ComputerSurge/bind9
3
0
Fork 0
Code Pull Requests 1 Activity
36,761 Commits 589 Branches 805 Tags
10d9c040e7dd8b3fd4e7f07296df543ec2d003ae
Commit Graph

36761 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Mark Andrews
10d9c040e7 Add support for 'dohpath' to SVCB (and HTTPS) 
dohpath is specfied in draft-ietf-add-svcb-dns and has a value
of 7.  It must be a relative path (start with a /), be encoded
as UTF8 and contain the variable dns ({?dns}).

(cherry picked from commit 6d561d3886)
 2022-10-04 15:32:22 +11:00
Matthijs Mekking
c179933c09 Merge branch 'matthijs-dnssec-guide-dnssec-policy-requires-inline-signing-v9_18' into 'v9_18' 
[v9_18] Add dnssec-policy inline-signing requirement to documentation

See merge request isc-projects/bind9!6832
 2022-09-28 08:38:45 +00:00
Matthijs Mekking
2abb2b638a Add inline-signing to config examples 
Add 'inline-signing yes;' to configuration examples to have working
copy paste configurations.

(cherry picked from commit 18d230a584)
 2022-09-28 10:37:41 +02:00
Matthijs Mekking
d1a01d88f9 Update inline-signing requirement to ARM 
This change was made in !6403, but the appropriate documentation
changes were not applied to the ARM.

(cherry picked from commit 5d454a7158)
 2022-09-28 10:37:41 +02:00
Matthijs Mekking
2305d8770b Add inline-signing requirement to DNSSEC Guide 
This change was made in !6403, but the appropriate documentation
changes were not applied to the DNSSEC Guide.

(cherry picked from commit 09522c8d73)
 2022-09-28 10:37:41 +02:00
Mark Andrews
79462fcb1d Merge branch '3562-assign-default-value-to-suffix-v9_18' into 'v9_18' 
Suffix may be used before it is assigned a value [v9_18]

See merge request isc-projects/bind9!6836
 2022-09-28 01:40:56 +00:00
Mark Andrews
750766a842 Suffix may be used before it is assigned a value 
CID 350722 (#5 of 7): Bad use of null-like value (FORWARD_NULL)
        12. invalid_operation: Invalid operation on null-like value suffix.
    145        r.authority.append(
    146            dns.rrset.from_text(
    147                "icky.ptang.zoop.boing." + suffix,
    148                1,
    149                IN,
    150                NS,
    151                "a.bit.longer.ns.name." + suffix,
    152            )
    153        )

(cherry picked from commit 432064f63c)
 2022-09-28 11:19:38 +10:00
Mark Andrews
cff7e5acdd Merge branch '3551-missing-rsa_free-call-in-opensslrsa_verify2-v9_18' into 'v9_18' 
Free 'rsa' if 'e' is NULL in opensslrsa_verify2 [v9_18]

See merge request isc-projects/bind9!6834
 2022-09-28 01:06:10 +00:00
Mark Andrews
573eeea2ee Add CHANGES note for [GL #3551] 
(cherry picked from commit 1e3680193a)
 2022-09-28 09:49:27 +10:00
Mark Andrews
9f8eadd289 Check BN_dup results in rsa_check 
(cherry picked from commit a47235f4f5)
 2022-09-28 09:49:04 +10:00
Mark Andrews
6b37a69213 Free 'n' on error path in rsa_check 
(cherry picked from commit 483c5a1978)
 2022-09-28 09:49:04 +10:00
Mark Andrews
6c8fe060af Check that 'e' and 'n' are allocated in opensslrsa_fromdns 
(cherry picked from commit db70c30213)
 2022-09-28 09:49:04 +10:00
Mark Andrews
3fd8d439c6 Check that 'e' and 'n' are non-NULL in opensslrsa_todns 
(cherry picked from commit 5603cd69d1)
 2022-09-28 09:49:04 +10:00
Mark Andrews
e9b880f648 Free 'rsa' if 'e' is NULL in opensslrsa_verify2 
(cherry picked from commit a2b51ca6ac)
 2022-09-28 09:49:04 +10:00
Mark Andrews
ae44b22ca6 Merge branch '3541-have-named-v-report-supported-algorithms-v9_18' into 'v9_18' 
Report supported crypto algorithms [v9_18]

See merge request isc-projects/bind9!6831
 2022-09-27 23:27:48 +00:00
Petr Špaček
81c8cc37aa Add release note for new crypto algorithm logging 
(cherry picked from commit c138a8aa59)
 2022-09-28 01:19:50 +10:00
Petr Špaček
af5f4bacf6 Document list of crypto algorithms in named -V output 
(cherry picked from commit c648e280e4)
 2022-09-28 01:19:50 +10:00
Mark Andrews
70606149c6 Deduplicate string formating 
(cherry picked from commit d34ecdb366)
 2022-09-28 01:19:50 +10:00
Mark Andrews
2f9a504998 Add CHANGES entry for [GL #3541] 
(cherry picked from commit e876de442e)
 2022-09-28 01:19:50 +10:00
Mark Andrews
09910d25a9 silence scan-build false positive 
(cherry picked from commit 3156d36495)
 2022-09-28 01:19:50 +10:00
Mark Andrews
450a8ed5d5 Report algorithms supported by named at startup 
(cherry picked from commit cb1515e71f)
 2022-09-27 16:55:33 +02:00
Mark Andrews
c0e59be125 Have 'named -V' report supported algorithms 
These cover DNSSEC, DS, HMAC and TKEY algorithms.

(cherry picked from commit b308f866c0)
 2022-09-27 16:55:33 +02:00
Mark Andrews
3d223e0338 Replace alg_totext with dst_hmac_algorithm_totext 
The new library function will be reused by subsequent commits.

(cherry picked from commit 151cc2fff9)
 2022-09-27 16:55:33 +02:00
Mark Andrews
0bbc0c61e3 Convert DST_ALG defines to enum and group HMAC algorithms 
The HMACs and GSSAPI are just using unallocated values.
Moving them around shouldn't cause issues.
Only the dnssec system test knew the internal number in use for hmacmd5.

(cherry picked from commit 09f7e0607a)
 2022-09-27 16:55:33 +02:00
Tony Finch
57a773fa81 Merge branch '3548-without-system-jemalloc-v9_18' into 'v9_18' 
A more helpful error when --without-jemalloc is impossible

See merge request isc-projects/bind9!6830
 2022-09-27 14:17:36 +00:00
Tony Finch
9ec7f4399f A more helpful error when --without-jemalloc is impossible 
When jemalloc is the system allocator (on FreeBSD and NetBSD), trying
to build --without-jemalloc caused an obscure compiler error. Instead,
complain at configure time that --without-jemalloc cannot work. (It
needs to remain an error because it is vexing when configure quietly
ignores an explicit direction.)

(cherry picked from commit f0e79458be)
 2022-09-27 14:35:29 +01:00
Mark Andrews
6173e62147 Merge branch '3557-catalog-zone-check-key-names-v9_18' into 'v9_18' 
Check that primary key names have not changed [v9_18]

See merge request isc-projects/bind9!6825
 2022-09-27 12:42:23 +00:00
Mark Andrews
3fb4ced9aa Add release note for [GL #3557] 
(cherry picked from commit eacf41a20a)
 2022-09-27 22:20:21 +10:00
Mark Andrews
68336b367f Add CHANGES note for [GL #3557] 
(cherry picked from commit 0774dacf2d)
 2022-09-27 22:19:37 +10:00
Mark Andrews
66463ee48c Check that changing the TSIG key is successful 
Switch the primary to require 'next_key' for zone transfers then
update the catalog zone to say to use 'next_key'.  Next update the
zones contents then check that those changes are seen on the
secondary.

(cherry picked from commit 176e172210)
 2022-09-27 22:19:37 +10:00
Mark Andrews
83726e2fd3 Check that primary key names have not changed 
When looking for changes in a catalog zone member zone we need to
also check if the TSIG key name associated with a primary server
has be added, removed or changed.

(cherry picked from commit 9172bd9b5a)
 2022-09-27 22:19:37 +10:00
Petr Špaček
55726d616f Merge branch 'pspacek/fix-dns_message_checksig-out-of-tree-v9_18' into 'v9_18' 
Fix dns_message_checksig fuzzer [v9_18]

See merge request isc-projects/bind9!6824
 2022-09-27 11:37:01 +00:00
Ondřej Surý
6a349d5c29 Fix stack-use-after-scope in dns_message_checksig test 
Previously stack with buffer for test dns message went out of scope
before the message was processed. For fuzz testing its better to avoid
allocation, so let's avoid allocations completely and use simplest
possible static buffer.

Fixes: #3565
(cherry picked from commit 16377100ae)
 2022-09-27 13:23:25 +02:00
Petr Špaček
a24ced44ab Fix dns_message_checksig in out-of-tree setup 
Hardcoded path was missing FUZZDIR prefix.

Related: !5923
(cherry picked from commit 4108d79c9a)
 2022-09-27 13:23:25 +02:00
Petr Špaček
35c5853f8a Detect errors in fuzzer initialization 
Incomplete initialization typically causes mysterious failures later on,
so let's err out early.

(cherry picked from commit d102c59b96)
 2022-09-27 13:23:16 +02:00
Evan Hunt
a44ccdbabb Merge branch '3553-static-buffer-functions-v9_18' into 'v9_18' 
change ISC__BUFFER macros to inline functions

See merge request isc-projects/bind9!6819
 2022-09-27 07:46:00 +00:00
Evan Hunt
369858730a change ISC__BUFFER macros to inline functions 
previously, when ISC_BUFFER_USEINLINE was defined, macros were
used to implement isc_buffer primitives (isc_buffer_init(),
isc_buffer_region(), etc). these macros were missing the DbC
assertions for those primitives, which made it possible for
coding errors to go undetected.

adding the assertions to the macros caused compiler warnings on
some platforms. therefore, this commit converts the ISC__BUFFER
macros to static inline functions instead, with assertions included,
and eliminates the non-inline implementation from buffer.c.

the --enable-buffer-useinline configure option has been removed.

(cherry picked from commit 1926ddc987)
 2022-09-27 00:45:28 -07:00
Michał Kępień
e442730104 Merge branch 'mnowak/add-fedora-36-v9_18' into 'v9_18' 
[v9_18] Add Fedora 36

See merge request isc-projects/bind9!6820
 2022-09-27 07:42:14 +00:00
Michal Nowak
50405ba413 Add Fedora 36 
(cherry picked from commit a313c49a3b)
 2022-09-27 09:40:19 +02:00
Petr Špaček
b8c92ad51f Merge branch 'bug/main/doc-arm-rhel9-v9_18' into 'v9_18' 
Compatibility for building ARM on older sphinx [v9_18]

See merge request isc-projects/bind9!6817
 2022-09-26 15:23:34 +00:00
Petr Menšík
ad59ef103f Simplify allowing warnings during ARM build 
RHEL8 Sphinx does not support all features used in ARM building. But
with few emitted warnings it can build the documentation fine. Simplify
warnings acceptance by allowing make doc SPHINX_W=''.

(cherry picked from commit 3db7e241d2)
 2022-09-26 17:16:42 +02:00
Petr Menšík
dfc7b630db Compatibility for building ARM on older sphinx 
Make documentation building successful even on RHEL9 sphinx 3.4.3. It
does not like case-insensitive matching of terms, so provide lowercase
text description with Uppercase word reference.

(cherry picked from commit bc6c6b1184)
 2022-09-26 17:16:38 +02:00
Petr Špaček
98ba68fe02 Merge branch 'ondrej-add-dns_message_checktsig-fuzzer-v9_18' into 'v9_18' 
Add dns_message_checksig() fuzzer [v9_18]

See merge request isc-projects/bind9!6816
 2022-09-26 15:16:01 +00:00
Petr Špaček
c00f76b37e Add seed to reproduce issue memory leak in dns_message_checktsig 
Related: #3547
(cherry picked from commit 983822abcf)
 2022-09-26 16:53:06 +02:00
Mark Andrews
431a2159e5 Add CHANGES notes for [GL !5923] 
(cherry picked from commit 6237273205)
 2022-09-26 16:53:06 +02:00
Mark Andrews
339bd12c88 Add the ability to dig to specify the signing time 
(cherry picked from commit 805e2ba31d)
 2022-09-26 16:53:06 +02:00
Mark Andrews
86fc284f74 Allow dig to SIG(0) sign a message 
(cherry picked from commit 4d248ee78e)
 2022-09-26 16:53:06 +02:00
Mark Andrews
3a3a6367d2 Add a SIG(0) request seed 
(cherry picked from commit c127a2aefc)
 2022-09-26 16:53:06 +02:00
Mark Andrews
ed307fa179 Add TSIG reply seed 
(cherry picked from commit 3c28608c9f)
 2022-09-26 16:53:06 +02:00
Mark Andrews
5eae4b78cc Add TSIG request seed 
(cherry picked from commit f3d47bc8e0)
 2022-09-26 16:53:06 +02:00