- 30 Oct, 2019 5 commits
-
-
Michał Kępień authored
Add a CHANGES placeholder See merge request isc-projects/bind9!2502
-
Michał Kępień authored
See [GL !2476].
-
Mark Andrews authored
Merge branch '1288-log-dns_r_unchanged-from-sync_secure_journal-at-info-level-in-receive_secure_serial' into 'master' Resolve "Log DNS_R_UNCHANGED from sync_secure_journal at info level in receive_secure_serial." Closes #1288 See merge request isc-projects/bind9!2490
-
Mark Andrews authored
-
Mark Andrews authored
-
- 29 Oct, 2019 16 commits
-
-
Mark Andrews authored
Fix hang in `named-compilezone | head` See merge request isc-projects/bind9!2481
-
Tony Finch authored
-
Tony Finch authored
I was truncating zone files for experimental purposes when I found that `named-compilezone | head` got stuck. The full command line that exhibited the problem was: dig axfr dotat.at | named-compilezone -o /dev/stdout dotat.at /dev/stdin | head This requires a large enough zone to exhibit the problem, more than about 70000 bytes of plain text output from named-compilezone. I was running the command on Debian Stretch amd64. This was puzzling since it looked like something was suppressing the SIGPIPE. I used `strace` to examine what was happening at the hang. The program was just calling write() a lot to print the zone file, and the last write() hanged until I sent it a SIGINT. During some discussion with friends, Ian Jackson guessed that opening /dev/stdout O_RDRW might be the problem, and after some tests we found that this does in fact suppress SIGPIPE. Since `named-compilezone` only needs to write to its output file, the fix is to omit the stdio "+" update flag.
-
Ondřej Surý authored
placeholder. See merge request isc-projects/bind9!2495
-
Diego dos Santos Fronza authored
-
Ondřej Surý authored
Update the list of supported and unsupported PLATFORMS for BIND 9.15 See merge request !2486
-
Ondřej Surý authored
-
Ondřej Surý authored
-
Ondřej Surý authored
Disable synth-from-dnssec by default See merge request !2491
-
Ondřej Surý authored
-
Ondřej Surý authored
-
Ondřej Surý authored
-
Ondřej Surý authored
It was found that NSEC Aggressive Caching has a significant performance impact on BIND 9 when used as recursor. This commit disables the synth-from-dnssec configuration option by default to provide immediate remedy for people running BIND 9.12+. The NSEC Aggressive Cache will be enabled again after a proper fix will be prepared.
-
Michał Kępień authored
Revamp the release checklist See merge request !2488
-
Michał Kępień authored
Make the release checklist match the current release process better by adding missing steps, rearranging existing ones, reassigning responsibilities, and dividing the list into sections (by due date).
-
Michał Kępień authored
Add CentOS 8 to GitLab CI See merge request !2489
-
- 25 Oct, 2019 1 commit
-
-
Michał Kępień authored
Ensure BIND can be tested on CentOS 8 in GitLab CI to more quickly catch build and test errors on that operating system.
-
- 24 Oct, 2019 5 commits
-
-
Mark Andrews authored
"dnskey-sig-validity 0;" was not accepted Closes #876 See merge request isc-projects/bind9!2484
-
Mark Andrews authored
-
Mark Andrews authored
-
Mark Andrews authored
placeholder See merge request isc-projects/bind9!2485
-
Mark Andrews authored
-
- 22 Oct, 2019 2 commits
-
-
Ondřej Surý authored
Update the coding style to reflect the year 2019 and C99/C11 standard Closes #5 See merge request isc-projects/bind9!2148
-
Ondřej Surý authored
-
- 21 Oct, 2019 4 commits
-
-
Mark Andrews authored
Resolve "dnstap per view configuration" Closes #1281 See merge request isc-projects/bind9!2477
-
Mark Andrews authored
-
Mark Andrews authored
-
Mark Andrews authored
-
- 19 Oct, 2019 1 commit
-
-
Tinderbox User authored
-
- 17 Oct, 2019 1 commit
-
-
Michał Kępień authored
Address cppcheck 1.89 warnings See merge request !2472
-
- 16 Oct, 2019 2 commits
-
-
Michał Kępień authored
cppcheck 1.89 emits a false positive for lib/dns/spnego_asn1.c: lib/dns/spnego_asn1.c:698:9: error: Uninitialized variable: data [uninitvar] memset(data, 0, sizeof(*data)); ^ lib/dns/spnego.c:1707:47: note: Calling function 'decode_NegTokenResp', 3rd argument '&resp' value is <Uninit> ret = decode_NegTokenResp(buf + taglen, len, &resp, NULL); ^ lib/dns/spnego_asn1.c:698:9: note: Uninitialized variable: data memset(data, 0, sizeof(*data)); ^ This message started appearing with cppcheck 1.89 [1], but it will be gone in the next release [2], so just suppress it for the time being. [1] https://github.com/danmar/cppcheck/commit/af214e8212efa303e664920a468de00ee0b1fe3d [2] https://github.com/danmar/cppcheck/commit/2595b826349a7ffbe1c958b806498b6e336bea33
-
Michał Kępień authored
cppcheck 1.89 enabled certain value flow analysis mechanisms [1] which trigger null pointer dereference false positives in lib/dns/rpz.c: lib/dns/rpz.c:582:7: warning: Possible null pointer dereference: tgt_ip [nullPointer] if (KEY_IS_IPV4(tgt_prefix, tgt_ip)) { ^ lib/dns/rpz.c:1419:44: note: Calling function 'adj_trigger_cnt', 4th argument 'NULL' value is 0 adj_trigger_cnt(rpzs, rpz_num, rpz_type, NULL, 0, true); ^ lib/dns/rpz.c:582:7: note: Null pointer dereference if (KEY_IS_IPV4(tgt_prefix, tgt_ip)) { ^ lib/dns/rpz.c:596:7: warning: Possible null pointer dereference: tgt_ip [nullPointer] if (KEY_IS_IPV4(tgt_prefix, tgt_ip)) { ^ lib/dns/rpz.c:1419:44: note: Calling function 'adj_trigger_cnt', 4th argument 'NULL' value is 0 adj_trigger_cnt(rpzs, rpz_num, rpz_type, NULL, 0, true); ^ lib/dns/rpz.c:596:7: note: Null pointer dereference if (KEY_IS_IPV4(tgt_prefix, tgt_ip)) { ^ lib/dns/rpz.c:610:7: warning: Possible null pointer dereference: tgt_ip [nullPointer] if (KEY_IS_IPV4(tgt_prefix, tgt_ip)) { ^ lib/dns/rpz.c:1419:44: note: Calling function 'adj_trigger_cnt', 4th argument 'NULL' value is 0 adj_trigger_cnt(rpzs, rpz_num, rpz_type, NULL, 0, true); ^ lib/dns/rpz.c:610:7: note: Null pointer dereference if (KEY_IS_IPV4(tgt_prefix, tgt_ip)) { ^ It seems that cppcheck no longer treats at least some REQUIRE() assertion failures as fatal, so add extra assertion macro definitions to lib/isc/include/isc/util.h that are only used when the CPPCHECK preprocessor macro is defined; these definitions make cppcheck 1.89 behave as expected. There is an important requirement for these custom definitions to work: cppcheck must properly treat abort() as a function which does not return. In order for that to happen, the __GNUC__ macro must be set to a high enough number (because system include directories are used and system headers compile attributes away if __GNUC__ is not high enough). __GNUC__ is thus set to the major version number of the GCC compiler used, which is what that latter does itself during compilation. [1] https://github.com/danmar/cppcheck/commit/aaeec462e6d96bb70c2b1cf030979d09e2d7c959
-
- 15 Oct, 2019 3 commits
-
-
Michał Kępień authored
Remove remnants of the --with-cc-alg option See merge request isc-projects/bind9!2436
-
Michał Kępień authored
Commit afa81ee4 omitted some spots in the source tree which are still referencing the removed --with-cc-alg "configure" option. Make sure the latter is removed completely.
-
Michał Kępień authored
Limit triggers for OpenBSD system test jobs See merge request isc-projects/bind9!2468
-