On FreeBSD, the pthread primitives are not solely allocated on stack,
but part of the object lives on the heap. Missing pthread_*_destroy
causes the heap memory to grow and in case of fast lived object it's
possible to run out-of-memory.
Properly destroy the leaking mutex (worker->lock) and
the leaking condition (sock->cond).
(cherry picked from commit 57d0fabadd)
Previously, when TCP accept failed, we have logged a message with
ISC_LOG_ERROR level. One common case, how this could happen is that the
client hits TCP client quota and is put on hold and when resumed, the
client has already given up and closed the TCP connection. In such
case, the named would log:
TCP connection failed: socket is not connected
This message was quite confusing because it actually doesn't say that
it's related to the accepting the TCP connection and also it logs
everything on the ISC_LOG_ERROR level.
Change the log message to "Accepting TCP connection failed" and for
specific error states lower the severity of the log message to
ISC_LOG_INFO.
(cherry picked from commit 20ac73eb22)
Reconfigure the server without catalog-zone configuration, and then
put it back and reconfigure again, to confirm that there's no crash.
(cherry picked from commit bb411af31d)
The following scenario triggers a "named" crash:
1. Configure a catalog zone.
2. Start "named".
3. Comment out the "catalog-zone" clause.
4. Run `rndc reconfig`.
5. Uncomment the "catalog-zone" clause.
6. Run `rndc reconfig` again.
Implement the required cleanup of the in-memory catalog zone during
the first `rndc reconfig`, so that the second `rndc reconfig` could
find it in an expected state.
(cherry picked from commit 43ac2cd229)
Checks that there is a revoked key in the DNSKEY RRset then checks
that only the correct number of DS records are produced.
(cherry picked from commit e7a3ada1d2)
it is pointless to convert revoked keys to DS or CDS records as
they cannot be used to provide a cryptographic link from the parent
zone.
(cherry picked from commit 04a5529c2d)
We are not back porting OpenSSL 3.0.0 fixes to this branch so there
is no point in emitting warnings about using deprecated code.
Additionally this impacts --enable-developer and --enable-warn-error.
Use relative names when adding SOA record and a long domain
name to create SOA RR where the wire format is longer than
the initial buffer allocation in dns_sdlz_putrr.
(cherry picked from commit 6dc5248606)
The parsing loop needs to process ISC_R_NOSPACE to properly
size the buffer. If result is still ISC_R_NOSPACE at the end
of the parsing loop set result to DNS_R_SERVFAIL.
(cherry picked from commit 08f1cba096)
In file included from rdata.c:602:
In file included from ./code.h:88:
./rdata/in_1/svcb_64.c:259:9: warning: array subscript is of type 'char' [-Wchar-subscripts]
if (!isdigit(*region->base)) {
^~~~~~~~~~~~~~~~~~~~~~
/usr/include/sys/ctype_inline.h:51:44: note: expanded from macro 'isdigit'
#define isdigit(c) ((int)((_ctype_tab_ + 1)[(c)] & _CTYPE_D))
^~~~
(cherry picked from commit d09447287f)
The documentation was inconsistent with the code. The new description
for cookie-algorithm now reflects the current behavior.
The following two commits are the relevant code changes to this
section of docs: afa81ee4a912f313
(cherry picked from commit b29a748119)
mdig was always using the default 1024-65535 range for outgoing
messages, instead of using the system's configured ephemeral ports.
(cherry picked from commit 0fecb10c17)
The sed expression could find the wrong instance of 10.
Use awk to replace the TTL field and also to specify the
server and issue the send command.
(cherry picked from commit be879cda72)
The old .gitlab-ci.yaml accidentally worked because pylint
was importing modules internally, probably as a side-effect
of testing other code.
This pylint invocation errors out when PYTHONPATH is not set:
$ pylint --rcfile $CI_PROJECT_DIR/.pylintrc bin/tests/system/keymgr/testpolicy.py
************* Module testpolicy
bin/tests/system/keymgr/testpolicy.py:13:0: E0401: Unable to import 'isc' (import-error)
And this invocation works even without PYTHONPATH:
$ pylint --rcfile $CI_PROJECT_DIR/.pylintrc bin/python/setup.py bin/tests/system/keymgr/testpolicy.py
This is almost minimal prototype to show how to use python-hypothesis
library in a system test. It does not fully replace existing shell-based
system test for wildcards.
(cherry picked from commit 49da19c353)
Gitlab feature
https://docs.gitlab.com/ee/ci/pipelines/settings.html#auto-cancel-redundant-pipelines
can automatically cancel jobs which operate on an outdated code, i.e. on
branches which received new commits while jobs with an older set of
commits are still running. For this feature to work jobs have to be
configured with boolean interruptible: true.
I think practically all of our current CI jobs can be cancelled,
so the option is now on by default for all jobs.
