eView commit details -
Configuration menu - View commit details
-
Copy full SHA for ba1f756 - Browse repository at this point
Copy the full SHA ba1f756View commit details -
Merge branch '3835-cname-wildcard-loop-followup' into 'main'
prevent query_coveringnsec() from running twice See merge request isc-projects/bind9!8214
Configuration menu - View commit details
-
Copy full SHA for b4a3b13 - Browse repository at this point
Copy the full SHA b4a3b13View commit details
Commits on Aug 23, 2023
-
Don't generate the probes.lo on macOS
The DTrace on macOS only needs header file and the dtrace command doesn't have the -G option. Skip generating the object file on macOS, so the build doesn't fail.
Configuration menu - View commit details
-
Copy full SHA for d13ea59 - Browse repository at this point
Copy the full SHA d13ea59View commit details -
Regenerate the DTrace generated files on configure change
The DTrace generated files were missing dependency on the Makefile, so they didn't get regenerated when ./configure was re-run. This would create problem especially between ./configure --enable-tracing vs ./configure --disable-tracing invocations.
Configuration menu - View commit details
-
Copy full SHA for 3b6db95 - Browse repository at this point
Copy the full SHA 3b6db95View commit details -
Merge branch '4275-DTrace-on-macOS-only-needs-header' into 'main'
Don't generate the probes.lo on macOS Closes #4275 See merge request isc-projects/bind9!8234
Configuration menu - View commit details
-
Copy full SHA for 6c4af7c - Browse repository at this point
Copy the full SHA 6c4af7cView commit details -
Don't do DoT SOA requests for default servers
Default servers usually don't have DoT set up. Only do SOA queries if the server is specified.
Configuration menu - View commit details
-
Copy full SHA for 6502240 - Browse repository at this point
Copy the full SHA 6502240View commit details -
Configuration menu - View commit details
-
Copy full SHA for 4249ebd - Browse repository at this point
Copy the full SHA 4249ebdView commit details -
Merge branch '1181-nsupdate-tcp-soa-requests-main' into 'main'
Don't do TCP SOA requests for default servers Closes #1181 See merge request isc-projects/bind9!8192
Configuration menu - View commit details
-
Copy full SHA for 39490ec - Browse repository at this point
Copy the full SHA 39490ecView commit details -
Disable tracing in the FIPS enabled builds
The dtrace command fails with segmentation fault in the FIPS-enabled builds, thus we need to disable the tracing in the CI for the FIPS jobs.
Configuration menu - View commit details
-
Copy full SHA for a806082 - Browse repository at this point
Copy the full SHA a806082View commit details -
Merge branch '4271-disable-DTrace-in-FIPS-jobs' into 'main'
Disable tracing in the FIPS enabled builds Closes #4271 See merge request isc-projects/bind9!8235
Configuration menu - View commit details
-
Copy full SHA for a080196 - Browse repository at this point
Copy the full SHA a080196View commit details -
Skip checkds test on Python<3.7
checkds test requires the capture_output argument for subprocess.run() which was added in Python 3.7.
Configuration menu - View commit details
-
Copy full SHA for 0361233 - Browse repository at this point
Copy the full SHA 0361233View commit details -
Clean up pytest .gitignore file
The _last_test_run entry was accidentally added in !8194. It came from a work-in-progress version of the MR and was left there during a rebase.
Configuration menu - View commit details
-
Copy full SHA for 1b3db25 - Browse repository at this point
Copy the full SHA 1b3db25View commit details -
ci: fix after_script for out-of-tree tests
The commands in after_script run in a new shell, separate from before_script and script commands. Since the pytest.log.txt is for out of tree tests is present in the build directory, switch to it (if set) before running any postprocessing commands.
Configuration menu - View commit details
-
Copy full SHA for 86043b0 - Browse repository at this point
Copy the full SHA 86043b0View commit details -
Disable loadtime check in statschannel test
It is better to disable the specific check that causes the test to fail rather than mark the entire test as xfail, which can mask other issues which the test is capable of detecting.
Configuration menu - View commit details
-
Copy full SHA for 7522583 - Browse repository at this point
Copy the full SHA 7522583View commit details -
Allow re-runs of qmin system test
The qmin test is inherently unstable. It fails quite often with failure modes described in GL #904. Allow the pytest runner to re-run the test up to 3 times to only detect a more persistent and reproducible failures rather than random noise caused by the nature of the test.
Configuration menu - View commit details
-
Copy full SHA for be2123a - Browse repository at this point
Copy the full SHA be2123aView commit details -
Allow re-runs of reclimit system test
The reclimit system test has been unstable and producing false positive results for years (GL #1587). Allow the test to be re-run (once) to reduce the noise it causes.
Configuration menu - View commit details
-
Copy full SHA for 8c5833f - Browse repository at this point
Copy the full SHA 8c5833fView commit details -
Allow re-runs of rrl system test
The rrl system test has been unstable and producing false positive results for years (GL #172). Allow the test to be re-run (once) to reduce the noise it causes.
Configuration menu - View commit details
-
Copy full SHA for 40289d5 - Browse repository at this point
Copy the full SHA 40289d5View commit details -
Merge branch '3001-pytest-nitpicks' into 'main'
system tests stability tweaks and cleanup Closes #3001 See merge request isc-projects/bind9!8239
Configuration menu - View commit details
-
Copy full SHA for 911dd7f - Browse repository at this point
Copy the full SHA 911dd7fView commit details -
Remove some unnecessary token pasting macrology
There used to be an extra layer of indirection in the memory functions for certain dynamic linking scenarios. This involved variant spellings like isc__mem and isc___mem. The isc___mem variants were removed in commit 7de8469 so the token pasting is no longer needed and only serves to obfuscate.
Configuration menu - View commit details
-
Copy full SHA for 52fcc9f - Browse repository at this point
Copy the full SHA 52fcc9fView commit details -
Get rid of unnecessary macros in the system test dyndb driver
CHECKED_MEM_GET and ZERO_PTR are built-in features of isc_mem.
Configuration menu - View commit details
-
Copy full SHA for 1d34109 - Browse repository at this point
Copy the full SHA 1d34109View commit details -
Fix the style of an array de-allocation in dnssec-cds
Mention the element size explicitly, so that `matching_sigs()`, `signed_loose()`, and `signed_strict()` use the same calculation.
Configuration menu - View commit details
-
Copy full SHA for 6271f3c - Browse repository at this point
Copy the full SHA 6271f3cView commit details -
Merge branch 'ondrej-cleanup-mem-macros' into 'main'
Remove some unnecessary token pasting macrology See merge request isc-projects/bind9!8236
Configuration menu - View commit details
-
Copy full SHA for 01c758e - Browse repository at this point
Copy the full SHA 01c758eView commit details -
Refactor cleanup code in the qp-trie for the forwarders table
Instead of duplicating the destroy_forwarders() code in the cleanup sections, just call dns_forwarders_detach() every time - in case of failure, the forwarders aren't going to be attached, and forwarders object will be destroyed right away.
Configuration menu - View commit details
-
Copy full SHA for 2e3eae6 - Browse repository at this point
Copy the full SHA 2e3eae6View commit details -
Merge branch 'ondrej-cleanup-qp-in-forwarders' into 'main'
Refactor cleanup code in the qp-trie for the forwarders table See merge request isc-projects/bind9!8212
Configuration menu - View commit details
-
Copy full SHA for dda0212 - Browse repository at this point
Copy the full SHA dda0212View commit details -
Split the CPU architectures into more categories
Move i386 and other less common or ancient CPU architectures to Community-Maintened category. Move armhf and arm64 to the Best-Effort category as we do test them as part of development work (new MacBooks are all arm64), we don't really do full set of tests in the CI.
Configuration menu - View commit details
-
Copy full SHA for db94c75 - Browse repository at this point
Copy the full SHA db94c75View commit details -
Merge branch 'ondrej/remove-i386-as-fully-supported-platform' into 'm…
…ain' Move i386 and armhf to the Best-Effort category See merge request isc-projects/bind9!8223
Configuration menu - View commit details
-
Copy full SHA for 6b1ed14 - Browse repository at this point
Copy the full SHA 6b1ed14View commit details
Commits on Aug 24, 2023
-
The new test sends a 64 KiB message over TCP to named, and expects it to handle it correctly.
Aram Sargsyan committedAug 24, 2023 Configuration menu - View commit details
-
Copy full SHA for 4d723c7 - Browse repository at this point
Copy the full SHA 4d723c7View commit details -
Handle cases when buf_size is zero
The isc_dnsstream_assembler_incoming() inline function expects that when 'buf_size' is zero, then 'buf' must be NULL. The expectation is not correct, because those values come from the libuv read callback, and its documentation notes[1] that 'nread' ('buf_size' here) might be 0, which does not indicate an error or EOF, but is equivalent to EAGAIN or EWOULDBLOCK under read(2). Change the isc_dnsstream_assembler_incoming() inline function to remove the invalid expectation. [1] https://docs.libuv.org/en/v1.x/stream.html#c.uv_read_cb
Aram Sargsyan committedAug 24, 2023 Configuration menu - View commit details
-
Copy full SHA for 9a27137 - Browse repository at this point
Copy the full SHA 9a27137View commit details -
Fix a condition in isc_dnsstream_assembler_incoming()
Before calling isc_buffer_putmem(), there is a condition to check that 'buf_size' is greater than 0. At this point 'buf_size' is guaranteed to be greater than zero, so either the condition is redundant, or 'unprocessed_size' should be checked instead, which seems more logical, because calling isc_buffer_putmem() with 'unprocessed_size' being zero is not useful, although harmless.
Aram Sargsyan committedAug 24, 2023 Configuration menu - View commit details
-
Copy full SHA for a33dc92 - Browse repository at this point
Copy the full SHA a33dc92View commit details -
Merge branch '4273-streamdns-eagain' into 'main'
Resolve "crash while receiving 64 kiB message over TCP" Closes #4273 See merge request isc-projects/bind9!8231
Arаm Sаrgsyаn committedAug 24, 2023 Configuration menu - View commit details
-
Copy full SHA for edd9925 - Browse repository at this point
Copy the full SHA edd9925View commit details
Commits on Aug 25, 2023
-
Rework opensslecdsa_link to handle legacy key objects w/ openssl3
Due to bug in openssl3, the pkcs11-engine is made the default provider if enabled. This causes key generation and load to return legacy objects. Openssl3 has limited glue and does not support the full set of new style parameter to be inqueried from legacy key objects Rewrite required functions to use first the new API (if available), but fallback to the old API (if available). For the methods that have proper OpenSSL compatiblity glue, ship only one version.
Configuration menu - View commit details
-
Copy full SHA for 628dd27 - Browse repository at this point
Copy the full SHA 628dd27View commit details -
Enable keyfromlabel and enginepkcs11 systemtests with pkcs11-provider
- Simplify configuration management by deducing SoftHSM module path from openssl config - Determine the engine flag (-E) value from openssl config - Drop unused/unneeded environment variables - Run pkcs11-provider tests on Debian "sid" ossl3 flavor
Configuration menu - View commit details
-
Copy full SHA for 7fbcf38 - Browse repository at this point
Copy the full SHA 7fbcf38View commit details
Commits on Aug 28, 2023
-
Merge branch 'tt-improve-pkcs11-tests' into 'main'
Enable keyfromlabel and enginepkcs11 systemtests for pkcs11-provider See merge request isc-projects/bind9!8170
Configuration menu - View commit details
-
Copy full SHA for c4bda5b - Browse repository at this point
Copy the full SHA c4bda5bView commit details
Commits on Aug 29, 2023
-
To resolve the version select and search issue on readthedocs.org, sphinx_rtd_theme>=1.2.1 is required. Related readthedocs/sphinx_rtd_theme#1452
Configuration menu - View commit details
-
Copy full SHA for 92143fa - Browse repository at this point
Copy the full SHA 92143faView commit details -
Merge branch 'tkrizek-update-sphinx-rtd-theme' into 'main'
Update sphinx_rtd_theme See merge request isc-projects/bind9!8246
Configuration menu - View commit details
-
Copy full SHA for 7029f7d - Browse repository at this point
Copy the full SHA 7029f7dView commit details -
Check that removal of nonexistent PTR and SRV records work
There was a bug in rr_exists that caused it to fail when the name didn't exist in the zone.
Configuration menu - View commit details
-
Copy full SHA for 2b7192c - Browse repository at this point
Copy the full SHA 2b7192cView commit details -
rr_exists should not error if the name does not exist
rr_exists errored if the name did not exist in the zone. This was not an issue prior to the addition of krb5-subdomain-self-rhs and ms-subdomain-self-rhs as the only name used was the zone name which always existed.
Configuration menu - View commit details
-
Copy full SHA for b76a159 - Browse repository at this point
Copy the full SHA b76a159View commit details -
Configuration menu - View commit details
-
Copy full SHA for bb3556b - Browse repository at this point
Copy the full SHA bb3556bView commit details -
Configuration menu - View commit details
-
Copy full SHA for 2b4e109 - Browse repository at this point
Copy the full SHA 2b4e109View commit details -
Merge branch '4280-isc-support-22588-bind-now-returning-servfail-for-…
…attempted-deletions-of-non-existent-ptr-srv' into 'main' Resolve "[ISC-support #22588] BIND now returning SERVFAIL for attempted deletions of non-existent PTR/SRV records" Closes #4280 See merge request isc-projects/bind9!8247
Configuration menu - View commit details
-
Copy full SHA for 62fb970 - Browse repository at this point
Copy the full SHA 62fb970View commit details -
Silence CID 464884 (REVERSE_INULL)
*** CID 464884: Null pointer dereferences (REVERSE_INULL) /bin/tests/system/dyndb/driver/db.c: 644 in create_db() 638 639 *dbp = (dns_db_t *)sampledb; 640 641 return (ISC_R_SUCCESS); 642 643 cleanup: CID 464884: Null pointer dereferences (REVERSE_INULL) Null-checking "sampledb" suggests that it may be null, but it has already been dereferenced on all paths leading to the check. 644 if (sampledb != NULL) { 645 if (dns_name_dynamic(&sampledb->common.origin)) { 646 dns_name_free(&sampledb->common.origin, mctx); 647 } 648 649 isc_mem_putanddetach(&sampledb->common.mctx, sampledb,
Configuration menu - View commit details
-
Copy full SHA for 60630fe - Browse repository at this point
Copy the full SHA 60630feView commit details
Commits on Aug 30, 2023
-
Merge branch 'marka-cleanup-cid-464884' into 'main'
Silence CID 464884 (REVERSE_INULL) See merge request isc-projects/bind9!8248
Configuration menu - View commit details
-
Copy full SHA for b7c62b2 - Browse repository at this point
Copy the full SHA b7c62b2View commit details -
Use isc_loop_now() instead of uv_hrtime() for timestamps
The resolution of the uv_hrtime() function is bigger than the intervals used in the timers, which can result in an unexpected difference between the start_time and stop_time variables. Use isc_loop_now(), which is based on uv_now() and has the same milliseconds resolution as the functions in the uv_timer_t API. Also fix a couple wrong numbers in the comments.
Aram Sargsyan committedAug 30, 2023 Configuration menu - View commit details
-
Copy full SHA for 852e820 - Browse repository at this point
Copy the full SHA 852e820View commit details -
Merge branch '4285-timer_test-timer_event-fix' into 'main'
Resolve "timer_test unit test intermittently fails in CI" Closes #4285 See merge request isc-projects/bind9!8253
Arаm Sаrgsyаn committedAug 30, 2023 Configuration menu - View commit details
-
Copy full SHA for 0cfe0a6 - Browse repository at this point
Copy the full SHA 0cfe0a6View commit details
Commits on Aug 31, 2023
-
Provide a mechanism to return the expire option value
to the zone code so that it can be used to adjust the expire time.
Configuration menu - View commit details
-
Copy full SHA for 87912e4 - Browse repository at this point
Copy the full SHA 87912e4View commit details -
Allow EDNS to be used when making requests in xfrin
This allow for the EDNS options EXPIRE and NSID to be sent when when making requests. The existing controls controlling whether EDNS is used and whether EXPIRE or NSID are sent are honoured. Adjust the expected byte counts in the xfer system test to reflect the EDNS overhead. Adjust the dig call to match named's behavior (don't set +expire as we are talking to a secondary).
Configuration menu - View commit details
-
Copy full SHA for 690fd05 - Browse repository at this point
Copy the full SHA 690fd05View commit details -
Handle EDNS induced FORMERR responses
If we are talking to a non EDNS aware primary that returns FORMERR to EDNS requests retry the request without using EDNS.
Configuration menu - View commit details
-
Copy full SHA for be21d31 - Browse repository at this point
Copy the full SHA be21d31View commit details -
Configuration menu - View commit details
-
Copy full SHA for 0b4200c - Browse repository at this point
Copy the full SHA 0b4200cView commit details -
Trim the effective expire time based on expire option
and use that adjusted time to set the modification times.
Configuration menu - View commit details
-
Copy full SHA for b04d941 - Browse repository at this point
Copy the full SHA b04d941View commit details -
Set the modification time of the zone file after dumping
For secondary, mirror and redirect zones the expiry time is set from the zone file's modification time on restart. As zone dumping take time, set the modification time of the zone file to the expire time less the expire interval.
Configuration menu - View commit details
-
Copy full SHA for 9e03b5f - Browse repository at this point
Copy the full SHA 9e03b5fView commit details -
Configuration menu - View commit details
-
Copy full SHA for cf03b1e - Browse repository at this point
Copy the full SHA cf03b1eView commit details -
Configuration menu - View commit details
-
Copy full SHA for b05fce4 - Browse repository at this point
Copy the full SHA b05fce4View commit details -
Configuration menu - View commit details
-
Copy full SHA for ac68200 - Browse repository at this point
Copy the full SHA ac68200View commit details -
Merge branch '4170-extend-expire-opt-support-into-xfrin-c' into 'main'
Resolve "Extend EXPIRE opt support into xfrin.c" Closes #4170 See merge request isc-projects/bind9!8064
Configuration menu - View commit details
-
Copy full SHA for cd837f4 - Browse repository at this point
Copy the full SHA cd837f4View commit details -
Add serve-stale test settings after flush
Add a test case to ensure that after 'rndc flush', the serve-stale settings are not reset.
Configuration menu - View commit details
-
Copy full SHA for 0f593fd - Browse repository at this point
Copy the full SHA 0f593fdView commit details -
After cache flush, restore serve-stale settings
When flushing the cache, we create a new cache database. The serve-stale settings need to be restored after doing this. We already did this for max-stale-ttl, but forgot to do this for stale-refresh-time.
Configuration menu - View commit details
-
Copy full SHA for 3ae721d - Browse repository at this point
Copy the full SHA 3ae721dView commit details -
Configuration menu - View commit details
-
Copy full SHA for 9523eb7 - Browse repository at this point
Copy the full SHA 9523eb7View commit details -
Merge branch '4278-rndc-flush-resets-stale-refresh-time-to-0' into 'm…
…ain' Restore serve-stale settings after cache flush Closes #4278 See merge request isc-projects/bind9!8244
Configuration menu - View commit details
-
Copy full SHA for 3f34b69 - Browse repository at this point
Copy the full SHA 3f34b69View commit details -
Reset the 'result' before using it again
The 'result' variable should be reset to ISC_R_NOTFOUND again, because otherwise a log message could be logged about not being able to get the TLS configuration based on on the 'result' value from the previous calls to get the TSIG key.
Aram Sargsyan committedAug 31, 2023 Configuration menu - View commit details
-
Copy full SHA for 6cab7fc - Browse repository at this point
Copy the full SHA 6cab7fcView commit details -
Unobfuscate the code-flow logic in got_transfer_quota()
This refactors the code flow in got_transfer_quota() to not use the CHECK() macro as it really obfuscates the code flow logic here.
Configuration menu - View commit details
-
Copy full SHA for 00cb151 - Browse repository at this point
Copy the full SHA 00cb151View commit details -
Merge branch 'aram/zone.c-got_transfer_quota-bugfix' into 'main'
Reset the 'result' before using it again in zone.c:got_transfer_quota() See merge request isc-projects/bind9!8241
Arаm Sаrgsyаn committedAug 31, 2023 Configuration menu - View commit details
-
Copy full SHA for 3e5ccc3 - Browse repository at this point
Copy the full SHA 3e5ccc3View commit details -
Install Sphinx tools versions from BIND 9 repository
The doc/arm/requirements.txt file is the single source of truth when it comes to Sphinx tools versions used to build documentation via util/release-tarball-comparison.sh.
Configuration menu - View commit details
-
Copy full SHA for 520e97e - Browse repository at this point
Copy the full SHA 520e97eView commit details -
Merge branch 'mnowak/unify-doc-tools-versions' into 'main'
Install Sphinx tools versions from BIND 9 repository See merge request isc-projects/bind9!8251
Configuration menu - View commit details
-
Copy full SHA for 6f53d34 - Browse repository at this point
Copy the full SHA 6f53d34View commit details -
Update PKCS#11 section in the ARM
Add instructions for pkcs11-provider and generalize common sections.
Configuration menu - View commit details
-
Copy full SHA for 38df202 - Browse repository at this point
Copy the full SHA 38df202View commit details -
Merge branch 'tt-arm-pkcs11-update' into 'main'
Update PKCS#11 section in the ARM See merge request isc-projects/bind9!8258
Configuration menu - View commit details
-
Copy full SHA for 509b911 - Browse repository at this point
Copy the full SHA 509b911View commit details -
Fix keys reference link in ARM
There's a statement that says: "Here is an example (for illustration purposes only) of some possible entries in a [keys] list:", and that links to the wrong "keys" statement (it links to the TSIG keys section). Remove the reference, as we are already in the right section.
Configuration menu - View commit details
-
Copy full SHA for 07c70ea - Browse repository at this point
Copy the full SHA 07c70eaView commit details -
Add a glossary definition for duration
We don't yet explain the syntax of TTL-style suffixes or ISO 8601 duration formats.
Configuration menu - View commit details
-
Copy full SHA for cc122d2 - Browse repository at this point
Copy the full SHA cc122d2View commit details -
Add the text "TTL-style unit suffixes or ISO 8601 duration formats", just like we do at other places that are duration option types. Also, in the dnssec-policy "keys" example, use a TTL-style unit too.
Configuration menu - View commit details
-
Copy full SHA for b5a757c - Browse repository at this point
Copy the full SHA b5a757cView commit details -
Configuration menu - View commit details
-
Copy full SHA for fd3d58d - Browse repository at this point
Copy the full SHA fd3d58dView commit details -
Merge branch '4266-document-dnssec-policy-lifetime' into 'main'
Clarify BIND 9 time formats Closes #4266 See merge request isc-projects/bind9!8228
Configuration menu - View commit details
-
Copy full SHA for ac2b928 - Browse repository at this point
Copy the full SHA ac2b928View commit details -
the extra option to limit ACL configuration to only one address family was no longer in use, and has been removed.
Configuration menu - View commit details
-
Copy full SHA for 6909897 - Browse repository at this point
Copy the full SHA 6909897View commit details -
we don't need two versions of dns_name_fromstring() any longer; we can just specify an origin value of dns_rootname for absolute names.
Configuration menu - View commit details
-
Copy full SHA for a290ed5 - Browse repository at this point
Copy the full SHA a290ed5View commit details -
we don't need two versions of dns_name_towire(), we can just add NULL to the calls that don't need to specify a compression offset.
Configuration menu - View commit details
-
Copy full SHA for 62d7096 - Browse repository at this point
Copy the full SHA 62d7096View commit details -
remove dns_name_totext2() and dns_name_toprincipal()
we can pass option flags to dns_name_totext() to get the same results, and eliminate the extra function names.
Configuration menu - View commit details
-
Copy full SHA for 8bda38e - Browse repository at this point
Copy the full SHA 8bda38eView commit details -
Merge branch 'each-cleanup-function-names' into 'main'
remove extra function names See merge request isc-projects/bind9!8204
Configuration menu - View commit details
-
Copy full SHA for 8ff4895 - Browse repository at this point
Copy the full SHA 8ff4895View commit details -
Checked array allocation arithmetic with isc_mem_get and friends
Add new isc_mem_cget(), isc_mem_creget(), and isc_mem_cput() macros to complement the isc_mem_callocate() (which works like calloc()). The overflow checks are implemented as macros in the <isc/mem.h>, so that the compiler can see that the element size is constant: it should always be `sizeof(something)`.
Configuration menu - View commit details
-
Copy full SHA for 6272482 - Browse repository at this point
Copy the full SHA 6272482View commit details -
A semantic patch to refactor isc_mem_cget and friends
The aim is to match unsafe patterns of allocation size arithmetic and turn them into safe calls to the new `isc_mem_cget()`, `isc_mem_creget()`, and `isc_mem_cput()`.
Configuration menu - View commit details
-
Copy full SHA for a742fde - Browse repository at this point
Copy the full SHA a742fdeView commit details -
Configuration menu - View commit details
-
Copy full SHA for 89fcb6f - Browse repository at this point
Copy the full SHA 89fcb6fView commit details -
Do extra manual isc_mem_cget() conversions
Some of the cases weren't caught by the coccinelle and there were some places where cget+memmove() could get converted to simple creget().
Configuration menu - View commit details
-
Copy full SHA for 55c29b8 - Browse repository at this point
Copy the full SHA 55c29b8View commit details -
Remove ISC_MEM_ALIGN() memory flag
The ISC_MEM_ALIGN() was not used anywhere (except mem.c itself), so just remove the unused flag.
Configuration menu - View commit details
-
Copy full SHA for 8ac679a - Browse repository at this point
Copy the full SHA 8ac679aView commit details -
Remove ISC_MEM_ZERO and isc_mem_*x() API
Use the new isc_mem_c*() calloc-like API for allocations that are zeroed. In turn, this also fixes couple of incorrect usage of the ISC_MEM_ZERO for structures that need to be zeroed explicitly. There are few places where isc_mem_cput() is used on structures with a flexible member (or similar).
Configuration menu - View commit details
-
Copy full SHA for d9048b3 - Browse repository at this point
Copy the full SHA d9048b3View commit details -
Configuration menu - View commit details
-
Copy full SHA for 166cb53 - Browse repository at this point
Copy the full SHA 166cb53View commit details -
Merge branch 'ondrej-isc_mem_cget' into 'main'
Checked array allocation arithmetic with isc_mem_get and friends See merge request isc-projects/bind9!8237
Configuration menu - View commit details
-
Copy full SHA for 4e1630e - Browse repository at this point
Copy the full SHA 4e1630eView commit details
Commits on Sep 1, 2023
-
Clear OpenSSL errors on d2i_ASN1_OBJECT failures
When d2i_ASN1_OBJECT() fails an error is pushed onto the thread's error stack. This is now cleared by calling ERR_clear_error().
Configuration menu - View commit details
-
Copy full SHA for 5e09d95 - Browse repository at this point
Copy the full SHA 5e09d95View commit details -
Configuration menu - View commit details
-
Copy full SHA for eafcd41 - Browse repository at this point
Copy the full SHA eafcd41View commit details -
Configuration menu - View commit details
-
Copy full SHA for 8529be3 - Browse repository at this point
Copy the full SHA 8529be3View commit details -
Configuration menu - View commit details
-
Copy full SHA for d8a9adc - Browse repository at this point
Copy the full SHA d8a9adcView commit details -
Configuration menu - View commit details
-
Copy full SHA for abd8c03 - Browse repository at this point
Copy the full SHA abd8c03View commit details -
Configuration menu - View commit details
-
Copy full SHA for 86b0436 - Browse repository at this point
Copy the full SHA 86b0436View commit details -
Configuration menu - View commit details
-
Copy full SHA for 6df53cd - Browse repository at this point
Copy the full SHA 6df53cdView commit details -
Configuration menu - View commit details
-
Copy full SHA for 4ea9269 - Browse repository at this point
Copy the full SHA 4ea9269View commit details -
Configuration menu - View commit details
-
Copy full SHA for 2ba62ae - Browse repository at this point
Copy the full SHA 2ba62aeView commit details -
Configuration menu - View commit details
-
Copy full SHA for 2799733 - Browse repository at this point
Copy the full SHA 2799733View commit details -
Configuration menu - View commit details
-
Copy full SHA for 247422c - Browse repository at this point
Copy the full SHA 247422cView commit details -
Configuration menu - View commit details
-
Copy full SHA for 96db614 - Browse repository at this point
Copy the full SHA 96db614View commit details -
Configuration menu - View commit details
-
Copy full SHA for 4f790b6 - Browse repository at this point
Copy the full SHA 4f790b6View commit details -
Configuration menu - View commit details
-
Copy full SHA for eaedba6 - Browse repository at this point
Copy the full SHA eaedba6View commit details -
Configuration menu - View commit details
-
Copy full SHA for 936b73c - Browse repository at this point
Copy the full SHA 936b73cView commit details -
Configuration menu - View commit details
-
Copy full SHA for b442ae8 - Browse repository at this point
Copy the full SHA b442ae8View commit details -
Configuration menu - View commit details
-
Copy full SHA for 4c4ecbc - Browse repository at this point
Copy the full SHA 4c4ecbcView commit details -
Configuration menu - View commit details
-
Copy full SHA for 9e22882 - Browse repository at this point
Copy the full SHA 9e22882View commit details -
Configuration menu - View commit details
-
Copy full SHA for 299f519 - Browse repository at this point
Copy the full SHA 299f519View commit details -
Configuration menu - View commit details
-
Copy full SHA for b6e1650 - Browse repository at this point
Copy the full SHA b6e1650View commit details -
Detect uncleared libcrypto errors in rdata processing
If libcrypto errors are not cleared slow memory leaks occur which are not detected at shutdown.
Configuration menu - View commit details
-
Copy full SHA for 14727bb - Browse repository at this point
Copy the full SHA 14727bbView commit details -
Configuration menu - View commit details
-
Copy full SHA for 6c3d4d7 - Browse repository at this point
Copy the full SHA 6c3d4d7View commit details -
Configuration menu - View commit details
-
Copy full SHA for 6a1a737 - Browse repository at this point
Copy the full SHA 6a1a737View commit details -
Merge branch '4159-openssl-error-queue-not-cleaned' into 'main'
Resolve "OpenSSL error queue not cleaned" Closes #4159 See merge request isc-projects/bind9!8233
Configuration menu - View commit details
-
Copy full SHA for 5969a7c - Browse repository at this point
Copy the full SHA 5969a7cView commit details -
replace RBTs with hashmaps in dns_transport
as dns_transport_find() is only concerned with finding an exact match on the specified name it doesn't need to use a tree data structure internally, we can replace the RBTs with hash tables.
Configuration menu - View commit details
-
Copy full SHA for 9067b63 - Browse repository at this point
Copy the full SHA 9067b63View commit details -
add dns_nametree structure for policy match lookups
this is a QP trie of boolean values to indicate whether a name is included in or excluded from some policy. this can be used for synth-from-dnssec, deny-answer-aliases, etc.
Configuration menu - View commit details
-
Copy full SHA for 56114aa - Browse repository at this point
Copy the full SHA 56114aaView commit details -
use dns_nametree in place of RBTs
replace the use of RBTs for deny-answer-aliases, the exclude lists for deny-answer-aliases and deny-answer-addresses, and dnssec-must-be-secure, with name trees.
Configuration menu - View commit details
-
Copy full SHA for e83ac0c - Browse repository at this point
Copy the full SHA e83ac0cView commit details -
refactor disable_algorithm and disable_ds_digest to use one data stru…
…cture the functions for disabling DNSSEC signing algorithms and DS digest algorithms in resolver.c had a lot of duplicated code. this commit adds functions to implement a "bitfield tree", which is (currently) an RBT in which the node data contains arbitrary-sized bitfields to indicate whether a value has been added at the given node or not. (it can be changed to a QP trie later.) it also replaces the functions dns_resolver_disable_algorithm(), dns_resolver_algorithm_supported(), dns_resolver_disable_ds_digest() and dns_resolver_ds_digest_supported() with simple wrappers that call the new functions.
Configuration menu - View commit details
-
Copy full SHA for 54fc024 - Browse repository at this point
Copy the full SHA 54fc024View commit details
Commits on Sep 4, 2023
-
add semantics to dns_nametree to support bitfields
name trees can now hold either boolean values or bit fields. the type is selected when the name tree is created. the behavior of dns_nametree_add() differs slightly beteween the types: in a boolean tree adding an existing name will return ISC_R_EXISTS, but in a bitfield tree it simply sets the specified bit in the bitfield and returns ISC_R_SUCCESS.
Configuration menu - View commit details
-
Copy full SHA for 9ed1dba - Browse repository at this point
Copy the full SHA 9ed1dbaView commit details -
use bitfield name trees for disable-algorithms and disable-ds-digests
switch disable-algorithms and disable-ds-digests to use bitfield-type name trees, replacing the RBT-based bftree.
Configuration menu - View commit details
-
Copy full SHA for bc3fd1a - Browse repository at this point
Copy the full SHA bc3fd1aView commit details -
add semantics to name trees to support counters
name trees can now also hold trees of counters. each time a name dns_nametree_add() is called with a given name, the counter for that name is incremented; the name is not deleted until dns_nametree_delete() is called the same number of times. this is meant to be used for synth-from-dnssec, which is incremented for each key defined at a name, and decremented when a key is removed, the name must continue to exist until the number of keys has reached zero.
Configuration menu - View commit details
-
Copy full SHA for 0ebaa26 - Browse repository at this point
Copy the full SHA 0ebaa26View commit details -
add a 'foundname' argument to dns_nametree_covered()
when checking whether a name is covered, the ancestor name that was found can be set into a name object passed in.
Configuration menu - View commit details
-
Copy full SHA for b1e4e2a - Browse repository at this point
Copy the full SHA b1e4e2aView commit details -
use a count nametree for synthfromdnssec
use the count semantics for dns_nametree to support view->sfd.
Configuration menu - View commit details
-
Copy full SHA for 1a238a0 - Browse repository at this point
Copy the full SHA 1a238a0View commit details -
unconditionally create view and resolver nametrees
instead of allowing a NULL nametree in dns_nametree_covered(), require nametree to exist, and ensure that the nametrees defined for view and resolver objects are always created.
Configuration menu - View commit details
-
Copy full SHA for 1019c0c - Browse repository at this point
Copy the full SHA 1019c0cView commit details -
Configuration menu - View commit details
-
Copy full SHA for 9c25a09 - Browse repository at this point
Copy the full SHA 9c25a09View commit details -
Merge branch 'each-cleanup-rbt' into 'main'
replace RBT usage throughout named See merge request isc-projects/bind9!8213
Configuration menu - View commit details
-
Copy full SHA for 00a6268 - Browse repository at this point
Copy the full SHA 00a6268View commit details -
Move security-related information to SECURITY.md
To follow current best practices, create a short SECURITY.md file in the root of the repository that contains information about the project's security policy and guidelines for reporting potential security issues. Replace the relevant bits of text in other files with references to the new SECURITY.md file, so that the relevant information only needs to be maintained in one place. Replace all occurrences of the generic [email protected] email with a dedicated address for reporting BIND 9 security issues, [email protected].
Configuration menu - View commit details
-
Copy full SHA for ca9fed9 - Browse repository at this point
Copy the full SHA ca9fed9View commit details -
Merge branch 'michal/reorganize-vulnerability-docs' into 'main'
Move security-related information to SECURITY.md See merge request isc-projects/bind9!8257
Configuration menu - View commit details
-
Copy full SHA for eac0a4b - Browse repository at this point
Copy the full SHA eac0a4bView commit details -
Deprecate 'dnssec-must-be-secure' option
The dnssec-must-be-secure feature was added in the early days of BIND 9 and DNSSEC and it makes sense only as a debugging feature. Remove the feature to simplify the code.
Configuration menu - View commit details
-
Copy full SHA for 9e0b348 - Browse repository at this point
Copy the full SHA 9e0b348View commit details -
Configuration menu - View commit details
-
Copy full SHA for 898f0ee - Browse repository at this point
Copy the full SHA 898f0eeView commit details -
Merge branch '4263-deprecate-dnssec-must-be-secure-feature' into 'main'
Deprecate 'dnssec-must-be-secure' option See merge request isc-projects/bind9!8267
Configuration menu - View commit details
-
Copy full SHA for 912d6a1 - Browse repository at this point
Copy the full SHA 912d6a1View commit details
Commits on Sep 5, 2023
-
Make it possible to create memory contexts backed by jemalloc arenas
This commit extends the internal memory management middleware code in BIND so that memory contexts backed by dedicated jemalloc arenas can be created. A new function (isc_mem_create_arena()) is added for that. Moreover, it extends the existing code so that specialised memory contexts can be created easily, should we need that functionality for other future purposes. We have achieved that by passing the flags to the underlying jemalloc-related calls. See the above isc_mem_create_arena(), which can serve as an example of this. Having this opens up possibilities for creating memory contexts tuned for specific needs.
Configuration menu - View commit details
-
Copy full SHA for 8550c52 - Browse repository at this point
Copy the full SHA 8550c52View commit details -
Add ability to set per jemalloc arena dirty and muzzy decay values
This commit adds couple of functions to change "dirty_decay_ms" and "muzzy_decay_ms" settings on arenas associated with memory contexts.
Configuration menu - View commit details
-
Copy full SHA for 6e98b58 - Browse repository at this point
Copy the full SHA 6e98b58View commit details -
Allocate DNS send buffers using dedicated per-worker memory arenas
This commit ensures that memory allocations related to DNS send buffers are routed through dedicated per-worker memory arenas in order to decrease memory usage on high load caused by TCP-based DNS transports. We do that by following jemalloc developers suggestions: jemalloc/jemalloc#2483 (comment) jemalloc/jemalloc#2483 (comment)
Configuration menu - View commit details
-
Copy full SHA for 01cc7ed - Browse repository at this point
Copy the full SHA 01cc7edView commit details -
Add CHANGES and release note for [GL #4038]
Mention that send buffer allocations/deallocations are now routed through dedicated memory arenas.
Configuration menu - View commit details
-
Copy full SHA for 60d52a4 - Browse repository at this point
Copy the full SHA 60d52a4View commit details -
Merge branch '4038-specialised-arena-per-worker' into 'main'
Make it possible to create memory contexts backed by jemalloc arenas Closes #4038 See merge request isc-projects/bind9!8270
Configuration menu - View commit details
-
Copy full SHA for dd658c4 - Browse repository at this point
Copy the full SHA dd658c4View commit details -
Configuration menu - View commit details
-
Copy full SHA for e70a937 - Browse repository at this point
Copy the full SHA e70a937View commit details -
Merge branch '4255-placeholder' into 'main'
Add CHANGES placeholder for [GL #4255] See merge request isc-projects/bind9!8275
Configuration menu - View commit details
-
Copy full SHA for be33cfa - Browse repository at this point
Copy the full SHA be33cfaView commit details -
Ignore jemalloc versions before 4.0.0
We now depend on explicitly creating memory arenas and disabling tcache on those, and these features are not available with jemalloc < 4. Instead of working around these issues, make the jemalloc >= 4.0.0 hard requirement by looking for sdallocx() symbol that's only available from that version. The jemalloc < 4 was only used by RHEL 7 which is not supported since BIND 9.19+.
Configuration menu - View commit details
-
Copy full SHA for d862f4b - Browse repository at this point
Copy the full SHA d862f4bView commit details -
Print the used jemalloc version in autoconf and named -V output
The autoconf and named -V now prints used version of jemalloc. This doesn't work with system supplied jemalloc, so in it prints `system` instead in the autoconf and nothing in named -V output.
Configuration menu - View commit details
-
Copy full SHA for 2e99dce - Browse repository at this point
Copy the full SHA 2e99dceView commit details -
Synchronize used library versions reporting functions
There are libraries which are reported in printversion(), but not reported in setup(). Synchronize the functions, so that the log file could have the same information as reported by the 'named -V' command execution.
Configuration menu - View commit details
-
Copy full SHA for 2084986 - Browse repository at this point
Copy the full SHA 2084986View commit details -
Configuration menu - View commit details
-
Copy full SHA for 7423557 - Browse repository at this point
Copy the full SHA 7423557View commit details -
Merge branch '4296-ignore-jemalloc-versions-before-4.0.0' into 'main'
Ignore jemalloc versions before 4.0.0 Closes #4296 See merge request isc-projects/bind9!8273
Configuration menu - View commit details
-
Copy full SHA for fb233b3 - Browse repository at this point
Copy the full SHA fb233b3View commit details -
Disable command tracing in statschannel system test
Command tracing was added recently via 26e10e8 and makes the system test too verbose.
Configuration menu - View commit details
-
Copy full SHA for f0c37d8 - Browse repository at this point
Copy the full SHA f0c37d8View commit details -
Merge branch 'mnowak/statschannel-system-test-is-too-verbose' into 'm…
…ain' Disable command tracing in statschannel system test See merge request isc-projects/bind9!8277
Configuration menu - View commit details
-
Copy full SHA for 5173849 - Browse repository at this point
Copy the full SHA 5173849View commit details -
Restore dns_validator_destroy and fetchctx_detach call order
7a78a85 moved the destruction of the validator from near the start validated to the end. This reversed the order of dns_validator_destroy and fetchctx_detach. Restore the order so that val->name remains valid for the lifetime of the validator.
Configuration menu - View commit details
-
Copy full SHA for cf63cb1 - Browse repository at this point
Copy the full SHA cf63cb1View commit details -
Configuration menu - View commit details
-
Copy full SHA for 1fed5c8 - Browse repository at this point
Copy the full SHA 1fed5c8View commit details -
Merge branch '4214-uaf-in-validator-logging' into 'main'
Resolve "UAF in validator logging" Closes #4214 See merge request isc-projects/bind9!8269
Configuration menu - View commit details
-
Copy full SHA for 028154d - Browse repository at this point
Copy the full SHA 028154dView commit details
Commits on Sep 6, 2023
-
Configuration menu - View commit details
-
Copy full SHA for 28adcf1 - Browse repository at this point
Copy the full SHA 28adcf1View commit details -
Merge branch '4292-uncleared-libcrypto-error-crypto-evp-evp_fetch-c-3…
…73-inner_evp_generic_fetch' into 'main' Resolve "Uncleared libcrypto error: crypto/evp/evp_fetch.c:373 inner_evp_generic_fetch" Closes #4292 See merge request isc-projects/bind9!8274
Configuration menu - View commit details
-
Copy full SHA for 49f6bf8 - Browse repository at this point
Copy the full SHA 49f6bf8View commit details -
Configuration menu - View commit details
-
Copy full SHA for 701ad35 - Browse repository at this point
Copy the full SHA 701ad35View commit details -
Merge branch '4291-check-dig-exit-status' into 'main'
Resolve "RNDC system test failed to run to completion" Closes #4291 See merge request isc-projects/bind9!8264
Configuration menu - View commit details
-
Copy full SHA for fafa7f3 - Browse repository at this point
Copy the full SHA fafa7f3View commit details -
Adjust level of log messages when transferring in a zone
This raises the log level of messages treated as FORMERR to NOTICE when transfering in a zone. This also adds a missing log message for TYPE0 and meta types received during a zone transfer.
Configuration menu - View commit details
-
Copy full SHA for 6c34147 - Browse repository at this point
Copy the full SHA 6c34147View commit details -
Configuration menu - View commit details
-
Copy full SHA for b867244 - Browse repository at this point
Copy the full SHA b867244View commit details -
Merge branch '4290-raise-log-level-to-isc_log_error-on-formerr-in-xfr…
…in-c' into 'main' Resolve "raise log level to ISC_LOG_NOTICE on FORMERR in xfrin.c" Closes #4290 See merge request isc-projects/bind9!8262
Configuration menu - View commit details
-
Copy full SHA for b6e5960 - Browse repository at this point
Copy the full SHA b6e5960View commit details -
Configuration menu - View commit details
-
Copy full SHA for b4ec7c7 - Browse repository at this point
Copy the full SHA b4ec7c7View commit details
Commits on Sep 7, 2023
-
Merge branch '4152-placeholder' into 'main'
Add CHANGES placeholder for [GL #4152] See merge request isc-projects/bind9!8283
Configuration menu - View commit details
-
Copy full SHA for b237414 - Browse repository at this point
Copy the full SHA b237414View commit details -
Configuration menu - View commit details
-
Copy full SHA for a8cba9b - Browse repository at this point
Copy the full SHA a8cba9bView commit details -
Merge branch '4242-placeholder' into 'main'
Add CHANGES placeholder for [GL #4242] Closes #4242 See merge request isc-projects/bind9!8284
Configuration menu - View commit details
-
Copy full SHA for 6bda72d - Browse repository at this point
Copy the full SHA 6bda72dView commit details -
Limit isccc_cc_fromwire recursion depth
Named and rndc do not need a lot of recursion so the depth is set to 10.
Configuration menu - View commit details
-
Copy full SHA for 820b0cc - Browse repository at this point
Copy the full SHA 820b0ccView commit details -
Configuration menu - View commit details
-
Copy full SHA for 6af8d39 - Browse repository at this point
Copy the full SHA 6af8d39View commit details -
Configuration menu - View commit details
-
Copy full SHA for ecd77e6 - Browse repository at this point
Copy the full SHA ecd77e6View commit details
Commits on Sep 8, 2023
-
Merge branch '4152-confidential-limit-isccc_cc_fromwire-recursion-dep…
…th' into 'security-main' [CVE-2023-3341] Limit isccc_cc_fromwire recursion depth See merge request isc-private/bind9!546
Configuration menu - View commit details
-
Copy full SHA for 62697a1 - Browse repository at this point
Copy the full SHA 62697a1View commit details -
Simplify Sphinx tools installation
Pointing pip3 to the "requirements file" eliminates the necessity for removing comments.
Configuration menu - View commit details
-
Copy full SHA for 93dc606 - Browse repository at this point
Copy the full SHA 93dc606View commit details -
Configuration menu - View commit details
-
Copy full SHA for da05434 - Browse repository at this point
Copy the full SHA da05434View commit details -
Configuration menu - View commit details
-
Copy full SHA for 01020d7 - Browse repository at this point
Copy the full SHA 01020d7View commit details -
Configuration menu - View commit details
-
Copy full SHA for cec1e23 - Browse repository at this point
Copy the full SHA cec1e23View commit details -
Merge branch 'mnowak/prepare-documentation-for-bind-9.19.17' into 'se…
…curity-main' Prepare documentation for BIND 9.19.17 See merge request isc-private/bind9!577
Configuration menu - View commit details
-
Copy full SHA for f0a4a72 - Browse repository at this point
Copy the full SHA f0a4a72View commit details -
Configuration menu - View commit details
-
Copy full SHA for 9f780d8 - Browse repository at this point
Copy the full SHA 9f780d8View commit details -
Configuration menu - View commit details
-
Copy full SHA for 464cf8c - Browse repository at this point
Copy the full SHA 464cf8cView commit details
Commits on Oct 16, 2023
-
Configuration menu - View commit details
-
Copy full SHA for 42bea8c - Browse repository at this point
Copy the full SHA 42bea8cView commit details -
Configuration menu - View commit details
-
Copy full SHA for 8d78884 - Browse repository at this point
Copy the full SHA 8d78884View commit details -
Configuration menu - View commit details
-
Copy full SHA for 81028bd - Browse repository at this point
Copy the full SHA 81028bdView commit details -
Configuration menu - View commit details
-
Copy full SHA for 859853a - Browse repository at this point
Copy the full SHA 859853aView commit details -
Configuration menu - View commit details
-
Copy full SHA for fe30fe9 - Browse repository at this point
Copy the full SHA fe30fe9View commit details -
Configuration menu - View commit details
-
Copy full SHA for c9660c8 - Browse repository at this point
Copy the full SHA c9660c8View commit details -
Configuration menu - View commit details
-
Copy full SHA for 278a54e - Browse repository at this point
Copy the full SHA 278a54eView commit details -
Configuration menu - View commit details
-
Copy full SHA for 6f453aa - Browse repository at this point
Copy the full SHA 6f453aaView commit details -
Configuration menu - View commit details
-
Copy full SHA for 4565365 - Browse repository at this point
Copy the full SHA 4565365View commit details -
Configuration menu - View commit details
-
Copy full SHA for 83d18ea - Browse repository at this point
Copy the full SHA 83d18eaView commit details -
Configuration menu - View commit details
-
Copy full SHA for a097972 - Browse repository at this point
Copy the full SHA a097972View commit details
Commits on Oct 17, 2023
-
Configuration menu - View commit details
-
Copy full SHA for edb14aa - Browse repository at this point
Copy the full SHA edb14aaView commit details -
Configuration menu - View commit details
-
Copy full SHA for e0f7cca - Browse repository at this point
Copy the full SHA e0f7ccaView commit details
Commits on Oct 18, 2023
-
Configuration menu - View commit details
-
Copy full SHA for a609a88 - Browse repository at this point
Copy the full SHA a609a88View commit details -
Configuration menu - View commit details
-
Copy full SHA for 66e9f54 - Browse repository at this point
Copy the full SHA 66e9f54View commit details -
Configuration menu - View commit details
-
Copy full SHA for 0d1f5e3 - Browse repository at this point
Copy the full SHA 0d1f5e3View commit details -
Configuration menu - View commit details
-
Copy full SHA for 0869ba3 - Browse repository at this point
Copy the full SHA 0869ba3View commit details -
Configuration menu - View commit details
-
Copy full SHA for ca71daa - Browse repository at this point
Copy the full SHA ca71daaView commit details -
Configuration menu - View commit details
-
Copy full SHA for 9cc5480 - Browse repository at this point
Copy the full SHA 9cc5480View commit details -
Configuration menu - View commit details
-
Copy full SHA for 3d4d94a - Browse repository at this point
Copy the full SHA 3d4d94aView commit details -
Configuration menu - View commit details
-
Copy full SHA for e77ef4a - Browse repository at this point
Copy the full SHA e77ef4aView commit details -
Configuration menu - View commit details
-
Copy full SHA for bf4bd26 - Browse repository at this point
Copy the full SHA bf4bd26View commit details -
Configuration menu - View commit details
-
Copy full SHA for e0f591a - Browse repository at this point
Copy the full SHA e0f591aView commit details -
Configuration menu - View commit details
-
Copy full SHA for 5943bb0 - Browse repository at this point
Copy the full SHA 5943bb0View commit details -
Configuration menu - View commit details
-
Copy full SHA for 7839088 - Browse repository at this point
Copy the full SHA 7839088View commit details -
Configuration menu - View commit details
-
Copy full SHA for 861100a - Browse repository at this point
Copy the full SHA 861100aView commit details -
Configuration menu - View commit details
-
Copy full SHA for 94c124d - Browse repository at this point
Copy the full SHA 94c124dView commit details -
Configuration menu - View commit details
-
Copy full SHA for e93607b - Browse repository at this point
Copy the full SHA e93607bView commit details -
Configuration menu - View commit details
-
Copy full SHA for 937c0a4 - Browse repository at this point
Copy the full SHA 937c0a4View commit details -
Configuration menu - View commit details
-
Copy full SHA for 6be73f6 - Browse repository at this point
Copy the full SHA 6be73f6View commit details -
Configuration menu - View commit details
-
Copy full SHA for 84c7d71 - Browse repository at this point
Copy the full SHA 84c7d71View commit details -
Configuration menu - View commit details
-
Copy full SHA for dde27a4 - Browse repository at this point
Copy the full SHA dde27a4View commit details -
Configuration menu - View commit details
-
Copy full SHA for cbad064 - Browse repository at this point
Copy the full SHA cbad064View commit details -
Configuration menu - View commit details
-
Copy full SHA for be1f850 - Browse repository at this point
Copy the full SHA be1f850View commit details -
Configuration menu - View commit details
-
Copy full SHA for 0402bd6 - Browse repository at this point
Copy the full SHA 0402bd6View commit details -
Configuration menu - View commit details
-
Copy full SHA for 8702103 - Browse repository at this point
Copy the full SHA 8702103View commit details