ComputerSurge/bind9
3
0
Fork 0
Code Pull Requests 1 Activity
36,555 Commits 589 Branches 805 Tags
fdf85d887793d01cfecf8ec027e27f37c2423cdf
Commit Graph

36555 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Michal Nowak
fdf85d8877 Add OpenBSD 7.1 
(cherry picked from commit 7edf8ab47cfd0cc3a633e941b2880ee11d75d6cd)
 2022-08-16 17:02:06 +02:00
Petr Špaček
000fb86614 Merge branch 'sgoldlust-edit-statements' into 'v9_18' 
Edit tag/statement for glue-cache and reserved-sockets

See merge request isc-projects/bind9!6638
 2022-08-15 07:22:05 +00:00
Suzanne Goldlust
cb6bf93298 Edit tag/statement for glue-cache and reserved-sockets 2022-08-15 09:17:36 +02:00
Evan Hunt
96a66e1c61 Merge branch '3488-prevent-adb-dump-race-v9_18' into 'v9_18' 
Lock the address entry bucket when dumping ADB namehook

See merge request isc-projects/bind9!6657
 2022-08-13 00:10:14 +00:00
Evan Hunt
f841f545b7 Lock the address entry bucket when dumping ADB namehook 
When dumping an ADB address entry associated with a name,
the name bucket lock was held, but the entry bucket lock was
not; this could cause data races when other threads were updating
address entry info. (These races are probably not operationally
harmful, but they triggered TSAN error reports.)
 2022-08-12 15:55:41 -07:00
Michal Nowak
1f12e1de3a Merge branch '3348-move-pkcs11-interface-test-to-debian-v9_18' into 'v9_18' 
[v9_18] Move OpenSSL-based PKCS#11 interface job to Debian "bullseye"

See merge request isc-projects/bind9!6653
 2022-08-11 19:18:56 +00:00
Michal Nowak
f2c0c65dca Move OpenSSL-based PKCS#11 interface job to Debian "bullseye" 
Fedora 36 uses OpenSSL 3.0.2 by default, but the OpenSSL engine API
which we use for PKCS#11 is deprecated in OpenSSL 3.0.0. For the
keyfromlabel system test to work operating system with OpenSSL 1.1 needs
to be used.

(cherry picked from commit 2eecebdea91868be571e3c7a5fb3324505fbd2ff)
 2022-08-11 20:31:40 +02:00
Michal Nowak
b1213d6a4d Merge branch '3458-reintroduce-without-cmocka-and-without-gssapi-v9_18' into 'v9_18' 
[v9_18] Configure Ubuntu 18.04 "bionic" without cmocka and GSS-API

See merge request isc-projects/bind9!6651
 2022-08-11 16:23:14 +00:00
Michal Nowak
2f1a3738f5 Configure Ubuntu 18.04 "bionic" without cmocka and GSS-API 
--without-cmocka and --without-gssapi ./configure options have been lost
when Debian 9 "stretch" was dropped from the CI. This reintroduces them,
albeit to a slightly different platform.

(cherry picked from commit a2c8703967e7b6ba2a0d02ab414172588a3cb17a)
 2022-08-11 17:57:46 +02:00
Michal Nowak
07b43da612 Merge branch 'mnowak/add-oracle-linux-9-v9_18' into 'v9_18' 
[v9_18] Add Oracle Linux 9

See merge request isc-projects/bind9!6644
 2022-08-10 12:27:20 +00:00
Mark Andrews
d48f9f84e3 Fix mkeys to work with DEFAULT_ALGORITHM properly 
Stop using a RSASHA1 fixed key in ns3's named.conf as the
trusted key and instead compute a broken digest from the
real digest to use in trusted-keys.

(cherry picked from commit be4cbe2b80)
 2022-08-10 14:06:57 +02:00
Mark Andrews
7e1b02fc4e kasp: stop using RSASHA1 unless necessary for the test 
Moves tests from being RSASHA1 based to RSASHA256 based where possible
and split out the remaining RSASHA1 based tests so that they are not
run on OS's that don't support RSASHA1.

(cherry picked from commit db028684e5)
 2022-08-10 17:26:29 +10:00
Mark Andrews
62ddc10933 keymgr2kasp: use FIPS compliant algorithms and key sizes 
migrate-nomatch-alglen: switched to RSASHA256 instead of RSASHA1
and the key size now changes from 2048 bits to 3072 bits instead
of 1024 bits to 2048 bits.

migrate-nomatch-algnum: switched to RSASHA256 instead of RSASHA1
as initial algorithm and adjusted mininum key size to 2048 bits.

rsasha256: adjusted minimum key size to 2048 bits.

(cherry picked from commit 048b015166)
 2022-08-10 17:26:29 +10:00
Mark Andrews
945f901722 dnssec/signer/general: Replace RSASHA1 keys with RSASHA512 keys 
RSASHA1 is verify only in FIPS mode. Use RSASHA256 instead.

(cherry picked from commit 9c6de6d12d)
 2022-08-10 17:26:29 +10:00
Mark Andrews
b81e93673f Check if RSASHA1 is supported by the OS 
(cherry picked from commit 1690cb7bb4)
 2022-08-10 17:26:29 +10:00
Mark Andrews
c652c94024 autosign: use FIPS compatible algorithms and key sizes 
The nsec-only.example zone was not converted as we use it to
test nsec-only DNSSEC algorithms to nsec3 conversion failure.
The subtest is skipped in fips mode.

Update "checking revoked key with duplicate key ID" test
to use FIPS compatible algorithm.

(cherry picked from commit 99ad09975e)
 2022-08-10 17:26:29 +10:00
Mark Andrews
5b3c17f330 rsabigexponent: convert the test from RSASHA1 to RSASHA256 
RSASHA1 is not supported on some platforms.

(cherry picked from commit 8c3c011860)
 2022-08-10 17:26:29 +10:00
Michal Nowak
20b7c1d49f Add Oracle Linux 9 
(cherry picked from commit be08cf41d9)
 2022-08-10 17:26:29 +10:00
Mark Andrews
ff17c10d7d notify: remove duplicate test number 
(cherry picked from commit d396aa227e)
 2022-08-10 17:26:29 +10:00
Mark Andrews
69a8132d7d mkeys: use $() instead of back quotes 
(cherry picked from commit 0e45a2b02c)
 2022-08-10 17:26:29 +10:00
Mark Andrews
aff8219f3e Upgrade uses of hmac-sha1 to DEFAULT_HMAC 
where the test is not hmac-sha1 specific

(cherry picked from commit c533e8bc5b)
 2022-08-10 17:26:29 +10:00
Mark Andrews
2c2fc8fdbd Add CHANGES not for [GL #3440] 
(cherry picked from commit be88c583bd)
 2022-08-10 17:26:27 +10:00
Mark Andrews
c6adebb22c zonechecks: use $DEFAULT_ALGORITHM 
(cherry picked from commit 459e6980e5)
 2022-08-10 17:25:26 +10:00
Mark Andrews
2e3554fe68 wildcard: use $DEFAULT_ALGORITHM 
(cherry picked from commit 3f65c9cf85)
 2022-08-10 17:25:26 +10:00
Mark Andrews
23e087131a views: use $DEFAULT_ALGORITHM 
(cherry picked from commit 86b29606c3)
 2022-08-10 17:25:26 +10:00
Mark Andrews
0b05da9f29 verify: use $DEFAULT_ALGORITHM 
(cherry picked from commit 93f7c7cdcd)
 2022-08-10 17:25:26 +10:00
Mark Andrews
d3a502f19e upforwd: use $DEFAULT_ALGORITHM 
(cherry picked from commit 5585909904)
 2022-08-10 17:25:26 +10:00
Mark Andrews
620a16bcff unknown: use $DEFAULT_ALGORITHM 
(cherry picked from commit 9970d4317d)
 2022-08-10 17:25:26 +10:00
Mark Andrews
6d544309a0 synthfromdnssec: use $DEFAULT_ALGORITHM 
(cherry picked from commit 73fd49f8bb)
 2022-08-10 17:25:26 +10:00
Mark Andrews
2144febc9d staticstub: use $DEFAULT_ALGORITHM 
(cherry picked from commit 32337b9dbf)
 2022-08-10 17:25:26 +10:00
Mark Andrews
b380473ca2 smartsign: use $DEFAULT_ALGORITHM 
(cherry picked from commit 941b95edb0)
 2022-08-10 17:25:26 +10:00
Mark Andrews
bb981e0d68 rpz: use $DEFAULT_ALGORITHM 
(cherry picked from commit 1861c3e503)
 2022-08-10 17:25:26 +10:00
Mark Andrews
b57457e754 rootkeysentinel: use $DEFAULT_ALGORITHM 
(cherry picked from commit b0e1d9b1b3)
 2022-08-10 17:25:26 +10:00
Mark Andrews
e756c4c0f3 resolver: use $DEFAULT_ALGORITHM 
(cherry picked from commit 05ef8c81dd)
 2022-08-10 17:25:26 +10:00
Mark Andrews
62d50d3b23 redirect: use $DEFAULT_ALGORITHM 
(cherry picked from commit e0e03602ba)
 2022-08-10 17:25:26 +10:00
Mark Andrews
c1f7fd282a pending: use $DEFAULT_ALGORITHM 
(cherry picked from commit 6fd50b9fda)
 2022-08-10 17:25:26 +10:00
Mark Andrews
c5d5e20c8f nsupdate: use $DEFAULT_ALGORITHM 
(cherry picked from commit c2d18567fc)
 2022-08-10 17:25:26 +10:00
Mark Andrews
64d2dc174b mkeys: use $DEFAULT_ALGORITHM 
(cherry picked from commit 78fa082999)
 2022-08-10 17:25:26 +10:00
Mark Andrews
647e4c0d9b mirror: use $DEFAULT_ALGORITHM 
(cherry picked from commit ff95bafa39)
 2022-08-10 17:25:26 +10:00
Mark Andrews
7c100effd2 metadata: use $DEFAULT_ALGORITHM 
(cherry picked from commit 3f1dc83bfb)
 2022-08-10 17:25:26 +10:00
Mark Andrews
db5eb04f4a inline: use $DEFAULT_ALGORITHM 
(cherry picked from commit e3acddefd1)
 2022-08-10 17:25:26 +10:00
Mark Andrews
73f2c501a5 dsdigest: use $DEFAULT_ALGORITHM 
(cherry picked from commit 49de14cb9e)
 2022-08-10 17:25:26 +10:00
Mark Andrews
5aad0a38e8 dnssec: use $DEFAULT_ALGORITHM 
(cherry picked from commit d0b0139c90)
 2022-08-10 17:25:26 +10:00
Mark Andrews
642d5963d9 dns64: use $DEFAULT_ALGORITHM 
(cherry picked from commit 5cbf1e1598)
 2022-08-10 17:25:26 +10:00
Mark Andrews
f3658af717 chain: use $DEFAULT_ALGORITHM 
(cherry picked from commit 3419178bd2)
 2022-08-10 17:25:26 +10:00
Mark Andrews
2cbfb22d2f cds: use $DEFAULT_ALGORITHM 
(cherry picked from commit 6cf0b73ede)
 2022-08-10 17:25:26 +10:00
Mark Andrews
f970186979 autosign: use $DEFAULT_ALGORITHM 
(cherry picked from commit bb810b0ac9)
 2022-08-10 17:25:26 +10:00
Mark Andrews
c06815dede Use DEFAULT_HMAC for rndc 
(cherry picked from commit ce324ae8ba)
 2022-08-10 17:25:26 +10:00
Evan Hunt
55d0fd0a11 Merge branch '3483-memstat-assertion-v9_18' into 'v9_18' 
fix overflow error in mem_putstats()

See merge request isc-projects/bind9!6645
 2022-08-09 18:42:48 +00:00
Evan Hunt
1843780151 fix overflow error in mem_putstats() 
an integer overflow could cause an assertion failure when
freeing memory.

(cherry picked from commit 0401e0867b)
 2022-08-09 11:21:35 -07:00