Ondřej Surý
311fbf3f5b
Use standard OPENSSL_NO_ENGINE instead of custom USE_ENGINE define
...
(cherry picked from commit 8d648e7a8a
2018-05-03 21:36:46 +02:00
Ondřej Surý
5af60f69fd
Use BN_hex2bn instead of custom BN_fromhex function
...
(cherry picked from commit 8bf192b4d1
2018-05-03 21:35:21 +02:00
Ondřej Surý
30b308e2e3
Fix extra ] in configure.in
...
(cherry picked from commit 35d2dbb9f5
2018-05-03 21:35:21 +02:00
Ondřej Surý
da5186cdd6
Merge branch '236-silence-cppcheck-issues-in-lib-dns-dst_parse-c-v9_12' into 'v9_12'
...
[v9_12] Resolve "silence cppcheck issues in lib/dns/dst_parse.c"
See merge request isc-projects/bind9!240
2018-05-03 11:22:03 -04:00
Mark Andrews
9b20819dd6
simplify mask construction
...
(cherry picked from commit 22fab3199f
2018-05-03 17:13:42 +02:00
Ondřej Surý
9f15463752
Merge branch '234-add-prerequisite-check-to-rootkeysentinel-for-dnssec-support-v9_12' into 'v9_12'
...
Resolve "add prerequisite check to rootkeysentinel for dnssec support"
See merge request isc-projects/bind9!239
2018-05-03 10:51:32 -04:00
Mark Andrews
390a1d3988
add bin/tests/system/rootkeysentinel/prereq.sh
...
(cherry picked from commit 0fedfcafb5
2018-05-03 16:42:47 +02:00
Mark Andrews
03e4dc4c6b
add dnssec prerequisite test to rootkeysentinel
...
(cherry picked from commit e713f83064
2018-05-03 16:42:47 +02:00
Ondřej Surý
6f07572ef7
Merge branch 'random-test-improvement-v9_12' into 'v9_12'
...
[v9_12] Improve random_test to also test the high bound of the confidence interval
See merge request isc-projects/bind9!237
2018-05-03 09:12:53 -04:00
Ondřej Surý
36efa304e6
Also test the higher part of the confidence interval
...
(cherry picked from commit 8d3220643c
2018-05-03 15:04:15 +02:00
Ondřej Surý
b329a7e674
Merge branch '191-add-LibreSSL-2.7-support-v9_12' into 'v9_12'
...
[v9_12] Add LibreSSL 2.7.0 support
See merge request isc-projects/bind9!234
2018-05-03 08:34:55 -04:00
Ondřej Surý
0b54e46c79
Add CHANGES entry
...
4935. [func] Add support for LibreSSL >= 2.7.0 (some OpenSSL 1.1.0
call were added). [GL #191 ]
(cherry picked from commit 30488dddf0
2018-05-03 14:27:10 +02:00
Ondřej Surý
e3a318e8d3
Workaround LibreSSL 2.7.0-2.7.2 quirk in DH_set0_key
...
(cherry picked from commit 6b9e3b7b06
2018-05-03 14:26:40 +02:00
Ondřej Surý
1e64b869b5
Add support for LibreSSL 2.7
...
(cherry picked from commit 29ff62a149
2018-05-03 14:26:40 +02:00
Evan Hunt
1f3124d76c
Merge branch '208-dig-doc' into 'v9_12'
...
Resolve "Added -t TYPEnn description to dig"
Closes #208
See merge request isc-projects/bind9!221
2018-04-26 23:59:03 -07:00
Paul Hoffman
cd09144b17
add -t type### description to the dig man page
...
(cherry picked from commit 2d957c6b9f
2018-04-26 23:58:58 -07:00
Evan Hunt
ed985bea41
Merge branch '159-improve-handling-of-inline-signed-zones-with-missing-signing-keys' into 'v9_12'
...
Improve handling of inline signed zones with missing signing keys
Closes #159
See merge request isc-projects/bind9!133
2018-04-25 12:09:38 -07:00
Michał Kępień
e4995efe24
Add CHANGES entries
...
4916. [bug] Not creating signing keys for an inline signed zone
prevented changes applied to the raw zone from being
reflected in the secure zone until signing keys were
made available. [GL #159 ]
4915. [bug] Bumped signed serial of an inline signed zone was
logged even when an error occurred while updating
signatures. [GL #159 ]
(cherry picked from commit 7d2c09c905
2018-04-25 12:09:22 -07:00
Michał Kępień
8a58a60772
Apply raw zone deltas to yet unsigned secure zones
...
When inline signing is enabled for a zone without creating signing keys
for it, changes subsequently applied to the raw zone will not be
reflected in the secure zone due to the dns_update_signaturesinc() call
inside receive_secure_serial() failing. Given that an inline zone will
be served (without any signatures) even with no associated signing keys
being present, keep applying raw zone deltas to the secure zone until
keys become available in an attempt to follow the principle of least
astonishment.
(cherry picked from commit 6acf326969
2018-04-25 12:09:04 -07:00
Michał Kępień
cdc7ab42b1
Only log bumped signed serial after a successful secure zone update
...
If a raw zone is modified, but the dns_update_signaturesinc() call in
receive_secure_serial() fails, the corresponding secure zone's database
will not be modified, even though by that time a message containing the
bumped signed serial will already have been logged. This creates
confusion, because a different secure zone version will be served than
the one announced in the logs. Move the relevant dns_zone_log() call so
that it is only performed if the secure zone's database is modified.
(cherry picked from commit cfbc8e264d
2018-04-25 12:09:03 -07:00
Evan Hunt
5cef06f8d0
Merge branch '171-lgtm-issues-v9_12' into 'v9_12'
...
Resolve "problems detected by LGTM static analyzer"
Closes #171
See merge request isc-projects/bind9!213
2018-04-22 12:57:52 -07:00
Evan Hunt
493a8b53ed
remove unnecessary comparison
...
(cherry picked from commit 8b1baa10ee
2018-04-22 12:57:52 -07:00
Evan Hunt
fe27dfa9fd
silence warnings about unnecessary comparisons
...
- these are cases where result has been explicitly set, so
if (result != ISC_R_SUCCESS) is unnecessary
(cherry picked from commit e00eb55cd2
2018-04-22 12:57:52 -07:00
Evan Hunt
19be8866d8
add header guards in files that were missing them
...
(cherry picked from commit 4247477b61
2018-04-22 12:57:52 -07:00
Evan Hunt
b8aec550c4
add header guard when generating bind.keys.h
...
(cherry picked from commit bfbe6925df
2018-04-22 12:57:52 -07:00
Evan Hunt
982ddf4012
change "key" to "tsigkey" to silence "short global name" warning
...
(cherry picked from commit 0cc7aa250e
2018-04-22 12:57:52 -07:00
Evan Hunt
97cbc27ed7
fix shadowed global variables
...
(cherry picked from commit 9ca3ab1168
2018-04-22 12:57:52 -07:00
Evan Hunt
62c64cfe85
fix duplicate include guard in dnsconf.h
...
- IMHO we should consider removing dnsconf.c and deprecating the
/etc/dns.conf file, though, as I don't think it's likely anyone
is using it
(cherry picked from commit a08ba418ef
2018-04-22 12:57:52 -07:00
Evan Hunt
d44d594219
Merge branch '37-implement-geoff-huston-s-trusted-key-sentinel-feature-v9_12' into 'v9_12'
...
Implement Geoff Huston's trusted key sentinel feature
Closes #37
See merge request isc-projects/bind9!123
2018-04-22 12:48:12 -07:00
Mark Andrews
af267c4da9
CHANGES entry for root-key-sentinel
...
(cherry picked from commit 2845d7160e
2018-04-22 12:48:10 -07:00
Mark Andrews
edb761b08c
add release note for root-key-sentinel
...
(cherry picked from commit e20790c956
2018-04-22 12:47:31 -07:00
Mark Andrews
b9e6b124aa
add system test for root-key-sentinel
...
(cherry picked from commit a23b305e6b
2018-04-22 12:46:03 -07:00
Mark Andrews
ee763ef281
add named.conf option root-key-sentinel
...
(cherry picked from commit 68e9315c7d
2018-04-22 12:46:03 -07:00
Mark Andrews
7111eff80c
detect and processes root-key-sentinel labels.
...
(cherry picked from commit 8fc9f64df9
2018-04-22 12:46:03 -07:00
Ondřej Surý
0071c0400f
Merge branch '202-cppcheck-reporting-miscellaneous-issues-v9_12' into 'v9_12'
...
Resolve "cppcheck reporting miscellaneous issues"
See merge request isc-projects/bind9!216
2018-04-20 18:20:11 -04:00
Mark Andrews
77643775c5
remove exit calls after FATAL_ERROR
...
(cherry picked from commit f8d2a46daa
2018-04-20 15:13:12 -07:00
Mark Andrews
53e39ca0ea
remove dead code
...
(cherry picked from commit 686edad5c5
2018-04-20 15:13:12 -07:00
Mark Andrews
ba238ab374
use %u instead of %d for unsigned int arguments
...
(cherry picked from commit 49f8e9571c
2018-04-20 15:13:12 -07:00
Ondřej Surý
5e11b261f4
Merge branch '206-nslookup-accepts-any-bogus-option-interpret-it-as-vc-v9_12' into 'v9_12'
...
Resolve "nslookup accepts any -bogus -option, interpret it as -vc"
See merge request isc-projects/bind9!214
2018-04-20 18:01:02 -04:00
Mukund Sivaraman
a36f89341f
Remove bogus comparison
...
(cherry picked from commit 89cf503880
2018-04-20 14:51:26 -07:00
Ondřej Surý
7c830940b9
Merge branch '189-fix-win32-build-v9_12' into 'v9_12'
...
[v9_12] Fix runtime assertion on Windows due isc_file_template being out-of-sync
See merge request isc-projects/bind9!194
2018-04-12 03:00:44 -04:00
Ondřej Surý
6171037403
Sync isc_file_template functions between unix and win32, so they are same
...
(cherry picked from commit 8c99d104e3
2018-04-12 08:47:11 +02:00
Ondřej Surý
c4a7fbcc36
Merge branch '189-fix-tsig-dump-keyfile-name-generation-issues-v9_12' into 'v9_12'
...
[v9_12] Fix TSIG dump keyfile name generation issues
See merge request isc-projects/bind9!191
2018-04-11 08:45:17 -04:00
Mukund Sivaraman
c932fd2d49
Fix TSIG dump keyfile name buffer size issues
...
(cherry picked from commit 44b84cb5a6
2018-04-11 14:37:46 +02:00
Ondřej Surý
e052e7f427
Define PATH_MAX on Windows as _MAX_PATH, so we can use it everywhere
...
(cherry picked from commit 7467735258
2018-04-11 14:37:46 +02:00
Evan Hunt
5ce20e4928
Merge branch '193-fix-variable-definitions-in-bin-tests-Makefile.in-v9_12' into 'v9_12'
...
Fix variable definitions in bin/tests/Makefile.in
Closes #193
See merge request isc-projects/bind9!183
2018-04-10 20:04:31 -07:00
Evan Hunt
a6cbac45eb
Alter distclean rule to prevent recursing into the same directory twice
...
Commit f87e0c03ee0d784de16a93ee6b8a22
2018-04-10 20:04:31 -07:00
Michał Kępień
a7f8268833
Fail CI pipeline when "make test" does not run any system tests
...
Apart from ensuring "make test" returns 0, also check whether any system
test output was generated as a result of running it. This prevents the
CI job running system tests from succeeding unless it actually tests
something.
(cherry picked from commit 80ab2c0f22
2018-04-10 20:04:31 -07:00
Evan Hunt
b26a269b42
Merge branch '197-dnstap-sockaddr-v9_12' into 'v9_12'
...
Resolve "dnstap: log actual local IPv6 address, not :: listening address"
Closes #197
See merge request isc-projects/bind9!188
2018-04-10 17:21:08 -07:00
Evan Hunt
fde64f3fe4
CHANGES note
...
(cherry picked from commit 330b26c9df
2018-04-10 17:21:08 -07:00
