git.ipfire.org Git - thirdparty/bind9.git/commit

author	Michal Nowak <mnowak@isc.org>
	Thu, 21 May 2026 07:31:15 +0000 (07:31 +0000)
committer	Michal Nowak <mnowak@isc.org>
	Fri, 22 May 2026 16:33:43 +0000 (16:33 +0000)
commit	754ee3158f1f68ed6be2c1fd58bebd2de1f880e8
tree	756c4030ab7ba12b0cbb53e0949bfc8cf2945d72	tree \| snapshot
parent	650b88467ef98117b00bcce162e7e647b5a5dbcd	commit \| diff

Tolerate dnspython post-2038 timestamp overflow on 32-bit

dnspython's RRSIG.to_text() converts the signature inception/expiration
fields by calling time.gmtime(), which on 32-bit platforms raises
OverflowError for values past 2038-01-19 (INT32_MAX). Several DNSSEC
test fixtures use far-future expirations: the precomputed RRSIGs in
the dnssec test's rsasha1.example.db.in zone expire in 2093, ans4 of
the chain test hardcodes 2090, and ans10 of the dnssec test uses
2**32-1 (year 2106). Whenever a response carrying such an RRSIG is
formatted with str()/to_text() the overflow propagates out and either
fails the test (when triggered in isctest.query's debug logging) or
kills the asyncserver-based ans* server (when triggered in its
response logger), which in turn cascades into "Failed to stop
servers" teardown errors and SERVFAIL responses for subsequent tests.

Wrap the to_text() calls in isctest/query.py and the str(response)
call in asyncserver's _log_response() with try/except OverflowError,
falling back to a placeholder message. The conversions are only used
for debug logging, so losing the human-readable form there does not
affect what the tests actually validate.

Assisted-by: Claude:claude-opus-4-7
(cherry picked from commit 968ccdeeda3f258d00b01064bbfd84d612079a11)

bin/tests/system/isctest/asyncserver.py		diff \| blob \| blame \| history
bin/tests/system/isctest/query.py		diff \| blob \| blame \| history