Resolve "[CVE-2018-5737] serve-stale crash"

Closes #185

See merge request !302

Michał Kępień authored Apr 27, 2018 and Evan Hunt committed May 21, 2018

Interrupt query processing when query_recurse() attempts to ask the same
name servers for the same QNAME/QTYPE tuple for two times in a row as
this indicates that query processing may be stuck for an indeterminate
period of time, e.g. due to interactions between features able to
restart query_lookup().

Michał Kępień authored Apr 27, 2018 and Evan Hunt committed May 21, 2018

check_stale_header() fails to update the pointer to the previous header
while processing rdataset headers eligible for serve-stale, thus
enabling rdataset headers to be leaked (i.e. disassociated from a node
and left on the relevant TTL heap) while iterating through a node.  This
can lead to several different assertion failures.  Add the missing
pointer update.

Resolve "ISC_NET_RECVOVERFLOW support is broken."

Closes #238

See merge request !226

add placeholder

See merge request !299

Merge branch '251-documentation-of-rpz-min-update-interval-is-inconsistent-with-implementation' into 'master'

Resolve "Documentation of RPZ min-update-interval is inconsistent with implementation"

Closes #251

See merge request !277

Mukund Sivaraman authored May 14, 2018 and Evan Hunt committed May 17, 2018

Also, use variable names consistent with catz for rpz configuration functions

Merge branch '267-iscpk11libs-is-not-defined-anywhere-resulting-in-dstrandom_test-not-being-built' into 'master'

Remove dstrandom_test from lib/dns/tests/Atffile

See merge request !292

Fix request-nsid log level to match documentation.

See merge request !290

4948.	[bug]		When request-nsid is turned on, EDNS NSID options
			should be logged at level info. Since change 3741
			they have been logged at debug(3) by mistake.
			[GL !290]

Since change 3741 (commit 1d761cb4) they have been logged at
debug(3) by mistake.

Unify the random number provider

Closes #221

See merge request !269

Ondřej Surý authored May 14, 2018 and Witold Krecicki committed May 16, 2018

4947.   [func]          Replace all random functions with isc_random(),
                        isc_random_buf() and isc_random_uniform() API.
                        [GL #221]

Ondřej Surý authored Apr 22, 2018 and Witold Krecicki committed May 16, 2018

The three functions has been modeled after the arc4random family of
functions, and they will always return random bytes.

The isc_random family of functions internally use these CSPRNG (if available):

1. getrandom() libc call (might be available on Linux and Solaris)
2. SYS_getrandom syscall (might be available on Linux, detected at runtime)
3. arc4random(), arc4random_buf() and arc4random_uniform() (available on BSDs and Mac OS X)
4. crypto library function:
4a. RAND_bytes in case OpenSSL
4b. pkcs_C_GenerateRandom() in case PKCS#11 library

Resolve "Glue is no longer included for non-DNSSEC-signed zones since CHANGE 4596"

Closes #209

See merge request !247

Resolve "Clarify documentation of update-policy tcp-self and 6to4-self"

Closes #233

See merge request !227

- clarify the behavior of the name and identity fields for various
  rule types, particularly tcp-self and 6to4-self.

Address issues found by ubsan

Closes #258

See merge request !278

Certain isc_buffer_*() functions might call memmove() with the second
argument (source) set to NULL and the third argument (length) set to 0.
While harmless, it triggers an ubsan warning:

    runtime error: null pointer passed as argument 2, which is declared to never be null

Modify all memmove() call sites in lib/isc/include/isc/buffer.h and
lib/isc/buffer.c which may potentially use NULL as the second argument
(source) so that memmove() is only called if the third argument (length)
is non-zero.

compare_rdata() was meant to be used as a qsort() callback.  Meanwhile,
dns_rdataslab_merge() calls compare_rdata() for a pair of dns_rdata_t
structures rather than a pair of struct xrdata structures, which is
harmless, but triggers an ubsan warning:

    rdataslab.c:84:33: runtime error: member access within address <address> with insufficient space for an object of type 'const struct xrdata'

Use dns_rdata_compare() instead of compare_rdata() to prevent the
warning from being triggered.

Skip lib/dns/tests/sigs_test for builds without DNSSEC support

Closes #252

See merge request !271

Add notice about closing stdout/stderr file descriptors to style.md

See merge request !272

Disable builds without cryptographic provider (OpenSSL or PKCS#11)

Closes #244

See merge request !266