1. 23 Feb, 2021 19 commits
    • Michal Nowak's avatar
      Initialize checknames field in dns_view_create() · 0c6fa164
      Michal Nowak authored
      The 'checknames' field wasn't initialized in dns_view_create(), but it
      should otherwise AddressSanitizer identifies the following runtime error
      in query_test.c.
      
          runtime error: load of value 190, which is not a valid value for type '_Bool'
      0c6fa164
    • Michal Nowak's avatar
      Revert "Initialize checknames field in query_test.c" · 40b6db58
      Michal Nowak authored
      This reverts commit c75484c4.
      40b6db58
    • Michal Nowak's avatar
      Initialize checknames field in query_test.c · efe11d43
      Michal Nowak authored
      'checknames' field of struct dns_view is not initialized by
      dns_view_create(). ASAN identified this as runtime error:
      
          runtime error: load of value 190, which is not a valid value for type '_Bool'
      efe11d43
    • Michal Nowak's avatar
      Merge branch 'mnowak/alpine-3.13' into 'main' · 63c7300f
      Michal Nowak authored
      Add Alpine Linux 3.13
      
      See merge request !4724
      63c7300f
    • Michal Nowak's avatar
      Add Alpine Linux 3.13 · 909c85f7
      Michal Nowak authored
      909c85f7
    • Michal Nowak's avatar
      Merge branch 'mnowak/pairwise-pict-keep-stderr' into 'main' · ed13fb7a
      Michal Nowak authored
      Do not remove stderr from pict output
      
      See merge request !4727
      ed13fb7a
    • Michal Nowak's avatar
      Do not remove stderr from pict output · 079debaa
      Michal Nowak authored
      Removing stderr from the pict tool serves no purpose and drops valuable
      information, we might use when debugging failed pairwise CI job, such
      as:
      
          Input Error: A parameter names must be unique
      079debaa
    • Mark Andrews's avatar
      Merge branch '2508-cid-320481-null-pointer-dereferences-reverse_inull' into 'main' · 076bb4f9
      Mark Andrews authored
      Resolve "CID 320481:  Null pointer dereferences  (REVERSE_INULL)"
      
      Closes #2508
      
      See merge request !4722
      076bb4f9
    • Mark Andrews's avatar
      Silence CID 320481: Null pointer dereferences · 658c950d
      Mark Andrews authored
          *** CID 320481:  Null pointer dereferences  (REVERSE_INULL)
          /bin/tests/wire_test.c: 261 in main()
          255     			process_message(input);
          256     		}
          257     	} else {
          258     		process_message(input);
          259     	}
          260
             CID 320481:  Null pointer dereferences  (REVERSE_INULL)
             Null-checking "input" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
          261     	if (input != NULL) {
          262     		isc_buffer_free(&input);
          263     	}
          264
          265     	if (printmemstats) {
          266     		isc_mem_stats(mctx, stdout);
      658c950d
    • Mark Andrews's avatar
      Merge branch '2493-cid-281450-dereference-before-null-check-reverse_inull' into 'main' · 3e9fba94
      Mark Andrews authored
      Resolve "CID 281450: Dereference before null check (REVERSE_INULL)"
      
      Closes #2493
      
      See merge request !4684
      3e9fba94
    • Mark Andrews's avatar
      Silence CID 281450: Dereference before null check · 5fb168fa
      Mark Andrews authored
      remove redundant 'inst != NULL' test
      
          162cleanup:
      
          CID 281450 (#1 of 1): Dereference before null check (REVERSE_INULL)
          check_after_deref: Null-checking inst suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
          163        if (result != ISC_R_SUCCESS && inst != NULL) {
          164                plugin_destroy((void **)&inst);
          165        }
      5fb168fa
    • Mark Andrews's avatar
      Merge branch '2492-304936-dereference-before-null-check' into 'main' · 441aadab
      Mark Andrews authored
      Resolve "CID 304936: Dereference before null check"
      
      Closes #2492
      
      See merge request !4683
      441aadab
    • Mark Andrews's avatar
      Silence CID 304936 Dereference before null check · c4906be2
      Mark Andrews authored
      Removed redundant 'listener != NULL' check.
      
          1191cleanup:
      
          CID 304936 (#1 of 1): Dereference before null check (REVERSE_INULL)
          check_after_deref: Null-checking listener suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
          1192        if (listener != NULL) {
          1193                isc_refcount_decrement(&listener->refs);
          1194                listener->exiting = true;
          1195                free_listener(listener);
          1196        }
      c4906be2
    • Matthijs Mekking's avatar
      Merge branch '2408-dnssec-policy-purge-keys' into 'main' · 5cadcff8
      Matthijs Mekking authored
      Resolve "kasp: Purge deleted keys"
      
      Closes #2408
      
      See merge request !4665
      5cadcff8
    • Matthijs Mekking's avatar
      Add changes and notes for [#2408] · 5a99a124
      Matthijs Mekking authored
      5a99a124
    • Matthijs Mekking's avatar
      Minor kasp test fixes · 5be26898
      Matthijs Mekking authored
      Two minor fixes in the kasp system test:
      
      1. A wrong comment in ns3/setup.sh (we are subtracting 2 hours, not
         adding them).
      2. 'get_keyids' used bad parameters "$1" "$2" when 'check_numkeys'
         failed. Also, 'check_numkeys' can use $DIR, $ZONE, and $NUMKEYS
         directly, no need to pass them.
      5be26898
    • Matthijs Mekking's avatar
      Test purge-keys option · 6333ff15
      Matthijs Mekking authored
      Add some more zones to the kasp system test to test the 'purge-keys'
      option. Three zones test that the predecessor key files are removed
      after the purge keys interval, one test checks that the key files
      are retained if 'purge-keys' is disabled. For that, we change the
      times to 90 days in the past (the default value for 'purge-keys').
      6333ff15
    • Matthijs Mekking's avatar
      Purge keys implementation · 8c526cb6
      Matthijs Mekking authored
      On each keymgr run, we now also check if key files can be removed.
      The 'purge-keys' interval determines how long keys should be retained
      after they have become completely hidden.
      
      Key files should not be removed if it has a state that is set to
      something else then HIDDEN, if purge-keys is 0 (disabled), if
      the key goal is set to OMNIPRESENT, or if the key is unused (a key is
      unused if no timing metadata set, and no states are set or if set,
      they are set to HIDDEN).
      
      If the last changed timing metadata plus the purge-keys interval is
      in the past, the key files may be removed.
      
      Add a dst_key_t variable 'purge' to signal that the key file should
      not be written to file again.
      8c526cb6
    • Matthijs Mekking's avatar
      Add purge-keys config option · 313de3a7
      Matthijs Mekking authored
      Add a new option 'purge-keys' to 'dnssec-policy' that will purge key
      files for deleted keys. The option determines how long key files
      should be retained prior to removing the corresponding files from
      disk.
      
      If set to 0, the option is disabled and 'named' will not remove key
      files from disk.
      313de3a7
  2. 22 Feb, 2021 2 commits
    • Mark Andrews's avatar
      Merge branch '2509-cid-281489-resource-leaks-resource_leak' into 'main' · d4cb3125
      Mark Andrews authored
      Resolve "CID 281489:  Resource leaks  (RESOURCE_LEAK)"
      
      Closes #2509
      
      See merge request !4723
      d4cb3125
    • Mark Andrews's avatar
      Address theoretical resource leak in dns_dt_open() · 003dd8cc
      Mark Andrews authored
      dns_dt_open() is not currently called with mode dns_dtmode_unix.
      
          *** CID 281489:  Resource leaks  (RESOURCE_LEAK)
          /lib/dns/dnstap.c: 983 in dns_dt_open()
          977
          978     		if (!dnstap_file(handle->reader)) {
          979     			CHECK(DNS_R_BADDNSTAP);
          980     		}
          981     		break;
          982     	case dns_dtmode_unix:
             CID 281489:  Resource leaks  (RESOURCE_LEAK)
             Variable "handle" going out of scope leaks the storage it points to.
          983     		return (ISC_R_NOTIMPLEMENTED);
          984     	default:
          985     		INSIST(0);
          986     		ISC_UNREACHABLE();
          987     	}
          988
      003dd8cc
  3. 19 Feb, 2021 5 commits
    • Ondřej Surý's avatar
      Merge branch 'ondrej/add-tls_p.h-to-Makefile.am' into 'main' · bb124d60
      Ondřej Surý authored
      Include lib/isc/tls_p.h in release tarballs
      
      See merge request !4716
      bb124d60
    • Ondřej Surý's avatar
      Include lib/isc/tls_p.h in release tarballs · f53e7ed1
      Ondřej Surý authored
      The addition of lib/isc/tls_p.h to the source tree was not accounted for
      in the relevant variable in lib/isc/Makefile.am and thus the former file
      is not being included in release tarballs prepared using "make dist".
      Fix by tweaking the libisc_la_SOURCES list in lib/isc/Makefile.am
      accordingly.
      f53e7ed1
    • Michał Kępień's avatar
      Merge branch '2504-do-not-require-libtool-in-PATH-at-build-time' into 'main' · 5d473f92
      Michał Kępień authored
      Do not require libtool in PATH at build time
      
      Closes #2504
      
      See merge request !4715
      5d473f92
    • Michał Kępień's avatar
      Add CHANGES entry · c8bddd2e
      Michał Kępień authored
      c8bddd2e
    • Michał Kępień's avatar
      Do not require libtool in PATH at build time · b630c698
      Michał Kępień authored
      The build-time requirement for libtool was introduced inadvertently:
      
       1. Commit 1628f586 added a check to
          configure.ac which claims to test whether the libtool script is
          available.  There are two problems with that check:
      
            - it is effectively a no-op as the AC_PROG_LIBTOOL() macro always
              sets the LIBTOOL variable [1],
      
            - this check was intended to be performed before autoreconf is
              run, not when ./configure is run; the libtool script is supposed
              to be dynamically generated by ./configure on the build host and
              thus there is no need for a standalone libtool script to be
              installed system-wide on every host attempting to build BIND 9
              e.g. from a tarball produced by "make dist".
      
       2. Commit a7982d14 was based on the
          incorrect assumption that the AC_PROG_LIBTOOL() macro looks for the
          libtool binary in PATH and sets the LIBTOOL variable accordingly,
          which is what other AC_PROG_*() macros do.  Meanwhile, the
          AC_PROG_LIBTOOL() macro only initializes libtool for use with
          Automake.  It is not necessary for a standalone libtool script to be
          available in PATH on the build host when ./configure is run.
      
      Do not look for libtool in PATH at build time as it prevents hosts
      without a libtool script available system-wide from building BIND 9 from
      source tarballs prepared using "make dist".  Note that libtool m4
      macros, utilities, etc. still need to be present on a given host if
      autoreconf is to be run on it.
      
      [1] https://git.savannah.gnu.org/cgit/libtool.git/tree/m4/libtool.m4?h=v2.4.6#n89
      b630c698
  4. 18 Feb, 2021 14 commits