]> git.ipfire.org Git - thirdparty/bind9.git/log
thirdparty/bind9.git
6 years agoSplit dns_name_copy() into dns_name_copy() and dns_name_copynf()
Ondřej Surý [Tue, 10 Sep 2019 12:36:41 +0000 (14:36 +0200)] 
Split dns_name_copy() into dns_name_copy() and dns_name_copynf()

The dns_name_copy() function followed two different semanitcs that was driven
whether the last argument was or wasn't NULL.  This commit splits the function
in two where now third argument to dns_name_copy() can't be NULL and
dns_name_copynf() doesn't have third argument.

6 years agoThe final round of adding RUNTIME_CHECK() around dns_name_copy() calls
Ondřej Surý [Fri, 27 Sep 2019 06:37:26 +0000 (08:37 +0200)] 
The final round of adding RUNTIME_CHECK() around dns_name_copy() calls

This commit was done by hand to add the RUNTIME_CHECK() around stray
dns_name_copy() calls with NULL as third argument.  This covers the edge cases
that doesn't make sense to write a semantic patch since the usage pattern was
unique or almost unique.

6 years agoAdd RUNTIME_CHECK() around result = dns_name_copy(..., NULL) calls
Ondřej Surý [Tue, 10 Sep 2019 11:55:18 +0000 (13:55 +0200)] 
Add RUNTIME_CHECK() around result = dns_name_copy(..., NULL) calls

This second commit uses second semantic patch to replace the calls to
dns_name_copy() with NULL as third argument where the result was stored in a
isc_result_t variable.  As the dns_name_copy(..., NULL) cannot fail gracefully
when the third argument is NULL, it was just a bunch of dead code.

Couple of manual tweaks (removing dead labels and unused variables) were
manually applied on top of the semantic patch.

6 years agoAdd RUNTIME_CHECK() around plain dns_name_copy(..., NULL) calls using spatch
Ondřej Surý [Tue, 10 Sep 2019 11:16:48 +0000 (13:16 +0200)] 
Add RUNTIME_CHECK() around plain dns_name_copy(..., NULL) calls using spatch

This commit add RUNTIME_CHECK() around all simple dns_name_copy() calls where
the third argument is NULL using the semantic patch from the previous commit.

6 years agoAdd semantic patches to correctly check dns_name_copy(..., NULL) return code
Ondřej Surý [Mon, 9 Sep 2019 10:14:39 +0000 (12:14 +0200)] 
Add semantic patches to correctly check dns_name_copy(..., NULL) return code

The dns_name_copy() function cannot fail gracefully when the last argument
(target) is NULL.  Add RUNTIME_CHECK()s around such calls.

The first semantic patch adds RUNTIME_CHECK() around any call that ignores the
return value and is very safe to apply.

The second semantic patch attempts to properly add RUNTIME_CHECK() to places
where the return value from `dns_name_copy()` is recorded into `result`
variable.  The result of this semantic patch needs to be reviewed by hand.

Both patches misses couple places where the code surrounding the
`dns_name_copy(..., NULL)` usage is more complicated and is better suited to be
fixed by a human being that understands the surrounding code.

6 years agoMerge branch '846-dig-idn-alabel-fallback' into 'master'
Ondřej Surý [Mon, 30 Sep 2019 09:49:01 +0000 (05:49 -0400)] 
Merge branch '846-dig-idn-alabel-fallback' into 'master'

Resolve "dig cannot display ACE query if locale is not unicode"

Closes #846

See merge request isc-projects/bind9!1418

6 years agoAdd CHANGES for GL #846
Ondřej Surý [Mon, 30 Sep 2019 07:10:39 +0000 (09:10 +0200)] 
Add CHANGES for GL #846

6 years agoTest of valid A-label in locale that cannot display it only with non-broken idn2
Ondřej Surý [Mon, 30 Sep 2019 07:04:59 +0000 (09:04 +0200)] 
Test of valid A-label in locale that cannot display it only with non-broken idn2

The libidn2 library on Ubuntu Bionic is broken and idn2_to_unicode_8zlz() does't
fail when it should.  This commit ensures that we don't run the system test for
valid A-label in locale that cannot display with the buggy libidn2 as it would
break the tests.

6 years agoEmit warning on IDN output failure
Petr Menšík [Wed, 30 Jan 2019 14:38:54 +0000 (15:38 +0100)] 
Emit warning on IDN output failure

Warning is emitted before any dig headers.

6 years agoModify idna test to fallback to ACE
Petr Menšík [Tue, 29 Jan 2019 18:11:19 +0000 (19:11 +0100)] 
Modify idna test to fallback to ACE

Test valid A-label on input would be displayed as A-label on output if
locale does not allow U-label.

6 years agoFallback to ASCII on output IDN conversion error
Petr Menšík [Tue, 29 Jan 2019 17:07:44 +0000 (18:07 +0100)] 
Fallback to ASCII on output IDN conversion error

It is possible dig used ACE encoded name in locale, which does not
support converting it to unicode. Instead of fatal error, fallback to
ACE name on output.

6 years agoMerge branch 'marka-correct-list' into 'master'
Mark Andrews [Sun, 29 Sep 2019 00:50:55 +0000 (20:50 -0400)] 
Merge branch 'marka-correct-list' into 'master'

use correct list

See merge request isc-projects/bind9!2410

6 years agoAddress cut-and-paste error where list name was not changed in one instance for chang...
Mark Andrews [Fri, 27 Sep 2019 23:59:27 +0000 (09:59 +1000)] 
Address cut-and-paste error where list name was not changed in one instance for change 5292.

6 years agoMerge branch '147-add-windows-to-gitlab-ci' into 'master'
Michał Kępień [Fri, 27 Sep 2019 10:59:49 +0000 (06:59 -0400)] 
Merge branch '147-add-windows-to-gitlab-ci' into 'master'

Add Windows to GitLab CI

Closes #327 and #147

See merge request isc-projects/bind9!2383

6 years agoUpdate Windows-specific documentation
Michał Kępień [Thu, 26 Sep 2019 13:11:15 +0000 (15:11 +0200)] 
Update Windows-specific documentation

Bring the files describing Windows-specific aspects of building and
installing BIND up to date.  Remove the parts which are either outdated
(e.g. 32-bit build instructions), already included elsewhere (e.g. the
list of Windows systems BIND is known to run on), or inconvenient to
keep up to date in the long run (e.g. ARM chapter numbers).

6 years agoAdd Windows to GitLab CI
Michał Kępień [Thu, 26 Sep 2019 13:11:15 +0000 (15:11 +0200)] 
Add Windows to GitLab CI

Ensure BIND can be tested on Windows in GitLab to more quickly catch
build and test errors on that operating system.

Some notes:

  - While build jobs are triggered for all pipelines, system test jobs
    are not - due to the time it takes to run the complete system test
    suite on Windows (about 20 minutes), the latter are only run for
    pipelines created through GitLab's web interface and for pipelines
    created for Git tags.

  - Only the "Release" build configuration is currently used.  Adding
    "Debug" builds is a matter of extending .gitlab-ci.yml, but it was
    not done for the time being due to questionable usefulness of
    performing such builds in GitLab CI.

  - Only a 64-bit build is performed.  Adding support for 32-bit builds
    is not planned to be implemented.

  - Unit tests are still not run on Windows, but adding support for that
    is on the roadmap.

  - All Windows GitLab CI jobs are run inside Windows Server containers,
    using the Custom executor feature of GitLab Runner as Windows Server
    2016 is not supported by GitLab Runner's native Docker on Windows
    executor and Windows Server 2019 is not yet widely available from
    hosting providers.

  - The Windows Docker image used by GitLab CI is not stored in the
    GitLab Container Registry as it is over 27 GB in size and thus
    passing it between GitLab and its runners is impractical.

  - There is no vcvarsall.bat variant written in PowerShell and batch
    scripts are no longer supported by GitLab Runner Custom executor, so
    the environment variables set by vcvarsall.bat are injected back
    into the PowerShell environment by processing the output of "set".

  - Visual Studio parallel builds are a bit different than "make -jX"
    builds as parallelization happens in two tiers: project parallelism
    (controlled by the "/maxCpuCount" msbuild.exe switch) and compiler
    parallelism (controlled by the "/MP" cl.exe switch).  To limit the
    total number of compiler processes spawned concurrently to a value
    similar to the one used for Unix builds, msbuild.exe is allowed to
    build at most 2 projects at once, each of which can spawn up to half
    of BUILD_PARALLEL_JOBS worth of compiler processes.  Using such
    parameters is a fairly arbitrary decision taken to solve the
    trade-off between compilation speed and runner load.

  - Configuring network addresses in Windows Server containers is
    tricky.  Adding 10.53.0.1/24 and similar addresses to the vEthernet
    interface created by Docker never causes ifconfig.bat to fail, but
    in fact only one container can have any given IP address configured
    at any given time (the request to add the same address in another
    container is silently ignored).  Thus, in order to allow multiple
    system test jobs to be run in parallel, the addresses used in system
    tests are configured on the loopback interfaces.  Interestingly
    enough, the addresses set on the loopback interfaces... persist
    between containers.  Fortunately, this is acceptable for the time
    being and only requires ifconfig.bat failures to be ignored (as
    ifconfig.bat will fail if it attempts to configure an already
    existing address on an interface).  We also need to wait for a brief
    moment after calling ifconfig.bat as the addresses the latter
    attempts to configure may not be immediately available after it
    returns (and that causes runall.sh to error out).  Finally, for some
    reason we also need to signal that the DNS servers on each loopback
    interface are to be configured using DHCP or else ifconfig.bat will
    fail to add the requested addresses.

  - Since named.pid files created by named instances used in system
    tests contain Windows PIDs instead of Cygwin PIDs and various
    versions of Cygwin "kill" react differently when passed Windows PIDs
    without the -W switch, all "kill" invocations in GitLab CI need to
    use that switch (otherwise they would print error messages which
    would cause stop.pl to assume the process being killed died
    prematurely).  However, to preserve compatibility with older Cygwin
    versions used in our other Windows test environments, we alter the
    relevant scripts "on the fly" rather than in the Git repository.

  - In the containers used for running system tests, Windows Error
    Reporting is configured to automatically create crash dumps in
    C:\CrashDumps.  This directory is examined after the test suite is
    run to ensure no crashes went under stop.pl's radar.

6 years agoFix the "statschannel" system test on Windows
Michał Kępień [Thu, 26 Sep 2019 13:11:15 +0000 (15:11 +0200)] 
Fix the "statschannel" system test on Windows

The SYSTEMTESTTOP variable is set by bin/tests/system/run.sh.  When
system tests are run on Windows, that variable will contain an absolute
Cygwin path.  In the case of the "statschannel" system test, using the
unmodified SYSTEMTESTTOP variable in tests.sh causes the RNDCCMD
variable to contain an invocation of a native Windows application with
an absolute Cygwin path passed as a parameter, which prevents rndc from
working in that system test.  Until we have a cleaner solution, override
SYSTEMTESTTOP with a relative path to work around the issue and thus fix
the "statschannel" system test on Windows.

6 years agoFix system test error reporting on Windows
Michał Kępień [Thu, 26 Sep 2019 13:11:15 +0000 (15:11 +0200)] 
Fix system test error reporting on Windows

Make sure the CYGWIN environment variable is set whenever system tests
are run on Windows to prevent stop.pl from making incorrect assumptions
about the environment it is running in, which triggers e.g. false
reports about named instances crashing on shutdown when system tests are
run on Windows.  This issue has not been caught earlier because the
CYGWIN environment variable was incidentally being set on a higher level
in our Windows test environments.

Error reporting for parallel system tests on Windows has been broken all
along: since all parallel.mk targets generated by parallel.sh pipe their
output through "tee", the return code from run.sh is lost and thus
running "make -f parallel.mk check" will not yield a non-zero return
code if some system tests fail.  The same applies to runsequential.sh.
Yet, runall.sh on Windows only sets its return code to a non-zero value
if either "make -f parallel.mk check" or runsequential.sh returns a
non-zero return code.  Fix by making runall.sh yield a non-zero return
code when testsummary.sh fails, which is the same approach as the one
used in the "test" target in bin/tests/system/Makefile.

6 years agoMake VS solution upgrading unnecessary
Michał Kępień [Thu, 26 Sep 2019 13:11:15 +0000 (15:11 +0200)] 
Make VS solution upgrading unnecessary

Until now, the build process for BIND on Windows involved upgrading the
solution file to the version of Visual Studio used on the build host.
Unfortunately, the executable used for that (devenv.exe) is not part of
Visual Studio Build Tools and thus there is no clean way to make that
executable part of a Windows Server container.

Luckily, the solution upgrade process boils down to just adding XML tags
to Visual Studio project files and modifying certain XML attributes - in
files which we pregenerate anyway using win32utils/Configure.  Thus,
extend win32utils/Configure with three new command line parameters that
enable it to mimic what "devenv.exe bind9.sln /upgrade" does.  This
makes the devenv.exe build step redundant and thus facilitates building
BIND in Windows Server containers.

6 years agoEnable building dnssec-cds.exe
Michał Kępień [Thu, 26 Sep 2019 13:11:15 +0000 (15:11 +0200)] 
Enable building dnssec-cds.exe

Build configuration for the dnssec-cds Visual Studio project is absent
from the solution file template, which means the solution needs to be
upgraded using "devenv bind9.sln /upgrade" in order for the dnssec-cds
project to be built.  Add the build configuration for dnssec-cds to the
solution file template so that upgrading the solution is not necessary
for building that project.

6 years agoDrop named-checkzone dependency on libbind9
Michał Kępień [Thu, 26 Sep 2019 13:11:15 +0000 (15:11 +0200)] 
Drop named-checkzone dependency on libbind9

named-checkzone does not use libbind9.  Update the Visual Studio project
file template for named-checkzone to reflect that, thus preventing
compilation issues during parallel builds.

6 years agoAdd missing nsupdate dependency on libirs
Michał Kępień [Thu, 26 Sep 2019 13:11:15 +0000 (15:11 +0200)] 
Add missing nsupdate dependency on libirs

When commit 8eb88aafee951859264e36c315b1289cd8c2088b removed liblwres,
it also modified nsupdate to use libirs instead of liblwres, but the
Visual Studio project files were not updated to reflect that change.
Make sure the nsupdate Visual Studio project depends on the libirs
project to prevent compilation issues during parallel builds.

6 years agoMerge branch 'ondrej/fix-clang-10-error' into 'master'
Ondřej Surý [Thu, 26 Sep 2019 13:06:14 +0000 (09:06 -0400)] 
Merge branch 'ondrej/fix-clang-10-error' into 'master'

Silence false positive warning from Clang 10 in random_test.c

See merge request isc-projects/bind9!2404

6 years agoSilence false positive warning from Clang 10 in random_test.c
Ondřej Surý [Thu, 26 Sep 2019 12:55:53 +0000 (14:55 +0200)] 
Silence false positive warning from Clang 10 in random_test.c

6 years agoMerge branch 'michal/prevent-unbuffered-stderr-io-on-windows' into 'master'
Michał Kępień [Thu, 26 Sep 2019 12:00:51 +0000 (08:00 -0400)] 
Merge branch 'michal/prevent-unbuffered-stderr-io-on-windows' into 'master'

Prevent unbuffered stderr I/O on Windows

See merge request isc-projects/bind9!2398

6 years agoPrevent unbuffered stderr I/O on Windows
Michał Kępień [Thu, 26 Sep 2019 11:53:03 +0000 (13:53 +0200)] 
Prevent unbuffered stderr I/O on Windows

Make stderr fully buffered on Windows to improve named performance when
it is logging to stderr, which happens e.g. in system tests.  Note that:

  - line buffering (_IOLBF) is unavailable on Windows,

  - fflush() is called anyway after each log message gets written to the
    default stderr logging channels created by libisc.

6 years agoMerge branch '1246-tsan-add-atomic_fetch_and+or_to_isc/stdatomic.h' into 'master'
Ondřej Surý [Thu, 26 Sep 2019 10:59:54 +0000 (06:59 -0400)] 
Merge branch '1246-tsan-add-atomic_fetch_and+or_to_isc/stdatomic.h' into 'master'

Add atomic_fetch_add and atomic_fetch_or convenience macros and unix and win32 shims

Closes #1246

See merge request isc-projects/bind9!2397

6 years agoAdd ATOMIC_VAR_INIT initializer to mutexatomics.h
Ondřej Surý [Fri, 12 Jul 2019 14:48:10 +0000 (16:48 +0200)] 
Add ATOMIC_VAR_INIT initializer to mutexatomics.h

6 years agoAdd atomic_fetch_add and atomic_fetch_or convenience macros and unix and win32 shims
Ondřej Surý [Thu, 4 Jul 2019 09:04:29 +0000 (11:04 +0200)] 
Add atomic_fetch_add and atomic_fetch_or convenience macros and unix and win32 shims

6 years agoFix the wrong function for the atomic_fetch_add_explicit64 shim on non-WIN64 build
Ondřej Surý [Thu, 4 Jul 2019 09:04:29 +0000 (11:04 +0200)] 
Fix the wrong function for the atomic_fetch_add_explicit64 shim on non-WIN64 build

6 years agoMerge branch 'michal/prevent-cygwin-from-concealing-non-abort-crashes' into 'master'
Michał Kępień [Thu, 26 Sep 2019 08:38:04 +0000 (04:38 -0400)] 
Merge branch 'michal/prevent-cygwin-from-concealing-non-abort-crashes' into 'master'

Prevent Cygwin from concealing non-abort() crashes

See merge request isc-projects/bind9!2387

6 years agoPrevent Cygwin from concealing non-abort() crashes
Michał Kępień [Thu, 26 Sep 2019 08:34:01 +0000 (10:34 +0200)] 
Prevent Cygwin from concealing non-abort() crashes

BIND system tests are run in a Cygwin environment.  Apparently Cygwin
shell sets the SEM_NOGPFAULTERRORBOX bit in its process error mode which
is then inherited by all spawned child processes.  This bit prevents the
Windows Error Reporting dialog from being displayed, which I assume is
part of an effort to contain memory handling errors triggered by Cygwin
binaries in the Cygwin environment.  Unfortunately, this also prevents
automatic crash dump creation by Windows Error Reporting and Cygwin
itself does not handle memory errors in native Windows processes spawned
from a Cygwin shell.

Fix by clearing the SEM_NOGPFAULTERRORBOX bit inside named if it is
started in a Cygwin environment, thus overriding the Cygwin-set process
error mode in order to enable Windows Error Reporting to handle all
named crashes.

6 years agoMerge branch '1245-properly-initialize-libxml2' into 'master'
Michał Kępień [Thu, 26 Sep 2019 08:31:48 +0000 (04:31 -0400)] 
Merge branch '1245-properly-initialize-libxml2' into 'master'

Properly initialize libxml2

Closes #1245

See merge request isc-projects/bind9!2391

6 years agoAdd CHANGES entry
Michał Kępień [Thu, 26 Sep 2019 08:20:26 +0000 (10:20 +0200)] 
Add CHANGES entry

5293. [bug] On Windows, named crashed upon any attempt to fetch XML
statistics from it. [GL #1245]

6 years agoProperly initialize libxml2
Michał Kępień [Thu, 26 Sep 2019 08:20:26 +0000 (10:20 +0200)] 
Properly initialize libxml2

When libxml2 is to be used in a multi-threaded application, the
xmlInitThreads() function must be called before any other libxml2
function.  This function does different things on various platforms and
thus one can get away without calling it on Unix systems, but not on
Windows, where it initializes critical section objects used for
synchronizing access to data structures shared between threads.  Add the
missing xmlInitThreads() call to prevent crashes on affected systems.

Also add a matching xmlCleanupThreads() call to properly release the
resources set up by xmlInitThreads().

6 years agoMerge branch 'marka-resolver-fix' into 'master'
Mark Andrews [Thu, 26 Sep 2019 07:54:29 +0000 (03:54 -0400)] 
Merge branch 'marka-resolver-fix' into 'master'

use test specific shell variables

See merge request isc-projects/bind9!2382

6 years agouse test specific shell variables
Mark Andrews [Tue, 24 Sep 2019 03:11:08 +0000 (13:11 +1000)] 
use test specific shell variables

6 years agoMerge branch '1119-tsan-lib/dns/rbt.c' into 'master'
Ondřej Surý [Wed, 25 Sep 2019 18:30:26 +0000 (14:30 -0400)] 
Merge branch '1119-tsan-lib/dns/rbt.c' into 'master'

Prevent TSAN being trigged when DNS_RBTFIND_EMPTYDATA is set

See merge request isc-projects/bind9!2369

6 years agoprevent TSAN being trigged when DNS_RBTFIND_EMPTYDATA is set
Mark Andrews [Thu, 1 Aug 2019 21:58:36 +0000 (07:58 +1000)] 
prevent TSAN being trigged when DNS_RBTFIND_EMPTYDATA is set

6 years agoMerge branch '1119-tsan-bin/rndc/rndc.c' into 'master'
Ondřej Surý [Wed, 25 Sep 2019 12:05:10 +0000 (08:05 -0400)] 
Merge branch '1119-tsan-bin/rndc/rndc.c' into 'master'

Protect globally accessed variables in rndc.c by making them atomic

See merge request isc-projects/bind9!2370

6 years agoProtect globally accessed variables in rndc.c by making them atomic
Ondřej Surý [Mon, 13 May 2019 18:20:06 +0000 (01:20 +0700)] 
Protect globally accessed variables in rndc.c by making them atomic

6 years agoMerge branch '1119-tsan-lib/dns/rbtdb.c' into 'master'
Ondřej Surý [Wed, 25 Sep 2019 11:10:22 +0000 (07:10 -0400)] 
Merge branch '1119-tsan-lib/dns/rbtdb.c' into 'master'

Fix unprotected access to rbtnode in lib/dns/rbtdb.c:add32()

See merge request isc-projects/bind9!2371

6 years agoFix unprotected access to rbtnode in lib/dns/rbtdb.c:add32()
Ondřej Surý [Sat, 20 Jul 2019 21:54:05 +0000 (17:54 -0400)] 
Fix unprotected access to rbtnode in lib/dns/rbtdb.c:add32()

6 years agoMerge branch '1119-tsan-lib/isc/unix/socket.c' into 'master'
Ondřej Surý [Tue, 24 Sep 2019 19:32:38 +0000 (15:32 -0400)] 
Merge branch '1119-tsan-lib/isc/unix/socket.c' into 'master'

lib/isc/unix/socket.c: Convert couple isc__socket_t members to atomic to prevent data race

See merge request isc-projects/bind9!2356

6 years agoFix unprotected access to thread->epoll_events[fd] in unwatch_fd()
Ondřej Surý [Sat, 20 Jul 2019 20:10:49 +0000 (16:10 -0400)] 
Fix unprotected access to thread->epoll_events[fd] in unwatch_fd()

6 years agoMove the lock from internal_{accept,connect,recv,send} to global level to protect...
Ondřej Surý [Thu, 4 Jul 2019 14:10:19 +0000 (16:10 +0200)] 
Move the lock from internal_{accept,connect,recv,send} to global level to protect more socket variables

6 years agoConvert couple isc__socket_t members to atomic to prevent data race (from TSAN)
Ondřej Surý [Mon, 1 Jul 2019 13:19:53 +0000 (15:19 +0200)] 
Convert couple isc__socket_t members to atomic to prevent data race (from TSAN)

6 years agoMerge branch '1205-named-crashes-when-setting-nsec3param' into 'master'
Mark Andrews [Tue, 24 Sep 2019 01:21:15 +0000 (21:21 -0400)] 
Merge branch '1205-named-crashes-when-setting-nsec3param' into 'master'

Resolve "named crashes when setting nsec3param"

Closes #1205

See merge request isc-projects/bind9!2300

6 years agoadd CHANGES
Mark Andrews [Tue, 24 Sep 2019 00:48:59 +0000 (10:48 +1000)] 
add CHANGES

6 years agoQueue nsec3param setting until receive_secure_serial has completed.
Mark Andrews [Fri, 6 Sep 2019 05:34:38 +0000 (15:34 +1000)] 
Queue nsec3param setting until receive_secure_serial has completed.

6 years agoMove dns_zone_setdb() to after the db is created.
Mark Andrews [Wed, 4 Sep 2019 04:02:33 +0000 (14:02 +1000)] 
Move dns_zone_setdb() to after the db is created.

Addresses the database changing w/o the changes being done under task lock.
Fix: build the database before assigning it to the zone.

6 years agoMerge branch 'michal/run-freebsd-jobs-automatically-for-all-pipelines' into 'master'
Michał Kępień [Tue, 17 Sep 2019 18:26:12 +0000 (14:26 -0400)] 
Merge branch 'michal/run-freebsd-jobs-automatically-for-all-pipelines' into 'master'

Run FreeBSD jobs automatically for all pipelines

See merge request isc-projects/bind9!2350

6 years agoRun FreeBSD jobs automatically for all pipelines
Michał Kępień [Tue, 17 Sep 2019 18:24:12 +0000 (20:24 +0200)] 
Run FreeBSD jobs automatically for all pipelines

No problems have been observed on the FreeBSD GitLab CI runner during
the burn-in period, when FreeBSD jobs needed to be triggered manually.
Thus, make the FreeBSD jobs run automatically along other GitLab CI
jobs.

6 years agoMerge branch 'mnowak/Red_Hat_find_docbook-xsl' into 'master'
Michal Nowak [Tue, 17 Sep 2019 14:45:42 +0000 (10:45 -0400)] 
Merge branch 'mnowak/Red_Hat_find_docbook-xsl' into 'master'

Find docbook-xsl and dblatex templates on Red Hat/Fedora

See merge request isc-projects/bind9!2324

6 years agoRemove unused configure checks for dblatex
Michal Nowak [Tue, 17 Sep 2019 06:01:41 +0000 (08:01 +0200)] 
Remove unused configure checks for dblatex

6 years agoFind docbook-xsl and dblatex templates on Red Hat/Fedora
Michal Nowak [Mon, 9 Sep 2019 12:21:19 +0000 (14:21 +0200)] 
Find docbook-xsl and dblatex templates on Red Hat/Fedora

`/usr/share/sgml/docbook/xsl-stylesheets` and `/usr/share/dblatex` are
places where docbook-style-xsl and, respectively, dblatex packages on
Red Hat systems put their XSL templates. Unless we hint this place it
has to be added to `./configure` manually (`--with-docbook-xsl=...`):
https://src.fedoraproject.org/rpms/bind/blob/master/f/bind.spec#_691.

On Fedora 30:

Before
```
./configure
...
checking for Docbook-XSL path... auto
checking for html/docbook.xsl... "not found"
checking for xhtml/docbook.xsl... "not found"
checking for manpages/docbook.xsl... "not found"
checking for html/chunk.xsl... "not found"
checking for xhtml/chunk.xsl... "not found"
checking for html/chunktoc.xsl... "not found"
checking for xhtml/chunktoc.xsl... "not found"
checking for html/maketoc.xsl... "not found"
checking for xhtml/maketoc.xsl... "not found"
checking for xsl/docbook.xsl... "not found"
checking for xsl/latex_book_fast.xsl... "not found"
```

After:
```
./configure
...
checking for Docbook-XSL path... auto
checking for html/docbook.xsl... /usr/share/sgml/docbook/xsl-stylesheets/html/docbook.xsl
checking for xhtml/docbook.xsl... /usr/share/sgml/docbook/xsl-stylesheets/xhtml/docbook.xsl
checking for manpages/docbook.xsl... /usr/share/sgml/docbook/xsl-stylesheets/manpages/docbook.xsl
checking for html/chunk.xsl... /usr/share/sgml/docbook/xsl-stylesheets/html/chunk.xsl
checking for xhtml/chunk.xsl... /usr/share/sgml/docbook/xsl-stylesheets/xhtml/chunk.xsl
checking for html/chunktoc.xsl... /usr/share/sgml/docbook/xsl-stylesheets/html/chunktoc.xsl
checking for xhtml/chunktoc.xsl... /usr/share/sgml/docbook/xsl-stylesheets/xhtml/chunktoc.xsl
checking for html/maketoc.xsl... /usr/share/sgml/docbook/xsl-stylesheets/html/maketoc.xsl
checking for xhtml/maketoc.xsl... /usr/share/sgml/docbook/xsl-stylesheets/xhtml/maketoc.xsl
checking for xsl/docbook.xsl... /usr/share/dblatex/xsl/docbook.xsl
checking for xsl/latex_book_fast.xsl... /usr/share/dblatex/xsl/latex_book_fast.xsl
```

6 years agoMerge branch 'ondrej/improve-flycheck-configuration' into 'master'
Ondřej Surý [Tue, 17 Sep 2019 11:30:59 +0000 (07:30 -0400)] 
Merge branch 'ondrej/improve-flycheck-configuration' into 'master'

Remove the current directory from the flycheck configuration

See merge request isc-projects/bind9!2347

6 years agoRemove the current directory from the flycheck configuration
Ondřej Surý [Tue, 17 Sep 2019 11:03:57 +0000 (13:03 +0200)] 
Remove the current directory from the flycheck configuration

6 years agoMerge branch '414-use-p11-kit-headers' into 'master'
Ondřej Surý [Mon, 16 Sep 2019 13:22:33 +0000 (09:22 -0400)] 
Merge branch '414-use-p11-kit-headers' into 'master'

Resolve "Legal issue with pkcs11 headers"

Closes #414

See merge request isc-projects/bind9!2251

6 years agoUse standard PKCS#11 standard error codes instead of custom error codes
Ondřej Surý [Thu, 8 Aug 2019 13:52:47 +0000 (15:52 +0200)] 
Use standard PKCS#11 standard error codes instead of custom error codes

* CKR_CRYPTOKI_ALREADY_INITIALIZED: This value can only be returned by
  `C_Initialize`. It means that the Cryptoki library has already been
  initialized (by a previous call to `C_Initialize` which did not have a
  matching `C_Finalize` call).

* CKR_FUNCTION_NOT_SUPPORTED: The requested function is not supported by this
  Cryptoki library. Even unsupported functions in the Cryptoki API should have a
  “stub” in the library; this stub should simply return the value
  CKR_FUNCTION_NOT_SUPPORTED.

* CKR_LIBRARY_LOAD_FAILED: The Cryptoki library could not load a dependent
  shared library.

6 years agoReplace the OASIS PKCS#11 header file with one from p11-kit
Ondřej Surý [Wed, 29 May 2019 09:07:46 +0000 (11:07 +0200)] 
Replace the OASIS PKCS#11 header file with one from p11-kit

The OASIS pkcs11.h header has a restrictive license.  Replace the
pkcs11.h pkcs11f.h and pkcs11t.h headers with pkcs11.h from p11-kit.

For source distribution, the license for the OASIS headers itself
doesn't pose any licensing problem when combined with MPL license, but
it possibly creates problem for downstream distributors of BIND 9.

6 years agoMerge branch 'ondrej/check-for-return-values-in-mutexatomics.h' into 'master'
Ondřej Surý [Fri, 13 Sep 2019 08:55:55 +0000 (04:55 -0400)] 
Merge branch 'ondrej/check-for-return-values-in-mutexatomics.h' into 'master'

Check isc_mutex_{lock,unlock}() return values in mutexatomic.h shim

See merge request isc-projects/bind9!2343

6 years agoCheck isc_mutex_{lock,unlock}() return values in mutexatomic.h shim
Ondřej Surý [Mon, 15 Jul 2019 10:57:43 +0000 (12:57 +0200)] 
Check isc_mutex_{lock,unlock}() return values in mutexatomic.h shim

6 years agoMerge branch '1184-invalid-reference-counting' into 'master'
Mark Andrews [Fri, 13 Sep 2019 03:40:11 +0000 (23:40 -0400)] 
Merge branch '1184-invalid-reference-counting' into 'master'

Resolve "Invalid reference counting"

Closes #1184

See merge request isc-projects/bind9!2266

6 years agoConvert cache->live_tasks to reference counter.
Mark Andrews [Mon, 26 Aug 2019 04:19:45 +0000 (14:19 +1000)] 
Convert cache->live_tasks to reference counter.

6 years agoUnify how we use isc_refcount_decrement() to destroy object
Ondřej Surý [Thu, 12 Sep 2019 07:49:16 +0000 (09:49 +0200)] 
Unify how we use isc_refcount_decrement() to destroy object

The isc_refcount_decrement() was either used as:

    if (isc_refcount_decrement() == 1) { destroy(); }

or

    if (isc_refcount_decrement() != 1) { return; } destroy();

This commits eradicates the last usage of the later, so the code is unified to
use the former.

6 years agoRemove potential use after free (fctx) in rctx_resend.
Mark Andrews [Wed, 28 Aug 2019 01:34:22 +0000 (11:34 +1000)] 
Remove potential use after free (fctx) in rctx_resend.

6 years agoUse reference counts instead of ISC_LIST_EMPTY to determine when to destroy ecdb.
Mark Andrews [Mon, 26 Aug 2019 01:22:04 +0000 (11:22 +1000)] 
Use reference counts instead of ISC_LIST_EMPTY to determine when to destroy ecdb.

6 years agoMerge branch 'mnowak_README_fixes' into 'master'
Michal Nowak [Thu, 12 Sep 2019 16:15:41 +0000 (12:15 -0400)] 
Merge branch 'mnowak_README_fixes' into 'master'

Various README.md and README fixes

See merge request isc-projects/bind9!2323

6 years agoVarious README.md and README fixes
Michal Nowak [Mon, 9 Sep 2019 07:35:02 +0000 (09:35 +0200)] 
Various README.md and README fixes

Fixing typos, typographical glitches. Added backticks around binaries,
modules, and libraries so it's more consistent. Added a paragraph with
ISC Security Policy.

6 years agoMerge branch 'michal/add-freebsd-to-ci' into 'master'
Michał Kępień [Thu, 12 Sep 2019 12:58:24 +0000 (08:58 -0400)] 
Merge branch 'michal/add-freebsd-to-ci' into 'master'

Add FreeBSD to CI

See merge request isc-projects/bind9!2242

6 years agoAdd FreeBSD to GitLab CI
Michał Kępień [Thu, 12 Sep 2019 12:25:57 +0000 (14:25 +0200)] 
Add FreeBSD to GitLab CI

Ensure BIND can be tested on FreeBSD in GitLab to more quickly catch
build and test errors on that operating system.  Make the relevant jobs
optional until the CI environment supporting them is deemed stable
enough for continuous use.

FreeBSD jobs are run using the Custom executor feature of GitLab Runner.
Unlike the Docker executor, the Custom executor does not support the
"image" option and thus some way of informing the runner about the OS
version to use for a given job is necessary.  Arguably the simplest way
of doing that without a lot of code duplication in .gitlab-ci.yml would
be to use a YAML template with a "variables" block specifying the
desired FreeBSD release to use, but including such a template in a job
definition would cause issues in case other variables also needed to be
set for that job (e.g. CFLAGS or EXTRA_CONFIGURE for build jobs).  Thus,
only one FreeBSD YAML template is defined instead and the Custom
executor scripts on FreeBSD runners extract the OS version to use from
the CI job name.  This allows .gitlab-ci.yml variables to be defined for
FreeBSD jobs in the same way as for Docker-based jobs.

6 years agoTweak lib/dns/tests/tkey_test requirements
Michał Kępień [Thu, 12 Sep 2019 12:25:57 +0000 (14:25 +0200)] 
Tweak lib/dns/tests/tkey_test requirements

Currently, the lib/dns/tests/tkey_test unit test is only run when the
linker supports the --wrap option.  However, linker support for that
option is only needed for static builds.  As a result, the unit test
mentioned before is not being run everywhere it can be run as even for
builds done using --with-libtool, the test is not run unless the linker
supports the --wrap option.

Tweak preprocessor directives in lib/dns/tests/tkey_test.c so that this
test is run:

  - for all builds using --with-libtool,
  - for static builds done using a linker supporting the --wrap option.

6 years agoMake lib/dns/tests/tkey_test.c more portable
Michał Kępień [Thu, 12 Sep 2019 12:25:57 +0000 (14:25 +0200)] 
Make lib/dns/tests/tkey_test.c more portable

Weak symbols are handled differently by different dynamic linkers.  With
glibc, lib/dns/tests/tkey_test works as expected no matter whether
--with-libtool is used or not: __attribute__((weak)) prevents a static
build from failing and it just so happens that the desired symbols are
picked at runtime for dynamic builds.  However, with BSD libc, the
libdns functions called from lib/dns/tests/tkey_test.c use the "real"
memory allocation functions from libisc, thus breaking that unit test.
(Note: similar behavior can be reproduced with glibc by setting the
LD_DYNAMIC_WEAK environment variable.)

The simplest way to make lib/dns/tests/tkey_test work reliably is to
drop all uses of __attribute__((weak)) in it - this way, the memory
functions inside lib/dns/tests/tkey_test.c will always be used instead
of the "real" libisc ones for dynamic builds.  However, this would not
work with static builds as it would result in multiple strong symbols
with the same name being present in a single binary.

Work around the problem by only compiling in the overriding definitions
of memory functions when building using --with-libtool.  For static
builds, keep relying on the --wrap linker option for replacing calls to
the functions we are interested in.

6 years agoSet --logfile for all kyua invocations
Michał Kępień [Thu, 12 Sep 2019 12:25:57 +0000 (14:25 +0200)] 
Set --logfile for all kyua invocations

When kyua is called without the --logfile command line option, the log
file is created at a default location which is derived from the HOME
environment variable.  On FreeBSD GitLab CI runners, /home is a
read-only directory and thus kyua invocations not using the --logfile
option fail when HOME is set to something beneath /home.  Set --logfile
to /dev/null for all kyua invocations whose logs are irrelevant in order
to prevent kyua failures caused by HOME being non-writable.

6 years agoMerge branch 'michal/misc-doc-fixes' into 'master'
Michał Kępień [Thu, 12 Sep 2019 12:01:31 +0000 (08:01 -0400)] 
Merge branch 'michal/misc-doc-fixes' into 'master'

Miscellaneous documentation fixes

See merge request isc-projects/bind9!2329

6 years agoFix latest BIND version number in CHANGES
Michał Kępień [Thu, 12 Sep 2019 11:57:24 +0000 (13:57 +0200)] 
Fix latest BIND version number in CHANGES

BIND version number in CHANGES was not updated when the 9.15.4 release
was prepared.  Make sure the correct version number is used.

6 years agoFix <command> XML tag
Michał Kępień [Thu, 12 Sep 2019 11:57:24 +0000 (13:57 +0200)] 
Fix <command> XML tag

Restore proper spelling of the <command> XML tag to prevent release note
text from getting mangled.

6 years agoREADME: do not mention /usr/include on macOS
Michał Kępień [Thu, 12 Sep 2019 11:57:24 +0000 (13:57 +0200)] 
README: do not mention /usr/include on macOS

For newer versions of Xcode, "xcode-select --install" no longer installs
system headers into /usr/include (instead, they are installed in the
Xcode directory tree), so do not mention that path in the macOS section
of README to prevent confusion.

6 years agoMerge branch 'marka-split-notes-master' into 'master'
Mark Andrews [Thu, 12 Sep 2019 09:53:41 +0000 (05:53 -0400)] 
Merge branch 'marka-split-notes-master' into 'master'

split notes.xml into sections

See merge request isc-projects/bind9!2326

6 years agosplit notes.xml into sections
Mark Andrews [Thu, 12 Sep 2019 01:29:58 +0000 (11:29 +1000)] 
split notes.xml into sections

6 years agoMerge branch '1043-cppcheck-detected-code-issues' into 'master'
Mark Andrews [Thu, 12 Sep 2019 08:29:02 +0000 (04:29 -0400)] 
Merge branch '1043-cppcheck-detected-code-issues' into 'master'

Resolve "cppcheck-detected code issues"

Closes #1043

See merge request isc-projects/bind9!2239

6 years agoaddress or suppress cppcheck warnings
Mark Andrews [Thu, 8 Aug 2019 03:52:44 +0000 (13:52 +1000)] 
address or suppress cppcheck warnings

6 years agoMerge branch 'ondrej/refactor-and-cleanup-isc_mem_create' into 'master'
Ondřej Surý [Thu, 12 Sep 2019 07:50:22 +0000 (03:50 -0400)] 
Merge branch 'ondrej/refactor-and-cleanup-isc_mem_create' into 'master'

Refactor and cleanup isc_mem_create()

See merge request isc-projects/bind9!2315

6 years agoRemove now useless ISC_MEMFLAG_NOLOCK memflag
Ondřej Surý [Fri, 6 Sep 2019 10:46:57 +0000 (12:46 +0200)] 
Remove now useless ISC_MEMFLAG_NOLOCK memflag

Previously the libisc allocator had ability to run unlocked when threading was
disabled.  As the threading is now always on, remove the ISC_MEMFLAG_NOLOCK
memory flag as it serves no purpose.

6 years agoRemove unused isc_mem_createx() function
Ondřej Surý [Fri, 6 Sep 2019 09:31:15 +0000 (11:31 +0200)] 
Remove unused isc_mem_createx() function

The isc_mem_createx() function was only used in the tests to eliminate using the
default flags (which as of writing this commit message was ISC_MEMFLAG_INTERNAL
and ISC_MEMFLAG_FILL).  This commit removes the isc_mem_createx() function from
the public API.

6 years agoUse the semantic patch to change the usage isc_mem_create() to new API
Ondřej Surý [Thu, 5 Sep 2019 16:40:57 +0000 (18:40 +0200)] 
Use the semantic patch to change the usage isc_mem_create() to new API

6 years agoAdd a semantic patch to make refactor the isc_mem_create()
Ondřej Surý [Thu, 5 Sep 2019 16:35:03 +0000 (18:35 +0200)] 
Add a semantic patch to make refactor the isc_mem_create()

6 years agoSimplify isc_mem_create() to always use defaults and never fail
Ondřej Surý [Thu, 5 Sep 2019 16:40:57 +0000 (18:40 +0200)] 
Simplify isc_mem_create() to always use defaults and never fail

Previously, the isc_mem_create() and isc_mem_createx() functions took `max_size`
and `target_size` as first two arguments.  Those values were never used in the
BIND 9 code.  The refactoring removes those arguments and let BIND 9 always use
the default values.

Previously, the isc_mem_create() and isc_mem_createx() functions could have
failed because of failed memory allocation.  As this was no longer true and the
functions have always returned ISC_R_SUCCESS, the have been refactored to return
void.

6 years agoMerge branch 'prep-release' v9.15.4
Tinderbox User [Mon, 9 Sep 2019 14:52:45 +0000 (14:52 +0000)] 
Merge branch 'prep-release'

6 years agoprep for 9.15.4
Tinderbox User [Mon, 9 Sep 2019 13:13:39 +0000 (13:13 +0000)] 
prep for 9.15.4

6 years agoprep for 9.15.4
Tinderbox User [Mon, 9 Sep 2019 13:02:15 +0000 (13:02 +0000)] 
prep for 9.15.4

6 years agoprep for 9.15.4
Tinderbox User [Mon, 9 Sep 2019 12:50:38 +0000 (12:50 +0000)] 
prep for 9.15.4

6 years agoprep for 9.15.4
Tinderbox User [Mon, 9 Sep 2019 12:34:47 +0000 (12:34 +0000)] 
prep for 9.15.4

6 years agoMerge branch 'marka-placeholder' into 'master'
Mark Andrews [Mon, 9 Sep 2019 06:50:07 +0000 (02:50 -0400)] 
Merge branch 'marka-placeholder' into 'master'

placeholder

See merge request isc-projects/bind9!2322

6 years agoplaceholder
Mark Andrews [Mon, 9 Sep 2019 06:41:40 +0000 (16:41 +1000)] 
placeholder

6 years agoMerge branch 'marka-fix-insist' into 'master'
Mark Andrews [Fri, 6 Sep 2019 06:42:19 +0000 (02:42 -0400)] 
Merge branch 'marka-fix-insist' into 'master'

Address "Value stored to 'dscpcount' is never read"

See merge request isc-projects/bind9!2317

6 years agoalso insist that keycount == dscpcount
Mark Andrews [Fri, 6 Sep 2019 01:32:32 +0000 (11:32 +1000)] 
also insist that keycount == dscpcount

6 years agoMerge branch 'marka-add-missing-check' into 'master'
Mark Andrews [Fri, 6 Sep 2019 06:24:55 +0000 (02:24 -0400)] 
Merge branch 'marka-add-missing-check' into 'master'

Address "Value stored to 'result' is never read" mdig.c

See merge request isc-projects/bind9!2318

6 years agocheck the result from dns_message_headertotext
Mark Andrews [Fri, 6 Sep 2019 01:38:39 +0000 (11:38 +1000)] 
check the result from dns_message_headertotext