GitLab

Move setting the sock->write_timeout to the async_*send [v9.16]

See merge request !6342

Setting the sock->write_timeout from the TCP, TCPDNS, and TLSDNS send
functions could lead to (harmless) data race when setting the value for
the first time when the isc_nm_send() function would be called from
thread not-matching the socket we are sending to.  Move the setting the
sock->write_timeout to the matching async function which is always
called from the matching thread.

(cherry picked from commit 61117840)

Merge branch '3371-check-for-__attribute__-fallthrough-support-is-sometimes-incorrect-v9_16' into 'v9_16'

Use C2x [[fallthrough]] when supported by LLVM/clang [v9.16]

See merge request !6340

Clang added support for the gcc-style fallthrough
attribute (i.e. __attribute__((fallthrough))) in version 10.  However,
__has_attribute(fallthrough) will return 1 in C mode in older versions,
even though they only support the C++11 fallthrough attribute. At best,
the unsupported attribute is simply ignored; at worst, it causes errors.

The C2x fallthrough attribute has the advantages of being supported in
the broadest range of clang versions (added in version 9) and being easy
to check for support. Use C2x [[fallthrough]] attribute if possible, and
fall back to not using an attribute for clang versions that don't have
it.

Courtesy of Joshua Root

(cherry picked from commit 14c8d438)

BIND 9.16.29

specify time format in the documentation for 'rdnc dnssec -checkds'

See merge request !6332

also clarified the writing in the surrounding paragraph.

(cherry picked from commit 83f9466d)

Use libuv CFLAGS and LIBS when checking for features [v9.16]

See merge request !6330

When autoconf was checking for libuv features, the LIBUV_CFLAGS was not
added to CFLAGS and LIBUV_LIBS to LIBS which resulted in false
negatives.

Use AX_SAVE_FLAGS and AX_RESTORE_FLAGS to temporarily add LIBUV_CFLAGS
and LIBUV_LIBS to their respective variables.

(cherry picked from commit f063ee27)

[v9_16] Fix typo in ednscompliance test

See merge request !6328

Caused by ba0313e6, an incomplete fix of
spelling errors.

(cherry picked from commit 9de2c06a)

Remove extraneous '$' in AS_VAR_COPY([MAXMINDDB_PREFIX], [with_maxminddb])

See merge request !6319

(cherry picked from commit 686d691f)

[v9_16] Fix "kasp test broken on freebsd"

See merge request !6313

7249bad7 introduced the -c option to stat(1) command, but BSD systems
do not know about it. Replace the stat(1) command with a PERL script
that achieves the same.

Why PERL? For consistency purposes, there are more places in the
system test where we use the same method.

(cherry picked from commit fe601c59)

[v9_16] Fix "keymgr updates key files each run"

See merge request !6301

Missing from lib/dns/win32/libdns.def.in:
dst_key_setmodified
dst_key_ismodified

Add a comment to make danger happy.

(cherry picked from commit 0f89f0b1)

Add a new parameter to the dst_key structure, mark a key modified if
dst_key_(un)set[bool,num,state,time] is called. Only write out key
files during a keymgr run if the metadata has changed.

(cherry picked from commit 1da91b3a)

Add a test case that triggers a keymgr run that will not trigger any
metadata changes. Ensure that the last status change of the key files
is unmodified.

(cherry picked from commit 7249bad7)

dont run isc__trampoline_initialize() in dlopen library

See merge request !6309

when built without libtool, the sample driver in the dyndb
system test runs library intializers that have already been
run, causing the value for isc__trampoline_min to be reset.
wrap the trampoline initialize and shutdown routines under
isc_once_do() to ensure that they are only run once.

fix the fetches-per-server quota calculation

See merge request !6308

(cherry picked from commit 3f478a3b)

Check that the recursing client count is above a reasonable
minimum, as well as below a maximum, so that we can detect
bugs that cause recursion to fail too early or too often.

(cherry picked from commit 8834c446)

The ns_statscounter_recursclients counter was previously only
incremented or decremented if client->recursionquota was non-NULL.
This was harmless, because that value should always be non-NULL if
recursion is enabled, but it made the code slightly confusing.

(cherry picked from commit 0201eab6)

The fetchlimit test depends on a resolver continuing to try UDP
and timing out while the client waits for resolution to succeed.
but since commit bb990030 (flag day 2020), a fetch will always
switch to TCP after two timeouts, unless EDNS was disabled for
the query.

This commit adds "edns no;" to server statements in the fetchlimit
resolver, to restore the behavior expected by the test.

(cherry picked from commit 81deb24d)

Since commit bad5a523, when the fetches-per-server quota
was increased or decreased, instead of the value being set to
the newly calculated quota, it was set to the *minimum* of
the new quota or 1 - which effectively meant it was always set to 1.
it should instead have been the maximum, to prevent the value from
ever dropping to zero.

(cherry picked from commit 694bc502)

prevent a possible buffer overflow in configuration check

See merge request !6305

corrected code that could have allowed a buffer overfow while
parsing named.conf.

(cherry picked from commit 921043b5)

Lock the trampoline when attaching [v9.16]

See merge request !6299

When attaching to the trampoline, the isc__trampoline_max was access
unlocked.  This would not manifest under normal circumstances because we
initialize 65 trampolines by default and that's enough for most
commodity hardware, but there are ARM machines with 128+ cores where
this would be reported by ThreadSanitizer.

Add locking around the code in isc__trampoline_attach().  This also
requires the lock to leak on exit (along with memory that we already)
because a new thread might be attaching to the trampoline while we are
running the library destructor at the same time.

(cherry picked from commit 933162ae)

[v9_16] Remove confusing parental-source line

See merge request !6287

Remove the line "This address must appear in the secondary server’s
parental-agents zone clause". This line is a copy paste error from
notify-source.

Rewrap.

(cherry picked from commit 313f6066)

[v9_16] Drop post-merge pipelines

See merge request !6294

Commit 24961f60 introduced the concept
of post-merge pipelines.  These were used to build documentation after
each merge to any of the maintained branches, to allow up-to-date
documentation to be subsequently published on the bind.isc.org
microsite.  As the latter no longer downloads documentation from GitLab,
instead linking to Read the Docs for all currently maintained branches,
post-merge pipelines have become redundant since running the
"autoreconf" and "docs" jobs after each merge is not necessary any more.
Drop the "release_branch_triggering_rules" YAML anchor and revert to
default triggering rules for the "autoconf" and "docs" jobs, effectively
preventing pipelines from being created after each merge to any of the
maintained branches.

(cherry picked from commit 7b8c9e04)

Do not trigger GitLab Pages pipelines any more

See merge request !6291

The bind.isc.org microsite no longer downloads documentation from
GitLab, instead linking to Read the Docs for all currently maintained
branches.  This makes it redundant to trigger GitLab Pages pipelines
after each merge to any of the maintained branches.  Revert changes
introduced by commit 31bde118: remove
the "push:docs" job along with the "push" stage it is associated with
and revert artifact expiry time for the "docs" job to the default value.

(cherry picked from commit a7fccaee)

Remove ARM notes about Solaris 2.5.1 [v9_16]

See merge request !6289

It was released in May 1996 and hopefully is not used to run BIND
anymore.

(cherry picked from commit 4388656f)