Michał Kępień [Sat, 25 Oct 2025 06:00:41 +0000 (08:00 +0200)]
chg: test: Properly process JSON and XML in tests
Processing JSON and XML using `grep` and `sed` is error-prone, overly
lax in some ways, overly strict in others, and neither accurate nor
expressive. Use `jq` and `xmllint` with XPath expressions to make
things right in system tests.
See #3304
Merge branch '3304-properly-process-json-and-xml-in-tests' into 'main'
Michał Kępień [Sat, 25 Oct 2025 05:37:48 +0000 (07:37 +0200)]
Remove unused Perl scripts
The traffic-json.pl and traffic-xml.pl scripts that were used in the
"statschannel" system test in the past became dead code when commit 1202fd912a1baa9c299f17caf4494bc21234da85 rewrote parts of that test to
Python. Remove those scripts.
Michał Kępień [Sat, 25 Oct 2025 05:37:48 +0000 (07:37 +0200)]
Remove unused xmllint-html.sh script
There are no longer any HTML files in the BIND 9 source repository.
Remove the xmllint-html.sh script that was used in the past to check
those for errors.
Michał Kępień [Sat, 25 Oct 2025 05:37:48 +0000 (07:37 +0200)]
Use xmllint in system tests inspecting XML data
Inspecting XML data using sed and grep is error-prone, overly lax in
some ways, overly strict in others, and neither accurate nor expressive.
Use xmllint and XPath expressions for inspecting XML data in the
"statistics", "statschannel", and "synthfromdnssec" system tests to
address these deficiencies.
Michał Kępień [Sat, 25 Oct 2025 05:37:48 +0000 (07:37 +0200)]
Detect xmllint at build time
Detect whether and where the xmllint utility is available at build time,
so that it can be used in system tests. If the tool is not found,
specific checks employing it will be skipped.
Michał Kępień [Sat, 25 Oct 2025 05:37:48 +0000 (07:37 +0200)]
Use jq in system tests inspecting JSON data
Inspecting JSON data using grep is error-prone, overly lax in some ways,
overly strict in others, and neither accurate nor expressive. Use jq
for inspecting JSON data in the "statschannel" and "synthfromdnssec"
system tests to address these deficiencies.
Michał Kępień [Sat, 25 Oct 2025 05:37:48 +0000 (07:37 +0200)]
Detect jq at build time
Detect whether and where the jq utility is available at build time, so
that it can be used in system tests. If the tool is not found, specific
checks employing it will be skipped.
Ondřej Surý [Fri, 24 Oct 2025 20:20:51 +0000 (22:20 +0200)]
chg: dev: Fix assertion failure from arc4random_uniform with invalid limit
When the arc4random_uniform() is called on NetBSD with upper_bound that
makes no sense statistically (0 or 1), the call crashes the calling
program. Fix this by returning 0 when upper bound is < 2 as does Linux,
FreeBSD and NetBSD. (Hint: System CSPRNG should never crash.)
Closes #5596
Merge branch '5596-fix-isc_random_uniform-on-NetBSD' into 'main'
Ondřej Surý [Fri, 24 Oct 2025 08:34:33 +0000 (11:34 +0300)]
Fix assertion failure from arc4random_uniform with invalid limit
When the arc4random_uniform() is called on NetBSD with upper_bound that
makes no sense statistically (0 or 1), the call crashes the calling
program. Fix this by returning 0 when upper bound is < 2 as does Linux,
FreeBSD and NetBSD. (Hint: System CSPRNG should never crash.)
Aydın Mercan [Thu, 18 Sep 2025 11:07:08 +0000 (13:07 +0200)]
bump the minimum meson version to 1.3.0
After a couple releases, it appears that the minimum version can be
increased without much trouble.
Because meson only requires python 3.7 or greater, most supported
distributions can run a newer meson without having to deal with
additional dependencies or a new python version.
Aydın Mercan [Fri, 3 Oct 2025 12:37:01 +0000 (15:37 +0300)]
fix fuzzing
The fuzzing binary builds have been fixed and now is run as a part of
the test suite for sanity checks.
The `oss-fuzz` backend has been made functional with the addition of the
`oss-fuzz-args` option. It allows the setup script to pass the
LIB_FUZZING_ENGINE environment variable to meson.
Petr Špaček [Thu, 25 Sep 2025 12:24:45 +0000 (14:24 +0200)]
Apply special git tag rules only in the private project
We do not want to re-release tags we create in the private project
anyway. Moreover pushing tags back into the public project after release
caused to Gitlab to create tag pipelines which never finished, which was
only confusing thing.
Evan Hunt [Thu, 23 Oct 2025 20:43:07 +0000 (20:43 +0000)]
chg: dev: Refactoring in lib/isccfg
`cfg_obj_t` objects no longer depend on the `cfg_parser_t` life-cycle; they can now persist until the last reference is detached. The `file` field, which was previously a pointer to memory allocated in the parser, is now a pointer to a subsidiary `cfg_obj_t` of type string. The API calls for creating and detaching these objects have been simplified accordingly.
Since `cfg_obj_t` is now long-lived, a zone can hold a reference to its own configuration data, making it possible to use `rndc showzone` even if `allow-new-zones` is disabled.
Several API calls related to the parser have been removed or hidden. The `cfg_parse_file()` and `cfg_parse_buffer()` functions now internally create and destroy their own parsers, eliminating the need for the caller to do so.
Most of these changes are intended to simplify dumping of running configuration data in a future commit.
Evan Hunt [Thu, 23 Oct 2025 18:44:15 +0000 (11:44 -0700)]
restore the former change_directory logging
change_directory() now lives in libisccfg. when it was moved,
the logging behavior changed: previously it had been logged
by named only, in the general logging category, and without the
named.conf filename and line number. it was not logged by
named-checkconf. this behavior has now been restored.
Colin Vidal [Thu, 23 Oct 2025 08:54:32 +0000 (10:54 +0200)]
test rndc showzone works for named.conf zones
Since the zone now has a reference to their respective configuration
tree, `rndc showzone` can be used for any zones (including those
defined in namedconf), without `allow-new-zones` being enabled.
Add a test for this.
The test is part of the addzone suite because showzone used to be
related to addzone, but this could be moved elsewhere in the future
if more specific tests are needed for showzone.
Colin Vidal [Thu, 23 Oct 2025 08:12:38 +0000 (10:12 +0200)]
ensure parser/cfg_obj log includes the line number
Since the `file` property of cfg_obj_t can now be null (instead of
"none"), cfg_obj_t would take a fallback flow where the line was not
logged. This fixes it.
Also, add the log line when parser_complain is called and `file` is null
(which might happend when parsing buffer only) to also include the line
number.
Evan Hunt [Wed, 22 Oct 2025 21:51:15 +0000 (14:51 -0700)]
simplify and regularize cfg_* functions
- several functions that can no longer fail have been changed to
type void, and unnecessary 'cleanup' sections were removed
- renamed cfg_create_obj() to cfg_obj_create(), and cfg_create_tuple()
to cfg_tuple_create(), to match typical nomenclature.
- fixed a memory leak bug, in which an element could be removed
from a list in delete_zoneconf() without being freed. this has
been addressed by adding a cfg_list_unlink() function.
list elements are now allocated based on the list they will
be stored in, using the same mctx.
Evan Hunt [Wed, 22 Oct 2025 17:41:05 +0000 (10:41 -0700)]
simplify cfg_parser API
- the cfg_parser_create() and cfg_parser_destroy() calls are no
longer used outside parser.c, so they are now static functions
- cfg_parser_attach(), cfg_parser_reset(), and cfg_parser_setflags()
are no longer used at all, and have been removed.
- cfg_parser_mapadd() has been renamed for clarity to cfg_map_add().
Colin Vidal [Wed, 22 Oct 2025 09:49:09 +0000 (11:49 +0200)]
cfg_parse_ functions internally handle the parser
Instead of (1) allocating a parser, (2) parsing a file/buffer then (3)
freeing the parser, the parser is now internally created/destroyed from
within the `cfg_parse_*` functions. This simplifies a lot the use cases,
especially around the error cases where the parser needs to be freed in
a cleanup goto.
The only trick was the parser callback mechanism, which would previously
have been set up between steps 1 and 2. Since it's never been used for
any purpose other than the "directory" option, the chdir call has now
been moved inside the parser and the generic callback mechanism has been
removed, replacing CFG_CLAUSEFLAG_CALLBACK with CFG_CLAUSEFLAG_CHDIR.
Evan Hunt [Wed, 22 Oct 2025 05:56:27 +0000 (22:56 -0700)]
store the zone configuration object in the zone
when configuring a zone, we can now save the zone's configuration
object in the zone itself by calling dns_zone_setcfg(). this can
then be used by "rndc showzone" to print the zone's configuration,
which is simpler than searching for it using the new-zones
configuration, and allows it to work even if "allow-new-zones"
is disabled.
Colin Vidal [Tue, 21 Oct 2025 15:16:39 +0000 (17:16 +0200)]
remove all shared and global parsers
Remove all global cfg_parser objects as well as shared parsers between
views to dynamically add zones. Instead, parser are transirently created
whenever needed.
Colin Vidal [Tue, 21 Oct 2025 14:29:34 +0000 (16:29 +0200)]
remove global named defaults parser
Remove the global named defaults parser. Instead, a parser is created
during the execution time of named_config_parsedefaults(). This
simplifies the API (no parser to pass around) and the life-cycle of the
default configuration tree (it doesn't depends on a parser instance).
Colin Vidal [Tue, 21 Oct 2025 13:41:55 +0000 (15:41 +0200)]
remove parser context field from cfg_obj_t
cfg_obj_t doesn't store a pointer to its a parser context anymore,
and does not depend on the parser's lifecycle. Instead, it stores a
reference to its own memory context (and in principle, each node
could have different memory context). This also slightly simplifies
the _destroy API as there is no need to pass a context through it
anymore.
Colin Vidal [Tue, 21 Oct 2025 13:08:47 +0000 (15:08 +0200)]
cfg_obj_t file is now a refcounted string
In order to reduce the lifecycle dependency of a `cfg_obj_t` on its
parser, the `file` field needs its own reference count, so it isn't
deleted when the parser is. It is now stored as a subsidiary
`cfg_obj_t` object of type string.
Michal Nowak [Wed, 22 Oct 2025 11:27:45 +0000 (13:27 +0200)]
chg: ci: Fail when spatch can't process source code
Sometimes spatch fails to process the source code:
EXN: Failure("replacement: node 80: {7[1,2,30,31,32] in isc__nm_base64_to_base64url reachable by inconsistent control-flow paths") in ./lib/isc/netmgr/http.c
Closes #5567
Merge branch '5567-spatch-detect-more-error-conditions' into 'main'
Michal Nowak [Mon, 20 Oct 2025 15:36:36 +0000 (17:36 +0200)]
Fail when spatch can't process source code
Sometimes spatch fails to process the source code:
EXN: Failure("replacement: node 80: {7[1,2,30,31,32] in isc__nm_base64_to_base64url reachable by inconsistent control-flow paths") in ./lib/isc/netmgr/http.c
Colin Vidal [Wed, 22 Oct 2025 07:16:52 +0000 (09:16 +0200)]
new: dev: run individual spatch form check-cocci.sh
Add util/check-cocci.sh support for a command-line argument which is a
path to a spatch file. Running `util/check-cocci.sh` runs all the spatch
in `cocci` folder. Running `util/check-cocci.sh cocci/foo.spatch` only
run the spatch `cocci/foo.spatch`.
Any command line parameters after `--` are forwarded to `spatch`
command, for instance:
Colin Vidal [Tue, 14 Oct 2025 12:01:42 +0000 (14:01 +0200)]
run individual spatch form check-cocci.sh
Add util/check-cocci.sh support for a command-line argument which is a
path to a spatch file. Running `util/check-cocci.sh` runs all the spatch
in `cocci` folder. Running `util/check-cocci.sh cocci/foo.spatch` only
run the spatch `cocci/foo.spatch`.
Any command line parameters after `--` are forwarded to `spatch`
command, for instance:
The :iscman:`dnssec-keygen` utility program failed to detect
possible Key ID collisions with the existing keys generated
using the non-default ``-T KEY`` option (e.g. for ``SIG(0)``).
This has been fixed.
Closes #5506
Merge branch '5506-dnssec-keygen-sig0-keys-collision-fix' into 'main'
Aram Sargsyan [Thu, 2 Oct 2025 12:52:12 +0000 (12:52 +0000)]
Fix dnssec-keygen key collision checking for KEY rrtype keys
When generating a new key, dnssec-keygen checks for possible
key ID collisions with existing keys. The dnssec.c:findmatchingkeys()
function, which is supposed to get the list of the existing keys,
fails to do that for the existing KEY rrtype keys (i.e. generated
using 'dnssec-keygen -T KEY') because it doesn't pass down to the
dst_key_fromnamedfile() -> dst_key_read_public() functions the type
of the keys it's interested in. Fix the issue by introducing a new
function parameter which tells in which type of keys the caller is
currently interested in.
Nicki Křížek [Tue, 21 Oct 2025 14:04:30 +0000 (16:04 +0200)]
new: test: Add module-specific python setup to system tests
During the system test execution, allow use of module-specific setup()
function in addition to the setup.sh script which this function should
ultimately replace.
The purpose of setup() is two-fold. First, it can execute any commands
needed to create the initial conditions for the test, such as creating
key materials, manipulating files etc. Second, it should return any
test-specific template values as a dictionary. Those will be used to
render the jinja2 templates.
Merge branch 'nicki/pytest-add-python-setup-func' into 'main'
Unify the names of autouse module-wide fixtures that perform
after_servers_start() setup. The consistent naming doesn't just help
readability, but also makes it simpler for the vulture exception (since
it doesn't properly deal with autouse fixtures).
Replace the autouse fixtures which were only used to change the initial
server configuration into proper bootstrap() functions. This gets rid of
an extraneous reconfigure.
In the tests_validation_many_anchors.py, split the fixture into a proper
bootstrap() and a separate test for checking the expected log lines for
the ignored keys. Previously, the test was broken - it should check for
all the messages being present in the log, and some of the keys are
actually initial-key rather than static-key. This has been fixed in the
parametrized test.
During the system test execution, allow use of module-specific
bootstrap() function in addition to the setup.sh script which this
function should ultimately replace.
The purpose of bootstrap() is two-fold. First, it can execute any
commands needed to create the initial conditions for the test, such as
creating key materials, manipulating files etc. Second, it should return
any test-specific template values as a dictionary. Those will be used to
render the jinja2 templates.
Evan Hunt [Tue, 21 Oct 2025 04:58:27 +0000 (04:58 +0000)]
fix: nil: simplify dns_dumpctx API
the functions dns_dumpctx_db() and dns_dumpctx_version() are used in
only one place, to get the serial number of the version being dumped.
it's simpler to expose the serial number through its own call,
dns_dumpctx_serial(), and remove the others.
the functions dns_dumpctx_db() and dns_dumpctx_version() are used in
only one place, to get the serial number of the version being dumped.
it's simpler to expose the serial number through its own call,
dns_dumpctx_serial(), and remove the others.
Colin Vidal [Sun, 19 Oct 2025 08:38:18 +0000 (10:38 +0200)]
chg: dev: mem: checkfree assertion after debug list dump
When a memory context is destroyed, if the `checkfree` property is set,
the program assert there is no remaining allocation. If there are and
assertions are enabled, the program immediately stops.
However, if memory trace/record debug is enabled, the dump of
outstanding allocation won't be printed as it is done after the
no remaining allocation assertion check.
This moves the no remaining allocation assertion check after the dump of
outstanding allocations, so it is still possible to figure out what's
still allocated by this memory context.
Merge branch 'colin/mem-checkfree-check-after-debuglist' into 'main'
Colin Vidal [Sat, 18 Oct 2025 15:44:27 +0000 (17:44 +0200)]
check memory context validity before mem_destory
Add a magic number check to ensure the memory context validity before
destorying it.
This check is needed now as it was done before implicitly when
isc_mem_inuse was called, but isc_mem_inuse is now called later (to be
able to dump the outstanding allocations).
Colin Vidal [Fri, 17 Oct 2025 08:54:09 +0000 (10:54 +0200)]
mem: checkfree assertion after debug list dump
When a memory context is destroyed, if the `checkfree` property is set,
the program assert there is no remaining allocation. If there are and
assertions are enabled, the program immediately stops.
However, if memory trace/record debug is enabled, the dump of
outstanding allocation won't be printed as it is done after the
no remaining allocation assertion check.
This moves the no remaining allocation assertion check after the dump of
outstanding allocations, so it is still possible to figure out what's
still allocated by this memory context.
Nicki Křížek [Mon, 6 Oct 2025 15:45:07 +0000 (17:45 +0200)]
Remove reuse annotations for unused m4 libtool files
The files in question are no longer included in the git tree and
distributed with the code. Remove the reuse annotations as they caused
issues with reuse 6.0.0, as multiline annotation for
SPDX-FileCopyrightText breaks the parsing.
Michał Kępień [Sat, 18 Oct 2025 07:39:35 +0000 (09:39 +0200)]
fix: usr: Fix the assertion failure in the selfsigned DNSKEY handling
The selfsigned_dnskey() function can now return all the return codes
that dns_dnssec_keyfromrdata() can return and this would cause an
assertion failure as we were not expecting new isc_result_t codes.
Closes isc-projects/bind9#5343
Merge branch 'ondrej/security-fix-crash-in-selfsigned-key-handling' into 'v9.21.14-release'
Evan Hunt [Fri, 17 Oct 2025 20:36:32 +0000 (20:36 +0000)]
fix: usr: Report when a zone reload is already in progress
If a zone reload was already in progress when `rndc reload <zone>` was
run, the message returned was "zone reload queued", which was technically
correct, but it was identical to the message returned when a reload
was not in progress. Consequently, a user could issue two reload commands
without realizing that only one reload had actually taken place. This has
been addressed by changing the message returned to "zone reload was already queued".
Closes #5140
Merge branch '5140-report-reload-in-progress' into 'main'
Evan Hunt [Wed, 13 Aug 2025 20:15:23 +0000 (13:15 -0700)]
report when zone reload already in progress
if a zone reload is already in progress when 'rndc reload <zone>' is
run, currently the message returned in "zone reload queued", which
is correct, but it's identical to the message returned when a reload
was *not* in progress, so the user can't easily tell what happened.
a user could reload a zone twice and not realize that only one
reload actually took place.
this has been addressed by changing the message returned to
"zone reload was already queued".
a new result code ISC_R_LOADING has been added to signal this
condition, taking the place of ISC_R_RELOAD, which was obsolete
and has been removed.
Colin Vidal [Fri, 17 Oct 2025 20:08:54 +0000 (22:08 +0200)]
fix: test: fix random failure on synthrecord system test
One of the synthrecord system tests uses a test function to generate an expected name based on some randomly generated IPv6 (using Hypothesis). Turns out the test function generating the name didn't handle the case where the label which encodes the IPv6 could have a leading or trailing '-' character. (The plugin needs to add a leading or trailing 0 so as not to break IDN compatibility.)
Merge branch 'colin/fix-synthrecord-v6test' into 'main'
Colin Vidal [Fri, 10 Oct 2025 07:35:05 +0000 (09:35 +0200)]
fix random failure on synthrecord system test
One of the synthrecord system tests uses a test function to generate an
expected name based on some randomly generated IPv6 (using Hypothesis).
Turns out the test function generating the name didn't handle the case
where the label which encodes the IPv6 could have a leading or trailing
'-' character. (The plugin needs to add a leading or trailing 0 so as
not to break IDN compatibility.)
Ondřej Surý [Mon, 13 Oct 2025 12:10:06 +0000 (14:10 +0200)]
Fix the assertion failure in the selfsigned DNSKEY handling
The selfsigned_dnskey() function can now return all the return codes
that dns_dnssec_keyfromrdata() can return and this would cause an
assertion failure as we were not expecting new isc_result_t codes.
Evan Hunt [Thu, 16 Oct 2025 05:42:15 +0000 (05:42 +0000)]
fix: dev: Ensure correct result from check_signer()
It was possible for the result to be overwritten after a validation failure, causing `check_signer()` to return success when it should have returned an error.
Closes #5575
Merge branch '5575-ensure-correct-result-from-check_signer' into 'main'
Evan Hunt [Wed, 15 Oct 2025 15:06:25 +0000 (08:06 -0700)]
Ensure correct result from check_signer()
It was possible for the result to be overwritten after a
validation failure, causing check_signer() to return success
when it should have returned an error.
Ondřej Surý [Thu, 16 Oct 2025 05:04:19 +0000 (07:04 +0200)]
doc: nil: Add a section about AI use in BIND 9 issue templates
Generally speaking, no AI generated slop is permitted. If AI has been
used to find an actual problem, the findings need to be verified by a
person, and the report should be written by the person. No copy and
paste is allowed. Anyone reporting the problem needs to be able to
verify the problem independently of the AI.
Ondřej Surý [Thu, 16 Oct 2025 04:58:12 +0000 (06:58 +0200)]
Add a section about AI use in BIND 9 issue templates
Generally speaking, no AI generated slop is permitted. If AI has been
used to find an actual problem, the findings need to be verified by a
person, and the report should be written by the person. No copy and
paste is allowed. Anyone reporting the problem needs to be able to
verify the problem independently of the AI.
projects / thirdparty / bind9.git / log
