The PTHREAD_MUTEX_ADAPTIVE_NP and PTHREAD_MUTEX_ERRORCHECK_NP are
usually not defines, but enum values, so simple preprocessor check
doesn't work.
Check for PTHREAD_MUTEX_ADAPTIVE_NP from the autoconf AS_COMPILE_IFELSE
block and define HAVE_PTHREAD_MUTEX_ADAPTIVE_NP. This should enable
adaptive mutex on Linux and FreeBSD.
As PTHREAD_MUTEX_ERRORCHECK actually comes from POSIX and Linux glibc
does define it when compatibility macros are being set, we can just use
PTHREAD_MUTEX_ERRORCHECK instead of PTHREAD_MUTEX_ERRORCHECK_NP.
(cherry picked from commit cc4f99bc6d)
The system tests were overriding the local locale by setting LANG to C.
This does not override the locale in case there are individual LC_<*>
variables like LC_CTYPE explicitly set.
Use LC_ALL=C instead which is the proper way of overriding all currently
set locales.
Backport of MR !9109
Merge branch 'backport-ondrej/use-LC_ALL-not-LANG-9.20' into 'bind-9.20'
See merge request isc-projects/bind9!9235
The system tests were overriding the local locale by setting LANG to C.
This does not override the locale in case there are individual LC_<*>
variables like LC_CTYPE explicitly set.
Use LC_ALL=C instead which is the proper way of overriding all currently
set locales.
(cherry picked from commit 10147efc87)
I split this into two commits, one for the actual newline removal, and one for issues I found, ruining the yaml output when some errors were outputted.
Closes: #4772
Backport of MR !9112
Merge branch 'backport-yaml-indent-9.20' into 'bind-9.20'
See merge request isc-projects/bind9!9231
Not all invocations had it, and this makes it more consistent with
dighost_warning. Also remove the conditional newline when not outputting
yaml
(cherry picked from commit 1dd76fe780)
Add INSIST to fail if the multiplication would cause the variables to overflow.
Closes#4798
Backport of MR !9131
Merge branch 'backport-4798-cid-498025-and-cid-498031-overflowed-constant-integer_overflow-9.20' into 'bind-9.20'
See merge request isc-projects/bind9!9229
If bufsize overflows we will have an infinite loop. In practice
this will not happen unless we have made a coding error. Add an
INSIST to detect this condition.
181retry:
182 isc_buffer_allocate(mctx, &b, bufsize);
183 result = dns_rdata_totext(rdata, NULL, b);
184 if (result == ISC_R_NOSPACE) {
185 isc_buffer_free(&b);
CID 498031: (#1 of 1): Overflowed constant (INTEGER_OVERFLOW)
overflow_const: Expression bufsize, which is equal to 0, overflows
the type that receives it, an unsigned integer 32 bits wide.
186 bufsize *= 2;
187 goto retry;
188 }
(cherry picked from commit 20ac13fb23)
If size overflows we will have an infinite loop. In practice
this will not happen unless we have made a coding error. Add
an INSIST to detect this condition.
181 while (!done) {
182 isc_buffer_allocate(mctx, &b, size);
183 result = dns_rdata_totext(rdata, NULL, b);
184 if (result == ISC_R_SUCCESS) {
185 printf("%.*s\n", (int)isc_buffer_usedlength(b),
186 (char *)isc_buffer_base(b));
187 done = true;
188 } else if (result != ISC_R_NOSPACE) {
189 check_result(result, "dns_rdata_totext");
190 }
191 isc_buffer_free(&b);
CID 498025: (#1 of 1): Overflowed constant (INTEGER_OVERFLOW)
overflow_const: Expression size, which is equal to 0, overflows the type that
receives it, an unsigned integer 32 bits wide.
192 size *= 2;
193 }
(cherry picked from commit e7ef0a60ab)
Decrementing optlen immediately before calling continue is unneccesary
and inconsistent with the rest of dns_message_pseudosectiontoyaml
and dns_message_pseudosectiontotext. Coverity was also reporting
an impossible false positive overflow of optlen (CID 499061).
4176 } else if (optcode == DNS_OPT_CLIENT_TAG) {
4177 uint16_t id;
4178 ADD_STRING(target, "; CLIENT-TAG:");
4179 if (optlen == 2U) {
4180 id = isc_buffer_getuint16(&optbuf);
4181 snprintf(buf, sizeof(buf), " %u
", id);
4182 ADD_STRING(target, buf);
CID 499061: (#1 of 1): Overflowed constant (INTEGER_OVERFLOW)
overflow_const: Expression optlen, which is equal to 65534, underflows
the type that receives it, an unsigned integer 16 bits wide.
4183 optlen -= 2;
4184 POST(optlen);
4185 continue;
4186 }
4187 } else if (optcode == DNS_OPT_SERVER_TAG) {
Backport of MR !9130
Merge branch 'backport-marka-remove-unnecessary-operations-9.20' into 'bind-9.20'
See merge request isc-projects/bind9!9223
Decrementing optlen immediately before calling continue is unneccesary
and inconsistent with the rest of dns_message_pseudosectiontoyaml
and dns_message_pseudosectiontotext. Coverity was also reporting
an impossible false positive overflow of optlen (CID 499061).
4176 } else if (optcode == DNS_OPT_CLIENT_TAG) {
4177 uint16_t id;
4178 ADD_STRING(target, "; CLIENT-TAG:");
4179 if (optlen == 2U) {
4180 id = isc_buffer_getuint16(&optbuf);
4181 snprintf(buf, sizeof(buf), " %u\n", id);
4182 ADD_STRING(target, buf);
CID 499061: (#1 of 1): Overflowed constant (INTEGER_OVERFLOW)
overflow_const: Expression optlen, which is equal to 65534, underflows
the type that receives it, an unsigned integer 16 bits wide.
4183 optlen -= 2;
4184 POST(optlen);
4185 continue;
4186 }
4187 } else if (optcode == DNS_OPT_SERVER_TAG) {
(cherry picked from commit 47338c2c87)
Closes#4770
Backport of MR !9104
Merge branch 'backport-4770-digdelv-system-test-can-report-more-errors-than-they-actually-are-9.20' into 'bind-9.20'
See merge request isc-projects/bind9!9221
Add a note that 'rndc reload' and 'rndc reconfig' can't change the
querylog option during the runtime of named.
Closes#4801
Backport of MR !9136
Merge branch 'backport-4801-arm-querylog-clarification-9.20' into 'bind-9.20'
See merge request isc-projects/bind9!9206
The minimum allowed value of 'resolver-query-timeout' was lowered to
301 milliseconds instead of the earlier 10000 milliseconds (which is the
default). As earlier, values less than or equal to 300 are converted to
seconds before applying the limit.
Closes#4320
Backport of MR !9091
Merge branch 'backport-4320-allow-shorter-resolver-query-timeout-configuration-9.20' into 'bind-9.20'
See merge request isc-projects/bind9!9220
Before there was a gap from 301 to 9999 which would be converted
to 10000 and now there is no such gap.
This settimeout_belowmin test was checking the behavior of a value
in the gap. As there is now no gap left, the minimum is 301 and
anything below that is converted to seconds as before. In order
for this check to still test the "below minimum" behavior, change
the value from 9000 to 300.
Update the settimeout_overmax value test too so it logically aligns
with the minimum value test.
(cherry picked from commit 63b787effe)
There are use cases for which shorter timeout values make sense.
For example if there is a load balancer which sets RD=1 and
forwards queries to a BIND resolver which is then configured to
talk to backend servers which are not visible in the public NS set.
WIth a shorter timeout value the frontend can give back SERVFAIL
early when backends are not available and the ultimate client will
not penalize the BIND-frontend for non-response.
(cherry picked from commit 5f47c2b567)
A new optional argument '-force' has been added to the command channel
command 'rndc retransfer'. When it is specified, named aborts the
ongoing zone transfer (if there is one), and starts a new transfer.
Closes#2299
Backport of MR !9102
Merge branch 'backport-2299-implement-rndc-force-retransfer-9.20' into 'bind-9.20'
See merge request isc-projects/bind9!9219
Use a big zone and the slow transfer mode. Initiate a retransfer, wait
several seconds, then initiate a retransfer using a '-force' argument,
which should cancel the previous transfer and start a new one.
(cherry picked from commit e48f4e8101)
With this new optional argument if there is an ongoing zone
transfer it will be aborted before a new zone transfer is scheduled.
(cherry picked from commit 402ca316ae)
The period between the most significant nibble of the encoded IPv4 address and the 2.0.0.2.IP6.ARPA suffix was missing resulting in the wrong name being checked. Add system test for 6to4-self implementation.
Closes#4766
Backport of MR !9099
Merge branch 'backport-4766-add-system-test-for-6to4-self-9.20' into 'bind-9.20'
See merge request isc-projects/bind9!9217
The period between the most significant nibble of the IPv4 address
and the 2.0.0.2.IP6.ARPA suffix was missing resulting in the wrong
name being checked.
(cherry picked from commit bca63437a1)
Remove the false positive "success resolving" log message when QNAME minimisation is in effect and the final result is NXDOMAIN.
Closes#4784
Backport of MR !9117
Merge branch 'backport-4784-false-qname-minimisation-error-being-reported-9.20' into 'bind-9.20'
See merge request isc-projects/bind9!9215
Closes#4796
Backport of MR !9127
Merge branch 'backport-4796-yaml-stringify-question-and-records-9.20' into 'bind-9.20'
See merge request isc-projects/bind9!9213
In yaml mode we emit a string for each question and record. Certain
names and data could result in invalid yaml being produced. Use single
quote string for all questions and records. This requires that single
quotes get converted to two quotes within the string.
(cherry picked from commit 393d7fa78e)
Closes#4774
Backport of MR !9105
Merge branch 'backport-4774-resolver-system-test-didn-t-fail-on-all-subtest-errors-9.20' into 'bind-9.20'
See merge request isc-projects/bind9!9211
Closes#4775
Backport of MR !9106
Merge branch 'backport-4775-reject-zero-length-alpn-in-alpn-fromtext-9.20' into 'bind-9.20'
See merge request isc-projects/bind9!9209
ALPN are defined as 1*255OCTET in RFC 9460. commatxt_fromtext was not
rejecting invalid inputs produces by missing a level of escaping
which where later caught be dns_rdata_fromwire on reception.
These inputs should have been rejected
svcb in svcb 1 1.svcb alpn=\,abc
svcb1 in svcb 1 1.svcb alpn=a\,\,abc
and generated 00 03 61 62 63 and 01 61 00 02 61 62 63 respectively.
The correct inputs to include commas in the alpn requires double
escaping.
svcb in svcb 1 1.svcb alpn=\\,abc
svcb1 in svcb 1 1.svcb alpn=a\\,\\,abc
and generate 04 2C 61 62 63 and 06 61 2C 2C 61 62 63 respectively.
(cherry picked from commit b51c9eb797)
Replace #define DNS_GETDB_ with struct of bools to make
it easier to pretty-print the attributes in a debugger.
Closes#4559
Backport of MR !9093
Merge branch 'backport-4559-convert-dns_getdb_x-defines-to-1-bit-long-bools-9.20' into 'bind-9.20'
See merge request isc-projects/bind9!9205
When cutting a long CNAME chain, named was returning NOERROR
instead of SERVFAIL (alongside with a partial answer). This
has been fixed.
Closes#4449
Backport of MR !9090
Merge branch 'backport-4449-return-servfail-for-a-long-cname-chain-9.20' into 'bind-9.20'
See merge request isc-projects/bind9!9203
