As of libuv 1.36.0, CMake is the only supported build method for libuv
on Windows. Account for that fact by adjusting the relevant paths and
DLL file names used in the win32utils/Configure script. Update
Windows-specific documentation accordingly.
(cherry picked from commit 64a091d587)
Our GitLab Runner Custom executor scripts now use the "image" key for
determining the Windows Docker image to use for a given CI job. Update
.gitlab-ci.yml to reflect that change.
(cherry picked from commit 004ca913f2)
In order for a "fast-expire/IN: response-policy zone expired" message to
be logged in ns3/named.run, the "fast-expire" zone must first be
transferred in by that server. However, with unfavorable timing, ns3
may be stopped before it manages to fetch the "fast-expire" zone from
ns5 and after the latter has been reconfigured to no longer serve that
zone. In such a case, the "rpz" system test will report a false
positive for the relevant check. Prevent that from happening by
ensuring ns3 manages to transfer the "fast-expire" zone before getting
shut down.
(cherry picked from commit 39191052ad)
Some setup scripts uses DEFAULT_ALGORITHM in their dnssec-policy
and/or initial signing. The tests still used the literal values
13, ECDSAP256SHA256, and 256. Replace those occurrences where
appropriate.
(cherry picked from commit 518dd0bb17)
Using AC_RUN_IFELSE() in configure.ac breaks cross-compilation:
configure: error: cannot run test program while cross compiling
Commit 978c7b2e89 caused AC_RUN_IFELSE()
to be used instead of AC_LINK_IFELSE() because the latter had seemingly
been causing the check for --wrap support in the linker to not work as
expected. However, it later turned out that the problem lied elsewhere:
a minus sign ('-') was missing from the LDFLAGS variable used in the
relevant check [1].
Revert to using AC_LINK_IFELSE() for checking whether the linker
supports the --wrap option in order to make cross-compilation possible
again.
[1] see commit cfa4ea64bc
The following compiler warning is emitted for the BACKTRACE_X86STACK
part of lib/isc/backtrace.c:
backtrace.c: In function ‘getrbp’:
backtrace.c:142:1: warning: no return statement in function returning non-void [-Wreturn-type]
While getrbp() stores the value of the RBP register in the RAX register
and thus does attempt to return a value, this is not enough for an
optimizing compiler to always produce the expected result. With -O2,
the following machine code may be generated in isc_backtrace_gettrace():
0x00007ffff7b0ff7a <+10>: mov %rbp,%rax
0x00007ffff7b0ff7d <+13>: mov $0x17,%eax
0x00007ffff7b0ff82 <+18>: retq
The above is equivalent to:
sp = (void **)getrbp();
return (ISC_R_NOTFOUND);
and results in the backtrace never getting printed.
Fix by using an intermediate variable. With this change in place, the
machine code generated with -O2 becomes something like:
0x00007ffff7af5638 <+24>: mov $0x17,%eax
0x00007ffff7af563d <+29>: mov %rbp,%rdx
0x00007ffff7af5640 <+32>: test %rdx,%rdx
0x00007ffff7af5643 <+35>: je 0x7ffff7af56bd <isc_backtrace_gettrace+157>
...
0x00007ffff7af56bd <+157>: retq
(Note that this method of grabbing a stack trace is finicky anyway
because in order for RBP to be relied upon, -fno-omit-stack-frame must
be present among CFLAGS.)
Some operating systems (e.g. Linux, FreeBSD) provide the
_Unwind_Backtrace() function in libgcc_s.so, which is automatically
linked into any binary using the functions provided by that library. On
OpenBSD, though, _Unwind_Backtrace() is provided by libc++abi.so, which
is not automatically linked into binaries produced by the stock system C
compiler.
Meanwhile, lib/isc/backtrace.c assumes that any GNU-compatible toolchain
allows _Unwind_Backtrace() to be used without any extra provisions in
the build system. This causes build failures on OpenBSD (and possibly
other systems).
Instead of making assumptions, actually check for _Unwind_Backtrace()
support in the toolchain if the backtrace() function is unavailable.
The make/mkdep script does not understand the concept of generated
source files (like lib/dns/dnstap.pb-c.c), which prevents it from
working correctly for out-of-tree builds. As "make depend" is not
required for building BIND and the "depend" make target was removed
altogether in the development branch, just prevent the "make depend"
check from being performed for out-of-tree builds in GitLab CI instead
of trying to add support for handling generated source files to
make/mkdep.
"make depend" prints errors to stderr, not to stdout. This means that
the check for "make depend" errors currently used in the definition of
every build job in GitLab CI could never fail. Fix that check by
redirecting stderr to stdout. Also employ tee to prevent the output of
"make depend" from being hidden in the job log. (While using tee hides
the exit code of "make depend" itself, the next line still checks for
errors anyway.)
ans10 simulates a local anycast server which has both signed and
unsigned instances of a zone. 'A' queries get answered from the
signed instance. Everything else gets answered from the unsigned
instance. The resulting answer should be insecure.
(cherry picked from commit d7840f4b93)
DNS_R_NCACHENXRRSET can be return when zones are in transition state
from being unsigned to signed and signed to unsigned. The validation
should be resumed and should result in a insecure answer.
(cherry picked from commit 718e597def)
If the connection is closed while we're processing the request
we might access TCPDNS outerhandle which is already reset. Check
for this condition and call the callback with ISC_R_CANCELED result.
(cherry picked from commit c41ce8e0c9)
"tcp-only" was not being tested correctly in the RPZ system test
because the option to the "digcmd" function that causes queries to
be sent via TCP was misspelled in one case, and was being interpreted
as a query name.
the "ckresult" function has also been changed to be case sensitive
for consistency with "digcmd".
(cherry picked from commit 78af071c11)
This feature allows GitLab to visualize test coverage information in the
file diff view of merge requests.
This commit makes the gcov CI job depend on the following chain of jobs:
gcc:buster:amd64 → unit:gcc:buster:amd64 → system:gcc:buster:amd64
The reason for running the last two jobs above sequentially rather than
in parallel is that both of them create *.gcda files (containing
coverage data) in the same locations. While some way of merging these
files from different job artifact archives could probably be designed
with the help of additional tools, the simplest thing to do is not to
run unit test and system test jobs in parallel, carrying *.gcda files
over between jobs as gcov knows how to append coverage data to existing
*.gcda files.
Also note that test coverage will not be visualized if any of the jobs
in the above dependency chain fails (because the gcov job will not be
run).
(cherry picked from commit 2dabf328c4)
The double equal sign ('==') is a Bash-specific string comparison
operator. Ensure the single equal sign ('=') is used in all POSIX shell
scripts in the system test suite in order to retain their portability.
(cherry picked from commit 481dfb9671)
Run "stress" tests for scheduled pipelines and pipelines created for
tags. These tests were previously only performed manually (as part of
pre-release testing of each new BIND version). Their purpose is to
detect memory leaks and potential performance issues.
As the run time of each "stress" test itself is set to 1 hour, set the
GitLab CI job timeout to 2 hours in order to account for the extra time
needed to set the test up and gather its results.
(cherry picked from commit 39305411e8)
On Linux core dump contains absolute path to crashed binary
Core was generated by `/home/newman/isc/ws/bind9/bin/named/.libs/lt-named -D glue-ns1 -X named.lock -m'.
However, on OpenBSD there's only a basename
Core was generated by `named'.
This commit adds support for the latter, retains the former.
(cherry picked from commit f0b13873a3)
