GitLab

The 'checknames' field wasn't initialized in dns_view_create(), but it
should otherwise AddressSanitizer identifies the following runtime error
in query_test.c.

    runtime error: load of value 190, which is not a valid value for type '_Bool'

(cherry picked from commit 0c6fa164)

Update Alpine Linux version in PLATFORMS file

See merge request !4734

Commit 76cfefe3 updated PLATFORMS.md
file, but failed to update the plain-text PLATFORMS file.

[v9_16] Add Alpine Linux 3.13

See merge request !4732

(cherry picked from commit 909c85f7)

[v9_16] Do not remove stderr from pict output

See merge request !4730

Removing stderr from the pict tool serves no purpose and drops valuable
information, we might use when debugging failed pairwise CI job, such
as:

    Input Error: A parameter names must be unique

(cherry picked from commit 079debaa)

Silence CID 320481: Null pointer dereferences

See merge request !4729

    *** CID 320481:  Null pointer dereferences  (REVERSE_INULL)
    /bin/tests/wire_test.c: 261 in main()
    255     			process_message(input);
    256     		}
    257     	} else {
    258     		process_message(input);
    259     	}
    260
       CID 320481:  Null pointer dereferences  (REVERSE_INULL)
       Null-checking "input" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
    261     	if (input != NULL) {
    262     		isc_buffer_free(&input);
    263     	}
    264
    265     	if (printmemstats) {
    266     		isc_mem_stats(mctx, stdout);

(cherry picked from commit 658c950d)

Resolve "kasp: Purge deleted keys"

See merge request !4726

(cherry picked from commit 5a99a124)

Two minor fixes in the kasp system test:

1. A wrong comment in ns3/setup.sh (we are subtracting 2 hours, not
   adding them).
2. 'get_keyids' used bad parameters "$1" "$2" when 'check_numkeys'
   failed. Also, 'check_numkeys' can use $DIR, $ZONE, and $NUMKEYS
   directly, no need to pass them.

(cherry picked from commit 5be26898)

Add some more zones to the kasp system test to test the 'purge-keys'
option. Three zones test that the predecessor key files are removed
after the purge keys interval, one test checks that the key files
are retained if 'purge-keys' is disabled. For that, we change the
times to 90 days in the past (the default value for 'purge-keys').

(cherry picked from commit 6333ff15)

On each keymgr run, we now also check if key files can be removed.
The 'purge-keys' interval determines how long keys should be retained
after they have become completely hidden.

Key files should not be removed if it has a state that is set to
something else then HIDDEN, if purge-keys is 0 (disabled), if
the key goal is set to OMNIPRESENT, or if the key is unused (a key is
unused if no timing metadata set, and no states are set or if set,
they are set to HIDDEN).

If the last changed timing metadata plus the purge-keys interval is
in the past, the key files may be removed.

Add a dst_key_t variable 'purge' to signal that the key file should
not be written to file again.

(cherry picked from commit 8c526cb6)

Add a new option 'purge-keys' to 'dnssec-policy' that will purge key
files for deleted keys. The option determines how long key files
should be retained prior to removing the corresponding files from
disk.

If set to 0, the option is disabled and 'named' will not remove key
files from disk.

(cherry picked from commit 313de3a7)

Address theoretical resource leak in dns_dt_open()

See merge request !4725

dns_dt_open() is not currently called with mode dns_dtmode_unix.

    *** CID 281489:  Resource leaks  (RESOURCE_LEAK)
    /lib/dns/dnstap.c: 983 in dns_dt_open()
    977
    978     		if (!dnstap_file(handle->reader)) {
    979     			CHECK(DNS_R_BADDNSTAP);
    980     		}
    981     		break;
    982     	case dns_dtmode_unix:
       CID 281489:  Resource leaks  (RESOURCE_LEAK)
       Variable "handle" going out of scope leaks the storage it points to.
    983     		return (ISC_R_NOTIMPLEMENTED);
    984     	default:
    985     		INSIST(0);
    986     		ISC_UNREACHABLE();
    987     	}
    988

(cherry picked from commit 003dd8cc)

Merge branch '2499-a-loc-record-with-a-invalid-direction-field-triggers-an-insist-v9_16' into 'v9_16'

Resolve "A LOC record with a invalid direction field triggers an INSIST"

See merge request !4711

(cherry picked from commit 3d340ecf)

(cherry picked from commit 6f47e095)

(cherry picked from commit 009358d7)

(cherry picked from commit 07902d9f)

[v9_16] Use FEATURETEST variable instead of a path

See merge request !4707

feature-test tool location needs to be determined by its associated
variable; otherwise, the tool is not found on Windows:

    setup.sh: line 22: ../feature-test: No such file or directory

(cherry picked from commit 102f0126)

Make "kyua report-html" less verbose on stdout

See merge request !4688

"kyua report-html" command in CI generates more than two pages of output
to stdout, which is nothing but which HTML pages Kyua generated, e.g.:

  Generating kyua_html/context.html
  Generating kyua_html/lib_dns_tests_acl_test_main.html
  ...
  Generating kyua_html/lib_ns_tests_query_test_main.html
  Generating kyua_html/report.css
  Generating kyua_html/index.html

This is seldomly useful and requires the user to scroll three pages
upwards to get to unit test results.

Fix backport "Refactor ecdsa and eddsa tests after testcrypto.sh changes" (9.16)

See merge request !4695

Use the correct conf.sh setup commands in ns3/sign.sh

[v9_16] Check for "file not removed" in system test output

See merge request !4698

CentOS 8 "git status" unexpectedly expands search directory "tsig" to
also search in the "tsiggss" directory, thus incorrectly identifying
files as "not removed" in the "tsig" directory:

$ git status -su --ignored tsig
$ touch tsiggss/ns1/{named.run,named.memstats}
$ git status -su --ignored tsig
!! tsiggss/ns1/named.memstats
!! tsiggss/ns1/named.run

(cherry picked from commit f310b752)

Any CI job:
- I:dnssec:file dnssec/ns1/trusted.keys not removed
- I:rpzrecurse:file rpzrecurse/ns3/named.run.prev not removed

system:gcc:sid:amd64:
- I:mirror:file mirror/ns3/_default.nzf not removed

system:gcc:xenial:amd64:
- I:shutdown:file shutdown/.cache/v/cache/lastfailed not removed

(cherry picked from commit 14a104d1)

Run this check only when in Git repository, because run.sh produces the
"file not removed" warnings only when in Git repository.

(cherry picked from commit 4a2778ab)

(cherry picked from commit 10bf725e)

Merge 9.16.12 release branch

See merge request !4700

Prepare documentation for BIND 9.16.12

See merge request isc-private/bind9!240

[v9_16] [CVE-2020-8625] Fix off-by-one bug in ISC SPNEGO implementation

See merge request isc-private/bind9!235