- 01 Feb, 2023 7 commits
-
-
Michał Kępień authored
Fix DNSRPS builds Closes #3827 See merge request !7450
-
Michał Kępień authored
-
Michał Kępień authored
Commit b69e7831 changed the scope of the local 'view' variable in load_configuration(), but the code section guarded by the #ifdef USE_DNSRPS directive was not adjusted accordingly, causing build errors for DNSRPS-enabled builds. Fix the latter by declaring the 'view' variable inside the loop in the DNSRPS-specific block of code.
-
Michał Kępień authored
Commit 7695c36a added a new parameter, 'options', to the prototype of the 'allrdatasets' function pointer in struct dns_dbmethods. Handle this new parameter accordingly in rpsdb_allrdatasets().
-
Michał Kępień authored
The --enable-dnsrps-dl switch for ./configure enables preparing a DNSRPS-enabled build of BIND 9 that is not directly linked against a DNSRPS provider library (dlopen() at runtime is used instead). Employ this switch to test DNSRPS-enabled builds in the pairwise testing job in GitLab CI.
-
Evan Hunt authored
the rate limter now uses loop callbacks rather than task events. the API for isc_ratelimiter_enqueue() has been changed; we now pass in a loop, a callback function and a callback argument, and receive back a rate limiter event object (isc_rlevent_t). it is no longer necessary for the caller to allocate the event. the callback argument needs to include a pointer to the rlevent object so that it can be freed using isc_rlevent_free(), or by dequeueing.
-
- 31 Jan, 2023 6 commits
-
-
Mark Andrews authored
Resolve "fuzz/dns_message_checksig.c fails to call dst_lib_destroy" Closes #3828 See merge request isc-projects/bind9!7442
-
Mark Andrews authored
-
Mark Andrews authored
This returns BIGNUMs to OpenSSL allowing libcrypto to fully clean up.
-
Mark Andrews authored
Resolve "nsupdate failed to handle primary server address lookup gracefully" Closes #3830 See merge request !7444
-
Mark Andrews authored
-
Mark Andrews authored
If the address lookup of the primary server fails just abort the current update request rather than calling exit. This allows nsupdate to cleanup gracefully.
-
- 30 Jan, 2023 7 commits
-
-
Mark Andrews authored
Resolve "'named -V' leaks memory when shutting down" Closes #3829 See merge request !7443
-
Mark Andrews authored
-
Mark Andrews authored
There were unbalanced calls to dns_lib_init and dns_lib_destroy leading to an OpenSSL memory leak.
-
Ondřej Surý authored
Properly name ADB hashmap and named log memory contexts Closes #3806 See merge request isc-projects/bind9!7449
-
The ADB hashmaps are stored in extra memory contexts, so the hash tables are excluded from the overmem accounting. The new memory context was unnamed, give it a proper name. Same thing has happened with extra memory context used for named global log context - give the extra memory context a proper name.
-
Ondřej Surý authored
Properly name ADB hashmap memory context Closes #3806 See merge request isc-projects/bind9!7447
-
The ADB hashmaps are stored in extra memory contexts, so the hash tables are excluded from the overmem accounting. The new memory context was unnamed, give it a proper name. Same thing has happened with extra memory context used for named global log context - give the extra memory context a proper name.
-
- 27 Jan, 2023 13 commits
-
-
Matthijs Mekking authored
Force set DS state after 'rndc dnssec -checkds' Closes #3822 See merge request isc-projects/bind9!7423
-
Matthijs Mekking authored
-
Matthijs Mekking authored
Set the DS state after issuing 'rndc dnssec -checkds'. If the DS was published, it should go in RUMOURED state, regardless whether it is already safe to do so according to the state machine. Leaving it in HIDDEN (or if it was magically already in OMNIPRESENT or UNRETENTIVE) would allow for easy shoot in the foot situations. Similar, if the DS was withdrawn, the state should be set to UNRETENTIVE. Leaving it in OMNIPRESENT (or RUMOURED/HIDDEN) would also allow for easy shoot in the foot situations.
-
Tom Krizek authored
danger: refine existing rules See merge request !7428
-
Tom Krizek authored
The following are not also accepted as single-line commits without generating warnings: - CHANGES/release note may appear in the beginning of the commit message - Release note may be capitalized - Allow commits with "GL #" (e.g. Update documentation for [GL #XXXX])
-
Tom Krizek authored
When updating the -S edition, the CHANGES.SE file is modified. Make sure danger accepts that.
-
Michał Kępień authored
Rework the Security Incident Handling Checklist See merge request !6980
-
Michał Kępień authored
Update the release checklist to incorporate some minor tweaks that we have been applying manually for the past few months as a result of release process evolution.
-
Michał Kępień authored
Rework the Security Incident Handling Checklist so that it does not only contain the SWENG-side steps for handling a security incident, but also all the other steps required by ISC procedures.
-
Michał Kępień authored
Extend artifact lifetime for release-related jobs See merge request !7432
-
Michał Kępień authored
Artifacts of the "stress" jobs in GitLab CI are used for generating the QA summary for a given set of releases. It happened in the past that these artifacts were purged before the QA summary was prepared, unnecessarily prolonging the release process. A complete set of artifacts from all such jobs for a single pipeline should be less than 1 GB in size, so extend their lifetime from one day to one week as a more reasonable compromise between availability and disk space usage. (Note: these jobs are also run in scheduled pipelines, but that is expected to be acceptable in the context of artifact lifetime.) Artifacts of the "release" jobs in GitLab CI are what we eventually publish on the FTP server. It happened in the past that these artifacts were purged before we copied them to their destination, unnecessarily prolonging the release process, even though we usually press the "Keep" button for the "release" jobs manually to keep them around indefinitely (...
-
Mark Andrews authored
Resolve "Teach danger about amend!" Closes #3824 See merge request isc-projects/bind9!7430
-
Mark Andrews authored
commit --fixup=amend:<hash> produces a subject starting with amend! by default. Have danger look for this to ensure that it is squashed before merging.
-
- 26 Jan, 2023 2 commits
-
-
Michal Nowak authored
Add release tarball comparison script See merge request !7419
-
Michal Nowak authored
The util/release-tarball-comparison.sh script compares a release-ready BIND 9 tarball to a temporary BIND 9 tarball created from the same signed Git tag to ensure that their content does not differ (significantly).
-
- 25 Jan, 2023 3 commits
-
-
Michał Kępień authored
BIND 9.19.9
-
Ondřej Surý authored
Improve OpenSSL RSA key extraction See merge request !7424
-
Timo Teräs authored
Add check for extracting the public 'n' component on OpenSSL 3.0 path. This is mandatory component, and it's presence is checked already on the other code path. Also document the reason why private key component getting errors are ignored.
-
- 24 Jan, 2023 2 commits
-
-
Ondřej Surý authored
Reduce the memory statistics to a bare minimum Closes #3718 See merge request !7412
-
Ondřej Surý authored
-