3611. [bug] Improved resistance to a theoretical authentication
attack based on differential timing. [RT #33939]
(cherry picked from commit 5b7abbef51)
3605. [port] win32: Addressed several compatibility issues
with newer versions of Visual Studio. [RT #33916]
(cherry picked from commit f42c0dcca8)
Squashed commit of the following:
commit 4127af15f85da90cf2bd3a0c5a558daae89e833a
Author: Francis Dupont <fdupont@isc.org>
Date: Tue Jun 25 22:41:53 2013 +0200
make the last change to be text
commit 21ef4891b9ee3e3aefb45d4c80d5cb7ec78f264f
Author: Curtis Blackburn <ckb@isc.org>
Date: Tue Jun 25 12:35:08 2013 -0500
[rt33916] re-worded for easier reading
commit 83828e47e62fea4070441e645ba8fed338255ceb
Author: Francis Dupont <fdupont@isc.org>
Date: Mon Jun 24 16:08:11 2013 +0200
introduce a VCRedistPath env var
commit 0337f2554f168993a65945e78c2879e9bfca5293
Author: Francis Dupont <fdupont@isc.org>
Date: Sun Jun 23 01:23:26 2013 +0200
_adjust_fdiv for VS < 2010
commit 375fdd5c06be276b0ff0ad589c0e22b809339fe9
Author: Francis Dupont <fdupont@isc.org>
Date: Thu Jun 20 16:27:04 2013 +0200
move to MSVC v1600 as it still breaks on VS 2010
commit bfcaf72071e9d8df1d0ce0c5f05b69acd51bf698
Author: Francis Dupont <fdupont@isc.org>
Date: Thu Jun 20 15:57:35 2013 +0200
WIN32: avoid addrinfo redef
commit 18504c3e50b11e66a0b573c7cb3d61094bfa5b52
Author: Francis Dupont <fdupont@isc.org>
Date: Thu Jun 20 15:54:38 2013 +0200
WIN32: fseek/ftell
commit f9a4fdccc5ab1c74c64412fb76da7dfd161787b2
Author: Francis Dupont <fdupont@isc.org>
Date: Thu Jun 20 15:13:01 2013 +0200
fix WIN32 error redefs in net.h (isc ad lwres libs)
This incorporates the following changes, plus a new configure
option "--enable-rrl" to turn them on:
3575. [func] Changed the logging category for RRL events from
'queries' to 'query-errors'. [RT #33540]
3554. [bug] RRL failed to correctly rate-limit upward
referrals and failed to count dropped error
responses in the statistics. [RT #33225]
3545. [bug] RRL slip behavior was incorrect when set to 1.
[RT #33111]
3518. [bug] Increase the size of dns_rrl_key.s.rtype by one bit
so that all dns_rrl_rtype_t enum values fit regardless
of whether it is teated as signed or unsigned by
the compiler. [RT #32792]
3494. [func] DNS RRL: Blunt the impact of DNS reflection and
amplification attacks by rate-limiting substantially-
identical responses. To enable, use "configure
--enable-rrl". [RT #28130]
3584. [security] Caching data from an incompletely signed zone could
trigger an assertion failure in resolver.c [RT #33690]
(cherry picked from commit 276457f7a3)
