]> git.ipfire.org Git - thirdparty/bind9.git/log
thirdparty/bind9.git
6 years agoChange the isc_stat_t type to isc__atomic_statcounter_t
Diego Fronza [Tue, 5 Nov 2019 20:48:47 +0000 (17:48 -0300)] 
Change the isc_stat_t type to isc__atomic_statcounter_t

The isc_stat_t type was too similar to isc_stats_t type, so the name was
changed to something more distinguishable.

6 years agoChange the isc_statscounter_t type from int to C99 int_fast64_t type
Diego Fronza [Tue, 5 Nov 2019 20:48:47 +0000 (17:48 -0300)] 
Change the isc_statscounter_t type from int to C99 int_fast64_t type

For TCP high-water work, we need to keep the used integer types widths
in sync.

Note: int_fast32_t is used on WIN32 platform

6 years agoMerge branch '1301-geoip2-default-data-path' into 'master'
Mark Andrews [Tue, 5 Nov 2019 23:50:12 +0000 (23:50 +0000)] 
Merge branch '1301-geoip2-default-data-path' into 'master'

Resolve "geoip2 default data path"

Closes #1301

See merge request isc-projects/bind9!2520

6 years agoAdd CHANGES note
Mark Andrews [Tue, 5 Nov 2019 23:23:06 +0000 (10:23 +1100)] 
Add CHANGES note

6 years agoRegenerate configure.
Mark Andrews [Tue, 5 Nov 2019 23:20:00 +0000 (10:20 +1100)] 
Regenerate configure.

6 years agoHave 'named -V' report geoip-directory
Mark Andrews [Tue, 5 Nov 2019 01:56:58 +0000 (12:56 +1100)] 
Have 'named -V' report geoip-directory

6 years agoThe default geoip-directory should be <MAXMINDDB_PREFIX>/share/GeoIP
Mark Andrews [Tue, 5 Nov 2019 01:56:18 +0000 (12:56 +1100)] 
The default geoip-directory should be <MAXMINDDB_PREFIX>/share/GeoIP

6 years agoMAXMINDDB_LIBS should end with '/lib' not '/libs'
Mark Andrews [Tue, 5 Nov 2019 01:54:35 +0000 (12:54 +1100)] 
MAXMINDDB_LIBS should end with '/lib' not '/libs'

6 years agoMerge branch '664-fetches-per-server-quota-docs' into 'master'
Ondřej Surý [Tue, 5 Nov 2019 08:50:01 +0000 (08:50 +0000)] 
Merge branch '664-fetches-per-server-quota-docs' into 'master'

Describe the polynomial backoff curve used in the quota adjustment

Closes #664

See merge request isc-projects/bind9!2519

6 years agoDescribe the polynomial backoff curve used in the quota adjustment
Ondřej Surý [Fri, 1 Nov 2019 17:22:56 +0000 (12:22 -0500)] 
Describe the polynomial backoff curve used in the quota adjustment

6 years agoMerge branch '45-integrate-llvm-scan-build-to-gitlab-ci-workflow' into 'master'
Ondřej Surý [Mon, 4 Nov 2019 16:00:56 +0000 (16:00 +0000)] 
Merge branch '45-integrate-llvm-scan-build-to-gitlab-ci-workflow' into 'master'

Add LLVM/Clang scan-build checks into the GitLab CI

Closes #45

See merge request isc-projects/bind9!2452

6 years agolibdns: add missing checks for return values in dnstap unit test
Ondřej Surý [Thu, 31 Oct 2019 11:50:58 +0000 (06:50 -0500)] 
libdns: add missing checks for return values in dnstap unit test

Related scan-build report:

dnstap_test.c:169:2: warning: Value stored to 'result' is never read
        result = dns_test_makeview("test", &view);
        ^        ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
dnstap_test.c:193:2: warning: Value stored to 'result' is never read
        result = dns_compress_init(&cctx, -1, dt_mctx);
        ^        ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
2 warnings generated.

6 years agonamed: remove named_g_defaultdnstap global variable
Ondřej Surý [Thu, 31 Oct 2019 11:46:32 +0000 (06:46 -0500)] 
named: remove named_g_defaultdnstap global variable

The named_g_defaultdnstap was never used as the dnstap requires
explicit configuration of the output file.

Related scan-build report:

./server.c:3476:14: warning: Value stored to 'dpath' during its initialization is never read
        const char *dpath = named_g_defaultdnstap;
                    ^~~~~   ~~~~~~~~~~~~~~~~~~~~~
1 warning generated.

6 years agolibdns: Change check_dnskey_sigs() return type to void to match the reality how the...
Ondřej Surý [Thu, 24 Oct 2019 11:55:56 +0000 (13:55 +0200)] 
libdns: Change check_dnskey_sigs() return type to void to match the reality how the function is used

6 years agotests: Resolve scan-build false positive by adding extra assertion
Ondřej Surý [Sun, 13 Oct 2019 05:02:34 +0000 (07:02 +0200)] 
tests: Resolve scan-build false positive by adding extra assertion

6 years agodnssec: don't qsort() empty hashlist
Ondřej Surý [Sun, 13 Oct 2019 04:53:06 +0000 (06:53 +0200)] 
dnssec: don't qsort() empty hashlist

6 years agonamed: Add INSIST() after bindkeysfile configuration load to silence scan-build FP
Ondřej Surý [Sun, 13 Oct 2019 04:47:26 +0000 (06:47 +0200)] 
named: Add INSIST() after bindkeysfile configuration load to silence scan-build FP

6 years agotests: Workaround scan-build false positive with FD_ZERO/FD_SET
Ondřej Surý [Sun, 13 Oct 2019 04:40:25 +0000 (06:40 +0200)] 
tests: Workaround scan-build false positive with FD_ZERO/FD_SET

6 years agolibdns: Remove useless checks for ISC_R_MEMORY, which cannot happen now
Ondřej Surý [Fri, 11 Oct 2019 22:15:51 +0000 (00:15 +0200)] 
libdns: Remove useless checks for ISC_R_MEMORY, which cannot happen now

6 years agoci: Add LLVM/Clang scan-build checks into the GitLab CI
Ondřej Surý [Fri, 11 Oct 2019 21:35:43 +0000 (23:35 +0200)] 
ci: Add LLVM/Clang scan-build checks into the GitLab CI

6 years agoMerge branch 'u/fanf2/rndc-validation-status-noflush' into 'master'
Ondřej Surý [Thu, 31 Oct 2019 19:19:57 +0000 (15:19 -0400)] 
Merge branch 'u/fanf2/rndc-validation-status-noflush' into 'master'

Do not flush the cache for `rndc validation status`

See merge request isc-projects/bind9!2462

6 years agoAdd CHANGES
Ondřej Surý [Thu, 31 Oct 2019 18:00:54 +0000 (13:00 -0500)] 
Add CHANGES

6 years agoDo not flush the cache for `rndc validation status`
Tony Finch [Tue, 15 Oct 2019 14:12:29 +0000 (15:12 +0100)] 
Do not flush the cache for `rndc validation status`

And add a note to the man page that `rndc validation` flushes the
cache when the validation state is changed. (It is necessary to flush
the cache when turning on validation, to avoid continuing to use
cryptographically invalid data. It is probably wise to flush the cache
when turning off validation to recover from lameness problems.)

6 years agoMerge branch 'u/fanf2/rndc-validation-status-views' into 'master'
Ondřej Surý [Thu, 31 Oct 2019 18:29:43 +0000 (14:29 -0400)] 
Merge branch 'u/fanf2/rndc-validation-status-views' into 'master'

Include all views in output of `rndc validation status`

See merge request isc-projects/bind9!2461

6 years agoAdd CHANGES
Tony Finch [Tue, 15 Oct 2019 14:06:01 +0000 (15:06 +0100)] 
Add CHANGES

6 years agoInclude all views in output of `rndc validation status`
Tony Finch [Tue, 15 Oct 2019 14:06:01 +0000 (15:06 +0100)] 
Include all views in output of `rndc validation status`

The implementation of `rndc validation status` iterates over all the
views to print their validation status. It takes care to print newlines
in between, but it also used put a nul byte at the end of the first view
which truncated the output.

After this change, the nul byte is added at the end so that it prints
the validation status in all views. The `_bind` view is skipped
because its validation status is irrelevant.

6 years agoMerge branch 'mnowak/1244-extra-quotes-around-TESTSOCK6/master' into 'master'
Michal Nowak [Thu, 31 Oct 2019 16:26:46 +0000 (12:26 -0400)] 
Merge branch 'mnowak/1244-extra-quotes-around-TESTSOCK6/master' into 'master'

digdelv: Extra quotes prevent IPv6 runs

See merge request isc-projects/bind9!2390

6 years agodigdelv: Extra quotes prevent IPv6 runs
Michal Nowak [Thu, 26 Sep 2019 07:56:51 +0000 (09:56 +0200)] 
digdelv: Extra quotes prevent IPv6 runs

Portion of the digdelv test are skipped on IPv6 due to extra quotes
around $TESTSOCK6: "I:digdelv:IPv6 unavailable; skipping".

Researched by @michal.

Regressed with 351efd8812560c97e1bc7f6142b80ac5798d6ded.

6 years agoMerge branch 'ondrej/update-git-replay-merge' into 'master'
Ondřej Surý [Thu, 31 Oct 2019 14:18:44 +0000 (10:18 -0400)] 
Merge branch 'ondrej/update-git-replay-merge' into 'master'

Update the git-replay-merge to use the latest GitLab -o options

See merge request isc-projects/bind9!2503

6 years agoUpdate the git-replay-merge to use the latest GitLab -o options
Ondřej Surý [Wed, 30 Oct 2019 15:30:46 +0000 (10:30 -0500)] 
Update the git-replay-merge to use the latest GitLab -o options

6 years agoMerge branch '876-documentation-feedback' into 'master'
Ondřej Surý [Thu, 31 Oct 2019 14:05:49 +0000 (10:05 -0400)] 
Merge branch '876-documentation-feedback' into 'master'

Minor documentation updates

Closes #876

See merge request isc-projects/bind9!2483

6 years agoarm: add more text describing interaction between automatic-interface-scan and interf...
Ondřej Surý [Wed, 30 Oct 2019 19:38:17 +0000 (14:38 -0500)] 
arm: add more text describing interaction between automatic-interface-scan and interface-interval

6 years agoarm: Fix the default for the lock-file command, it's 'none'
Ondřej Surý [Wed, 30 Oct 2019 19:22:41 +0000 (14:22 -0500)] 
arm: Fix the default for the lock-file command, it's 'none'

6 years agoarm: Add an explanation on the effect of 'require-server-cookie yes;'
Brian Conry [Wed, 30 Oct 2019 19:16:04 +0000 (14:16 -0500)] 
arm: Add an explanation on the effect of 'require-server-cookie yes;'

6 years agoarm: add why when to set 'require-server-cookie yes;'
Mark Andrews [Thu, 24 Oct 2019 23:06:56 +0000 (10:06 +1100)] 
arm: add why when to set 'require-server-cookie yes;'

6 years agoarm: document resolver-nonbackoff-tries and resolver-retry-interval
Mark Andrews [Thu, 24 Oct 2019 01:58:19 +0000 (12:58 +1100)] 
arm: document resolver-nonbackoff-tries and resolver-retry-interval

6 years agoarm: add default values for require-server-cookie and send-cookie options
Mark Andrews [Thu, 24 Oct 2019 01:41:28 +0000 (12:41 +1100)] 
arm: add default values for require-server-cookie and send-cookie options

6 years agoMerge branch '1059-prevent-tcp-failures-from-affecting-edns-stats' into 'master'
Michał Kępień [Thu, 31 Oct 2019 09:36:50 +0000 (05:36 -0400)] 
Merge branch '1059-prevent-tcp-failures-from-affecting-edns-stats' into 'master'

Prevent TCP failures from affecting EDNS stats

See merge request isc-projects/bind9!2501

6 years agoAdd CHANGES entry
Michał Kępień [Thu, 31 Oct 2019 07:48:35 +0000 (08:48 +0100)] 
Add CHANGES entry

5310. [bug] TCP failures were affecting EDNS statistics. [GL #1059]

6 years agoPrevent TCP failures from affecting EDNS stats
Michał Kępień [Thu, 31 Oct 2019 07:48:35 +0000 (08:48 +0100)] 
Prevent TCP failures from affecting EDNS stats

EDNS mechanisms only apply to DNS over UDP.  Thus, errors encountered
while sending DNS queries over TCP must not influence EDNS timeout
statistics.

6 years agoMerge branch '1059-prevent-query-loops-for-misbehaving-servers' into 'master'
Michał Kępień [Thu, 31 Oct 2019 08:45:50 +0000 (04:45 -0400)] 
Merge branch '1059-prevent-query-loops-for-misbehaving-servers' into 'master'

Prevent query loops for misbehaving servers

See merge request isc-projects/bind9!2500

6 years agoPrevent query loops for misbehaving servers
Michał Kępień [Thu, 31 Oct 2019 07:48:35 +0000 (08:48 +0100)] 
Prevent query loops for misbehaving servers

If a TCP connection fails while attempting to send a query to a server,
the fetch context will be restarted without marking the target server as
a bad one.  If this happens for a server which:

  - was already marked with the DNS_FETCHOPT_EDNS512 flag,
  - responds to EDNS queries with the UDP payload size set to 512 bytes,
  - does not send response packets larger than 512 bytes,

and the response for the query being sent is larger than 512 byes, then
named will pointlessly alternate between sending UDP queries with EDNS
UDP payload size set to 512 bytes (which are responded to with truncated
answers) and TCP connections until the fetch context retry limit is
reached.  Prevent such query loops by marking the server as bad for a
given fetch context if the advertised EDNS UDP payload size for that
server gets reduced to 512 bytes and it is impossible to reach it using
TCP.

6 years agoMerge branch 'michal/placeholder-2476' into 'master'
Michał Kępień [Wed, 30 Oct 2019 15:12:37 +0000 (11:12 -0400)] 
Merge branch 'michal/placeholder-2476' into 'master'

Add a CHANGES placeholder

See merge request isc-projects/bind9!2502

6 years agoAdd a CHANGES placeholder
Michał Kępień [Wed, 30 Oct 2019 15:10:09 +0000 (16:10 +0100)] 
Add a CHANGES placeholder

See [GL !2476].

6 years agoMerge branch '1288-log-dns_r_unchanged-from-sync_secure_journal-at-info-level-in...
Mark Andrews [Wed, 30 Oct 2019 00:58:44 +0000 (20:58 -0400)] 
Merge branch '1288-log-dns_r_unchanged-from-sync_secure_journal-at-info-level-in-receive_secure_serial' into 'master'

Resolve "Log DNS_R_UNCHANGED from sync_secure_journal at info level in receive_secure_serial."

Closes #1288

See merge request isc-projects/bind9!2490

6 years agoadd CHANGES
Mark Andrews [Wed, 30 Oct 2019 00:19:34 +0000 (11:19 +1100)] 
add CHANGES

6 years agoLog DNS_R_UNCHANGED from sync_secure_journal() at info level in receive_secure_serial()
Mark Andrews [Mon, 28 Oct 2019 02:44:50 +0000 (13:44 +1100)] 
Log DNS_R_UNCHANGED from sync_secure_journal() at info level in receive_secure_serial()

6 years agoMerge branch 'u/fanf2/compilezone-hang' into 'master'
Mark Andrews [Tue, 29 Oct 2019 23:42:08 +0000 (19:42 -0400)] 
Merge branch 'u/fanf2/compilezone-hang' into 'master'

Fix hang in `named-compilezone | head`

See merge request isc-projects/bind9!2481

6 years agoCHANGES
Tony Finch [Tue, 22 Oct 2019 14:58:23 +0000 (15:58 +0100)] 
CHANGES

6 years agoFix hang in `named-compilezone | head`
Tony Finch [Tue, 22 Oct 2019 14:37:38 +0000 (15:37 +0100)] 
Fix hang in `named-compilezone | head`

I was truncating zone files for experimental purposes when I found
that `named-compilezone | head` got stuck. The full command line that
exhibited the problem was:

dig axfr dotat.at |
named-compilezone -o /dev/stdout dotat.at /dev/stdin |
head

This requires a large enough zone to exhibit the problem, more than
about 70000 bytes of plain text output from named-compilezone.
I was running the command on Debian Stretch amd64.

This was puzzling since it looked like something was suppressing the
SIGPIPE. I used `strace` to examine what was happening at the hang.
The program was just calling write() a lot to print the zone file, and
the last write() hanged until I sent it a SIGINT.

During some discussion with friends, Ian Jackson guessed that opening
/dev/stdout O_RDRW might be the problem, and after some tests we found
that this does in fact suppress SIGPIPE.

Since `named-compilezone` only needs to write to its output file, the
fix is to omit the stdio "+" update flag.

6 years agoMerge branch 'placeholder-tcp-highwater' into 'master'
Ondřej Surý [Tue, 29 Oct 2019 14:34:01 +0000 (10:34 -0400)] 
Merge branch 'placeholder-tcp-highwater' into 'master'

placeholder.

See merge request isc-projects/bind9!2495

6 years agoplaceholder.
Diego Fronza [Tue, 29 Oct 2019 14:19:32 +0000 (11:19 -0300)] 
placeholder.

6 years agoMerge branch 'ondrej/update-list-of-supported-platforms-for-9.16' into 'master'
Ondřej Surý [Tue, 29 Oct 2019 12:28:30 +0000 (08:28 -0400)] 
Merge branch 'ondrej/update-list-of-supported-platforms-for-9.16' into 'master'

Update the list of supported and unsupported PLATFORMS for BIND 9.15

See merge request isc-projects/bind9!2486

6 years agoAdd 'Community Maintained' section to PLATFORMS.md
Ondřej Surý [Tue, 29 Oct 2019 10:51:14 +0000 (05:51 -0500)] 
Add 'Community Maintained' section to PLATFORMS.md

6 years agoUpdate the list of supported and unsupported PLATFORMS for BIND 9.15
Ondřej Surý [Thu, 24 Oct 2019 07:50:48 +0000 (09:50 +0200)] 
Update the list of supported and unsupported PLATFORMS for BIND 9.15

6 years agoMerge branch '1265-disable-synth-from-dnssec-by-default-workaround' into 'master'
Ondřej Surý [Tue, 29 Oct 2019 09:55:08 +0000 (05:55 -0400)] 
Merge branch '1265-disable-synth-from-dnssec-by-default-workaround' into 'master'

Disable synth-from-dnssec by default

See merge request isc-projects/bind9!2491

6 years agoAdd CHANGES note
Ondřej Surý [Mon, 28 Oct 2019 20:09:01 +0000 (15:09 -0500)] 
Add CHANGES note

6 years agoAdd release notes.
Ondřej Surý [Mon, 28 Oct 2019 20:07:43 +0000 (15:07 -0500)] 
Add release notes.

6 years agoAdjust synthfromdnssec system test to the changed defaults
Ondřej Surý [Mon, 28 Oct 2019 22:53:37 +0000 (17:53 -0500)] 
Adjust synthfromdnssec system test to the changed defaults

6 years agoDisable NSEC Aggressive Cache (synth-from-dnssec) by default
Ondřej Surý [Mon, 28 Oct 2019 20:04:38 +0000 (15:04 -0500)] 
Disable NSEC Aggressive Cache (synth-from-dnssec) by default

It was found that NSEC Aggressive Caching has a significant performance impact
on BIND 9 when used as recursor.  This commit disables the synth-from-dnssec
configuration option by default to provide immediate remedy for people running
BIND 9.12+.  The NSEC Aggressive Cache will be enabled again after a proper fix
will be prepared.

6 years agoMerge branch 'michal/revamp-the-release-checklist' into 'master'
Michał Kępień [Tue, 29 Oct 2019 08:30:12 +0000 (04:30 -0400)] 
Merge branch 'michal/revamp-the-release-checklist' into 'master'

Revamp the release checklist

See merge request isc-projects/bind9!2488

6 years agoRevamp the release checklist
Michał Kępień [Tue, 29 Oct 2019 08:26:41 +0000 (09:26 +0100)] 
Revamp the release checklist

Make the release checklist match the current release process better by
adding missing steps, rearranging existing ones, reassigning
responsibilities, and dividing the list into sections (by due date).

6 years agoMerge branch 'michal/add-centos-8-to-gitlab-ci' into 'master'
Michał Kępień [Tue, 29 Oct 2019 08:22:34 +0000 (04:22 -0400)] 
Merge branch 'michal/add-centos-8-to-gitlab-ci' into 'master'

Add CentOS 8 to GitLab CI

See merge request isc-projects/bind9!2489

6 years agoAdd CentOS 8 to GitLab CI
Michał Kępień [Fri, 25 Oct 2019 14:56:32 +0000 (16:56 +0200)] 
Add CentOS 8 to GitLab CI

Ensure BIND can be tested on CentOS 8 in GitLab CI to more quickly catch
build and test errors on that operating system.

6 years agoMerge branch '876-documentation-feedback-2' into 'master'
Mark Andrews [Thu, 24 Oct 2019 20:08:28 +0000 (16:08 -0400)] 
Merge branch '876-documentation-feedback-2' into 'master'

"dnskey-sig-validity 0;" was not accepted

Closes #876

See merge request isc-projects/bind9!2484

6 years agoadd named-checkconf tests for dnskey-sig-validity at range limits
Mark Andrews [Thu, 24 Oct 2019 03:13:39 +0000 (14:13 +1100)] 
add named-checkconf tests for dnskey-sig-validity at range limits

6 years agoaccept 0 for dnskey-sig-validity (indicates off)
Mark Andrews [Thu, 24 Oct 2019 02:21:43 +0000 (13:21 +1100)] 
accept 0 for dnskey-sig-validity (indicates off)

6 years agoMerge branch 'marka-placeholder' into 'master'
Mark Andrews [Thu, 24 Oct 2019 08:19:45 +0000 (04:19 -0400)] 
Merge branch 'marka-placeholder' into 'master'

placeholder

See merge request isc-projects/bind9!2485

6 years agoplaceholder
Mark Andrews [Thu, 24 Oct 2019 08:14:43 +0000 (19:14 +1100)] 
placeholder

6 years agoMerge branch '5-update-coding-style' into 'master'
Ondřej Surý [Tue, 22 Oct 2019 10:19:36 +0000 (06:19 -0400)] 
Merge branch '5-update-coding-style' into 'master'

Update the coding style to reflect the year 2019 and C99/C11 standard

Closes #5

See merge request isc-projects/bind9!2148

6 years agoUpdate the coding style to reflect the year 2019 and C11 standard
Ondřej Surý [Fri, 12 Jul 2019 12:42:42 +0000 (14:42 +0200)] 
Update the coding style to reflect the year 2019 and C11 standard

6 years agoMerge branch '1281-dnstap-per-view-configuration' into 'master'
Mark Andrews [Mon, 21 Oct 2019 21:20:48 +0000 (17:20 -0400)] 
Merge branch '1281-dnstap-per-view-configuration' into 'master'

Resolve "dnstap per view configuration"

Closes #1281

See merge request isc-projects/bind9!2477

6 years agoadd CHANGES
Mark Andrews [Mon, 21 Oct 2019 00:11:35 +0000 (11:11 +1100)] 
add CHANGES

6 years agocheck for relationship between dnstap and dnstap-output seperately
Mark Andrews [Mon, 21 Oct 2019 00:08:06 +0000 (11:08 +1100)] 
check for relationship between dnstap and dnstap-output seperately

6 years agoadd more dnstap/dnstap-output combinations
Mark Andrews [Mon, 21 Oct 2019 00:06:21 +0000 (11:06 +1100)] 
add more dnstap/dnstap-output combinations

6 years agoMerge branch 'security-master'
Tinderbox User [Sat, 19 Oct 2019 23:30:23 +0000 (23:30 +0000)] 
Merge branch 'security-master'

6 years agoMerge branch 'michal/address-cppcheck-1.89-warnings' into 'master'
Michał Kępień [Thu, 17 Oct 2019 09:50:06 +0000 (05:50 -0400)] 
Merge branch 'michal/address-cppcheck-1.89-warnings' into 'master'

Address cppcheck 1.89 warnings

See merge request isc-projects/bind9!2472

6 years agoSuppress cppcheck 1.89 false positive
Michał Kępień [Wed, 16 Oct 2019 20:06:00 +0000 (22:06 +0200)] 
Suppress cppcheck 1.89 false positive

cppcheck 1.89 emits a false positive for lib/dns/spnego_asn1.c:

    lib/dns/spnego_asn1.c:698:9: error: Uninitialized variable: data [uninitvar]
     memset(data, 0, sizeof(*data));
            ^
    lib/dns/spnego.c:1707:47: note: Calling function 'decode_NegTokenResp', 3rd argument '&resp' value is <Uninit>
     ret = decode_NegTokenResp(buf + taglen, len, &resp, NULL);
                                                  ^
    lib/dns/spnego_asn1.c:698:9: note: Uninitialized variable: data
     memset(data, 0, sizeof(*data));
            ^

This message started appearing with cppcheck 1.89 [1], but it will be
gone in the next release [2], so just suppress it for the time being.

[1] https://github.com/danmar/cppcheck/commit/af214e8212efa303e664920a468de00ee0b1fe3d

[2] https://github.com/danmar/cppcheck/commit/2595b826349a7ffbe1c958b806498b6e336bea33

6 years agoFix cppcheck 1.89 warnings
Michał Kępień [Wed, 16 Oct 2019 20:06:00 +0000 (22:06 +0200)] 
Fix cppcheck 1.89 warnings

cppcheck 1.89 enabled certain value flow analysis mechanisms [1] which
trigger null pointer dereference false positives in lib/dns/rpz.c:

    lib/dns/rpz.c:582:7: warning: Possible null pointer dereference: tgt_ip [nullPointer]
      if (KEY_IS_IPV4(tgt_prefix, tgt_ip)) {
          ^
    lib/dns/rpz.c:1419:44: note: Calling function 'adj_trigger_cnt', 4th argument 'NULL' value is 0
      adj_trigger_cnt(rpzs, rpz_num, rpz_type, NULL, 0, true);
                                               ^
    lib/dns/rpz.c:582:7: note: Null pointer dereference
      if (KEY_IS_IPV4(tgt_prefix, tgt_ip)) {
          ^
    lib/dns/rpz.c:596:7: warning: Possible null pointer dereference: tgt_ip [nullPointer]
      if (KEY_IS_IPV4(tgt_prefix, tgt_ip)) {
          ^
    lib/dns/rpz.c:1419:44: note: Calling function 'adj_trigger_cnt', 4th argument 'NULL' value is 0
      adj_trigger_cnt(rpzs, rpz_num, rpz_type, NULL, 0, true);
                                               ^
    lib/dns/rpz.c:596:7: note: Null pointer dereference
      if (KEY_IS_IPV4(tgt_prefix, tgt_ip)) {
          ^
    lib/dns/rpz.c:610:7: warning: Possible null pointer dereference: tgt_ip [nullPointer]
      if (KEY_IS_IPV4(tgt_prefix, tgt_ip)) {
          ^
    lib/dns/rpz.c:1419:44: note: Calling function 'adj_trigger_cnt', 4th argument 'NULL' value is 0
      adj_trigger_cnt(rpzs, rpz_num, rpz_type, NULL, 0, true);
                                               ^
    lib/dns/rpz.c:610:7: note: Null pointer dereference
      if (KEY_IS_IPV4(tgt_prefix, tgt_ip)) {
          ^

It seems that cppcheck no longer treats at least some REQUIRE()
assertion failures as fatal, so add extra assertion macro definitions to
lib/isc/include/isc/util.h that are only used when the CPPCHECK
preprocessor macro is defined; these definitions make cppcheck 1.89
behave as expected.

There is an important requirement for these custom definitions to work:
cppcheck must properly treat abort() as a function which does not
return.  In order for that to happen, the __GNUC__ macro must be set to
a high enough number (because system include directories are used and
system headers compile attributes away if __GNUC__ is not high enough).
__GNUC__ is thus set to the major version number of the GCC compiler
used, which is what that latter does itself during compilation.

[1] https://github.com/danmar/cppcheck/commit/aaeec462e6d96bb70c2b1cf030979d09e2d7c959

6 years agoMerge branch 'michal/cleanup-with-cc-alg-remnants' into 'master'
Michał Kępień [Tue, 15 Oct 2019 20:35:11 +0000 (16:35 -0400)] 
Merge branch 'michal/cleanup-with-cc-alg-remnants' into 'master'

Remove remnants of the --with-cc-alg option

See merge request isc-projects/bind9!2436

6 years agoRemove remnants of the --with-cc-alg option
Michał Kępień [Tue, 15 Oct 2019 19:57:58 +0000 (21:57 +0200)] 
Remove remnants of the --with-cc-alg option

Commit afa81ee4e4e863fa646177947c55e8c6b1475f47 omitted some spots in
the source tree which are still referencing the removed --with-cc-alg
"configure" option.  Make sure the latter is removed completely.

6 years agoMerge branch 'michal/limit-triggers-for-openbsd-system-test-jobs' into 'master'
Michał Kępień [Tue, 15 Oct 2019 19:52:33 +0000 (15:52 -0400)] 
Merge branch 'michal/limit-triggers-for-openbsd-system-test-jobs' into 'master'

Limit triggers for OpenBSD system test jobs

See merge request isc-projects/bind9!2468

6 years agoLimit triggers for OpenBSD system test jobs
Michał Kępień [Tue, 15 Oct 2019 19:35:18 +0000 (21:35 +0200)] 
Limit triggers for OpenBSD system test jobs

When a GitLab CI runner is not under load, a single OpenBSD system test
job completes in about 12 minutes, which is considered decent.  However,
such jobs are usually multiplexed with other system test jobs on the
same host, which causes each of them to take even 40 minutes to
complete.  Taking retries into account, this is completely unacceptable
for everyday use, so only start OpenBSD system test jobs for pipelines
created through GitLab's web interface and for pipelines created for Git
tags.

6 years agoMerge branch 'michal/minor-gitlab-ci-tweaks' into 'master'
Michał Kępień [Tue, 15 Oct 2019 19:45:54 +0000 (15:45 -0400)] 
Merge branch 'michal/minor-gitlab-ci-tweaks' into 'master'

Minor GitLab CI tweaks

See merge request isc-projects/bind9!2435

6 years agoTweak dependencies for the Windows build job
Michał Kępień [Tue, 15 Oct 2019 18:49:08 +0000 (20:49 +0200)] 
Tweak dependencies for the Windows build job

Since the Windows build job does not use the files created as a result
of running "autoreconf -fi" in the "autoreconf:sid:amd64" job, set its
dependencies to an empty list.

Since it is currently not possible to use "needs: []" for jobs which do
not belong to the first stage of a pipeline, set the "needs" key for the
Windows build job to the "autoreconf:sid:amd64" job so that all build
jobs are started at the same time (without this change, the Windows
build job does not start until all jobs in the "precheck" stage are
finished).

As a side note, these changes also attempt to eliminate intermittent,
bogus GitLab error messages ("There has been a missing dependency
failure").

6 years agoFix artifacts created by the "autoreconf" CI job
Michał Kępień [Tue, 15 Oct 2019 18:49:08 +0000 (20:49 +0200)] 
Fix artifacts created by the "autoreconf" CI job

The intended purpose of the "autoreconf:sid:amd64" GitLab CI job is to
run "autoreconf -fi" and then pass the updated files on to subsequent
non-Windows build jobs.  However, the artifacts currently created by
that job only include files which are not tracked by Git.  Since we
currently do track e.g. "configure" with Git, the aforementioned job is
essentially a no-op.  Fix by manually specifying the files generated by
the "autoreconf:sid:amd64" job that should be passed on to subsequent
build jobs.

6 years agoMerge branch 'michal/add-openbsd-to-gitlab-ci' into 'master'
Michał Kępień [Tue, 15 Oct 2019 18:44:40 +0000 (14:44 -0400)] 
Merge branch 'michal/add-openbsd-to-gitlab-ci' into 'master'

Add OpenBSD to GitLab CI

Closes #148

See merge request isc-projects/bind9!2434

6 years agoAdd OpenBSD to GitLab CI
Michał Kępień [Tue, 15 Oct 2019 14:38:04 +0000 (16:38 +0200)] 
Add OpenBSD to GitLab CI

Ensure BIND can be tested on OpenBSD in GitLab CI to more quickly catch
build and test errors on that operating system.

Some notes:

  - While GCC is packaged for OpenBSD, only old versions (4.2.1, 4.9.4)
    are readily available and none of them is the default system
    compiler, so we are only doing Clang builds in GitLab CI.

  - Unit tests are currently not run on OpenBSD because it ships with an
    old version of kyua which does not handle skipped tests properly.
    These jobs will be added when we move away from using kyua in the
    future as the test code itself works fine.

  - All OpenBSD jobs are run inside QEMU virtual machines, using GitLab
    Runner Custom executor.

6 years agoWork around an OpenBSD "make" quirk
Michał Kępień [Tue, 15 Oct 2019 14:38:04 +0000 (16:38 +0200)] 
Work around an OpenBSD "make" quirk

Consider the following Makefile:

    foo:
     false

On OpenBSD, the following happens for this Makefile:

  - "make foo" returns 1,
  - "make -k foo" returns 0,
  - "make -k -j6 foo" returns 1.

However, if the .NOTPARALLEL pseudo-target is added to this Makefile,
"make -k -j6 foo" will return 0 as well.

Since bin/tests/Makefile contains the .NOTPARALLEL pseudo-target,
running "make -k -j6 test" from bin/tests/ on OpenBSD prevents any
errors from being reported through that command's exit code.

Work around the issue by running "make -k -j6 test" in the
bin/tests/system/ directory instead as bin/tests/system/Makefile does
not contain the .NOTPARALLEL pseudo-target and thus things work as
expected there.

6 years agoMerge branch '1143-a-minor-documentation-issue-consideration-of-parsing-inconsistenci...
Mark Andrews [Sun, 13 Oct 2019 14:27:38 +0000 (10:27 -0400)] 
Merge branch '1143-a-minor-documentation-issue-consideration-of-parsing-inconsistencies-in-ipv4s-in-address-match-lists-and-in-a-controls-inet-statement' into 'master'

Resolve "A minor documentation issue & consideration of parsing inconsistencies in IPv4s in address match lists and in a controls/inet statement"

Closes #1143

See merge request isc-projects/bind9!2152

6 years agoDetect partial prefixes / incomplete IPv4 address in acls.
Mark Andrews [Mon, 15 Jul 2019 00:25:36 +0000 (10:25 +1000)] 
Detect partial prefixes / incomplete IPv4 address in acls.

6 years agoMerge branch 'u/fanf2/dsdigest-abbr' into 'master'
Ondřej Surý [Thu, 10 Oct 2019 19:58:17 +0000 (15:58 -0400)] 
Merge branch 'u/fanf2/dsdigest-abbr' into 'master'

cleanup: more consistent abbreviated DS digest type mnemonics

See merge request isc-projects/bind9!2440

6 years agocleanup: more consistent abbreviated DS digest type mnemonics
Tony Finch [Wed, 2 Oct 2019 18:43:09 +0000 (19:43 +0100)] 
cleanup: more consistent abbreviated DS digest type mnemonics

BIND supports the non-standard DNSKEY algorithm mnemonic ECDSA256
everywhere ECDSAP256SHA256 is allowed, and allows algorithm numbers
interchangeably with mnemonics. This is all done in one place by the
dns_secalg_fromtext() function.

DS digest types were less consistent: the rdata parser does not allow
abbreviations like SHA1, but the dnssec-* command line tools do; and
the command line tools do not alow numeric types though that is the
norm in rdata.

The command line tools now use the dns_dsdigest_fromtext() function
instead of rolling their own variant, and dns_dsdigest_fromtext() now
knows about abbreviated digest type mnemonics.

6 years agoMerge branch 'ondrej/1-week-artifact-expiration' into 'master'
Ondřej Surý [Thu, 10 Oct 2019 05:44:33 +0000 (01:44 -0400)] 
Merge branch 'ondrej/1-week-artifact-expiration' into 'master'

Synchronize the lifetime of artifact to 1 week

See merge request isc-projects/bind9!2448

6 years agoMerge branch 'fix-doc' into security-master
Tinderbox User [Wed, 9 Oct 2019 20:46:01 +0000 (20:46 +0000)] 
Merge branch 'fix-doc' into security-master

6 years agoregenerate doc
Tinderbox User [Wed, 9 Oct 2019 20:45:13 +0000 (20:45 +0000)] 
regenerate doc

6 years agoSynchronize the lifetime of artifact to 1 week
Ondřej Surý [Wed, 9 Oct 2019 19:34:18 +0000 (21:34 +0200)] 
Synchronize the lifetime of artifact to 1 week

6 years agoMerge branch '1119-tsan-lib/dns/view.c-attributes' into 'master'
Ondřej Surý [Wed, 9 Oct 2019 06:51:24 +0000 (02:51 -0400)] 
Merge branch '1119-tsan-lib/dns/view.c-attributes' into 'master'

Convert struct dns_view->attributes to atomic_uint to prevent some locking

See merge request isc-projects/bind9!2368

6 years agoMerge branch 'security-master-issue-numbers' into 'security-master'
Ondřej Surý [Wed, 9 Oct 2019 06:38:48 +0000 (02:38 -0400)] 
Merge branch 'security-master-issue-numbers' into 'security-master'

Fix the GitLab issue numbers in CHANGES and notes.xml

See merge request isc-private/bind9!121

6 years agoConvert struct dns_view->attributes to atomic_uint to prevent some locking
Ondřej Surý [Thu, 18 Jul 2019 12:22:31 +0000 (14:22 +0200)] 
Convert struct dns_view->attributes to atomic_uint to prevent some locking