BIND merge requestshttps://gitlab.isc.org/isc-projects/bind9/-/merge_requests2024-02-24T08:14:32Zhttps://gitlab.isc.org/isc-projects/bind9/-/merge_requests/8509[9.16] Draft: Resolve "Change system tests to not use dnssec-validation auto"2024-02-24T08:14:32ZMark Andrews[9.16] Draft: Resolve "Change system tests to not use dnssec-validation auto"Backport of !8511
Closes #4402Backport of !8511
Closes #4402May 2024 (9.18.27, 9.18.27-S1, 9.19.24)https://gitlab.isc.org/isc-projects/bind9/-/merge_requests/8700suppress ASAN leak reports when aborting early2024-02-07T22:49:54ZEvan Huntsuppress ASAN leak reports when aborting earlythe address sanitizer reports memory leaks on shutdown, but
this can be inappropriate when `named` exits early; for example,
because of a configuration error. memory that has been allocated
for the server may not have been freed when ex...the address sanitizer reports memory leaks on shutdown, but
this can be inappropriate when `named` exits early; for example,
because of a configuration error. memory that has been allocated
for the server may not have been freed when exit() is reached, but
since this is not a normal shutdown, we don't actually care.
by changing ASAN_OPTIONS to include leak_check_on_exit=0, we suppress
the behavior of checking for leaks whenever the server exits. by adding
an explicit call to __lsan_do_leak_check() at the end of main(), we
ensure that the leak check does occur when we shut down normally.March 2024 (9.16.49, 9.16.49-S1, 9.18.25, 9.18.25-S1, 9.19.22)Evan HuntEvan Hunthttps://gitlab.isc.org/isc-projects/bind9/-/merge_requests/8617Draft: Resolve "Handle multiple NSEC3PARAM records in tests"2024-01-02T22:41:27ZMark AndrewsDraft: Resolve "Handle multiple NSEC3PARAM records in tests"Closes #4516Closes #4516January 2024 (9.16.46, 9.16.46-S1, 9.18.22, 9.18.22-S1, 9.19.20) (❗RECALLED❗)https://gitlab.isc.org/isc-projects/bind9/-/merge_requests/8340Draft: Check unexpected files created during system test run2023-12-06T10:04:24ZTom KrizekDraft: Check unexpected files created during system test runThis is a work-in-progress MR to demonstrate a possible solution for #4261. I'd like to get your opinion on whether this approach and added maintenance burden is really worth the feature to detect unexpected test artifacts.
The proposed...This is a work-in-progress MR to demonstrate a possible solution for #4261. I'd like to get your opinion on whether this approach and added maintenance burden is really worth the feature to detect unexpected test artifacts.
The proposed solution utilizes `.gitignore` files to ignore the expected test artifacts. However, this gets ugly quick, because the tests are already executed inside temporary directories which are ignored by git. This necessitates a creation of yet-another temporary directory and re-creating the file structure inside it, see f83786981fc71ad48216d3f85a6c8435ac1ed2f4.
Another issue/feature is that all .gitignore files up to git root are taken into account. This can be both useful (like placing some common patterns like `named.conf` into `bin/tests/system/.gitignore`) but also confusing (why does there need to be a test-specific rule for `ans.run.prev`, but not `ans.run`?).
Since it's a git mechanism, new `pygit2` dependency is required (otherwise the check is skipped). Also, it only works in git tree.
Finally, each test has to have its `clean.sh` reworked into `.gitignore` instead. Sometimes the `.gitignore` turns out fairly [simple](c7ca1f720c53b1067d925448db3430ee33ed11d3), othertimes [not so much](c19b550d147abd2904b40e1e37d8ccdfa1bceb62).
Backporting this to ~"v9.18" would also slightly cripple the legacy runner, since `clean.sh` would no longer work and `git clean` would have to be used instead. On the other hand, _not backporting_ this would be even a bigger nightmare, since that would create a fairly significant difference between the test files and any future `.gitignore` vs `clean.sh` conflicts would have to be resolved during every affected ~"v9.18" test backport, creating additional maintenance burden.
---
After spelling all of this out, I really think it's better to abandon the ability to detect unexpected test files and go with the simpler and cleaner solution - tests are already executed in temporary directories, so we could simply drop the `clean.sh` scripts for the pytest runner and not bother with listing all the test artifacts.BIND 9.19.xhttps://gitlab.isc.org/isc-projects/bind9/-/merge_requests/8539[9.16] Improve assert messages in pytests2023-12-05T15:29:13ZTom Krizek[9.16] Improve assert messages in pytestsBackport of MR !8518
Closes #4452Backport of MR !8518
Closes #4452December 2023 (9.18.21, 9.18.21-S1, 9.19.19)Tom KrizekTom Krizekhttps://gitlab.isc.org/isc-projects/bind9/-/merge_requests/8377Draft: Resolve "Undefined behaviours detected by LLVM 17 (noop_accept_cb, dns...2023-10-16T09:45:59ZMark AndrewsDraft: Resolve "Undefined behaviours detected by LLVM 17 (noop_accept_cb, dns__nta_shutdown_cb)"Closes #4360Closes #4360November 2023 (9.16.45, 9.16.45-S1, 9.18.20, 9.18.20-S1, 9.19.18)https://gitlab.isc.org/isc-projects/bind9/-/merge_requests/4114Implement distcheck2023-07-25T18:46:27ZMichal NowakImplement distcheckRunning the `distcheck` target in the `tarball-create` job adds a system test run and makes it slightly weird to have it in the `precheck` CI stage. I could move it to the `system` stage with some artifacts magic, but it also feels weird...Running the `distcheck` target in the `tarball-create` job adds a system test run and makes it slightly weird to have it in the `precheck` CI stage. I could move it to the `system` stage with some artifacts magic, but it also feels weird to have it there as the `distcheck` target is very relevant to tarball creation.
Closes #1880August 2023 (9.16.43, 9.16.43-S1, 9.18.18, 9.18.18-S1, 9.19.16)Michal NowakMichal Nowakhttps://gitlab.isc.org/isc-projects/bind9/-/merge_requests/7795Enable dig retries in legacy system test2023-04-06T08:09:56ZMichal NowakEnable dig retries in legacy system testThis change partially reverts 47b850348cbc2961bc44eb31c05cd620e5fc35f0,
which made `+tries=1 +time=2` the default dig options to speed up dig
timeouts because several timeouts are expected in the `legacy` test.
Test runtime was more than...This change partially reverts 47b850348cbc2961bc44eb31c05cd620e5fc35f0,
which made `+tries=1 +time=2` the default dig options to speed up dig
timeouts because several timeouts are expected in the `legacy` test.
Test runtime was more than halved as a result. However, defaulting to
`+tries=1` prevents dig from retrying, which is not helpful when the
system is under a high load. We can keep the decreased test runtime
while letting most dig instances retry if we disable retry only when dig
is expected to fail.
Closes #3916April 2023 (9.16.40, 9.16.40-S1, 9.18.14, 9.18.14-S1, 9.19.12)Michal NowakMichal Nowakhttps://gitlab.isc.org/isc-projects/bind9/-/merge_requests/7089Random selection of DEFAULT_ALGORITHM in system tests at runtime [v9_16] (att...2022-12-22T15:35:30ZTom KrizekRandom selection of DEFAULT_ALGORITHM in system tests at runtime [v9_16] (attempt 2)Related #3503
- [x] Pre-requisite: https://gitlab.isc.org/isc-projects/images/-/merge_requests/205
---
This is a refined backport of https://gitlab.isc.org/isc-projects/bind9/-/merge_requests/6989, which was later reverted in https://...Related #3503
- [x] Pre-requisite: https://gitlab.isc.org/isc-projects/images/-/merge_requests/205
---
This is a refined backport of https://gitlab.isc.org/isc-projects/bind9/-/merge_requests/6989, which was later reverted in https://gitlab.isc.org/isc-projects/bind9/-/merge_requests/7019 due to a CI issue on windows.
In addition, this MR also backports changes from https://gitlab.isc.org/isc-projects/bind9/-/merge_requests/7059 .
Finally, there are a couple of 9.16-specific commits which address the windows CI issue (3ebf02d5ab9b408f4e94e6045b3be7e99be29cbd) and a benign `./configure` issue (bee2f7c6a9ae99954da466567dfd6ff40da72ed8).January 2023 (9.16.37, 9.16.37-S1, 9.18.11, 9.18.11-S1, 9.19.9)https://gitlab.isc.org/isc-projects/bind9/-/merge_requests/7175Make the dns_name_fromwire fuzz test self-contained2022-12-07T10:05:17ZOndřej SurýMake the dns_name_fromwire fuzz test self-containedThe way how we build the fuzz tests in the oss-fuzz project prevent us
from having multiple source files for each fuzz tests, and it's easier
to make them self-contained than tweak the already hairy build script
in the oss-fuzz project.The way how we build the fuzz tests in the oss-fuzz project prevent us
from having multiple source files for each fuzz tests, and it's easier
to make them self-contained than tweak the already hairy build script
in the oss-fuzz project.December 2022 (9.16.36, 9.16.36-S1, 9.18.10, 9.19.8)Ondřej SurýOndřej Surýhttps://gitlab.isc.org/isc-projects/bind9/-/merge_requests/7014Draft: [v9_16] Disable algorithm randomization for system tests on Windows2022-11-16T16:46:46ZTom KrizekDraft: [v9_16] Disable algorithm randomization for system tests on WindowsOur images with Windows lack python - do not execute get_algorithms.py
there to avoid issues.
verified in pipeline: https://gitlab.isc.org/isc-projects/bind9/-/pipelines/119212
This fixes an issue introduced with a 9.16 backport of htt...Our images with Windows lack python - do not execute get_algorithms.py
there to avoid issues.
verified in pipeline: https://gitlab.isc.org/isc-projects/bind9/-/pipelines/119212
This fixes an issue introduced with a 9.16 backport of https://gitlab.isc.org/isc-projects/bind9/-/merge_requests/6994
Related #3503December 2022 (9.16.36, 9.16.36-S1, 9.18.10, 9.19.8)Tom KrizekTom Krizekhttps://gitlab.isc.org/isc-projects/bind9/-/merge_requests/6991[CVE-2022-2881] test for growth of compressed pipelined responses [v9_16]2022-10-27T12:42:32ZTom Krizek[CVE-2022-2881] test for growth of compressed pipelined responses [v9_16]Backport of MR !6933
Closes #3493Backport of MR !6933
Closes #3493November 2022 (9.16.35, 9.16.35-S1, 9.18.9, 9.19.7)Tom KrizekTom Krizekhttps://gitlab.isc.org/isc-projects/bind9/-/merge_requests/6883Remove system test stress2022-10-19T14:59:09ZTom KrizekRemove system test stressThere are multiple reasons to remove this test as obsolete:
- The test has no clear failure condition and always succeeds.
- It isn't clear what is the test purpose and what's it's supposed to
test.
- It isn't part of the test suite e...There are multiple reasons to remove this test as obsolete:
- The test has no clear failure condition and always succeeds.
- It isn't clear what is the test purpose and what's it's supposed to
test.
- It isn't part of the test suite either in CI or locally unless it is
explicitly enabled. As a result, there are many issues which prevent
the test from being executed caused by various refactoring efforts
accumulated over time.
- The test has probably never been executed in automated manner, since
it's not part of the default test suite for over 20 years (see
ddec026ff9971e712ac79e24fffd2372d5c238e3).November 2022 (9.16.35, 9.16.35-S1, 9.18.9, 9.19.7)Tom KrizekTom Krizekhttps://gitlab.isc.org/isc-projects/bind9/-/merge_requests/5597Draft: Resolve "Move setting of @SO@ to copy_setports"2022-09-29T10:02:18ZMark AndrewsDraft: Resolve "Move setting of @SO@ to copy_setports"Closes #3027Closes #3027Not plannedMark AndrewsMark Andrewshttps://gitlab.isc.org/isc-projects/bind9/-/merge_requests/6402Draft: EXP: doth test: increase timeout for xfr checks expected to pass2022-09-23T16:06:37ZArtem BoldarievDraft: EXP: doth test: increase timeout for xfr checks expected to passThis commit increases timeout for XoT checks expected to succeed and
decreases it for checks expected to fail (to not wait for too long).
Closes #3337This commit increases timeout for XoT checks expected to succeed and
decreases it for checks expected to fail (to not wait for too long).
Closes #3337Not plannedArtem BoldarievArtem Boldarievhttps://gitlab.isc.org/isc-projects/bind9/-/merge_requests/6675Resolve "DNSSEC awk test is not precise enough"2022-08-18T08:00:41ZArаm SаrgsyаnResolve "DNSSEC awk test is not precise enough"The `/IN *SOA/` regular expression can give a false positive match. For example, the following line matches, which is unexpected for the test:
example. 60 IN DNSKEY 257 3 13 oCFm3P5uMtWuqXqbyUUlHHNgjCztzASAFhXUlnnudcYkYmNwO...The `/IN *SOA/` regular expression can give a false positive match. For example, the following line matches, which is unexpected for the test:
example. 60 IN DNSKEY 257 3 13 oCFm3P5uMtWuqXqbyUUlHHNgjCztzASAFhXUlnnudcYkYmNwOwYm6jah RewD1COujT/Lj2+JyKDV3sFRrINSOA==
It detects the "INSOA" sub-string in the base64-encoded data.
Change the regular expression to make it more precise.
Closes #3494September 2022 (9.16.33, 9.16.33-S1, 9.18.7, 9.19.5)https://gitlab.isc.org/isc-projects/bind9/-/merge_requests/5772keyfromlabel system test (9.16)2022-07-25T11:01:27ZMatthijs Mekkingmatthijs@isc.orgkeyfromlabel system test (9.16)Note that 9.16 also still supports native PKCS#11. The documentation in this version does not cover the `engine_pkcs11` approach and thus these parts of #3092 are not backported.Note that 9.16 also still supports native PKCS#11. The documentation in this version does not cover the `engine_pkcs11` approach and thus these parts of #3092 are not backported.March 2022 (9.11.37, 9.11.37-S1, 9.16.27, 9.16.27-S1, 9.18.1)Matthijs Mekkingmatthijs@isc.orgMatthijs Mekkingmatthijs@isc.orghttps://gitlab.isc.org/isc-projects/bind9/-/merge_requests/6437Draft: Workaround broken d2i_ASN1_OBJECT2022-06-16T06:06:28ZMark AndrewsDraft: Workaround broken d2i_ASN1_OBJECTCloses #3334Closes #3334July 2022 (9.16.31, 9.16.31-S1, 9.18.5, 9.19.3)Mark AndrewsMark Andrewshttps://gitlab.isc.org/isc-projects/bind9/-/merge_requests/6058[CVE-2022-0635] Add regression test2022-04-01T13:06:12ZMichal Nowak[CVE-2022-0635] Add regression testCloses #3150Closes #3150April 2022 (9.16.28, 9.16.28-S1, 9.18.2, 9.19.0)Michal NowakMichal Nowakhttps://gitlab.isc.org/isc-projects/bind9/-/merge_requests/4528System test fixes2022-02-22T15:31:23ZPetr Špačekpspacek@isc.orgSystem test fixesNot plannedPetr Špačekpspacek@isc.orgPetr Špačekpspacek@isc.org