Colin Vidal [Thu, 16 Oct 2025 14:33:51 +0000 (16:33 +0200)]
effective config: specific view cases
User specified views don't override default views. In particular, the
_bind/CH view is still active. However, the order is important: if the
user defines a foo/CH view, it must be able to override _bind/CH by
matching clients first (this is how the view is documented).
The server configuration code is now simpler; it only has to build the
views based on the effective view list, and only creates the _default
view if there are no explicit views created by the user.
Colin Vidal [Thu, 16 Oct 2025 14:26:06 +0000 (16:26 +0200)]
effective config: specific options/acl cases
Implement the specific rules of ACL inheritance when buiding the
effective configuration. As those rules are directly implemented in the
configuration tree, they are removed from `apply_configuation`.
Colin Vidal [Thu, 16 Oct 2025 13:48:05 +0000 (15:48 +0200)]
add cfg_effective_config() API
Add the entry point of the logic to merge the user and the default
configuration, called cfg_effective_config(). This function takes a user
configuration and a default configuration. It internally clones the user
configuration tree, then walks through the clauses recursively applying
default values if they are missing.
The newly built configuration tree, called the effective configuration
tree, is then returned.
Currently this is just the basic mechanism which is implemented (i.e.
enable to walk from clause to clause, goes into a nested clause, and so
on). The next commits will introduce the implementation of
clause-specific merge functions in order to preserve the existing
named.conf semantics.
Colin Vidal [Thu, 16 Oct 2025 13:30:23 +0000 (15:30 +0200)]
add an optional merge method on cfg_clausedef_t
In order to handle specific cases when merging configurations (i.e.
some specific clauses which require specific handling, not just
overriding values for instance), the cfg_clausedef_t includes an
optional merge method.
The merge function is NULL by default. If it is defined for a given
clause, and this clause is defined in both the user and default
configurations, the merge function is then called with both the user and
default clause instances. It's up the the implementation of that function
do to anything needed to keep the correct named.conf semantic.
Colin Vidal [Thu, 16 Oct 2025 12:54:24 +0000 (14:54 +0200)]
add helper API calls to manipulate maps and lists
cfg_map_addclone() is a variant of cfg_map_add which internally clones
an object and adds it to a map. It ensures that the object is an
implicit list if the map clause has the CFG_CLAUSEFLAG_MULTI set
cfg_list_addclone() clones a list (internally cloning each individual
element) and appends or preprends it to an existing target list.
Both of these will be needed to merge the default configuration
with the user configuration.
Colin Vidal [Thu, 16 Oct 2025 12:38:48 +0000 (14:38 +0200)]
parser firstclause/nextclause API changes
In order to make upcoming configuration tree changes easier, the
cfg_map_firstclause() and _nextclause() functions have been changed
to return the clause itself rather than only the clause name.
Colin Vidal [Thu, 16 Oct 2025 12:11:37 +0000 (14:11 +0200)]
move default configuration to common bin/include folder
Two programs need to be able to provide the effective configuration:
named (through a future rndc command) and named-checkconf (though a
future command line switch). In order to calculate the effective
configuration from named-checkconf, the default configuration
needs to be accessible.
The default configuration has now been moved from bin/named/config.c
into a common include directory for binaries: bin/include/defaultconfig.h.
Evan Hunt [Wed, 29 Oct 2025 18:28:45 +0000 (18:28 +0000)]
fix: dev: fix configuration bugs involving global defaults
The configuration code for the `max-cache-size`, `dnssec-validation`, and `response-padding` options were unnecessarily complicated, and in the case of `max-cache-size`, buggy. These have been fixed. The `optionmaps` variable in `configure_view()` is no longer needed and has been removed.
Merge branch 'each-cleanup-defaultconfig' into 'main'
Evan Hunt [Wed, 29 Oct 2025 01:45:25 +0000 (18:45 -0700)]
fix "response-padding" configuration and remove optionmaps
Add a default "response-padding" option in the global defaults,
to disable the option, and simplify the configuration code so that
looks at the global defaults if the option is not set in named.conf.
This enables us to remove the 'optionmaps' variable in configure_view(),
which was used for options that only look in named.conf.
Evan Hunt [Wed, 29 Oct 2025 01:34:55 +0000 (18:34 -0700)]
simplify "dnssec-validation" configuration
In the past, "dnssec-validation" was not looked up in the global
defaults unless "dnssec-enable" was true. "dnssec-enable" has been
obsolete for several years, but dnssec-validation was still being
configured in two steps. This commit removes the vestigial bits of
the old logic.
Evan Hunt [Wed, 29 Oct 2025 01:28:35 +0000 (18:28 -0700)]
fix a "max-cache-size" configuration bug
"max-cache-size default;" is allowed, according to the documentation
and the parser, but when it's configured, named crashes due to an
INSIST that the only legal string value is "unlimited". this has
been fied.
the configuration has also been simplified. previously, we checked for
max-cache-size in view and options, then determined whether to look in
the global default options based on whether the view had recursion set.
the default value set there was only applicable to views with recursion.
now, the default is an explicit "default", which affects views with
and without recursion in different ways.
the cfg type for "max-cache-size" has been changed from
cfg_type_sizeorpercent to cfg_type_maxcachesize.
Michał Kępień [Thu, 18 Sep 2025 08:13:13 +0000 (10:13 +0200)]
Add a response handler matching on specific QNAMEs
Add a new ResponseHandler subclass, QnameHandler, which enables
conveniently matching specific QNAMEs (without also matching their
subdomains like DomainHandler does).
Štěpán Balážik [Wed, 29 Oct 2025 16:06:26 +0000 (16:06 +0000)]
chg: test: Use isctest.asyncserver in the "cookie" test
Replace the custom DNS servers in the "cookie" system test with new code
based on the isctest.asyncserver module. The convoluted test logic is
split into multiple response handlers which are shared between the two
servers.
Behavior change: returned SOA records have the zone name set properly.
Merge branch 'stepan/cookie-asyncserver' into 'main'
Replace the custom DNS servers in the "cookie" system test with new code
based on the isctest.asyncserver module. The convoluted test logic is
split into multiple response handlers which are shared between the two
servers.
Behavior change: returned SOA records have the zone name set properly.
Štěpán Balážik [Wed, 29 Oct 2025 13:56:15 +0000 (13:56 +0000)]
chg: test: Use isctest.asyncserver in the "dnssec" test
Reimplement the custom server using isctest.asyncserver. Factor most of
the logic out of the server code to two (identical) zones and only
implement the non-standard behavior.
Behavior changes:
- RRSIG Expiration and Inception is now static and covering the whole
timeline instead of being calculated everytime.
- NXDOMAIN is returned where suitable by standard.
- Returned SOA records have properly set zone names.
Merge branch 'stepan/dnssec-asyncserver' into 'main'
Štěpán Balážik [Wed, 27 Aug 2025 18:50:32 +0000 (20:50 +0200)]
Use isctest.asyncserver in the "dnssec" test
Reimplement the custom server using isctest.asyncserver. Factor most of
the logic out of the server code to two (identical) zones and only
implement the non-standard behavior.
Behavior changes:
- RRSIG Expiration and Inception is now static and covering the whole
timeline instead of being calculated everytime.
- NXDOMAIN is returned where suitable by standard.
- Returned SOA records have properly set zone names.
Mark Andrews [Wed, 22 Oct 2025 05:53:46 +0000 (16:53 +1100)]
Fix "shutdown system test crashed in dns_dispatchmgr_getblackhole"
While shutting down view->dispatchmgr is no longer valid. Attach
to it and when creates a fetch context and use that pointer instead
of view->dispatchmgr. Use dns_view_getdispatchmgr to do the attaching
as view->dispatchmgr is it managed using rcu.
Colin Vidal [Mon, 27 Oct 2025 21:15:39 +0000 (22:15 +0100)]
new: dev: introduce cfg_obj_clone to clone a config tree
Introduce `cfg_obj_clone` which takes a `cfg_obj_t` node and clones it.
it allocates a new node, copies its scalar values and recursively
allocates child nodes, copying their scalar values as well and so on.
Internally, a new method `cfg_copyfunc_t` copy is added in `cfg_rep_t`,
which enables implementing a copy function specific for each
representation type a node can hold.
This is pre-require work for MR !11121 !11122 !11123
Merge branch 'colin/effective-config-clone' into 'main'
Colin Vidal [Tue, 30 Sep 2025 14:09:03 +0000 (16:09 +0200)]
add unit test for cfg_obj_clone
Add a unit test for `cfg_obj_clone` to verify that the cloned tree
indeed has independent child nodes. The test also verifies that the
clone is semantically correct by comparing a text dump of the original
tree and the cloned one.
Colin Vidal [Tue, 30 Sep 2025 10:41:32 +0000 (12:41 +0200)]
introduce cfg_obj_clone to clone a config tree
Introduce `cfg_obj_clone` which takes a `cfg_obj_t` node and clones it.
it allocates a new node, copies its scalar values and recursively
allocates child nodes, copying their scalar values as well and so on.
Internally, a new method `cfg_copyfunc_t` copy is added in `cfg_rep_t`,
which enables implementing a copy function specific for each
representation type a node can hold.
In cfg_parse_buffer and cfg_parse_file 'pctx' was being checked
for being non-NULL when it was guaranteed to be non-NULL. This
raised Coverity issues ID 637688 and ID 637689.
Closes #5599
Merge branch '5599-remove-unnecessary-null-checks' into 'main'
Mark Andrews [Sun, 26 Oct 2025 23:35:35 +0000 (10:35 +1100)]
Remove unnecessary NULL checks in parser.c
In cfg_parse_buffer and cfg_parse_file 'pctx' was being checked
for being non-NULL when it was guarenteed to be non-NULL. This
raised Coverity issues ID 637688 and ID 637689.
Andoni Duarte [Mon, 27 Oct 2025 15:51:58 +0000 (15:51 +0000)]
new: ci: Add tarball publication process to pipeline
Tarball uploading steps are to be included in the pipeline.
They are manual jobs that:
1. uploads a release tarball prepared by the "sign" job.
2. publish a previously staged release to a destination.
3. publishes a previously staged release to a well-known URL.
A template has been included since all three follow the same pattern.
Besides, rules commonly used by tag pipeline jobs.
Merge branch 'andoni/ci-release-process' into 'main'
Michał Kępień [Mon, 27 Oct 2025 04:15:09 +0000 (05:15 +0100)]
Deduplicate triggering rules for tag pipeline jobs
Define and use more YAML anchors for triggering rules commonly used by
tag pipeline jobs. This builds on top of the work done in commit 675d9c74251fee8ec034e87bdd43e7da97119a5d, improving readability and
reuse.
Add a new SSH-confirmed GitLab CI job that publishes a previously staged
release to a well-known URL. The details of what specifically this
entails are controlled by the staging environment.
Add a new SSH-confirmed GitLab CI job that publishes a previously staged
release to a destination that is not a well-known URL. The details of
what specifically this entails are controlled by the staging
environment.
Michał Kępień [Wed, 22 Oct 2025 07:45:29 +0000 (09:45 +0200)]
Add a template for SSH-confirmed jobs
Add a YAML template for jobs that require an SSH connection to a
dedicated, locked-down runner for signing off on sensitive operations
(e.g. signing, publishing).
These jobs all follow a similar scheme:
1. Runner prepares the necessary files in a well-known location (/tmp).
2. Runner generates a shell script to be run by an authorized user.
3. Runner sleeps while waiting for a signal that the script was run.
4. Authorized user logs in to the runner over SSH and runs the script.
5. Runner collects the relevant files and logs as job artifacts.
One additional complication is that each of the above steps needs to be
carried out under the assumption that GitLab Runner is running under a
different user account than the one used for logging in over SSH,
necessitating careful file permission handling.
Having a YAML template for jobs that need to follow the above scheme
significantly improves readability and reuse as each job only needs to
define (via the "variables" YAML key):
- SSH_SCRIPT_RUNNER_PRE: the code the runner should execute before an
authorized user logs in over SSH (typically: setting up files in a
well-known location),
- SSH_SCRIPT_CLIENT: contents of the shell script to be run by an
authorized user,
- SSH_SCRIPT_RUNNER_POST: the code the runner should execute after an
authorized user runs the script over SSH (typically: artifact
collection and cleanup).
Michał Kępień [Wed, 22 Oct 2025 07:45:29 +0000 (09:45 +0200)]
Revise release directory naming
Include the Git tag in the name of the release directory rather than
just the version number. Revise the script for the "release" job
accordingly. This enables using the $CI_COMMIT_TAG variable in job
scripts without the need to resort to string manipulation to strip the
leading "v", improving readability. The only place where string
manipulation is applied to the Git tag is now the "release" job itself,
to verify that the Git tag matches the version number embedded in the
source tarball name.
Mark Andrews [Mon, 27 Oct 2025 12:46:39 +0000 (23:46 +1100)]
fix: test: test-syncplugin.c:plugin_register was broken
The variables example2com, example3com, and example4com where not
being initalised on all paths leading to Coverity issues ID 637690,
ID 637691 and ID 637692 being raised. In addition the tests to free
them were wrong as they depended on the unintialised variables. This
has been fixed.
Closes #5598
Merge branch '5598-properly-determine-if-name-is-dynamic' into 'main'
Mark Andrews [Mon, 27 Oct 2025 00:07:35 +0000 (11:07 +1100)]
test-syncplugin.c:plugin_register was broken
The variables example2com, example3com, and example4com where not
being initalised on all paths leading to Coverity issues ID 637690,
ID 637691 and ID 637692 being raised. In addition the tests to free
them were wrong as they depended on the unintialised variables. This
has been fixed.
Michał Kępień [Mon, 27 Oct 2025 09:57:58 +0000 (10:57 +0100)]
chg: dev: Stop prettifying JSON statistics
Passing the JSON_C_TO_STRING_PRETTY flag to
json_object_to_json_string_ext() makes the latter produce prettified
JSON output. This results in a huge amount of redundant whitespace
being inserted into each HTTP response (whitespace amounts to about 40%
of the entire JSON payload).
The bandwidth cost can be amortized by enabling HTTP compression on the
client side ("Accept-Encoding: deflate"), but that does not affect the
size of data at rest.
Use the JSON_C_TO_STRING_PLAIN flag instead of JSON_C_TO_STRING_PRETTY
to minimize the size of JSON responses sent via the statistics channel.
External tools should be used for prettifying JSON data.
Closes #3304
Merge branch '3304-stop-prettifying-json-statistics' into 'main'
Michał Kępień [Mon, 27 Oct 2025 09:56:38 +0000 (10:56 +0100)]
Stop prettifying JSON statistics
Passing the JSON_C_TO_STRING_PRETTY flag to
json_object_to_json_string_ext() makes the latter produce prettified
JSON output. This results in a huge amount of redundant whitespace
being inserted into each HTTP response (whitespace amounts to about 40%
of the entire JSON payload).
The bandwidth cost can be amortized by enabling HTTP compression on the
client side ("Accept-Encoding: deflate"), but that does not affect the
size of data at rest.
Use the JSON_C_TO_STRING_PLAIN flag instead of JSON_C_TO_STRING_PRETTY
to minimize the size of JSON responses sent via the statistics channel.
External tools should be used for prettifying JSON data.
Michał Kępień [Sat, 25 Oct 2025 06:00:41 +0000 (08:00 +0200)]
chg: test: Properly process JSON and XML in tests
Processing JSON and XML using `grep` and `sed` is error-prone, overly
lax in some ways, overly strict in others, and neither accurate nor
expressive. Use `jq` and `xmllint` with XPath expressions to make
things right in system tests.
See #3304
Merge branch '3304-properly-process-json-and-xml-in-tests' into 'main'
Michał Kępień [Sat, 25 Oct 2025 05:37:48 +0000 (07:37 +0200)]
Remove unused Perl scripts
The traffic-json.pl and traffic-xml.pl scripts that were used in the
"statschannel" system test in the past became dead code when commit 1202fd912a1baa9c299f17caf4494bc21234da85 rewrote parts of that test to
Python. Remove those scripts.
Michał Kępień [Sat, 25 Oct 2025 05:37:48 +0000 (07:37 +0200)]
Remove unused xmllint-html.sh script
There are no longer any HTML files in the BIND 9 source repository.
Remove the xmllint-html.sh script that was used in the past to check
those for errors.
Michał Kępień [Sat, 25 Oct 2025 05:37:48 +0000 (07:37 +0200)]
Use xmllint in system tests inspecting XML data
Inspecting XML data using sed and grep is error-prone, overly lax in
some ways, overly strict in others, and neither accurate nor expressive.
Use xmllint and XPath expressions for inspecting XML data in the
"statistics", "statschannel", and "synthfromdnssec" system tests to
address these deficiencies.
Michał Kępień [Sat, 25 Oct 2025 05:37:48 +0000 (07:37 +0200)]
Detect xmllint at build time
Detect whether and where the xmllint utility is available at build time,
so that it can be used in system tests. If the tool is not found,
specific checks employing it will be skipped.
Michał Kępień [Sat, 25 Oct 2025 05:37:48 +0000 (07:37 +0200)]
Use jq in system tests inspecting JSON data
Inspecting JSON data using grep is error-prone, overly lax in some ways,
overly strict in others, and neither accurate nor expressive. Use jq
for inspecting JSON data in the "statschannel" and "synthfromdnssec"
system tests to address these deficiencies.
Michał Kępień [Sat, 25 Oct 2025 05:37:48 +0000 (07:37 +0200)]
Detect jq at build time
Detect whether and where the jq utility is available at build time, so
that it can be used in system tests. If the tool is not found, specific
checks employing it will be skipped.
Ondřej Surý [Fri, 24 Oct 2025 20:20:51 +0000 (22:20 +0200)]
chg: dev: Fix assertion failure from arc4random_uniform with invalid limit
When the arc4random_uniform() is called on NetBSD with upper_bound that
makes no sense statistically (0 or 1), the call crashes the calling
program. Fix this by returning 0 when upper bound is < 2 as does Linux,
FreeBSD and NetBSD. (Hint: System CSPRNG should never crash.)
Closes #5596
Merge branch '5596-fix-isc_random_uniform-on-NetBSD' into 'main'
Ondřej Surý [Fri, 24 Oct 2025 08:34:33 +0000 (11:34 +0300)]
Fix assertion failure from arc4random_uniform with invalid limit
When the arc4random_uniform() is called on NetBSD with upper_bound that
makes no sense statistically (0 or 1), the call crashes the calling
program. Fix this by returning 0 when upper bound is < 2 as does Linux,
FreeBSD and NetBSD. (Hint: System CSPRNG should never crash.)
Aydın Mercan [Thu, 18 Sep 2025 11:07:08 +0000 (13:07 +0200)]
bump the minimum meson version to 1.3.0
After a couple releases, it appears that the minimum version can be
increased without much trouble.
Because meson only requires python 3.7 or greater, most supported
distributions can run a newer meson without having to deal with
additional dependencies or a new python version.
Aydın Mercan [Fri, 3 Oct 2025 12:37:01 +0000 (15:37 +0300)]
fix fuzzing
The fuzzing binary builds have been fixed and now is run as a part of
the test suite for sanity checks.
The `oss-fuzz` backend has been made functional with the addition of the
`oss-fuzz-args` option. It allows the setup script to pass the
LIB_FUZZING_ENGINE environment variable to meson.
Petr Špaček [Thu, 25 Sep 2025 12:24:45 +0000 (14:24 +0200)]
Apply special git tag rules only in the private project
We do not want to re-release tags we create in the private project
anyway. Moreover pushing tags back into the public project after release
caused to Gitlab to create tag pipelines which never finished, which was
only confusing thing.
Evan Hunt [Thu, 23 Oct 2025 20:43:07 +0000 (20:43 +0000)]
chg: dev: Refactoring in lib/isccfg
`cfg_obj_t` objects no longer depend on the `cfg_parser_t` life-cycle; they can now persist until the last reference is detached. The `file` field, which was previously a pointer to memory allocated in the parser, is now a pointer to a subsidiary `cfg_obj_t` of type string. The API calls for creating and detaching these objects have been simplified accordingly.
Since `cfg_obj_t` is now long-lived, a zone can hold a reference to its own configuration data, making it possible to use `rndc showzone` even if `allow-new-zones` is disabled.
Several API calls related to the parser have been removed or hidden. The `cfg_parse_file()` and `cfg_parse_buffer()` functions now internally create and destroy their own parsers, eliminating the need for the caller to do so.
Most of these changes are intended to simplify dumping of running configuration data in a future commit.
Evan Hunt [Thu, 23 Oct 2025 18:44:15 +0000 (11:44 -0700)]
restore the former change_directory logging
change_directory() now lives in libisccfg. when it was moved,
the logging behavior changed: previously it had been logged
by named only, in the general logging category, and without the
named.conf filename and line number. it was not logged by
named-checkconf. this behavior has now been restored.
Colin Vidal [Thu, 23 Oct 2025 08:54:32 +0000 (10:54 +0200)]
test rndc showzone works for named.conf zones
Since the zone now has a reference to their respective configuration
tree, `rndc showzone` can be used for any zones (including those
defined in namedconf), without `allow-new-zones` being enabled.
Add a test for this.
The test is part of the addzone suite because showzone used to be
related to addzone, but this could be moved elsewhere in the future
if more specific tests are needed for showzone.
Colin Vidal [Thu, 23 Oct 2025 08:12:38 +0000 (10:12 +0200)]
ensure parser/cfg_obj log includes the line number
Since the `file` property of cfg_obj_t can now be null (instead of
"none"), cfg_obj_t would take a fallback flow where the line was not
logged. This fixes it.
Also, add the log line when parser_complain is called and `file` is null
(which might happend when parsing buffer only) to also include the line
number.
Evan Hunt [Wed, 22 Oct 2025 21:51:15 +0000 (14:51 -0700)]
simplify and regularize cfg_* functions
- several functions that can no longer fail have been changed to
type void, and unnecessary 'cleanup' sections were removed
- renamed cfg_create_obj() to cfg_obj_create(), and cfg_create_tuple()
to cfg_tuple_create(), to match typical nomenclature.
- fixed a memory leak bug, in which an element could be removed
from a list in delete_zoneconf() without being freed. this has
been addressed by adding a cfg_list_unlink() function.
list elements are now allocated based on the list they will
be stored in, using the same mctx.
Evan Hunt [Wed, 22 Oct 2025 17:41:05 +0000 (10:41 -0700)]
simplify cfg_parser API
- the cfg_parser_create() and cfg_parser_destroy() calls are no
longer used outside parser.c, so they are now static functions
- cfg_parser_attach(), cfg_parser_reset(), and cfg_parser_setflags()
are no longer used at all, and have been removed.
- cfg_parser_mapadd() has been renamed for clarity to cfg_map_add().
Colin Vidal [Wed, 22 Oct 2025 09:49:09 +0000 (11:49 +0200)]
cfg_parse_ functions internally handle the parser
Instead of (1) allocating a parser, (2) parsing a file/buffer then (3)
freeing the parser, the parser is now internally created/destroyed from
within the `cfg_parse_*` functions. This simplifies a lot the use cases,
especially around the error cases where the parser needs to be freed in
a cleanup goto.
The only trick was the parser callback mechanism, which would previously
have been set up between steps 1 and 2. Since it's never been used for
any purpose other than the "directory" option, the chdir call has now
been moved inside the parser and the generic callback mechanism has been
removed, replacing CFG_CLAUSEFLAG_CALLBACK with CFG_CLAUSEFLAG_CHDIR.
Evan Hunt [Wed, 22 Oct 2025 05:56:27 +0000 (22:56 -0700)]
store the zone configuration object in the zone
when configuring a zone, we can now save the zone's configuration
object in the zone itself by calling dns_zone_setcfg(). this can
then be used by "rndc showzone" to print the zone's configuration,
which is simpler than searching for it using the new-zones
configuration, and allows it to work even if "allow-new-zones"
is disabled.
Colin Vidal [Tue, 21 Oct 2025 15:16:39 +0000 (17:16 +0200)]
remove all shared and global parsers
Remove all global cfg_parser objects as well as shared parsers between
views to dynamically add zones. Instead, parser are transirently created
whenever needed.
Colin Vidal [Tue, 21 Oct 2025 14:29:34 +0000 (16:29 +0200)]
remove global named defaults parser
Remove the global named defaults parser. Instead, a parser is created
during the execution time of named_config_parsedefaults(). This
simplifies the API (no parser to pass around) and the life-cycle of the
default configuration tree (it doesn't depends on a parser instance).
Colin Vidal [Tue, 21 Oct 2025 13:41:55 +0000 (15:41 +0200)]
remove parser context field from cfg_obj_t
cfg_obj_t doesn't store a pointer to its a parser context anymore,
and does not depend on the parser's lifecycle. Instead, it stores a
reference to its own memory context (and in principle, each node
could have different memory context). This also slightly simplifies
the _destroy API as there is no need to pass a context through it
anymore.
Colin Vidal [Tue, 21 Oct 2025 13:08:47 +0000 (15:08 +0200)]
cfg_obj_t file is now a refcounted string
In order to reduce the lifecycle dependency of a `cfg_obj_t` on its
parser, the `file` field needs its own reference count, so it isn't
deleted when the parser is. It is now stored as a subsidiary
`cfg_obj_t` object of type string.
Michal Nowak [Wed, 22 Oct 2025 11:27:45 +0000 (13:27 +0200)]
chg: ci: Fail when spatch can't process source code
Sometimes spatch fails to process the source code:
EXN: Failure("replacement: node 80: {7[1,2,30,31,32] in isc__nm_base64_to_base64url reachable by inconsistent control-flow paths") in ./lib/isc/netmgr/http.c
Closes #5567
Merge branch '5567-spatch-detect-more-error-conditions' into 'main'
Michal Nowak [Mon, 20 Oct 2025 15:36:36 +0000 (17:36 +0200)]
Fail when spatch can't process source code
Sometimes spatch fails to process the source code:
EXN: Failure("replacement: node 80: {7[1,2,30,31,32] in isc__nm_base64_to_base64url reachable by inconsistent control-flow paths") in ./lib/isc/netmgr/http.c
Colin Vidal [Wed, 22 Oct 2025 07:16:52 +0000 (09:16 +0200)]
new: dev: run individual spatch form check-cocci.sh
Add util/check-cocci.sh support for a command-line argument which is a
path to a spatch file. Running `util/check-cocci.sh` runs all the spatch
in `cocci` folder. Running `util/check-cocci.sh cocci/foo.spatch` only
run the spatch `cocci/foo.spatch`.
Any command line parameters after `--` are forwarded to `spatch`
command, for instance:
Colin Vidal [Tue, 14 Oct 2025 12:01:42 +0000 (14:01 +0200)]
run individual spatch form check-cocci.sh
Add util/check-cocci.sh support for a command-line argument which is a
path to a spatch file. Running `util/check-cocci.sh` runs all the spatch
in `cocci` folder. Running `util/check-cocci.sh cocci/foo.spatch` only
run the spatch `cocci/foo.spatch`.
Any command line parameters after `--` are forwarded to `spatch`
command, for instance:
The :iscman:`dnssec-keygen` utility program failed to detect
possible Key ID collisions with the existing keys generated
using the non-default ``-T KEY`` option (e.g. for ``SIG(0)``).
This has been fixed.
Closes #5506
Merge branch '5506-dnssec-keygen-sig0-keys-collision-fix' into 'main'
projects / thirdparty / bind9.git / log
