The `malloc_usable_size()` can return size larger than originally allocated and when these sizes disagree the fortifier enabled by `_FORTIFY_SOURCE=3` detects overflow and stops the `named` execution abruptly. Stop using these convenience functions as they are primary used for introspection-only.
Closes#4880
Backport of MR !9400
Merge branch 'backport-4880-dont-use-malloc_usable_size-9.18' into 'bind-9.18'
See merge request isc-projects/bind9!9419
Although the nanual page of malloc_usable_size says:
Although the excess bytes can be over‐written by the application
without ill effects, this is not good programming practice: the
number of excess bytes in an allocation depends on the underlying
implementation.
it looks like the premise is broken with _FORTIFY_SOURCE=3 on newer
systems and it might return a value that causes program to stop with
"buffer overflow" detected from the _FORTIFY_SOURCE. As we do have own
implementation that tracks the allocation size that we can use to track
the allocation size, we can stop relying on this introspection function.
Also the newer manual page for malloc_usable_size changed the NOTES to:
The value returned by malloc_usable_size() may be greater than the
requested size of the allocation because of various internal
implementation details, none of which the programmer should rely on.
This function is intended to only be used for diagnostics and
statistics; writing to the excess memory without first calling
realloc(3) to resize the allocation is not supported. The returned
value is only valid at the time of the call.
Remove usage of both malloc_usable_size() and malloc_size() to be on the
safe size and only use the internal size tracking mechanism when
jemalloc is not available.
(cherry picked from commit d61712d14e)
The ISC_ATTR_UNUSED macro was missing in BIND 9.18, which
complicated things when backporting merge requests from main.
As __attribute__((__unused__)) is ubiquitous, just define the
macro.
The cross-version-config-tests job fails when a system test is removed
from the upcoming release. To avoid this, remove the system test also
from the $BIND_BASELINE_VERSION.
See the failure mode at https://gitlab.isc.org/isc-projects/bind9/-/jobs/4668947.
Backport of MR !9413
Merge branch 'backport-mnowak/remove-dialup-from-cross-version-config-tests-job-9.18' into 'bind-9.18'
See merge request isc-projects/bind9!9416
The cross-version-config-tests job fails when a system test is removed
from the upcoming release. To avoid this, remove the system test also
from the $BIND_BASELINE_VERSION.
(cherry picked from commit 60f5f2a9d9)
This supports bit-for-bit reproducibility of built documentation.
Closes#4886
Backport of MR !9399
Merge branch 'backport-issue-4886/order-preserving-documentation-tags-9.18' into 'bind-9.18'
See merge request isc-projects/bind9!9409
The 'set' datatype in Python does not provide iteration-order
guarantees related to insertion-order. That means that its
usage in the 'split_csv' helper function during documentation
build can produce nondeterministic results.
That is non-desirable for two reasons: it means that the
documentation output may appear to vary unnecessarily between
builds, and secondly there could be loss-of-information in cases
where tag order in the source documentation is significant.
This patch implements order-preserving de-duplication of tags,
allowing authors to specify tags using intentional priority
ordering, while also removing tags that appear more than once.
(cherry picked from commit 5a79b36f56)
Milestone is automatically set by 'merged-metadata' CI job to 'Not
released yet' so it does not matter what the original value was.
(cherry picked from commit 73b950dc29)
1. Set milestone to 'Not released yet' after merge
We will set milestone to actual version number when we actually tag a
particular version. This will get rid of mass MR reassignment when we
do last minute changes to a release plan etc.
2. Adjust No CHANGES and Release Notes MR labels to match gitchangelog
workflow.
(cherry picked from commit d1c64d588b)
Previously CI job for the autobackport bot inherited "interruptible:
true" global configuration. This caused premature termination of the job
when another merge was finished before the autobackport job ran to
completion.
(cherry picked from commit 3165261ecd)
If there is an algorithm rollover and two keys of different algorithm share the same keytags, then there is a possibility that if we check that a key matches a specific state, we are checking against the wrong key. This has been fixed by not only checking for matching key tag but also key algorithm.
Closes#4878
Backport of MR !9381
Merge branch 'backport-4878-fix-algorithm-rollover-keytag-conflict-bug-9.18' into 'bind-9.18'
See merge request isc-projects/bind9!9394
If there is an algorithm rollover and two keys of different algorithm
share the same keytags, then there is a possibility that if we check
that a key matches a specific state, we are checking against the wrong
key.
Fix this by not only checking for matching key id but also key
algorithm.
(cherry picked from commit f37eb33f29)
If there is a keytag conflict between keys with different algorithms,
we need to supply what key algorithm is used so we can get the right
public key.
For clarity, print the algorithm on the found keys after 'check_keys'.
(cherry picked from commit 7bb6d82505)
This adds the command line arguments: `-d` (debug), `-l` (list tests) and `-t test` (run this test) to the unit tests.
e.g.
```
% ./rdata_test -t zonemd
[==========] selected: Running 1 test(s).
[ RUN ] zonemd
[ OK ] zonemd
[==========] selected: 1 test(s) run.
[ PASSED ] 1 test(s).
%
```
Closes#4579
Backport of MR !9384
Merge branch 'backport-4579-restore-the-ability-to-select-individual-unit-tests-9.18' into 'bind-9.18'
See merge request isc-projects/bind9!9386
named now prints its initial working directory during startup and the
changed working directory when loading or reloading its configuration
file if it has a valid 'directory' option defined.
Closes#4731
Backport of MR !9362
Merge branch 'backport-4731-log-workdir-full-path-9.18' into 'bind-9.18'
See merge request isc-projects/bind9!9373
named now prints its initial working directory during startup and the
changed working directory when loading or reloading its configuration
file if it has a valid 'directory' option defined.
(cherry picked from commit fd8e1d161f)
Related: #4847
Backport of MR !9300
Merge branch 'backport-4847-changelog-sorting-and-tweaks-9.18' into 'bind-9.18'
See merge request isc-projects/bind9!9365
When manually handling the release notes (due to rst markup, fixups
etc.), the different MR number for backports causes needless friction.
Remove the reference from release notes and keep it only in changelog
which isn't manually redacted.
(cherry picked from commit 993ba7cc7f)
To reduce the friction when handling the release notes, it is preferable
to have the sections sorted by issue number, rather than merge order.
Fallback to commit subject line if unavailable (e.g. for changelog
entries).
(cherry picked from commit 759948fffe)
Since we've started the new changelog & release notes process, the file
for drafting release notes for the version-to-be is no longer needed.
(cherry picked from commit c795cfec54)
Checking whether a EDDSA key was private or not was broken could lead to
attempting to sign records with a public key and this could cause a
segmentation failure (read of a NULL pointer) within OpenSSL.
Closes#4855
Merge branch '4855-openssleddsa_isprivate-needs-to-supply-a-buffer' into 'bind-9.18'
See merge request isc-projects/bind9!9329
openssleddsa_isprivate failed to properly determine if a buffer was
private or not. Pass in a buffer so that EVP_PKEY_get_raw_private_key
fails when there is not a private key.
The test_traffic_json and test_traffic_xml occasionally fail when
running under TSAN. This happens in CI and is most likely a result of
some instability that doesn't seem to be easily reproduced.
Closes#4598
Backport of MR !9293
Merge branch 'backport-4598-mark-statschannel-test-flaky-9.18' into 'bind-9.18'
See merge request isc-projects/bind9!9351
The test_traffic_json and test_traffic_xml occasionally fail when
running under TSAN. This happens in CI and is most likely a result of
some instability that doesn't seem to be easily reproduced.
(cherry picked from commit ec2fc7680a)
New version of clang (19) has introduced a stricter checks when mixing
integer (and float types) with enums. In this case, we used enum {}
as C17 doesn't have constexpr yet. Change the time conversion constants
to be #defined constants because of RHEL 8 compiler doesn't consider
static const unsigned int to be constant.
Closes#4845
Backport of MR !9313
Merge branch 'backport-4845-change-NS_PER_SEC-type-from-enum-to-integer-9.18' into 'bind-9.18'
See merge request isc-projects/bind9!9340
New version of clang (19) has introduced a stricter checks when mixing
integer (and float types) with enums. In this case, we used enum {}
as C17 doesn't have constexpr yet. Change the time conversion constants
to be #defined constants because of RHEL 8 compiler doesn't consider
static const unsigned int to be constant.
(cherry picked from commit b03e90e0d4)
Log canceled resolver queries (e.g. when shutting down a hung
fetch) in DEBUG3 level instead of DEBUG1 which is used for the
"unrecognized" result codes.
Closes#4797
Backport of MR !9148
Merge branch 'backport-4797-rpz_rewrite-add-ISC_R_CANCELED-processing-9.18' into 'bind-9.18'
See merge request isc-projects/bind9!9348
Log canceled queries (e.g. when shutting down a hung fetch)
in DEBUG3 level instead of DEBUG1 which is used for the
"unrecognized" result codes.
(cherry picked from commit 8bb9568467)
Instead of directly using the result of dirfd() in the unlinkat() call,
check whether the returned file descriptor is actually valid. That
doesn't really change the logic as the unlinkat() would fail with
invalid descriptor anyway, but this is cleaner and will report the right
error returned directly by dirfd() instead of EBADF from unlinkat().
Closes#4853
Backport of MR !9316
Merge branch 'backport-4853-check-result-of-dirfd-in-isc_log-9.18' into 'bind-9.18'
See merge request isc-projects/bind9!9344
Instead of directly using the result of dirfd() in the unlinkat() call,
check whether the returned file descriptor is actually valid. That
doesn't really change the logic as the unlinkat() would fail with
invalid descriptor anyway, but this is cleaner and will report the right
error returned directly by dirfd() instead of EBADF from unlinkat().
(cherry picked from commit 59f4fdebc0)
