ISC Open Source Projects issueshttps://gitlab.isc.org/groups/isc-projects/-/issues2023-07-17T13:58:20Zhttps://gitlab.isc.org/isc-projects/kea/-/issues/2826Options with space dont get encapsulated from hosts database2023-07-17T13:58:20ZRichard KojedzinszkyOptions with space dont get encapsulated from hosts database**Describe the bug**
I have static option-definitions for ipxe namespace, from https://gitlab.isc.org/isc-projects/kea/-/issues/2366#note_284084. Then, I have a few records for my host reservation in postgresql database, as the dump sho...**Describe the bug**
I have static option-definitions for ipxe namespace, from https://gitlab.isc.org/isc-projects/kea/-/issues/2366#note_284084. Then, I have a few records for my host reservation in postgresql database, as the dump shows:
```
COPY public.dhcp4_options (option_id, code, value, formatted_value, space, persistent, dhcp_client_class, dhcp4_subnet_id, host_id, scope_id, user_context, shared_network_name, pool_id, modification_ts) FROM stdin;
18 175 \N \N \N f \N \N 4 3 \N \N \N 2023-04-01 13:15:54.656377+00
21 190 \\x69736373692d626f6f74 \N ipxe f \N \N 4 3 \N \N \N 2023-04-01 14:24:30.740714+00
22 191 \\x694b454d65784e6961663364 \N ipxe f \N \N 4 3 \N \N \N 2023-04-01 14:24:39.73297+00
23 203 \\x69716e2e323032322d30342e636c6f75642e6b776562733a6666 \N \N f \N \N 4 3 \N \N \N 2023-04-01 14:26:14.582959+00
24 17 \\x69736373693a3139322e3136382e382e36353a3a3a3a69716e2e323030352d31302e6f72672e667265656e61732e63746c3a69736373692d626f6f74 \N \N f \N \N 4 3 \N \N \N 2023-04-01 14:29:07.290341+00
25 176 \\x01 \N ipxe f \N \N 4 3 \N \N \N 2023-04-01 14:31:35.581516+00
\.
```
Howewer, options in space `ipxe` dont get added, encapsulated.
**To Reproduce**
Steps to reproduce the behavior:
1. Run Kea dhcpv4 with debug logging
2. Start up a vm with kvm without disk to boot with pxe
3. Observe debug output
**Expected behavior**
Expected the same behavior with the following static configuration snippet:
4. See that option 170 is requested, howewer the response contains an empty value for that option.
```
"reservations": [
{
"hw-address": "00:11:...",
"option-data": [
{
"code": 175
},
{
"code": 190,
"space": "ipxe",
"data": "iscsi-boot"
}
...
]
}
]
```
**Environment:**
- Kea version: 2.2.0
- OS: Debian 11
- Compiled with postgresql backend
- No hook libraries
**Additional Information**
Seems that this little patch would fix my issue:
```
diff --git a/src/lib/dhcpsrv/pgsql_host_data_source.cc b/src/lib/dhcpsrv/pgsql_host_data_source.cc
index a1251be692..5c438aac17 100644
--- a/src/lib/dhcpsrv/pgsql_host_data_source.cc
+++ b/src/lib/dhcpsrv/pgsql_host_data_source.cc
@@ -2530,6 +2530,11 @@ PgSqlHostDataSourceImpl::getHostCollection(PgSqlHostContextPtr& ctx,
<< tagged_statements[stindex].name);
}
}
+
+ for (auto& host : result) {
+ boost::const_pointer_cast<Host>(host)->getCfgOption4()->encapsulate();
+ boost::const_pointer_cast<Host>(host)->getCfgOption6()->encapsulate();
+ }
}
ConstHostPtr
```kea2.4.0Marcin SiodelskiMarcin Siodelskihttps://gitlab.isc.org/isc-projects/kea/-/issues/2795Unable to retrieve multiple host reservations for the same IP with reservatio...2023-07-17T13:58:20ZDarren AnkneyUnable to retrieve multiple host reservations for the same IP with reservation-getAttempting to retrieve multiple host reservations for the same IP address with `reservation-get` fails with this error:
```
{
"result": 1,
"text": "multiple records were found in the database where only one was expected for query SEL...Attempting to retrieve multiple host reservations for the same IP address with `reservation-get` fails with this error:
```
{
"result": 1,
"text": "multiple records were found in the database where only one was expected for query SELECT h.host_id, h.dhcp_identifier, h.dhcp_identifier_type, h.dhcp4_subnet_id, h.dhcp6_subnet_id, h.ipv4_address, h.hostname, h.dhcp4_client_classes, h.dhcp6_client_classes, h.user_context, h.dhcp4_next_server, h.dhcp4_server_hostname, h.dhcp4_boot_file_name, h.auth_key, o.option_id, o.code, o.value, o.formatted_value, o.space, o.persistent, o.user_context FROM hosts AS h LEFT JOIN dhcp4_options AS o ON h.host_id = o.host_id WHERE h.dhcp4_subnet_id = ? AND h.ipv4_address = ? ORDER BY h.host_id, o.option_id"
}
```
To recreate, Consider this simple Kea configuration
```
{
"Dhcp4": {
"ip-reservations-unique": false,
"control-socket": {
"socket-type": "unix",
"socket-name": "/tmp/kea4-ctrl-socket"
},
"hosts-database": {
"type": "mysql",
"name": "kea",
"user": "kea",
"password": "kea",
},
"reservations-global": false,
"reservations-in-subnet": false,
"hooks-libraries": [
{
"library": "/usr/local/kea/2.3.5/lib/kea/hooks/libdhcp_host_cmds.so"
}
],
"subnet4": [
{
"subnet": "192.0.2.0/24",
"id": 1
}
]
}
}
```
Using the `reservation-add` API call from the host_cmds hook you can add multiple reservations for the same IP address if `"ip-reservations-unique": false,` is set in the Kea configuration:
```
{"command": "reservation-add","arguments": {"reservation": {"subnet-id": 1,"hw-address": "99:99:99:99:99:01","ip-address": "192.0.2.181"}}}
```
```
{"command": "reservation-add","arguments": {"reservation": {"subnet-id": 1,"circuit-id": "'1234'","ip-address": "192.0.2.181"}}}
```
Then try to retrieve the hosts using the `reservation-get` API call from the host_cmds hook:
```
{"command": "reservation-get","arguments": {"ip-address": "192.0.2.181","subnet-id": 1},"service": ["dhcp4"]}
```
which will result in the aforementioned error.
It should be noted that there are other calls that are able to retrieve the reservations such as `reservation-get-by-id` and `reservation-get-page`.
[RT 21902](https://support.isc.org/Ticket/Display.html?id=21902)kea2.4.0Piotrek ZadrogaPiotrek Zadrogahttps://gitlab.isc.org/isc-projects/kea/-/issues/2793Improve documentation of vendor options2023-11-03T08:54:39ZFrancis DupontImprove documentation of vendor optionsImprove documentation of vendor options (vivco, vivso and v6 vendor class and opts), for instance explain when vivso for a particular vendor is added in the response with its suboptions (including when there is a vivco for this vendor in...Improve documentation of vendor options (vivco, vivso and v6 vendor class and opts), for instance explain when vivso for a particular vendor is added in the response with its suboptions (including when there is a vivco for this vendor in the query).
For the code reorganization of the code e.g. move code from appendRequestedOptions to appendRequestedVendorOptions, or add new unit tests are in the scope of this ticket.
It includes and extends too #1745kea2.4.0Tomek MrugalskiTomek Mrugalskihttps://gitlab.isc.org/isc-projects/kea/-/issues/2745two separate reservations for one client leads to one being ignored2023-07-17T13:58:20ZWlodzimierz Wenceltwo separate reservations for one client leads to one being ignored1. Kea reservation identifiers:
```
"host-reservation-identifiers": [
"hw-address",
"duid"
],
```
hr in the subnet:
```
"reservations": [
{
"duid": "...1. Kea reservation identifiers:
```
"host-reservation-identifiers": [
"hw-address",
"duid"
],
```
hr in the subnet:
```
"reservations": [
{
"duid": "00:03:00:01:f6:f5:f4:f3:f2:01",
"prefixes": [
"2001:db8:1:0:4000::/110"
]
},
{
"hw-address": "f6:f5:f4:f3:f2:01",
"ip-addresses": [
"3000::3"
]
}
]
```
both are correct, and both, if you closely, are for the same client. I would be inclined to call it misconfiguration, but kea do not check this.
Kea do not assign prefix to client that is using duid `00:03:00:01:f6:f5:f4:f3:f2:01` but if address reservation is removed, reserved prefix is assigned correctly. Changing the order of reservations in config file do not have any effect.kea2.4.0Francis DupontFrancis Duponthttps://gitlab.isc.org/isc-projects/kea/-/issues/2725lease prefix-len is not checked in lease commands for PD type2023-07-17T13:58:20ZRazvan Becheriulease prefix-len is not checked in lease commands for PD typethe following UT which passes, is using a wrong prefix-length for the prefix (type PD):
```
txt =
"{\n"
" \"command\": \"lease6-add\",\n"
" \"arguments\": {"
" \"subnet-id\": 66,\n"
...the following UT which passes, is using a wrong prefix-length for the prefix (type PD):
```
txt =
"{\n"
" \"command\": \"lease6-add\",\n"
" \"arguments\": {"
" \"subnet-id\": 66,\n"
" \"ip-address\": \"2001:db8:1::1\",\n"
" \"prefix-len\": 48,\n"
" \"type\": \"IA_PD\",\n"
" \"duid\": \"1a:1b:1c:1d:1e:1f\",\n"
" \"iaid\": 1234,\n"
" \"state\": 1"
" }\n"
"}";
```
clearly a check on the prefix length is missing from the code in lease commandskea2.4.0Razvan BecheriuRazvan Becheriuhttps://gitlab.isc.org/isc-projects/kea/-/issues/2707ability to detect Kea config changes (config-hash-get)2023-07-17T13:58:20ZTomek Mrugalskiability to detect Kea config changes (config-hash-get)There was a [discussion in Porto](https://pad.isc.org/p/porto2022-kea-features-for-stork#L19) about detecting out of bounds configuration changes in Kea. The overall idea is that Stork should be able to detect somewhat easily if Kea's co...There was a [discussion in Porto](https://pad.isc.org/p/porto2022-kea-features-for-stork#L19) about detecting out of bounds configuration changes in Kea. The overall idea is that Stork should be able to detect somewhat easily if Kea's config has changed, e.g. by sysadmin or some external tool.
Couple ideas were discussed:
- storing timestamp of last modification
- using hash
- using monotonic counter
- using journal file or auditlog
The overall idea is that Stork (and other monitoring tools) should be able to reasonably easily answer the question whether configuration was modified or not. It is essential the question/answer should be relatively low cost as Stork and other monitoring tools tend to look at Kea's config frequently (e.g. every 15 seconds) and the config changes are typically rare events.
This requires a short ~design.kea2.4.0Tomek MrugalskiTomek Mrugalskihttps://gitlab.isc.org/isc-projects/kea/-/issues/2608Missing header file (cfg_globals.h) in install paths causes custom hook compi...2023-07-17T13:58:21ZsseekampMissing header file (cfg_globals.h) in install paths causes custom hook compilation to fail**Name:**
Missing header file "cfg_globals.h" in install target causes custom hook compilation to fail
**Describe the bug**
Hook compilation fails (which works on 2.0.0) with:
`
In file included from /include/kea/dhcpsrv/subnet.h:15,...**Name:**
Missing header file "cfg_globals.h" in install target causes custom hook compilation to fail
**Describe the bug**
Hook compilation fails (which works on 2.0.0) with:
`
In file included from /include/kea/dhcpsrv/subnet.h:15,
from src/callouts.cc:9:
/include/kea/dhcpsrv/network.h:17:10: fatal error: dhcpsrv/cfg_globals.h: No such file or directory
17 | #include <dhcpsrv/cfg_globals.h>
| ^~~~~~~~~~~~~~~~~~~~~~~
compilation terminated.
make: *** [Makefile:13: src/callouts.o] Error 1
`
This was added in:
https://gitlab.isc.org/isc-projects/kea/-/merge_requests/1078/diffs
and appears this code should have been updated to include the header file in the installation target (If I'm understanding correctly):
https://gitlab.isc.org/isc-projects/kea/-/blob/master/src/lib/dhcpsrv/Makefile.am#L291
**To Reproduce**
1. Build Kea from source with config options listed below
2. Attempt to compile a custom hook that includes subnet.h
3. Copying the header file: /kea-2.2.0/src/lib/dhcpsrv/cfg_globals.h -> PREFIX/include/kea/dhcpsrv/ allows compilation to succeed.
**Expected behavior**
Hook should compile successfully
**Environment:**
- Kea version: 2.2.0
- OS: Ubuntu Focal
- Config options: --enable-generate-messages --enable-perfdhcp --enable-shell --prefix=/
**Additional Information**
Makefile details from the custom hook code:
```
KEA_MSG_COMPILER ?= kea-msg-compiler
KEA_INCLUDE ?= /include/kea
KEA_LIB ?= /lib
OBJECTS = src/messages.o src/logger.o src/load.o src/runscript.o src/callouts.o src/version.o src/multithreading.o
CXXFLAGS = -I $(KEA_INCLUDE) -fPIC -Wno-deprecated -std=c++11
LDFLAGS = -L $(KEA_LIB) -shared -lkea-dhcpsrv -lkea-dhcp++ -lkea-hooks -lkea-log -lkea-util -lkea-exceptions
```
I am building this hook code in a multistage Docker build pipeline and would prefer not to depend on source files not installed by the Kea tooling. If that's not a reasonable assumption I can adjust our tooling behavior.kea2.4.0Thomas MarkwalderThomas Markwalderhttps://gitlab.isc.org/isc-projects/kea/-/issues/2554ARM: Make parameter names clickable2023-07-17T13:58:21ZTomek MrugalskiARM: Make parameter names clickableSomeone (@vicky?) suggested on the Kea call:
> If we want to link the statements in the ARM the way we did for the BIND ARM, I have the MRs that Petr used. The linking was built on top of a couple of other things - including the categor...Someone (@vicky?) suggested on the Kea call:
> If we want to link the statements in the ARM the way we did for the BIND ARM, I have the MRs that Petr used. The linking was built on top of a couple of other things - including the category tagging we also did in the ARM. I think these are the Sphinx text roles that we changed style for recently. Nice idea. Not trivial, requires some Sphinx python programming.
The overall goal is to reuse a script that BIND developed. It turned statements (e.g. `hosts-database`) into clickable links.kea2.4.0Andrei Pavelandrei@isc.orgAndrei Pavelandrei@isc.orghttps://gitlab.isc.org/isc-projects/kea/-/issues/2467remove kea_connector2.py kea_connector3.py2023-07-17T13:58:20ZWlodzimierz Wencelremove kea_connector2.py kea_connector3.pyit's been over 2.5 years since python2 was eoled, maybe it's time to get rid of `kea_connector2.py` `kea_connector3.py` and put python3 support into `kea_conn.py`it's been over 2.5 years since python2 was eoled, maybe it's time to get rid of `kea_connector2.py` `kea_connector3.py` and put python3 support into `kea_conn.py`kea2.4.0Slawek FigielSlawek Figielhttps://gitlab.isc.org/isc-projects/kea/-/issues/1452Document installing FreeRADIUS from packages2023-07-17T13:58:20ZTomek MrugalskiDocument installing FreeRADIUS from packagesSee the background for this report in [support#16875](https://support.isc.org/Ticket/Display.html?id=16875).
In essence, the error observed was:
```
HOOKS_OPEN_ERROR failed to open hook library /usr/lib64/kea/hooks/libdhcp_radius.so: /...See the background for this report in [support#16875](https://support.isc.org/Ticket/Display.html?id=16875).
In essence, the error observed was:
```
HOOKS_OPEN_ERROR failed to open hook library /usr/lib64/kea/hooks/libdhcp_radius.so: /usr/lib64/kea/hooks/libdhcp_radius.so: undefined symbol: rc_acct_async
DHCP4_PARSER_FAIL failed to create or run parser for configuration element hooks-libraries: hooks libraries failed to validate - library or libraries in error are: /usr/lib64/kea/hooks/libdhcp_radius.so(/etc/kea/kea-dhcp4.conf:10:5)
```
However, the underlying problem is that incorrect FreeRADIUS version was installed. It was a plain FreeRADIUS, without Francis' patch. This should be better explained in the docs. Something along "if you see this error, please install the patched FreeRADIUS version".kea2.4.0Wlodzimierz WencelWlodzimierz Wencelhttps://gitlab.isc.org/isc-projects/bind9/-/issues/4163nslookup performance in dnsutils 1:9.19.14-1+ubuntu22.04.1+isc+12023-07-05T08:19:56ZAndreas Perhabnslookup performance in dnsutils 1:9.19.14-1+ubuntu22.04.1+isc+1<!--
If the bug you are reporting is potentially security-related - for example,
if it involves an assertion failure or other crash in `named` that can be
triggered repeatedly - then please make sure that you make the new issue
confident...<!--
If the bug you are reporting is potentially security-related - for example,
if it involves an assertion failure or other crash in `named` that can be
triggered repeatedly - then please make sure that you make the new issue
confidential!
-->
### Summary
nslookup in the newer version (9.19.14 vs 9.19.13) is way too slow
### BIND version used
```
BIND 9.19.14-1+ubuntu22.04.1+isc+1-Ubuntu (Development Release) <id:>
running on Linux x86_64 5.19.0-45-generic #46-Ubuntu SMP PREEMPT_DYNAMIC Wed Jun 7 09:08:58 UTC 2023
built by make with '--build=x86_64-linux-gnu' '--prefix=/usr' '--includedir=${prefix}/include' '--mandir=${prefix}/share/man' '--infodir=${prefix}/share/info' '--sysconfdir=/etc' '--localstatedir=/var' '--disable-option-checking' '--disable-silent-rules' '--libdir=${prefix}/lib/x86_64-linux-gnu' '--libexecdir=${prefix}/lib/x86_64-linux-gnu' '--disable-maintainer-mode' '--disable-dependency-tracking' '--libdir=/usr/lib/x86_64-linux-gnu' '--sysconfdir=/etc/bind' '--with-python=python3' '--localstatedir=/' '--enable-threads' '--enable-largefile' '--with-libtool' '--enable-shared' '--disable-static' '--with-gost=no' '--with-openssl=/usr' '--with-gssapi=yes' '--with-libidn2' '--with-json-c' '--with-lmdb=/usr' '--with-gnu-ld' '--with-maxminddb' '--with-atf=no' '--enable-ipv6' '--enable-rrl' '--enable-filter-aaaa' '--disable-native-pkcs11' '--enable-dnstap' 'build_alias=x86_64-linux-gnu' 'CFLAGS=-g -O2 -ffile-prefix-map=/build/bind9-213IbN/bind9-9.19.14=. -flto=auto -ffat-lto-objects -flto=auto -ffat-lto-objects -fstack-protector-strong -Wformat -Werror=format-security -fno-strict-aliasing -fno-delete-null-pointer-checks -DNO_VERSION_DATE -DDIG_SIGCHASE' 'LDFLAGS=-Wl,-Bsymbolic-functions -flto=auto -ffat-lto-objects -flto=auto -Wl,-z,relro -Wl,-z,now' 'CPPFLAGS=-Wdate-time -D_FORTIFY_SOURCE=2'
compiled by GCC 11.3.0
compiled with OpenSSL version: OpenSSL 3.0.2 15 Mar 2022
linked to OpenSSL version: OpenSSL 3.0.2 15 Mar 2022
compiled with libuv version: 1.44.2
linked to libuv version: 1.44.2
compiled with liburcu version: 0.13.2
compiled with libnghttp2 version: 1.43.0
linked to libnghttp2 version: 1.43.0
compiled with libxml2 version: 2.9.13
linked to libxml2 version: 20913
compiled with json-c version: 0.15
linked to json-c version: 0.15
compiled with zlib version: 1.2.11
linked to zlib version: 1.2.11
linked to maxminddb version: 1.5.2
compiled with protobuf-c version: 1.3.3
linked to protobuf-c version: 1.3.3
threads support is enabled
DNSSEC algorithms: RSASHA1 NSEC3RSASHA1 RSASHA256 RSASHA512 ECDSAP256SHA256 ECDSAP384SHA384 ED25519 ED448
DS algorithms: SHA-1 SHA-256 SHA-384
HMAC algorithms: HMAC-MD5 HMAC-SHA1 HMAC-SHA224 HMAC-SHA256 HMAC-SHA384 HMAC-SHA512
TKEY mode 2 support (Diffie-Hellman): no
TKEY mode 3 support (GSS-API): yes
default paths:
named configuration: /etc/bind/named.conf
rndc configuration: /etc/bind/rndc.conf
nsupdate session key: //run/named/session.key
named PID file: //run/named/named.pid
named lock file: //run/named/named.lock
geoip-directory: /usr/share/GeoIP
```
### Steps to reproduce
```bash
docker run --rm internetsystemsconsortium/bind9:9.19 bash -c 'apt update && apt install dnsutils -y && time nslookup www.google.com && time nslookup www.google.com && named -V'
```
### What is the current *bug* behavior?
a typical run of `time nslookup www.google.com` now takes about 200ms
### What is the expected *correct* behavior?
with the previous version 9.19.13 (binary still on our backup images of our servers, unfortunately `apt install dnsutils=1:9.19.13-1+ubuntu22.04.1+isc+1 -y` does not work) we could see around 50ms for the first run of `time nslookup www.google.com` and below 10ms an immediate following run.
### Relevant configuration files
(Paste any relevant configuration files - please use code blocks (```)
to format console output. If submitting the contents of your
configuration file in a non-confidential Issue, it is advisable to
obscure key secrets: this can be done automatically by using
`named-checkconf -px`.)
### Relevant logs and/or screenshots
9.19.14
```
Server: 192.168.30.210
Address: 192.168.30.210#53
Non-authoritative answer:
Name: www.google.com
Address: 142.251.36.196
Name: www.google.com
Address: 2a00:1450:4016:809::2004
real 0m0.207s
user 0m0.005s
sys 0m0.005s
Server: 192.168.30.210
Address: 192.168.30.210#53
Non-authoritative answer:
Name: www.google.com
Address: 142.251.36.196
Name: www.google.com
Address: 2a00:1450:4016:809::2004
real 0m0.179s
user 0m0.002s
sys 0m0.008s
BIND 9.19.14-1+ubuntu22.04.1+isc+1-Ubuntu (Development Release) <id:>
running on Linux x86_64 5.19.0-45-generic #46-Ubuntu SMP PREEMPT_DYNAMIC Wed Jun 7 09:08:58 UTC 2023
built by make with '--build=x86_64-linux-gnu' '--prefix=/usr' '--includedir=${prefix}/include' '--mandir=${prefix}/share/man' '--infodir=${prefix}/share/info' '--sysconfdir=/etc' '--localstatedir=/var' '--disable-option-checking' '--disable-silent-rules' '--libdir=${prefix}/lib/x86_64-linux-gnu' '--libexecdir=${prefix}/lib/x86_64-linux-gnu' '--disable-maintainer-mode' '--disable-dependency-tracking' '--libdir=/usr/lib/x86_64-linux-gnu' '--sysconfdir=/etc/bind' '--with-python=python3' '--localstatedir=/' '--enable-threads' '--enable-largefile' '--with-libtool' '--enable-shared' '--disable-static' '--with-gost=no' '--with-openssl=/usr' '--with-gssapi=yes' '--with-libidn2' '--with-json-c' '--with-lmdb=/usr' '--with-gnu-ld' '--with-maxminddb' '--with-atf=no' '--enable-ipv6' '--enable-rrl' '--enable-filter-aaaa' '--disable-native-pkcs11' '--enable-dnstap' 'build_alias=x86_64-linux-gnu' 'CFLAGS=-g -O2 -ffile-prefix-map=/build/bind9-213IbN/bind9-9.19.14=. -flto=auto -ffat-lto-objects -flto=auto -ffat-lto-objects -fstack-protector-strong -Wformat -Werror=format-security -fno-strict-aliasing -fno-delete-null-pointer-checks -DNO_VERSION_DATE -DDIG_SIGCHASE' 'LDFLAGS=-Wl,-Bsymbolic-functions -flto=auto -ffat-lto-objects -flto=auto -Wl,-z,relro -Wl,-z,now' 'CPPFLAGS=-Wdate-time -D_FORTIFY_SOURCE=2'
compiled by GCC 11.3.0
compiled with OpenSSL version: OpenSSL 3.0.2 15 Mar 2022
linked to OpenSSL version: OpenSSL 3.0.2 15 Mar 2022
compiled with libuv version: 1.44.2
linked to libuv version: 1.44.2
compiled with liburcu version: 0.13.2
compiled with libnghttp2 version: 1.43.0
linked to libnghttp2 version: 1.43.0
compiled with libxml2 version: 2.9.13
linked to libxml2 version: 20913
compiled with json-c version: 0.15
linked to json-c version: 0.15
compiled with zlib version: 1.2.11
linked to zlib version: 1.2.11
linked to maxminddb version: 1.5.2
compiled with protobuf-c version: 1.3.3
linked to protobuf-c version: 1.3.3
threads support is enabled
DNSSEC algorithms: RSASHA1 NSEC3RSASHA1 RSASHA256 RSASHA512 ECDSAP256SHA256 ECDSAP384SHA384 ED25519 ED448
DS algorithms: SHA-1 SHA-256 SHA-384
HMAC algorithms: HMAC-MD5 HMAC-SHA1 HMAC-SHA224 HMAC-SHA256 HMAC-SHA384 HMAC-SHA512
TKEY mode 2 support (Diffie-Hellman): no
TKEY mode 3 support (GSS-API): yes
default paths:
named configuration: /etc/bind/named.conf
rndc configuration: /etc/bind/rndc.conf
nsupdate session key: //run/named/session.key
named PID file: //run/named/named.pid
named lock file: //run/named/named.lock
geoip-directory: /usr/share/GeoIP
```
9.19.13
```
Server: 192.168.30.210
Address: 192.168.30.210#53
Non-authoritative answer:
Name: www.google.com
Address: 142.251.36.196
Name: www.google.com
Address: 2a00:1450:4016:809::2004
real 0m0.007s
user 0m0.003s
sys 0m0.003s
Server: 192.168.30.210
Address: 192.168.30.210#53
Non-authoritative answer:
Name: www.google.com
Address: 142.251.36.196
Name: www.google.com
Address: 2a00:1450:4016:809::2004
real 0m0.008s
user 0m0.007s
sys 0m0.000s
BIND 9.19.13-1+ubuntu22.04.1+isc+1-Ubuntu (Development Release) <id:>
running on Linux x86_64 5.19.0-45-generic #46-Ubuntu SMP PREEMPT_DYNAMIC Wed Jun 7 09:08:58 UTC 2023
built by make with '--build=x86_64-linux-gnu' '--prefix=/usr' '--includedir=${prefix}/include' '--mandir=${prefix}/share/man' '--infodir=${prefix}/share/info' '--sysconfdir=/etc' '--localstatedir=/var' '--disable-option-checking' '--disable-silent-rules' '--libdir=${prefix}/lib/x86_64-linux-gnu' '--libexecdir=${prefix}/lib/x86_64-linux-gnu' '--disable-maintainer-mode' '--disable-dependency-tracking' '--libdir=/usr/lib/x86_64-linux-gnu' '--sysconfdir=/etc/bind' '--with-python=python3' '--localstatedir=/' '--enable-threads' '--enable-largefile' '--with-libtool' '--enable-shared' '--disable-static' '--with-gost=no' '--with-openssl=/usr' '--with-gssapi=yes' '--with-libidn2' '--with-json-c' '--with-lmdb=/usr' '--with-gnu-ld' '--with-maxminddb' '--with-atf=no' '--enable-ipv6' '--enable-rrl' '--enable-filter-aaaa' '--disable-native-pkcs11' '--enable-dnstap' 'build_alias=x86_64-linux-gnu' 'CFLAGS=-g -O2 -ffile-prefix-map=/build/bind9-CPF2uL/bind9-9.19.13=. -flto=auto -ffat-lto-objects -flto=auto -ffat-lto-objects -fstack-protector-strong -Wformat -Werror=format-security -fno-strict-aliasing -fno-delete-null-pointer-checks -DNO_VERSION_DATE -DDIG_SIGCHASE' 'LDFLAGS=-Wl,-Bsymbolic-functions -flto=auto -ffat-lto-objects -flto=auto -Wl,-z,relro -Wl,-z,now' 'CPPFLAGS=-Wdate-time -D_FORTIFY_SOURCE=2'
compiled by GCC 11.3.0
compiled with OpenSSL version: OpenSSL 3.0.2 15 Mar 2022
linked to OpenSSL version: OpenSSL 3.0.2 15 Mar 2022
compiled with libuv version: 1.44.2
linked to libuv version: 1.44.2
compiled with liburcu version: 0.13.2
compiled with libnghttp2 version: 1.43.0
linked to libnghttp2 version: 1.43.0
compiled with libxml2 version: 2.9.13
linked to libxml2 version: 20913
compiled with json-c version: 0.15
linked to json-c version: 0.15
compiled with zlib version: 1.2.11
linked to zlib version: 1.2.11
linked to maxminddb version: 1.5.2
compiled with protobuf-c version: 1.3.3
linked to protobuf-c version: 1.3.3
threads support is enabled
DNSSEC algorithms: RSASHA1 NSEC3RSASHA1 RSASHA256 RSASHA512 ECDSAP256SHA256 ECDSAP384SHA384 ED25519 ED448
DS algorithms: SHA-1 SHA-256 SHA-384
HMAC algorithms: HMAC-MD5 HMAC-SHA1 HMAC-SHA224 HMAC-SHA256 HMAC-SHA384 HMAC-SHA512
TKEY mode 2 support (Diffie-Hellman): no
TKEY mode 3 support (GSS-API): yes
default paths:
named configuration: /etc/bind/named.conf
rndc configuration: /etc/bind/rndc.conf
nsupdate session key: //run/named/session.key
named PID file: //run/named/named.pid
named lock file: //run/named/named.lock
geoip-directory: /usr/share/GeoIP
```
### Possible fixes
(If you can, link to the line of code that might be responsible for the
problem.)July 2023 (9.18.17, 9.18.17-S1, 9.19.15)Ondřej SurýOndřej Surýhttps://gitlab.isc.org/isc-projects/bind9/-/issues/4021TSAN error: view->adb detached too early.2023-06-20T14:03:20ZMark AndrewsTSAN error: view->adb detached too early.`zone` uses a weak attachment to `view` and `view->adb` is being removed before the last weak reference is gone.
https://isc-projects.gitlab-pages.isc.org/-/bind9/-/jobs/3330343/artifacts/tsan/34d53dfe27a51d3019477e06126f78fe6c37a19b4fb...`zone` uses a weak attachment to `view` and `view->adb` is being removed before the last weak reference is gone.
https://isc-projects.gitlab-pages.isc.org/-/bind9/-/jobs/3330343/artifacts/tsan/34d53dfe27a51d3019477e06126f78fe6c37a19b4fbecbd4a6f955b2cac4a971/39a265b1e880ecadaeab740ede4711b0f52f7376229c8e05d0e6f9a6aa26ae52.txt
```
WARNING: ThreadSanitizer: data race
Write of size 8 at 0x000000000001 by main thread (mutexes: write M1):
#0 dns_view_detach lib/dns/view.c:492:14 (BuildId: ed6942e73cb749ba369cb30e2b8cbff55912936c)
#1 load_configuration bin/named/server.c:9730:3 (BuildId: e22f5494ad4763562b247402252f579d302d266b)
#2 loadconfig bin/named/server.c:10306:11 (BuildId: e22f5494ad4763562b247402252f579d302d266b)
#3 named_server_reconfigcommand bin/named/server.c:10712:2
#4 named_control_docommand bin/named/control.c:244:12 (BuildId: e22f5494ad4763562b247402252f579d302d266b)
#5 control_command bin/named/controlconf.c:385:17 (BuildId: e22f5494ad4763562b247402252f579d302d266b)
#6 isc__async_cb lib/isc/async.c:84:3 (BuildId: da417881a15b47891f3b60c2e3b71c7ee8d91d1c)
#7 uv__async_io /usr/src/libuv-v1.44.1/src/unix/async.c:163:5 (BuildId: 120c450d14885aa5308bc95c4ea77de2c2b1cc36)
#8 isc_loopmgr_run lib/isc/loop.c:473:2 (BuildId: da417881a15b47891f3b60c2e3b71c7ee8d91d1c)
#9 main bin/named/main.c:1513:2 (BuildId: e22f5494ad4763562b247402252f579d302d266b)
Previous read of size 8 at 0x000000000001 by thread T1 (mutexes: write M2):
#0 zone_maintenance lib/dns/zone.c:10910:46 (BuildId: ed6942e73cb749ba369cb30e2b8cbff55912936c)
#1 zone_timer lib/dns/zone.c:14609:2 (BuildId: ed6942e73cb749ba369cb30e2b8cbff55912936c)
#2 timer_cb lib/isc/timer.c:111:2 (BuildId: da417881a15b47891f3b60c2e3b71c7ee8d91d1c)
#3 uv__run_timers /usr/src/libuv-v1.44.1/src/timer.c:178:5 (BuildId: 120c450d14885aa5308bc95c4ea77de2c2b1cc36)
#4 thread_run lib/isc/thread.c:77:17 (BuildId: da417881a15b47891f3b60c2e3b71c7ee8d91d1c)
Location is heap block of size 1448 at 0x000000000016 allocated by main thread:
#0 malloc <null> (BuildId: e22f5494ad4763562b247402252f579d302d266b)
#1 mallocx lib/isc/./jemalloc_shim.h:65:14 (BuildId: da417881a15b47891f3b60c2e3b71c7ee8d91d1c)
#2 mem_get lib/isc/mem.c:304:8
#3 isc__mem_get lib/isc/mem.c:667:8 (BuildId: da417881a15b47891f3b60c2e3b71c7ee8d91d1c)
#4 dns_view_create lib/dns/view.c:97:9 (BuildId: ed6942e73cb749ba369cb30e2b8cbff55912936c)
#5 create_view bin/named/server.c:6440:11 (BuildId: e22f5494ad4763562b247402252f579d302d266b)
#6 load_configuration bin/named/server.c:9141:12 (BuildId: e22f5494ad4763562b247402252f579d302d266b)
#7 loadconfig bin/named/server.c:10306:11 (BuildId: e22f5494ad4763562b247402252f579d302d266b)
#8 named_server_reconfigcommand bin/named/server.c:10712:2
#9 named_control_docommand bin/named/control.c:244:12 (BuildId: e22f5494ad4763562b247402252f579d302d266b)
#10 control_command bin/named/controlconf.c:385:17 (BuildId: e22f5494ad4763562b247402252f579d302d266b)
#11 isc__async_cb lib/isc/async.c:84:3 (BuildId: da417881a15b47891f3b60c2e3b71c7ee8d91d1c)
#12 uv__async_io /usr/src/libuv-v1.44.1/src/unix/async.c:163:5 (BuildId: 120c450d14885aa5308bc95c4ea77de2c2b1cc36)
#13 isc_loopmgr_run lib/isc/loop.c:473:2 (BuildId: da417881a15b47891f3b60c2e3b71c7ee8d91d1c)
#14 main bin/named/main.c:1513:2 (BuildId: e22f5494ad4763562b247402252f579d302d266b)
Mutex M2 (0x000000000023) created at:
#0 pthread_mutex_init <null> (BuildId: e22f5494ad4763562b247402252f579d302d266b)
#1 dns_view_create lib/dns/view.c:133:2 (BuildId: ed6942e73cb749ba369cb30e2b8cbff55912936c)
#2 create_view bin/named/server.c:6440:11 (BuildId: e22f5494ad4763562b247402252f579d302d266b)
#3 load_configuration bin/named/server.c:9141:12 (BuildId: e22f5494ad4763562b247402252f579d302d266b)
#4 loadconfig bin/named/server.c:10306:11 (BuildId: e22f5494ad4763562b247402252f579d302d266b)
#5 named_server_reconfigcommand bin/named/server.c:10712:2
#6 named_control_docommand bin/named/control.c:244:12 (BuildId: e22f5494ad4763562b247402252f579d302d266b)
#7 control_command bin/named/controlconf.c:385:17 (BuildId: e22f5494ad4763562b247402252f579d302d266b)
#8 isc__async_cb lib/isc/async.c:84:3 (BuildId: da417881a15b47891f3b60c2e3b71c7ee8d91d1c)
#9 uv__async_io /usr/src/libuv-v1.44.1/src/unix/async.c:163:5 (BuildId: 120c450d14885aa5308bc95c4ea77de2c2b1cc36)
#10 isc_loopmgr_run lib/isc/loop.c:473:2 (BuildId: da417881a15b47891f3b60c2e3b71c7ee8d91d1c)
#11 main bin/named/main.c:1513:2 (BuildId: e22f5494ad4763562b247402252f579d302d266b)
Mutex M2 (0x000000000026) created at:
#0 pthread_mutex_init <null> (BuildId: e22f5494ad4763562b247402252f579d302d266b)
#1 dns_zone_create lib/dns/zone.c:1124:2 (BuildId: ed6942e73cb749ba369cb30e2b8cbff55912936c)
#2 dns_zonemgr_createzone lib/dns/zone.c:18108:11 (BuildId: ed6942e73cb749ba369cb30e2b8cbff55912936c)
#3 configure_zone bin/named/server.c:6749:3 (BuildId: e22f5494ad4763562b247402252f579d302d266b)
#4 configure_view bin/named/server.c:4181:3 (BuildId: e22f5494ad4763562b247402252f579d302d266b)
#5 load_configuration bin/named/server.c:9194:12 (BuildId: e22f5494ad4763562b247402252f579d302d266b)
#6 run_server bin/named/server.c:9983:2 (BuildId: e22f5494ad4763562b247402252f579d302d266b)
#7 setup_jobs_cb lib/isc/loop.c:255:3 (BuildId: da417881a15b47891f3b60c2e3b71c7ee8d91d1c)
#8 isc__async_cb lib/isc/async.c:84:3 (BuildId: da417881a15b47891f3b60c2e3b71c7ee8d91d1c)
#9 uv__async_io /usr/src/libuv-v1.44.1/src/unix/async.c:163:5 (BuildId: 120c450d14885aa5308bc95c4ea77de2c2b1cc36)
#10 isc_loopmgr_run lib/isc/loop.c:473:2 (BuildId: da417881a15b47891f3b60c2e3b71c7ee8d91d1c)
#11 main bin/named/main.c:1513:2 (BuildId: e22f5494ad4763562b247402252f579d302d266b)
Thread T1 'isc-loop-0004' (running) created by main thread at:
#0 pthread_create <null> (BuildId: e22f5494ad4763562b247402252f579d302d266b)
#1 isc_thread_create lib/isc/thread.c:119:8 (BuildId: da417881a15b47891f3b60c2e3b71c7ee8d91d1c)
#2 isc_loopmgr_run lib/isc/loop.c:467:3 (BuildId: da417881a15b47891f3b60c2e3b71c7ee8d91d1c)
#3 main bin/named/main.c:1513:2 (BuildId: e22f5494ad4763562b247402252f579d302d266b)
SUMMARY: ThreadSanitizer: data race lib/dns/view.c:492:14 in dns_view_detach
```July 2023 (9.18.17, 9.18.17-S1, 9.19.15)Mark AndrewsMark Andrewshttps://gitlab.isc.org/isc-projects/bind9/-/issues/4135Data race lib/dns/zone.c:4127:26 in set_refreshkeytimer2023-12-08T07:49:51ZMichal NowakData race lib/dns/zone.c:4127:26 in set_refreshkeytimerJob [#3451385](https://gitlab.isc.org/isc-projects/bind9/-/jobs/3451385) failed for 81c5f12e2f8d2379e8be07b68102fc9ff9a5de8c.
```
WARNING: ThreadSanitizer: data race
Write of size 8 at 0x000000000001 by thread T1 (mutexes: write M2, ...Job [#3451385](https://gitlab.isc.org/isc-projects/bind9/-/jobs/3451385) failed for 81c5f12e2f8d2379e8be07b68102fc9ff9a5de8c.
```
WARNING: ThreadSanitizer: data race
Write of size 8 at 0x000000000001 by thread T1 (mutexes: write M2, read M2):
#0 set_refreshkeytimer lib/dns/zone.c:4127:26 (BuildId: fcbd6258d04361cb62bc32ccf87eff93722e9925)
#1 sync_keyzone lib/dns/zone.c:4683:5 (BuildId: fcbd6258d04361cb62bc32ccf87eff93722e9925)
#2 dns_zone_synckeyzone lib/dns/zone.c:4767:11
#3 view_loaded bin/named/./server.c:9692:14 (BuildId: dbafb0d25d480c1049a7bd687a3c53a6f4aeace4)
#4 call_loaddone lib/dns/zt.c:308:3 (BuildId: fcbd6258d04361cb62bc32ccf87eff93722e9925)
#5 doneloading lib/dns/zt.c:597:3
#6 zone_asyncload lib/dns/zone.c:2404:3 (BuildId: fcbd6258d04361cb62bc32ccf87eff93722e9925)
#7 task_run lib/isc/task.c:859:5 (BuildId: 6899e3b78cd26e2e0be1758888e5b949c65bdb33)
#8 isc_task_run lib/isc/task.c:953:10
#9 process_netievent lib/isc/netmgr/netmgr.c (BuildId: 6899e3b78cd26e2e0be1758888e5b949c65bdb33)
#10 process_queue lib/isc/netmgr/netmgr.c:1009:8 (BuildId: 6899e3b78cd26e2e0be1758888e5b949c65bdb33)
#11 process_all_queues lib/isc/netmgr/netmgr.c:790:25 (BuildId: 6899e3b78cd26e2e0be1758888e5b949c65bdb33)
#12 async_cb lib/isc/netmgr/netmgr.c:819:6
#13 uv__async_io /usr/src/libuv-v1.44.1/src/unix/async.c:163:5 (BuildId: 120c450d14885aa5308bc95c4ea77de2c2b1cc36)
#14 isc__trampoline_run lib/isc/trampoline.c:213:11 (BuildId: 6899e3b78cd26e2e0be1758888e5b949c65bdb33)
Previous read of size 4 at 0x000000000001 by thread T2:
#0 isc_time_compare lib/isc/unix/time.c:211:24 (BuildId: 6899e3b78cd26e2e0be1758888e5b949c65bdb33)
#1 zone_maintenance lib/dns/zone.c:11440:7 (BuildId: fcbd6258d04361cb62bc32ccf87eff93722e9925)
#2 zone_timer lib/dns/zone.c:15072:2 (BuildId: fcbd6258d04361cb62bc32ccf87eff93722e9925)
#3 task_run lib/isc/task.c:859:5 (BuildId: 6899e3b78cd26e2e0be1758888e5b949c65bdb33)
#4 isc_task_run lib/isc/task.c:953:10
#5 process_netievent lib/isc/netmgr/netmgr.c (BuildId: 6899e3b78cd26e2e0be1758888e5b949c65bdb33)
#6 process_queue lib/isc/netmgr/netmgr.c:1009:8 (BuildId: 6899e3b78cd26e2e0be1758888e5b949c65bdb33)
#7 process_all_queues lib/isc/netmgr/netmgr.c:790:25 (BuildId: 6899e3b78cd26e2e0be1758888e5b949c65bdb33)
#8 async_cb lib/isc/netmgr/netmgr.c:819:6
#9 uv__async_io /usr/src/libuv-v1.44.1/src/unix/async.c:163:5 (BuildId: 120c450d14885aa5308bc95c4ea77de2c2b1cc36)
#10 isc__trampoline_run lib/isc/trampoline.c:213:11 (BuildId: 6899e3b78cd26e2e0be1758888e5b949c65bdb33)
Location is heap block of size 3289 at 0x000000000016 allocated by thread T1:
#0 malloc <null> (BuildId: dbafb0d25d480c1049a7bd687a3c53a6f4aeace4)
#1 default_memalloc lib/isc/mem.c:716:8 (BuildId: 6899e3b78cd26e2e0be1758888e5b949c65bdb33)
#2 mem_get lib/isc/mem.c:625:8 (BuildId: 6899e3b78cd26e2e0be1758888e5b949c65bdb33)
#3 mem_allocateunlocked lib/isc/mem.c:1290:8
#4 isc___mem_allocate lib/isc/mem.c:1310:7
#5 isc__mem_allocate lib/isc/mem.c:2406:10 (BuildId: 6899e3b78cd26e2e0be1758888e5b949c65bdb33)
#6 isc___mem_get lib/isc/mem.c:1060:11 (BuildId: 6899e3b78cd26e2e0be1758888e5b949c65bdb33)
#7 isc__mem_get lib/isc/mem.c:2385:10 (BuildId: 6899e3b78cd26e2e0be1758888e5b949c65bdb33)
#8 dns_zone_create lib/dns/zone.c:1137:9 (BuildId: fcbd6258d04361cb62bc32ccf87eff93722e9925)
#9 dns_zonemgr_createzone lib/dns/zone.c:18828:11 (BuildId: fcbd6258d04361cb62bc32ccf87eff93722e9925)
#10 add_keydata_zone bin/named/./server.c:6789:2 (BuildId: dbafb0d25d480c1049a7bd687a3c53a6f4aeace4)
#11 configure_view_dnsseckeys bin/named/./server.c:1218:2 (BuildId: dbafb0d25d480c1049a7bd687a3c53a6f4aeace4)
#12 configure_view bin/named/./server.c:5515:2 (BuildId: dbafb0d25d480c1049a7bd687a3c53a6f4aeace4)
#13 load_configuration bin/named/./server.c:9136:3 (BuildId: dbafb0d25d480c1049a7bd687a3c53a6f4aeace4)
#14 loadconfig bin/named/./server.c:10322:11 (BuildId: dbafb0d25d480c1049a7bd687a3c53a6f4aeace4)
#15 named_server_reconfigcommand bin/named/./server.c:10724:2 (BuildId: dbafb0d25d480c1049a7bd687a3c53a6f4aeace4)
#16 named_control_docommand bin/named/control.c:252:12 (BuildId: dbafb0d25d480c1049a7bd687a3c53a6f4aeace4)
#17 control_recvmessage bin/named/controlconf.c:477:13 (BuildId: dbafb0d25d480c1049a7bd687a3c53a6f4aeace4)
#18 task_run lib/isc/task.c:859:5 (BuildId: 6899e3b78cd26e2e0be1758888e5b949c65bdb33)
#19 isc_task_run lib/isc/task.c:953:10
#20 process_netievent lib/isc/netmgr/netmgr.c (BuildId: 6899e3b78cd26e2e0be1758888e5b949c65bdb33)
#21 process_queue lib/isc/netmgr/netmgr.c:1009:8 (BuildId: 6899e3b78cd26e2e0be1758888e5b949c65bdb33)
#22 process_all_queues lib/isc/netmgr/netmgr.c:790:25 (BuildId: 6899e3b78cd26e2e0be1758888e5b949c65bdb33)
#23 async_cb lib/isc/netmgr/netmgr.c:819:6
#24 uv__async_io /usr/src/libuv-v1.44.1/src/unix/async.c:163:5 (BuildId: 120c450d14885aa5308bc95c4ea77de2c2b1cc36)
#25 isc__trampoline_run lib/isc/trampoline.c:213:11 (BuildId: 6899e3b78cd26e2e0be1758888e5b949c65bdb33)
Mutex M2 (0x000000000033) created at:
#0 pthread_mutex_init <null> (BuildId: dbafb0d25d480c1049a7bd687a3c53a6f4aeace4)
#1 isc__mutex_init lib/isc/pthreads/mutex.c:290:8 (BuildId: 6899e3b78cd26e2e0be1758888e5b949c65bdb33)
#2 dns_zone_create lib/dns/zone.c:1142:2 (BuildId: fcbd6258d04361cb62bc32ccf87eff93722e9925)
#3 dns_zonemgr_createzone lib/dns/zone.c:18828:11 (BuildId: fcbd6258d04361cb62bc32ccf87eff93722e9925)
#4 add_keydata_zone bin/named/./server.c:6789:2 (BuildId: dbafb0d25d480c1049a7bd687a3c53a6f4aeace4)
#5 configure_view_dnsseckeys bin/named/./server.c:1218:2 (BuildId: dbafb0d25d480c1049a7bd687a3c53a6f4aeace4)
#6 configure_view bin/named/./server.c:5515:2 (BuildId: dbafb0d25d480c1049a7bd687a3c53a6f4aeace4)
#7 load_configuration bin/named/./server.c:9136:3 (BuildId: dbafb0d25d480c1049a7bd687a3c53a6f4aeace4)
#8 loadconfig bin/named/./server.c:10322:11 (BuildId: dbafb0d25d480c1049a7bd687a3c53a6f4aeace4)
#9 named_server_reconfigcommand bin/named/./server.c:10724:2 (BuildId: dbafb0d25d480c1049a7bd687a3c53a6f4aeace4)
#10 named_control_docommand bin/named/control.c:252:12 (BuildId: dbafb0d25d480c1049a7bd687a3c53a6f4aeace4)
#11 control_recvmessage bin/named/controlconf.c:477:13 (BuildId: dbafb0d25d480c1049a7bd687a3c53a6f4aeace4)
#12 task_run lib/isc/task.c:859:5 (BuildId: 6899e3b78cd26e2e0be1758888e5b949c65bdb33)
#13 isc_task_run lib/isc/task.c:953:10
#14 process_netievent lib/isc/netmgr/netmgr.c (BuildId: 6899e3b78cd26e2e0be1758888e5b949c65bdb33)
#15 process_queue lib/isc/netmgr/netmgr.c:1009:8 (BuildId: 6899e3b78cd26e2e0be1758888e5b949c65bdb33)
#16 process_all_queues lib/isc/netmgr/netmgr.c:790:25 (BuildId: 6899e3b78cd26e2e0be1758888e5b949c65bdb33)
#17 async_cb lib/isc/netmgr/netmgr.c:819:6
#18 uv__async_io /usr/src/libuv-v1.44.1/src/unix/async.c:163:5 (BuildId: 120c450d14885aa5308bc95c4ea77de2c2b1cc36)
#19 isc__trampoline_run lib/isc/trampoline.c:213:11 (BuildId: 6899e3b78cd26e2e0be1758888e5b949c65bdb33)
Mutex M2 (0x000000000037) created at:
#0 pthread_rwlock_init <null> (BuildId: dbafb0d25d480c1049a7bd687a3c53a6f4aeace4)
#1 isc_rwlock_init lib/isc/rwlock.c:41:2 (BuildId: 6899e3b78cd26e2e0be1758888e5b949c65bdb33)
#2 dns_rbtdb_create lib/dns/rbtdb.c:8656:2 (BuildId: fcbd6258d04361cb62bc32ccf87eff93722e9925)
#3 dns_db_create lib/dns/db.c:120:13 (BuildId: fcbd6258d04361cb62bc32ccf87eff93722e9925)
#4 zone_load lib/dns/zone.c:2307:11 (BuildId: fcbd6258d04361cb62bc32ccf87eff93722e9925)
#5 dns_zone_load lib/dns/zone.c:2380:10 (BuildId: fcbd6258d04361cb62bc32ccf87eff93722e9925)
#6 load_zones bin/named/./server.c:9754:13 (BuildId: dbafb0d25d480c1049a7bd687a3c53a6f4aeace4)
#7 named_server_reconfigcommand bin/named/./server.c:10726:11 (BuildId: dbafb0d25d480c1049a7bd687a3c53a6f4aeace4)
#8 named_control_docommand bin/named/control.c:252:12 (BuildId: dbafb0d25d480c1049a7bd687a3c53a6f4aeace4)
#9 control_recvmessage bin/named/controlconf.c:477:13 (BuildId: dbafb0d25d480c1049a7bd687a3c53a6f4aeace4)
#10 task_run lib/isc/task.c:859:5 (BuildId: 6899e3b78cd26e2e0be1758888e5b949c65bdb33)
#11 isc_task_run lib/isc/task.c:953:10
#12 process_netievent lib/isc/netmgr/netmgr.c (BuildId: 6899e3b78cd26e2e0be1758888e5b949c65bdb33)
#13 process_queue lib/isc/netmgr/netmgr.c:1009:8 (BuildId: 6899e3b78cd26e2e0be1758888e5b949c65bdb33)
#14 process_all_queues lib/isc/netmgr/netmgr.c:790:25 (BuildId: 6899e3b78cd26e2e0be1758888e5b949c65bdb33)
#15 async_cb lib/isc/netmgr/netmgr.c:819:6
#16 uv__async_io /usr/src/libuv-v1.44.1/src/unix/async.c:163:5 (BuildId: 120c450d14885aa5308bc95c4ea77de2c2b1cc36)
#17 isc__trampoline_run lib/isc/trampoline.c:213:11 (BuildId: 6899e3b78cd26e2e0be1758888e5b949c65bdb33)
Thread T1 (running) created by main thread at:
#0 pthread_create <null> (BuildId: dbafb0d25d480c1049a7bd687a3c53a6f4aeace4)
#1 isc_thread_create lib/isc/pthreads/thread.c:81:8 (BuildId: 6899e3b78cd26e2e0be1758888e5b949c65bdb33)
#2 isc__netmgr_create lib/isc/netmgr/netmgr.c:355:3 (BuildId: 6899e3b78cd26e2e0be1758888e5b949c65bdb33)
#3 isc_managers_create lib/isc/managers.c:28:2 (BuildId: 6899e3b78cd26e2e0be1758888e5b949c65bdb33)
#4 create_managers bin/named/./main.c:1065:11 (BuildId: dbafb0d25d480c1049a7bd687a3c53a6f4aeace4)
#5 setup bin/named/./main.c:1397:11
#6 main bin/named/./main.c:1711:2
Thread T2 (running) created by main thread at:
#0 pthread_create <null> (BuildId: dbafb0d25d480c1049a7bd687a3c53a6f4aeace4)
#1 isc_thread_create lib/isc/pthreads/thread.c:81:8 (BuildId: 6899e3b78cd26e2e0be1758888e5b949c65bdb33)
#2 isc__netmgr_create lib/isc/netmgr/netmgr.c:355:3 (BuildId: 6899e3b78cd26e2e0be1758888e5b949c65bdb33)
#3 isc_managers_create lib/isc/managers.c:28:2 (BuildId: 6899e3b78cd26e2e0be1758888e5b949c65bdb33)
#4 create_managers bin/named/./main.c:1065:11 (BuildId: dbafb0d25d480c1049a7bd687a3c53a6f4aeace4)
#5 setup bin/named/./main.c:1397:11
#6 main bin/named/./main.c:1711:2
SUMMARY: ThreadSanitizer: data race lib/dns/zone.c:4127:26 in set_refreshkeytimer
```July 2023 (9.18.17, 9.18.17-S1, 9.19.15)Tony FinchTony Finchhttps://gitlab.isc.org/isc-projects/kea/-/issues/2560fix compilation warnings on ubuntu 22.042023-06-01T07:31:58ZRazvan Becheriufix compilation warnings on ubuntu 22.04current-stable-2.4Razvan BecheriuRazvan Becheriuhttps://gitlab.isc.org/isc-projects/kea/-/issues/2046make --with-gssapi work automatically in FreeBSD2022-06-15T06:05:53ZAndrei Pavelandrei@isc.orgmake --with-gssapi work automatically in FreeBSDThis is a copy-paste from QA jenkinsfiles showing a difference in compilation flags:
```
if (system == 'freebsd') {
cfgOpts += ' --with-gssapi=/usr/local/bin/krb5-config'
} else {
cfgOpts += ' --with-gssapi'
}
```
It would be nice if...This is a copy-paste from QA jenkinsfiles showing a difference in compilation flags:
```
if (system == 'freebsd') {
cfgOpts += ' --with-gssapi=/usr/local/bin/krb5-config'
} else {
cfgOpts += ' --with-gssapi'
}
```
It would be nice if --with-gssapi would also look in /usr/local/bin to find krb5-config automatically in FreeBSD.current-stable-2.4https://gitlab.isc.org/isc-projects/kea/-/issues/2965bump up version to 2.5.0-git in configure.ac2023-07-17T13:58:20ZMarcin Godzinabump up version to 2.5.0-git in configure.acbump up version to 2.5.0-git in configure.acbump up version to 2.5.0-git in configure.ackea2.4.0Marcin GodzinaMarcin Godzinahttps://gitlab.isc.org/isc-projects/bind9/-/issues/4192Release Checklist for BIND 9.18.17, 9.18.17-S1, 9.19.152023-07-28T13:57:04ZTom KrizekRelease Checklist for BIND 9.18.17, 9.18.17-S1, 9.19.15## Release Schedule
**Code Freeze:** Wednesday, 5 July 2023
**Tagging Deadline:** Monday, 10 July 2023
**Public Release:** Wednesday, 19 July 2023
## Documentation Review Links
**Closed issues assigned to the milestone without a re...## Release Schedule
**Code Freeze:** Wednesday, 5 July 2023
**Tagging Deadline:** Monday, 10 July 2023
**Public Release:** Wednesday, 19 July 2023
## Documentation Review Links
**Closed issues assigned to the milestone without a release note:**
- [9.18.17](https://gitlab.isc.org/isc-projects/bind9/-/issues?scope=all&sort=created_asc&state=closed&milestone_title=July+2023+%289.16.43%2C+9.16.43-S1%2C+9.18.17%2C+9.18.17-S1%2C+9.19.15%29¬%5Blabel_name%5D%5B%5D=Release+Notes¬%5Blabel_name%5D%5B%5D=Duplicate&label_name%5B%5D=v9.18)
- [9.18.17-S1](https://gitlab.isc.org/isc-private/bind9/-/issues?scope=all&sort=created_asc&state=closed&milestone_title=July+2023+%289.16.43%2C+9.16.43-S1%2C+9.18.17%2C+9.18.17-S1%2C+9.19.15%29¬%5Blabel_name%5D%5B%5D=Release+Notes¬%5Blabel_name%5D%5B%5D=Duplicate&label_name%5B%5D=v9.18-S)
- [9.19.15](https://gitlab.isc.org/isc-projects/bind9/-/issues?scope=all&sort=created_asc&state=closed&milestone_title=July+2023+%289.16.43%2C+9.16.43-S1%2C+9.18.17%2C+9.18.17-S1%2C+9.19.15%29¬%5Blabel_name%5D%5B%5D=Release+Notes¬%5Blabel_name%5D%5B%5D=Duplicate&label_name%5B%5D=v9.19)
**Merge requests merged into the milestone without a release note:**
- [9.18.17](https://gitlab.isc.org/isc-projects/bind9/-/merge_requests?scope=all&sort=merged_at&state=merged&milestone_title=July+2023+%289.16.43%2C+9.16.43-S1%2C+9.18.17%2C+9.18.17-S1%2C+9.19.15%29¬%5Blabel_name%5D%5B%5D=Release+Notes&target_branch=bind-9.18)
- [9.18.17-S1](https://gitlab.isc.org/isc-private/bind9/-/merge_requests?scope=all&sort=merged_at&state=merged&milestone_title=July+2023+%289.16.43%2C+9.16.43-S1%2C+9.18.17%2C+9.18.17-S1%2C+9.19.15%29¬%5Blabel_name%5D%5B%5D=Release+Notes&target_branch=bind-9.18-sub)
- [9.19.15](https://gitlab.isc.org/isc-projects/bind9/-/merge_requests?scope=all&sort=merged_at&state=merged&milestone_title=July+2023+%289.16.43%2C+9.16.43-S1%2C+9.18.17%2C+9.18.17-S1%2C+9.19.15%29¬%5Blabel_name%5D%5B%5D=Release+Notes&target_branch=main)
**Merge requests merged into the milestone without a `CHANGES` entry:**
- [9.18.17](https://gitlab.isc.org/isc-projects/bind9/-/merge_requests?scope=all&sort=merged_at&state=merged&milestone_title=July+2023+%289.16.43%2C+9.16.43-S1%2C+9.18.17%2C+9.18.17-S1%2C+9.19.15%29&label_name%5B%5D=No+CHANGES&target_branch=bind-9.18)
- [9.18.17-S1](https://gitlab.isc.org/isc-private/bind9/-/merge_requests?scope=all&sort=merged_at&state=merged&milestone_title=July+2023+%289.16.43%2C+9.16.43-S1%2C+9.18.17%2C+9.18.17-S1%2C+9.19.15%29&label_name%5B%5D=No+CHANGES&target_branch=bind-9.18-sub)
- [9.19.15](https://gitlab.isc.org/isc-projects/bind9/-/merge_requests?scope=all&sort=merged_at&state=merged&milestone_title=July+2023+%289.16.43%2C+9.16.43-S1%2C+9.18.17%2C+9.18.17-S1%2C+9.19.15%29&label_name%5B%5D=No+CHANGES&target_branch=main)
## Release Checklist
### Before the Code Freeze
- [x] ***(QA)*** Rebase -S editions on top of current open-source versions: `git checkout bind-9.18-sub && git rebase origin/bind-9.18`
- [x] ***(QA)*** [Inform](https://gitlab.isc.org/isc-private/bind-qa/-/blob/master/bind9/releng/inform_supp_marketing.py) Support and Marketing of impending release (and give [estimated release dates](https://mattermost.isc.org/isc/pl/6u5eatsd9bf5unenu5r5t4mxie)).
- [x] ***(QA)*** [Ensure there are no permanent test failures on any platform.](https://mattermost.isc.org/isc/pl/cq89fgy7midixee1tyc3nhd1dr) Check [public](https://gitlab.isc.org/isc-projects/bind9/-/pipelines?scope=all&source=schedule) and [private](https://gitlab.isc.org/isc-private/bind9/-/pipelines?scope=all&source=schedule) scheduled pipelines.
- [x] ***(QA)*** Check [Perflab](https://perflab.isc.org/) to ensure there has been no unexplained drop in performance for the versions being released.
- [x] ***(QA)*** [Check whether all issues assigned to the release milestone are resolved[^1].](https://mattermost.isc.org/isc/pl/ekdezbkzkbgeuydmatcoqbmxoy)
- [x] ***(QA)*** Ensure that there are no outstanding [merge requests in the private repository](https://gitlab.isc.org/isc-private/bind9/-/merge_requests/)[^1] (Subscription Edition only).
- [x] ***(QA)*** [Ensure](https://gitlab.isc.org/isc-private/bind-qa/-/blob/master/bind9/releng/check_backports.py) all merge requests marked for backporting have been indeed backported.
- [x] ***(QA)*** [Announce](https://mattermost.isc.org/isc/pl/34zcuzo67frrmftia59cztfrpr) (on Mattermost) that the code freeze is in effect.
### Before the Tagging Deadline
- [x] ***(QA)*** Ensure [release](isc-private/bind9!550) [notes](isc-private/bind9!551) are correct, ask Support and Marketing to check them as well. [Example](https://gitlab.isc.org/isc-private/bind9/-/merge_requests/510)
- [x] ***(QA)*** Add a [release](isc-private/bind9@5beb2835ad620552a73e8f5022c0c991c0f5fc9d) [marker](isc-private/bind9@9a292d18d92e52f9d1819d37b1d52f10dc486684) to `CHANGES`. Examples: [9.18](https://gitlab.isc.org/isc-projects/bind9/-/commit/f14d8ad78c0506fd4247187f2177f8eceeb6b3b9), [9.16](https://gitlab.isc.org/isc-projects/bind9/-/commit/1bcdf21874f99a00da389d723e0ad07dfd70f9f1)
- [x] ***(QA)*** Add a [release marker](isc-private/bind9@2333391bba689bcb9abbed795926d5d53d52ff4e) to `CHANGES.SE` (Subscription Edition only). [Example](https://gitlab.isc.org/isc-private/bind9/-/commit/0f03d5737bcbdaa1bf713c6db1887b14938c3421)
- [x] ***(QA)*** [Update](isc-private/bind9@9127376fb17f506382f3261eef4e042ffbcfa605) BIND 9 [version](isc-private/bind9@42ca7611bd9bf66acf0e4be1caa59d694bb2542a) in `configure.ac` ([9.18+](https://gitlab.isc.org/isc-projects/bind9/-/commit/3c85ab7f4c35e6d8acef1393606002a0a8730100)) or `version` ([9.16](https://gitlab.isc.org/isc-projects/bind9/-/merge_requests/7692/diffs?commit_id=1bcdf21874f99a00da389d723e0ad07dfd70f9f1)).
- [x] ~~***(QA)*** Rebuild `configure` using Autoconf on `docs.isc.org` (9.16).~~
- [x] ~~***(QA)*** Update GitLab settings for all maintained branches to disallow merging to them: [public](https://gitlab.isc.org/isc-projects/bind9/-/settings/repository), [private](https://gitlab.isc.org/isc-private/bind9/-/settings/repository)~~
- [x] ***(QA)*** [Tag](https://gitlab.isc.org/isc-private/bind9/-/tags/v9.19.15) [the](https://gitlab.isc.org/isc-private/bind9/-/tags/v9.18.17) [releases](https://gitlab.isc.org/isc-private/bind9/-/tags/v9.18.17-S1) in the private repository (`git tag -s -m "BIND 9.x.y" v9.x.y`).
### Before the ASN Deadline (for ASN Releases) or the Public Release Date (for Regular Releases)
- [x] ***(QA)*** Check that the formatting is correct for HTML and PDF versions of release notes.
- [x] ***(QA)*** Check that the formatting of the generated man pages is correct.
- [x] ***(QA)*** [Verify GitLab CI results for the tags created and sign off on the releases to be published.](#note_387391)
- [x] ~~***(QA)*** Update GitLab settings for all maintained branches to allow merging to them again: [public](https://gitlab.isc.org/isc-projects/bind9/-/settings/repository), [private](https://gitlab.isc.org/isc-private/bind9/-/settings/repository)~~
- [x] ***(QA)*** Prepare and merge MRs resetting the release notes and updating the version string for each maintained branch: [9.16](https://gitlab.isc.org/isc-projects/bind9/-/merge_requests/7652/diffs) and [newer](https://gitlab.isc.org/isc-projects/bind9/-/merge_requests/7651/diffs)
- [x] ***(QA)*** [Announce (on Mattermost) that the code freeze is over.](https://mattermost.isc.org/isc/pl/yjnjw4x8htga3n1o9gt43zqd3r)
- [x] ***(QA)*** [Request signatures for the tarballs, providing their location and checksums. Ask signers on Mattermost.](https://mattermost.isc.org/isc/pl/yi996dsoatg73bzsjhkefdymqc)
- [x] ***(Signers)*** Ensure that the contents of tarballs and tags are identical.
- [x] ***(Signers)*** Validate tarball checksums, sign tarballs, and upload signatures.
- [x] ***(QA)*** Verify tarball signatures and check tarball checksums again: Run `publish_bind.sh` on repo.isc.org to pre-publish.
- [x] ***(Support)*** Pre-publish ASN and/or Subscription Edition tarballs so that packages can be built.
- [x] ***(QA)*** [Build and test ASN and/or Subscription Edition packages](https://gitlab.isc.org/isc-private/rpms/bind/-/pipelines/142510) (in [cloudsmith branch in private repo](https://gitlab.isc.org/isc-private/rpms/bind/-/tree/cloudsmith)). [Example](https://gitlab.isc.org/isc-private/rpms/bind/-/commit/e2512f4cfaf991827a635e374e7e93b27a5f38ba)
- [x] ***(QA)*** ~~Prepare the `patches/` subdirectory for each security release (if applicable).~~
- [x] ***(QA)*** [Notify Support that the releases have been prepared.](https://mattermost.isc.org/isc/pl/dg859dqju3gqjyudk4mjbb1sma)
- [x] ***(Support)*** ~~Send out ASNs (if applicable).~~
### On the Day of Public Release
- [x] ***(Support)*** ~~Wait for clearance from Security Officer to proceed with the public release (if applicable).~~
- [x] ***(Support)*** [Place tarballs in public location on FTP site.](https://mattermost.isc.org/isc/pl/ajffqdw81b8abjtwag5t7qrdze)
- [x] ***(Support)*** Publish links to downloads on ISC website. [Example](https://gitlab.isc.org/website/theme-staging-site/-/commit/1ac7b30b73cb03228df4cd5651fa4e774ac35625)
- [x] ***(Support)*** Add the new releases to the [vulnerability matrix in the Knowledge Base](https://kb.isc.org/docs/aa-00913).
- [x] ***(Support)*** [Write release email to *bind-announce*.](https://gitlab.isc.org/isc-private/printing-press/-/merge_requests/64#note_389459) [Example](https://lists.isc.org/pipermail/bind-announce/2023-March/001231.html)
- [x] ***(Support)*** ~~Write email to *bind-users* (if a major release). [Example](https://lists.isc.org/pipermail/bind-users/2022-January/105624.html)~~
- [x] ***(Support)*** Send eligible customers updated links to the Subscription Edition (update the -S edition delivery tickets, even if those links were provided earlier via an ASN ticket).
- [x] ***(Support)*** Update tickets in case of waiting support customers.
- [x] ***(QA)*** [Build and test any outstanding private packages in private repo](https://gitlab.isc.org/isc-private/rpms/bind/-/pipelines/143091). [Example](https://gitlab.isc.org/isc-private/rpms/bind/-/commit/2007d566db81dd9dfd79e571e2f600a3bc284da4)
- [x] ***(QA)*** Build [public](https://copr.fedorainfracloud.org/coprs/isc/bind-dev/build/6185451/) [RPMs](https://copr.fedorainfracloud.org/coprs/isc/bind/build/6185452/). [Example commit](https://gitlab.isc.org/isc-packages/rpms/bind/-/commit/3b5e851ea7c4e3570371a4878b5461f02a44f8cc) which triggers [Copr builds](https://copr.fedorainfracloud.org/coprs/isc/) automatically
- [x] ***(SwEng)*** Build Debian/Ubuntu packages.
- [x] ***(SwEng)*** Update Docker files [here](https://gitlab.isc.org/isc-projects/bind9-docker/-/branches) and make sure push is synchronized to [GitHub](https://github.com/isc-projects/bind9-docker). [Docker Hub](https://hub.docker.com/r/internetsystemsconsortium/bind9) should pick it up automatically. [Example](https://gitlab.isc.org/isc-projects/bind9-docker/-/commit/cada7e10e9af951595c98bfffc4bd42512faac05)
- [x] ***(QA)*** Inform Marketing of the release.
- [x] ***(Marketing)*** Post a short note to Mastodon.
- [x] ***(Marketing)*** Update [Wikipedia entry for BIND](https://en.wikipedia.org/wiki/BIND).
- [x] ***(Marketing)*** ~~Write blog article (if a major release).~~
- [x] ***(QA)*** Ensure all new tags are annotated and signed. `git show --show-signature v9.19.12`
- [x] ***(QA)*** Push tags for the published releases to the public repository.
- [x] ***(QA)*** Merge published release tags (non-linearly) back into the their relevant development/maintenance branches. [Step 7 of the new workflow](https://gitlab.isc.org/isc-projects/bind9/-/merge_requests/6124#new-workflow)
- [x] ***(QA)*** Sanitize confidential issues which are assigned to the current release milestone and do not describe a security vulnerability, then make them public.
- [x] ***(QA)*** Sanitize [confidential issues](https://gitlab.isc.org/isc-projects/bind9/-/issues/?sort=milestone_due_desc&state=opened&confidential=yes) which are assigned to older release milestones and describe security vulnerabilities, then make them public if appropriate[^2].
- [x] ***(QA)*** [Update QA tools](https://gitlab.isc.org/isc-projects/images/-/merge_requests/255) used in GitLab CI (e.g. Black, PyLint, Sphinx) by modifying the relevant [`Dockerfile`](https://gitlab.isc.org/isc-projects/images/-/merge_requests/228/diffs).
- [x] ***(QA)*** Run a [pipeline](https://gitlab.isc.org/isc-projects/images/-/pipelines/143230) to [rebuild](https://gitlab.isc.org/isc-projects/images/-/pipelines/143226) [all](https://gitlab.isc.org/isc-projects/images/-/pipelines/143429) [images](https://gitlab.isc.org/isc-projects/images) used in GitLab CI.
- [x] ***(QA)*** Update [`metadata.json`](https://gitlab.isc.org/isc-private/bind-qa/-/blob/master/bind9/releng/metadata.json) with the [upcoming release information](https://gitlab.isc.org/isc-private/bind-qa/-/merge_requests/78).
[^1]: If not, use the time remaining until the tagging deadline to ensure all outstanding issues are either resolved or moved to a different milestone.
[^2]: As a rule of thumb, security vulnerabilities which have reproducers merged to the public repository are considered okay for full disclosure.July 2023 (9.18.17, 9.18.17-S1, 9.19.15)Tom KrizekTom Krizek2023-07-19https://gitlab.isc.org/isc-projects/kea/-/issues/2956Sanity checks for Kea 2.4.0 rc12023-07-06T10:07:49ZMarcin GodzinaSanity checks for Kea 2.4.0 rc1We are now at step SANITY CHECKS of Kea 2.4.0 rc1.
Please verify the tarballs and packages according to [chapter `4. Sanity Checks` of the release procedure](https://gitlab.isc.org/isc-private/qa-dhcp/-/wikis/Kea/Release-Process#user-co...We are now at step SANITY CHECKS of Kea 2.4.0 rc1.
Please verify the tarballs and packages according to [chapter `4. Sanity Checks` of the release procedure](https://gitlab.isc.org/isc-private/qa-dhcp/-/wikis/Kea/Release-Process#user-content-4-sanity-checks) and according to your imagination.
Before starting, please state what you are checking in a thread/discussion (not as comment).
When you finish a check, state in the same thread/discussion what the result is.
This way we know what is covered upfront and we can avoid repeating ourselves.
#### Tarballs on repo.isc.org
* `/data/shared/sweng/kea/releases/2.4.0-rc1`
* `/data/shared/sweng/kea/releases/premium-2.4.0-rc1`
* `/data/shared/sweng/kea/releases/subscription-2.4.0-rc1`
* `/data/shared/sweng/kea/releases/enterprise-2.4.0-rc1`
```
SHA256 (kea-2.4.0.tar.gz) = 3a33cd08dc3319ff544e6bbf2c0429042106f4051ebe115dc1bb2625c95003f7
SHA256 (kea-enterprise-2.4.0.tar.gz) = a957e95a2fa74c2281bd54f1e092ab60c3b872ab5c863b7ac3566cad5ff5b9ce
SHA256 (kea-premium-2.4.0.tar.gz) = 8953dbf9f79699dc6a2a60e53d9e27b3be1ace3b7e8ef1c8ee3ce96a56415175
SHA256 (kea-subscription-2.4.0.tar.gz) = e9dbd865ed22bc8c1845c80b418eac67e690f6cdaedd192d81130f07beb8e8b2
```
#### Packages on packages.aws.isc.org
* [APK: 2.4.0-r20230630120747](https://packages.aws.isc.org/#browse/search/raw=format%3Draw%20AND%20name.raw%3D*r20230630120747.apk)
* [deb: 2.4.0-isc20230630120747](https://packages.aws.isc.org/#browse/search/apt=format%3Dapt%20AND%20version%3D2.4.0-isc20230630120747)
* [RPM: 2.4.0-isc20230630120747.\[os\]](https://packages.aws.isc.org/#browse/search/yum=format%3Dyum%20AND%20version%3D2.4.0-isc20230630120747*)
You can find the name for all the packages attached as build artifacts in the pkg job: https://jenkins.aws.isc.org/job/kea-2.4/job/pkg/6/
Instructions for installing packages are at point 9 of [chapter `4. Sanity Checks` of the release procedure](https://gitlab.isc.org/isc-private/qa-dhcp/-/wikis/Kea/Release-Process#user-content-4-sanity-checks).kea2.4.0https://gitlab.isc.org/isc-projects/kea/-/issues/2951configure.ac is enabling kea-shell when it was skipped on purpose by user whe...2023-06-29T12:01:58ZPiotrek Zadrogaconfigure.ac is enabling kea-shell when it was skipped on purpose by user when --enable-generate-docs is usedPlease consider an example when configuring kea before build :
`./configure --enable-generate-docs`
After makefiles are generated, one can see that `kea-shell` was also enabled, which was not intended by a user :
`Kea-shell: ...Please consider an example when configuring kea before build :
`./configure --enable-generate-docs`
After makefiles are generated, one can see that `kea-shell` was also enabled, which was not intended by a user :
`Kea-shell: yes`.
It is a result of a bug in `configure.ac`.kea2.4.0Piotrek ZadrogaPiotrek Zadrogahttps://gitlab.isc.org/isc-projects/kea/-/issues/29382.4.0 release checklist2023-07-06T15:13:20ZMarcin Godzina2.4.0 release checklist# Kea Release Checklist
This is thoroughly documented in [the Kea Release Process guide](https://wiki.isc.org/bin/view/QA/KeaReleaseProcess).
## Pre-Release Preparation
Some of those checks and updates can be made before the actual fr...# Kea Release Checklist
This is thoroughly documented in [the Kea Release Process guide](https://wiki.isc.org/bin/view/QA/KeaReleaseProcess).
## Pre-Release Preparation
Some of those checks and updates can be made before the actual freeze.
For new stable releases or maintenance releases, please don't use `kea-dev` build farm. Use dedicated build farm for each release cycle.
1. Check Jenkins results:
1. [x] Check Jenkins jobs for failures: [distcheck](https://jenkins.aws.isc.org/job/kea-dev/job/distcheck/), etc...
1. [x] Check [Jenkins Tests Report](https://jenkins.aws.isc.org/job/kea-dev/job/jenkins-tests-report/).
1. [x] Check [tarball check report](https://jenkins.aws.isc.org/job/kea-dev/job/build-tarball/Kea_20Build_20Checks/)
1. [x] Check [Performance Test Results](https://jenkins.isc.org/job/kea-dev/job/performance/KeaPerformanceReport/) in Jenkins for drops in performance.
1. Check versioning, ask the development team if:
- the library versions are being updated
- `KEA_HOOKS_VERSION` is being updated
- [x] create an issue for that for developers in Gitlab
- script: [./tools/bump-lib-versions.sh](https://gitlab.isc.org/isc-projects/kea/-/blob/master/tools/bump-lib-versions.sh) Kea-q.w.e Kea-a.b.c (where `a.b.c` is the version to be released and `q.w.e` is the version previous to that)
1. [x] Look at the issue numbers in commit descriptions. Add to ChangeLog a mention about any change with visible impact that had not been mentioned already.
1. If any changes have been done to database schemas, then:
1. [x] ~~Check that a previously released schema has not been changed.~~
1. [x] Check that the additions to `dhcpdb_create.*sql`, and nothing more nor less than what was added in this release, is present in a `upgrade_*_to_*.sh.in` script that should also have been added in this release.
1. Prepare Release Notes
1. [x] Create Release Notes on Kea GitLab wiki and notify @tomek about that. It should be created under "release notes" directory, like this one: https://gitlab.isc.org/isc-projects/kea/-/wikis/release%20notes/release-notes-2.1.0
1. [x] Finish release notes and conduct its review. Also please notify @sgoldlust or @vicky that release notes are ready for review.
1. [x] Check that packges can be uploaded to cloudsmith.
1. Go to [release-upload-to-cloudsmith](https://jenkins.aws.isc.org/job/kea-dev/job/release-upload-to-cloudsmith/).
1. Click `Build with Parameters`.
1. Pick the latest pkg build in the `Packages` field, and the corresponding tarball build in the `Tarball` field, leave the rest as they are `PrivPubRepos: "private"`, `TarballOrPkg: "packages"`, `TestProdRepos: "testing"` and click `Build`.
1. If a new Cloudsmith repository is used, then:
1. [x] Make sure freeradius packages are uploaded to the Cloudsmith repository or copied from a previous repository.
1. [x] Make sure access tokens have been synchronized from previous Cloudsmith repositories and to the [check-pkgs.py](https://gitlab.isc.org/isc-private/qa-dhcp/-/blob/master/kea/pkgs-check/check-pkgs.py) QA tool.
1. [x] Check if ReadTheDocs can build Kea documentation. Alternatively, look for failures in emails if you know that the ReadTheDocs webhook is working.
1. Trigger rebuilding docs on [readthedocs.org](https://readthedocs.org/projects/kea/builds) and wait for the build to complete.
The following steps may involve changing files in the repository.
1. [x] Run [update-code-for-release.py](https://gitlab.isc.org/isc-private/qa-dhcp/-/blob/master/kea/build/update-code-for-release.py) <br>
Example command: `GITLAB_TOKEN='...' ./update-code-for-release.py 1.9.7 --repo-dir ~/isc/repos/kea/` Use `--upload` to commit changes. <br>
Help: `GITLAB_TOKEN="..." ./update-code-for-release.py --help`<br>
This script makes the following changes and actions:
1. run prepare_kea_release.sh that does:
1. add release entries in ChangeLogs
1. update Kea version in configure.ac
1. update copyright years in files that were changed in current year
1. sort message files
1. regenerate message files headers
2. regenerate parsers using Bison from Docker<br>
With `--upload`:
3. create an issue in GitLab for release changes in kea repo
4. create branches and merge requests for kea and kea-premium
5. commit the changes in both repos
6. checkout created branches in both repos
7. commit and push the changes to GitLab server
1. Check manually User's Guide sections:
1. Chapter 1. Introduction
1. [x] On what platforms we are running tests using Jenkins? Update Supported Platforms in platforms.rst file.
1. [x] Did we add any additional 3rd party software? Update if needed
1. [x] Is there a new tool installed in bin or sbin released this time? If yes, is it documented?
1. Chapter 2. Quick Start
1. [x] Has the default installation process changed (for kea and hooks)? If yes, are those changes documented and highlighted in the release notes?
1. Chapter 3. Installation
1. [x] Check installation hierarchy (this is also automatically checked at the end of [ut-extended job](https://jenkins.aws.isc.org/job/kea-dev/job/ut-extended/))
1. [x] Check and update Build Requirements
1. [x] Check configure options against what `./configure -h` says
1. [x] Check ChangeLog entries in Kea main and premium: spelling, trailing whitespaces, etc.
1. [x] Check AUTHORS, INSTALL, README files in Kea main and premium.
- AUTHORS: update credits
- README: check "provides" with Release Notes, User Guide (1.3 Kea Software)
1. [x] If changes were made, commit the change, push the branch to the main repository and request a review. Once the changes have been approved, merge the MR to master.
## Build selection, tarballs upload and sanity checks
This is the last moment to freeze code! :snowflake:
1. [x] Go to [build-tarball](https://jenkins.aws.isc.org/job/kea-dev/job/build-tarball/) Jenkins job and pick the last tarball built - it will be a release candidate.
1. [x] Check tarball before requesting sanity checks from the development team.
1. Download tarballs from picked Jenkins build
1. Check hook libraries.
1. Are there any new hook libraries installed in this release?
1. Are they in the proper tarball? Premium or subscription?
1. Do they have their own package?
1. Check sizes - is the new package reasonable?
1. Check installation tree, compare it with the previous release
1. Check installed libraries.
1. which were updated? (save results)
1. Do any of the libraries from the current release have lower version than in the previous release?
1. Uninstall Kea, check what left (there should be just configuration files)
1. Check if each of the installed binaries has a man page.
1. If not, is the binary included in the tarball? That might explain it.
1. Are man pages up to date?
1. Check if documentation is properly formatted, has correct versions and dates.
1. It's advised to search for previous version numbers, some of them are statically added in statements that are no longer valid.
1. [x] Upload tarballs to repo.isc.org using Jenkins and send sanity checks request.
1. Go to [release-tarball-upload](https://jenkins.aws.isc.org/job/kea-dev/job/release-tarball-upload/) Jenkins job.
1. Click `Build with Parameters`.
1. In field `Tarball` select picked tarball build.
1. In field `Pkg` select the corresponding pkg job.
1. In field `Release_Candidate` pick:
1. `rc1` if this is the first selected build for release, it will push the selected tarballs to repo.isc.org, to a directory suffixed with indicated rc#
1. next rc# if this is a respin after some fixes (note: it is not possible to pick previous rc number - it will result in an error)
1. Submit the job that will automatically:
1. Upload the tarballs <br>
and if this is not the final version:
1. Create a GitLab issue for sanity checks, put there the announcement
1. Send Sanity Checks announcement on the Kea/DHCP channel on Mattermost.<br>
The announcement includes:
- a link to chapter 4 Sanity Checks of the release process: [KeaReleaseProcess - SanityChecks](https://wiki.isc.org/bin/view/QA/KeaReleaseProcess#4.%20Sanity%20Checks)
- a link to the GitLab issue
- tarballs locations with SHA256 checksums
- rpm/deb packages locations and versions
## Releasing Tarballs and Packages
1. [x] Update Release Notes with ChangeLog entries
1. [x] Mark Jenkins jobs with release artifacts to be kept forever and update description of build by adding there version of released kea (e.g. Kea-2.2.2): <br>
Go to the following Jenkins jobs, click release build and then, on the build page, click `Keep this build forever` button and edit description: <br>
1. [build-tarball](https://jenkins.aws.isc.org/job/kea-dev/job/build-tarball/)
1. [pkg job](https://jenkins.aws.isc.org/job/kea-dev/job/pkg/)
1. [x] Upload final tarballs to repo.isc.org.
1. Go to [release-tarball-upload](https://jenkins.aws.isc.org/job/kea-dev/job/release-tarball-upload/) Jenkins job.
1. Click `Build with Parameters`.
1. In field `Tarball` select picked tarball build.
1. In field `Pkg` select the corresponding pkg job.
1. In field `Release_Candidate` pick `final`. <br>
This job will also:
- open an issue on [the signing repository](https://gitlab.isc.org/isc-private/signing/-/issues) for signing final tarballs on repo.isc.org
- create Git tags `Kea-a.b.c` in Kea main and premium repositories
- if release engineer is holding personal signing key, please use [sign, verify, and upload script](https://gitlab.isc.org/isc-private/qa-dhcp/-/blob/master/kea/build/sign_kea_and_upload_asc.sh)
- if release enginner do NOT have signing key, please contact team member.
1. [x] Upload final RPM & DEB packages, tarballs and sign files to cloudsmith.io
1. Go to [release-upload-to-cloudsmith](https://jenkins.aws.isc.org/job/kea-dev/job/release-upload-to-cloudsmith/).
1. Click `Build with Parameters`.
1. Pick your selected pkg build in the `Packages` field, the corresponding tarball build in the `Tarball` field, `PrivPubRepos: "both"`, `TarballOrPkg: "both"`, `TestProdRepos: "production"` and click `Build`.
- This step also verifies sign files.
1. When it finishes run check: [releases-pkgs-check](https://jenkins.aws.isc.org/job/kea-dev/job/release-pkgs-check/).
1. [x] Rebase v2_4 repo onto master
1. [x] Correct 2.4 tags in Kea and Premium
1. [x] Update ReadTheDocs
1. Trick ReadTheDocs into pulling the latest tags. Click `Build version` on [readthedocs.org](https://readthedocs.org/projects/kea/builds).
1. Publish currently released version. On the `Versions` tab, scroll down to `Activate a version`, search for `kea-a.b.c` and click `Activate`.
1. If it's a stable release, change the default version to point to this stable release. `Admin -> Advanced Settings -> Default version* -> Kea-a.b.c`.
1. [x] Create an issue and a merge request to bump up Kea version in `configure.ac` to next development version which could be, based on just released version `a.b.c`:
* `a.b.z-git` where `z == c + 1` most of the time, or
* `a.y.0-git` where `y == b + 2` if a new development series starts, or
* `x.1.0-git` where `x == a + 1` when the released minor version `b` is 9 and `a.b.c` was the last version in the development series and a new development version is coming up next.
1. [x] Send a request for publishing the release on the Support Mattermost channel linking the Signing issue and the release checklist issue.
## Cleaning up
1. [x] Disable redeploy on nexus repo
### On the Day of Public Release
- [x] ***(Support)*** Wait for clearance from Security Officer to proceed with the public release (if applicable).
- [x] ***(Support)*** Confirm that the tarballs have the checksums mentioned on the signing ticket.
- [x] ***(Support)*** Place tarballs in public location on FTP site.
- [x] ***(Support)*** Publish links to downloads on ISC website.
- [x] ***(Support)*** Write release email to *kea-announce*.
- [x] ***(Support)*** Write email to *kea-users* (if a major release).
- [x] ***(Support)*** Send eligible customers updated links to the Subscription software FTP site.
- [x] ***(Support)*** If it is a new `major.minor` version, SWENG will have created a new repo in Cloudsmith, which will need the customer tokens migrated from an existing repo. Then update support customers that this new private repo exists.
- [x] ***(Support)*** Update tickets in case of waiting for support customers.
- [x] ***(Support)*** Inform Marketing of the release.
- [x] ***(Marketing)*** If a new Cloudsmith repository is used, update the Zapier scripts.
- [x] ***(Marketing)*** Upload Premium hooks tarball to SendOwl. Create a new product if a new branch, otherwise update existing product. Send notifications to existing subscribers of the new version.
- [x] ***(Marketing)*** Announce on social media.
- [x] ***(Marketing)*** Update [Wikipedia entry for Kea](https://en.wikipedia.org/wiki/Kea_(software)).
- [x] ***(Marketing)*** Write blog article (if a major release).
- [ ] ~~***(Marketing)*** Update [Kea page on web site if any new hooks]~~(https://www.isc.org/kea/).
- [ ] ~~***(Marketing)*** Update Kea Premium and Kea Subscription data sheets if any new hooks.~~
- [x] ***(Marketing)*** Update [significant features matrix](https://kb.isc.org/docs/en/aa-01615) (if any significant new features).
- [x] ***(Marketing)*** Update [Kea documentation page in KB](https://kb.isc.org/docs/en/kea-administrator-reference-manual).kea2.4.0