Witold Kręcicki [Thu, 21 May 2020 12:31:09 +0000 (14:31 +0200)]
Fix a data access race in resolver
We were passing client address to dns_resolver_createfetch as a pointer
and it was saved as a pointer. The client (with its address) could be
gone before the fetch is finished, and in a very odd scenario
log_formerr would call isc_sockaddr_format() which first checks if the
address family is valid (and at this point it still is), then the
sockaddr is cleared, and then isc_netaddr_fromsockaddr is called which
fails an assertion as the address family is now invalid.
Petr Mensik [Fri, 27 Mar 2020 20:03:40 +0000 (21:03 +0100)]
Delay kserver cleanup until all tasks finishes
It might be possible some pending task would run when kserver is already
cleaned up. Postpone gsstsig structures cleanup after task and timer
managers are destroyed. No pending threads are possible after it.
Make action in maybeshutdown only if doshutdown was not already called.
Might be called from getinput event.
Ondřej Surý [Wed, 3 Jun 2020 12:42:11 +0000 (14:42 +0200)]
Change the invalid CIDR from parser error to warning
In [RT #43367], the BIND 9 changed the strictness of address / prefix
length checks:
Check prefixes in acls to make sure the address and
prefix lengths are consistent. Warn only in
BIND 9.11 and earlier.
Unfortunately, a regression slipped in and the check was made an error
also in the BIND 9.11. This commit fixes the regression, but turning
the error into a warning.
Michał Kępień [Wed, 3 Jun 2020 13:45:28 +0000 (15:45 +0200)]
Prevent invalid warnings about missing identifiers
The Danger script inspects differences between the current version of a
given merge request's target branch and the merge request branch. If
the latter falls behind the former, the Danger script will wrongly warn
about missing GitLab/RT identifiers because it incorrectly treats the
"+++" diff marker as an indication of the merge request adding new lines
to a file. Tweak the relevant conditional expression to prevent such
invalid warnings from being raised.
Michał Kępień [Wed, 3 Jun 2020 13:45:28 +0000 (15:45 +0200)]
Make fetching target branch reliable
As GitLab Runner Docker executor caches Git repositories between jobs,
prevent the Danger script from attempting to update local refs to ensure
"git fetch" returns with an exit code of 0. Use the FETCH_HEAD ref for
determining the differences between the merge request branch and its
target branch.
Michał Kępień [Wed, 3 Jun 2020 13:45:28 +0000 (15:45 +0200)]
Tweak condition for missing log message warning
Commits adding CHANGES entries and/or release notes do not need a commit
log message. Do not warn about a missing commit log message for such
commits to make the warning more meaningful.
Michał Kępień [Mon, 25 May 2020 10:49:36 +0000 (12:49 +0200)]
Add Danger Python to GitLab CI
Certain rules of the BIND development process are not codified anywhere
and/or are used inconsistently. In an attempt to improve this
situation, add a GitLab CI job which uses Danger Python to add comments
to merge requests when certain expectations are not met. Two categories
of feedback are used, only one of which - fail() - causes the GitLab CI
job to fail. Exclude dangerfile.py from Python QA checks as the way the
contents of that file are evaluated triggers a lot of Flake8 and PyLint
warnings.
Michał Kępień [Thu, 21 May 2020 09:33:11 +0000 (11:33 +0200)]
Do not install Python packages in GitLab CI jobs
As Python QA tools, BIND system test prerequisites, and documentation
building utilities are now all included in operating system images used
in GitLab CI, do not use pip for installing them in each CI job any
more.
Stephen Morris [Thu, 5 Mar 2020 18:46:46 +0000 (18:46 +0000)]
Add test for reduction in number of fetches
Add a system test that counts how many address fetches are made
for different numbers of NS records and checks that the number
are successfully limited.
Mark Andrews [Thu, 6 Feb 2020 06:19:10 +0000 (17:19 +1100)]
Reduce the number of fetches we make when looking up addresses
If there are more that 5 NS record for a zone only perform a
maximum of 4 address lookups for all the name servers. This
limits the amount of remote lookup performed for server
addresses at each level for a given query.
Mark Andrews [Tue, 19 May 2020 00:09:51 +0000 (10:09 +1000)]
Address race in dnssec system test. 'clear signing records' can fail
as the update triggers by the rndc command to clear the signing records
may not have completed by the time the subsequent rndc command to test
that the records have been removed is commenced. Loop several times to
prevent false negative.
Apparently cppcheck 2.0 has issues with processing (&var)->field syntax,
which is what the macros from lib/isc/include/isc/buffer.h are evaluated
to. This issue was reported upstream [1] and will hopefully be
addressed in a future cppcheck release.
In the meantime, to avoid modifying BIND source code in multiple places
just because of a static checker false positive, work around the issue
by adding intermediate variables to buffer macro definitions using a sed
invocation in the cppcheck job script.
Michał Kępień [Mon, 18 May 2020 08:23:06 +0000 (10:23 +0200)]
Make GCC version extraction work with GCC 10
Add whitespace to the regular expression used for extracting the GCC
version from "gcc --version" output so that it works properly with
multi-digit major version numbers.
Michał Kępień [Mon, 18 May 2020 08:23:06 +0000 (10:23 +0200)]
Ensure cppcheck creates a HTML report upon failure
Commit 00f12220c08a6e5fd2a4e5eef6ca0cf34b4a7b5b broke the cppcheck job
in GitLab CI: when cppcheck fails, the script is immediately
interrupted, preventing cppcheck-htmlreport from being run. To ensure
the HTML report is generated when cppcheck fails, revert to invoking
cppcheck-htmlreport in the "after_script" part of the job.
Michał Kępień [Fri, 15 May 2020 10:00:54 +0000 (12:00 +0200)]
Generate text documentation in UTF-8
Modify all invocations of "w3m -O ascii ..." with their UTF-8
counterparts to ensure all text documentation generated from UTF-8
source files is also in UTF-8.
projects / thirdparty / bind9.git / log
