ComputerSurge/bind9
3
0
Fork 0
Code Pull Requests 1 Activity
31,428 Commits 589 Branches 805 Tags
984dfcf98b6b3848fa895ea67382fba59550ddc7
Commit Graph

31428 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Witold Kręcicki
984dfcf98b CHANGES/relnotes for \!3487 2020-05-04 12:50:50 +02:00
Michał Kępień
48231bb52e Merge branch '1797-add-release-note-discussing-recvmmsg-support-v9_16' into 'v9_16' 
[v9_16] Add release note discussing recvmmsg() support

See merge request isc-projects/bind9!3493
 2020-05-04 10:04:25 +00:00
Michał Kępień
ea7921967f Add release note discussing recvmmsg() support 
(cherry picked from commit 84dc6d86cb)
 2020-05-04 12:03:16 +02:00
Michał Kępień
f609bdbc0c Merge branch 'michal/1674-add-release-note' into 'v9_16' 
Add release note for GL #1674

See merge request isc-projects/bind9!3490
 2020-05-04 09:06:31 +00:00
Michał Kępień
4715a76345 Add release note for GL #1674 2020-05-04 11:00:23 +02:00
Evan Hunt
89a9a4eca5 Merge branch '1807-checkconf-error-v9_16' into 'v9_16' 
named-checkconf -z could exit with an incorrect status

See merge request isc-projects/bind9!3488
 2020-05-02 01:01:56 +00:00
Evan Hunt
0a0e02f31e named-checkconf -z could exit with an incorrect staatus 
the CHECK() macro resets result, so an error code from an earlier
view could be erased if the last view loaded had no errors.

(cherry picked from commit 7e73660206)
 2020-05-01 17:17:00 -07:00
Witold Krecicki
741a0b8387 Merge branch '1713-use-default-buffer-sizes-v9_16' into 'v9_16' 
Don't set UDP recv/send buffer sizes - use system defaults (unless explicitly defined)

See merge request isc-projects/bind9!3487
 2020-05-01 16:56:33 +00:00
Witold Kręcicki
444a16bff9 Don't set UDP recv/send buffer sizes - use system defaults (unless explicitly defined) 
(cherry picked from commit fa02f6438b)
 2020-05-01 17:47:19 +02:00
Ondřej Surý
97d650e6e2 Merge branch 'ondrej/fix-SO_REUSEPORT-usage-on-FreeBSD-v9_16' into 'v9_16' 
Fix SO_REUSEPORT usage on FreeBSD (v9.16)

See merge request isc-projects/bind9!3486
 2020-05-01 14:51:11 +00:00
Ondřej Surý
e23321eba9 Add CHANGES note for GL !3365 
(cherry picked from commit 23a653dd92)
 2020-05-01 16:50:06 +02:00
Ondřej Surý
c56cd29bbb Use SO_REUSEPORT only on Linux, use SO_REUSEPORT_LB on FreeBSD 
The SO_REUSEPORT socket option on Linux means something else on BSD
based systems.  On FreeBSD there's 1:1 option SO_REUSEPORT_LB, so we can
use that.

(cherry picked from commit 09ba47b067)
 2020-05-01 16:50:06 +02:00
Ondřej Surý
a0134ad57e Merge branch '1795-make-dnstap-work-reliably-with-netmgr-v9_16' into 'v9_16' 
Resolve "Some dnstap data may not be logged in BIND 9.15.6+"

See merge request isc-projects/bind9!3485
 2020-05-01 14:32:12 +00:00
Michał Kępień
ea5f122ffc Add CHANGES entry 
(cherry picked from commit 47c769e475)
 2020-05-01 16:29:36 +02:00
Michał Kępień
3a40a3f9a8 Add a release note 
(cherry picked from commit 4a5c1c7bfe)
 2020-05-01 16:29:18 +02:00
Michał Kępień
299954d006 Make dnstap work reliably with netmgr 
The introduction of netmgr doubled the number of threads from which
dnstap data may be logged: previously, it could only happen from within
taskmgr worker threads; with netmgr, it can happen both from taskmgr
worker threads and from network threads.  Since the argument passed to
fstrm_iothr_options_set_num_input_queues() was not updated to reflect
this change, some calls to fstrm_iothr_get_input_queue() can now return
NULL, effectively preventing some dnstap data from being logged.
Whether this bug is triggered or not depends on thread scheduling order
and packet distribution between network threads, but will almost
certainly be triggered on any recursive resolver sooner or later.  Fix
by requesting the correct number of dnstap input queues to be allocated.

(cherry picked from commit 77dc091855)
 2020-05-01 16:29:18 +02:00
Ondřej Surý
f6fcd0d208 Merge branch '1763-ossl-eddsa-engine-v9_16' into 'v9_16' 
Add engine support to OpenSSL EdDSA implementation (v9.16)

See merge request isc-projects/bind9!3483
 2020-05-01 14:27:12 +00:00
Ondřej Surý
a3ed49c515 Add release notes for #1763 
(cherry picked from commit 3c5cdc3f24)
 2020-05-01 16:25:56 +02:00
Ondřej Surý
928a4ff3f3 Add CHANGES note for #1763 
(cherry picked from commit 3422c496ae)
 2020-05-01 16:25:56 +02:00
Aaron Thompson
dddcc4a7eb Add engine support to OpenSSL EdDSA implementation. 
(cherry picked from commit 6a9f20d031)
 2020-05-01 16:25:56 +02:00
Aaron Thompson
112ffbaaa2 Use OpenSSL raw key functions for EdDSA keys. 
(cherry picked from commit f9685b29f9)
 2020-05-01 16:25:56 +02:00
Ondřej Surý
3112e08ba0 Merge branch '1534-add-ecdsa-openssl-pkcs11-engine-support-v9_16' into 'v9_16' 
Add engine support to OpenSSL ECDSA implementation (v9.16)

See merge request isc-projects/bind9!3484
 2020-05-01 14:25:17 +00:00
Ondřej Surý
b657411076 Add release note for GL #1534 
(cherry picked from commit 80d51223c3)
 2020-05-01 14:31:19 +02:00
Ondřej Surý
a600ff4917 Add CHANGES note for GL #1534 
(cherry picked from commit dde438dac7)
 2020-05-01 14:31:12 +02:00
Ondřej Surý
ce0f31a93b Simplify error handling 
(cherry picked from commit 064d8b7a6d)
 2020-05-01 14:30:04 +02:00
Ondřej Surý
0fa7c9099c Add initial support for ECDSA keys via OpenSSL PKCS#11 engine 
(cherry picked from commit aff61535c2)
 2020-05-01 14:30:04 +02:00
Ondřej Surý
46ddf100cc Merge branch 'ondrej/fix-system-tests-on-openbsd-v9.16' into 'v9_16' 
Fix system tests on openbsd v9.16

See merge request isc-projects/bind9!3478
 2020-05-01 11:40:21 +00:00
Ondřej Surý
3300e73570 Rename start() and stop() to start_server() and stop_server() 
On OpenBSD, there's non-POSIX alias from stop to kill that breaks
the conf.sh.common script.
 2020-05-01 13:37:44 +02:00
Ondřej Surý
7f37699725 Change the 'date -R' to sort-of iso-8601 emulated time 2020-05-01 13:37:44 +02:00
Ondřej Surý
da90f69a29 Merge branch '1797-libuv-1-37-requires-uv_init_ex-to-be-used-for-mmsg-v9_16' into 'v9_16' 
Resolve "libuv >= 1.37 requires uv_udp_init_ex() to be used for mmsg"

See merge request isc-projects/bind9!3474
 2020-05-01 10:45:46 +00:00
Witold Kręcicki
21d0bf6cd8 CHANGES note 2020-05-01 11:29:18 +02:00
Witold Kręcicki
786a289dfb Don't free udp recv buffer if UV_UDP_MMSG_CHUNK is set 
(cherry picked from commit 83049ceabf)
 2020-05-01 11:27:46 +02:00
Ondřej Surý
cf7975400e Use UV_UDP_RECVMMSG to enable mmsg support in libuv if available 
(cherry picked from commit d5356a40ff)
 2020-05-01 11:27:46 +02:00
Ondřej Surý
c015ae2341 Merge branch '1648-native-pkcs11-eddsa-v9_16' into 'v9_16' 
Resolve "Fix PKCS#11-based EdDSA support"

See merge request isc-projects/bind9!3472
 2020-05-01 08:32:45 +00:00
Ondřej Surý
e4a7cf0624 Make the cleanpkcs11.sh more universal across branches 2020-05-01 09:02:54 +02:00
Ondřej Surý
7b5cc16bad Fix another the start_fail -> start_servers_failed typo 2020-05-01 08:06:07 +02:00
Ondřej Surý
795cfad2d3 Fixup the start_fail -> start_servers_failed typo 
(cherry picked from commit 0313d2950a)
 2020-05-01 08:03:08 +02:00
Ondřej Surý
73868ba80b Add release notes 
(cherry picked from commit e69d34a454)
 2020-05-01 08:03:08 +02:00
Ondřej Surý
492703d1a8 Add CHANGES 
(cherry picked from commit 84fffbdb4c)
 2020-05-01 08:03:03 +02:00
Ondřej Surý
09535ac6d6 Fix the check for non-operational algs 15 and 16 in PKCS#11 
(cherry picked from commit 57c39ddbe3)
 2020-05-01 08:02:09 +02:00
Ondřej Surý
f35b8cee47 Fail running run.sh when clean.sh or setup.sh fails 
(cherry picked from commit 101672f664)
 2020-05-01 08:02:05 +02:00
Ondřej Surý
4cc5b572bd Refactor the pkcs11 to test for individual algorithms 
(cherry picked from commit a6bdb9639a)
 2020-05-01 08:00:52 +02:00
Aaron Thompson
c0e1dc33d5 Update EdDSA implementation to PKCS#11 v3.0. 
Per Current Mechanisms 2.3.5, the curve name is DER-encoded in the
EC_PARAMS attribute, and the public key value is DER-encoded in the
EC_POINT attribute.

(cherry picked from commit 2e6b7a56cc)
 2020-05-01 08:00:52 +02:00
Aaron Thompson
2401952bbb Fix EdDSA key sizes (key_size is in bits). 
(cherry picked from commit 9b87fe1051)
 2020-05-01 08:00:52 +02:00
Aaron Thompson
4ba7a0ec2d Add EdDSA algorithms back to dnssec-keyfromlabel help text. 
Regressed in 45afdb2672.

(cherry picked from commit 4969577189)
 2020-05-01 08:00:52 +02:00
Ondřej Surý
a39348336e Merge branch '1763-pkcs11-code-cleanups-v9_16' into 'v9_16' 
Resolve "Implement and improve the PKCS#11 code"

See merge request isc-projects/bind9!3471
 2020-05-01 05:57:17 +00:00
Ondřej Surý
fb8f428f07 Add CHANGES 
(cherry picked from commit 48473d464f)
 2020-05-01 06:54:27 +02:00
Ondřej Surý
358affe585 Use switch instead of if when evaluating curves 
Previously, the code would do:

    REQUIRE(alg == CURVE1 || alg == CURVE2);

    [...]

    if (alg == CURVE1) { /* code for CURVE1 */ }
    else { /* code for CURVE2 */ }

This approach is less extensible and also more prone to errors in case
the initial REQUIRE() is forgotten.  The code has been refactored to
use:

    REQUIRE(alg == CURVE1 || alg == CURVE2);

    [...]

    switch (alg) {
    case CURVE1: /* code for CURVE1 */; break;
    case CURVE2: /* code for CURVE2 */; break;
    default: INSIST(0);
    }

(cherry picked from commit cf30e7d0d1)
 2020-05-01 06:54:27 +02:00
Ondřej Surý
4e1c7e1c01 Refactor the code using the pk11 ECC constants. 
The pk11/constants.h header contained static CK_BYTE arrays and
we had to use #defines to pull only those we need.  This commit
changes the constants to only define byte arrays with the content
and either use them directly or define the CK_BYTE arrays locally
where used.

(cherry picked from commit da38bd0e1d)
 2020-05-01 06:54:27 +02:00
Ondřej Surý
dc51f720b9 Only print warning when PKCS#11 dnssec-keygen fails from Edwards curves 
(cherry picked from commit 9d979d7cd6)
 2020-05-01 06:54:26 +02:00