upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-02-26 11:32:01 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
34678 commits 18 branches 854 tags 440 MiB
Commit graph

34678 commits

This branch
This branch
All branches
Author SHA1 Message Date
Mark Andrews
1b94de8d1f
nsupdate: use $DEFAULT_ALGORITHM 
(cherry picked from commit c2d18567fc)
 2022-10-03 13:19:33 +02:00
Mark Andrews
fd8bd94212
mkeys: use $DEFAULT_ALGORITHM 
(cherry picked from commit 78fa082999)
 2022-10-03 13:19:33 +02:00
Mark Andrews
61cfb9a68e
mirror: use $DEFAULT_ALGORITHM 
(cherry picked from commit ff95bafa39)
 2022-10-03 13:19:33 +02:00
Mark Andrews
17a26bced4
metadata: use $DEFAULT_ALGORITHM 
(cherry picked from commit 3f1dc83bfb)
 2022-10-03 13:19:33 +02:00
Mark Andrews
6843c764c6
inline: use $DEFAULT_ALGORITHM 
(cherry picked from commit e3acddefd1)
 2022-10-03 13:19:33 +02:00
Mark Andrews
45c21fd5af
dsdigest: use $DEFAULT_ALGORITHM 
(cherry picked from commit 49de14cb9e)
 2022-10-03 13:19:33 +02:00
Mark Andrews
4ba58611c7
dnssec: use $DEFAULT_ALGORITHM 
(cherry picked from commit d0b0139c90)
 2022-10-03 13:19:33 +02:00
Mark Andrews
53625cc639
dns64: use $DEFAULT_ALGORITHM 
(cherry picked from commit 5cbf1e1598)
 2022-10-03 13:19:33 +02:00
Mark Andrews
7cf9e28924
chain: use $DEFAULT_ALGORITHM 
(cherry picked from commit 3419178bd2)
 2022-10-03 13:19:33 +02:00
Mark Andrews
5f146c76bd
cds: use $DEFAULT_ALGORITHM 
(cherry picked from commit 6cf0b73ede)
 2022-10-03 13:19:33 +02:00
Mark Andrews
1bd3c49454
autosign: use $DEFAULT_ALGORITHM 
(cherry picked from commit bb810b0ac9)
 2022-10-03 13:19:32 +02:00
Mark Andrews
212814cb7e Merge branch '3541-have-named-v-report-supported-algorithms-v9_16' into 'v9_16' 
Report supported crypto algorithms [v9_16]

See merge request isc-projects/bind9!6838
 2022-09-30 14:25:28 +00:00
Petr Špaček
85d0d86b62 Add release note for new crypto algorithm logging 
(cherry picked from commit c138a8aa59)
 2022-09-30 09:57:32 +10:00
Petr Špaček
2c09403ab4 Document list of crypto algorithms in named -V output 
(cherry picked from commit c648e280e4)
 2022-09-30 09:57:32 +10:00
Mark Andrews
e8439121ad Deduplicate string formating 
(cherry picked from commit d34ecdb366)
 2022-09-30 09:57:32 +10:00
Mark Andrews
ffbd1ab762 Add CHANGES entry for [GL #3541] 
(cherry picked from commit e876de442e)
 2022-09-30 09:57:32 +10:00
Mark Andrews
21d4befe09 silence scan-build false positive 
(cherry picked from commit 3156d36495)
 2022-09-30 09:57:32 +10:00
Mark Andrews
3265fc496e Report algorithms supported by named at startup 
(cherry picked from commit cb1515e71f)
 2022-09-30 09:57:32 +10:00
Mark Andrews
989811b6d9 Have 'named -V' report supported algorithms 
These cover DNSSEC, DS, HMAC and TKEY algorithms.

(cherry picked from commit b308f866c0)
 2022-09-30 09:57:32 +10:00
Matthijs Mekking
07748eb298 Merge branch 'matthijs-dnssec-guide-dnssec-policy-requires-inline-signing-v9_16' into 'v9_16' 
[v9_16] Add dnssec-policy inline-signing requirement to documentation

See merge request isc-projects/bind9!6833
 2022-09-28 09:56:53 +00:00
Matthijs Mekking
df11527a9a Add inline-signing to config examples 
Add 'inline-signing yes;' to configuration examples to have working
copy paste configurations.

(cherry picked from commit b13a0c8836d2d8bc5b4de1cdfcdb2057c0bb9d93)
 2022-09-28 10:54:52 +02:00
Matthijs Mekking
5c0e98410f Update inline-signing requirement to ARM 
This change was made in !6403, but the appropriate documentation
changes were not applied to the ARM.

(cherry picked from commit 7231383e4cc57caac36d03055e8627b12aa4b91a)
 2022-09-28 10:54:52 +02:00
Matthijs Mekking
309bf3578b Add inline-signing requirement to DNSSEC Guide 
This change was made in !6403, but the appropriate documentation
changes were not applied to the DNSSEC Guide.

(cherry picked from commit 09522c8d73)
 2022-09-28 10:54:52 +02:00
Mark Andrews
55faa5ab84 Merge branch '3562-assign-default-value-to-suffix-v9_16' into 'v9_16' 
Suffix may be used before it is assigned a value [v9_16]

See merge request isc-projects/bind9!6837
 2022-09-28 04:22:41 +00:00
Mark Andrews
7f2b46f4e5 Suffix may be used before it is assigned a value 
CID 350722 (#5 of 7): Bad use of null-like value (FORWARD_NULL)
        12. invalid_operation: Invalid operation on null-like value suffix.
    145        r.authority.append(
    146            dns.rrset.from_text(
    147                "icky.ptang.zoop.boing." + suffix,
    148                1,
    149                IN,
    150                NS,
    151                "a.bit.longer.ns.name." + suffix,
    152            )
    153        )

(cherry picked from commit 432064f63c)
 2022-09-28 11:19:50 +10:00
Mark Andrews
c2884d1a4b Merge branch '3551-missing-rsa_free-call-in-opensslrsa_verify2-v9_16' into 'v9_16' 
Free 'rsa' if 'e' is NULL in opensslrsa_verify2 [v9_16]

See merge request isc-projects/bind9!6835
 2022-09-28 00:42:18 +00:00
Mark Andrews
a2a06cf376 Add CHANGES note for [GL #3551] 
(cherry picked from commit 1e3680193a)
 2022-09-28 10:06:40 +10:00
Mark Andrews
12f902796d Check BN_dup results in rsa_check 
(cherry picked from commit a47235f4f5)
 2022-09-28 10:06:39 +10:00
Mark Andrews
2c8e38f359 Free 'n' on error path in rsa_check 
(cherry picked from commit 483c5a1978)
 2022-09-28 10:06:39 +10:00
Mark Andrews
03c5db001e Check that 'e' and 'n' are allocated in opensslrsa_fromdns 
(cherry picked from commit db70c30213)
 2022-09-28 10:06:39 +10:00
Mark Andrews
0b0718fba3 Check that 'e' and 'n' are non-NULL in opensslrsa_todns 
(cherry picked from commit 5603cd69d1)
 2022-09-28 09:56:03 +10:00
Mark Andrews
6f1e04409a Free 'rsa' if 'e' is NULL in opensslrsa_verify2 
(cherry picked from commit a2b51ca6ac)
 2022-09-28 09:53:27 +10:00
Mark Andrews
067dbde287 Merge branch '3557-catalog-zone-check-key-names-v9_16' into 'v9_16' 
Check that primary key names have not changed [v9_16]

See merge request isc-projects/bind9!6827
 2022-09-27 14:18:06 +00:00
Mark Andrews
3353529920 Add release note for [GL #3557] 
(cherry picked from commit eacf41a20a)
 2022-09-27 23:58:22 +10:00
Mark Andrews
034c34e634 Add CHANGES note for [GL #3557] 
(cherry picked from commit 0774dacf2d)
 2022-09-27 23:58:22 +10:00
Mark Andrews
4fc1975709 Check that changing the TSIG key is successful 
Switch the primary to require 'next_key' for zone transfers then
update the catalog zone to say to use 'next_key'.  Next update the
zones contents then check that those changes are seen on the
secondary.

(cherry picked from commit 176e172210)
 2022-09-27 23:58:22 +10:00
Mark Andrews
9524c493c9 Check that primary key names have not changed 
When looking for changes in a catalog zone member zone we need to
also check if the TSIG key name associated with a primary server
has be added, removed or changed.

(cherry picked from commit 9172bd9b5a)
 2022-09-27 22:20:41 +10:00
Michał Kępień
e72a275606 Merge branch 'mnowak/add-fedora-36-v9_16' into 'v9_16' 
[v9_16] Add Fedora 36

See merge request isc-projects/bind9!6821
 2022-09-27 07:44:52 +00:00
Michal Nowak
5b1ab4615a Add Fedora 36 
(cherry picked from commit a313c49a3b)
 2022-09-27 09:42:50 +02:00
Evan Hunt
0f68ad8830 Merge branch '3553-buffer-assertions-v9_16' into 'v9_16' 
add assertions to isc_buffer macros

See merge request isc-projects/bind9!6802
 2022-09-27 07:16:01 +00:00
Evan Hunt
2fdaa100c1 add assertions to isc_buffer macros 
if ISC_BUFFER_USEINLINE is defined, then macros are used to implement
isc_buffer primitives (isc_buffer_init(), isc_buffer_region(), etc).
otherwise, functions are used. previously, only the functions had
DbC assertions, which made it possible for coding errors to go
undetected. this commit makes the macro versions enforce the same
requirements.
 2022-09-26 23:48:21 -07:00
Petr Špaček
dd8c1f9f61 Merge branch 'bug/main/doc-arm-rhel9-v9_16' into 'v9_16' 
Compatibility for building ARM on older sphinx [v9_16]

See merge request isc-projects/bind9!6818
 2022-09-26 15:39:32 +00:00
Petr Menšík
8b07d457ef
Simplify allowing warnings during ARM build 
RHEL8 Sphinx does not support all features used in ARM building. But
with few emitted warnings it can build the documentation fine. Simplify
warnings acceptance by allowing make doc SPHINX_W=''.

(cherry picked from commit 3db7e241d2)
 2022-09-26 17:30:48 +02:00
Petr Menšík
e036ac4d3d
Compatibility for building ARM on older sphinx 
Make documentation building successful even on RHEL9 sphinx 3.4.3. It
does not like case-insensitive matching of terms, so provide lowercase
text description with Uppercase word reference.

(cherry picked from commit bc6c6b1184)
 2022-09-26 17:29:07 +02:00
Petr Špaček
81fd2d9874 Merge branch '3547-dns_message_checksig-leak-fix-v9_16' into 'v9_16' 
Fix memory leak in dns_message_checksig() - SIG(0) sigs [v9_16]

See merge request isc-projects/bind9!6814
 2022-09-26 11:06:42 +00:00
Mark Andrews
2905d70ad1
Stop passing mctx to dns_rdata_tostruct as it is unnecessary for SIG 
dns_rdata_tostruct doesn't need a mctx passed to it for SIG (the signer
is already expanded at this point). About the only time when mctx is
needed is when the structure is to be used after the rdata has been
destroyed.

(cherry picked from commit d6ad56bd9e)
 2022-09-26 12:45:21 +02:00
Petr Špaček
3e77d6bf87
Fix memory leak in dns_message_checksig() - SIG(0) sigs 
Impact should be visible only in tests or tools because named never
uses view == NULL, which is a necessary condition to trigger this leak.

(cherry picked from commit 69256b3553)
 2022-09-26 12:45:17 +02:00
Michał Kępień
e2448146cf Merge branch '3475-named-man-page-fix-ncpus' into 'v9_16' 
Fix the description of named's -n option

See merge request isc-projects/bind9!6797
 2022-09-21 17:48:25 +00:00
Michał Kępień
fe0b04d8d3 Fix the description of named's -n option 
Since the advent of netmgr, named no longer creates a single thread per
CPU, but rather a set of two threads per CPU.  Update the man page for
named accordingly to prevent confusion.
 2022-09-21 19:47:13 +02:00
Petr Špaček
9d5e7aca9c Merge branch '3542-arm-stats-socket-caution' into 'v9_16' 
Provide stronger wording about the security of statistics channel

See merge request isc-projects/bind9!6795
 2022-09-21 16:06:04 +00:00