2
0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-31 06:25:31 +00:00
Commit Graph

38334 Commits

Author SHA1 Message Date
Mark Andrews
55a6b15087 Add CHANGES note for [GL !7417] 2023-02-15 18:55:18 +11:00
Petr Menšík
6ad794a8cd FIPS tests changes for RHEL
Include MD5 feature detection in featuretest tool and use it in some
places. When RHEL distribution or Fedora ELN is in FIPS mode, then MD5
algorithm is unavailable completely and even hmac-md5 algorithm usage
will always fail. Work that around by checking MD5 works and if not,
skipping its usage.

Those changes were dragged as downstream patch bind-9.11-fips-tests.patch
in Fedora and RHEL.
2023-02-15 15:44:28 +11:00
Ondřej Surý
4787adfd33 Merge branch '3862-recusive-stress-crash' into 'main'
Fix change 6093 which broke rbtdb when it grew too large

Closes #3862

See merge request isc-projects/bind9!7533
2023-02-14 18:19:54 +00:00
Tony Finch
9d7b224201 Fix change 6093 which broke rbtdb when it grew too large
I misunderstood the purpose of the `heap_index` rdataset header
member; I thought it identified which heap to use, and could therefore
be smaller, the same size as `locknum` indexes. But in fact it is a
position within a heap, so it needs to be able to count up to the
total number of rdatasets in the rbtdb.

So this changes `heap_index` from `uint16_t` back to `unsigned int`.

To avoid re-embiggening the rdatasetheader, shrink the `count` member
from `uint32` to `uint16`. The `count` is used to rotate RRsets in
`dns_rdataset_towiresorted()`, so 16 bits is more than large enough.
This change also means we no longer need to avoid colliding with
`DNS_RDATASET_COUNT_UNDEFINED` i.e. UINT32_MAX.

Closes #3862
2023-02-14 18:19:46 +00:00
Tony Finch
49db4fb60f Merge branch 'fanf-arm-spinloop' into 'main'
Improve the spinloop pause / yield hint

See merge request isc-projects/bind9!7469
2023-02-14 17:53:26 +00:00
Tony Finch
436b76bb17 Improve the spinloop pause / yield hint
Unfortunately, C still lacks a standard function for pause (x86,
sparc) or yeild (arm) instructions, for use in spin lock or CAS loops.
BIND has its own based on vendor intrinsics or inline asm.

Previously, it was buried in the `isc_rwlock` implementation. This
commit renames `isc_rwlock_pause()` to `isc_pause()` and moves
it into <isc/pause.h>.

This commit also fixes the configure script so that it detects ARM
yield support on systems that identify as `aarch*` instead of `arm*`.

On 64-bit ARM systems we now use the ISB (instruction synchronization
barrier) instruction in preference to yield. The ISB instruction
pauses the CPU for longer, several nanoseconds, which is more like the
x86 pause instruction. There are more details in a Rust pull request,
which also refers to MySQL making the same change:
https://github.com/rust-lang/rust/pull/84725
2023-02-14 17:13:24 +00:00
Tom Krizek
f32d334e41 Merge branch '3849-relax-diff-on-dig-short-output' into 'main'
Ignore dig errors in +short comparisons in tests

Closes #3849

See merge request isc-projects/bind9!7488
2023-02-14 12:39:38 +00:00
Tom Krizek
bd1ef66f83 Ignore dig errors in +short comparisons in tests
Tests using diff to compare outputs of dig +short shall ignore lines
starting with ";". In dig +short output, such lines should only be
present for errors such as network issues. Since we utilize dig's
default timeout/retry mechanisms, these transitory issues should be
ignored and only the final output should be considered during the diff
comparison.
2023-02-14 13:10:49 +01:00
Arаm Sаrgsyаn
f5b77e734a Merge branch '3866-fix-rpz-reference-counting-bug' into 'main'
Fix RPZ reference counting error on shutdown

Closes #3866

See merge request isc-projects/bind9!7526
2023-02-14 09:59:41 +00:00
Aram Sargsyan
a5927f1151 Add a CHANGES note for [GL #3866] 2023-02-14 09:13:18 +00:00
Aram Sargsyan
afbe63565f Fix RPZ reference counting error on shutdown
A dns_rpz_unref_rpzs() call is missing when taking the 'goto unlock;'
path on shutdown, in order to compensate for the earlier
dns_rpz_ref_rpzs() call.

Move the dns_rpz_ref_rpzs() call after the shutdown check.
2023-02-14 09:12:53 +00:00
Mark Andrews
b274d388f1 Merge branch '3662-extend-mkeys-system-test-to-handle-islands-of-trust' into 'main'
Resolve "Extend mkeys system test to handle islands of trust"

Closes #3662

See merge request isc-projects/bind9!7049
2023-02-13 23:32:05 +00:00
Mark Andrews
2928f21733 Add CHANGES note for [GL #3662] 2023-02-14 10:10:39 +11:00
Mark Andrews
41bdb5b9fe Add islands of trust to mkeys test
This adds an island of trust that is reachable from the root
where the trust anchors are added to island.conf.

This add an island of trust that is not reachable from the root
where the trust anchors are added to private.conf.
2023-02-14 10:10:05 +11:00
Mark Andrews
fb7b7ac495 Report the key name that failed in retry_keyfetch
When there are multiple managed trust anchors we need to know the
name of the trust anchor that is failing.  Extend the error message
to include the trust anchor name.
2023-02-14 10:10:05 +11:00
Evan Hunt
2f54ba3977 Merge branch '2971-cleanup-dead-functions' into 'main'
remove some unused functions

Closes #2971

See merge request isc-projects/bind9!7521
2023-02-13 19:52:05 +00:00
Evan Hunt
3a1bb8dac8 remove some unused functions
removed some functions that are no longer used and unlikely to
be resurrected, and also some that were only used to support Windows
and can now be replaced with generic versions.
2023-02-13 11:50:59 -08:00
Tom Krizek
6b8b9c0b02 Merge branch '3848-increase-wait-time-runtime-test' into 'main'
Increase named startup wait time for runtime test

Closes #3848

See merge request isc-projects/bind9!7487
2023-02-13 14:22:24 +00:00
Tom Krizek
b8bb4233e8 Increase named startup wait time for runtime test
Occasionally, the allotted 10 seconds for the "running" line to appear
in log after named is started proved insufficient in CI, especially
during increased load. Give named up to 60 seconds to start up to
mitigate this issue.
2023-02-13 14:54:12 +01:00
Michal Nowak
e9272f3cdc Merge branch 'mnowak/pairwise-test-auth-recursive-servers' into 'main'
Test authoritative and recursive servers in pairwise

See merge request isc-projects/bind9!7397
2023-02-13 12:24:25 +00:00
Michal Nowak
a708c2f93d Start named as auth and recursive server in pairwise
The script will start the named process configured as both an
authoritative and recursive server for each pairwise ./configure
configuration. The test is considered successful if the named process
runs until the 5-second timeout is triggered, and there is no named.lock
file present, indicating that named did not crash on shutdown.
2023-02-13 12:45:20 +01:00
Ondřej Surý
18f6213dc7 Merge branch '3814-tighten-the-locking-around-fctxcount' into 'main'
Add magic to fctxcount and replace the atomics with integers

Closes #3814

See merge request isc-projects/bind9!7515
2023-02-11 20:22:01 +00:00
Ondřej Surý
70439e2494 Add magic to fctxcount and replace the atomics with integers
Add magic value to the fctxcount, to check for completely invalid
counters, or counters that have been already destroyed.

Improve the locking around the counters, and because of that we can drop
the atomics and use simple integers - the counters were already locked
and the tiny bits that used the atomics were not worth the extra effort.
2023-02-11 20:21:47 +00:00
Evan Hunt
ffeb8b3b2b Merge branch '3780-deprecated-obsolete-cleanup' into 'main'
clean up some deprecated/obsolete options and doc

Closes #3780

See merge request isc-projects/bind9!7506
2023-02-10 17:55:40 +00:00
Evan Hunt
362ba054cf clean up some deprecated/obsolete options and doc
- removed documentation of -S option from named man page
- removed documentation of reserved-sockets from ARM
- simplified documentation of dnssec-secure-to-insecure - it
  now just says it's obsolete rather than describing what it
  doesn't do anymore
- marked three formerly obsolete options as ancient:
  parent-registration-delay, reserved-sockets, and
  suppress-initial-notify
2023-02-10 09:52:27 -08:00
Ondřej Surý
06872bdd4e Merge branch 'pspacek/make-manin-on-dist' into 'main'
Remove pregenerated manpages from the repo

See merge request isc-projects/bind9!6520
2023-02-10 11:02:03 +00:00
Ondřej Surý
8f2e1e15cc Test the pre-generated man pages in GitLab CI
Add an extra job for a build from tarball, but without sphinx-build and
enable RUN_MAKE_INSTALL to check that man pages were generated and
installed.

Disable the RUN_MAKE_INSTALL on the systems without sphinx-build (sid).
2023-02-10 11:33:49 +01:00
Petr Špaček
9110465194 Remove pregenerated manpages from the repo
We don't need them in the repo, it's sufficient if we pregenerate them
while preparing the tarball.  That way we don't have overhead while
modifying them but they are still available for installations without
Sphinx.

I assume that this will make rebases and cherry-picks across branches
easier, with less trial and error churn required in the CI.

It's implemented in the way that we build the manpages only when we
either have pregenerated pages available at the configure time or
sphinx-build is installed and working.
2023-02-10 11:24:03 +01:00
Evan Hunt
daf78318ed Merge branch 'each-remove-bind9-refvar' into 'main'
remove isc_bind9 variable

See merge request isc-projects/bind9!7508
2023-02-09 18:01:48 +00:00
Evan Hunt
935879ed11 remove isc_bind9 variable
isc_bind9 was a global bool used to indicate whether the library
was being used internally by BIND or by an external caller. external
use is no longer supported, but the variable was retained for use
by dyndb, which needed it only when being built without libtool.
building without libtool is *also* no longer supported, so the variable
can go away.
2023-02-09 18:00:13 +00:00
Michał Kępień
1db5dc456a Merge branch '3840-avoid-libuv-with-broken-recvmmsg' into 'main'
Avoid libuv 1.35 and 1.36 that have broken recvmmsg implementation

Closes #3840

See merge request isc-projects/bind9!7480
2023-02-09 14:10:19 +00:00
Ondřej Surý
6fa48c963e Add CHANGES and release note for [GL #3840] 2023-02-09 15:04:52 +01:00
Ondřej Surý
d4d57f16c3 Sync compile-time & run-time libuv requirements
Bump the minimum libuv version required at runtime so that it matches
the compile-time requirements.
2023-02-09 15:04:52 +01:00
Ondřej Surý
735d09bffe Enforce version drift limits for libuv
libuv support for receiving multiple UDP messages in a single system
call (recvmmsg()) has been tweaked several times between libuv versions
1.35.0 and 1.40.0.  Mixing and matching libuv versions within that span
may lead to assertion failures and is therefore considered harmful, so
try to limit potential damage be preventing users from mixing libuv
versions with distinct sets of recvmmsg()-related flags.
2023-02-09 15:04:52 +01:00
Ondřej Surý
251f411fc3 Avoid libuv 1.35 and 1.36 that have broken recvmmsg implementation
The implementation of UDP recvmmsg in libuv 1.35 and 1.36 is
incomplete and could cause assertion failure under certain
circumstances.

Modify the configure and runtime checks to report a fatal error when
trying to compile or run with the affected versions.
2023-02-09 15:04:52 +01:00
Tony Finch
e239e97a0d Merge branch 'fanf-another-bitstring-remnant' into 'main'
Remove another remnant of bitstring labels

See merge request isc-projects/bind9!7511
2023-02-09 14:03:17 +00:00
Tony Finch
174e56a251 Fix CHANGES numbering
Oops, I broke it
2023-02-09 13:41:04 +00:00
Tony Finch
1637721ee9 Remove another remnant of bitstring labels
A comment referred to the mysterious label type 01000001
2023-02-09 12:16:46 +00:00
Tony Finch
d39f666c7e Merge branch 'fanf-smaller-rdatasetheader' into 'main'
Reduce the size of rdatasetheader_t by 16 bytes

See merge request isc-projects/bind9!7505
2023-02-09 09:09:05 +00:00
Tony Finch
9721fa2153 Reduce the size of rdatasetheader_t by 16 bytes
Re-order the fields to avoid padding, and change the type of
`heap_index` to `uint16_t` to match `dns_rbtnode_t->locknum`.
2023-02-09 09:07:30 +00:00
Mark Andrews
ab4f4b4df0 Merge branch '3857-notify-source-port-test-is-not-reliable' into 'main'
Resolve "Notify source port test is not reliable"

Closes #3857

See merge request isc-projects/bind9!7509
2023-02-09 08:38:12 +00:00
Mark Andrews
e7e1f59a3a Make notify source port test reliable
Send the test message from ns3 to ns2 instead of ns2 to ns3 as ns2
is started first and therefore the test doesn't have to wait on the
resend of the the NOTIFY message to be successful.
2023-02-09 15:11:24 +11:00
Mark Andrews
d838b9f5cf Merge branch '3851-cleanup-nsupdate-system-test' into 'main'
Resolve "cleanup nsupdate system test"

Closes #3851

See merge request isc-projects/bind9!7490
2023-02-08 22:39:51 +00:00
Mark Andrews
df7f3c47c6 Send grep output to /dev/null in nsupdate test 2023-02-08 22:20:21 +00:00
Mark Andrews
3a38782485 Merge branch '3831-dnssec-cds-failed-to-cleanup-properly-on-some-non-error-paths' into 'main'
Resolve "dnssec-cds failed to cleanup properly on some non error paths"

Closes #3831

See merge request isc-projects/bind9!7445
2023-02-08 21:56:11 +00:00
Mark Andrews
ae26fcb8f5 Add CHANGES note for [GL #3831] 2023-02-09 08:35:27 +11:00
Mark Andrews
13f9d29954 dnssec-checkds: cleanup memory on error paths
Move and give unique names to the dns_db_t, dns_dbnode_t and
dns_dbversion_t pointers, so they have global scope and therefore
are visible to cleanup.  Unique names are not strictly necessary,
as none of the functions involved call each other.

Change free_db to handle NULL pointers and also an optional
(dns_dbversion_t **).

In match_keyset_dsset and free_keytable, ki to be handled
differently to prevent a false positive NULL pointer dereference
warning from scan.

In formatset moved dns_master_styledestroy earlier and freed
buf before calling check_result to prevent memory leak.

In append_new_ds_set freed ds on the default path before
calling check_result to prevent memory leak.
2023-02-09 08:35:27 +11:00
Mark Andrews
81bde388e4 dnssec-cds failed to cleanup on non error paths
dnssec-cds failed to cleanup on non error paths which meant that
the OpenSSL libraries could not cleanup properly.
2023-02-09 08:29:43 +11:00
Mark Andrews
ddc4d1fca4 Define DNS_RDATASET_INIT for static initialisation 2023-02-09 08:29:43 +11:00
Ondřej Surý
4ebf27bc19 Merge branch '3729-drop-RHEL-7-and-clones-support' into 'main'
Drop RHEL / CentOS / Oracle Linux 7 support

Closes #3729

See merge request isc-projects/bind9!7346
2023-02-08 20:34:01 +00:00