Allow use of exception (and by extension, assert statements) in the
called function in order to extract essential debug information about
the type of failure that was encountered.
In case the called function fails to succeed on the last retry and
raised an exception, log it as error and set it as the assert message to
propagate it through the pytest framework.
(cherry picked from commit 620c884133)
Previously, when a DNSSEC key was purged by one zone view, other zone views would return an error about missing key files. This has been fixed.
Closes#5315
Backport of MR !10550
Merge branch 'backport-5315-fix-spurious-some-key-files-are-missing-9.18' into 'bind-9.18'
See merge request isc-projects/bind9!10599
This happens because old key is purged by one zone view, then the other
is freaking out about it.
Keys that are unused or being purged should not be taken into account
when verifying key files are available.
The keyring is maintained per zone. So in one zone, a key in the
keyring is being purged. The corresponding key file is removed.
The key maintenance is done for the other zone view. The key in that
keyring is not yet set to purge, but its corresponding key file is
removed. This leads to "some keys are missing" log errors.
We should not check the purge variable at this point, but the
current time and purge-keys duration.
This commit fixes this erroneous logic.
(cherry picked from commit d494698852)
Create a test scenario where a signed zone is in multiple views and
then a key may be purged. This is a bug case where the key files are
removed by one view and then the other view starts complaining.
Note: This commit was manually modified because 9.18 does not have
pytest based kasp system tests. The test was translated to a shell
script style test case.
(cherry picked from commit 752d8617f5)
Add support to display the CO (Compact denial of existence Ok flag) when displaying messages.
Add support to set the CO flag when making queries in dig (+coflag).
Closes#5319
Backport of MR !10482
Merge branch 'backport-5319-add-support-to-set-and-display-the-co-flag-9.18' into 'bind-9.18'
See merge request isc-projects/bind9!10579
Add a 1 second delay to ensure file time stamp is different
from last load.
Closes#5366
Backport of MR !10571
Merge branch 'backport-5366-test_xferquota-py-reloads-zone-file-too-fast-9.18' into 'bind-9.18'
See merge request isc-projects/bind9!10576
ensure a second has elasped before updating the zone file
by adding 'time.sleep(1)' to xferquota/tests_xferquota.py
(cherry picked from commit d8d14cb780)
The "run.sh" script, used by "make test", changes the working
directory to the system test directory before executing pytest.
If the test drops hypothesis artifacts while running, this
can cause spurious test failures due to an apparent mismatch
between the contents of the system test directory and the
temporary pytest directory. This has been addressed by having
"run.sh" call pytest from the parent directory instead.
(cherry picked from commit c08e78ef73)
named-rrchecker now parses the braces which support multi-line input
from the beginning of the input rather than only when reading the
data fields of the record.
Closes#5336
Backport of MR !10521
Merge branch 'backport-5336-extend-named-rrchecker-multiline-support-9.18' into 'bind-9.18'
See merge request isc-projects/bind9!10547
named-rrchecker now parses the braces which support multi-line input
from the beginning of the input rather than only when reading the
data fields of the record.
(cherry picked from commit 2e1f933d65)
Unexpectedly this broke CI job generator which parses gitlab-ci.yaml
and cannot handle `!reference` YAML tags.
This reverts merge request !10490
Backport of MR !10540
Merge branch 'backport-revert-0a1a599f-9.18' into 'bind-9.18'
See merge request isc-projects/bind9!10542
The odd-looking "\ " escape is required to italicize <character-string>
without italicizing the final "s". See reStructuredText Markup
Specification, sections "Inline markup recognition rules" and "Escaping
Mechanism". Most importantly:
Escaped whitespace characters are removed from the output document
together with the escaping backslash. This allows for character-level
inline markup.
(cherry picked from commit 43c5b9aeb4)
The tr range did not work on Solaris 11.4. Let's use a class that is
defined in POSIX.
Closes#5326
Backport of MR !10530
Merge branch 'backport-5326-make-rndc_dumpdb-work-on-solaris-9.18' into 'bind-9.18'
See merge request isc-projects/bind9!10533
Vicky and Ondrej have agreed that we should add text to explain that we do not give bug bounties.
Backport of MR !10246
Merge branch 'backport-sgoldlust-main-bug-bounty-9.18' into 'bind-9.18'
See merge request isc-projects/bind9!10528
Coverity detected that 'optlen' was not being checked in 'process_opt'.
This is actually already done when the OPT record was initially
parsed. Add an INSIST to silence Coverity as is done in message.c.
Closes#5330
Backport of MR !10500
Merge branch 'backport-5330-tainted-scalar-in-client-c-9.18' into 'bind-9.18'
See merge request isc-projects/bind9!10506
Coverity detected that 'optlen' was not being checked in 'process_opt'.
This is actually already done when the OPT record was initially
parsed. Add an INSIST to silence Coverity as is done in message.c.
(cherry picked from commit 72cd6e8591)
To be consistent with the replacing of Oracle Linux QCOW2 images with
AlmaLinux AWS AMIs, also replace Docker images.
Backport of MR !10434
Merge branch 'backport-mnowak/replace-oracle-linux-with-almalinux-9.18' into 'bind-9.18'
See merge request isc-projects/bind9!10513
To be consistent with the replacing of Oracle Linux QCOW2 images with
AlmaLinux AWS AMIs, also replace Docker images.
(cherry picked from commit 63947a2062)
On FIPS-enabled platforms, we need to ensure a minimal version of
hypothesis which no longer uses MD5. This doesn't need to be enforced
for other platforms.
Move the import magic to a utility module to avoid copy-pasting the
boilerplate code around.
Backport of MR !10442
Merge branch 'backport-nicki/pytest-import-hypothesis-9.18' into 'bind-9.18'
See merge request isc-projects/bind9!10508
On FIPS-enabled platforms, we need to ensure a minimal version of
hypothesis which no longer uses MD5. This doesn't need to be enforced
for other platforms.
Move the import magic to a utility module to avoid copy-pasting the
boilerplate code around.
(cherry picked from commit 0aff715f40)
The memory context for dlz_dlopen_driver unit had no name and
that was causing trouble with the statistics channel output. Set the
name for the two memory context that were missing a proper name.
(cherry picked from commit 5d264b3329)
Enable existing rndc system tests (the python test function calling the
shell file was missing). Also update the extra artifacts list to remove
one generated file which was left behind.
Backport of MR !10489
Merge branch 'backport-colin/rndc-tests-9.18' into 'bind-9.18'
See merge request isc-projects/bind9!10494
Enable existing rndc system tests (the python test function calling the
shell file was missing). Also update the extra artifacts list to remove
one generated file which was left behind.
(cherry picked from commit f84065a32c)
Backport of MR !10487
Merge branch 'backport-pspacek/update-reporting-procedure-sec-md-9.18' into 'bind-9.18'
See merge request isc-projects/bind9!10492
The test_idle_timeout check in the "timeouts" system test has been
failing often on FreeBSD 13 AWS hosts. Adding timestamped debug logging
shows that the time.sleep() calls used in that check are returning
significantly later than asked to on that platform (e.g. after 4 seconds
when just 1 second is requested), breaking the test's timing assumptions
and triggering false positives. These failures are not an indication of
a bug in named and have not been observed on any other platform. Mark
the problematic check as flaky, but only on FreeBSD 13, so that other
failure modes are caught appropriately.
Backport of MR !10459
Merge branch 'backport-michal/mark-test_idle_timeout-as-flaky-on-freebsd-13-9.18' into 'bind-9.18'
See merge request isc-projects/bind9!10462
The test_idle_timeout check in the "timeouts" system test has been
failing often on FreeBSD 13 AWS hosts. Adding timestamped debug logging
shows that the time.sleep() calls used in that check are returning
significantly later than asked to on that platform (e.g. after 4 seconds
when just 1 second is requested), breaking the test's timing assumptions
and triggering false positives. These failures are not an indication of
a bug in named and have not been observed on any other platform. Mark
the problematic check as flaky, but only on FreeBSD 13, so that other
failure modes are caught appropriately.
(cherry picked from commit cb76b3729e)
Focal-specific ./configure options were moved to Jammy.
Backport of MR !9899
Merge branch 'backport-mnowak/drop-ubuntu-focal-9.18' into 'bind-9.18'
See merge request isc-projects/bind9!10456
