upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-05-28 04:34:54 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 4
36784 commits 18 branches 886 tags 464 MiB
Commit graph

36784 commits

This branch
This branch
All branches
Author SHA1 Message Date
Michał Kępień
fd028232f9 Update BIND version to 9.18.9-dev 2022-10-10 23:18:40 +02:00
Petr Špaček
d2b428d8d2 Merge branch '3554-improve-dnssec-policy-inline-signing-err-msg-v9_18' into 'v9_18' 
Clarify new configuration incompabitility: dnssec-policy vs. inline-signing [v9_18]

See merge request isc-projects/bind9!6871
 2022-10-06 08:30:42 +00:00
Petr Špaček
49db39abfe
Add Known Issue about config incompatibility 
(cherry picked from commit 5589d0a49c)
 2022-10-06 10:28:19 +02:00
Petr Špaček
6394f5c423
Clarify error message about missing inline-signing & dnssec-policy 
(cherry picked from commit 058c1744ba)
 2022-10-06 10:27:32 +02:00
Mark Andrews
7de12577ef Merge branch '3577-reloads-in-ixfr-system-test-happen-too-fast-v9_18' into 'v9_18' 
Add sleeps to ixfr system test [v9_18]

See merge request isc-projects/bind9!6869
 2022-10-05 22:28:16 +00:00
Mark Andrews
51bcf741fc Add sleeps to ixfr system test 
ensure that at least a second has passed since a zone was last loaded
to prevent it accidentally being skipped as up to date.

(cherry picked from commit 491a8cfe96)
 2022-10-06 08:36:25 +11:00
Michal Nowak
36f62900de Merge branch 'mnowak/drop-flake8-ignore-lists-v9_18' into 'v9_18' 
[v9_18] Drop flake8 ignore lists

See merge request isc-projects/bind9!6867
 2022-10-05 16:24:38 +00:00
Michal Nowak
8934362636
Drop flake8 ignore lists 
flake8 is not used in BIND 9 CI and inline ignore lists are not needed
anymore.

(cherry picked from commit f5d9fa6ea4)
 2022-10-05 18:06:38 +02:00
Petr Špaček
aa8a0f761c Merge branch '3572-fix-duplicate-link-anchor-v9_18' into 'v9_18' 
Deduplicate link anchors in the ARM [v9_18]

See merge request isc-projects/bind9!6861
 2022-10-05 09:59:07 +00:00
Petr Špaček
ce71fce811
Remove manually defined anchors pointing to statement definitions 
This is hopefully end of duplication. This batch did not cause clashes
in Sphinx but it was pointless nonetheless as we have auto-generated
anchors for all statements.

(cherry picked from commit 137e0f4e0e)

Adapted for v9_18 branch by doing cleanup also in
notes/notes-9.18.0.rst.
 2022-10-05 11:55:03 +02:00
Tom Krizek
6cd00258fa
Remove trailing whitespaces 
(cherry picked from commit ea2d213f34)
 2022-10-05 11:44:33 +02:00
Petr Špaček
bba3440638
Deduplicate link anchors in the ARM 
Some statement names like "allow-query" had manually defined link anchor
_allow-query and also implicit anchor created by
.. namedconf:statement:: syntax. This causes warnings if a ambiguous
reference is made using :any:`allow-query` syntax.

Remove (hopefully all) manually defined anchors which pointed to
identical place as the implicit anchor. This allows :any: to work.

In rare cases where manual anchor points to descriptive text separated
from statement definition the reference was disamguated by replacing
:any:`notify` with :ref:`notify` (for manual anchor)
vs. :namedconf:ref:`notify` (for statement definition).

Please note that `options` statement is a trap: It is ambiguous even
without manual anchor because rndc.conf has its own `options`. Use
:namedconf:ref:`options` vs. :rndcconf:ref:`options` to select
appropriate target.

(cherry picked from commit 9a7c2b370e)
 2022-10-05 11:44:33 +02:00
Mark Andrews
cf9ef990d2 Merge branch '3338-zero-system-test-add-forensics-v9_18' into 'v9_18' 
Add additional forensics to zero system test [v9_18]

See merge request isc-projects/bind9!6860
 2022-10-05 08:52:08 +00:00
Mark Andrews
1d508b76cd Add additional forensics to zero system test 
(cherry picked from commit 285351d4b2)
 2022-10-05 19:30:38 +11:00
Mark Andrews
091be7c61d Merge branch '3569-dns-message-checksig-create-test-key-directory-v9_18' into 'v9_18' 
Resolve "dns_message_checksig under oss_fuzz is not seeing the data files" [v9_18]

See merge request isc-projects/bind9!6858
 2022-10-05 08:23:06 +00:00
Mark Andrews
f7c2c07051 Add CHANGES note for [GL #3569] 
(cherry picked from commit 1849a8a526)
 2022-10-05 19:01:41 +11:00
Mark Andrews
280b863c97 Create a key directory in /tmp 
Access to the source tree is not available with oss_fuzz.  Have
fuzz/dns_message_checksig build and populate a key directory for
the fuzzer to use.  This contains a key pair and a zone file which
has the public key from the key pair.  Clean it up on shutdown.

(cherry picked from commit 033057ba9d)
 2022-10-05 19:01:41 +11:00
Petr Špaček
39827cfe3b Merge branch 'pspacek/tsan-ci-artifacts-fix-v9_18' into 'v9_18' 
Fix TSAN artifact gathering in CI [v9_18]

See merge request isc-projects/bind9!6857
 2022-10-05 07:45:12 +00:00
Petr Špaček
a1d3fb98b7
Fix TSAN artifact gathering in CI 
Fixup for 2c3b2dabe9.

We forgot to update TSAN paths when moving all the unit tests to
/tests/.  Let's remove paths from find to make it less dependent on
exact location, and store all untracked files as we do in the normal
unit test template.

Related: !6243
(cherry picked from commit 9559eb3b21)
 2022-10-05 09:44:20 +02:00
Mark Andrews
087faf0747 Merge branch '3544-add-dohpath-parsing-to-svbc-v9_18' into 'v9_18' 
Add support for 'dohpath' to SVCB (and HTTPS) [v9_18]

See merge request isc-projects/bind9!6849
 2022-10-04 05:07:10 +00:00
Mark Andrews
886df1542e Use strnstr implementation from FreeBSD if not provided by OS 
(cherry picked from commit 5f07fe8cbb)
 2022-10-04 15:33:33 +11:00
Mark Andrews
ec31057a0f Add release note for [GL #3544] 
(cherry picked from commit 2f3441b40a)
 2022-10-04 15:33:32 +11:00
Mark Andrews
9e8ebbbd23 Add CHANGES note for [GL #3544] 
(cherry picked from commit 335b397e15)
 2022-10-04 15:33:00 +11:00
Mark Andrews
10d9c040e7 Add support for 'dohpath' to SVCB (and HTTPS) 
dohpath is specfied in draft-ietf-add-svcb-dns and has a value
of 7.  It must be a relative path (start with a /), be encoded
as UTF8 and contain the variable dns ({?dns}).

(cherry picked from commit 6d561d3886)
 2022-10-04 15:32:22 +11:00
Matthijs Mekking
c179933c09 Merge branch 'matthijs-dnssec-guide-dnssec-policy-requires-inline-signing-v9_18' into 'v9_18' 
[v9_18] Add dnssec-policy inline-signing requirement to documentation

See merge request isc-projects/bind9!6832
 2022-09-28 08:38:45 +00:00
Matthijs Mekking
2abb2b638a Add inline-signing to config examples 
Add 'inline-signing yes;' to configuration examples to have working
copy paste configurations.

(cherry picked from commit 18d230a584)
 2022-09-28 10:37:41 +02:00
Matthijs Mekking
d1a01d88f9 Update inline-signing requirement to ARM 
This change was made in !6403, but the appropriate documentation
changes were not applied to the ARM.

(cherry picked from commit 5d454a7158)
 2022-09-28 10:37:41 +02:00
Matthijs Mekking
2305d8770b Add inline-signing requirement to DNSSEC Guide 
This change was made in !6403, but the appropriate documentation
changes were not applied to the DNSSEC Guide.

(cherry picked from commit 09522c8d73)
 2022-09-28 10:37:41 +02:00
Mark Andrews
79462fcb1d Merge branch '3562-assign-default-value-to-suffix-v9_18' into 'v9_18' 
Suffix may be used before it is assigned a value [v9_18]

See merge request isc-projects/bind9!6836
 2022-09-28 01:40:56 +00:00
Mark Andrews
750766a842 Suffix may be used before it is assigned a value 
CID 350722 (#5 of 7): Bad use of null-like value (FORWARD_NULL)
        12. invalid_operation: Invalid operation on null-like value suffix.
    145        r.authority.append(
    146            dns.rrset.from_text(
    147                "icky.ptang.zoop.boing." + suffix,
    148                1,
    149                IN,
    150                NS,
    151                "a.bit.longer.ns.name." + suffix,
    152            )
    153        )

(cherry picked from commit 432064f63c)
 2022-09-28 11:19:38 +10:00
Mark Andrews
cff7e5acdd Merge branch '3551-missing-rsa_free-call-in-opensslrsa_verify2-v9_18' into 'v9_18' 
Free 'rsa' if 'e' is NULL in opensslrsa_verify2 [v9_18]

See merge request isc-projects/bind9!6834
 2022-09-28 01:06:10 +00:00
Mark Andrews
573eeea2ee Add CHANGES note for [GL #3551] 
(cherry picked from commit 1e3680193a)
 2022-09-28 09:49:27 +10:00
Mark Andrews
9f8eadd289 Check BN_dup results in rsa_check 
(cherry picked from commit a47235f4f5)
 2022-09-28 09:49:04 +10:00
Mark Andrews
6b37a69213 Free 'n' on error path in rsa_check 
(cherry picked from commit 483c5a1978)
 2022-09-28 09:49:04 +10:00
Mark Andrews
6c8fe060af Check that 'e' and 'n' are allocated in opensslrsa_fromdns 
(cherry picked from commit db70c30213)
 2022-09-28 09:49:04 +10:00
Mark Andrews
3fd8d439c6 Check that 'e' and 'n' are non-NULL in opensslrsa_todns 
(cherry picked from commit 5603cd69d1)
 2022-09-28 09:49:04 +10:00
Mark Andrews
e9b880f648 Free 'rsa' if 'e' is NULL in opensslrsa_verify2 
(cherry picked from commit a2b51ca6ac)
 2022-09-28 09:49:04 +10:00
Mark Andrews
ae44b22ca6 Merge branch '3541-have-named-v-report-supported-algorithms-v9_18' into 'v9_18' 
Report supported crypto algorithms [v9_18]

See merge request isc-projects/bind9!6831
 2022-09-27 23:27:48 +00:00
Petr Špaček
81c8cc37aa Add release note for new crypto algorithm logging 
(cherry picked from commit c138a8aa59)
 2022-09-28 01:19:50 +10:00
Petr Špaček
af5f4bacf6 Document list of crypto algorithms in named -V output 
(cherry picked from commit c648e280e4)
 2022-09-28 01:19:50 +10:00
Mark Andrews
70606149c6 Deduplicate string formating 
(cherry picked from commit d34ecdb366)
 2022-09-28 01:19:50 +10:00
Mark Andrews
2f9a504998 Add CHANGES entry for [GL #3541] 
(cherry picked from commit e876de442e)
 2022-09-28 01:19:50 +10:00
Mark Andrews
09910d25a9 silence scan-build false positive 
(cherry picked from commit 3156d36495)
 2022-09-28 01:19:50 +10:00
Mark Andrews
450a8ed5d5
Report algorithms supported by named at startup 
(cherry picked from commit cb1515e71f)
 2022-09-27 16:55:33 +02:00
Mark Andrews
c0e59be125
Have 'named -V' report supported algorithms 
These cover DNSSEC, DS, HMAC and TKEY algorithms.

(cherry picked from commit b308f866c0)
 2022-09-27 16:55:33 +02:00
Mark Andrews
3d223e0338
Replace alg_totext with dst_hmac_algorithm_totext 
The new library function will be reused by subsequent commits.

(cherry picked from commit 151cc2fff9)
 2022-09-27 16:55:33 +02:00
Mark Andrews
0bbc0c61e3
Convert DST_ALG defines to enum and group HMAC algorithms 
The HMACs and GSSAPI are just using unallocated values.
Moving them around shouldn't cause issues.
Only the dnssec system test knew the internal number in use for hmacmd5.

(cherry picked from commit 09f7e0607a)
 2022-09-27 16:55:33 +02:00
Tony Finch
57a773fa81 Merge branch '3548-without-system-jemalloc-v9_18' into 'v9_18' 
A more helpful error when --without-jemalloc is impossible

See merge request isc-projects/bind9!6830
 2022-09-27 14:17:36 +00:00
Tony Finch
9ec7f4399f A more helpful error when --without-jemalloc is impossible 
When jemalloc is the system allocator (on FreeBSD and NetBSD), trying
to build --without-jemalloc caused an obscure compiler error. Instead,
complain at configure time that --without-jemalloc cannot work. (It
needs to remain an error because it is vexing when configure quietly
ignores an explicit direction.)

(cherry picked from commit f0e79458be)
 2022-09-27 14:35:29 +01:00
Mark Andrews
6173e62147 Merge branch '3557-catalog-zone-check-key-names-v9_18' into 'v9_18' 
Check that primary key names have not changed [v9_18]

See merge request isc-projects/bind9!6825
 2022-09-27 12:42:23 +00:00