Ondřej Surý [Tue, 20 Aug 2024 07:14:31 +0000 (09:14 +0200)]
Fix the resesuid() shim implementation for NetBSD
The shim implementation of setresuid() was wrong - there was a copy and
paste error and it was calling setresgid() instead. This only affects
NetBSD because Linux, FreeBSD and OpenBSD have setresuid() and
setresgid() implementation available from the system library.
Nicki Křížek [Mon, 19 Aug 2024 14:10:10 +0000 (14:10 +0000)]
chg: ci: Allow rerun of unstable statschannel tests under TSAN
The test_traffic_json and test_traffic_xml occasionally fail when
running under TSAN. This happens in CI and is most likely a result of
some instability that doesn't seem to be easily reproduced.
Closes #4598
Merge branch '4598-mark-statschannel-test-flaky' into 'main'
Nicki Křížek [Mon, 12 Aug 2024 13:43:19 +0000 (15:43 +0200)]
Allow rerun of unstable statschannel tests under TSAN
The test_traffic_json and test_traffic_xml occasionally fail when
running under TSAN. This happens in CI and is most likely a result of
some instability that doesn't seem to be easily reproduced.
Arаm Sаrgsyаn [Mon, 19 Aug 2024 11:39:29 +0000 (11:39 +0000)]
chg: dev: Process also the ISC_R_CANCELED result code in rpz_rewrite()
Log canceled resolver queries (e.g. when shutting down a hung
fetch) in DEBUG3 level instead of DEBUG1 which is used for the
"unrecognized" result codes.
Closes #4797
Merge branch '4797-rpz_rewrite-add-ISC_R_CANCELED-processing' into 'main'
Ondřej Surý [Mon, 19 Aug 2024 09:57:48 +0000 (09:57 +0000)]
fix: dev: Check the result of dirfd() before calling unlinkat()
Instead of directly using the result of dirfd() in the unlinkat() call,
check whether the returned file descriptor is actually valid. That
doesn't really change the logic as the unlinkat() would fail with
invalid descriptor anyway, but this is cleaner and will report the right
error returned directly by dirfd() instead of EBADF from unlinkat().
Closes #4853
Merge branch '4853-check-result-of-dirfd-in-isc_log' into 'main'
Ondřej Surý [Thu, 15 Aug 2024 07:23:31 +0000 (09:23 +0200)]
Check the result of dirfd() before calling unlinkat()
Instead of directly using the result of dirfd() in the unlinkat() call,
check whether the returned file descriptor is actually valid. That
doesn't really change the logic as the unlinkat() would fail with
invalid descriptor anyway, but this is cleaner and will report the right
error returned directly by dirfd() instead of EBADF from unlinkat().
Ondřej Surý [Thu, 15 Aug 2024 07:12:18 +0000 (09:12 +0200)]
Ignore errno returned from rewind() in the interface iterator
The clang-scan 19 has reported that we are ignoring errno after the call
to rewind(). As we don't really care about the result, just silence the
error, the whole code will be removed in the development version anyway
as it is not needed.
Ondřej Surý [Mon, 19 Aug 2024 09:09:09 +0000 (09:09 +0000)]
fix: dev: Change the NS_PER_SEC (and friends) from enum to static const
New version of clang (19) has introduced a stricter checks when mixing
integer (and float types) with enums. In this case, we used enum {}
as C17 doesn't have constexpr yet. Change the time conversion constants
to be static const unsigned int instead of enum values.
Closes #4845
Merge branch '4845-change-NS_PER_SEC-type-from-enum-to-integer' into 'main'
Ondřej Surý [Wed, 14 Aug 2024 14:10:18 +0000 (16:10 +0200)]
Use constexpr for NS_PER_SEC and friends constants
The contexpr introduced in C23 standard makes perfect sense to be used
instead of preprocessor macros - the symbols are kept, etc. Define
ISC_CONSTEXPR to be `constexpr` for C23 and `static const` for the older
C standards. Use the newly introduced macro for the NS_PER_SEC and
friends time constants.
Ondřej Surý [Wed, 14 Aug 2024 14:10:18 +0000 (16:10 +0200)]
Change the NS_PER_SEC (and friends) from enum to static const
New version of clang (19) has introduced a stricter checks when mixing
integer (and float types) with enums. In this case, we used enum {}
as C17 doesn't have constexpr yet. Change the time conversion constants
to be static const unsigned int instead of enum values.
Ondřej Surý [Thu, 15 Aug 2024 21:03:26 +0000 (21:03 +0000)]
chg: test: For TSAN builds, use libraries from /opt/tsan
The new TSAN images, the TSAN-enabled images install libraries to
opt/tsan, synchronize the configure options and CFLAGS between gcc:tsan
and clang:tsan images and set the PKG_CONFIG_PATH to /opt/tsan/lib.
Additionally, drop Debian bullseye that's EOL now.
Merge branch 'ondrej/use-staging-tsan-images' into 'main'
Ondřej Surý [Thu, 15 Aug 2024 17:54:58 +0000 (19:54 +0200)]
For TSAN builds, use libraries from /opt/tsan
The new TSAN images, the TSAN-enabled images install libraries to
/opt/tsan, synchronize the configure options and CFLAGS between gcc:tsan
and clang:tsan images and set the PKG_CONFIG_PATH to /opt/tsan/lib.
Arаm Sаrgsyаn [Thu, 15 Aug 2024 12:55:28 +0000 (12:55 +0000)]
fix: dev: Check if logconfig is NULL before using it in isc_log_doit()
Check if 'lctx->logconfig' is NULL before using it in isc_log_doit(),
because it's possible that isc_log_destroy() was already called, e.g.
when a 'call_rcu' function wants to log a message during shutdown.
Closes #4842
Merge branch '4842-shutdown-crash-in-isc_log_doit' into 'main'
Aram Sargsyan [Tue, 13 Aug 2024 09:45:26 +0000 (09:45 +0000)]
Check if logconfig is NULL before using it in isc_log_doit()
Check if 'lctx->logconfig' is NULL before using it in isc_log_doit(),
because it's possible that isc_log_destroy() was already called, e.g.
when a 'call_rcu' function wants to log a message during shutdown.
Arаm Sаrgsyаn [Thu, 15 Aug 2024 12:51:03 +0000 (12:51 +0000)]
fix: dev: Add -Wno-psabi to CFLAGS for x86 (32-bit) builds
GCC 11.1+ emits a note during compilation when there are 64-bit
atomic fields in a structure, because it fixed a compiler bug
by changing the alignment of such fields, which caused ABI change.
Add -Wno-psabi to CFLAGS for such builds in order to silence the
warning. That shouldn't be a problem since we don't expose our
structures to the outside.
Closes #4841
Merge branch '4841-alignment-of-_Atomic-long-long-unsigned-int' into 'main'
Aram Sargsyan [Thu, 15 Aug 2024 10:28:40 +0000 (10:28 +0000)]
Add -Wno-psabi to CFLAGS for x86 (32-bit) builds
GCC 11.1+ emits a note during compilation when there are 64-bit
atomic fields in a structure, because it fixed a compiler bug
by changing the alignment of such fields, which caused ABI change.
Add -Wno-psabi to CFLAGS for such builds in order to silence the
warning. That shouldn't be a problem since we don't expose our
structures to the outside.
Ondřej Surý [Thu, 15 Aug 2024 11:56:49 +0000 (11:56 +0000)]
chg: test: Reduce the size of hashmap_nodes.h file
Instead of keeping the whole array of test_node_t objects, just keep the
hashvalues and generated the rest of the test_node_t on the fly. The
test still works this way and the file size has been reduced from 2M to
90k.
Closes #4851
Merge branch '4851-generate-problematic-isc_hashmap-test-data' into 'main'
Ondřej Surý [Thu, 15 Aug 2024 08:02:14 +0000 (10:02 +0200)]
Reduce the size of hashmap_nodes.h file
Instead of keeping the whole array of test_node_t objects, just keep the
hashvalues and generated the rest of the test_node_t on the fly. The
test still works this way and the file size has been reduced from 2M to
90k.
Since changelog entries are now generated from MR title&description,
they aren't sanity checked during a regular docs build. If these contain
special sequences that will be interpreted by sphinx, it might result in
breakage that would have to be amended manually.
Add a CI check to test a doc build with changelog after the MR is merged
to ensure that the docs can be built when generating changelog from
pristine git contents.
Related #4847
Merge branch 'nicki/add-changelog-entry-check' into 'main'
Nicki Křížek [Tue, 13 Aug 2024 12:00:43 +0000 (14:00 +0200)]
Use python3 in shebang lines for util scripts
Some distributions (notably, debian bookworm) have deprecated the
`python` interpreter in favor of `python3`. Since our scripts are
python3 anyway, use the proper numbered version in shebang to make
scripts easily executable.
Nicki Křížek [Mon, 12 Aug 2024 12:51:31 +0000 (14:51 +0200)]
Check that generated changelog entry doesn't break docs build
Since changelog entries are now generated from MR title&description,
they aren't sanity checked during a regular docs build. If these contain
special sequences that will be interpreted by sphinx, it might result in
breakage that would have to be amended manually.
Add a CI check to test a doc build with changelog after the MR is merged
to ensure that the docs can be built when generating changelog from
pristine git contents.
Ondřej Surý [Wed, 14 Aug 2024 15:19:11 +0000 (15:19 +0000)]
fix: dev: Fix the assertion failure in the isc_hashmap iterator
When the round robin hashing reorders the map entries on deletion, we
were adjusting the iterator table size only when the reordering was
happening at the internal table boundary. The iterator table size had
to be reduced by one to prevent seeing the entry that resized on
position [0] twice because it migrated to [iter->size - 1] position.
However, the same thing could happen when the same entry migrates a
second time from [iter->size - 1] to [iter->size - 2] position (and so
on) because the check that we are manipulating the entry just in the [0]
position was insufficient. Instead of checking the position [pos == 0],
we now check that the [pos % iter->size == 0], thus ignoring all the
entries that might have moved back to the end of the internal table.
Closes #4838
Merge branch '4838-fix-assertion-failure-in-hashmap-deletion-iterator' into 'main'
Ondřej Surý [Mon, 12 Aug 2024 13:22:54 +0000 (15:22 +0200)]
Skip already rehashed positions in the old hashmap table
When iterating through the old internal hashmap table, skip all the
nodes that have been already migrated to the new table. We know that
all positions with index less than .hiter are NULL.
Ondřej Surý [Mon, 12 Aug 2024 13:17:00 +0000 (15:17 +0200)]
Fix the assertion failure in the isc_hashmap iterator
When the round robin hashing reorders the map entries on deletion, we
were adjusting the iterator table size only when the reordering was
happening at the internal table boundary. The iterator table size had
to be reduced by one to prevent seeing the entry that resized on
position [0] twice because it migrated to [iter->size - 1] position.
However, the same thing could happen when the same entry migrates a
second time from [iter->size - 1] to [iter->size - 2] position (and so
on) because the check that we are manipulating the entry just in the [0]
position was insufficient. Instead of checking the position [pos == 0],
we now check that the [pos % iter->size == 0], thus ignoring all the
entries that might have moved back to the end of the internal table.
Add second iterator test with a well-known configuration of the nodes
array that causes the last element of the array to migrate two times to
the previous node.
Nicki Křížek [Tue, 13 Aug 2024 08:33:02 +0000 (10:33 +0200)]
Fix ordering of gitchangelog replacement regexs
Prior to this change, the issue number could be accidentally removed by
the `Backport of` text, depending on the order of the MR description
contents. Ensure all the removals for text in MR descriptions happen
first, and only then run the replacement regex for issue number, which
appends it to the end of the last non-empty line (which will no longer
be removed).
The only removals that happen after the replacement are guaranteed to
always happen after the end of MR description, since they're
auto-generated by gitlab when the merge commit is created, thus won't
affect the line with the issue number.
Also remove the needless isc-private/bind9 replacement. References
to private MRs are already removed by the very first regex.
Ondřej Surý [Wed, 14 Aug 2024 12:52:01 +0000 (12:52 +0000)]
fix: dev: Silence all warnings that stem from the default config
As we now setup the logging very early, parsing the default config would
always print warnings about experimental (and possibly deprecated)
options in the default config. This would even mess with commands like
`named -V` and it is also wrong to warn users about using experimental
options in the default config, because they can't do anything about
this. Add CFG_PCTX_NODEPRECATED and CFG_PCTX_NOEXPERIMENTAL options
that we can pass to cfg parser and silence the early warnings caused by
using experimental options in the default config.
Merge branch 'ondrej/silence-warnings-from-default-config' into 'main'
Ondřej Surý [Wed, 14 Aug 2024 08:20:47 +0000 (10:20 +0200)]
Silence all warnings that stem from the default config
As we now setup the logging very early, parsing the default config would
always print warnings about experimental (and possibly deprecated)
options in the default config. This would even mess with commands like
`named -V` and it is also wrong to warn users about using experimental
options in the default config, because they can't do anything about
this. Add CFG_PCTX_NODEPRECATED and CFG_PCTX_NOEXPERIMENTAL options
that we can pass to cfg parser and silence the early warnings caused by
using experimental options in the default config.
Ondřej Surý [Wed, 14 Aug 2024 12:49:56 +0000 (12:49 +0000)]
rem: dev: Remove outdated perllib integration
The code in conftools/ directory hasn't been touched since 2000.
Nobody knows what it does and nobody even knows how to build it
or test it. Just remove the whole directory.
Merge branch 'ondrej/remove-outdated-perllib-integration' into 'main'
Ondřej Surý [Tue, 13 Aug 2024 13:42:52 +0000 (15:42 +0200)]
Remove outdated perllib integration
The code in conftools/ directory hasn't been touched since 2000.
Nobody knows what it does and nobody even knows how to build it
or test it. Just remove the whole directory.
Aydın Mercan [Wed, 14 Aug 2024 12:47:06 +0000 (12:47 +0000)]
chg: usr: use deterministic ecdsa for openssl >= 3.2
OpenSSL has added support for deterministic ECDSA (RFC 6979) with
version 3.2.
Use it by default as it removes arguably its most fragile side of ECDSA.
The derandomization doesn't pose a risk for DNS usecases and is allowed by FIPS 186-5.
Non empty 'catalog-zones' implies that 'allow-new-zones' is true
This condition in catalog zone processing functions is checked only
for sanity, so there is no meaning for a log message that normally
shouldn't be ever logged.
Aram Sargsyan [Fri, 24 May 2024 13:16:16 +0000 (13:16 +0000)]
Test that 'rndc reconfig' reconfigures catz member zones
Catalog zone member zones should be reconfigured as all the other
zones during a reconfiguration. Test it by checking whether the newly
added allow-query setting affects a member zone.
Ondřej Surý [Tue, 13 Aug 2024 13:53:13 +0000 (13:53 +0000)]
fix: dev: Don't skip the counting if fcount_incr() is called with force==true (v2)
The fcount_incr() was not increasing counter->count when force was set
to true, but fcount_decr() would try to decrease the counter leading to
underflow and assertion failure. Swap the order of the arguments in the
condition, so the !force is evaluated after incrementing the .count.
Closes #4846
Merge branch '4786-forced-fcount_incr-should-still-increment-count-and-allowed-fix' into 'main'
Ondřej Surý [Tue, 13 Aug 2024 10:48:23 +0000 (12:48 +0200)]
Don't skip the counting if fcount_incr() is called with force==true (v2)
The fcount_incr() was not increasing counter->count when force was set
to true, but fcount_decr() would try to decrease the counter leading to
underflow and assertion failure. Swap the order of the arguments in the
condition, so the !force is evaluated after incrementing the .count.
Michal Nowak [Thu, 8 Aug 2024 14:25:12 +0000 (14:25 +0000)]
chg: Make every changelog entry a separate code block
LaTeX in CI and on ReadTheDocs [fails][1] to render a PDF version of ARM if
the Changelog section is included. The running theory is that the
verbatim section of more than twenty thousand lines is too big to meet
LaTeX self-imposed constraints, and it fails with:
Make each BIND 9 release a separate code block to work around the issue.
Further split up the sections for some exceptionally large releases, for
the same reason.
Michal Nowak [Wed, 7 Aug 2024 10:39:23 +0000 (12:39 +0200)]
Split up changelog into per-release code blocks
LaTeX in CI and on ReadTheDocs fails to render a PDF version of ARM if
the Changelog section is included. The running theory is that the
verbatim section of more than twenty thousand lines is too big to meet
LaTeX self-imposed constraints, and it fails with:
Make each BIND 9 release a separate code block to work around the issue.
Further split up the sections for some exceptionally large releases, for
the same reason.
Michał Kępień [Thu, 8 Aug 2024 11:01:21 +0000 (11:01 +0000)]
fix: dev: Move the dst__openssl_toresult to isc_tls unit
Since the enable_fips_mode() now resides inside the isc_tls unit, BIND 9
would fail to compile when FIPS mode was enabled as the DST subsystem
logging functions were missing.
Move the crypto library logging functions from the openssl_link unit to
isc_tls unit and enhance it, so it can now be used from both places
keeping the old dst__openssl_toresult* macros alive.
Merge branch 'ondrej/move-openssl-logging-to-isc_tls-unit' into 'main'
Ondřej Surý [Thu, 8 Aug 2024 08:59:49 +0000 (10:59 +0200)]
Move the dst__openssl_toresult to isc_tls unit
Since the enable_fips_mode() now resides inside the isc_tls unit, BIND 9
would fail to compile when FIPS mode was enabled as the DST subsystem
logging functions were missing.
Move the crypto library logging functions from the openssl_link unit to
isc_tls unit and enhance it, so it can now be used from both places
keeping the old dst__openssl_toresult* macros alive.
Evan Hunt [Wed, 7 Aug 2024 21:12:07 +0000 (21:12 +0000)]
new: usr: Tighten 'max-recursion-queries' and add 'max-query-restarts' option
There were cases in resolver.c when the `max-recursion-queries` quota was ineffective. It was possible to craft zones that would cause a resolver to waste resources by sending excessive queries while attempting to resolve a name. This has been addressed by correcting errors in the implementation of `max-recursion-queries`, and by reducing the default value from 100 to 32.
In addition, a new `max-query-restarts` option has been added which limits the number of times a recursive server will follow CNAME or DNAME records before terminating resolution. This was previously a hard-coded limit of 16, and now defaults to 11.
Evan Hunt [Wed, 26 Jun 2024 06:49:00 +0000 (23:49 -0700)]
implement 'max-query-restarts'
implement, document, and test the 'max-query-restarts' option
which specifies the query restart limit - the number of times
we can follow CNAMEs before terminating resolution.
Evan Hunt [Tue, 25 Jun 2024 21:30:20 +0000 (14:30 -0700)]
make "max_restarts" a configurable value
MAX_RESTARTS is no longer hard-coded; ns_server_setmaxrestarts()
and dns_client_setmaxrestarts() can now be used to modify the
max-restarts value at runtime. in both cases, the default is 11.
Evan Hunt [Tue, 25 Jun 2024 19:28:23 +0000 (12:28 -0700)]
reduce MAX_RESTARTS to 11
the number of steps that can be followed in a CNAME chain
before terminating the lookup has been reduced from 16 to 11.
(this is a hard-coded value, but will be made configurable later.)
Evan Hunt [Wed, 22 May 2024 20:02:16 +0000 (13:02 -0700)]
attach query counter to NS fetches
there were cases in resolver.c when queries for NS records were
started without passing a pointer to the parent fetch's query counter;
as a result, the max-recursion-queries quota for those queries started
counting from zero, instead of sharing the limit for the parent fetch,
making the quota ineffective in some cases.
Aydın Mercan [Wed, 7 Aug 2024 15:42:57 +0000 (15:42 +0000)]
chg: dev: use only c23 or c11 noreturn specifiers
Use `[[noreturn]]` when compiling with C23 or greater.
The attribute macro name has been capitalized as `NORETURN` as defining it as `noreturn` breaks external headers.
`#define noreturn __attribute__((noreturn))` wasn't used as C11's `stdnoreturn.h`/`_Noreturn` is required to build BIND9 in the first place.
Ondřej Surý [Wed, 7 Aug 2024 15:05:13 +0000 (15:05 +0000)]
chg: dev: Initialize the DST subsystem implicitly
Instead of calling dst_lib_init() and dst_lib_destroy() explicitly by
all the programs, create a separate memory context for the DST subsystem
and use the library constructor and destructor to initialize the DST
internals.
Merge branch 'ondrej/move-dst_lib_init-and-destroy-to-lib-ctor-dtor' into 'main'
Ondřej Surý [Mon, 5 Aug 2024 10:14:26 +0000 (12:14 +0200)]
Initialize the DST subsystem implicitly
Instead of calling dst_lib_init() and dst_lib_destroy() explicitly by
all the programs, create a separate memory context for the DST subsystem
and use the library constructor and destructor to initialize the DST
internals.
Ondřej Surý [Wed, 7 Aug 2024 14:28:13 +0000 (14:28 +0000)]
chg: test: Use new images with TSAN-enabled libraries
The new Fedora 40 TSAN images use libuv, urcu and OpenSSL libraries compiled with ThreadSanitizer. This (in theory) should enable better detection of memory races in those (most important) libraries.
Merge branch 'ondrej/test-new-tsan-images' into 'main'
Ondřej Surý [Wed, 7 Aug 2024 14:26:22 +0000 (14:26 +0000)]
fix: dev: Disassociate the SSL object from the cached SSL_SESSION
When the SSL object was destroyed, it would invalidate all SSL_SESSION
objects including the cached, but not yet used, TLS session objects.
Properly disassociate the SSL object from the SSL_SESSION before we
store it in the TLS session cache, so we can later destroy it without
invalidating the cached TLS sessions.
Closes #4834
Merge branch '4834-detach-SSL-from-cached-SSL_SESSION' into 'main'
Ondřej Surý [Wed, 7 Aug 2024 12:58:02 +0000 (14:58 +0200)]
Disassociate the SSL object from the cached SSL_SESSION
When the SSL object was destroyed, it would invalidate all SSL_SESSION
objects including the cached, but not yet used, TLS session objects.
Properly disassociate the SSL object from the SSL_SESSION before we
store it in the TLS session cache, so we can later destroy it without
invalidating the cached TLS sessions.
Ondřej Surý [Wed, 7 Aug 2024 14:17:50 +0000 (14:17 +0000)]
fix: dev: Attach/detach to the listening child socket when accepting TLS
When TLS connection (TLSstream) connection was accepted, the children
listening socket was not attached to sock->server and thus it could have
been freed before all the accepted connections were actually closed.
In turn, this would cause us to call isc_tls_free() too soon - causing
cascade errors in pending SSL_read_ex() in the accepted connections.
Properly attach and detach the children listening socket when accepting
and closing the server connections.
Closes #4833
Merge branch '4833-tlssock-needs-to-attach-to-child-tlslistener' into 'main'
Ondřej Surý [Wed, 7 Aug 2024 06:43:12 +0000 (08:43 +0200)]
Attach/detach to the listening child socket when accepting TLS
When TLS connection (TLSstream) connection was accepted, the children
listening socket was not attached to sock->server and thus it could have
been freed before all the accepted connections were actually closed.
In turn, this would cause us to call isc_tls_free() too soon - causing
cascade errors in pending SSL_read_ex() in the accepted connections.
Properly attach and detach the children listening socket when accepting
and closing the server connections.
Mark Andrews [Mon, 5 Aug 2024 05:09:27 +0000 (15:09 +1000)]
Dig now reports a missing question section
The question section should be present in the first AXFR/IXFR
response and in other QUERY responses unless no question was sent.
Issue a warning if the question section is not present.
Ondřej Surý [Tue, 6 Aug 2024 14:04:56 +0000 (14:04 +0000)]
chg: usr: Remove OpenSSL 1.x Engine support
The OpenSSL 1.x Engines support has been deprecated in the OpenSSL 3.x
and is going to be removed from the upstream OpenSSL. Remove the OpenSSL
Engine support from BIND 9 in favor of OpenSSL 3.x Providers.
Closes #4828
Merge branch '4828-remove-OpenSSL-engine-support' into 'main'
Ondřej Surý [Tue, 6 Aug 2024 09:22:05 +0000 (11:22 +0200)]
Always use OpenSSL_version() to print OpenSSL version
OpenSSL_version() first appeared in OpenSSL 1.1.0 and have been
available since LibreSSL 2.7.1 and OpenBSD 6.3, thus we can remove the
compatibility shims with older versions that are not supported anymore.
Ondřej Surý [Tue, 6 Aug 2024 09:20:23 +0000 (11:20 +0200)]
Remove checks for OPENSSL_API_LEVEL define
Since the support for OpenSSL Engines has been removed, we can now also
remove the checks for OPENSSL_API_LEVEL; The OpenSSL 3.x APIs will be
used when compiling with OpenSSL 3.x, and OpenSSL 1.1.xx APIs will be
used only when OpenSSL 1.1.x is used.
Ondřej Surý [Mon, 5 Aug 2024 09:40:42 +0000 (11:40 +0200)]
Remove OpenSSL Engine support
The OpenSSL 1.x Engines support has been deprecated in the OpenSSL 3.x
and is going to be removed. Remove the OpenSSL Engine support in favor
of OpenSSL Providers.
Ondřej Surý [Mon, 5 Aug 2024 16:54:02 +0000 (16:54 +0000)]
fix: Move matching isc_mem_destroy() outside of ifdef
The isc_mem_create() in printversion() was created outside of an #ifdef
HAVE_GEOIP, but destroyed inside the #ifdef; move it to the outside of
the #ifdef where it belongs.
This is really a nit as we immediately exit() after printing the
versions, but I found it and it would bug me for the rest of my life.
Merge branch 'ondrej/fix-missing-isc_mem_destroy-in-printversion' into 'main'
Ondřej Surý [Mon, 5 Aug 2024 13:55:53 +0000 (15:55 +0200)]
Move matching isc_mem_destroy() outside of ifdef
The isc_mem_create() in printversion() was created outside of an #ifdef
HAVE_GEOIP, but destroyed inside the #ifdef; move it to the outside of
the #ifdef where it belongs.
This is really a nit as we immediately exit() after printing the
versions, but I found it and it would bug me for the rest of my life.
projects / thirdparty / bind9.git / log
