Commit graph

40372 commits

Author SHA1 Message Date
Aram Sargsyan
4e94ff2541 Fix a statschannel system test zone loadtime issue
The check_loaded() function compares the zone's loadtime value and
an expected loadtime value, which is based on the zone file's mtime
extracted from the filesystem.

For the secondary zones there may be cases, when the zone file isn't
ready yet before the zone transfer is complete and the zone file is
dumped to the disk, so a so zero value mtime is retrieved.

In such cases wait one second and retry until timeout. Also modify
the affected check to allow a possible difference of the same amount
of seconds as the chosen timeout value.
2023-12-18 08:46:31 +00:00
Arаm Sаrgsyаn
ced40c48a4 Merge branch '4493-data-race-in-xfrin_send_request' into 'main'
Resolve "ThreadSanitizer: data race xfrin.c:1555:2 in xfrin_send_request"

Closes #4493

See merge request isc-projects/bind9!8579
2023-12-18 08:44:33 +00:00
Aram Sargsyan
2179224573 Add a CHANGES note for [GL #4493] 2023-12-15 09:56:44 +00:00
Aram Sargsyan
791a046cc7 Use atomic store operations instead of atomic initialize
The atomic_init() function makes sense to use with structure's
members when creating a new instance of a strucutre. In other
places, use atomic store operations instead, in order to avoid
data races.
2023-12-15 09:56:44 +00:00
Petr Špaček
edcabe8030 Merge branch '4467-fix-stats-export-overflow' into 'main'
Avoid overflow during statistics dump

Closes #4467

See merge request isc-projects/bind9!8532
2023-12-14 08:13:46 +00:00
Aydın Mercan
9c4dd863a6 Move atomic statscounter next to the non-atomic definition 2023-12-14 09:11:48 +01:00
Aydın Mercan
bb96142a17 Use a non-atomic counter when passing to stats dumper 2023-12-14 09:11:48 +01:00
Petr Špaček
b57c37d8c5 Add CHANGES and release note for [GL #4467] 2023-12-14 09:11:46 +01:00
Petr Špaček
7b0115e331 Avoid overflow during statistics dump
Related: !1493
Fixes: #4467
2023-12-14 09:11:02 +01:00
Mark Andrews
3389df6d89 Merge branch '4478-redefinition-of-hmac-as-different-kind-of-symbol-on-netbsd' into 'main'
Resolve "Redefinition of 'hmac' as different kind of symbol on NetBSD"

Closes #4478

See merge request isc-projects/bind9!8555
2023-12-13 23:32:41 +00:00
Mark Andrews
648fa635f8 Add CHANGES note for [GL #4478] 2023-12-13 22:27:38 +00:00
Mark Andrews
fd077c2661 NetBSD has added 'hmac' to libc so rename out uses of hmac 2023-12-13 22:27:38 +00:00
Petr Špaček
f7597fa286 Merge branch 'pspacek/update-gitlab-issue-templates' into 'main'
Update Gitlab issue templates

See merge request isc-projects/bind9!8542
2023-12-13 16:30:04 +00:00
Petr Špaček
84795f3005 Add Acknowledgements into Security issue template
Hopefully it will save us one round-trip with the reporter.
2023-12-13 17:11:59 +01:00
Petr Špaček
dd4a5d9668 Fix Gitlab label in Feature request template 2023-12-13 17:09:05 +01:00
Petr Špaček
6ccb07e09a Modernize Gitlab Bug template 2023-12-13 17:09:05 +01:00
Petr Špaček
b77f25446d Add a default Gitlab issue template
It's an attempt to make people use correct Gitlab templates, or use them
at all.
2023-12-13 17:09:05 +01:00
Petr Špaček
b862394bbb Make CVE issues confidential by default
An trivial attempt to avoid accidental disclosures.
2023-12-13 17:09:05 +01:00
Petr Špaček
51218c0cfb Label CVE issue template as internal-use only 2023-12-13 17:09:05 +01:00
Petr Špaček
f72d433520 Add Gitlab template for security issues 2023-12-13 17:09:05 +01:00
Michal Nowak
dc9cf795fe Merge branch 'mnowak/alpine-3.19' into 'main'
Add Alpine Linux 3.19

See merge request isc-projects/bind9!8562
2023-12-12 10:10:50 +00:00
Michal Nowak
1fc56d705e
Add Alpine Linux 3.19 2023-12-12 10:36:03 +01:00
Evan Hunt
f6b9bc7da6 Merge branch 'matthijs-qp-lookup-iterator' into 'main'
Follow-up on !8468, more dns_qp_lookup bug fixes related to the iterator

See merge request isc-projects/bind9!8558
2023-12-11 21:01:46 +00:00
Matthijs Mekking
3c397a5d68 Add CHANGES 2023-12-11 21:01:29 +00:00
Matthijs Mekking
21867f200a Refactor getpred code
Move the code to find the predecessor into one function, as it is shares
quite some similarities: In both cases we first need to find the
immediate predecessor/successor, then we need to find the immediate
predecessor if the iterator is not already pointing at it.
2023-12-11 21:01:29 +00:00
Matthijs Mekking
ab8a0c4b5a and fix yet another dns_qp_lookup() iterator bug
This one is similar to the bug when searching for a key, reaching a
dead-end branch that doesn't match, because the branch offset point
is after the point where the search key differs.

This fixes the case where we are multiple levels deep. In other
words, we had a more-than-one matches *after* the point where the
search key differs.

For example, consider the following qp-trie:

branch: "[e]", "[m]":
 - leaf: "a.b.c.d.e"
 - branch: "moo[g]", "moo[k]", "moo[n]":
   - leaf: "moog"
   - branch: "mook[e]", "mook[o]"
     - leaf: "mooker"
     - leaf: "mooko"
   - leaf: "moon"

If searching for a key "monky", we would reach the branch with
twigs "moo[k]" and "moo[n]". The key matches on the 'k' on offset=4,
and reaches the branch with twigs "mook[e]" and "mook[o]". This time
we cannot find a twig that matches our key at offset=5, there is no
twig for 'y'. The closest name we found was "mooker".

Note that on a branch it can't detect it is on a dead branch because the
key is not encapsulated in a branch node.

In the previous code we considered "mooker" to be the successor of
"monky" and so we needed to the predecessor of "mooker" to find the
predecessor for "monky". However, since the search key alread differed
before entering this branch, this is not enough. We would be left with
"moog" as the predecessor of "monky", while in this example "a.b.c.d.e"
is the actual predecessor.

Instead, we need to go up a level, find the predecessor and check
again if we are on the right branch, and repeat the process until we
are.

Unit tests to cover the scenario are now added.
2023-12-11 21:01:29 +00:00
Matthijs Mekking
276bdcf5cf and fix another dns_qp_lookup() iterator bug
There was yet another edge case in which an iterator could be
positioned at the wrong node after dns_qp_lookup(). When searching for
a key, it's possible to reach a leaf that matches at the given offset,
but because the offset point is *after* the point where the search key
differs from the leaf's contents, we are now at the wrong leaf.

In other words, the bug fixed the previous commit for dead-end branches
must also be applied on matched leaves.

For example, if searching for the key "monpop", we could reach a branch
containing "moop" and "moor". the branch offset point - i.e., the point
after which the branch's leaves differ from each other - is the
fourth character ("p" or "r"). The search key matches the fourth
character "p", and takes that twig to the next node (which can be
a branch for names starting with "moop", or could be a leaf node for
"moop").

The old code failed to detect this condition, and would have
incorrectly left the iterator pointing at some successor, and not
at the predecessor of the "moop".

To find the right predecessor in this case, we need to get to the
previous branch and get the previous from there.

This has been fixed and the unit test now includes several new
scenarios for testing search names that match and unmatch on the
offset but have a different character before the offset.
2023-12-11 21:01:29 +00:00
Michal Nowak
a71c0f5338 Merge branch 'mnowak/replace-danger-python-with-hazard' into 'main'
Replace danger-python with Hazard

See merge request isc-projects/bind9!8548
2023-12-11 17:02:47 +00:00
Tom Krizek
4f70f5bd7c
Handle empty MR description in dangerfile
A merge request might have no description at all (i.e. None, rather than
an empty string). This might happen when the MR is created via an API.
Check a description is present before trying to find a backport string
in it.
2023-12-11 17:22:03 +01:00
Michał Kępień
43126e81e6
Improve determining the lines added by a branch
Since the list of lines added to Git-tracked text files in a given
branch is not part of the Danger DSL [1], it is determined using custom
code in dangerfile.py.  The current implementation of that logic is less
than perfect as it examines the diff between the current tip of the
target branch and the source branch rather than the diff between the
merge base of the two branches and the source branch.  Consider a Git
history like this:

    *   F (target)
    ...
    *   E
    *   D
    *   C
    | * B (source)
    |/
    *   A (merge base)

If danger-python or Hazard are run for commit B, the current logic for
determining the list of added lines in dangerfile.py examines the diff
between commits F and B rather than between commits A and B.  Therefore,
the added_lines() function returns not just the lines added by commit B
on top of commit A, but also the list of lines that were removed between
commits A and F, which leads to confusing results.

Fix by using the triple-dot diff operator in the Git invocation whose
output is used as the source of information for determining the list of
lines added by a given branch.

Since Hazard fetches the target branch itself when it is run, remove the
explicit "git fetch" invocation that fetches the target branch from
GitLab (shortening its local history to a single commit in the process)
before "git diff" is invoked.

[1] https://danger.systems/js/reference.html#GitDSL
2023-12-11 17:22:03 +01:00
Michal Nowak
08ce1bc45f
Replace danger-python with Hazard
Hazard is a minimal danger-python replacement.
2023-12-11 17:22:03 +01:00
Tom Krizek
dc6200ed87 Merge branch 'tkrizek/set-up-version-and-release-notes-for-bind-9.19.20' into 'main'
Set up version and release notes for BIND 9.19.20

See merge request isc-projects/bind9!8560
2023-12-08 15:04:58 +00:00
Tom Krizek
9f82448ab5 Set up release notes for BIND 9.19.20 2023-12-08 15:51:48 +01:00
Tom Krizek
2964019558 Update BIND version to 9.19.20-dev 2023-12-08 15:51:48 +01:00
Tom Krizek
7ec5f494e2 Merge branch '4405-cleanup-resolver-nonbackoff-tries-check' into 'main'
Remove obsolete check for resolver-nonbackoff-tries

See merge request isc-projects/bind9!8557
2023-12-07 12:53:32 +00:00
Tom Krizek
059a63793a
Remove obsolete check for resolver-nonbackoff-tries
With the resolver-nonbackoff-tries statement being removed in #4405,
this check can no longer be reached and can be safely removed.
2023-12-07 13:10:58 +01:00
Mark Andrews
28d5de9046 Merge branch '4448-improve-lur-cleaning-behaviour' into 'main'
Resolve "Improve LRU cleaning behaviour"

Closes #4448 and #4269

See merge request isc-projects/bind9!8516
2023-12-07 09:48:55 +00:00
Mark Andrews
6ef8d8d699 Add CHANGES for [GL #4448] 2023-12-07 02:59:04 +00:00
Mark Andrews
7e462c2b26 Also cleanup the space for the rbt nodes
As we are in overmem state we want to free more memory than we are
adding so we need to add in an allowance for the rbtnodes that may
have been added and the names stored with them.  There is the node
for the owner name and a possible ENT node if there was a node split.
2023-12-07 02:59:04 +00:00
Mark Andrews
5e8f0e9ceb Process the combined LRU lists in LRU order
Only cleanup headers that are less than equal to the rbt's last_used
time.  Adjust the rbt's last_used time when the target cleaning was
not achieved to the oldest value of the remaining set of headers.

When updating delegating NS and glue records last_used was not being
updated when it should have been.

When adding zero TTL records to the tail of the LRU lists set
last_used to rbtdb->last_used + 1 rather than now.  This appoximately
preserves the lists LRU order.
2023-12-07 02:59:04 +00:00
Evan Hunt
8af6fc44e0 Merge branch 'each-cleanup-trivia' into 'main'
assorted trivial cleanups

See merge request isc-projects/bind9!8450
2023-12-07 02:40:05 +00:00
Evan Hunt
c8f43b9160 remove some long-deprecated arguments from dig
certain dig options which were deprecated and became nonoperational
several releases ago still had documentation in the dig man page and
warnings printed when they were used: these included +mapped,
+sigchase, +topdown, +unexpected, +trusted-key, and the -i and -n
options. these are now all fatal errors.

another option was described as deprecated in the man page, but
the code to print a warning was never added. it has been added now.
2023-12-06 17:32:09 -08:00
Evan Hunt
ced8a82503 fix consistency check for delv +ns and +qmin
the code to prevent +qmin from being used without +ns was
in the wrong place, resulting in it only working correctly
if +ns was specified first.
2023-12-06 17:31:39 -08:00
Evan Hunt
90a16b3e65 fix unnecessary capitalization
there was a typo in the copyright header.
2023-12-06 17:31:38 -08:00
Evan Hunt
03daed4d11 remove bin/rndc/rndc.conf
this file was no longer used.
2023-12-06 17:31:38 -08:00
Evan Hunt
7d05590a6f clean up client.c
- make dns_client_startresolve() static since it's only used internally
- remove outdated comments
2023-12-06 17:31:38 -08:00
Evan Hunt
50dd6aad34 remove unused functions in dns_master
dns_master_dumpnode() and dns_master_dumpnodetostream() were
never used and can be removed.
2023-12-06 17:31:38 -08:00
Evan Hunt
b92c3d9864 Merge branch '4405-remove-resolver-opts' into 'main'
deprecate/remove resolver-retry-interval and resolver-nonbackoff-tries

Closes #4405

See merge request isc-projects/bind9!8448
2023-12-06 21:39:05 +00:00
Evan Hunt
66496d550b remove resolver-retry-interval and resolver-nonbackoff-tries
fully remove these options and mark them as ancient.
2023-12-06 11:54:59 -08:00
Evan Hunt
4aaa4f7dca deprecate resolver-retry-interval and resolver-nonbackoff-tries
these options control default timing of retries in the resolver
for experimental purposes; they are not known to useful in production
environments.  they will be removed in the future; for now, we
only log a warning if they are used.
2023-12-06 11:51:22 -08:00