Commit Graph

28516 Commits

Author SHA1 Message Date
Ondřej Surý
1eb5a77baa Set WarningLevel to Level1 for Release, treat warnings as errors
Our vcxproj files set the WarningLevel to Level3, which is too verbose
for a code that needs to be portable.  That basically leads to ignoring
all the errors that MSVC produces.  This commits downgrades the
WarningLevel to Level1 and enables treating warnings as errors for
Release builds.  For the Debug builds the WarningLevel got upgraded to
Level4, and treating warnings as errors is explicitly disabled.

We should eventually make the code clean of all MSVC warnings, but it's
a long way to go for Level4, so it's more reasonable to start at Level1.

For reference[1], these are the warning levels as described by MSVC
documentation:

  * /W0 suppresses all warnings. It's equivalent to /w.
  * /W1 displays level 1 (severe) warnings. /W1 is the default setting
    in the command-line compiler.
  * /W2 displays level 1 and level 2 (significant) warnings.
  * /W3 displays level 1, level 2, and level 3 (production quality)
    warnings. /W3 is the default setting in the IDE.
  * /W4 displays level 1, level 2, and level 3 warnings, and all level 4
    (informational) warnings that aren't off by default. We recommend
    that you use this option to provide lint-like warnings. For a new
    project, it may be best to use /W4 in all compilations. This option
    helps ensure the fewest possible hard-to-find code defects.
  * /Wall displays all warnings displayed by /W4 and all other warnings
    that /W4 doesn't include — for example, warnings that are off by
    default.
  * /WX treats all compiler warnings as errors. For a new project, it
    may be best to use /WX in all compilations; resolving all warnings
    ensures the fewest possible hard-to-find code defects.

1. https://docs.microsoft.com/en-us/cpp/build/reference/compiler-option-warning-level?view=vs-2019

(cherry picked from commit 789d253e3d)
2020-04-16 08:12:39 +02:00
Michał Kępień
385fd98bf1 Merge branch 'michal/fix-srcid-on-windows-v9_11' into 'v9_11'
[v9_11] Fix "srcid" on Windows

See merge request isc-projects/bind9!3373
2020-04-15 09:43:35 +00:00
Michał Kępień
2d73af4e2a Fix "srcid" on Windows
Windows BIND releases produced by GitLab CI are built from Git
repositories, not from release tarballs, which means the "srcid" file is
not present in the top source directory when MSBuild is invoked.  This
causes the Git commit hash for such builds to be set to "unset_id".
Enable win32utils/Configure to try determining the commit hash for a
build by invoking Git on the build host if the "srcid" file is not
present (which is what its Unix counterpart does).

(cherry picked from commit 05e13e7caf)
2020-04-15 11:39:55 +02:00
Ondřej Surý
fd32f53a7b Merge branch 'ondrej/add-python-static-analysis-to-gitlab-ci-v9_11' into 'v9_11'
Add python static analysis to GitLab CI (v9.11)

See merge request isc-projects/bind9!3367
2020-04-15 07:48:07 +00:00
Ondřej Surý
cea7ef64b8 Exclude contrib/queryperf/ from pylint check 2020-04-15 08:52:50 +02:00
Ondřej Surý
9301d69ebc Make the python code pylint and flake8 compliant
(cherry picked from commit 1e4ff9d485)
2020-04-15 07:46:35 +02:00
Ondřej Surý
120e6202c6 Add pylint and flake8 tests to GitLab CI
Our python code didn't adhere to any coding standard.  In this commit, we add
flame8 (https://pypi.org/project/flake8/), and pylint (https://www.pylint.org/).

There's couple of exceptions:

- ans.py scripts are not checked, nor fixed as part of this MR
- pylint's missing-*-docstring and duplicate-code checks have
  been disabled via .pylintrc

Both exceptions should be removed in due time.

(cherry picked from commit ee534592e3)
2020-04-15 07:44:39 +02:00
Michał Kępień
52666bbc09 Merge branch 'michal/misc-doc-fixes-v9_11' into 'v9_11'
[v9_11] Miscellaneous documentation fixes

See merge request isc-projects/bind9!3349
2020-04-09 05:50:14 +00:00
Michał Kępień
5d2950c9a3 Tweak release notes for BIND 9.11.18 2020-04-08 23:00:12 +02:00
Michał Kępień
01c2a876ea Tweak CHANGES for BIND 9.11.18 2020-04-08 23:00:12 +02:00
Ondřej Surý
1bb7b88c98 Merge branch 'ondrej/missing-changes-v9_11-v9_11' into 'v9_11'
Add missing CHANGES notes from v9_11 branch

See merge request isc-projects/bind9!3354
2020-04-08 12:49:30 +00:00
Ondřej Surý
7a866a11aa Add missing CHANGES notes from v9_11 branch
(cherry picked from commit 434929b53d)
2020-04-08 14:47:09 +02:00
Ondřej Surý
12597e7923 Merge branch 'ondrej/arch-ppc64le-v9_11-changes' into 'v9_11'
Add CHANGES note for !3295

See merge request isc-projects/bind9!3350
2020-04-08 12:18:20 +00:00
Ondřej Surý
10c9a30169 Add CHANGES note for !3295 2020-04-08 14:17:06 +02:00
Ondřej Surý
eb750eaf72 Merge branch '1574-confidential-issue-rebinding-protection-fail-in-forwarding-mode-v9_11' into 'v9_11'
Resolve "DNS rebinding protection is ineffective when BIND is configured as a forwarding DNS server"

See merge request isc-projects/bind9!3345
2020-04-08 09:04:56 +00:00
Ondřej Surý
fc2bead314 Add release notes 2020-04-08 09:47:08 +02:00
Ondřej Surý
11b8259846 Add CHANGES 2020-04-08 09:47:08 +02:00
Diego Fronza
eace12fb70 Add test for the proposed fix
This test asserts that option "deny-answer-aliases" works correctly
when forwarding requests.

As a matter of example, the behavior expected for a forwarder BIND
instance, having an option such as deny-answer-aliases { "domain"; }
is that when forwarding a request for *.anything-but-domain, it is
expected that it will return SERVFAIL if any answer received has a CNAME
for "*.domain".
2020-04-08 09:21:03 +02:00
Diego Fronza
8beba5ee09 Fixed rebinding protection bug when using forwarder setups
BIND wasn't honoring option "deny-answer-aliases" when configured to
forward queries.

Before the fix it was possible for nameservers listed in "forwarders"
option to return CNAME answers pointing to unrelated domains of the
original query, which could be used as a vector for rebinding attacks.

The fix ensures that BIND apply filters even if configured as a forwarder
instance.
2020-04-08 09:21:03 +02:00
Michał Kępień
34786cb997 Merge branch 'mnowak/release-fixes-v9_11' into 'v9_11'
Fix a grammar mistake in entry 5357

See merge request isc-projects/bind9!3339
2020-04-08 07:17:13 +00:00
Michal Nowak
7637693be8 Fix a grammar mistake in entry 5357 2020-04-07 11:07:56 +02:00
Mark Andrews
d7226ff55e Merge branch 'marka-empty-release-notes-v9_11' into 'v9_11'
add empty release notes for 9.11.18

See merge request isc-projects/bind9!3315
2020-03-31 07:21:06 +00:00
Mark Andrews
d8ba069201 add empty release notes for 9.11.18
(cherry picked from commit 503e2dff64)
2020-03-31 17:16:13 +11:00
Mark Andrews
c4b4a70d53 Merge branch '1678-bind-fails-to-build-with-mysql-support-against-mysql8-mysql-connector-8-v9_11' into 'v9_11'
Resolve "BIND fails to build with MYSQL support against mysql8/mysql-connector-8"

See merge request isc-projects/bind9!3306
2020-03-26 23:21:36 +00:00
Mark Andrews
779d4995f0 Typedef my_bool if missing.
ORACLE MySQL 8.0 has dropped the my_bool type, so we need to reinstate
it back when compiling with that version or higher.  MariaDB is still
keeping the my_bool type.  The numbering between the two (MariaDB 5.x
jumped to MariaDB 10.x) doesn't make the life of the developer easy.

(cherry picked from commit c6d5d5c88f)
2020-03-27 09:12:22 +11:00
Mark Andrews
95da2ffac1 remove unused variable
(cherry picked from commit 7af9883b48)
2020-03-27 09:07:17 +11:00
Ondřej Surý
6e9c035b05 Merge branch 'ondrej/scan-build-10-fixes-v9_11-2' into 'v9_11'
Fix 'Dead nested assignment' from scan-build-10

See merge request isc-projects/bind9!3296
2020-03-26 13:10:06 +00:00
Ondřej Surý
8077ce039e Import parse_tsan.py file to v9_11 branch 2020-03-26 13:52:28 +01:00
Ondřej Surý
ff814288af Fix 'Dead nested assignment' from scan-build-10
This is the warning:

In file included from print_test.c:47:
./../print.c:203:9: warning: Although the value stored to 'neg' is used in the enclosing expression, the value is never actually read from 'neg'
                dot = neg = space = plus = left = zero = alt = h = l = q = z = 0;
                      ^     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1 warning generated.
2020-03-26 13:52:28 +01:00
Michał Kępień
d934f4a9b2 Merge branch 'michal/misc-gitlab-ci-yml-cleanups-v9_11' into 'v9_11'
[v9_11] Miscellaneous .gitlab-ci.yml cleanups

See merge request isc-projects/bind9!3302
2020-03-26 10:46:33 +00:00
Michał Kępień
9e716a0add Remove unused YAML anchors
Some YAML anchors defined in .gitlab-ci.yml are not subsequently used.
Remove them to prevent confusion.

(cherry picked from commit 3d121ede6c)
2020-03-26 11:45:40 +01:00
Michał Kępień
7e45ec0084 Do not install compiledb in cppcheck job
compiledb is already included in the Docker image used by the cppcheck
job.  Do not attempt installing it again.

(cherry picked from commit 3d264dbe81)
2020-03-26 11:45:40 +01:00
Michał Kępień
13b942f60d Include compiler name in all build/test job names
Most build/test job names already contain a "clang", "gcc", or "msvc"
prefix which indicates the compiler used for a given job.  Apply that
naming convention to all build/test job names.

(cherry picked from commit 0c898084cd)
2020-03-26 11:45:39 +01:00
Michał Kępień
cb541ea253 Refactor TSAN unit test job definitions
Multiple YAML keys have identical values for both TSAN unit test job
definitions.  Extract these common keys to a YAML anchor and use it in
TSAN unit test job definitions to reduce code duplication.

(cherry picked from commit 84463f33bf)
2020-03-26 11:45:39 +01:00
Michał Kępień
ac43976113 Run "kyua report-html" for TSAN unit test jobs
Definitions of jobs running unit tests under TSAN contain an
"after_script" YAML key.  Since the "unit_test_job" anchor is included
in those job definitions before "after_script" is defined, the
job-specific value of that key overrides the one defined in the included
anchor.  This prevents "kyua report-html" from being run for TSAN unit
test jobs.  Moving the invocation of "kyua report-html" to the "script"
key in the "unit_test_job" anchor is not acceptable as it would cause
the exit code of that command to determine the result of all unit test
jobs and we need that to be the exit code of "make unit".  Instead, add
"kyua report-html" invocations to the "after_script" key of TSAN unit
test job definitions to address the problem without affecting other job
definitions.

(cherry picked from commit 6ebce9425e)
2020-03-26 11:45:39 +01:00
Michał Kępień
a052bac38f Refactor TSAN system test job definitions
Multiple YAML keys have identical values for both TSAN system test job
definitions.  Extract these common keys to a YAML anchor and use it in
TSAN system test job definitions to reduce code duplication.

(cherry picked from commit a9aa295f1f)
2020-03-26 11:45:39 +01:00
Michał Kępień
671e0e7a08 Drop "before_script" key from TSAN job definitions
Both "system_test_job" and "unit_test_job" YAML anchors contain a
"before_script" key.  TSAN job definitions first specify their own value
of the "before_script" key and then include the aforementioned YAML
anchors, which results in the value of the "before_script" key being
overridden with the value specified by the included anchor.  Given this,
remove "before_script" definitions specific to TSAN jobs as they serve
no practical purpose.

(cherry picked from commit 8ef01c7b50)
2020-03-26 11:45:38 +01:00
Michał Kępień
a9bc2311ca Define TSAN options in a global variable
All assignments for the TSAN_OPTIONS variable are identical across the
entire .gitlab-ci.yml file.  Define a global TSAN_OPTIONS_COMMON
variable and use it in job definitions to reduce code duplication.

(cherry picked from commit 6325c0993a)
2020-03-26 11:45:38 +01:00
Ondřej Surý
b4a5c02b31 Merge branch 'ondrej/arch-ppc64le-v9_11' into 'v9_11'
Detect atomic operations support on ppc64le (v9.11)

See merge request isc-projects/bind9!3295
2020-03-25 23:03:36 +00:00
Petr Menšík
33fcafe055 Detect atomic operations support on ppc64le
Current configure detects only stdatomic operations. Fix it to detect
also ISC atomics with assembly.
2020-03-25 23:04:23 +01:00
Ondřej Surý
c5d3152edd Merge branch 'ondrej/no-clang-on-debian-sid-v9_11' into 'v9_11'
Rewrite .gitlab-ci.yml to have 'base_image' and other GitLab CI improvements (v9.11)

See merge request isc-projects/bind9!3289
2020-03-25 17:30:15 +00:00
Ondřej Surý
f801f0f926 Adjust the differences between v9_16 and v9_11 GitLab CI job configuration 2020-03-25 18:20:40 +01:00
Ondřej Surý
95d2d8399a Replace clang:stretch:amd64 build with clang:buster:amd64 build (+ add missing system test)
(cherry picked from commit 281531d82b)
2020-03-25 18:15:15 +01:00
Ondřej Surý
00f12220c0 Replace bear with compiledb and drop MAKE_COMMAND because we don't need it
(cherry picked from commit ec72d1100d)
2020-03-25 18:15:14 +01:00
Ondřej Surý
7398668e76 Adjust the GitLab CI jobs to match the new images
The custom builds (oot, asan, tsan) were mostly built using Debian sid
amd64 image.  The problem was that this image broke too easily, because
it's Debian "unstable" after all.

This commit introduces "base_image" that should be most stable with
extra bits on top (clang, coccinelle, cppcheck, ...).  Currently, that
would be Debian buster amd64.

Other changes introduced by this commit:

* Change the default clang version to 10
* Run both ASAN and TSAN with both gcc and clang compilers
* Remove Clang Debian stretch i386 job

(cherry picked from commit 5f5721aa11)
2020-03-25 18:15:11 +01:00
Ondřej Surý
4ae7af00a8 Merge branch 'ondrej/scan-build-10-fixes-v9_11' into 'v9_11'
Fix new warnings reported by scan-build from LLVM/Clang 10 (v9.11)

See merge request isc-projects/bind9!3287
2020-03-25 17:11:37 +00:00
Ondřej Surý
9b76eea08f Fix 'Dereference of null pointer' from scan-build-10
These are mostly false positives, the clang-analyzer FAQ[1] specifies
why and how to fix it:

> The reason the analyzer often thinks that a pointer can be null is
> because the preceding code checked compared it against null. So if you
> are absolutely sure that it cannot be null, remove the preceding check
> and, preferably, add an assertion as well.

The 2 warnings reported are:

byname_test.c:308:34: warning: Access to field 'fwdtable' results in a dereference of a null pointer (loaded from variable 'view')
                RUNTIME_CHECK(dns_fwdtable_add(view->fwdtable, dns_rootname,
                                               ^~~~~~~~~~~~~~
/builds/isc-projects/bind9/lib/isc/include/isc/util.h:318:52: note: expanded from macro 'RUNTIME_CHECK'
                                                   ^~~~
/builds/isc-projects/bind9/lib/isc/include/isc/error.h:50:21: note: expanded from macro 'ISC_ERROR_RUNTIMECHECK'
        ((void)(ISC_LIKELY(cond) ||  \
                           ^~~~
/builds/isc-projects/bind9/lib/isc/include/isc/likely.h:23:43: note: expanded from macro 'ISC_LIKELY'
                                            ^
1 warning generated.

--

./rndc.c:255:6: warning: Dereference of null pointer (loaded from variable 'host')
        if (*host == '/') {
            ^~~~~
1 warning generated.

References:
1. https://clang-analyzer.llvm.org/faq.html#null_pointer

(cherry picked from commit ddd0d356e5)
2020-03-25 18:09:20 +01:00
Ondřej Surý
138dded9d9 Fix 'Dead nested assignment's from scan-build-10
The 3 warnings reported are:

os.c:872:7: warning: Although the value stored to 'ptr' is used in the enclosing expression, the value is never actually read from 'ptr'
        if ((ptr = strtok_r(command, " \t", &last)) == NULL) {
             ^     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1 warning generated.

--

rpz.c:1117:10: warning: Although the value stored to 'zbits' is used in the enclosing expression, the value is never actually read from 'zbits'
        return (zbits &= x);
                ^        ~
1 warning generated.

--

openssleddsa_link.c:532:10: warning: Although the value stored to 'err' is used in the enclosing expression, the value is never actually read from 'err'
        while ((err = ERR_get_error()) != 0) {
                ^     ~~~~~~~~~~~~~~~
1 warning generated.

(cherry picked from commit 262f087bcf)
2020-03-25 18:08:12 +01:00
Ondřej Surý
df81669a27 Merge branch 'ondrej/remove-debian-jessie-from-gitlab-ci-v9_11' into 'v9_11'
Remove Debian 8 ("Jessie") from the GitLab CI

See merge request isc-projects/bind9!3284
2020-03-25 06:29:09 +00:00
Ondřej Surý
e2d6d0ee54 Remove Debian 8 ("Jessie") from the GitLab CI
There are several reason why remove Debian 8 from the CI:

* Debian 8 ("jessie") has been superseded by Debian 9 ("stretch").
* Regular security support updates have been discontinued as of
  June 17th, 2018.
* Jessie LTS is supported from 17th June 2018 to June 30, 2020.

In other words, it's no longer officially supported by Debian security
team, but by the volunteer/paid contributor composed LTS team.  And the
release will be discontinued in three months from now.  We can use the
freed CI resources to bring new platforms or just to make the jobs run a
bit faster.

(cherry picked from commit 75f46cc3d1)
2020-03-24 14:52:16 +01:00