1. 19 May, 2020 1 commit
  2. 06 May, 2020 3 commits
  3. 05 May, 2020 17 commits
  4. 30 Apr, 2020 2 commits
  5. 15 Apr, 2020 2 commits
    • Michał Kępień's avatar
      Merge branch 'michal/fix-srcid-on-windows-v9_14' into 'v9_14' · 86286a07
      Michał Kępień authored
      [v9_14] Fix "srcid" on Windows
      
      See merge request !3372
      86286a07
    • Michał Kępień's avatar
      Fix "srcid" on Windows · 0d36832d
      Michał Kępień authored
      Windows BIND releases produced by GitLab CI are built from Git
      repositories, not from release tarballs, which means the "srcid" file is
      not present in the top source directory when MSBuild is invoked.  This
      causes the Git commit hash for such builds to be set to "unset_id".
      Enable win32utils/Configure to try determining the commit hash for a
      build by invoking Git on the build host if the "srcid" file is not
      present (which is what its Unix counterpart does).
      
      (cherry picked from commit 05e13e7c)
      0d36832d
  6. 08 Apr, 2020 5 commits
    • Ondřej Surý's avatar
      Merge branch... · 546af051
      Ondřej Surý authored
      Merge branch '1574-confidential-issue-rebinding-protection-fail-in-forwarding-mode-v9_14' into 'v9_14'
      
      Resolve "DNS rebinding protection is ineffective when BIND is configured as a forwarding DNS server"
      
      See merge request !3344
      546af051
    • Ondřej Surý's avatar
      Add release notes · 163cc168
      Ondřej Surý authored
      163cc168
    • Ondřej Surý's avatar
      Add CHANGES · d13a505d
      Ondřej Surý authored
      d13a505d
    • Diego dos Santos Fronza's avatar
      Add test for the proposed fix · 64c3c57b
      Diego dos Santos Fronza authored
      This test asserts that option "deny-answer-aliases" works correctly
      when forwarding requests.
      
      As a matter of example, the behavior expected for a forwarder BIND
      instance, having an option such as deny-answer-aliases { "domain"; }
      is that when forwarding a request for *.anything-but-domain, it is
      expected that it will return SERVFAIL if any answer received has a CNAME
      for "*.domain".
      64c3c57b
    • Diego dos Santos Fronza's avatar
      Fixed rebinding protection bug when using forwarder setups · 6da142ff
      Diego dos Santos Fronza authored
      BIND wasn't honoring option "deny-answer-aliases" when configured to
      forward queries.
      
      Before the fix it was possible for nameservers listed in "forwarders"
      option to return CNAME answers pointing to unrelated domains of the
      original query, which could be used as a vector for rebinding attacks.
      
      The fix ensures that BIND apply filters even if configured as a forwarder
      instance.
      6da142ff
  7. 26 Mar, 2020 10 commits
    • Ondřej Surý's avatar
      Merge branch 'ondrej/scan-build-10-fixes-v9_14-2' into 'v9_14' · 2650ff19
      Ondřej Surý authored
      Fix new warnings reported by scan-build from LLVM/Clang 10 (v9.14) v2
      
      See merge request !3297
      2650ff19
    • Ondřej Surý's avatar
      Import parse_tsan.py file to v9_11 branch · 2637a2ce
      Ondřej Surý authored
      2637a2ce
    • Ondřej Surý's avatar
      Fix 'Dereference of null pointer' from scan-build-10 · f3ba17fe
      Ondřej Surý authored
      These are mostly false positives, the clang-analyzer FAQ[1] specifies
      why and how to fix it:
      
      > The reason the analyzer often thinks that a pointer can be null is
      > because the preceding code checked compared it against null. So if you
      > are absolutely sure that it cannot be null, remove the preceding check
      > and, preferably, add an assertion as well.
      
      The 2 warnings reported are:
      
      dnssec-cds.c:781:4: warning: Access to field 'base' results in a dereference of a null pointer (loaded from variable 'buf')
                              isc_buffer_availableregion(buf, &r);
                              ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      /builds/isc-projects/bind9/lib/isc/include/isc/buffer.h:996:36: note: expanded from macro 'isc_buffer_availableregion'
                                         ^
      /builds/isc-projects/bind9/lib/isc/include/isc/buffer.h:821:16: note: expanded from macro 'ISC__BUFFER_AVAILABLEREGION'
                      (_r)->base = isc_buffer_used(_b);              \
                                   ^~~~~~~~~~~~~~~~~~~
      /builds/isc-projects/bind9/lib/isc/include/isc/buffer.h:152:29: note: expanded from macro 'isc_buffer_used'
              ((void *)((unsigned char *)(b)->base + (b)->used)) /*d*/
                                         ^~~~~~~~~
      1 warning generated.
      
      --
      
      ./main.c:1254:9: warning: Access to field 'sctx' results in a dereference of a null pointer (loaded from variable 'named_g_server')
              sctx = named_g_server->sctx;
                     ^~~~~~~~~~~~~~~~~~~~
      1 warning generated.
      
      References:
      1. https://clang-analyzer.llvm.org/faq.html#null_pointer
      f3ba17fe
    • Ondřej Surý's avatar
      Fix 'Dead nested assignment's from scan-build-10 · e3acfedb
      Ondřej Surý authored
      The 1 warning reported is:
      
      os.c:872:7: warning: Although the value stored to 'ptr' is used in the enclosing expression, the value is never actually read from 'ptr'
              if ((ptr = strtok_r(command, " \t", &last)) == NULL) {
                   ^     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      1 warning generated.
      e3acfedb
    • Ondřej Surý's avatar
      Fix missing <inttypes.h> include · 969cb06e
      Ondřej Surý authored
      969cb06e
    • Michał Kępień's avatar
      Merge branch 'michal/misc-gitlab-ci-yml-cleanups-v9_14' into 'v9_14' · 2b2872f3
      Michał Kępień authored
      [v9_14] Miscellaneous .gitlab-ci.yml cleanups
      
      See merge request !3301
      2b2872f3
    • Michał Kępień's avatar
      Remove unused YAML anchors · 03f764f7
      Michał Kępień authored
      Some YAML anchors defined in .gitlab-ci.yml are not subsequently used.
      Remove them to prevent confusion.
      
      (cherry picked from commit 3d121ede)
      03f764f7
    • Michał Kępień's avatar
      Do not install compiledb in cppcheck job · 7be0cc64
      Michał Kępień authored
      compiledb is already included in the Docker image used by the cppcheck
      job.  Do not attempt installing it again.
      
      (cherry picked from commit 3d264dbe)
      7be0cc64
    • Michał Kępień's avatar
      Include compiler name in all build/test job names · 824204ae
      Michał Kępień authored
      Most build/test job names already contain a "clang", "gcc", or "msvc"
      prefix which indicates the compiler used for a given job.  Apply that
      naming convention to all build/test job names.
      
      (cherry picked from commit 0c898084)
      824204ae
    • Michał Kępień's avatar
      Refactor TSAN unit test job definitions · 91276d9a
      Michał Kępień authored
      Multiple YAML keys have identical values for both TSAN unit test job
      definitions.  Extract these common keys to a YAML anchor and use it in
      TSAN unit test job definitions to reduce code duplication.
      
      (cherry picked from commit 84463f33)
      91276d9a