GitLab

Appending output of a command to the same file as the one that command
is reading from is a dangerous practice.  It seems to have accidentally
worked with all the awk implementations we have tested against so far,
but for BusyBox awk, doing this may result in the input/output file
being written to in an infinite loop.  Prevent this from happening by
redirect awk output to a temporary file and appending its contents to
the original file in a separate shell pipeline.

The Net::DNS Perl module needs the Digest::HMAC module to support TSIG.
However, since the latter is not a hard requirement for the former, some
packagers do not make Net::DNS depend on Digest::HMAC.  If Net::DNS is
installed on a host but Digest::HMAC is not, the "xfer" system test
breaks in a very hard-to-debug way (ans5 returns TSIG RRs with empty
RDATA, which prevents TSIG-signed SOA queries and transfers from
working).  Prevent this from happening by making the "xfer" system test
explicitly require Digest::HMAC apart from Net::DNS.

The BusyBox version of sed treats leading '\+' in a regular expression
to be matched as a syntax error ("Repetition not preceded by valid
expression"), which triggers false positives for the "digdelv" system
test.  Make the relevant sed invocations work portably across all sed
implementations by removing the leading backslash.

The BusyBox version of awk treats some variables which other awk
implementations consider to be decimal values as octal values.  This
intermittently breaks key event interval calculations in the "autosign"
system test, trigger false positives for it.  Prevent the problem from
happening by stripping leading zeros from the affected awk variables.

For some libc implementations, BUFSIZ is small enough (e.g. 1024 for
musl libc) to trigger compilation warnings about insufficient size of
certain buffers.  Since the relevant buffers are used for printing DNS
names, increase their size to '(n + 1) * DNS_NAME_FORMATSIZE', where 'n'
is the number of DNS names which are printed to a given buffer.  This
results in somewhat arbitrary, albeit nicely-aligned and large enough
buffer sizes.

Including <sys/errno.h> instead of <errno.h> raises a compiler warning
when building against musl libc.  Always include <errno.h> instead of
<sys/errno.h> to prevent that compilation warning from being triggered
and to achieve consistency in this regard across the entire source tree.

Make sure all unit tests include headers in a similar order:

 1. Three headers which must be included before <cmocka.h>.
 2. System headers.
 3. UNIT_TESTING definition, followed by the <cmocka.h> header.
 4. libisc headers.
 5. Headers from other BIND libraries.
 6. Local headers.

Also make sure header file names are sorted alphabetically within each
block of #include directives.

All unit tests define the UNIT_TESTING macro, which causes <cmocka.h> to
replace malloc(), calloc(), realloc(), and free() with its own functions
tracking memory allocations.  In order for this not to break
compilation, the system header declaring the prototypes for these
standard functions must be included before <cmocka.h>.

Normally, these prototypes are only present in <stdlib.h>, so we make
sure it is included before <cmocka.h>.  However, musl libc also defines
the prototypes for calloc() and free() in <sched.h>, which is included
by <pthread.h>, which is included e.g. by <isc/mutex.h>.  Thus, unit
tests including "dnstest.h" (which includes <isc/mem.h>, which includes
<isc/mutex.h>) after <cmocka.h> will not compile with musl libc as for
these programs, <sched.h> will be included after <cmocka.h>.

Always including <cmocka.h> after all other header files is not a
feasible solution as that causes the mock assertion macros defined in
<isc/util.h> to mangle the contents of <cmocka.h>, thus breaking
compilation.  We cannot really use the __noreturn__ or analyzer_noreturn
attributes with cmocka assertion functions because they do return if the
tested condition is true.  The problem is that what BIND unit tests do
is incompatible with Clang Static Analyzer's assumptions: since we use
cmocka, our custom assertion handlers are present in a shared library
(i.e. it is the cmocka library that checks the assertion condition, not
a macro in unit test code).  Redefining cmocka's assertion macros in
<isc/util.h> is an ugly hack to overcome that problem - unfortunately,
this is the only way we can think of to make Clang Static Analyzer
properly process unit test code.  Giving up on Clang Static Analyzer
being able to properly process unit test code is not a satisfactory
solution.

Undefining _GNU_SOURCE for unit test code could work around the problem
(musl libc's <sched.h> only defines the prototypes for calloc() and
free() when _GNU_SOURCE is defined), but doing that could introduce
discrepancies for unit tests including entire *.c files, so it is also
not a good solution.

All in all, including <sched.h> before <cmocka.h> for all affected unit
tests seems to be the most benign way of working around this musl libc
quirk.  While quite an ugly solution, it achieves our goals here, which
are to keep the benefit of proper static analysis of unit test code and
to fix compilation against musl libc.

Merge branch 'michal/filter-aaaa-system-test-make-root-hints-consistent-with-authoritative-data' into 'master'

"filter-aaaa" system test: make root hints consistent with authoritative data

See merge request !2057

Resolvers in the "filter-aaaa" system test are configured with a single
root hint: "ns.rootservers.net", pointing to 10.53.0.1.  However,
querying ns1 for "ns.rootservers.net" results in NXDOMAIN answers.
Since the TTL for the root hint is set to 0, it may happen that a
resolver's ADB will be asked to return any known addresses for
"ns.rootservers.net", but it will only have access to a cached NXDOMAIN
answer for that name and an expired root hint, which will result in a
resolution failure, triggering a false positive for the "filter-aaaa"
system test.  Prevent this from happening by making all the root hints
consistent with authoritative data served by ns1.

placeholder

See merge request !2202

Regenerate bind9.xsl.h

Closes #1030

See merge request !2201

The 'addzone' test ignored some test results

See merge request !2198

Statistics Channel Improvements

Closes #1030

See merge request !1944

Timothe Litt authored May 14, 2019 and Ondřej Surý committed Jul 25, 2019

The HTML view of the statistics channel creates
pages with many long tables.  These can be difficult
to navigate.

This commit adds a "show/hide" toggle to each
heading, which makes it easy to compress/expand
the view.

Cleanup isc_mem_get() failure handling blocks

See merge request !2155

Evan Hunt authored Jul 23, 2019 and Ondřej Surý committed Jul 23, 2019

- removed some dead code
- dns_zone_setdbtype is now void as it could no longer return
  anything but ISC_R_SUCCESS; calls to it no longer check for a result
- controlkeylist_fromconfig() is also now void
- fixed a whitespace error

The isc_mem_get() cannot fail gracefully now, it either gets memory of
assert()s.  The added semantic patch cleans all the blocks checking whether
the return value of isc_mem_get() was NULL.

The coccinelle and util/update_copyright script have different
idea about how the whitespace should look like.  Revert the script
to the previous version, so it doesn't mangle the files in place,
and deal with just whitespace changes.

Disable LD_WRAP tests when libtool is disabled

See merge request !2192

Fix the lib/dns/tests/Makefile.in to work without LD_WRAP

See merge request !2188

Restore locking in resume_dslookup()

Closes #1149

See merge request !2184

Commit 9da902a2 removed locking around
the fctx_decreference() call inside resume_dslookup().  This allows
fctx_unlink() to be called without the bucket lock being held, which
must never happen.  Ensure the bucket lock is held by resume_dslookup()
before it calls fctx_decreference().