Make will choose modified manual from build directory or original from source
directory automagically. Take advantage of install tool feature.
Install all files in single command instead of iterating on each of them.
(cherry picked from commit 88f913ac81)
dns_view_zonecut() may associate the dns_rdataset_t structure passed to
it even if it returns a result different then ISC_R_SUCCESS. Not
handling this properly may cause a reference leak. Fix by ensuring
'nameservers' is cleaned up in all relevant failure modes.
(cherry picked from commit f4b403e8b2)
lo0 and lo0:0 are the same interface on Solaris. Make sure
bin/tests/system/ifconfig.sh does not touch lo0:0 in order to prevent it
from changing the address of the loopback interface on Solaris.
(cherry picked from commit 618921902a)
The "git status" command in Git versions before 1.7.2 does not support
the "--ignored" option. Prevent spamming the console when running
system tests from a Git repository on a host with an ancient Git version
installed.
(cherry picked from commit 2be97feb46)
The output of certain "dig +idnout" invocations may be locale-dependent.
Remove the "dig +idnout" subtest from the "digdelv" system test as IDN
support is already thoroughly tested by the "idna" system test.
(cherry picked from commit fd30a03f2b)
While idn2_to_unicode_8zlz() takes a 'flags' argument, it is ignored and
thus cannot be used to perform IDN checks on the output string.
The bug in libidn2 versions before 2.0.5 was not that a call to
idn2_to_unicode_8zlz() with certain flags set did not cause IDN checks
to be performed. The bug was that idn2_to_unicode_8zlz() did not check
whether a conversion can be performed between UTF-8 and the current
locale's character encoding. In other words, with libidn2 version
2.0.5+, if the current locale's character encoding is ASCII, then
idn2_to_unicode_8zlz() will fail when it is passed any Punycode string
which decodes to a non-ASCII string, even if it is a valid IDNA2008
name.
Rework idn_ace_to_locale() so that invalid IDNA2008 names are properly
and consistently detected for all libidn2 versions and locales.
Update the "idna" system test accordingly. Add checks for processing a
server response containing Punycode which decodes to an invalid IDNA2008
name. Fix invalid subtest description.
(cherry picked from commit 7fe0f00a3b)
Every prereq.sh script must include bin/tests/system/conf.sh, otherwise
if some prerequisite is not met, errors about echo_i not being found
will be printed instead of actual error messages.
(cherry picked from commit cc0e8cda71)
Trying to resolve a trust anchor telemetry query for a locally served
zone does not cause upstream queries to be sent as the response is
determined just by consulting local data. Work around this issue by
calling dns_view_findzonecut() first in order to determine the NS RRset
for a given domain name and then passing the zone cut found to
dns_resolver_createfetch().
Note that this change only applies to TAT queries generated by the
resolver itself, not to ones received from downstream resolvers.
(cherry picked from commit 873c091408)
Extract the part of dotat() reponsible for preparing the QNAME for a TAT
query to a separate function in order to limit the number of local
variables used by each function and improve code readability.
Rename 'name' to 'origin' to better convey the purpose of that variable.
(cherry picked from commit 2e7dd0d61f)
Net::DNS versions older than 0.68 insert a ./ANY RR into the QUESTION
section if the latter is empty. Since the latest Net::DNS version
available with stock RHEL/CentOS 6 packages is 0.65 and we officially
support that operating system, bin/tests/system/resolver/ans8/ans.pl
should behave consistently for various Net::DNS versions. Ensure that
by making handleUDP() return the query ID and flags generated by
Net::DNS with 8 zero bytes appended.
(cherry picked from commit 6c3c6aea37)
While libcap-enabled builds check whether any capability named requests
is within the permitted capability set, non-libcap builds just try
requesting them, which potentially causes a misleading error message to
be output ("Operation not permitted: please ensure that the capset
kernel module is loaded"). Ensure non-libcap builds also check whether
any requested capability is within the permitted capability set.
(cherry picked from commit 8c66f32e53)
DNAME records indicate bottom of zone and thus no records below a DNAME
should be DNSSEC-signed or included in NSEC(3) chains. Add a helper
function, has_dname(), for detecting DNAME records at a given node.
Prevent signing DNAME-obscured records. Check that DNAME-obscured
records are not signed.
(cherry picked from commit ff7015a0f8)
The keyfile and key ID for the original managed key do not change
throughout the mkeys system test. Keep them in helper variables to
prevent calling "cat" multiple times and improve code readability.
(cherry picked from commit 2cad382552)
Reduce code duplication by replacing a code snippet repeated throughout
system tests using "trusted-keys" and/or "managed-keys" configuration
sections with calls to keyfile_to_{managed,trusted}_keys() helper
functions.
(cherry picked from commit dce66f7635)
Add a set of helper functions for system test scripts which enable
converting key data from a set of keyfiles to either a "trusted-keys"
section or a "managed-keys" section suitable for including in a
resolver's configuration file.
(cherry picked from commit 21d3658bcb)