Ondřej Surý authored May 14, 2018 and Witold Krecicki committed May 16, 2018

4947.   [func]          Replace all random functions with isc_random(),
                        isc_random_buf() and isc_random_uniform() API.
                        [GL #221]

Ondřej Surý authored Apr 22, 2018 and Witold Krecicki committed May 16, 2018

The three functions has been modeled after the arc4random family of
functions, and they will always return random bytes.

The isc_random family of functions internally use these CSPRNG (if available):

1. getrandom() libc call (might be available on Linux and Solaris)
2. SYS_getrandom syscall (might be available on Linux, detected at runtime)
3. arc4random(), arc4random_buf() and arc4random_uniform() (available on BSDs and Mac OS X)
4. crypto library function:
4a. RAND_bytes in case OpenSSL
4b. pkcs_C_GenerateRandom() in case PKCS#11 library

Resolve "Glue is no longer included for non-DNSSEC-signed zones since CHANGE 4596"

Closes #209

See merge request !247

Resolve "Clarify documentation of update-policy tcp-self and 6to4-self"

Closes #233

See merge request !227

- clarify the behavior of the name and identity fields for various
  rule types, particularly tcp-self and 6to4-self.

Address issues found by ubsan

Closes #258

See merge request !278

Certain isc_buffer_*() functions might call memmove() with the second
argument (source) set to NULL and the third argument (length) set to 0.
While harmless, it triggers an ubsan warning:

    runtime error: null pointer passed as argument 2, which is declared to never be null

Modify all memmove() call sites in lib/isc/include/isc/buffer.h and
lib/isc/buffer.c which may potentially use NULL as the second argument
(source) so that memmove() is only called if the third argument (length)
is non-zero.

compare_rdata() was meant to be used as a qsort() callback.  Meanwhile,
dns_rdataslab_merge() calls compare_rdata() for a pair of dns_rdata_t
structures rather than a pair of struct xrdata structures, which is
harmless, but triggers an ubsan warning:

    rdataslab.c:84:33: runtime error: member access within address <address> with insufficient space for an object of type 'const struct xrdata'

Use dns_rdata_compare() instead of compare_rdata() to prevent the
warning from being triggered.

Skip lib/dns/tests/sigs_test for builds without DNSSEC support

Closes #252

See merge request !271

Add notice about closing stdout/stderr file descriptors to style.md

See merge request !272

Disable builds without cryptographic provider (OpenSSL or PKCS#11)

Closes #244

See merge request !266

Remove $Id$s and other cruft in a batch

See merge request !263

Use 2>/dev/null instead of '>&-'

See merge request !262

Update tests to not use '>&-' that closes file descriptor, but instead use correct redirection to '>/dev/null'

Merge branch '239-don-t-use-null-as-a-argument-to-a-varargs-function-as-it-may-not-be-promoted-properly' into 'master'

Resolve "don't use NULL as a argument to a varargs function as it may not be promoted properly"

Closes #239

See merge request !228

Merge branch '248-named-9-12-uses-too-much-memory-with-tuning-large-regression-vs-9-11' into 'master'

Resolve "named 9.12 uses too much memory with `--tuning=large` (regression vs. 9.11)"

Closes #248

See merge request !251

Mukund Sivaraman authored May 09, 2018 and Mark Andrews committed May 11, 2018

With 1044 res contexts, each with 65536 debuglink structs of 16 bytes
each, the debuglink table itself was consuming 1GB+ of memory.

Resolve "clang scan-build reporting possible null pointer dereferences"

Closes #196

See merge request !230

Silence clang static analyzer warnings; Consolidate multiple instances of splitting of batchline in dig into a single function.

Address GCC 8 compilation warnings

Closes #249

See merge request !252