]> git.ipfire.org Git - thirdparty/bind9.git/log
thirdparty/bind9.git
7 years agoremove dependancy on libxml
Mark Andrews [Wed, 6 Mar 2019 23:09:33 +0000 (10:09 +1100)] 
remove dependancy on libxml

7 years agoMerge branch '882-zone-data-cannot-be-loaded-with-dnssec-coverage' into 'master'
Evan Hunt [Wed, 6 Mar 2019 22:35:05 +0000 (17:35 -0500)] 
Merge branch '882-zone-data-cannot-be-loaded-with-dnssec-coverage' into 'master'

Resolve "Zone data cannot be loaded with dnssec-coverage"

Closes #882

See merge request isc-projects/bind9!1522

7 years agoadd CHANGES
Evan Hunt [Wed, 6 Mar 2019 22:22:58 +0000 (14:22 -0800)] 
add CHANGES

7 years agoexplicitly convert byte to string
Mark Andrews [Mon, 18 Feb 2019 05:36:59 +0000 (16:36 +1100)] 
explicitly convert byte to string

7 years agoMerge branch 'u/fanf2/man-dnssec-keygen' into 'master'
Evan Hunt [Wed, 6 Mar 2019 22:13:38 +0000 (17:13 -0500)] 
Merge branch 'u/fanf2/man-dnssec-keygen' into 'master'

cleanup dnssec-keygen manual page

See merge request isc-projects/bind9!1557

7 years agocleanup dnssec-keygen manual page
Tony Finch [Thu, 21 Feb 2019 18:54:16 +0000 (18:54 +0000)] 
cleanup dnssec-keygen manual page

Alphabetize options and synopsis; remove spurious -z from synopsis;
remove remnants of deprecated -k option; remove mention of long-gone
TSIG support; refer to -T KEY in options that are only relevant to
pre-RFC3755 DNSSEC; remove unnecessary -n ZONE from the example, and
add a -f KSK example.

7 years agoMerge branch '874-fix-race-in-socket-code' into 'master'
Evan Hunt [Wed, 6 Mar 2019 21:19:10 +0000 (16:19 -0500)] 
Merge branch '874-fix-race-in-socket-code' into 'master'

Fix a race in socket code

Closes #874

See merge request isc-projects/bind9!1590

7 years agoCHANGES
Evan Hunt [Wed, 6 Mar 2019 01:55:57 +0000 (17:55 -0800)] 
CHANGES

7 years agoFix a race in socket code when internal_{accept, send, receive} is called
Witold Kręcicki [Fri, 15 Feb 2019 10:28:58 +0000 (11:28 +0100)] 
Fix a race in socket code when internal_{accept, send, receive} is called
from event loop on an socket and, in the meantime, someone has closed this
socket.

7 years agoMerge branch 'michal/log-plugin-unloading-at-debug-level' into 'master'
Evan Hunt [Wed, 6 Mar 2019 20:30:40 +0000 (15:30 -0500)] 
Merge branch 'michal/log-plugin-unloading-at-debug-level' into 'master'

Log plugin unloading at debug level

See merge request isc-projects/bind9!1608

7 years agoLog plugin unloading at debug level
Michał Kępień [Wed, 6 Mar 2019 07:31:07 +0000 (08:31 +0100)] 
Log plugin unloading at debug level

During server reconfiguration, plugin instances set up for the old views
are unloaded very close to the end of the whole process, after new
plugin instances are set up.  As the log message announcing plugin
unloading is emitted at the default "info" level, the user might be
misled into thinking that it is the new plugin instances that are being
unloaded for some reason, particularly because all other messages logged
at the "info" level around the same time inform about setting things up
rather than tearing them down.  Since no distinction is currently made
between destroying a view due to reconfiguration and due to a shutdown
in progress, there is no easy way to vary the contents of the log
message depending on circumstances.  Since this message is not a
particularly critical one, demote it to debug level to prevent
confusion.

7 years agoMerge branch '905-make-nsupdate-use-os-supplied-ephemeral-port-range' into 'master'
Michał Kępień [Wed, 6 Mar 2019 13:27:39 +0000 (08:27 -0500)] 
Merge branch '905-make-nsupdate-use-os-supplied-ephemeral-port-range' into 'master'

Make nsupdate use OS-supplied ephemeral port range

Closes #905

See merge request isc-projects/bind9!1569

7 years agoAdd CHANGES entry
Michał Kępień [Wed, 6 Mar 2019 13:01:24 +0000 (14:01 +0100)] 
Add CHANGES entry

5172. [bug] nsupdate now honors the operating system's preferred
ephemeral port range. [GL #905]

7 years agoMake nsupdate use OS-supplied ephemeral port range
Michał Kępień [Wed, 6 Mar 2019 13:01:24 +0000 (14:01 +0100)] 
Make nsupdate use OS-supplied ephemeral port range

Make nsupdate honor the operating system's preferred ephemeral port
range instead of always using the default 1024-65535 range for outgoing
messages.

7 years agoMerge branch '878-install-named-plugins-into-a-separate-directory' into 'master'
Evan Hunt [Wed, 6 Mar 2019 00:44:49 +0000 (19:44 -0500)] 
Merge branch '878-install-named-plugins-into-a-separate-directory' into 'master'

Install named plugins into a separate directory

Closes #878

See merge request isc-projects/bind9!1512

7 years agoAdd CHANGES entry
Michał Kępień [Tue, 12 Feb 2019 14:59:54 +0000 (15:59 +0100)] 
Add CHANGES entry

5161. [func] named plugins are now installed into a separate
directory.  Supplying a filename (a string without path
separators) in a "plugin" configuration stanza now
causes named to look for that plugin in that directory.
[GL #878]

7 years agoAdd -c to usage message for named-checkconf
Michał Kępień [Tue, 12 Feb 2019 14:59:54 +0000 (15:59 +0100)] 
Add -c to usage message for named-checkconf

Add the -c command line option to the usage message for named-checkconf
as it is not present there despite being documented.

7 years agoLook for named plugins in ${libdir}/named
Michał Kępień [Tue, 12 Feb 2019 14:59:54 +0000 (15:59 +0100)] 
Look for named plugins in ${libdir}/named

When the "library" part of a "plugin" configuration stanza does not
contain at least one path separator, treat it as a filename and assume
it is a name of a shared object present in the named plugin installation
directory.  Absolute and relative paths can still be used and will be
used verbatim.  Get the full path to a plugin before attempting to
check/register it so that all relevant log messages include the same
plugin path (apart from the one logged when the full path cannot be
determined).

7 years agoAdd ns_plugin_expandpath()
Michał Kępień [Tue, 12 Feb 2019 14:59:54 +0000 (15:59 +0100)] 
Add ns_plugin_expandpath()

Implement a helper function which, given an input string:

  - copies it verbatim if it contains at least one path separator,
  - prepends the named plugin installation directory to it otherwise.

This function will allow configuration parsing code to conveniently
determine the full path to a plugin module given either a path or a
filename.

While other, simpler ways exist for making sure filenames passed to
dlopen() cause the latter to look for shared objects in a specific
directory, they are very platform-specific.  Using full paths is thus
likely the most portable and reliable solution.

Also added unit tests for ns_plugin_expandpath() to ensure it behaves
as expected for absolute paths, relative paths, and filenames, for
various target buffer sizes.

(Note: plugins share a directory with named on Windows; there is no
default plugin path. Therefore the source path is copied to the
destination path with no modification.)

7 years agoInstall named plugins into a separate directory
Michał Kępień [Tue, 12 Feb 2019 14:59:54 +0000 (15:59 +0100)] 
Install named plugins into a separate directory

Installing named plugins into ${libdir} clutters the latter and is not
in line with common filesystem conventions.  Instead, install named
plugins into a separate directory, ${libdir}/named.

7 years agoMerge branch '909-add-explicit-link-check-for-libatomic' into 'master'
Evan Hunt [Tue, 5 Mar 2019 23:17:26 +0000 (18:17 -0500)] 
Merge branch '909-add-explicit-link-check-for-libatomic' into 'master'

Add explicit check for libatomic to fix configure step on NetBSD

Closes #909

See merge request isc-projects/bind9!1586

7 years agoAdd information about NetBSD 6 compilation on i386
Ondřej Surý [Fri, 1 Mar 2019 14:19:22 +0000 (15:19 +0100)] 
Add information about NetBSD 6 compilation on i386

7 years agoAdd explicit check for libatomic
Ondřej Surý [Fri, 1 Mar 2019 09:10:17 +0000 (10:10 +0100)] 
Add explicit check for libatomic

7 years agoMerge branch '884-patches-to-review-4' into 'master'
Evan Hunt [Tue, 5 Mar 2019 22:18:47 +0000 (17:18 -0500)] 
Merge branch '884-patches-to-review-4' into 'master'

dlz filesystem driver failed to properly detect period at end of filename.

Closes #884

See merge request isc-projects/bind9!1533

7 years agoproperly detect period as last character in filename
Mark Andrews [Mon, 18 Feb 2019 01:40:11 +0000 (12:40 +1100)] 
properly detect period as last character in filename

7 years agoMerge branch 'michal/disable-servfail-cache-for-ns5-in-the-mkeys-system-test' into...
Evan Hunt [Tue, 5 Mar 2019 21:23:59 +0000 (16:23 -0500)] 
Merge branch 'michal/disable-servfail-cache-for-ns5-in-the-mkeys-system-test' into 'master'

Disable SERVFAIL cache for ns5 in the "mkeys" system test

See merge request isc-projects/bind9!1585

7 years agoDisable SERVFAIL cache for ns5 in the "mkeys" system test
Michał Kępień [Fri, 1 Mar 2019 06:57:45 +0000 (07:57 +0100)] 
Disable SERVFAIL cache for ns5 in the "mkeys" system test

The "check key refreshes are resumed after root servers become
available" check may trigger a false positive for the "mkeys" system
test if the second example/TXT query sent by dig is received by ns5 less
than a second after it receives a REFUSED response to the upstream query
it sends to ns1 in order to resolve the first example/TXT query sent by
dig.  Since that REFUSED response from ns1 causes ns5 to return a
SERVFAIL answer to dig, example/TXT is added to the SERVFAIL cache,
which is enabled by default with a TTL of 1 second.  This in turn may
cause ns5 to return a cached SERVFAIL response to the second example/TXT
query sent by dig, i.e. make ns5 not perform full query processing as
expected by the check.

Since the primary purpose of the check in question is to ensure that key
refreshes are resumed once initially unavailable root servers become
available, the optimal solution appears to be disabling SERVFAIL cache
for ns5 as doing that still allows the check to fulfill its purpose and
it is arguably more prudent than always sleeping for 1 second.

7 years agoMerge branch '889-improve-clang-cmocka-interaction' into 'master'
Evan Hunt [Tue, 5 Mar 2019 18:34:30 +0000 (13:34 -0500)] 
Merge branch '889-improve-clang-cmocka-interaction' into 'master'

Resolve "Improve clang/cmocka interaction."

Closes #889

See merge request isc-projects/bind9!1542

7 years agoimprove clang / cmocka integration
Mark Andrews [Wed, 20 Feb 2019 00:13:17 +0000 (11:13 +1100)] 
improve clang / cmocka integration

7 years agoMerge branch '919-add-win32util-configure-file-list-check-to-ci' into 'master'
Mark Andrews [Tue, 5 Mar 2019 06:28:46 +0000 (01:28 -0500)] 
Merge branch '919-add-win32util-configure-file-list-check-to-ci' into 'master'

Resolve "Add win32util/Configure file list check to CI"

Closes #919

See merge request isc-projects/bind9!1594

7 years agoremove '..\\bin\\tests\\system\\dlz\\prereq.sh' from win32util/Configure
Mark Andrews [Tue, 5 Mar 2019 03:09:49 +0000 (14:09 +1100)] 
remove '..\\bin\\tests\\system\\dlz\\prereq.sh' from win32util/Configure

7 years agoadd util/check-win32util-configure to precheck
Mark Andrews [Tue, 5 Mar 2019 02:46:29 +0000 (13:46 +1100)] 
add util/check-win32util-configure to precheck

7 years agoMerge branch 'matthijs/more-clean.sh-related-cleanups' into 'master'
Matthijs Mekking [Mon, 4 Mar 2019 15:54:16 +0000 (10:54 -0500)] 
Merge branch 'matthijs/more-clean.sh-related-cleanups' into 'master'

More clean.sh-related cleanups

See merge request isc-projects/bind9!1579

7 years agoEnsure all system tests run clean.sh from setup.sh
Matthijs Mekking [Wed, 27 Feb 2019 15:24:03 +0000 (16:24 +0100)] 
Ensure all system tests run clean.sh from setup.sh

For consistency between all system tests, add missing setup.sh scripts
for tests which do not have one yet and ensure every setup.sh script
calls its respective clean.sh script.

7 years agoOnly perform test cleanups in clean.sh scripts
Matthijs Mekking [Wed, 27 Feb 2019 14:21:04 +0000 (15:21 +0100)] 
Only perform test cleanups in clean.sh scripts

Temporary files created by a given system test should be removed by its
clean.sh script, not its setup.sh script.  Remove redundant "rm"
invocations from setup.sh scripts.  Move required "rm" invocations from
setup.sh scripts to their corresponding clean.sh scripts.

7 years agoMerge branch 'feature/featuretest-dlz' into 'master'
Mark Andrews [Mon, 4 Mar 2019 03:04:37 +0000 (22:04 -0500)] 
Merge branch 'feature/featuretest-dlz' into 'master'

Test dlz support in feature-test

See merge request isc-projects/bind9!1587

7 years agoadd CHANGES
Mark Andrews [Mon, 4 Mar 2019 03:03:23 +0000 (14:03 +1100)] 
add CHANGES

7 years agorun autoheader and autoconf
Mark Andrews [Sun, 3 Mar 2019 22:37:42 +0000 (09:37 +1100)] 
run autoheader and autoconf

7 years agoSupport DLZ filesystem detection in feature-test
Petr Menšík [Wed, 30 Jan 2019 14:12:54 +0000 (15:12 +0100)] 
Support DLZ filesystem detection in feature-test

Do not use variable from configure to detect the feature.

7 years agoMerge branch 'michal/fix-ip-regex-used-in-the-resolver-system-test' into 'master'
Michał Kępień [Fri, 1 Mar 2019 06:55:42 +0000 (01:55 -0500)] 
Merge branch 'michal/fix-ip-regex-used-in-the-resolver-system-test' into 'master'

Fix IP regex used in the "resolver" system test

See merge request isc-projects/bind9!1568

7 years agoFix IP regex used in the "resolver" system test
Michał Kępień [Tue, 26 Feb 2019 11:33:19 +0000 (12:33 +0100)] 
Fix IP regex used in the "resolver" system test

If dots are not escaped in the "1.2.3.4" regular expressions used for
checking whether IP address 1.2.3.4 is present in the tested resolver's
answers, a COOKIE that matches such a regular expression will trigger a
false positive for the "resolver" system test.  Properly escape dots in
the aforementioned regular expressions to prevent that from happening.

7 years agoMerge branch '901-empty-any' into 'master'
Evan Hunt [Fri, 1 Mar 2019 00:05:44 +0000 (19:05 -0500)] 
Merge branch '901-empty-any' into 'master'

handle empty ANY query responses

Closes #901

See merge request isc-projects/bind9!1580

7 years agoCHANGES, release notes
Evan Hunt [Thu, 28 Feb 2019 22:06:23 +0000 (14:06 -0800)] 
CHANGES, release notes

7 years agotest correct occlusion of DNSSEC records
Evan Hunt [Thu, 28 Feb 2019 22:28:26 +0000 (14:28 -0800)] 
test correct occlusion of DNSSEC records

7 years agofix crash in query_respond_any() from all records being hidden
Evan Hunt [Mon, 25 Feb 2019 20:55:27 +0000 (12:55 -0800)] 
fix crash in query_respond_any() from all records being hidden

in query_respond_any(), the assumption had previously been made that it
was impossible to get past iterating the node with a return value of
ISC_R_NOMORE but not have found any records, unless we were searching
for RRSIG or SIG. however, it is possible for other types to exist but
be hidden, such as when the zone is transitioning from insecure to
secure and DNSSEC types are encountered, and this situation could
trigger an assertion.  removed the assertion and reorganized the code.

7 years agoMerge branch 'michal/do-not-include-conf.sh-from-ttl-clean.sh' into 'master'
Michał Kępień [Thu, 28 Feb 2019 12:42:42 +0000 (07:42 -0500)] 
Merge branch 'michal/do-not-include-conf.sh-from-ttl-clean.sh' into 'master'

Do not include conf.sh from ttl/clean.sh

See merge request isc-projects/bind9!1564

7 years agoDo not include conf.sh from ttl/clean.sh
Michał Kępień [Thu, 28 Feb 2019 12:15:13 +0000 (13:15 +0100)] 
Do not include conf.sh from ttl/clean.sh

Including $SYSTEMTESTTOP/conf.sh from a system test's clean.sh script is
not needed for anything while it causes an error message to be printed
out when "./configure" is run, as "make clean" is invoked at the end.
Remove the offending line to prevent the error from occurring.

7 years agoMerge branch 'michal/call-clean.sh-from-all-relevant-setup.sh-scripts' into 'master'
Michał Kępień [Thu, 28 Feb 2019 12:11:00 +0000 (07:11 -0500)] 
Merge branch 'michal/call-clean.sh-from-all-relevant-setup.sh-scripts' into 'master'

Call clean.sh from all relevant setup.sh scripts

See merge request isc-projects/bind9!1565

7 years agoCall clean.sh from all relevant setup.sh scripts
Michał Kępień [Thu, 28 Feb 2019 11:33:07 +0000 (12:33 +0100)] 
Call clean.sh from all relevant setup.sh scripts

For all system tests utilizing named instances, call clean.sh from each
test's setup.sh script in a consistent way to make sure running the same
system test multiple times using run.sh does not trigger false positives
caused by stale files created by previous runs.

Ideally we would just call clean.sh from run.sh, but that would break
some quirky system tests like "rpz" or "rpzrecurse" and being consistent
for the time being does not hurt.

7 years agoMerge branch '813-matthijs-failure-loading-rpz' into 'master' 1570/head
Matthijs Mekking [Fri, 22 Feb 2019 14:05:46 +0000 (09:05 -0500)] 
Merge branch '813-matthijs-failure-loading-rpz' into 'master'

Resolve "Problems after failure of loading rpz [ISC-support #14002]"

Closes #813

See merge request isc-projects/bind9!1507

7 years agoUpdate CHANGES
Matthijs Mekking [Mon, 11 Feb 2019 16:30:04 +0000 (17:30 +0100)] 
Update CHANGES

7 years agoUnregister RPZ CATZ db cbs when zone load fails
Matthijs Mekking [Mon, 11 Feb 2019 16:25:34 +0000 (17:25 +0100)] 
Unregister RPZ CATZ db cbs when zone load fails

In case when a zone fails to load because the file does not exist
or is malformed, we should not run the callback that updates the
zone database when the load is done.  This is achieved by
unregistering the callbacks if at zone load end if the result
indicates something else than success.

7 years agoUpdate copyrights
Matthijs Mekking [Mon, 11 Feb 2019 09:55:50 +0000 (10:55 +0100)] 
Update copyrights

7 years agoAdd test for rpz zone load fail
Matthijs Mekking [Fri, 8 Feb 2019 16:13:52 +0000 (17:13 +0100)] 
Add test for rpz zone load fail

7 years agoRemove rpz->db_registered
Matthijs Mekking [Fri, 8 Feb 2019 15:20:47 +0000 (16:20 +0100)] 
Remove rpz->db_registered

As pointed out in !813 db_registered is sort of redundant.  It is
set to `true` only in `dns_zone_rpz_enable_db()` right before the
`dns_rpz_dbupdate_callback()` callback is registered.  It is only
required in that callback and it is the only place that the callback
is registered.  Therefore there is no path that that `REQUIRE` can
fail.

The `db_registered` variable is only set to `false` in
`dns_rpz_new_zone`, so it is not like the variable is unset again
later.

The only other place where `db_registered` is checked is in
`rpz_detach()`.  If `true`, it will call
`dns_db_updatenotify_unregister()`.  However if that happens, the
`db_registered` is not set back to `false` thus this implies that
this may happen multiple times.  If called a second time, most
likely the unregister function will return `ISC_R_NOTFOUND`, but
the return value is not checked anyway.  So it can do without the
`db_registered` check.

7 years agoAdd curly brackets on if statements
Matthijs Mekking [Fri, 8 Feb 2019 14:28:49 +0000 (15:28 +0100)] 
Add curly brackets on if statements

7 years agonamed crashes on shutdown after load rpz failed
Matthijs Mekking [Thu, 7 Feb 2019 14:25:28 +0000 (15:25 +0100)] 
named crashes on shutdown after load rpz failed

This may happen when loading an RPZ failed and the code path skips
calling dns_db_endload().  The dns_rpz_zone_t object is still kept
marked as having registered db.  So when this object is finally
destroyed in rpz_detach(), this code will incorrectly call
`dns_db_updatenotify_unregister()`:

   if (rpz->db_registered)
     dns_db_updatenotify_unregister(rpz->db,
                                    dns_rpz_dbupdate_callback, rpz);

and trigger this assertion failure:

   REQUIRE(db != NULL);

To fix this, only call `dns_db_updatenotify_unregister()` when
`rpz->db` is not NULL.

7 years agoMake RPZ tests more readable
Matthijs Mekking [Wed, 6 Feb 2019 14:40:06 +0000 (15:40 +0100)] 
Make RPZ tests more readable

7 years agoAdd README to RPZ tests
Matthijs Mekking [Wed, 6 Feb 2019 14:36:21 +0000 (15:36 +0100)] 
Add README to RPZ tests

7 years agoMerge branch '892-fix-redirect-name' into 'master'
Mark Andrews [Fri, 22 Feb 2019 05:42:34 +0000 (00:42 -0500)] 
Merge branch '892-fix-redirect-name' into 'master'

use qname in redirect2

Closes #892

See merge request isc-projects/bind9!1561

7 years agoadd CHANGES
Mark Andrews [Fri, 22 Feb 2019 05:25:34 +0000 (16:25 +1100)] 
add CHANGES

7 years agouse client->query.qname
Mark Andrews [Thu, 21 Feb 2019 07:24:30 +0000 (18:24 +1100)] 
use client->query.qname

7 years agoMerge branch 'prep-915' into 'master'
Evan Hunt [Fri, 22 Feb 2019 02:03:19 +0000 (21:03 -0500)] 
Merge branch 'prep-915' into 'master'

documentation changes setting up 9.15 development branch

See merge request isc-projects/bind9!1560

7 years agodocumentation changes setting up 9.15 development branch
Evan Hunt [Fri, 22 Feb 2019 00:04:33 +0000 (16:04 -0800)] 
documentation changes setting up 9.15 development branch

7 years agoMerge branch 'fix-changes' into security-master
Evan Hunt [Thu, 21 Feb 2019 02:04:53 +0000 (18:04 -0800)] 
Merge branch 'fix-changes' into security-master

7 years agoremove "released" line (retained in v9_14) so check-changes won't complain
Evan Hunt [Thu, 21 Feb 2019 02:03:53 +0000 (18:03 -0800)] 
remove "released" line (retained in v9_14) so check-changes won't complain

7 years agoMerge branch 'security-dlz-axfr-deny-broken' into security-master
Evan Hunt [Wed, 6 Feb 2019 19:36:54 +0000 (11:36 -0800)] 
Merge branch 'security-dlz-axfr-deny-broken' into security-master

denied axfr requests were not effective for writable DLZ zones

See merge request isc-private/bind9!57

7 years agoadd CHANGES and release notes entries
Mark Andrews [Wed, 6 Feb 2019 19:36:20 +0000 (11:36 -0800)] 
add CHANGES and release notes entries

7 years agodenied axfr requests were not effective for writable DLZ zones
Mark Andrews [Wed, 6 Feb 2019 19:35:21 +0000 (11:35 -0800)] 
denied axfr requests were not effective for writable DLZ zones

7 years agoMerge 'keytag-memleak' into security-master
Evan Hunt [Wed, 6 Feb 2019 19:32:47 +0000 (11:32 -0800)] 
Merge 'keytag-memleak' into security-master

7 years agofix test error
Evan Hunt [Thu, 3 Jan 2019 00:47:06 +0000 (16:47 -0800)] 
fix test error

7 years agoadd CHANGES and release note entries
Mark Andrews [Sun, 9 Dec 2018 22:13:05 +0000 (09:13 +1100)] 
add CHANGES and release note entries

7 years agocheck that multiple KEY-TAG trust-anchor-telemetry options don't leak memory
Mark Andrews [Mon, 10 Dec 2018 02:33:54 +0000 (13:33 +1100)] 
check that multiple KEY-TAG trust-anchor-telemetry options don't leak memory

7 years agosilently ignore additional keytag options
Mark Andrews [Sun, 9 Dec 2018 21:41:26 +0000 (08:41 +1100)] 
silently ignore additional keytag options

7 years agoMerge 'managed-key-assert' into security-master
Evan Hunt [Tue, 15 Jan 2019 20:11:26 +0000 (12:11 -0800)] 
Merge 'managed-key-assert' into security-master

7 years agoMerge 'managed-key-assert' into security-master
Evan Hunt [Wed, 6 Feb 2019 19:32:17 +0000 (11:32 -0800)] 
Merge 'managed-key-assert' into security-master

7 years agouse algorithm 255 for both unsupported keys
Evan Hunt [Fri, 21 Dec 2018 23:55:44 +0000 (15:55 -0800)] 
use algorithm 255 for both unsupported keys

7 years agoCHANGES, notes
Matthijs Mekking [Thu, 20 Dec 2018 09:22:02 +0000 (10:22 +0100)] 
CHANGES, notes

7 years agoUpdate keyfetch_done compute_tag check
Matthijs Mekking [Wed, 19 Dec 2018 17:47:43 +0000 (18:47 +0100)] 
Update keyfetch_done compute_tag check

If in keyfetch_done the compute_tag fails (because for example the
algorithm is not supported), don't crash, but instead ignore the
key.

7 years agoAdd tests for mkeys with unsupported algorithm
Matthijs Mekking [Wed, 19 Dec 2018 17:45:43 +0000 (18:45 +0100)] 
Add tests for mkeys with unsupported algorithm

These tests check if a key with an unsupported algorithm in
managed-keys is ignored and when seeing an algorithm rollover to
an unsupported algorithm, the new key will be ignored too.

7 years agoDon't free key in compute_tag in case of failure
Matthijs Mekking [Wed, 12 Dec 2018 13:06:10 +0000 (14:06 +0100)] 
Don't free key in compute_tag in case of failure

If `dns_dnssec_keyfromrdata` failed we don't need to call
`dst_key_free` because no `dstkey` was created.  Doing so
nevertheless will result in an assertion failure.

This can happen if the key uses an unsupported algorithm.

7 years agoMerge branch 'placeholder' into 'master'
Evan Hunt [Thu, 21 Feb 2019 02:41:58 +0000 (21:41 -0500)] 
Merge branch 'placeholder' into 'master'

placeholder

See merge request isc-projects/bind9!1551

7 years agoplaceholder
Evan Hunt [Thu, 21 Feb 2019 02:41:26 +0000 (18:41 -0800)] 
placeholder

7 years agoMerge branch 'start-915' into 'master'
Evan Hunt [Thu, 21 Feb 2019 02:23:51 +0000 (21:23 -0500)] 
Merge branch 'start-915' into 'master'

9.15.0-dev

See merge request isc-projects/bind9!1550

7 years ago9.15.0-dev
Evan Hunt [Thu, 21 Feb 2019 02:22:54 +0000 (18:22 -0800)] 
9.15.0-dev

7 years agoMerge branch '428-remove-contrib-sdb' into 'master'
Evan Hunt [Wed, 20 Feb 2019 01:47:55 +0000 (20:47 -0500)] 
Merge branch '428-remove-contrib-sdb' into 'master'

remove contrib/sdb

Closes #428

See merge request isc-projects/bind9!1501

7 years agoCHANGES
Evan Hunt [Thu, 14 Feb 2019 21:19:51 +0000 (13:19 -0800)] 
CHANGES

7 years agoremove contrib/sdb
Evan Hunt [Sat, 9 Feb 2019 00:47:46 +0000 (16:47 -0800)] 
remove contrib/sdb

removed the SDB databases in contrib/sdb as they hadn't been
maintained in some time, and were no longer able to link to named
without modification.  also:

- cleaned up contrib/README, which still referred to contrib
  subdirectores that were removed already, and linked to an obsolete URL.
- removed references to sdb in doc/misc/roadmap and doc/misc/sdb.

7 years agoMerge branch '884-patches-to-review' into 'master'
Mark Andrews [Tue, 19 Feb 2019 23:11:42 +0000 (18:11 -0500)] 
Merge branch '884-patches-to-review' into 'master'

Correct errno to result translation

Closes #884

See merge request isc-projects/bind9!1519

7 years agoadd CHANGES
Mark Andrews [Tue, 19 Feb 2019 22:44:56 +0000 (09:44 +1100)] 
add CHANGES

7 years agocorrect errno to result translation
Mark Andrews [Mon, 18 Feb 2019 01:26:38 +0000 (12:26 +1100)] 
correct errno to result translation

7 years agoMerge branch '836-building-fails-in-build-subdirectory-when-dnstap-is-enabled' into...
Mark Andrews [Tue, 19 Feb 2019 22:40:59 +0000 (17:40 -0500)] 
Merge branch '836-building-fails-in-build-subdirectory-when-dnstap-is-enabled' into 'master'

Resolve "Building fails in build subdirectory when dnstap is enabled"

Closes #836

See merge request isc-projects/bind9!1510

7 years agoadd CHANGES
Mark Andrews [Tue, 19 Feb 2019 22:29:07 +0000 (09:29 +1100)] 
add CHANGES

7 years agoteach proto_c to look in the source directory for out of tree builds
Mark Andrews [Tue, 12 Feb 2019 04:27:57 +0000 (15:27 +1100)] 
teach proto_c to look in the source directory for out of tree builds

7 years agoMerge branch '877-clang-scan-build-redundant-assignments-detected' into 'master'
Mark Andrews [Mon, 18 Feb 2019 23:01:56 +0000 (18:01 -0500)] 
Merge branch '877-clang-scan-build-redundant-assignments-detected' into 'master'

Remove redundant assignments

Closes #877

See merge request isc-projects/bind9!1513

7 years agoremove redundant assignment
Mark Andrews [Wed, 13 Feb 2019 05:22:01 +0000 (16:22 +1100)] 
remove redundant assignment

7 years agosilence clang
Mark Andrews [Wed, 13 Feb 2019 05:19:07 +0000 (16:19 +1100)] 
silence clang

7 years agodeclarations before assertions
Mark Andrews [Wed, 13 Feb 2019 05:13:16 +0000 (16:13 +1100)] 
declarations before assertions

7 years agodon't overwrite result
Mark Andrews [Wed, 13 Feb 2019 05:11:08 +0000 (16:11 +1100)] 
don't overwrite result

7 years agoremove seen_dname
Mark Andrews [Wed, 13 Feb 2019 04:57:03 +0000 (15:57 +1100)] 
remove seen_dname