trust anchor improvements

Closes #673

See merge request !1177

This orphaned kr_ta_get_longest_name() so it got removed as well,
even though it's a potentially useful abstraction.

It was word-for-word identical with kr_ta_get_longest_name() anyway,
except for additional pointer->bool conversion.

The closer (N)TA will win now.  That wasn't the case
if we had a positive TA underneath a negative TA.
(Well, I can't recall ever seeing anything close to a use case.)

ci: skip pipeline tests on tags

See merge request !1176

When releasing, checks are run before merging and tagging. Having these
checks run again only slows down the release process, especially if some
tests are flaky.

release 5.3.2

See merge request !1175

distro/tests: update fedora, ubuntu releases

See merge request !1174

fedora32 -> fedora 34
ubuntu2010 -> ubuntu2104
remove ubuntu1604

validator: avoid assertion in an edge-case

See merge request !1169

Case: NSEC3 with too many iterations used for a positive wildcard proof.

To really fix the answers, this also needed fixing the `any_rank` part
which I somehow forgot in commit 7107faeb :-(

GitLab doesn't show the <system-*> tags, so let's replace them.
For now it's just hacky sed; I can't use xsltproc or similar.

https://docs.gitlab.com/ce/ci/unit_test_reports.html
https://mesonbuild.com/Unit-tests.html#testlogjunitxml

Implemented fully: build, build-asan; partially: pytests, deckard.

cache: clear any stale readers when opening cache

See merge request !1172

dnstap: add TCP RTT collection (experimental, optional)

See merge request !1170

I see no potential use for `set`; it's not a suitable abstraction.
And for `get` we want to use a pointer to the public type
instead of the private one.

Overall, worker.h has way too many stuff, but this branch is
not a good place to clean it up.

Tomas Krizek authored 3 years ago and Vladimír Čunát committed 3 years ago

This can happen for example when we want to send an answer, but the
http stream (or the connection?) is already closed.

Direct leak of 48 byte(s) in 1 object(s) allocated from:
    #0 0x7f5ad2445459 in __interceptor_malloc /build/gcc/src/gcc/libsanitizer/asan/asan_malloc_linux.cpp:145
    #1 0x55c0db3fc442 in http_write_pkt ../daemon/http.c:610
    #2 0x55c0db3fc882 in http_write ../daemon/http.c:651
    #3 0x55c0db3e9bb1 in qr_task_send ../daemon/worker.c:700
    #4 0x55c0db3ee86c in qr_task_finalize ../daemon/worker.c:1321
    #5 0x55c0db3f0123 in qr_task_step ../daemon/worker.c:1633
    #6 0x55c0db3f0982 in worker_submit ../daemon/worker.c:1755
    #7 0x55c0db3d992a in session_wirebuf_process ../daemon/session.c:759
    #8 0x55c0db3c5f01 in udp_recv ../daemon/io.c:89
    #9 0x7f5ad22b0e0e  (/usr/lib/libuv.so.1+0x20e0e)

Tomas Krizek authored 3 years ago and Lukas Jezek committed 3 years ago

The on_frame_recv() callback ins't guaranteed to be called by nghttp2.
This can happen e.g. in a case when nghttp2 issues a PROTOCOL_ERROR
RST_STREAM frame. Previously, it would leave the connection in a
stream-processing state, making it completely useless.

While this guarantees a cleanup will be called eventually, some streams
may still get ignored due to the order of various callbacks and data
processing procedures. Still, it's better than the previous
implementation.

various undefined-behavior fixes

Closes #426

See merge request !1167

It's spread over multiple commits.  The other undefined-behavior fixes
probably don't cause any issue in practice, so they aren't mentioned.

Really support 64-bit return value even there.
Currently we only use such large value in an unimportant case
(lua_Number seed).

Vladimír Čunát authored 3 years ago and Tomas Krizek committed 3 years ago

murmurhash3.c:43:40: runtime error: addition of unsigned offset
                     to 0x7ffce41c2014 overflowed to 0x7ffce41c2000
The `i` was used in a super-ugly way; I suspect the only reason was
to optimize that end-loop condition was zero comparison *vomit*

Vladimír Čunát authored 3 years ago and Tomas Krizek committed 3 years ago

The misaligned accesses were just throwing warnings for me (with gcc),
so I added the flag to stregthen what we get in CI.

Vladimír Čunát authored 3 years ago and Tomas Krizek committed 3 years ago

Some less common HW (not x86, usually ARM) doesn't tolerate unaligned
access to memory and it's breakage of C as well.

It's easiest to check by meson's -Db_sanitize=undefined (on any HW).
I pushed millions of real-life QNAME+QTYPE queries over UDP in default
mode and the sanitizer seems clear now.

Vladimír Čunát authored 3 years ago and Tomas Krizek committed 3 years ago

libknot >= 2.9 provides it and their version is less buggy :-)
In particular, it works with unaligned pointers.