BIND merge requestshttps://gitlab.isc.org/isc-projects/bind9/-/merge_requests2022-01-11T14:41:54Zhttps://gitlab.isc.org/isc-projects/bind9/-/merge_requests/5651[v9_16] Add Alpine Linux 3.152022-01-11T14:41:54ZMichal Nowak[v9_16] Add Alpine Linux 3.15(cherry picked from commit d43127a3879f9198fbdf31b8fbe48c07e0a55ce8)(cherry picked from commit d43127a3879f9198fbdf31b8fbe48c07e0a55ce8)January 2022 (9.16.25, 9.16.25-S1, 9.17.22)Michal NowakMichal Nowakhttps://gitlab.isc.org/isc-projects/bind9/-/merge_requests/5649Enable regular pipeline jobs to be triggered from Gitlab API [v9_16]2021-12-16T15:22:08ZPetr Špačekpspacek@isc.orgEnable regular pipeline jobs to be triggered from Gitlab API [v9_16]Backport of MR !5648Backport of MR !5648January 2022 (9.16.25, 9.16.25-S1, 9.17.22)Petr Špačekpspacek@isc.orgPetr Špačekpspacek@isc.orghttps://gitlab.isc.org/isc-projects/bind9/-/merge_requests/5648Enable regular pipeline jobs to be triggered from Gitlab API2022-01-11T14:41:20ZPetr Špačekpspacek@isc.orgEnable regular pipeline jobs to be triggered from Gitlab APIJanuary 2022 (9.16.25, 9.16.25-S1, 9.17.22)Petr Špačekpspacek@isc.orgPetr Špačekpspacek@isc.orghttps://gitlab.isc.org/isc-projects/bind9/-/merge_requests/5647Add CI variable IMAGE_SUFFIX to augment Docker image path2021-12-16T14:00:03ZPetr Špačekpspacek@isc.orgAdd CI variable IMAGE_SUFFIX to augment Docker image pathJanuary 2022 (9.16.25, 9.16.25-S1, 9.17.22)https://gitlab.isc.org/isc-projects/bind9/-/merge_requests/5646Reduce freemax values for dns_message mempools2022-01-20T10:21:45ZOndřej SurýReduce freemax values for dns_message mempoolsIt was discovered that NAME_FREEMAX and RDATASET_FREEMAX was based on
the NAME_FILLCOUNT and RDATASET_FILLCOUNT respectively multiplied by 8
and then when used in isc_mempool_setfreemax, the value would be again
multiplied by 32.
Keep t...It was discovered that NAME_FREEMAX and RDATASET_FREEMAX was based on
the NAME_FILLCOUNT and RDATASET_FILLCOUNT respectively multiplied by 8
and then when used in isc_mempool_setfreemax, the value would be again
multiplied by 32.
Keep the 8 multiplier in the #define and remove the 32 multiplier as it
was kept in error. The default fillcount can fit 99.99% of the requests
under normal circumstances, so we don't need to keep that many free
items on the mempool.
Closes #2398January 2022 (9.16.25, 9.16.25-S1, 9.17.22)Ondřej SurýOndřej Surýhttps://gitlab.isc.org/isc-projects/bind9/-/merge_requests/5645Merge 9.16.24 release branch2022-01-11T14:34:17ZPetr Špačekpspacek@isc.orgMerge 9.16.24 release branchJanuary 2022 (9.16.25, 9.16.25-S1, 9.17.22)Petr Špačekpspacek@isc.orgPetr Špačekpspacek@isc.orghttps://gitlab.isc.org/isc-projects/bind9/-/merge_requests/5644Merge 9.17.21 release branch2022-01-11T14:41:39ZPetr Špačekpspacek@isc.orgMerge 9.17.21 release branchJanuary 2022 (9.16.25, 9.16.25-S1, 9.17.22)Petr Špačekpspacek@isc.orgPetr Špačekpspacek@isc.orghttps://gitlab.isc.org/isc-projects/bind9/-/merge_requests/5643Simplify Address Sanitizer tweaks in mem.c2022-01-11T14:44:04ZOndřej SurýSimplify Address Sanitizer tweaks in mem.cPreviously, whole isc_mempool_get() and isc_mempool_set() would be
replaced by simpler version when run with address sanitizer.
Change the code to limit the fillcount to 1 and freemax to 0. This
change will make isc_mempool_get() to al...Previously, whole isc_mempool_get() and isc_mempool_set() would be
replaced by simpler version when run with address sanitizer.
Change the code to limit the fillcount to 1 and freemax to 0. This
change will make isc_mempool_get() to always allocate and use a single
new item and isc_mempool_put() will always return the item to the
allocator.January 2022 (9.16.25, 9.16.25-S1, 9.17.22)Ondřej SurýOndřej Surýhttps://gitlab.isc.org/isc-projects/bind9/-/merge_requests/5642OpenSSL 3.0.1 compatibility (Resolve "EVP_DigestSignFinal needs the buffer le...2022-01-18T12:17:11ZMark AndrewsOpenSSL 3.0.1 compatibility (Resolve "EVP_DigestSignFinal needs the buffer length passed in")Closes #3057Closes #3057January 2022 (9.16.25, 9.16.25-S1, 9.17.22)Mark AndrewsMark Andrewshttps://gitlab.isc.org/isc-projects/bind9/-/merge_requests/5640[v9_16] Drop cppcheck CI job2022-01-11T14:25:48ZMichal Nowak[v9_16] Drop cppcheck CI jobEvery cppcheck update brings the cost of addressing new false positives
in the BIND 9 source code while not reaping any benefits in case of
identified issues with the code.
(cherry picked from commit 654cc61bb93da031c599488102fe162d09b8...Every cppcheck update brings the cost of addressing new false positives
in the BIND 9 source code while not reaping any benefits in case of
identified issues with the code.
(cherry picked from commit 654cc61bb93da031c599488102fe162d09b87fc7)
Closes #2886January 2022 (9.16.25, 9.16.25-S1, 9.17.22)Michal NowakMichal Nowakhttps://gitlab.isc.org/isc-projects/bind9/-/merge_requests/5639Set the clientmgr isc_mem_t context name2022-01-11T14:35:48ZOndřej SurýSet the clientmgr isc_mem_t context nameThe memory context created in the clientmgr context was missing a name,
so it was nameless in the memory context statistics.
Set the clientmgr memory context name to "clientmgr".The memory context created in the clientmgr context was missing a name,
so it was nameless in the memory context statistics.
Set the clientmgr memory context name to "clientmgr".January 2022 (9.16.25, 9.16.25-S1, 9.17.22)https://gitlab.isc.org/isc-projects/bind9/-/merge_requests/5638Resolve #3055 by examining RTM_NEWADDR, RTM_DELADDR messages contents2021-12-20T11:55:45ZArtem BoldarievResolve #3055 by examining RTM_NEWADDR, RTM_DELADDR messages contentsThis commit modifies the NetLink handling code in such a way that the
contents of the messages we are interested in is checked for the local
interfaces changes only. This helps to avoid spurious interface
re-scans.
Closes #3055
~~Poss...This commit modifies the NetLink handling code in such a way that the
contents of the messages we are interested in is checked for the local
interfaces changes only. This helps to avoid spurious interface
re-scans.
Closes #3055
~~Possibly makes fixing #3056 unnecessary.~~
~~*WIP: does not seem to work for IPv6 yet. Adding support for IPv6 by checking `IFA_ADDRESS` additionally to `IFA_LOCAL` changes leads to spurious re-scans again.*~~ Now it does.January 2022 (9.16.25, 9.16.25-S1, 9.17.22)Artem BoldarievArtem Boldarievhttps://gitlab.isc.org/isc-projects/bind9/-/merge_requests/5637Replace locked mempools with memory contexts2022-03-07T16:47:46ZOndřej SurýReplace locked mempools with memory contextsCurrent mempools are kind of hybrid structures - they serve two
purposes:
1. mempool with a lock is basically static sized allocator with
pre-allocated free items
2. mempool without a lock is a doubly-linked list of preallocated ...Current mempools are kind of hybrid structures - they serve two
purposes:
1. mempool with a lock is basically static sized allocator with
pre-allocated free items
2. mempool without a lock is a doubly-linked list of preallocated items
The first kind of usage could be easily replaced with jemalloc small
sized arena objects and thread-local caches.
The second usage not-so-much and we need to keep this (in
libdns:message.c) for performance reasons.
Closes #2398January 2022 (9.16.25, 9.16.25-S1, 9.17.22)https://gitlab.isc.org/isc-projects/bind9/-/merge_requests/5636Recreate HTTPS and TLS interfaces only during reconfiguration2022-01-11T14:19:03ZArаm SаrgsyаnRecreate HTTPS and TLS interfaces only during reconfigurationThe 850e9e59bf8c29f895a981211c72c0b3c294bcfd commit intended to recreate
the HTTPS and TLS interfaces during reconfiguration, but they are being
recreated also during regular interface re-scans.
Make sure the HTTPS and TLS interfaces ar...The 850e9e59bf8c29f895a981211c72c0b3c294bcfd commit intended to recreate
the HTTPS and TLS interfaces during reconfiguration, but they are being
recreated also during regular interface re-scans.
Make sure the HTTPS and TLS interfaces are being recreated only during
reconfiguration.
Closes #3056January 2022 (9.16.25, 9.16.25-S1, 9.17.22)Arаm SаrgsyаnArаm Sаrgsyаnhttps://gitlab.isc.org/isc-projects/bind9/-/merge_requests/5635Reduce the memory used by hazard pointers2022-01-11T15:02:12ZOndřej SurýReduce the memory used by hazard pointersThe hazard pointers implementation was bit of frivolous with memory
usage allocating memory based on maximum constants rather than on the
usage.
Make the retired list bit use exactly the memory needed for specified
number of hazard poin...The hazard pointers implementation was bit of frivolous with memory
usage allocating memory based on maximum constants rather than on the
usage.
Make the retired list bit use exactly the memory needed for specified
number of hazard pointers while avoiding a false sharing at the same
time. This reduced the memory used by hazard pointers to one quarter in
our specific case because we only use single HP in the queue
implementation (as opposed to allocating memory for HP_MAX_HPS = 4).
Cleanup HP_MAX_HPS and HP_THRESHOLD_R constants from the paper, because
we don't use them in the code. HP_THRESHOLD_R was 0, so the check
whether the retired list size was smaller than the value was basically a
dead code.January 2022 (9.16.25, 9.16.25-S1, 9.17.22)Ondřej SurýOndřej Surýhttps://gitlab.isc.org/isc-projects/bind9/-/merge_requests/5634Recreate TLS interfaces during reconfiguration2022-04-05T16:02:29ZArаm SаrgsyаnRecreate TLS interfaces during reconfigurationFor DoH and DoT listeners, a reconfiguration event triggers a creation
of a new 'SSL_CTX' TLS context, and a destruction of the old one.
The network manager, though, keeps using the old context which causes
errors.
During interface sca...For DoH and DoT listeners, a reconfiguration event triggers a creation
of a new 'SSL_CTX' TLS context, and a destruction of the old one.
The network manager, though, keeps using the old context which causes
errors.
During interface scanning, when a matching existing interface is found,
reuse it only when it doesn't have a TLS context, otherwise shut it down
and recreate with a new TLS context.
Closes #3053January 2022 (9.16.25, 9.16.25-S1, 9.17.22)Arаm SаrgsyаnArаm Sаrgsyаnhttps://gitlab.isc.org/isc-projects/bind9/-/merge_requests/5633Improve error message when directory name is given2022-01-11T15:08:10ZMatthijs Mekkingmatthijs@isc.orgImprove error message when directory name is givenSurprising error IO error is returned when directory name
is given instead of named.conf file. It can be passed to named-checkconf
or include statement. Make a simple change to return Invalid file
instead. Still not precise, but much bet...Surprising error IO error is returned when directory name
is given instead of named.conf file. It can be passed to named-checkconf
or include statement. Make a simple change to return Invalid file
instead. Still not precise, but much better error message is returned.
Fix of rhbz#490837
Original MR: !5601January 2022 (9.16.25, 9.16.25-S1, 9.17.22)Matthijs Mekkingmatthijs@isc.orgMatthijs Mekkingmatthijs@isc.orghttps://gitlab.isc.org/isc-projects/bind9/-/merge_requests/5630Regenerate configure file2021-12-09T16:51:54ZMatthijs Mekkingmatthijs@isc.orgRegenerate configure fileCommit 3c77a51f6b0150243273ea7e955ba91048c9ad6e added a configure
check for OPENSSL_cleanup. The regenerated configure file should have
been added to that commit.Commit 3c77a51f6b0150243273ea7e955ba91048c9ad6e added a configure
check for OPENSSL_cleanup. The regenerated configure file should have
been added to that commit.January 2022 (9.16.25, 9.16.25-S1, 9.17.22)https://gitlab.isc.org/isc-projects/bind9/-/merge_requests/5629Remove mutex profiling code2021-12-10T00:01:02ZMichał KępieńRemove mutex profiling codeMutex profiling code (used when the ISC_MUTEX_PROFILE preprocessor macro
is set to 1) has been broken for the past 3 years (since commit
0bed9bfc28a204cde57c6f68170ecc89ebfa6dc8) and nobody complained, which
is a strong indication that t...Mutex profiling code (used when the ISC_MUTEX_PROFILE preprocessor macro
is set to 1) has been broken for the past 3 years (since commit
0bed9bfc28a204cde57c6f68170ecc89ebfa6dc8) and nobody complained, which
is a strong indication that this code is not being used these days any
more. External tools for both measuring performance and detecting
locking issues are already wired into various GitLab CI checks. Drop
all code depending on the ISC_MUTEX_PROFILE preprocessor macro being
set.January 2022 (9.16.25, 9.16.25-S1, 9.17.22)Michał KępieńMichał Kępieńhttps://gitlab.isc.org/isc-projects/bind9/-/merge_requests/5627Use ECDSA P-256 instead of 4096-bit RSA for 'tls ephemeral'2022-01-20T10:21:45ZArаm SаrgsyаnUse ECDSA P-256 instead of 4096-bit RSA for 'tls ephemeral'ECDSA P-256 performs considerably better than the previously used
4096-bit RSA (can be observed using `openssl speed`), and, according
to RFC 6605, provides a security level comparable to 3072-bit RSA.
Closes #2264ECDSA P-256 performs considerably better than the previously used
4096-bit RSA (can be observed using `openssl speed`), and, according
to RFC 6605, provides a security level comparable to 3072-bit RSA.
Closes #2264January 2022 (9.16.25, 9.16.25-S1, 9.17.22)