BIND issues
https://gitlab.isc.org/isc-projects/bind9/-/issues
2021-05-20T12:22:22Z
https://gitlab.isc.org/isc-projects/bind9/-/issues/2709
"make install" unnecessarily creates certain directories
2021-05-20T12:22:22Z
Michał Kępień
"make install" unnecessarily creates certain directories
Creating `etc/` is not necessary since 2009, when we [started][2]
shipping `bind.keys`. That being said, IMHO it was unnecessary even
before, but oh well.
Creating `var/` is not necessary since 2008, which is when
`named_os_openfile()`...
Creating `etc/` is not necessary since 2009, when we [started][2]
shipping `bind.keys`. That being said, IMHO it was unnecessary even
before, but oh well.
Creating `var/` is not necessary since 2008, which is when
`named_os_openfile()` [started][1] calling `mkdir()`.
The bottom line is that neither of these directories should be created
by `make install` these days. I would fix it in ~"v9.16" and leave
~"v9.11" alone, this is nothing critical.
(Found while [working][3] on #2629/!4945.)
[1]: f6f1672b4e460571c418e43ae3bd0fae97e4c149
[2]: 3a30493983df83a3184dd1ecd39cf31ccdac3bad
[3]: https://gitlab.isc.org/isc-projects/bind9/-/merge_requests/4945#note_214242
June 2021 (9.11.33, 9.11.33-S1, 9.16.17/9.16.18, 9.16.17-S1/9.16.18-S1, 9.17.14/9.17.15)
Michał Kępień
Michał Kępień
https://gitlab.isc.org/isc-projects/bind9/-/issues/2708
named doesn't compile with GCC 10.
2021-05-28T10:33:58Z
Mark Andrews
named doesn't compile with GCC 10.
```
CC libisc_la-lib.lo
lib.c:39:1: error: constructor priorities are not supported
39 | isc__initialize(void) ISC_CONSTRUCTOR(101);
| ^~~~~~~~~~~~~~~
lib.c:41:1: error: destructor priorities are not supported
41 | is...
```
CC libisc_la-lib.lo
lib.c:39:1: error: constructor priorities are not supported
39 | isc__initialize(void) ISC_CONSTRUCTOR(101);
| ^~~~~~~~~~~~~~~
lib.c:41:1: error: destructor priorities are not supported
41 | isc__shutdown(void) ISC_DESTRUCTOR(101);
| ^~~~~~~~~~~~~
```
June 2021 (9.11.33, 9.11.33-S1, 9.16.17/9.16.18, 9.16.17-S1/9.16.18-S1, 9.17.14/9.17.15)
https://gitlab.isc.org/isc-projects/bind9/-/issues/2707
RUNTIME_CHECK(((__libc_cond_wait(((cond)), ((&worker->lock))) == 0) ? 0 : 34)...
2021-05-18T09:13:53Z
Michal Nowak
RUNTIME_CHECK(((__libc_cond_wait(((cond)), ((&worker->lock))) == 0) ? 0 : 34) == 0) fail on NetBSD
`main` and `v9_16` fail on NetBSD 9.1/9.2 on some unit tests and many system tests (e.g. auth) with:
```
netmgr/netmgr.c:882: fatal error: RUNTIME_CHECK(((__libc_cond_wait(((cond)), ((&worker->lock))) == 0) ? 0 : 34) == 0) failed
```
Th...
`main` and `v9_16` fail on NetBSD 9.1/9.2 on some unit tests and many system tests (e.g. auth) with:
```
netmgr/netmgr.c:882: fatal error: RUNTIME_CHECK(((__libc_cond_wait(((cond)), ((&worker->lock))) == 0) ? 0 : 34) == 0) failed
```
The culprit has to be a recent change because `v9_17_12` works fine.
[query_test.log](/uploads/d9922a38acb20185c4569be757631f5f/query_test.log)
[notify_test.log](/uploads/2b5dc113e2cede4bcf7ca96e4eab42ec/notify_test.log)
[listenlist_test.log](/uploads/e29e79c222450adc26f46eed0e2dc5f8/listenlist_test.log)
[task_test.log](/uploads/9ff466b45de6bb843763baa59f5826bb/task_test.log)
June 2021 (9.11.33, 9.11.33-S1, 9.16.17/9.16.18, 9.16.17-S1/9.16.18-S1, 9.17.14/9.17.15)
https://gitlab.isc.org/isc-projects/bind9/-/issues/2706
worker->cond_prio needs to be initialised
2021-05-24T13:56:55Z
Mark Andrews
worker->cond_prio needs to be initialised
```
netmgr/netmgr.c:882: fatal error: 18-May-2021 16:29:07.661 netmgr/netmgr.c:882: fatal error:
netmgr/netmgr.c:882: fatal error: netmgr/netmgr.c:882: fatal error: netmgr/netmgr.c:882: fatal error: netmgr/netmgr.c:882: fatal error: netm...
```
netmgr/netmgr.c:882: fatal error: 18-May-2021 16:29:07.661 netmgr/netmgr.c:882: fatal error:
netmgr/netmgr.c:882: fatal error: netmgr/netmgr.c:882: fatal error: netmgr/netmgr.c:882: fatal error: netmgr/netmgr.c:882: fatal error: netmgr/netmgr.c:882: fatal error: RUNTIME_CHECK(((pthread_cond_wait(((cond)), ((&worker->lock))) == 0) ? 0 : 34) == 0) failedRUNTIME_CHECK(((pthread_cond_wait(((cond)), ((&worker->lock))) == 0) ? 0 : 34) == 0) failedRUNTIME_CHECK(((pthread_cond_wait(((cond)), ((&worker->lock))) == 0) ? 0 : 34) == 0) failedRUNTIME_CHECK(((pthread_cond_wait(((cond)), ((&worker->lock))) == 0) ? 0 : 34) == 0) failedRUNTIME_CHECK(((pthread_cond_wait(((cond)), ((&worker->lock))) == 0) ? 0 : 34) == 0) failedRUNTIME_CHECK(((pthread_cond_wait(((cond)), ((&worker->lock))) == 0) ? 0 : 34) == 0) failed18-May-2021 16:29:07.662 max open files (10240) is smaller than max sockets (21000)
18-May-2021 16:29:07.662 RUNTIME_CHECK(((pthread_cond_wait(((cond)), ((&worker->lock))) == 0) ? 0 : 34) == 0) failed
```
June 2021 (9.11.33, 9.11.33-S1, 9.16.17/9.16.18, 9.16.17-S1/9.16.18-S1, 9.17.14/9.17.15)
https://gitlab.isc.org/isc-projects/bind9/-/issues/2705
Bind9 version 9.17.12 TLS capability problem
2023-11-21T02:20:30Z
Do He
Bind9 version 9.17.12 TLS capability problem
I tried version **9.17.12** because of the new TLS features.
Assume the following TLS settings in _named.conf_
```
tls mytls {
cert-file "/etc/ssl/example.crt";
key-file "/etc/ssl/example.key";
};
```
Both files are owned by roo...
I tried version **9.17.12** because of the new TLS features.
Assume the following TLS settings in _named.conf_
```
tls mytls {
cert-file "/etc/ssl/example.crt";
key-file "/etc/ssl/example.key";
};
```
Both files are owned by root:root and chmod 0600.
```
-rw------- 1 root root 5938 May 14 02:19 example.crt
-rw------- 1 root root 3243 May 14 02:19 example.key
```
Bind9 is started with a `-u bind` parameter.
If compiled with `--disable-linux-caps`:
- named will start
- _rdnc reload_ will fail
If compiled without `--disable-linux-caps`:
- named will not start
In both cases the same error is raised:
```
May 17 21:33:22 s1 named[3596]: Error initializing TLS context: error:0200100D:system library:fopen:Permission denied
May 17 21:33:22 s1 named[3596]: loading configuration: TLS error
```
I know this is due to the privilege drop of the daemon. However both scenarios are uncommon if compared to other relevant Linux software. Especially for the second case with enabled capability support. The privilege drop seems to happen before the certificates are loaded.
However I still want to report this because it's unintuitive in my eyes. My expectation would be:
- Named starts in both scenarios
- _rdnc reload_ works but doesn't trigger a TLS stack reload without the necessary privileges
Thanks for any help.
Dominik
Not planned
https://gitlab.isc.org/isc-projects/bind9/-/issues/2704
Bind9 version 9.17.12 not starting without different DNS server
2021-05-26T22:26:34Z
Do He
Bind9 version 9.17.12 not starting without different DNS server
I tried version **9.17.12** because of the new TLS features.
My _resolv.conf_ only contains the local resolver _127.0.0.1_ and _::1_.
The problem is that the new Bind9 doesn't start without having an alternative resolver in resolv.conf....
I tried version **9.17.12** because of the new TLS features.
My _resolv.conf_ only contains the local resolver _127.0.0.1_ and _::1_.
The problem is that the new Bind9 doesn't start without having an alternative resolver in resolv.conf. It looks like something in the Bind9 startup process relies on DNS before itself is serving queries.
The last message in the logfile is:
`named[14264]: managed-keys-zone: Failed to create fetch for DNSKEY update`
After that the Bind9 process is running but doesn't answer queries.
Using the same build with the same config, but with an alternative resolver in _resolv.conf_ starts fine and serves DNS afterwards.
Starting with disabled DNSSEC makes the error message go away, but still spawns an unresponsive DNS resolver.
Thanks for any help.
Dominik
[named.conf](/uploads/100f7b902e9d09630c996a919c014367/named.conf)
[log.txt](/uploads/cdc57d006323edca79cd6817faab78e7/log.txt)
June 2021 (9.11.33, 9.11.33-S1, 9.16.17/9.16.18, 9.16.17-S1/9.16.18-S1, 9.17.14/9.17.15)
https://gitlab.isc.org/isc-projects/bind9/-/issues/2703
gcc-10+ -fanalyzer reports dereference of NULL ‘text’ in server.c:14721
2021-07-14T19:15:38Z
Ondřej Surý
gcc-10+ -fanalyzer reports dereference of NULL ‘text’ in server.c:14721
```
server.c:14721:35: error: dereference of NULL ‘text’ [CWE-476] [-Werror=analyzer-null-dereference]
14721 | if (isc_buffer_usedlength(*text) > 0) {
../../lib/isc/include/isc/buffer.h:160:41: note: in definition of macro ‘isc_b...
```
server.c:14721:35: error: dereference of NULL ‘text’ [CWE-476] [-Werror=analyzer-null-dereference]
14721 | if (isc_buffer_usedlength(*text) > 0) {
../../lib/isc/include/isc/buffer.h:160:41: note: in definition of macro ‘isc_buffer_usedlength’
160 | #define isc_buffer_usedlength(b) ((b)->used) /* d-a */
| ^
‘named_server_showzone’: event 1
|
|server.c:14633:1:
|14633 | named_server_showzone(named_server_t *server, isc_lex_t *lex,
| | ^~~~~~~~~~~~~~~~~~~~~
| | |
| | (1) entry to ‘named_server_showzone’
|
‘named_server_showzone’: event 2
|
|14649 | CHECK(zone_from_args(server, lex, NULL, &zone, zonename, text, true));
| | ^
| | |
| | (2) calling ‘zone_from_args’ from ‘named_server_showzone’
server.c:191:27: note: in definition of macro ‘CHECK’
| 191 | result = (op); \
| | ^~
|
+--> ‘zone_from_args’: event 3
|
|10671 | zone_from_args(named_server_t *server, isc_lex_t *lex, const char *zonetxt,
| | ^~~~~~~~~~~~~~
| | |
| | (3) entry to ‘zone_from_args’
|
‘zone_from_args’: event 4
|
|../../lib/isc/include/isc/util.h:287:20:
| 287 | #define REQUIRE(e) assert(e)
| | ^~~~~~
| | |
| | (4) following ‘true’ branch...
server.c:10686:9: note: in expansion of macro ‘REQUIRE’
|10686 | REQUIRE(zonep != NULL && *zonep == NULL);
| | ^~~~~~~
|
‘zone_from_args’: events 5-8
|
|10688 | if (skip) {
| | ^~ ~
| | | |
| | | (6) following ‘true’ branch (when ‘skip != 0’)...
| | (5) ...to here
|10689 | /* Skip the command name. */
|10690 | ptr = next_token(lex, text);
| | ~~~ ~~~~~~~~~~~~~~~~~~~~~
| | | |
| | | (8) calling ‘next_token’ from ‘zone_from_args’
| | (7) ...to here
|
+--> ‘next_token’: events 9-11
|
|10619 | next_token(isc_lex_t *lex, isc_buffer_t **text) {
| | ^~~~~~~~~~
| | |
| | (9) entry to ‘next_token’
|......
|10639 | (void)putnull(text);
| | ~~~~~~~~~~~~~
| | |
| | (11) ...to here
|......
|10643 | if (text != NULL) {
| | ~
| | |
| | (10) following ‘false’ branch (when ‘text’ is NULL)...
|
<------+
|
‘zone_from_args’: events 12-13
|
|10690 | ptr = next_token(lex, text);
| | ^~~~~~~~~~~~~~~~~~~~~
| | |
| | (12) returning to ‘zone_from_args’ from ‘next_token’
|10691 | if (ptr == NULL) {
| | ~
| | |
| | (13) following ‘true’ branch (when ‘ptr’ is NULL)...
|
‘zone_from_args’: event 14
|
|cc1:
| (14): ...to here
|
<------+
|
‘named_server_showzone’: event 15
|
|14649 | CHECK(zone_from_args(server, lex, NULL, &zone, zonename, text, true));
| | ^
| | |
| | (15) returning to ‘named_server_showzone’ from ‘zone_from_args’
server.c:191:27: note: in definition of macro ‘CHECK’
| 191 | result = (op); \
| | ^~
|
‘named_server_showzone’: event 16
|
| 192 | if (result != ISC_R_SUCCESS) \
| | ^
| | |
| | (16) following ‘true’ branch (when ‘result != 0’)...
server.c:14649:9: note: in expansion of macro ‘CHECK’
|14649 | CHECK(zone_from_args(server, lex, NULL, &zone, zonename, text, true));
| | ^~~~~
|
‘named_server_showzone’: event 17
|
| 193 | goto cleanup; \
| | ^~~~
| | |
| | (17) ...to here
server.c:14649:9: note: in expansion of macro ‘CHECK’
|14649 | CHECK(zone_from_args(server, lex, NULL, &zone, zonename, text, true));
| | ^~~~~
|
‘named_server_showzone’: events 18-19
|
|14717 | if (nzconfig != NULL) {
| | ^
| | |
| | (18) following ‘false’ branch...
|......
|14721 | if (isc_buffer_usedlength(*text) > 0) {
| | ~~
| | |
| | (19) ...to here
|
‘named_server_showzone’: event 20
|
|14721 | if (isc_buffer_usedlength(*text) > 0) {
../../lib/isc/include/isc/buffer.h:160:41: note: in definition of macro ‘isc_buffer_usedlength’
| 160 | #define isc_buffer_usedlength(b) ((b)->used) /* d-a */
| | ^
|
```
August 2021 (9.11.35, 9.11.35-S1, 9.16.20, 9.16.20-S1, 9.17.17)
https://gitlab.isc.org/isc-projects/bind9/-/issues/2702
gcc-10+ -fanalyzer reports:
2021-05-18T05:49:37Z
Ondřej Surý
gcc-10+ -fanalyzer reports:
```
rbtdb.c: In function ‘previous_closest_nsec’:
rbtdb.c:3714:21: error: dereference of NULL ‘firstp’ [CWE-476] [-Werror=analyzer-null-dereference]
3714 | if (*firstp) {
| ^~~~~~~
‘find_close...
```
rbtdb.c: In function ‘previous_closest_nsec’:
rbtdb.c:3714:21: error: dereference of NULL ‘firstp’ [CWE-476] [-Werror=analyzer-null-dereference]
3714 | if (*firstp) {
| ^~~~~~~
‘find_closest_nsec’: events 1-2
|
| 3805 | find_closest_nsec(rbtdb_search_t *search, dns_dbnode_t **nodep,
| | ^~~~~~~~~~~~~~~~~
| | |
| | (1) entry to ‘find_closest_nsec’
|......
| 3842 | if (result != ISC_R_SUCCESS) {
| | ~
| | |
| | (2) following ‘false’ branch (when ‘result == 0’)...
|
‘find_closest_nsec’: event 3
|
|cc1:
| (3): ...to here
|
‘find_closest_nsec’: event 4
|
|../../lib/isc/include/isc/util.h:322:26:
| 322 | #define RUNTIME_CHECK(e) assert(e)
| | ^~~~~~
| | |
| | (4) following ‘true’ branch...
../../lib/isc/include/isc/util.h:162:17: note: in expansion of macro ‘RUNTIME_CHECK’
| 162 | RUNTIME_CHECK(isc_rwlock_lock((lp), (t)) == ISC_R_SUCCESS); \
| | ^~~~~~~~~~~~~
rbtdb.c:167:29: note: in expansion of macro ‘RWLOCK’
| 167 | #define NODE_LOCK(l, t) RWLOCK((l), (t))
| | ^~~~~~
rbtdb.c:3846:17: note: in expansion of macro ‘NODE_LOCK’
| 3846 | NODE_LOCK(&(search->rbtdb->node_locks[node->locknum].lock),
| | ^~~~~~~~~
|
‘find_closest_nsec’: event 5
|
|../../lib/isc/include/isc/util.h:164:71:
| 164 | (lp), (t), __FILE__, __LINE__)); \
| | ^
| | |
| | (5) ...to here
rbtdb.c:167:29: note: in expansion of macro ‘RWLOCK’
| 167 | #define NODE_LOCK(l, t) RWLOCK((l), (t))
| | ^~~~~~
rbtdb.c:3846:17: note: in expansion of macro ‘NODE_LOCK’
| 3846 | NODE_LOCK(&(search->rbtdb->node_locks[node->locknum].lock),
| | ^~~~~~~~~
|
‘find_closest_nsec’: events 6-14
|
| 3851 | for (header = node->data; header != NULL; header = header_next)
| | ^
| | |
| | (6) following ‘true’ branch (when ‘header’ is non-NULL)...
| 3852 | {
| 3853 | header_next = header->next;
| | ~~~~~~~~~~~
| | |
| | (7) ...to here
|......
| 3864 | if (NONEXISTENT(header)) {
| | ~
| | |
| | (8) following ‘false’ branch...
|......
| 3872 | if (header != NULL) {
| | ~~ ~
| | | |
| | | (10) following ‘true’ branch (when ‘header’ is non-NULL)...
| | (9) ...to here
|......
| 3877 | empty_node = false;
| | ~~~~~~~~~~
| | |
| | (11) ...to here
| 3878 | if (header->type == type) {
| | ~
| | |
| | (12) following ‘true’ branch...
| 3879 | found = header;
| | ~~~~~
| | |
| | (13) ...to here
| 3880 | if (foundsig != NULL) {
| | ~
| | |
| | (14) following ‘false’ branch (when ‘foundsig’ is NULL)...
|
‘find_closest_nsec’: event 15
|
|cc1:
| (15): ...to here
|
‘find_closest_nsec’: events 16-20
|
| 3891 | if (!empty_node) {
| | ^
| | |
| | (16) following ‘false’ branch (when ‘empty_node == 0’)...
| 3892 | if (found != NULL && search->rbtversion->havensec3 &&
| | ~~ ~
| | | |
| | | (18) following ‘true’ branch...
| | (17) ...to here
| 3893 | found->type == dns_rdatatype_nsec3 &&
| 3894 | !matchparams(found, search))
| | ~~~~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (19) ...to here
| | (20) calling ‘matchparams’ from ‘find_closest_nsec’
|
+--> ‘matchparams’: event 21
|
| 3649 | matchparams(rdatasetheader_t *header, rbtdb_search_t *search) {
| | ^~~~~~~~~~~
| | |
| | (21) entry to ‘matchparams’
|
‘matchparams’: event 22
|
|../../lib/isc/include/isc/util.h:287:20:
| 287 | #define REQUIRE(e) assert(e)
| | ^~~~~~
| | |
| | (22) following ‘true’ branch...
rbtdb.c:3657:9: note: in expansion of macro ‘REQUIRE’
| 3657 | REQUIRE(header->type == dns_rdatatype_nsec3);
| | ^~~~~~~
|
‘matchparams’: event 23
|
| 3659 | raw = (unsigned char *)header + sizeof(*header);
| | ^~~
| | |
| | (23) ...to here
|
<------+
|
‘find_closest_nsec’: events 24-27
|
| 3892 | if (found != NULL && search->rbtversion->havensec3 &&
| | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| 3893 | found->type == dns_rdatatype_nsec3 &&
| | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (25) following ‘false’ branch...
| 3894 | !matchparams(found, search))
| | ~^~~~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (24) returning to ‘find_closest_nsec’ from ‘matchparams’
| 3895 | {
| 3896 | empty_node = true;
| | ~~~~~~~~~~
| | |
| | (26) ...to here
|......
| 3899 | result = previous_closest_nsec(
| | ~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (27) calling ‘previous_closest_nsec’ from ‘find_closest_nsec’
| 3900 | type, search, name, origin, &prevnode,
| | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| 3901 | NULL, NULL);
| | ~~~~~~~~~~~
|
+--> ‘previous_closest_nsec’: event 28
|
| 3690 | previous_closest_nsec(dns_rdatatype_t type, rbtdb_search_t *search,
| | ^~~~~~~~~~~~~~~~~~~~~
| | |
| | (28) entry to ‘previous_closest_nsec’
|
‘previous_closest_nsec’: event 29
|
|../../lib/isc/include/isc/util.h:287:20:
| 287 | #define REQUIRE(e) assert(e)
| | ^~~~~~
| | |
| | (29) following ‘true’ branch...
rbtdb.c:3699:9: note: in expansion of macro ‘REQUIRE’
| 3699 | REQUIRE(nodep != NULL && *nodep == NULL);
| | ^~~~~~~
|
‘previous_closest_nsec’: events 30-33
|
| 3701 | if (type == dns_rdatatype_nsec3) {
| | ^~ ~
| | | |
| | | (31) following ‘false’ branch (when ‘type != 50’)...
| | (30) ...to here
|......
| 3711 | target = dns_fixedname_initname(&ftarget);
| | ~~~~~~
| | |
| | (32) ...to here
|......
| 3714 | if (*firstp) {
| | ~~~~~~~
| | |
| | (33) dereference of NULL ‘firstp’
|
rbtdb.c: In function ‘update_recordsandxfrsize’:
rbtdb.c:6100:37: error: dereference of NULL ‘rbtversion’ [CWE-476] [-Werror=analyzer-null-dereference]
6100 | rbtversion->records += dns_rdataslab_count(hdr, hdrsize);
| ^~
‘add32’: events 1-5
|
| 6113 | add32(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, const dns_name_t *nodename,
| | ^~~~~
| | |
| | (1) entry to ‘add32’
|......
| 6151 | if (rbtversion != NULL && !loading) {
| | ~
| | |
| | (2) following ‘false’ branch...
|......
| 6164 | newheader_nx = NONEXISTENT(newheader) ? true : false;
| | ~~~~~~~~~~~~
| | |
| | (3) ...to here
|......
| 6168 | if (rbtversion == NULL && !newheader_nx) {
| | ~
| | |
| | (4) following ‘true’ branch...
| 6169 | rdtype = RBTDB_RDATATYPE_BASE(newheader->type);
| | ~~~~~~
| | |
| | (5) ...to here
|
‘add32’: events 6-7
|
| 6187 | topheader != NULL;
| | ^
| | |
| | (6) following ‘false’ branch (when ‘topheader’ is NULL)...
|......
| 6192 | goto find_header;
| | ~~~~
| | |
| | (7) ...to here
|
‘add32’: events 8-20
|
| 6275 | while (header != NULL && IGNORE(header)) {
| | ^
| | |
| | (8) following ‘false’ branch (when ‘header’ is NULL)...
|......
| 6278 | if (header != NULL) {
| | ~~ ~
| | | |
| | | (10) following ‘false’ branch (when ‘header’ is NULL)...
| | (9) ...to here
|......
| 6584 | if (newheader_nx) {
| | ~~ ~
| | | |
| | | (12) following ‘false’ branch...
| | (11) ...to here
|......
| 6589 | idx = newheader->node->locknum;
| | ~~~
| | |
| | (13) ...to here
|......
| 6604 | } else if (RESIGN(newheader)) {
| | ~
| | |
| | (14) following ‘false’ branch...
|......
| 6614 | if (topheader != NULL) {
| | ~~ ~
| | | |
| | | (16) following ‘false’ branch (when ‘topheader’ is NULL)...
| | (15) ...to here
|......
| 6642 | newheader->next = rbtnode->data;
| | ~~~~~~~~~
| | |
| | (17) ...to here
|......
| 6648 | if (rbtversion != NULL && !newheader_nx) {
| | ~
| | |
| | (18) following ‘true’ branch...
| 6649 | update_recordsandxfrsize(true, rbtversion, newheader,
| | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (19) ...to here
| | (20) calling ‘update_recordsandxfrsize’ from ‘add32’
| 6650 | nodename->length);
| | ~~~~~~~~~~~~~~~~~
|
+--> ‘update_recordsandxfrsize’: event 21
|
| 6093 | update_recordsandxfrsize(bool add, rbtdb_version_t *rbtversion,
| | ^~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (21) entry to ‘update_recordsandxfrsize’
|
‘update_recordsandxfrsize’: event 22
|
|../../lib/isc/include/isc/util.h:322:26:
| 322 | #define RUNTIME_CHECK(e) assert(e)
| | ^~~~~~
| | |
| | (22) following ‘true’ branch...
../../lib/isc/include/isc/util.h:162:17: note: in expansion of macro ‘RUNTIME_CHECK’
| 162 | RUNTIME_CHECK(isc_rwlock_lock((lp), (t)) == ISC_R_SUCCESS); \
| | ^~~~~~~~~~~~~
rbtdb.c:6098:9: note: in expansion of macro ‘RWLOCK’
| 6098 | RWLOCK(&rbtversion->rwlock, isc_rwlocktype_write);
| | ^~~~~~
|
‘update_recordsandxfrsize’: event 23
|
|../../lib/isc/include/isc/util.h:164:71:
| 164 | (lp), (t), __FILE__, __LINE__)); \
| | ^
| | |
| | (23) ...to here
rbtdb.c:6098:9: note: in expansion of macro ‘RWLOCK’
| 6098 | RWLOCK(&rbtversion->rwlock, isc_rwlocktype_write);
| | ^~~~~~
|
‘update_recordsandxfrsize’: events 24-26
|
| 6099 | if (add) {
| | ^
| | |
| | (24) following ‘true’ branch (when ‘add != 0’)...
| 6100 | rbtversion->records += dns_rdataslab_count(hdr, hdrsize);
| | ~~~~~~~~~~ ~~
| | | |
| | | (26) dereference of NULL ‘rbtversion’
| | (25) ...to here
|
In file included from ../../lib/isc/include/isc/util.h:14,
from rbtdb.c:40:
rbtdb.c: In function ‘add32’:
rbtdb.c:6321:42: error: dereference of NULL ‘rbtversion’ [CWE-476] [-Werror=analyzer-null-dereference]
6321 | INSIST(rbtversion->serial >= header->serial);
| ~~~~~~~~~~^~~~~~~~
rbtdb.c:6321:25: note: in expansion of macro ‘INSIST’
6321 | INSIST(rbtversion->serial >= header->serial);
| ^~~~~~
‘add32’: events 1-8
|
| 6151 | if (rbtversion != NULL && !loading) {
| | ^
| | |
| | (1) following ‘false’ branch...
|......
| 6164 | newheader_nx = NONEXISTENT(newheader) ? true : false;
| | ~~~~~~~~~~~~
| | |
| | (2) ...to here
|......
| 6168 | if (rbtversion == NULL && !newheader_nx) {
| | ~
| | |
| | (3) following ‘true’ branch...
| 6169 | rdtype = RBTDB_RDATATYPE_BASE(newheader->type);
| | ~~~~~~
| | |
| | (4) ...to here
|......
| 6172 | if (NEGATIVE(newheader)) {
| | ~
| | |
| | (5) following ‘true’ branch...
|......
| 6176 | if (covers == dns_rdatatype_any) {
| | ~~ ~
| | | |
| | | (7) following ‘false’ branch (when ‘covers != 255’)...
| | (6) ...to here
|......
| 6198 | for (topheader = rbtnode->data; topheader != NULL;
| | ~~~
| | |
| | (8) ...to here
|
‘add32’: events 9-10
|
| 6198 | for (topheader = rbtnode->data; topheader != NULL;
| | ^
| | |
| | (9) following ‘true’ branch (when ‘topheader’ is non-NULL)...
| 6199 | topheader = topheader->next) {
| 6200 | if (topheader->type == sigtype) {
| | ~~
| | |
| | (10) ...to here
|
‘add32’: events 11-20
|
| 6275 | while (header != NULL && IGNORE(header)) {
| | ^
| | |
| | (11) following ‘false’ branch...
|......
| 6278 | if (header != NULL) {
| | ~~ ~
| | | |
| | | (13) following ‘true’ branch (when ‘header’ is non-NULL)...
| | (12) ...to here
| 6279 | header_nx = NONEXISTENT(header) ? true : false;
| | ~~~~~~~~~
| | |
| | (14) ...to here
|......
| 6284 | if (header_nx && newheader_nx) {
| | ~
| | |
| | (15) following ‘false’ branch...
|......
| 6296 | if (rbtversion == NULL && trust < header->trust &&
| | ~~ ~ ~~~~~~~~~~~~~
| | | | |
| | | | (18) ...to here
| | | (17) following ‘true’ branch (when ‘rbtversion’ is NULL)...
| | (16) ...to here
|......
| 6319 | if (merge) {
| | ~
| | |
| | (19) following ‘true’ branch (when ‘merge != 0’)...
| 6320 | unsigned int flags = 0;
| | ~~~~~~~~
| | |
| | (20) ...to here
|
‘add32’: event 21
|
| 6321 | INSIST(rbtversion->serial >= header->serial);
| | ~~~~~~~~~~^~~~~~~~
| | |
| | (21) dereference of NULL ‘rbtversion’
rbtdb.c:6321:25: note: in expansion of macro ‘INSIST’
| 6321 | INSIST(rbtversion->serial >= header->serial);
| | ^~~~~~
|
```
June 2021 (9.11.33, 9.11.33-S1, 9.16.17/9.16.18, 9.16.17-S1/9.16.18-S1, 9.17.14/9.17.15)
https://gitlab.isc.org/isc-projects/bind9/-/issues/2701
gcc-10+ -fanalyzer reports: dereference of NULL ‘label’ in lib/dns/name.c:1167
2021-05-18T06:46:15Z
Ondřej Surý
gcc-10+ -fanalyzer reports: dereference of NULL ‘label’ in lib/dns/name.c:1167
Full report:
```
name.c: In function ‘dns_name_fromtext’:
name.c:1167:40: error: dereference of NULL ‘label’ [CWE-476] [-Werror=analyzer-null-dereference]
1167 | *label = count;
| ...
Full report:
```
name.c: In function ‘dns_name_fromtext’:
name.c:1167:40: error: dereference of NULL ‘label’ [CWE-476] [-Werror=analyzer-null-dereference]
1167 | *label = count;
| ~~~~~~~^~~~~~~
‘dns_name_fromstring’: events 1-2
|
| 2429 | dns_name_fromstring(dns_name_t *target, const char *src, unsigned int options,
| | ^~~~~~~~~~~~~~~~~~~
| | |
| | (1) entry to ‘dns_name_fromstring’
| 2430 | isc_mem_t *mctx) {
| 2431 | return (dns_name_fromstring2(target, src, dns_rootname, options, mctx));
| | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (2) calling ‘dns_name_fromstring2’ from ‘dns_name_fromstring’
|
+--> ‘dns_name_fromstring2’: event 3
|
| 2435 | dns_name_fromstring2(dns_name_t *target, const char *src,
| | ^~~~~~~~~~~~~~~~~~~~
| | |
| | (3) entry to ‘dns_name_fromstring2’
|
‘dns_name_fromstring2’: event 4
|
|../../lib/isc/include/isc/util.h:287:20:
| 287 | #define REQUIRE(e) assert(e)
| | ^~~~~~
| | |
| | (4) following ‘true’ branch (when ‘src’ is non-NULL)...
name.c:2443:9: note: in expansion of macro ‘REQUIRE’
| 2443 | REQUIRE(src != NULL);
| | ^~~~~~~
|
‘dns_name_fromstring2’: event 5
|
|../../lib/isc/include/isc/buffer.h:1051:9:
| 1051 | do { \
| | ^~
| | |
| | (5) ...to here
name.c:2445:9: note: in expansion of macro ‘isc_buffer_constinit’
| 2445 | isc_buffer_constinit(&buf, src, strlen(src));
| | ^~~~~~~~~~~~~~~~~~~~
|
‘dns_name_fromstring2’: event 6
|
| 2453 | result = dns_name_fromtext(name, &buf, origin, options, NULL);
| | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (6) calling ‘dns_name_fromtext’ from ‘dns_name_fromstring2’
|
+--> ‘dns_name_fromtext’: event 7
|
| 1057 | dns_name_fromtext(dns_name_t *name, isc_buffer_t *source,
| | ^~~~~~~~~~~~~~~~~
| | |
| | (7) entry to ‘dns_name_fromtext’
|
‘dns_name_fromtext’: event 8
|
|../../lib/isc/include/isc/util.h:287:20:
| 287 | #define REQUIRE(e) assert(e)
| | ^~~~~~
| | |
| | (8) following ‘true’ branch...
name.c:1082:9: note: in expansion of macro ‘REQUIRE’
| 1082 | REQUIRE(VALID_NAME(name));
| | ^~~~~~~
|
‘dns_name_fromtext’: event 9
|
|../../lib/isc/include/isc/util.h:287:20:
| 287 | #define REQUIRE(e) assert(e)
| | ^~~~~~
| | |
| | (9) ...to here
name.c:1083:9: note: in expansion of macro ‘REQUIRE’
| 1083 | REQUIRE(ISC_BUFFER_VALID(source));
| | ^~~~~~~
|
‘dns_name_fromtext’: event 10
|
|../../lib/isc/include/isc/util.h:287:20:
| 287 | #define REQUIRE(e) assert(e)
| | ^~~~~~
| | |
| | (10) following ‘true’ branch...
name.c:1083:9: note: in expansion of macro ‘REQUIRE’
| 1083 | REQUIRE(ISC_BUFFER_VALID(source));
| | ^~~~~~~
|
‘dns_name_fromtext’: event 11
|
|../../lib/isc/include/isc/util.h:287:20:
| 287 | #define REQUIRE(e) assert(e)
| | ^~~~~~
| | |
| | (11) ...to here
name.c:1084:9: note: in expansion of macro ‘REQUIRE’
| 1084 | REQUIRE((target != NULL && ISC_BUFFER_VALID(target)) ||
| | ^~~~~~~
|
‘dns_name_fromtext’: event 12
|
|../../lib/isc/include/isc/util.h:287:20:
| 287 | #define REQUIRE(e) assert(e)
| | ^~~~~~
| | |
| | (12) following ‘false’ branch (when ‘target’ is NULL)...
name.c:1084:9: note: in expansion of macro ‘REQUIRE’
| 1084 | REQUIRE((target != NULL && ISC_BUFFER_VALID(target)) ||
| | ^~~~~~~
|
‘dns_name_fromtext’: event 13
|
| 1084 | REQUIRE((target != NULL && ISC_BUFFER_VALID(target)) ||
| | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~
| | |
| | (13) ...to here
| 1085 | (target == NULL && ISC_BUFFER_VALID(name->buffer)));
| | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
name.c:1084:9: note: in expansion of macro ‘REQUIRE’
| 1084 | REQUIRE((target != NULL && ISC_BUFFER_VALID(target)) ||
| | ^~~~~~~
|
‘dns_name_fromtext’: event 14
|
| 1084 | REQUIRE((target != NULL && ISC_BUFFER_VALID(target)) ||
| | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~
| | |
| | (14) following ‘true’ branch...
| 1085 | (target == NULL && ISC_BUFFER_VALID(name->buffer)));
| | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
name.c:1084:9: note: in expansion of macro ‘REQUIRE’
| 1084 | REQUIRE((target != NULL && ISC_BUFFER_VALID(target)) ||
| | ^~~~~~~
|
‘dns_name_fromtext’: events 15-17
|
| 1087 | downcase = ((options & DNS_NAME_DOWNCASE) != 0);
| | ^~~~~~~~
| | |
| | (15) ...to here
| 1088 |
| 1089 | if (target == NULL && name->buffer != NULL) {
| | ~
| | |
| | (16) following ‘true’ branch...
| 1090 | target = name->buffer;
| | ~~~~~~
| | |
| | (17) ...to here
|
‘dns_name_fromtext’: event 18
|
|../../lib/isc/include/isc/util.h:287:20:
| 287 | #define REQUIRE(e) assert(e)
| | ^~~~~~
| | |
| | (18) following ‘true’ branch...
name.c:1094:9: note: in expansion of macro ‘REQUIRE’
| 1094 | REQUIRE(BINDABLE(name));
| | ^~~~~~~
|
‘dns_name_fromtext’: event 19
|
| 96 | if ((name)->offsets != NULL) \
| | ^~
| | |
| | (19) ...to here
name.c:1096:9: note: in expansion of macro ‘INIT_OFFSETS’
| 1096 | INIT_OFFSETS(name, offsets, odata);
| | ^~~~~~~~~~~~
|
‘dns_name_fromtext’: events 20-26
|
| 1120 | while (nrem > 0 && tlen > 0 && !done) {
| | ~~~~~~~~~~~~~~~~~~~~~^~~~~~~~
| | |
| | (20) following ‘true’ branch...
| | (21) ...to here
| | (22) following ‘false’ branch (when ‘done == 0’)...
| 1121 | c = *tdata++;
| | ~
| | |
| | (23) ...to here
|......
| 1125 | switch (state) {
| | ~~~~~~
| | |
| | (24) following ‘case 0:’ branch...
| 1126 | case ft_init:
| | ~~~~
| | |
| | (25) ...to here
|......
| 1141 | if (c == '@' && tlen == 0) {
| | ~
| | |
| | (26) following ‘true’ branch...
|
‘dns_name_fromtext’: event 27
|
|cc1:
| (27): ...to here
|
‘dns_name_fromtext’: events 28-42
|
|
```
June 2021 (9.11.33, 9.11.33-S1, 9.16.17/9.16.18, 9.16.17-S1/9.16.18-S1, 9.17.14/9.17.15)
https://gitlab.isc.org/isc-projects/bind9/-/issues/2700
Accepting TCP connection failed: socket is not connected
2021-12-02T13:20:43Z
Chuck Stearns
Accepting TCP connection failed: socket is not connected
Latency, dropped connections, and degraded performance through various minor versions of the 9.16 branch.
Latency, dropped connections, and degraded performance through various minor versions of the 9.16 branch.
December 2021 (9.16.24, 9.16.24-S1, 9.17.21)
https://gitlab.isc.org/isc-projects/bind9/-/issues/2699
RNDC - how feasible is it to have it report when a change needs a daemon rest...
2021-05-17T12:58:50Z
Chuck Stearns
RNDC - how feasible is it to have it report when a change needs a daemon restart?
### Description
Changes made with rndc affect the running config, but some changes still require a daemon restart in order to take effect, but there is no reporting of that in rndc's output.
### Request
Perhaps a stderr or part of `rn...
### Description
Changes made with rndc affect the running config, but some changes still require a daemon restart in order to take effect, but there is no reporting of that in rndc's output.
### Request
Perhaps a stderr or part of `rndc status` suggesting that the running and static configs are in sync and/or whether or not a daemon restart is necessary.
### Links / references
https://gitlab.isc.org/isc-projects/bind9/-/issues/2698
Issues with cppcheck 2.4.1, 2.5
2022-01-11T14:25:31Z
Michał Kępień
Issues with cppcheck 2.4.1, 2.5
cppcheck 2.4.1 is now available, but, while it fixes one of the issues
with cppcheck 2.3, it also introduces a new set of false positives we
would have to deal with. IMHO we should skip updating to this version
for the time being.
---
...
cppcheck 2.4.1 is now available, but, while it fixes one of the issues
with cppcheck 2.3, it also introduces a new set of false positives we
would have to deal with. IMHO we should skip updating to this version
for the time being.
---
cppcheck 2.4.1 triggers the following type of false positives:
```
lib/isc/netaddr.c:274:8: warning: The address of local variable 'in' might be accessed at non-zero index. [objectIndex]
if (p[i] != 0xFF) {
^
lib/isc/netaddr.c:263:30: note: Address of variable taken here.
p = (const unsigned char *)&s->type.in;
^
lib/isc/netaddr.c:274:8: note: The address of local variable 'in' might be accessed at non-zero index.
if (p[i] != 0xFF) {
^
```
The affected files are:
- `bin/dnssec/dnssec-cds.c`
- `lib/dns/ecs.c`
- `lib/dns/resolver.c`
- `lib/isc/netaddr.c`
- `lib/ns/client.c`
It seems that cppcheck gets confused about data sizes when structure
pointers are explicitly cast.
Multiple upstream reports about similar issues are already opened:
- https://trac.cppcheck.net/ticket/10133
- https://trac.cppcheck.net/ticket/10213
- https://trac.cppcheck.net/ticket/10154
- https://trac.cppcheck.net/ticket/10156
None of the above problems have yet been resolved in cppcheck's `main`
branch, therefore I did not bother to create yet another upstream issue
for this. I suggest we wait and see what happens in future cppcheck
releases.
---
[Upstream commit c267d85640523c045c7d43ba7ce9c0f305423c5d][1] triggers
the following type of false positives:
```
lib/isc/base64.c:119:10: warning: Either the condition 'ctx->digits==4' is redundant or the array 'ctx->val[4]' is accessed at index 4, which is out of bounds. [arrayIndexOutOfBoundsCond]
ctx->val[ctx->digits++] = (int)(s - base64);
^
lib/isc/base64.c:120:18: note: Assuming that condition 'ctx->digits==4' is not redundant
if (ctx->digits == 4) {
^
lib/isc/base64.c:119:10: note: Array index out of bounds
ctx->val[ctx->digits++] = (int)(s - base64);
^
```
The affected files are:
- `lib/isc/base64.c`
- `lib/isc/base32.c`
- `lib/isc/hex.c`
I [reported this upstream][2] because it is still not addressed in
cppcheck's development branch.
[1]: https://github.com/danmar/cppcheck/commit/c267d85640523c045c7d43ba7ce9c0f305423c5d
[2]: https://sourceforge.net/p/cppcheck/discussion/general/thread/128272da00/
January 2022 (9.16.25, 9.16.25-S1, 9.17.22)
Michał Kępień
Michał Kępień
https://gitlab.isc.org/isc-projects/bind9/-/issues/2697
Further taskmgr refactoring
2022-03-01T09:56:48Z
Ondřej Surý
Further taskmgr refactoring
Just dumping notes/ideas:
* schedule events directly onto the worker loops, not tasks
* thus events will have to attach to task (or just reference count running events)
* as the last event schedule conditional task cleanup (move the logi...
Just dumping notes/ideas:
* schedule events directly onto the worker loops, not tasks
* thus events will have to attach to task (or just reference count running events)
* as the last event schedule conditional task cleanup (move the logic from task_run there)
* use isc_queue_t to store task events instead of locked LIST to remove contention
This should further simplify the taskmgr logic.
Not planned
Ondřej Surý
Ondřej Surý
https://gitlab.isc.org/isc-projects/bind9/-/issues/2696
Misleading diagnostic in update_soa_serial indicates BIND will use increment ...
2021-05-24T13:58:17Z
JP Mens
Misleading diagnostic in update_soa_serial indicates BIND will use increment but it doesn't
It seems to me there's a misleading (or inaccurate) diagnostic reported by BIND 9.17.11 configured with inline-signing:
```
zone "example" IN {
type master;
file "example";
auto-dnssec maintain;
inline-s...
It seems to me there's a misleading (or inaccurate) diagnostic reported by BIND 9.17.11 configured with inline-signing:
```
zone "example" IN {
type master;
file "example";
auto-dnssec maintain;
inline-signing yes;
serial-update-method date;
};
```
Upon launching named in the foreground (`named -g`) it reports the new serial would be lower than old serial, but I don't see that occurring.
Here named loads the unsigned zone with SOA serial `1`:
```
14-May-2021 12:46:23.485 zone example/IN (unsigned): loaded serial 1
14-May-2021 12:42:33.648 zone example/IN (signed): loaded serial 1
14-May-2021 12:42:33.649 zone example/IN (signed): receive_secure_serial: unchanged
14-May-2021 12:42:33.649 zone example/IN (signed): reconfiguring zone keys
14-May-2021 12:42:33.655 zone example/IN (signed): next key event: 14-May-2021 13:42:33.649
14-May-2021 12:42:33.662 zone example/IN (signed): update_soa_serial:new serial would be lower than old serial, using increment method instead
```
Querying the SOA, I see a reasonable-looking SOA serial:
```
example. 86400 IN SOA localhost. jp. 2021051401 10800 3600 604800 3600
```
When the unsigned zone is loaded with serial `2021051483`, the following diagnostic message is printed:
```
14-May-2021 12:44:41.265 zone example/IN (unsigned): loaded serial 2021051483
14-May-2021 12:44:41.266 zone example/IN (signed): loaded serial 2021051483
14-May-2021 12:44:41.267 zone example/IN (signed): receive_secure_serial: unchanged
14-May-2021 12:44:41.269 zone example/IN (signed): update_soa_serial:new serial would be lower than old serial, using increment method instead
14-May-2021 12:44:41.272 zone example/IN (signed): next key event: 14-May-2021 13:44:41.267
14-May-2021 12:44:41.279 zone example/IN (signed): update_soa_serial:new serial would be lower than old serial, using increment method instead
```
and querying that zone's SOA shows me:
```
example. 86400 IN SOA localhost. jp. 2021051485 10800 3600 604800 3600
```
In both cases the value I specified as SOA serial in the unsigned zone has been correctly set to a date.
June 2021 (9.11.33, 9.11.33-S1, 9.16.17/9.16.18, 9.16.17-S1/9.16.18-S1, 9.17.14/9.17.15)
Mark Andrews
Mark Andrews
https://gitlab.isc.org/isc-projects/bind9/-/issues/2695
Launchpad PPA for Ubuntu 21.04 (Hirsute Hippo)
2021-06-09T15:18:42Z
Tobias Günther
Launchpad PPA for Ubuntu 21.04 (Hirsute Hippo)
Similar to https://gitlab.isc.org/isc-projects/bind9/-/issues/1294 and https://gitlab.isc.org/isc-projects/bind9/-/issues/1801 I would like to request the release in the repository for the now released Ubuntu 21.04 codenamed: "hirsute hi...
Similar to https://gitlab.isc.org/isc-projects/bind9/-/issues/1294 and https://gitlab.isc.org/isc-projects/bind9/-/issues/1801 I would like to request the release in the repository for the now released Ubuntu 21.04 codenamed: "hirsute hippo"
Again, thanks for the great work!
Are these kind of "Issues" desired, or is this tracked already somewhere ?
July 2021 (9.11.34, 9.11.34-S1, 9.16.19, 9.16.19-S1, 9.17.16)
Ondřej Surý
Ondřej Surý
https://gitlab.isc.org/isc-projects/bind9/-/issues/2694
Drop seq command from views/tests.sh
2021-05-19T14:56:20Z
Michal Nowak
Drop seq command from views/tests.sh
`seq` is not present on OpenBSD and should be replaced with something else.
```
bin/tests/system/views/tests.sh:for i in `seq 1 50`; do
```
`seq` is not present on OpenBSD and should be replaced with something else.
```
bin/tests/system/views/tests.sh:for i in `seq 1 50`; do
```
June 2021 (9.11.33, 9.11.33-S1, 9.16.17/9.16.18, 9.16.17-S1/9.16.18-S1, 9.17.14/9.17.15)
Michal Nowak
Michal Nowak
https://gitlab.isc.org/isc-projects/bind9/-/issues/2693
Add py.test to the list of tested pytest names
2021-05-17T09:30:35Z
Michal Nowak
Add py.test to the list of tested pytest names
pytest is not being detected on OpenBSD 6.9:
```
checking for pytest-3... no
checking for py.test-3... no
checking for pytest... no
checking for pytest-pypy... no
configure: WARNING: pytest not found, some system tests will be skipped
``...
pytest is not being detected on OpenBSD 6.9:
```
checking for pytest-3... no
checking for py.test-3... no
checking for pytest... no
checking for pytest-pypy... no
configure: WARNING: pytest not found, some system tests will be skipped
```
It works for OpenBSD 6.8:
```
checking for pytest-3... no
checking for py.test-3... /usr/local/bin/py.test-3
```
It seems that pytest was renamed from `py.test-3` to `py.test`. (This might be the [change](https://github.com/openbsd/ports/commit/248932be7402afca2547890b0036909453504f48).)
The `configure.ac` check needs to be updated to detect `py.test`:
```
checking for pytest-3... no
checking for py.test... /usr/local/bin/py.test
```
This works:
```patch
diff --git a/configure.ac b/configure.ac
index 2518969534..9157c8bc01 100644
--- a/configure.ac
+++ b/configure.ac
@@ -303,7 +303,7 @@ AM_CONDITIONAL([HAVE_PERLMOD_TIME_HIRES],
AM_PATH_PYTHON([3.4], [], [:])
AM_CONDITIONAL([HAVE_PYTHON], [test "$PYTHON" != ":"])
-AC_PATH_PROGS([PYTEST], [pytest-3 py.test-3 pytest pytest-pypy], [])
+AC_PATH_PROGS([PYTEST], [pytest-3 py.test py.test-3 pytest pytest-pypy], [])
AS_IF([test -z "$PYTEST"],
[AC_MSG_WARN([pytest not found, some system tests will be skipped])])
AC_SUBST([PYTEST])
```
June 2021 (9.11.33, 9.11.33-S1, 9.16.17/9.16.18, 9.16.17-S1/9.16.18-S1, 9.17.14/9.17.15)
Michal Nowak
Michal Nowak
https://gitlab.isc.org/isc-projects/bind9/-/issues/2692
grep from FreeBSD 13.0 stumbles on '\r' in digdelv test
2021-05-17T11:38:35Z
Michal Nowak
grep from FreeBSD 13.0 stumbles on '\r' in digdelv test
grep from FreeBSD 13.0 stumbles on `\r` in the digdelv system test:
```
I:digdelv:check that dig +bufsize=0 +edns sends EDNS with bufsize of 0 (81)
grep: trailing backslash (\)
I:digdelv:failed
```
This is because, according to FreeBSD 1...
grep from FreeBSD 13.0 stumbles on `\r` in the digdelv system test:
```
I:digdelv:check that dig +bufsize=0 +edns sends EDNS with bufsize of 0 (81)
grep: trailing backslash (\)
I:digdelv:failed
```
This is because, according to FreeBSD 13.0 [release notes](https://www.freebsd.org/releases/13.0R/relnotes/), FreeBSD 13.0 uses BSD grep instead of GNU grep:
> The BSD version of grep(1) is now installed by default. The obsolete GNU version that was the previous default has been removed. 8aff76fb37b5, 47d1ad2413da
Which also recently dropped support for escape codes:
> The regex(3) function no longer accepts redundant escapes for most ordinary characters. This will cause applications such as sed(1) and grep(1) to reject regular expressions using these escapes. adeebf4cd47c
```
[newman@freebsd13 ~/bind9/bin/tests/system]$ grep -E 'EDNS:.* udp: 0\r{0,1}$' digdelv/dig.out.test81
grep: trailing backslash (\)
[newman@freebsd13 ~/bind9/bin/tests/system]$ /usr/local/bin/grep -E 'EDNS:.* udp: 0\r{0,1}$' digdelv/dig.out.test81
; EDNS: version: 0, flags:; udp: 0
```
`grep` from FreeBSD [11.4](https://gitlab.isc.org/isc-projects/bind9/-/jobs/1710615#L3401) and [12.2](https://gitlab.isc.org/isc-projects/bind9/-/jobs/1710616#L3486) does not exhibit this problem, because it's actually GNU grep 2.5.
This appears to be the fix:
```patch
diff --git a/bin/tests/system/digdelv/tests.sh b/bin/tests/system/digdelv/tests.sh
index 099e08e87e..9d1f5171d5 100644
--- a/bin/tests/system/digdelv/tests.sh
+++ b/bin/tests/system/digdelv/tests.sh
@@ -975,7 +975,8 @@ if [ -x "$DIG" ] ; then
echo_i "check that dig +bufsize=0 +edns sends EDNS with bufsize of 0 ($n)"
ret=0
dig_with_opts @10.53.0.3 a.example +bufsize=0 +edns +qr > dig.out.test$n 2>&1 || ret=1
- grep -E 'EDNS:.* udp: 0\r{0,1}$' dig.out.test$n > /dev/null|| ret=1
+ pat='EDNS:.* udp: 0{0,1}$'
+ tr -d '\r' < dig.out.test$n | grep -E "$pat" > /dev/null || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
status=$((status+ret))
```
June 2021 (9.11.33, 9.11.33-S1, 9.16.17/9.16.18, 9.16.17-S1/9.16.18-S1, 9.17.14/9.17.15)
Michal Nowak
Michal Nowak
https://gitlab.isc.org/isc-projects/bind9/-/issues/2691
Remove native PKCS#11 support from BIND 9.17/9.18+
2022-01-19T11:20:49Z
Ondřej Surý
Remove native PKCS#11 support from BIND 9.17/9.18+
This a tracking issue to remove the native PKCS#11 implementation from BIND 9 source code (including the documentation).
This a tracking issue to remove the native PKCS#11 implementation from BIND 9 source code (including the documentation).
October 2021 (9.11.36, 9.11.36-S1, 9.16.22, 9.16.22-S1, 9.17.19)
Ondřej Surý
Ondřej Surý
https://gitlab.isc.org/isc-projects/bind9/-/issues/2690
Remove Windows support for BIND 9.17/9.18+
2022-01-21T13:43:04Z
Ondřej Surý
Remove Windows support for BIND 9.17/9.18+
This is a tracking issue to remove the Windows port from BIND 9 source code for the next stable release.
This is a tracking issue to remove the Windows port from BIND 9 source code for the next stable release.
July 2021 (9.11.34, 9.11.34-S1, 9.16.19, 9.16.19-S1, 9.17.16)
Ondřej Surý
Ondřej Surý