GL !7412 updated the set of counters exposed via the XML & JSON
statistics channels. Apply a corresponding version bump, which was
not included in that merge request.
It was agreed that the monthly CI container image rebuild should be done
manually rather than be automated. This allows us to have control over
when things could break and the end of the release cycle is the most
convenient time to have that happen.
Commit b69e783164 changed the scope of the
local 'view' variable in load_configuration(), but the code section
guarded by the #ifdef USE_DNSRPS directive was not adjusted accordingly,
causing build errors for DNSRPS-enabled builds. Fix the latter by
declaring the 'view' variable inside the loop in the DNSRPS-specific
block of code.
Commit 7695c36a5d added a new parameter,
'options', to the prototype of the 'allrdatasets' function pointer in
struct dns_dbmethods. Handle this new parameter accordingly in
rpsdb_allrdatasets().
The --enable-dnsrps-dl switch for ./configure enables preparing a
DNSRPS-enabled build of BIND 9 that is not directly linked against a
DNSRPS provider library (dlopen() at runtime is used instead). Employ
this switch to test DNSRPS-enabled builds in the pairwise testing job in
GitLab CI.
the rate limter now uses loop callbacks rather than task events.
the API for isc_ratelimiter_enqueue() has been changed; we now pass
in a loop, a callback function and a callback argument, and
receive back a rate limiter event object (isc_rlevent_t). it
is no longer necessary for the caller to allocate the event.
the callback argument needs to include a pointer to the rlevent
object so that it can be freed using isc_rlevent_free(), or by
dequeueing.
If the address lookup of the primary server fails just abort
the current update request rather than calling exit. This allows
nsupdate to cleanup gracefully.
The ADB hashmaps are stored in extra memory contexts, so the hash
tables are excluded from the overmem accounting. The new memory
context was unnamed, give it a proper name.
Same thing has happened with extra memory context used for named
global log context - give the extra memory context a proper name.
The ADB hashmaps are stored in extra memory contexts, so the hash
tables are excluded from the overmem accounting. The new memory
context was unnamed, give it a proper name.
Same thing has happened with extra memory context used for named
global log context - give the extra memory context a proper name.
Set the DS state after issuing 'rndc dnssec -checkds'. If the DS
was published, it should go in RUMOURED state, regardless whether it
is already safe to do so according to the state machine.
Leaving it in HIDDEN (or if it was magically already in OMNIPRESENT or
UNRETENTIVE) would allow for easy shoot in the foot situations.
Similar, if the DS was withdrawn, the state should be set to
UNRETENTIVE. Leaving it in OMNIPRESENT (or RUMOURED/HIDDEN)
would also allow for easy shoot in the foot situations.
The following are not also accepted as single-line commits without
generating warnings:
- CHANGES/release note may appear in the beginning of the commit message
- Release note may be capitalized
- Allow commits with "GL #" (e.g. Update documentation for [GL #XXXX])
Update the release checklist to incorporate some minor tweaks that we
have been applying manually for the past few months as a result of
release process evolution.
Rework the Security Incident Handling Checklist so that it does not only
contain the SWENG-side steps for handling a security incident, but also
all the other steps required by ISC procedures.
Artifacts of the "stress" jobs in GitLab CI are used for generating the
QA summary for a given set of releases. It happened in the past that
these artifacts were purged before the QA summary was prepared,
unnecessarily prolonging the release process. A complete set of
artifacts from all such jobs for a single pipeline should be less than 1
GB in size, so extend their lifetime from one day to one week as a more
reasonable compromise between availability and disk space usage. (Note:
these jobs are also run in scheduled pipelines, but that is expected to
be acceptable in the context of artifact lifetime.)
Artifacts of the "release" jobs in GitLab CI are what we eventually
publish on the FTP server. It happened in the past that these artifacts
were purged before we copied them to their destination, unnecessarily
prolonging the release process, even though we usually press the "Keep"
button for the "release" jobs manually to keep them around indefinitely
(as they are the source of what we publish in other places). Since
there is only one "release" job per tag pipeline and its artifacts only
take up tens of megabytes of space, keep the artifacts of the "release"
jobs around indefinitely by default.
commit --fixup=amend:<hash> produces a subject starting with amend!
by default. Have danger look for this to ensure that it is squashed
before merging.
The util/release-tarball-comparison.sh script compares a release-ready
BIND 9 tarball to a temporary BIND 9 tarball created from the same
signed Git tag to ensure that their content does not differ
(significantly).
Add check for extracting the public 'n' component on OpenSSL 3.0
path. This is mandatory component, and it's presence is checked
already on the other code path.
Also document the reason why private key component getting errors
are ignored.
This restores the Malloced memory counter and it's now always equal to
InUse counter. This is only for backwards compatibility reason and
there is no separate counter.
The commit also cleanups little things like structure with a single
item (summary.inuse), and shuts up a wrong cppcheck warning (the
notorious NULL check after assignment).
Instead of enforcing stronger synchronization between threads, make all
the atomic operations relaxed. We are not really interested in exact
numbers at all times - the single place where we need the exact number
is when the memory context is being destroyed. Even when there's a
overmem counter, we don't care about exact ordering or exact number.
