From: Michał Kępień Date: Wed, 14 Feb 2024 12:24:56 +0000 (+0100) Subject: Merge tag 'v9.19.21' X-Git-Tag: v9.19.22~36 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=86107993171e1292022e286afff40ddfe7e949e8;p=thirdparty%2Fbind9.git Merge tag 'v9.19.21' BIND 9.19.21 --- 86107993171e1292022e286afff40ddfe7e949e8 diff --cc CHANGES index d65e0e350e1,09cb361587d..8dcb70e0e07 --- a/CHANGES +++ b/CHANGES @@@ -1,91 -1,16 +1,99 @@@ +6345. [bug] Added missing dns_rdataset_disassociate calls in + validator.c:findnsec3proofs. [GL #4571] + +6344. [bug] Fix case insensitive setting for isc_ht hashtable. + [GL #4568] + +6343. [placeholder] + +6342. [placeholder] + +6341. [bug] Address use after free in ccmsg_senddone. [GL #4549] + +6340. [test] Fix incorrectly reported errors when running tests + with `make test` on platforms with older pytest. + [GL #4560] + +6339. [bug] The alignas() can't be used on types larger than + max_align_t; instead add padding into the structures + where we want avoid false memory sharing. [GL #4187] + +6338. [func] Optimize slabheader placement, so the infrastructure + records are put in the beginning of the slabheader + linked list. [GL !8675] + +6337. [bug] Nsupdate could assert while shutting down. [GL #4529] + +6336. [func] Expose the zones with the 'first refresh' flag set in + statistics channel's "Incoming Zone Transfers" section + to indicate the zones that are not yet fully ready, and + their first refresh is pending or is in-progress. Also + expose the number of such zones in the output of the + 'rndc status' command. [GL #4241] + +6335. [func] The 'dnssec-validation yes' option now requires an + explicitly configured 'trust-anchors' statement (or + 'managed-keys' or 'trusted-keys' statements, both + deprecated). [GL #4373] + +6334. [doc] Improve ARM parental-agents definition. [GL #4531] + +6333. [bug] Fix the DNS_GETDB_STALEFIRST flag, which was defined + incorrectly in lib/ns/query.c. [GL !8683] + +6332. [bug] Range-check the arguments to fetch-quota-param. + [GL #362] + +6331. [func] Add HSM support for dnssec-policy. You can now + configure keys with a key-store that allows you to + set the directory to store key files and to set a + PKCS #11 URI string. [GL #1129] + +6330. [doc] Update ZSK minimum lifetime documentation in ARM, also + depends on signing delay. [GL #4510] + +6329. [func] Nsupdate can now set the UL EDNS option when sending + UPDATE requests. [GL #4419] + +6328. [func] Add workaround to enforce dynamic linker to pull + jemalloc earlier than libc to ensure all memory + allocations are done via jemalloc. [GL #4404] + +6327. [func] Expose the TCP client count in statistics channel. + [GL #4425] + +6326. [bug] Changes to "listen-on" statements were ignored on + reconfiguration unless the port or interface address was + changed, making it impossible to change a related + listener transport type. Thanks to Thomas Amgarten. + [GL #4518] [GL #4528] + +6325. [func] The 'tls' block was extended with a new + 'cipher-suites' option that allows setting + allowed cipher suites for TLSv1.3. + [GL #3504] + +6324. [bug] Fix a possible crash in 'dig +nssearch +nofail' and + 'host -C' commands when one of the name servers returns + SERVFAIL. [GL #4508] + + --- 9.19.21 released --- + +6323. [placeholder] + - 6322. [placeholder] + 6322. [security] Specific DNS answers could cause a denial-of-service + condition due to DNS validation taking a long time. + (CVE-2023-50387) [GL #4424] - 6321. [placeholder] + 6321. [security] Change 6315 inadvertently introduced regressions that + could cause named to crash. [GL #4234] +6320. [placeholder] + - 6319. [placeholder] + --- 9.19.20 released --- + + 6319. [func] Limit isc_async_run() overhead for RBTDB tree pruning. + [GL #4383] 6318. [placeholder] diff --cc doc/arm/notes.rst index fec0cd43ed6,7ae4697f185..080f268e513 --- a/doc/arm/notes.rst +++ b/doc/arm/notes.rst @@@ -38,7 -38,8 +38,9 @@@ information about each release, and sou .. include:: ../notes/notes-known-issues.rst +.. include:: ../notes/notes-current.rst + .. include:: ../notes/notes-9.19.21.rst + .. include:: ../notes/notes-9.19.20.rst .. include:: ../notes/notes-9.19.19.rst .. include:: ../notes/notes-9.19.18.rst .. include:: ../notes/notes-9.19.17.rst diff --cc lib/dns/db_p.h index 894e0ceeda9,00000000000..f12d9b4a33c mode 100644,000000..100644 --- a/lib/dns/db_p.h +++ b/lib/dns/db_p.h @@@ -1,156 -1,0 +1,148 @@@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +#pragma once + +#include +#include +#include + +#include +#include +#include + +#define RDATATYPE_NCACHEANY DNS_TYPEPAIR_VALUE(0, dns_rdatatype_any) + +#ifdef STRONG_RWLOCK_CHECK +#define STRONG_RWLOCK_CHECK(cond) REQUIRE(cond) +#else +#define STRONG_RWLOCK_CHECK(cond) +#endif + +#define NODE_INITLOCK(l) isc_rwlock_init((l)) +#define NODE_DESTROYLOCK(l) isc_rwlock_destroy(l) +#define NODE_LOCK(l, t, tp) \ + { \ + STRONG_RWLOCK_CHECK(*tp == isc_rwlocktype_none); \ + RWLOCK((l), (t)); \ + *tp = t; \ + } +#define NODE_UNLOCK(l, tp) \ + { \ + STRONG_RWLOCK_CHECK(*tp != isc_rwlocktype_none); \ + RWUNLOCK(l, *tp); \ + *tp = isc_rwlocktype_none; \ + } +#define NODE_RDLOCK(l, tp) NODE_LOCK(l, isc_rwlocktype_read, tp); +#define NODE_WRLOCK(l, tp) NODE_LOCK(l, isc_rwlocktype_write, tp); +#define NODE_TRYLOCK(l, t, tp) \ + ({ \ + STRONG_RWLOCK_CHECK(*tp == isc_rwlocktype_none); \ + isc_result_t _result = isc_rwlock_trylock(l, t); \ + if (_result == ISC_R_SUCCESS) { \ + *tp = t; \ + }; \ + _result; \ + }) +#define NODE_TRYRDLOCK(l, tp) NODE_TRYLOCK(l, isc_rwlocktype_read, tp) +#define NODE_TRYWRLOCK(l, tp) NODE_TRYLOCK(l, isc_rwlocktype_write, tp) +#define NODE_TRYUPGRADE(l, tp) \ + ({ \ + STRONG_RWLOCK_CHECK(*tp == isc_rwlocktype_read); \ + isc_result_t _result = isc_rwlock_tryupgrade(l); \ + if (_result == ISC_R_SUCCESS) { \ + *tp = isc_rwlocktype_write; \ + }; \ + _result; \ + }) +#define NODE_FORCEUPGRADE(l, tp) \ + if (NODE_TRYUPGRADE(l, tp) != ISC_R_SUCCESS) { \ + NODE_UNLOCK(l, tp); \ + NODE_WRLOCK(l, tp); \ + } + +#define TREE_INITLOCK(l) isc_rwlock_init(l) +#define TREE_DESTROYLOCK(l) isc_rwlock_destroy(l) +#define TREE_LOCK(l, t, tp) \ + { \ + STRONG_RWLOCK_CHECK(*tp == isc_rwlocktype_none); \ + RWLOCK(l, t); \ + *tp = t; \ + } +#define TREE_UNLOCK(l, tp) \ + { \ + STRONG_RWLOCK_CHECK(*tp != isc_rwlocktype_none); \ + RWUNLOCK(l, *tp); \ + *tp = isc_rwlocktype_none; \ + } +#define TREE_RDLOCK(l, tp) TREE_LOCK(l, isc_rwlocktype_read, tp); +#define TREE_WRLOCK(l, tp) TREE_LOCK(l, isc_rwlocktype_write, tp); +#define TREE_TRYLOCK(l, t, tp) \ + ({ \ + STRONG_RWLOCK_CHECK(*tp == isc_rwlocktype_none); \ + isc_result_t _result = isc_rwlock_trylock(l, t); \ + if (_result == ISC_R_SUCCESS) { \ + *tp = t; \ + }; \ + _result; \ + }) +#define TREE_TRYRDLOCK(l, tp) TREE_TRYLOCK(l, isc_rwlocktype_read, tp) +#define TREE_TRYWRLOCK(l, tp) TREE_TRYLOCK(l, isc_rwlocktype_write, tp) +#define TREE_TRYUPGRADE(l, tp) \ + ({ \ + STRONG_RWLOCK_CHECK(*tp == isc_rwlocktype_read); \ + isc_result_t _result = isc_rwlock_tryupgrade(l); \ + if (_result == ISC_R_SUCCESS) { \ + *tp = isc_rwlocktype_write; \ + }; \ + _result; \ + }) +#define TREE_FORCEUPGRADE(l, tp) \ + if (TREE_TRYUPGRADE(l, tp) != ISC_R_SUCCESS) { \ + TREE_UNLOCK(l, tp); \ + TREE_WRLOCK(l, tp); \ + } + +#define IS_STUB(db) (((db)->common.attributes & DNS_DBATTR_STUB) != 0) +#define IS_CACHE(db) (((db)->common.attributes & DNS_DBATTR_CACHE) != 0) + +ISC_LANG_BEGINDECLS + +struct dns_glue { + struct dns_glue *next; + dns_fixedname_t fixedname; + dns_rdataset_t rdataset_a; + dns_rdataset_t sigrdataset_a; + dns_rdataset_t rdataset_aaaa; + dns_rdataset_t sigrdataset_aaaa; + + isc_mem_t *mctx; + struct rcu_head rcu_head; +}; + +typedef struct { + dns_glue_t *glue_list; + dns_db_t *db; + dns_dbversion_t *version; + dns_name_t *nodename; +} dns_glue_additionaldata_ctx_t; + +typedef struct { + isc_rwlock_t lock; + /* Protected in the refcount routines. */ + isc_refcount_t references; + /* Locked by lock. */ + bool exiting; +} db_nodelock_t; + - /*% - * Prune context - */ - typedef struct { - dns_db_t *db; - dns_dbnode_t *node; - } db_prune_t; - +ISC_LANG_ENDDECLS