git.ipfire.org Git - thirdparty/bind9.git/commit

author	Michal Nowak <mnowak@isc.org>
	Thu, 21 May 2026 07:31:15 +0000 (07:31 +0000)
committer	Michal Nowak <mnowak@isc.org>
	Fri, 22 May 2026 16:35:40 +0000 (16:35 +0000)
commit	3584c03e3f9569907dcf1ae5b2f2521298bcc2a1
tree	6960b7accb4cf9995b055a29226489d5d94adc4f	tree \| snapshot
parent	a7a0d7687de1cae23ffd9e039037c82037e4b97a	commit \| diff

Tolerate dnspython post-2038 timestamp overflow on 32-bit

dnspython's RRSIG.to_text() converts the signature inception/expiration
fields by calling time.gmtime(), which on 32-bit platforms raises
OverflowError for values past 2038-01-19 (INT32_MAX). Several DNSSEC
test fixtures use far-future expirations: the precomputed RRSIGs in
the dnssec test's rsasha1.example.db.in zone expire in 2093, ans4 of
the chain test hardcodes 2090, and ans10 of the dnssec test uses
2**32-1 (year 2106). Whenever a response carrying such an RRSIG is
formatted with str()/to_text() the overflow propagates out and either
fails the test (when triggered in isctest.query's debug logging) or
kills the asyncserver-based ans* server (when triggered in its
response logger), which in turn cascades into "Failed to stop
servers" teardown errors and SERVFAIL responses for subsequent tests.

Wrap the to_text() calls in isctest/query.py and the str(response)
call in asyncserver's _log_response() with try/except OverflowError,
falling back to a placeholder message. The conversions are only used
for debug logging, so losing the human-readable form there does not
affect what the tests actually validate.

Assisted-by: Claude:claude-opus-4-7
(cherry picked from commit 968ccdeeda3f258d00b01064bbfd84d612079a11)

bin/tests/system/isctest/asyncserver.py		diff \| blob \| blame \| history
bin/tests/system/isctest/query.py		diff \| blob \| blame \| history