Ubuntu 18.04 LTS (Bionic Beaver) is EOL.
Move gcc:bionic:amd64-specific CFLAGS and EXTRA_CONFIGURE to
gcc:jammy:amd64.
(cherry picked from commit 6d100c4a32)
Basically all local data is considered trusted, and proper ACLs and
limits need to be explicitly configured. We are also free to let
protocol non-compliant servers burn in flames.
(cherry picked from commit fc907baa7f)
Building the PDF version of the BIND 9 ARM requires TeX Live to be
present on the build host. A TeX Live installation takes up several
gigabytes of disk space. This significantly increases the size of the
Debian Docker images that include that toolchain, even though only two
GitLab CI jobs actually use it.
Instead of including TeX Live in the Docker image itself, install the
former on demand in a new GitLab CI job that only tests building the PDF
version of the BIND 9 ARM. Do the same for qpdf, a tool used for
checking the PDF output produced by TeX Live. This enables the size of
the "base" Docker image (which a lot of GitLab CI jobs need to pull) to
remain within reasonable limits. As downloading and installing TeX Live
takes a significant amount of time, only run the new job in scheduled
pipelines and for tags. Adjust job dependencies so that the "release"
job continues to work.
(cherry picked from commit 29cba33d44)
The autoscaling GitLab CI runners currently used for most GitLab CI jobs
spin up AWS EC2 instances that are at least as powerful as the dedicated
instances used for running "stress" tests. Move all Linux-based
"stress" tests to autoscaling GitLab CI runners to enable deprovisioning
Linux AWS instances reserved for running "stress" tests. Leave FreeBSD
"stress" tests intact as there is currently no support for autoscaling
BSD instances.
(cherry picked from commit 12ea994680)
In BIND 9.16, we don't need to run autoreconf, because ./configure et
al. are part of the source tree. It's nothing more than a check to see
if the build configuration can be built.
'rndc thaw' initiates asynchrous loading of all the zones
similar to 'rndc load'. Wait for the test zone's load to
complete before testing that it is updatable again.
(cherry picked from commit 5b3238aa85)
Apply the semantic patch to catch all the places where we pass 'char' to
the <ctype.h> family of functions (isalpha() and friends, toupper(),
tolower()).
(cherry picked from commit 29caa6d1f0)
Add a semantic patch to catch all the places where we pass 'char' to the
<ctype.h> family of functions (isalpha() and friends, toupper(),
tolower()). While it generally works because the way how these
functions are constructed in the libc, it's safer to do the explicit
cast.
(cherry picked from commit 5ec65ab5d0)
The new :cve: Sphinx role takes a CVE number as an argument and creates
a hyperlink to the relevant ISC Knowledgebase document that might have
more up-to-date or verbose information than the relevant release note.
This makes reaching ISC Knowledgebase pages directly from the release
notes easier.
Make all CVE references in the release notes use the new Sphinx role.
(cherry picked from commit 41b857e567)
Update Sphinx-related Python packages to their current versions pulled
in by "pip install sphinx-rtd-theme" run in a fresh virtual environment.
(cherry picked from commit 2f879cdec3)
The covered type previously displayed as TYPE0 when it should
have reflected the records that was actually covered.
(cherry picked from commit 8ce359652a)
The fixup commits' subject line has a prefix which has its own
length, so warning about the exceeding length is not accurate.
Given that the fixup commits can not be merged, because they
cause a danger failure, it's safe to ignore the length check
for them.
(cherry picked from commit 3db2beef9f)