When flushing the cache, we create a new cache database. The serve-stale
settings need to be restored after doing this. We already did this
for max-stale-ttl, but forgot to do this for stale-refresh-time.
(cherry picked from commit 3ae721db6c)
[9.18] Resolve "[ISC-support #22588] BIND now returning SERVFAIL for attempted deletions of non-existent PTR/SRV records"
See merge request isc-projects/bind9!8252
rr_exists errored if the name did not exist in the zone. This was
not an issue prior to the addition of krb5-subdomain-self-rhs and
ms-subdomain-self-rhs as the only name used was the zone name which
always existed.
(cherry picked from commit b76a15977a)
Fixes
>>> CID 464851: Possible Control flow issues (DEADCODE)
>>> Execution cannot reach this statement: "BN_free(ex);".
Makes conditionals between declaring and use constistent. BN_free is
not needed as BIGNUM's returned by RSA_get0_key are not to be freed.
A negative or excessively large Content-Length could cause a crash
by making `INSIST(httpd->consume != 0)` fail.
(cherry picked from commit 26e10e8fb5)
The rrl system test has been unstable and producing false positive
results for years (GL #172). Allow the test to be re-run (once) to
reduce the noise it causes.
(cherry picked from commit 40289d5440)
The reclimit system test has been unstable and producing false positive
results for years (GL #1587). Allow the test to be re-run (once) to
reduce the noise it causes.
(cherry picked from commit 8c5833fe39)
The qmin test is inherently unstable. It fails quite often with failure
modes described in GL #904. Allow the pytest runner to re-run the test
up to 3 times to only detect a more persistent and reproducible failures
rather than random noise caused by the nature of the test.
(cherry picked from commit be2123a8e9)
It is better to disable the specific check that causes the test to fail
rather than mark the entire test as xfail, which can mask other issues
which the test is capable of detecting.
(cherry picked from commit 7522583b57)
The commands in after_script run in a new shell, separate from
before_script and script commands. Since the pytest.log.txt is for out
of tree tests is present in the build directory, switch to it (if set)
before running any postprocessing commands.
(cherry picked from commit 86043b0bbe)
The _last_test_run entry was accidentally added in !8194. It came from a
work-in-progress version of the MR and was left there during a rebase.
(cherry picked from commit 1b3db25adf)
nsupdate offers the switch -v to use TCP for update requests. But
before sending that update request nsupdate was using UDP connection
to gather the SOA for determining the zone if not given explicitly.
Only use TCP if not using the default servers, because the SOA
query lookup is a different server with different capabilities (and
usually not for the better of it).
The dnsrps build assumes that dlopen is available from libc. This
assumption isn't met when attempting to build with address or thread
sanitizer on debian (bullseye, bookworm). Disable dnsrps build to avoid
the issue, since it's not needed anyway for our respdiff tests.
See commit b396f55586 for more info about
the dnsrps build.
(cherry picked from commit 0422415500)
Using check_PROGRAMS would postpone compiling the binaries needed by
system tests until `make check` would be called. Since it's preferable
to invoke pytest directly to run the system test suite, compile these
binaries without installing them during `make all` instead by using
noinst_PROGRAMS.
This removes the need to use TESTS= make -e check hack invoked from
pytest to work around this issue.
(cherry picked from commit 21980b43b8)
Oracle Linux 7 sets __STDC_VERSION__ to 201112L, but doesn't define
__STDC_NO_ATOMICS__, so we try to include <stdatomic.h> without the
header present in the system. Since we are already detecting the header
in the autoconf, use the HAVE_STDATOMIC_H for more reliable detecting
whether <stdatomic.h> header is present.
BIND 9.18 rndc does not know about the "-t" option, that results in an
silent "invalid argument" error.
The "-t" option originally came with
184eddb595 (a backport from the main
branch).
In some cases, BIND is not fast enough to fill the send buffer and
manages to answer all queries, contrary to what the test expects.
Repeat the check up to 3 times to limit this test instability.
(cherry picked from commit 681b23c398)
If the flaky plugin for pytest is available, use its decorator to
support re-running unstable tests. In case the package is missing,
execute the test as usual without attempts to re-run it in case of
failure.
This is mostly intended to increase the test stability in CI. Using a
custom decorator enables us to keep the flaky package as an optional
dependency.
(cherry picked from commit 5b703de733)
when synthesizing a new CNAME, we now check whether the target
matches the query already being processed. if so, we do not
restart the query; this prevents a waste of resources.
(cherry picked from commit 0ae8b2e056)
Move clang:bullseye:amd64 PKCS11 testing to the gcc:bullseye:amd64 job
to evenly represent compilers in PKCS11 testing.
(cherry picked from commit 077d82403e)
Many problems of the Debian 11 gcovr version were fixed in the Debian 12
one. Replace workarounds we accumulated over the years with two new,
simple ones.
(cherry picked from commit 55f5aa08f0)
The gcc:sid:amd64 job was used to test PKCS11 via the OpenSSL engine API
but is now designated for future PKCS11 testing via the provider API.
The ability to use PKCS11 via engine API in clang:bookworm:amd64 has
been restored using only deprecated APIs in OpenSSL 3.
(cherry picked from commit cfb06dabfe)
