Commit Graph

33794 Commits

Author SHA1 Message Date
Michał Kępień
c90ff528a3 Tweak and reword release notes 2021-11-05 09:30:30 +01:00
Petr Špaček
781ae9d781 Merge branch 'pspacek/clang-format-v9_16' into 'v9_16'
retain diff output if clang-format changes something [v9_16]

See merge request isc-projects/bind9!5553
2021-11-02 15:02:03 +00:00
Petr Špaček
3934551251 retain diff output if clang-format changes something
It's major PITA trying to guess what exactly clang-format has changed,
so how CI stores patch file with changes which can be applied locally if
needed.

(cherry picked from commit ca4393fc9f)
2021-11-02 15:52:46 +01:00
Mark Andrews
f77940d0b1 Merge branch '2976-restore-xsltproc-discovery-for-statistics-system-test-9-16' into 'v9_16'
Resolve "Restore 'xsltproc' discovery for statistics system test 9.16"

See merge request isc-projects/bind9!5532
2021-10-30 01:47:42 +00:00
Mark Andrews
de801a5063 Look for xsltproc
xsltproc is used by the statistics system test
2021-10-30 10:24:45 +11:00
Arаm Sаrgsyаn
572b363110 Merge branch '2972-rsa-keys-compare-typo-bug-v9_16' into 'v9_16'
[v9_16] Fix a bug when comparing two RSA keys

See merge request isc-projects/bind9!5541
2021-10-28 15:36:24 +00:00
Aram Sargsyan
c6e4c28b4e Add dst_key_pubcompare and dst_key_compare unit test
The dst_key_pubcompare() and dst_key_compare() didn't have a unit test,
add the unit tests which test comparing the same keys, different keys,
and, where possible, similar keys with a manually altered parameter.

dst_key_pubcompare() internally uses the *_todns() functions of the
lib/dns/openssl*_link.c modules.

dst_key_compare() internally uses the *_compare() functions of the
lib/dns/openssl*_link.c modules.
2021-10-28 14:52:28 +00:00
Aram Sargsyan
49ebe409e3 Add CHANGES note for [GL #2972]
(cherry picked from commit 1ceb1f7ab0)
2021-10-28 13:47:20 +00:00
Aram Sargsyan
b122455009 Fix a bug when comparing two RSA keys
When comparing different parameters of two RSA keys there is a typo
which causes the "p" prime factors to not being compared.

Fix the typo.

(cherry picked from commit 930e4f52a5)
2021-10-28 13:46:22 +00:00
Michał Kępień
532a171e96 Merge branch 'michal/disable-pylint-warning-C0209-v9_16' into 'v9_16'
[v9_16] Disable PyLint warning C0209

See merge request isc-projects/bind9!5539
2021-10-28 13:40:25 +00:00
Michał Kępień
60ac3362d7 Disable PyLint warning C0209
PyLint 2.11 reports a new warning, C0209 (consider-using-f-string).
Since f-strings are only available in Python 3.6+, existing scripts
cannot be updated to use this feature just yet because they would stop
working with older Python versions.  Instead, disable PyLint warning
C0209 for the time being.  Sort all disabled warnings in .pylintrc.

(cherry picked from commit 860ca4e0ef)
2021-10-28 15:37:51 +02:00
Michał Kępień
36f89e137d Merge branch 'v9_16_22-release' into 'v9_16'
Merge 9.16.22 release branch

See merge request isc-projects/bind9!5536
2021-10-28 10:27:09 +00:00
Michał Kępień
02c9ee06b2 Move CHANGES entry for GL #2308
GL #2308 was originally referenced by CHANGES entry 5727.  However, the
corresponding code change turned out to be flawed and had to be reverted
in BIND 9.16.22, causing CHANGES entry 5727 to be removed on the release
branch.

Commit d329d47bae subsequently addressed
the flaw, so the fix for GL #2308 will be included in BIND 9.16.23.
Move the relevant CHANGES entry to reflect that.
2021-10-28 12:22:33 +02:00
Michał Kępień
6c399eda27 Set up release notes for BIND 9.16.23 2021-10-28 12:22:33 +02:00
Tinderbox User
2d0bfd6017 Merge branch 'prep-release' into security-v9_16 2021-10-28 12:22:33 +02:00
Michał Kępień
9fdf509213 Merge branch 'michal/prepare-documentation-for-bind-9.16.22' into 'security-v9_16'
Prepare documentation for BIND 9.16.22

See merge request isc-private/bind9!326
2021-10-28 12:22:33 +02:00
Tinderbox User
45c45e9b7e prep 9.16.22 2021-10-28 12:22:33 +02:00
Michał Kępień
5f04af90c2 Merge branch '2899-security-disable-lame-cache-v9_16' into 'security-v9_16'
[CVE-2021-25219] [v9_16] Disable "lame-ttl" cache

See merge request isc-private/bind9!323
2021-10-28 12:22:33 +02:00
Michał Kępień
5ed42ad256 Prepare release notes for BIND 9.16.22 2021-10-28 12:22:33 +02:00
Ondřej Surý
841769863f Add CHANGES and release note for [GL #2899] 2021-10-28 12:22:33 +02:00
Michał Kępień
16bdd5d158 Add release note for GL #2911 2021-10-28 12:22:33 +02:00
Ondřej Surý
498bcc5c9c Enable lame response detection even with disabled lame cache
Previously, when lame cache would be disabled by setting lame-ttl to 0,
it would also disable lame answer detection.  In this commit, we enable
the lame response detection even when the lame cache is disabled.  This
enables stopping answer processing early rather than going through the
whole answer processing flow.
2021-10-28 12:22:33 +02:00
Michał Kępień
14c525450b Reorder release notes 2021-10-28 12:22:33 +02:00
Ondřej Surý
0ac270dff2 Disable lame-ttl cache
The lame-ttl cache is implemented in ADB as per-server locked
linked-list "indexed" with <qname,qtype>.  This list has to be walked
every time there's a new query or new record added into the lame cache.
Determined attacker can use this to degrade performance of the resolver.

Resolver testing has shown that disabling the lame cache has little
impact on the resolver performance and it's a minimal viable defense
against this kind of attack.
2021-10-28 12:22:33 +02:00
Michał Kępień
25f8a86e0d Tweak and reword release notes 2021-10-28 12:22:33 +02:00
Michał Kępień
237500b2c7 Tweak and reword recent CHANGES entries 2021-10-28 12:22:33 +02:00
Evan Hunt
3aca4fc81f Merge branch 'each-test-fixes-v9_16' into 'v9_16'
Fix test errors that caused intermittent failures

See merge request isc-projects/bind9!5534
2021-10-27 20:21:58 +00:00
Evan Hunt
9c834a99a4 Fix statistics test error
The statistics system test sometimes needs a pause to wait for the
expected stats to be reported.

Also, the test for priming queries was ineffective; the result of
the grep was not being checked.

(cherry picked from commit c167feb1dc)
2021-10-27 12:56:51 -07:00
Evan Hunt
0085a8205f Fix cds test error
The margin of error (up to 2 seconds) allowed for the inception time
in the cds system test was a bit too small, and has been increased to 3
seconds.

(cherry picked from commit 3ecaccb961)
2021-10-27 12:08:19 -07:00
Evan Hunt
bf599c1649 Fix catz test error
The catz system test included a test case that was looking for a single
answer record after an update, when it should have been looking for two.
The test usually passed because of timing - the first dig usually got a
response before the update was completed - but occasionally the update
processed fast enough for the test to fail. On investigation, it turned
out to be the test that was wrong.

(cherry picked from commit 9b6060c6c4)
2021-10-27 12:08:19 -07:00
Evan Hunt
c2f7b2e7d2 Fix digdelv test error
The digdelv system test has a test case in which stderr was
included in the dig output. When trace logging was in use,
this confused the grep and caused a spurious test failure.

(cherry picked from commit 2143120636)
2021-10-27 12:08:12 -07:00
Mark Andrews
563c0be633 Merge branch '2947-unexpected-deletion-of-configured-catalog-zone-v9_16' into 'v9_16'
Prevent existing catalog zone entries being incorrectly deleted

See merge request isc-projects/bind9!5533
2021-10-27 13:26:56 +00:00
Mark Andrews
e1490496a6 Check that existing catalog zone entries are preserved
Update the 'catz' system test by adding tests that update an
catalog zone (catalog1.example) while preserving existing entries
(increase SOA serial) then check that catalog zone has transferred
and that the existing entries have not accidentally been removed
as a consequence (can return updated zone content).

(cherry picked from commit bf9c569852)
2021-10-28 00:04:44 +11:00
Mark Andrews
d329d47bae Prevent existing catalog zone entries being incorrectly deleted
After receiving a new version of a catalog zone it is required
to merge it with the old version.

The algorithm walks through the new version's hash table and applies
the following logic:

1. If an entry from the new version does not exist in the old
   version, then it's a new entry, add the entry to the `toadd` hash
   table.
2. If the zone does not exist in the set of configured zones, because
   it was deleted via rndc delzone or it was removed from another
   catalog zone instance, then add into to the `toadd` hash table to
   be reinstantiated.
3. If an entry from the new version also exists in the old version,
   but is modified, then add the entry to the `tomod` hash table, then
   remove it from the old version's hash table.
4. If an entry from the new version also exists in the old version and
   is the same (unmodified) then just remove it from the old version's
   hash table.

The algorithm then deletes all the remaining zones which still exist
in the old version's hash table (because only the ones that don't
exist in the new version should now remain there), then adds the ones
that were added to the `toadd`, and modifies the ones that were added
to the `tomod`, completing the merge.

During a recent refactoring, the part when the entry should be
removed from the old version's hash table on condition (4.) above
was accidentally omitted, so the unmodified zones were remaining
in the old version's hash table and consequently being deleted.

(cherry picked from commit 63145fb1d3)
2021-10-28 00:04:44 +11:00
Michal Nowak
b0f9c75c03 Merge branch '2458-run-asan-and-tsan-with-latest-stable-gcc-v9_16' into 'v9_16'
[v9_16] Use Fedora image for GCC ASAN and TSAN CI jobs

See merge request isc-projects/bind9!5527
2021-10-22 13:22:12 +00:00
Michal Nowak
b7c2870c4b Drop GCC ThreadSanitizer suppresion of fstrm-originated calls
With custom fstrm library in the Fedora image which uses mutexes instead
of barriers ThreadSanitizer suppression with GCC is not necessary
anymore.

(cherry picked from commit 6179011a50)
2021-10-22 13:06:40 +02:00
Michal Nowak
bbc39801ae Rename ASAN_OPTIONS_COMMON to ASAN_OPTIONS
Renaming the variable removes some of the complexity.

(cherry picked from commit 1f4a56cb3e)
2021-10-22 13:06:10 +02:00
Michal Nowak
5f1c9c28e9 Use Fedora image for GCC ASAN and TSAN CI jobs
For the sake of running ASAN and TSAN jobs with the latest stable GCC,
replace "base image" (Debian Buster with GCC 8.3.0) with Fedora 34 image
with GCC 11.

(cherry picked from commit 6ab2d89686)
2021-10-22 13:03:13 +02:00
Michal Nowak
9dbcd636e8 Merge branch 'mnowak/debian-11-bullseye-v9_16' into 'v9_16'
[v9_16] Add Debian 11 (bullseye)

See merge request isc-projects/bind9!5525
2021-10-22 09:05:34 +00:00
Michal Nowak
376712cd12 Do not spawn Debian 9 CI jobs in merge requests
(cherry picked from commit 1b9a9c2829)
2021-10-22 10:44:41 +02:00
Michal Nowak
3b95ecbd47 Add Debian 11 (bullseye)
(cherry picked from commit 2b5dfae5de)
2021-10-22 10:35:40 +02:00
Michal Nowak
74d2abdfc3 Merge branch 'mnowak/openbsd-7.0-v9_16' into 'v9_16'
[v9_16] Add OpenBSD 7.0

See merge request isc-projects/bind9!5523
2021-10-22 07:50:17 +00:00
Michal Nowak
85a37ee002 Add OpenBSD 7.0
(cherry picked from commit 75e873ed98)
2021-10-22 09:40:00 +02:00
Ondřej Surý
bbcd772b16 Merge branch 'ondrej/fix-missing-DNS_ZONEFLG_DUMPING-in-setmodtime-v9_16' into 'v9_16'
Add missing DNS_ZONEFLG_DUMPING to setmodtime()

See merge request isc-projects/bind9!5520
2021-10-21 10:52:44 +00:00
Ondřej Surý
40fa423fd3 Add missing DNS_ZONEFLG_DUMPING to setmodtime()
It was found, that the original commit adding the setmodtime() was
incompletely squashed and there was double check for
DNS_ZONEFLG_NEEDDUMP instead of check for DNS_ZONEFLG_NEEDDUMP and
DNS_ZONEFLG_DUMPING.

Change the duplicate check to DNS_ZONEFLG_DUMPING.

(cherry picked from commit 55ac6b7394)
2021-10-21 12:33:24 +02:00
Ondřej Surý
9d47109b2b Merge branch 'ondrej/fix-isc_time_add-overflow-v9_16' into 'v9_16'
Fix isc_time_add() overflow

See merge request isc-projects/bind9!5517
2021-10-21 08:17:22 +00:00
Ondřej Surý
3d4ec2f244 Add isc_time_add and isc_time_subtract unit test
The isc_time_add() and isc_time_subtract() didn't have a unit test, add
the unit test with couple of edge case vectors to check whether overflow
and underflow is correctly handled.

(cherry picked from commit 04511736a0)
2021-10-21 09:51:53 +02:00
Ondřej Surý
b58611a08b Fix isc_time_add() overflow
The isc_time_add() could overflow when t.seconds + i.seconds == UINT_MAX
and t.nanoseconds + i.nanoseconds >= NS_PER_S.

Fix the overflow in isc_time_add(), and simplify the ISC_R_RANGE checks
both in isc_time_add() and isc_time_subtract() functions.

(cherry picked from commit 8c05f12bc8)
2021-10-21 09:51:48 +02:00
Evan Hunt
68ee77ae42 Merge branch 'each-cleanup-qmin-test-v9_16' into 'v9_16'
fix qmin system test

See merge request isc-projects/bind9!5510
2021-10-20 08:56:22 +00:00
Evan Hunt
9456be2225 fix qmin system test
The qmin system test was printing spurious output.  On investigation,
the test case turned out to be both broken and ineffective: its
expectations were wrong, and it was printing the output because its
wrong expectations were not met, and those failed expectations were
not causing a test failure. All of this has been corrected.

(cherry picked from commit ac3eb921fc)
2021-10-20 01:36:53 -07:00