[9.16] Fix DNSRPS builds

See merge request !7475

(cherry picked from commit 493eadd1)

Commit 4f3327cd added a new parameter,
'options', to the prototype of the 'allrdatasets' function pointer in
struct dns_dbmethods.  Handle this new parameter accordingly in
rpsdb_allrdatasets().

(cherry picked from commit f3def4e4)

The --enable-dnsrps-dl switch for ./configure enables preparing a
DNSRPS-enabled build of BIND 9 that is not directly linked against a
DNSRPS provider library (dlopen() at runtime is used instead).  Employ
this switch to test DNSRPS-enabled builds in the pairwise testing job in
GitLab CI.

(cherry picked from commit e688ca53)

Merge branch '3830-nsupdate-failed-to-handle-primary-server-address-lookup-gracefully-v9_16' into 'v9_16'

[9.16] Handle address lookup failure more gracefully

See merge request !7459

(cherry picked from commit fda7858e)

If the address lookup of the primary server fails just abort
the current update request rather than calling exit.  This allows
nsupdate to cleanup gracefully.

(cherry picked from commit f1387514c68c338fe35ed4bfaa73ec06136a9f92)

[9.16] Call dns_lib_destroy in bin/named/main.c:printversion

See merge request isc-projects/bind9!7455

(cherry picked from commit 1d258e2fb8415444e784688be6ec4294c8480c48)

There were unbalanced calls to dns_lib_init and dns_lib_destroy
leading to an OpenSSL memory leak.

(cherry picked from commit 8b3c018f54302222c6212a38f1bcae75c601b602)

[9.16] Teach danger about amend

See merge request isc-projects/bind9!7440

commit --fixup=amend:<hash> produces a subject starting with amend!
by default.  Have danger look for this to ensure that it is squashed
before merging.

(cherry picked from commit 9b124732)

[9.16] Force set DS state after 'rndc dnssec -checkds'

See merge request !7438

(cherry picked from commit 38ffe5acf3abbd9e7b8b258a306a08fb08afe22e)

Set the DS state after issuing 'rndc dnssec -checkds'. If the DS
was published, it should go in RUMOURED state, regardless whether it
is already safe to do so according to the state machine.

Leaving it in HIDDEN (or if it was magically already in OMNIPRESENT or
UNRETENTIVE) would allow for easy shoot in the foot situations.

Similar, if the DS was withdrawn, the state should be set to
UNRETENTIVE. Leaving it in OMNIPRESENT (or RUMOURED/HIDDEN)
would also allow for easy shoot in the foot situations.

(cherry picked from commit ee42f66fbe386b07595a2ea445117b1f44d37497)

[9.16] danger: refine existing rules

See merge request !7436

The following are not also accepted as single-line commits without
generating warnings:
- CHANGES/release note may appear in the beginning of the commit message
- Release note may be capitalized
- Allow commits with "GL #" (e.g. Update documentation for [GL #XXXX])

(cherry picked from commit 79ae467973fc2d97eadf3c038ef892f7e40e0f0a)

When updating the -S edition, the CHANGES.SE file is modified. Make sure
danger accepts that.

(cherry picked from commit 1939e585c0c209b4b1790c1d1340a3adc6f804da)

[9.16] Extend artifact lifetime for release-related jobs

See merge request !7434

Artifacts of the "stress" jobs in GitLab CI are used for generating the
QA summary for a given set of releases.  It happened in the past that
these artifacts were purged before the QA summary was prepared,
unnecessarily prolonging the release process.  A complete set of
artifacts from all such jobs for a single pipeline should be less than 1
GB in size, so extend their lifetime from one day to one week as a more
reasonable compromise between availability and disk space usage.  (Note:
these jobs are also run in scheduled pipelines, but that is expected to
be acceptable in the context of artifact lifetime.)

Artifacts of the "release" jobs in GitLab CI are what we eventually
publish on the FTP server.  It happened in the past that these artifacts
were purged before we copied them to their destination, unnecessarily
prolonging the release process, even though we usually press the "Keep"
button for the "release" jobs manually to keep them around indefinitely
(...

BIND 9.16.37

[9.16] Add missing node lock when setting node->wild in rbtdb.c

See merge request !7415

(cherry picked from commit 5c471c5d)

The write node lock needs to be held when setting node->wild in
add_wildcard_magic except when being called from loading_addrdataset
which is used to load the zone without locking during its initial
load.

(cherry picked from commit 81c24b8da270fb06f0d3b9fb5eb92e64d6343ade)

[9.16] Keep the list of scheduled events on the timer

See merge request !7400

Ondřej Surý authored Apr 01, 2022 and Ondřej Surý committed Jan 19, 2023

(cherry picked from commit a7cd0868)

Mark Andrews authored Apr 06, 2022 and Ondřej Surý committed Jan 19, 2023

as far as I can determine the order of operations is not important.

    *** CID 351372:  Concurrent data access violations  (ATOMICITY)
    /lib/isc/timer.c: 227 in timer_purge()
    221     		LOCK(&timer->lock);
    222     		if (!purged) {
    223     			/*
    224     			 * The event has already been executed, but not
    225     			 * yet destroyed.
    226     			 */
    >>>     CID 351372:  Concurrent data access violations  (ATOMICITY)
    >>>     Using an unreliable value of "event" inside the second locked section. If the data that "event" depends on was changed by another thread, this use might be incorrect.
    227     			timerevent_unlink(timer, event);
    228     		}
    229     	}
    230     }
    231
    232     void

(cherry picked from commit 98718b3b4b1604935aca952477b7ac97dc32557d)

Ondřej Surý authored Apr 02, 2022 and Ondřej Surý committed Jan 19, 2023

The reference counting and isc_timer_attach()/isc_timer_detach()
semantic are actually misleading because it cannot be used under normal
conditions.  The usual conditions under which is timer used uses the
object where timer is used as argument to the "timer" itself.  This
means that when the caller is using `isc_timer_detach()` it needs the
timer to stop and the isc_timer_detach() does that only if this would be
the last reference.  Unfortunately, this also means that if the timer is
attached elsewhere and the timer is fired it will most likely be
use-after-free, because the object used in the timer no longer exists.

Remove the reference counting from the isc_timer unit, remove
isc_timer_attach() function and rename isc_timer_detach() to
isc_timer_destroy() to better reflect how the API needs to be used.

The only caveat is that the already executed event must be destroyed
before the isc_timer_destroy() is called because the timer is no longet
attached to .ev_destroy_arg.

(cherry picked from commit ae01ec282343d4231167beb19f2ee83c99d95c0c)

Ondřej Surý authored Mar 31, 2022 and Ondřej Surý committed Jan 19, 2023

When we are loading the zones, set the quantum to UINT_MAX, which makes
task_run process all tasks at once.  After the zone loading is finished
the quantum will be dropped to 1 to not block server when we are loading
new zones after reconfiguration.

(cherry picked from commit 87c4c24c)

Ondřej Surý authored Apr 01, 2022 and Ondřej Surý committed Jan 19, 2023

Add isc_task_setquantum() function that modifies quantum for the future
isc_task_run() invocations.

NOTE: The current isc_task_run() caches the task->quantum into a local
variable and therefore the current event loop is not affected by any
quantum change.

(cherry picked from commit 15ea6f00)

Ondřej Surý authored Mar 31, 2022 and Ondřej Surý committed Jan 19, 2023

Instead of searching for the events to purge, keep the list of scheduled
events on the timer list and purge the events that we have scheduled.

(cherry picked from commit 3f8024b4a2f12fcd28a9dd813b6f1f3f11d506f2)

Ondřej Surý authored Mar 31, 2022 and Ondřej Surý committed Jan 19, 2023

The isc_task_purgerange() was walking through all events on the task to
find a matching task.  Instead use the ISC_LINK_LINKED to find whether
the event is active.

(cherry picked from commit 17aed2f8)

Merge branch '3801-reduce-memory-bloat-caused-by-delayed-view-detach-lock-order-inversion-v9_16' into 'v9_16'

[9.16] Detach the zone views outside of the zone lock

See merge request !7409

Detaching the views in the zone_shutdown() could lead to
lock-order-inversion between adb->namelocks[bucket], adb->lock,
view->lock and zone->lock.  Detach the views outside of the section that
zone-locked.

(cherry picked from commit 978a0ef8)

[9.16] Add python3-ply for ./configure to succeed on BIND 9.16 branch

See merge request !7407

BIND 9.16 needs Python and PLY packages for configure to succeed.
Unless we want to tweak the build script to exclude python, we need to
add python3-ply package to the CodeQL configuration.

(cherry picked from commit 0622d113)

[9.16] Add CodeQL GitHub Action

See merge request !7404

Replace the decommissioned LGTM service with CodeQL GitHub action.

(cherry picked from commit 77abe612)

[9.16] Avoid implicit algorithm fetch for OpenSSL EVP_MD family

See merge request !7399

Ondřej Surý authored Jan 16, 2023 and Ondřej Surý committed Jan 18, 2023

(cherry picked from commit 401294cf)