- 19 May, 2020 1 commit
-
-
Michał Kępień authored
[CVE-2020-8616] [CVE-2020-8617] Merge 9.14.12 release branch See merge request !3564
-
- 06 May, 2020 3 commits
-
-
Michał Kępień authored
-
Tinderbox User authored
-
Tinderbox User authored
-
- 05 May, 2020 17 commits
-
-
Mark Andrews authored
1388 confidential issue security v9 14 See merge request isc-private/bind9!152
-
Mark Andrews authored
-
Mark Andrews authored
-
Mark Andrews authored
from max-recursion-queries limits.
-
Mark Andrews authored
-
Stephen Morris authored
Add a system test that counts how many address fetches are made for different numbers of NS records and checks that the number are successfully limited.
-
Mark Andrews authored
1703 tsig verify failure security v9 14 See merge request isc-private/bind9!149
-
Mark Andrews authored
If there are more that 5 NS record for a zone only perform a maximum of 4 address lookups for all the name servers. This limits the amount of remote lookup performed for server addresses at each level for a given query.
-
Mark Andrews authored
-
Mark Andrews authored
-
Mark Andrews authored
-
Mark Andrews authored
-
Michał Kępień authored
Prepare release notes for BIND 9.14.12 See merge request !3496
-
Michał Kępień authored
-
Michał Kępień authored
-
Michał Kępień authored
-
Michał Kępień authored
-
- 30 Apr, 2020 2 commits
-
-
Mark Andrews authored
Incorrect job in needs, gcc:asan -> clang:asan See merge request !3463
-
Mark Andrews authored
(cherry picked from commit 0adf9562)
-
- 15 Apr, 2020 2 commits
-
-
Michał Kępień authored
[v9_14] Fix "srcid" on Windows See merge request !3372
-
Michał Kępień authored
Windows BIND releases produced by GitLab CI are built from Git repositories, not from release tarballs, which means the "srcid" file is not present in the top source directory when MSBuild is invoked. This causes the Git commit hash for such builds to be set to "unset_id". Enable win32utils/Configure to try determining the commit hash for a build by invoking Git on the build host if the "srcid" file is not present (which is what its Unix counterpart does). (cherry picked from commit 05e13e7c)
-
- 08 Apr, 2020 5 commits
-
-
Ondřej Surý authored
Merge branch '1574-confidential-issue-rebinding-protection-fail-in-forwarding-mode-v9_14' into 'v9_14' Resolve "DNS rebinding protection is ineffective when BIND is configured as a forwarding DNS server" See merge request !3344
-
Ondřej Surý authored
-
Ondřej Surý authored
-
Diego dos Santos Fronza authored
This test asserts that option "deny-answer-aliases" works correctly when forwarding requests. As a matter of example, the behavior expected for a forwarder BIND instance, having an option such as deny-answer-aliases { "domain"; } is that when forwarding a request for *.anything-but-domain, it is expected that it will return SERVFAIL if any answer received has a CNAME for "*.domain".
-
Diego dos Santos Fronza authored
BIND wasn't honoring option "deny-answer-aliases" when configured to forward queries. Before the fix it was possible for nameservers listed in "forwarders" option to return CNAME answers pointing to unrelated domains of the original query, which could be used as a vector for rebinding attacks. The fix ensures that BIND apply filters even if configured as a forwarder instance.
-
- 26 Mar, 2020 10 commits
-
-
Ondřej Surý authored
Fix new warnings reported by scan-build from LLVM/Clang 10 (v9.14) v2 See merge request !3297
-
Ondřej Surý authored
-
Ondřej Surý authored
These are mostly false positives, the clang-analyzer FAQ[1] specifies why and how to fix it: > The reason the analyzer often thinks that a pointer can be null is > because the preceding code checked compared it against null. So if you > are absolutely sure that it cannot be null, remove the preceding check > and, preferably, add an assertion as well. The 2 warnings reported are: dnssec-cds.c:781:4: warning: Access to field 'base' results in a dereference of a null pointer (loaded from variable 'buf') isc_buffer_availableregion(buf, &r); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ /builds/isc-projects/bind9/lib/isc/include/isc/buffer.h:996:36: note: expanded from macro 'isc_buffer_availableregion' ^ /builds/isc-projects/bind9/lib/isc/include/isc/buffer.h:821:16: note: expanded from macro 'ISC__BUFFER_AVAILABLEREGION' (_r)->base = isc_buffer_used(_b); \ ^~~~~~~~~~~~~~~~~~~ /builds/isc-projects/bind9/lib/isc/include/isc/buffer.h:152:29: note: expanded from macro 'isc_buffer_used' ((void *)((unsigned char *)(b)->base + (b)->used)) /*d*/ ^~~~~~~~~ 1 warning generated. -- ./main.c:1254:9: warning: Access to field 'sctx' results in a dereference of a null pointer (loaded from variable 'named_g_server') sctx = named_g_server->sctx; ^~~~~~~~~~~~~~~~~~~~ 1 warning generated. References: 1. https://clang-analyzer.llvm.org/faq.html#null_pointer
-
Ondřej Surý authored
The 1 warning reported is: os.c:872:7: warning: Although the value stored to 'ptr' is used in the enclosing expression, the value is never actually read from 'ptr' if ((ptr = strtok_r(command, " \t", &last)) == NULL) { ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 1 warning generated.
-
Ondřej Surý authored
-
Michał Kępień authored
[v9_14] Miscellaneous .gitlab-ci.yml cleanups See merge request !3301
-
Michał Kępień authored
Some YAML anchors defined in .gitlab-ci.yml are not subsequently used. Remove them to prevent confusion. (cherry picked from commit 3d121ede)
-
Michał Kępień authored
compiledb is already included in the Docker image used by the cppcheck job. Do not attempt installing it again. (cherry picked from commit 3d264dbe)
-
Michał Kępień authored
Most build/test job names already contain a "clang", "gcc", or "msvc" prefix which indicates the compiler used for a given job. Apply that naming convention to all build/test job names. (cherry picked from commit 0c898084)
-
Michał Kępień authored
Multiple YAML keys have identical values for both TSAN unit test job definitions. Extract these common keys to a YAML anchor and use it in TSAN unit test job definitions to reduce code duplication. (cherry picked from commit 84463f33)
-