- 01 Feb, 2023 4 commits
-
-
Michał Kępień authored
[9.16] Fix DNSRPS builds See merge request !7475
-
Michał Kępień authored
(cherry picked from commit 493eadd1)
-
Michał Kępień authored
Commit 4f3327cd added a new parameter, 'options', to the prototype of the 'allrdatasets' function pointer in struct dns_dbmethods. Handle this new parameter accordingly in rpsdb_allrdatasets(). (cherry picked from commit f3def4e4)
-
Michał Kępień authored
The --enable-dnsrps-dl switch for ./configure enables preparing a DNSRPS-enabled build of BIND 9 that is not directly linked against a DNSRPS provider library (dlopen() at runtime is used instead). Employ this switch to test DNSRPS-enabled builds in the pairwise testing job in GitLab CI. (cherry picked from commit e688ca53)
-
- 31 Jan, 2023 3 commits
-
-
Mark Andrews authored
Merge branch '3830-nsupdate-failed-to-handle-primary-server-address-lookup-gracefully-v9_16' into 'v9_16' [9.16] Handle address lookup failure more gracefully See merge request !7459
-
Mark Andrews authored
(cherry picked from commit fda7858e)
-
Mark Andrews authored
If the address lookup of the primary server fails just abort the current update request rather than calling exit. This allows nsupdate to cleanup gracefully. (cherry picked from commit f1387514c68c338fe35ed4bfaa73ec06136a9f92)
-
- 30 Jan, 2023 3 commits
-
-
Mark Andrews authored
[9.16] Call dns_lib_destroy in bin/named/main.c:printversion See merge request isc-projects/bind9!7455
-
Mark Andrews authored
(cherry picked from commit 1d258e2fb8415444e784688be6ec4294c8480c48)
-
Mark Andrews authored
There were unbalanced calls to dns_lib_init and dns_lib_destroy leading to an OpenSSL memory leak. (cherry picked from commit 8b3c018f54302222c6212a38f1bcae75c601b602)
-
- 27 Jan, 2023 10 commits
-
-
Mark Andrews authored
[9.16] Teach danger about amend See merge request isc-projects/bind9!7440
-
Mark Andrews authored
commit --fixup=amend:<hash> produces a subject starting with amend! by default. Have danger look for this to ensure that it is squashed before merging. (cherry picked from commit 9b124732)
-
Matthijs Mekking authored
[9.16] Force set DS state after 'rndc dnssec -checkds' See merge request !7438
-
Matthijs Mekking authored
(cherry picked from commit 38ffe5acf3abbd9e7b8b258a306a08fb08afe22e)
-
Matthijs Mekking authored
Set the DS state after issuing 'rndc dnssec -checkds'. If the DS was published, it should go in RUMOURED state, regardless whether it is already safe to do so according to the state machine. Leaving it in HIDDEN (or if it was magically already in OMNIPRESENT or UNRETENTIVE) would allow for easy shoot in the foot situations. Similar, if the DS was withdrawn, the state should be set to UNRETENTIVE. Leaving it in OMNIPRESENT (or RUMOURED/HIDDEN) would also allow for easy shoot in the foot situations. (cherry picked from commit ee42f66fbe386b07595a2ea445117b1f44d37497)
-
Tom Krizek authored
[9.16] danger: refine existing rules See merge request !7436
-
Tom Krizek authored
The following are not also accepted as single-line commits without generating warnings: - CHANGES/release note may appear in the beginning of the commit message - Release note may be capitalized - Allow commits with "GL #" (e.g. Update documentation for [GL #XXXX]) (cherry picked from commit 79ae467973fc2d97eadf3c038ef892f7e40e0f0a)
-
Tom Krizek authored
When updating the -S edition, the CHANGES.SE file is modified. Make sure danger accepts that. (cherry picked from commit 1939e585c0c209b4b1790c1d1340a3adc6f804da)
-
Michał Kępień authored
[9.16] Extend artifact lifetime for release-related jobs See merge request !7434
-
Michał Kępień authored
Artifacts of the "stress" jobs in GitLab CI are used for generating the QA summary for a given set of releases. It happened in the past that these artifacts were purged before the QA summary was prepared, unnecessarily prolonging the release process. A complete set of artifacts from all such jobs for a single pipeline should be less than 1 GB in size, so extend their lifetime from one day to one week as a more reasonable compromise between availability and disk space usage. (Note: these jobs are also run in scheduled pipelines, but that is expected to be acceptable in the context of artifact lifetime.) Artifacts of the "release" jobs in GitLab CI are what we eventually publish on the FTP server. It happened in the past that these artifacts were purged before we copied them to their destination, unnecessarily prolonging the release process, even though we usually press the "Keep" button for the "release" jobs manually to keep them around indefinitely (...
-
- 25 Jan, 2023 1 commit
-
-
Michał Kępień authored
BIND 9.16.37
-
- 19 Jan, 2023 18 commits
-
-
Mark Andrews authored
[9.16] Add missing node lock when setting node->wild in rbtdb.c See merge request !7415
-
Mark Andrews authored
(cherry picked from commit 5c471c5d)
-
Mark Andrews authored
The write node lock needs to be held when setting node->wild in add_wildcard_magic except when being called from loading_addrdataset which is used to load the zone without locking during its initial load. (cherry picked from commit 81c24b8da270fb06f0d3b9fb5eb92e64d6343ade)
-
Ondřej Surý authored
[9.16] Keep the list of scheduled events on the timer See merge request !7400
-
(cherry picked from commit a7cd0868)
-
as far as I can determine the order of operations is not important. *** CID 351372: Concurrent data access violations (ATOMICITY) /lib/isc/timer.c: 227 in timer_purge() 221 LOCK(&timer->lock); 222 if (!purged) { 223 /* 224 * The event has already been executed, but not 225 * yet destroyed. 226 */ >>> CID 351372: Concurrent data access violations (ATOMICITY) >>> Using an unreliable value of "event" inside the second locked section. If the data that "event" depends on was changed by another thread, this use might be incorrect. 227 timerevent_unlink(timer, event); 228 } 229 } 230 } 231 232 void (cherry picked from commit 98718b3b4b1604935aca952477b7ac97dc32557d)
-
The reference counting and isc_timer_attach()/isc_timer_detach() semantic are actually misleading because it cannot be used under normal conditions. The usual conditions under which is timer used uses the object where timer is used as argument to the "timer" itself. This means that when the caller is using `isc_timer_detach()` it needs the timer to stop and the isc_timer_detach() does that only if this would be the last reference. Unfortunately, this also means that if the timer is attached elsewhere and the timer is fired it will most likely be use-after-free, because the object used in the timer no longer exists. Remove the reference counting from the isc_timer unit, remove isc_timer_attach() function and rename isc_timer_detach() to isc_timer_destroy() to better reflect how the API needs to be used. The only caveat is that the already executed event must be destroyed before the isc_timer_destroy() is called because the timer is no longet attached to .ev_destroy_arg. (cherry picked from commit ae01ec282343d4231167beb19f2ee83c99d95c0c)
-
When we are loading the zones, set the quantum to UINT_MAX, which makes task_run process all tasks at once. After the zone loading is finished the quantum will be dropped to 1 to not block server when we are loading new zones after reconfiguration. (cherry picked from commit 87c4c24c)
-
Add isc_task_setquantum() function that modifies quantum for the future isc_task_run() invocations. NOTE: The current isc_task_run() caches the task->quantum into a local variable and therefore the current event loop is not affected by any quantum change. (cherry picked from commit 15ea6f00)
-
Instead of searching for the events to purge, keep the list of scheduled events on the timer list and purge the events that we have scheduled. (cherry picked from commit 3f8024b4a2f12fcd28a9dd813b6f1f3f11d506f2)
-
The isc_task_purgerange() was walking through all events on the task to find a matching task. Instead use the ISC_LINK_LINKED to find whether the event is active. (cherry picked from commit 17aed2f8)
-
Ondřej Surý authored
Merge branch '3801-reduce-memory-bloat-caused-by-delayed-view-detach-lock-order-inversion-v9_16' into 'v9_16' [9.16] Detach the zone views outside of the zone lock See merge request !7409
-
Ondřej Surý authored
Detaching the views in the zone_shutdown() could lead to lock-order-inversion between adb->namelocks[bucket], adb->lock, view->lock and zone->lock. Detach the views outside of the section that zone-locked. (cherry picked from commit 978a0ef8)
-
Ondřej Surý authored
[9.16] Add python3-ply for ./configure to succeed on BIND 9.16 branch See merge request !7407
-
Ondřej Surý authored
BIND 9.16 needs Python and PLY packages for configure to succeed. Unless we want to tweak the build script to exclude python, we need to add python3-ply package to the CodeQL configuration. (cherry picked from commit 0622d113)
-
Ondřej Surý authored
[9.16] Add CodeQL GitHub Action See merge request !7404
-
Ondřej Surý authored
Replace the decommissioned LGTM service with CodeQL GitHub action. (cherry picked from commit 77abe612)
-
Ondřej Surý authored
[9.16] Avoid implicit algorithm fetch for OpenSSL EVP_MD family See merge request !7399
-
- 18 Jan, 2023 1 commit
-
-
(cherry picked from commit 401294cf)
-