mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-30 22:15:20 +00:00
Code Issues Releases Wiki Activity
26,955 Commits 660 Branches 820 Tags
ce71d94434657c03094e87267de7b1b405bd7dbc
Commit Graph

26955 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Mukund Sivaraman
5f5fac6b92 Merge branch '185-fix-changes-entry' into 'master' 
Resolve "[CVE-2018-5737] serve-stale crash"

Closes #185

See merge request isc-projects/bind9!303
 2018-05-21 13:31:41 -04:00
Mukund Sivaraman
bfafcf89b8 Fix CHANGES entry 2018-05-21 22:52:15 +05:30
Evan Hunt
1092590ef4 Merge branch '185-public-fix' into 'master' 
Resolve "[CVE-2018-5737] serve-stale crash"

Closes #185

See merge request isc-projects/bind9!302
 2018-05-21 13:02:30 -04:00
Evan Hunt
4b67376e42 update CHANGES 2018-05-21 09:53:46 -07:00
Michał Kępień
46bb4dd124 Detect recursion loops during query processing 
Interrupt query processing when query_recurse() attempts to ask the same
name servers for the same QNAME/QTYPE tuple for two times in a row as
this indicates that query processing may be stuck for an indeterminate
period of time, e.g. due to interactions between features able to
restart query_lookup().
 2018-05-21 09:50:10 -07:00
Michał Kępień
391fac1fc8 Prevent check_stale_header() from leaking rdataset headers 
check_stale_header() fails to update the pointer to the previous header
while processing rdataset headers eligible for serve-stale, thus
enabling rdataset headers to be leaked (i.e. disassociated from a node
and left on the relevant TTL heap) while iterating through a node.  This
can lead to several different assertion failures.  Add the missing
pointer update.
 2018-05-21 09:50:10 -07:00
Mark Andrews
e8dd921ef9 Merge branch '238-isc_net_recvoverflow-support-is-broken' into 'master' 
Resolve "ISC_NET_RECVOVERFLOW support is broken."

Closes #238

See merge request isc-projects/bind9!226
 2018-05-18 01:44:02 -04:00
Mark Andrews
6bff1768cf ISC_SOCKEVENTATTR_TRUNC was not be set 2018-05-18 15:34:48 +10:00
Mark Andrews
ac9d87e325 Merge branch 'placeholder' into 'master' 
add placeholder

See merge request isc-projects/bind9!299
 2018-05-17 22:41:19 -04:00
Mark Andrews
aabd651ae8 add placeholder 2018-05-18 12:32:37 +10:00
Evan Hunt
bb4bfb9ae6 Merge branch '251-documentation-of-rpz-min-update-interval-is-inconsistent-with-implementation' into 'master' 
Resolve "Documentation of RPZ min-update-interval is inconsistent with implementation"

Closes #251

See merge request isc-projects/bind9!277
 2018-05-17 22:12:17 -04:00
Mukund Sivaraman
975afc508d Fix ARM about min-update-interval default for RPZ zones 
Also, use variable names consistent with catz for rpz configuration functions
 2018-05-17 19:02:51 -07:00
Mark Andrews
5a75f5bc91 Merge branch '267-iscpk11libs-is-not-defined-anywhere-resulting-in-dstrandom_test-not-being-built' into 'master' 
Remove dstrandom_test from lib/dns/tests/Atffile

See merge request isc-projects/bind9!292
 2018-05-17 02:20:30 -04:00
Mark Andrews
074f247926 remove dstrandom_test 2018-05-17 16:10:24 +10:00
Mark Andrews
7a8f04b826 Merge branch 'u/fanf2/restore-nsid-logging' into 'master' 
Fix request-nsid log level to match documentation.

See merge request isc-projects/bind9!290
 2018-05-16 23:49:25 -04:00
Tony Finch
adbdedda7a Add CHANGES entry. 
4948.	[bug]		When request-nsid is turned on, EDNS NSID options
			should be logged at level info. Since change 3741
			they have been logged at debug(3) by mistake.
			[GL !290]
 2018-05-16 20:24:24 +01:00
Tony Finch
174cd00290 Fix request-nsid log level to match documentation. 
Since change 3741 (commit 1d761cb4) they have been logged at
debug(3) by mistake.
 2018-05-16 20:20:05 +01:00
Witold Krecicki
5296ecb946 Merge branch '221-new-isc_random-api' into 'master' 
Unify the random number provider

Closes #221

See merge request isc-projects/bind9!269
 2018-05-16 04:05:31 -04:00
Ondřej Surý
e61082015d Add CHANGES entry. 
4947.   [func]          Replace all random functions with isc_random(),
                        isc_random_buf() and isc_random_uniform() API.
                        [GL #221]
 2018-05-16 09:55:56 +02:00
Ondřej Surý
087eab022f Add release notes. 2018-05-16 09:54:35 +02:00
Ondřej Surý
b890abb4f3 Remove -p pseudo-random documentation from dnssec-signzone 2018-05-16 09:54:35 +02:00
Ondřej Surý
b4d6541fe8 Remove genrandom man page 2018-05-16 09:54:35 +02:00
Ondřej Surý
f872cfcb45 Remove -p option usage from rpz test 2018-05-16 09:54:35 +02:00
Ondřej Surý
2b8fab6828 Remove genrandom command and all usage of specific random files throughout the system test suite 2018-05-16 09:54:35 +02:00
Ondřej Surý
3a4f820d62 Replace all random functions with isc_random, isc_random_buf and isc_random_uniform API. 
The three functions has been modeled after the arc4random family of
functions, and they will always return random bytes.

The isc_random family of functions internally use these CSPRNG (if available):

1. getrandom() libc call (might be available on Linux and Solaris)
2. SYS_getrandom syscall (might be available on Linux, detected at runtime)
3. arc4random(), arc4random_buf() and arc4random_uniform() (available on BSDs and Mac OS X)
4. crypto library function:
4a. RAND_bytes in case OpenSSL
4b. pkcs_C_GenerateRandom() in case PKCS#11 library
 2018-05-16 09:54:35 +02:00
Ondřej Surý
74dd289a1c Merge branch '209-glue-is-no-longer-included' into 'master' 
Resolve "Glue is no longer included for non-DNSSEC-signed zones since CHANGE 4596"

Closes #209

See merge request isc-projects/bind9!247
 2018-05-16 02:27:32 -04:00
Mukund Sivaraman
dfd73d7e16 Add CHANGES entry 2018-05-16 08:16:12 +02:00
Mukund Sivaraman
303391ea41 Add system test 2018-05-16 08:15:36 +02:00
Mukund Sivaraman
31bd3147d1 Don't validate non-pending glue when adding to the additional section 2018-05-16 08:15:36 +02:00
Evan Hunt
f03d68a7d0 Merge branch '233-clarify-documentation-of-update-policy-tcp-self-and-6to4-self' into 'master' 
Resolve "Clarify documentation of update-policy tcp-self and 6to4-self"

Closes #233

See merge request isc-projects/bind9!227
 2018-05-15 16:19:27 -04:00
Evan Hunt
dea89f2a52 rewrite the update-policy documentation 
- clarify the behavior of the name and identity fields for various
  rule types, particularly tcp-self and 6to4-self.
 2018-05-15 13:05:05 -07:00
Michał Kępień
a6f99bb3e3 Merge branch '258-address-ubsan-warnings' into 'master' 
Address issues found by ubsan

Closes #258

See merge request isc-projects/bind9!278
 2018-05-15 03:27:27 -04:00
Michał Kępień
6ddbca6f2b isc_buffer_*(): if source can be NULL, only call memmove() when length is non-zero 
Certain isc_buffer_*() functions might call memmove() with the second
argument (source) set to NULL and the third argument (length) set to 0.
While harmless, it triggers an ubsan warning:

    runtime error: null pointer passed as argument 2, which is declared to never be null

Modify all memmove() call sites in lib/isc/include/isc/buffer.h and
lib/isc/buffer.c which may potentially use NULL as the second argument
(source) so that memmove() is only called if the third argument (length)
is non-zero.
 2018-05-15 09:11:34 +02:00
Michał Kępień
9bc6ba0be9 dns_rdataslab_merge(): use dns_rdata_compare() instead of compare_rdata() 
compare_rdata() was meant to be used as a qsort() callback.  Meanwhile,
dns_rdataslab_merge() calls compare_rdata() for a pair of dns_rdata_t
structures rather than a pair of struct xrdata structures, which is
harmless, but triggers an ubsan warning:

    rdataslab.c:84:33: runtime error: member access within address <address> with insufficient space for an object of type 'const struct xrdata'

Use dns_rdata_compare() instead of compare_rdata() to prevent the
warning from being triggered.
 2018-05-15 09:11:34 +02:00
Michał Kępień
34de85dab8 Merge branch '252-9-9-sigs_test-updatesigs-is-failing' into 'master' 
Skip lib/dns/tests/sigs_test for builds without DNSSEC support

Closes #252

See merge request isc-projects/bind9!271
 2018-05-14 03:26:43 -04:00
Michał Kępień
f98e145c5b Extend the list of headers included by lib/dns/tests/sigs_test.c 2018-05-14 09:18:00 +02:00
Mark Andrews
2420320b96 return untested if not built with OPENSSL or PKCS11CRYPTO 2018-05-14 02:21:48 -04:00
Ondřej Surý
769551c336 Merge branch 'dont-close-stderr-doc' into 'master' 
Add notice about closing stdout/stderr file descriptors to style.md

See merge request isc-projects/bind9!272
 2018-05-14 02:08:52 -04:00
Ondřej Surý
174d00fbb8 Add notice about closing stdout/stderr file descriptors to style.md 2018-05-14 07:54:23 +02:00
Evan Hunt
a02efbe1f8 Merge branch '244-enforce-crypto-library' into 'master' 
Disable builds without cryptographic provider (OpenSSL or PKCS#11)

Closes #244

See merge request isc-projects/bind9!266
 2018-05-13 22:27:33 -04:00
Evan Hunt
ea5626179e CHANGES and release note 2018-05-13 19:18:56 -07:00
Ondřej Surý
23c1f7e506 Enforce usage of OpenSSL or PKCS#11 library in platform.h header 2018-05-13 19:18:56 -07:00
Evan Hunt
cb578fae92 Enforce crypto selection in configure 2018-05-13 19:18:56 -07:00
Ondřej Surý
ee83b59e5e Merge branch '9-remove-dolar-ids-and-other-cruft' into 'master' 
Remove $Id$s and other cruft in a batch

See merge request isc-projects/bind9!263
 2018-05-11 08:18:32 -04:00
Ondřej Surý
55a10b7acd Remove $Id markers, Principal Author and Reviewed tags from the full source tree 2018-05-11 13:17:46 +02:00
Ondřej Surý
93f2d25a9a Merge branch 'redirect-stderr-to-dev-null' into 'master' 
Use 2>/dev/null instead of '>&-'

See merge request isc-projects/bind9!262
 2018-05-11 07:10:42 -04:00
Ondřej Surý
3f66b8acb0 Update tests to not use '>&-' that closes file descriptor, but instead use correct redirection to '>/dev/null' 2018-05-11 12:44:27 +02:00
Michał Kępień
0ea363746e Merge branch '239-don-t-use-null-as-a-argument-to-a-varargs-function-as-it-may-not-be-promoted-properly' into 'master' 
Resolve "don't use NULL as a argument to a varargs function as it may not be promoted properly"

Closes #239

See merge request isc-projects/bind9!228
 2018-05-11 02:20:43 -04:00
Mark Andrews
6aae115d15 silence cppcheck portability warning 2018-05-11 08:12:17 +02:00
Mark Andrews
53fbf143db Merge branch '248-named-9-12-uses-too-much-memory-with-tuning-large-regression-vs-9-11' into 'master' 
Resolve "named 9.12 uses too much memory with `--tuning=large` (regression vs. 9.11)"

Closes #248

See merge request isc-projects/bind9!251
 2018-05-10 21:27:10 -04:00