]>
git.ipfire.org Git - thirdparty/pdns.git/log
Otto Moerbeek [Mon, 4 Mar 2024 14:44:43 +0000 (15:44 +0100)]
Merge pull request #13797 from omoerbeek/backport-13353-to-rec-4.8.x
rec: Backport 13353 to rec-4.8.x: If serving stale, wipe CNAME records from cache when we get a NODATA negative response for them
Otto Moerbeek [Mon, 4 Mar 2024 14:44:29 +0000 (15:44 +0100)]
Merge pull request #13799 from omoerbeek/backport-13788-to-rec-4.8.x
rec: Backport 13788 to rec 4.8.x: fix the zoneToCache regression introduced by SA 2024-01
Otto Moerbeek [Mon, 4 Mar 2024 13:51:09 +0000 (14:51 +0100)]
Merge pull request #13854 from omoerbeek/backport-13847-to-rec-4.8.x
rec: Backport 13847 to rec-4.8.x: Fix gathering of denial of existence proof for wildcard-expanded names
Otto Moerbeek [Mon, 4 Mar 2024 10:05:23 +0000 (11:05 +0100)]
rec: backport 13847 to rec-4.8.x
Manual backport as syncres.c's location changed
Otto Moerbeek [Mon, 26 Feb 2024 15:15:50 +0000 (16:15 +0100)]
Merge pull request #13796 from omoerbeek/backport-13387-to-rec-4.8.x
rec: Backport 13387 to rec-4.8.x: Update new b-root-server.net addresses in built-in hints
Otto Moerbeek [Wed, 14 Feb 2024 12:48:08 +0000 (13:48 +0100)]
rec: Backport 13353 to rec-4.8.x: If serving stale, wipe CNAME records from cache when we get a NODATA negative response for them
Otto Moerbeek [Wed, 14 Feb 2024 11:39:57 +0000 (12:39 +0100)]
Test ZTC with root zone
1. If code changes make the validation fail we want to know.
2. If root zone changes break something we want to know as well, this might even be more important than 1.
So I think we just have to accept the occasional network issues on GH.
(cherry picked from commit
5e7b96061de80b4cb52f52a65fed274a1e666e73 )
Otto Moerbeek [Tue, 13 Feb 2024 15:55:10 +0000 (16:55 +0100)]
rec: fix the zoneToCache regression introduced by SA 2024-01
Test will follow
(cherry picked from commit
c7f594e2dcda23fdc2ae2c4246da3e7c519f897e )
Otto Moerbeek [Wed, 14 Feb 2024 12:56:52 +0000 (13:56 +0100)]
rec: Backport 13387 to rec-4.8.x: Update new b-root-server.net addresses in built-in hints
Otto Moerbeek [Mon, 26 Feb 2024 14:21:50 +0000 (15:21 +0100)]
Merge pull request #13831 from omoerbeek/rec-4.8.x-formatting
rec-4.8.x: fix unit and regression tests, mostly due to python changes
Otto Moerbeek [Mon, 26 Feb 2024 13:57:01 +0000 (14:57 +0100)]
Fix typos
Otto Moerbeek [Mon, 26 Feb 2024 11:19:01 +0000 (12:19 +0100)]
rec: dnspython's API changed wrt NSID, apply (version dependent) fix in regression test
See https://dnspython.readthedocs.io/en/stable/whatsnew.html 2.6.0 2nd bullet
Cherry-picked from #13813
Otto Moerbeek [Mon, 26 Feb 2024 10:58:12 +0000 (11:58 +0100)]
Fix unit test skipping
Otto Moerbeek [Mon, 26 Feb 2024 10:10:30 +0000 (11:10 +0100)]
rec-4.8.x: fix formatting in unit tests
Otto Moerbeek [Mon, 26 Feb 2024 10:06:03 +0000 (11:06 +0100)]
Merge pull request #13798 from omoerbeek/backport-13787-to-rec-4.8.x
rec: Backport 13787 to rec-4.x.8: skip a few test that depend on sidnlab's public test setup that no longer works
Otto Moerbeek [Tue, 13 Feb 2024 15:31:35 +0000 (16:31 +0100)]
rec: skip a few test that depend on sidnlab's public test setup that no longer works
(cherry picked from commit
1c47d58191e285aa2f85c24bbddba55f95cd58a2 )
Otto Moerbeek [Tue, 13 Feb 2024 12:33:27 +0000 (13:33 +0100)]
Merge pull request #13784 from omoerbeek/rec-backport-keytrap-to-4.8.x
rec: Backport Keytrap to rec-4.8.x
Otto Moerbeek [Mon, 22 Jan 2024 11:19:16 +0000 (12:19 +0100)]
Backport of Keytrap to rec-4.8.x
Otto Moerbeek [Wed, 10 Jan 2024 14:23:37 +0000 (15:23 +0100)]
Merge pull request #13695 from omoerbeek/backport-13675-to-rec-4.8.x
Backport 13675 to rec 4.8.x: Fix documentation building error for dnsdist and recursor
Remi Gacogne [Mon, 8 Jan 2024 10:47:13 +0000 (11:47 +0100)]
dnsdist: Fix the version of alabaster when building the doc
Fixes
```
The alabaster extension used by this project needs at least Sphinx v3.4; it therefore cannot be built with this version.
```
(cherry picked from commit
c2a7ef8bd4f2423e2dc0eaa4d4a46de99b44636b )
Remi Gacogne [Mon, 8 Jan 2024 10:32:31 +0000 (11:32 +0100)]
rec: Fix the version of alabaster when building the doc
Fixes
```
The alabaster extension used by this project needs at least Sphinx v3.4; it therefore cannot be built with this version.
```
(cherry picked from commit
ac89467f17bb888fbd48c0f4c5267beab95aebee )
Otto Moerbeek [Wed, 13 Dec 2023 12:04:29 +0000 (13:04 +0100)]
Merge pull request #13571 from romeroalx/rel/rec-4.8.x-wc
GH Actions - rel/rec-4.8.x: make `build-and-test-all` and `builder` workflows reusable from other branches
romeroalx [Wed, 22 Nov 2023 13:07:38 +0000 (14:07 +0100)]
make builder workflow reusable
Alexis Romero [Thu, 16 Nov 2023 15:56:20 +0000 (16:56 +0100)]
make build-and-test-all reusable
Josh Soref [Thu, 9 Mar 2023 15:47:41 +0000 (10:47 -0500)]
Use actions/cache@v3
Josh Soref [Thu, 9 Mar 2023 15:47:03 +0000 (10:47 -0500)]
Use actions/checkout@v3
Josh Soref [Tue, 25 Jul 2023 10:13:28 +0000 (06:13 -0400)]
Switch from deprecated ::set-output
https://github.blog/changelog/2022-10-11-github-actions-deprecating-save-state-and-set-output-commands/
Peter van Dijk [Fri, 14 Jan 2022 11:12:09 +0000 (12:12 +0100)]
test ubuntu jammy build target
Peter van Dijk [Thu, 14 Sep 2023 06:35:05 +0000 (08:35 +0200)]
builder: drop ubuntu kinetic, it is EOL
Otto Moerbeek [Wed, 23 Aug 2023 06:53:24 +0000 (08:53 +0200)]
Merge pull request #13158 from omoerbeek/backport-13105-to-rec-4.8.x
rec: Backport 13105 to rec 4.8.x: (I)XFR: handle partial read of len prefix
Otto Moerbeek [Wed, 9 Aug 2023 08:09:36 +0000 (10:09 +0200)]
remove redundant assignment
(cherry picked from commit
8d3ab63b412fb4b9fd8732af47a5d1c18ba7e786 )
Peter van Dijk [Mon, 7 Aug 2023 17:13:36 +0000 (19:13 +0200)]
IXFR client: handle partial reads of the TCP chunk length header, plus:
* add primarySOACount to exception text
* add indicator of current state to exception text
* a test
(cherry picked from commit
8faf5a90992b2613cf5999c8dd5e26b0025050b7 )
Peter van Dijk [Mon, 7 Aug 2023 17:13:11 +0000 (19:13 +0200)]
Otto Moerbeek [Mon, 31 Jul 2023 19:21:31 +0000 (21:21 +0200)]
Merge pull request #13078 from omoerbeek/backport-12892-to-rec-4.8.x
rec: Backport of 12892 to rec-4.8.x: YaHTTP: Prevent integer overflow on very large chunks
Otto Moerbeek [Mon, 31 Jul 2023 18:30:27 +0000 (20:30 +0200)]
Merge pull request #13077 from omoerbeek/backport-12935-to-rec-4.8.x
rec: Backport 12935 to rec-4.x.8: Stop using the now deprecated ERR_load_CRYPTO_strings() to detect OpenSSL
Otto Moerbeek [Mon, 31 Jul 2023 17:12:18 +0000 (19:12 +0200)]
Merge pull request #13076 from omoerbeek/backport-12961-to-rec-4.8.x
rec: Backport 12961 to rec-4.8x: Work around Red Hat 8 pooping the bed in OpenSSL's headers
Otto Moerbeek [Mon, 31 Jul 2023 16:09:53 +0000 (18:09 +0200)]
Merge pull request #13056 from omoerbeek/rec-backport-13021-to-rec-4.8.x
rec: Backport 13021 to rec-4.8.x: fix setting of policy tags
Remi Gacogne [Wed, 8 Mar 2023 17:25:30 +0000 (18:25 +0100)]
YaHTTP: Prevent integer overflow on very large chunks
If the chunk_size is very close to the maximum value of an integer,
we trigger an integer overflow when checking if we have a trailing
newline after the payload.
Reported by OSS-Fuzz as:
https://oss-fuzz.com/testcase-detail/
6439610474692608
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=56804
(cherry picked from commit
b602982fc5b4fb9139dec591541e0c070ceb47f5 )
Remi Gacogne [Wed, 21 Jun 2023 12:58:15 +0000 (14:58 +0200)]
Stop using the now deprecated ERR_load_CRYPTO_strings() to detect OpenSSL
And move to BN_new() instead, which has been present since at least
0.9.6 and is still in 3.1.
(cherry picked from commit
9fcef4932c9323b085984f8a087045fef70103f5 )
Remi Gacogne [Wed, 28 Jun 2023 13:23:35 +0000 (15:23 +0200)]
Work around Red Hat 8 pooping the bed in OpenSSL's headers
The openssl/kdf.h header on EL8 is invalid because someone backported
a work-in-progress feature to an older OpenSSL branch and did not
bother to backport the fixes that were added later.
Red Hat declined to fix their mess and helpfully suggested we do the
work instead in https://bugzilla.redhat.com/show_bug.cgi?id=
2215856
(cherry picked from commit
3dabf2d4a1a478fb00a232259e8043f075eb4d03 )
Otto Moerbeek [Thu, 20 Jul 2023 15:01:07 +0000 (17:01 +0200)]
Fix DoT test to no use www.powerdns.com, as it changed, backport of #12825
Otto Moerbeek [Thu, 20 Jul 2023 13:33:03 +0000 (15:33 +0200)]
Backport #13059: Don't check TTLs of records coming out of packet cache
Otto Moerbeek [Thu, 20 Jul 2023 12:20:36 +0000 (14:20 +0200)]
Otto Moerbeek [Thu, 20 Jul 2023 10:48:36 +0000 (12:48 +0200)]
rec: Backport 13021 to rec-4.8.x: fix setting of policy tags
Backport of #13021
Otto Moerbeek [Wed, 29 Mar 2023 10:33:21 +0000 (12:33 +0200)]
Merge pull request #12700 from omoerbeek/rec-48-spoof
rec: Backport 12699 to rec-4.8.x: Deterred spoofing attempts can lead to authoritative servers being marked unavailable
Otto Moerbeek [Thu, 16 Mar 2023 07:28:31 +0000 (08:28 +0100)]
PowerDNS Security Advisory 2023-02: Deterred spoofing attempts can lead to authoritative servers being marked unavailable (CVE-2023-26437)
Otto Moerbeek [Wed, 8 Mar 2023 13:38:10 +0000 (14:38 +0100)]
Merge pull request #12623 from romeroalx/update-gh-actions-rec-4.8
Backport GH Actions updates from master to rec-4.8.x
Alexis Romero [Thu, 16 Feb 2023 05:54:23 +0000 (06:54 +0100)]
gh actions: simplified collector job in build-and-test-all.yml
Alexis Romero [Thu, 23 Feb 2023 10:03:30 +0000 (11:03 +0100)]
Avoid Microsoft repo for ODBC. Step 1: codeql allow apt downgrades
Alexis Romero [Wed, 22 Feb 2023 10:48:28 +0000 (11:48 +0100)]
Avoid Microsoft repo for ODBC. Step 1: allow apt downgrades
Peter van Dijk [Mon, 6 Feb 2023 10:41:18 +0000 (11:41 +0100)]
codeql workflow: set ubuntu mirror
Peter van Dijk [Fri, 13 Jan 2023 10:06:14 +0000 (11:06 +0100)]
build-and-test-all: add functionality to quickly switch ubuntu mirrors
dependabot[bot] [Wed, 19 Oct 2022 14:28:07 +0000 (14:28 +0000)]
build(deps): bump actions/setup-python from 2 to 4
Bumps [actions/setup-python](https://github.com/actions/setup-python) from 2 to 4.
- [Release notes](https://github.com/actions/setup-python/releases)
- [Commits](https://github.com/actions/setup-python/compare/v2...v4)
---
updated-dependencies:
- dependency-name: actions/setup-python
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Josh Soref [Tue, 6 Dec 2022 17:39:08 +0000 (12:39 -0500)]
Switch from set-output tot GITHUB_OUTPUT
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
dependabot[bot] [Wed, 19 Oct 2022 14:28:01 +0000 (14:28 +0000)]
build(deps): bump actions/upload-artifact from 1 to 3
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 1 to 3.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](https://github.com/actions/upload-artifact/compare/v1...v3)
---
updated-dependencies:
- dependency-name: actions/upload-artifact
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
dependabot[bot] [Wed, 19 Oct 2022 14:27:58 +0000 (14:27 +0000)]
build(deps): bump actions/download-artifact from 2 to 3
Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 2 to 3.
- [Release notes](https://github.com/actions/download-artifact/releases)
- [Commits](https://github.com/actions/download-artifact/compare/v2...v3)
---
updated-dependencies:
- dependency-name: actions/download-artifact
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
dependabot[bot] [Wed, 19 Oct 2022 14:44:55 +0000 (14:44 +0000)]
build(deps): bump actions/checkout from 2.3.4 to 3.1.0
Bumps [actions/checkout](https://github.com/actions/checkout) from 2.3.4 to 3.1.0.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v2.3.4...v3.1.0)
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
dependabot[bot] [Wed, 19 Oct 2022 14:28:05 +0000 (14:28 +0000)]
build(deps): bump actions/cache from 2 to 3.0.11
Bumps [actions/cache](https://github.com/actions/cache) from 2 to 3.0.11.
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](https://github.com/actions/cache/compare/v2...v3.0.11)
---
updated-dependencies:
- dependency-name: actions/cache
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Otto Moerbeek [Mon, 6 Mar 2023 13:32:11 +0000 (14:32 +0100)]
Merge pull request #12617 from omoerbeek/backport-12614-to-rec-4.8.x
Rec: backport 12614 to rec-4.8.x: test that an ImmediateServFailException isn't hidden by the serve-stale logic
Otto Moerbeek [Fri, 3 Mar 2023 14:24:58 +0000 (15:24 +0100)]
Rec: test that an ImmediateServFailException isn't hidden by the serve-stale logic
(cherry picked from commit
60a0965f82283249e8f054afe474adc33a57b8bc )
Otto Moerbeek [Fri, 3 Mar 2023 12:37:48 +0000 (13:37 +0100)]
Merge pull request #12613 from omoerbeek/rec-48-serve-stale-pegging
rec: Backport 12595, 12610 and 12611 to rec-4.8.x: fix serve-stale logic
Otto Moerbeek [Fri, 3 Mar 2023 11:19:34 +0000 (12:19 +0100)]
Reinstate refresh && served-stale logic
Otto Moerbeek [Fri, 3 Mar 2023 09:35:04 +0000 (10:35 +0100)]
Merge pull request #12609 from omoerbeek/backport-12598-to-rec-4.8.x
rec: Backport 12598 to rec-4.8.x: Update validation state after a missing negative indication
Otto Moerbeek [Fri, 3 Mar 2023 09:34:50 +0000 (10:34 +0100)]
Merge pull request #12608 from omoerbeek/backport-12495-to-rec-4.8.x
rec: Backport 12495 to rex-4.8.x: Change a few logging urgency levels
Otto Moerbeek [Fri, 3 Mar 2023 09:34:35 +0000 (10:34 +0100)]
Merge pull request #12607 from omoerbeek/backport-12347-to-rec-4.8.x
rec: Backport 12347 to rec-4.x.8: Use correct logic for isEntryUsable()
Otto Moerbeek [Fri, 3 Mar 2023 08:30:23 +0000 (09:30 +0100)]
rec: Backport 12598 to rec-4.8.x: Update validation state after a missing negative indication
Backport of #12598
Otto Moerbeek [Fri, 3 Mar 2023 08:25:27 +0000 (09:25 +0100)]
rec: Backport 12495 to rex-4.8.x: Change a few logging urgency levels
Backport of #12495
Otto Moerbeek [Fri, 3 Mar 2023 08:14:55 +0000 (09:14 +0100)]
rec: Backport 12347 to rec-4.x.8: Use correct logic for isEntryUsable()
Backport of #12347
Otto Moerbeek [Wed, 1 Mar 2023 08:28:20 +0000 (09:28 +0100)]
Fix serve-stale logic in negcache by following the record cache case more closely
Otto Moerbeek [Wed, 1 Mar 2023 08:23:37 +0000 (09:23 +0100)]
Simplify serve-stale logic
- No more special handling of ImmediateServFailException, they remain fatal
(individual failure to contact an NS returns and does not throw)
- Explicitly only look in cache on serve-stale iteration of loop
Otto Moerbeek [Wed, 1 Mar 2023 08:16:52 +0000 (09:16 +0100)]
Call the right wipe function for negcache
Otto Moerbeek [Thu, 26 Jan 2023 09:09:16 +0000 (10:09 +0100)]
Merge pull request #12475 from omoerbeek/backport-12467-to-rec-4.8.x
rec: Backport 12467 to rec: 4.8.x: do not use "message" as key, it has a special meaning to systemd-journal
Otto Moerbeek [Thu, 26 Jan 2023 08:35:25 +0000 (09:35 +0100)]
rec: Backport 12467 to rec: 4.8.x: do not use "message" as key, it has a special meaning to systemd-journal
Otto Moerbeek [Wed, 25 Jan 2023 08:55:13 +0000 (09:55 +0100)]
Merge pull request #12459 from Habbie/backport-12453-to-rec-4.8.x
rec-4.8: lock.hh: include <stdexcept>
Otto Moerbeek [Wed, 25 Jan 2023 08:54:42 +0000 (09:54 +0100)]
Merge pull request #12457 from omoerbeek/backport-12395-to-rec-4.8.x
rec: Backport 12395 to rec-4.8.x: When the stale function is triggered, wrong data can be returned from negcache and record cache
Otto Moerbeek [Wed, 25 Jan 2023 08:54:29 +0000 (09:54 +0100)]
Merge pull request #12456 from omoerbeek/backport-12368-to-rec-4.8.x
rec: Backport 12368 to rec-4.8.x: Add the 'parse packet from auth' error message to structured logging
Otto Moerbeek [Wed, 25 Jan 2023 08:53:48 +0000 (09:53 +0100)]
Merge pull request #12455 from omoerbeek/backport-12352-to-rec-4.8.x
rec: Backport 12352 to rec 4.8.x: Refresh of negcache stale entry might use wrong qtype
Peter van Dijk [Mon, 23 Jan 2023 13:54:09 +0000 (14:54 +0100)]
lock.hh: include <stdexcept>
(cherry picked from commit
d8b4ea24dc5dbe7c53c24bfffba24bcae7f58e02 )
Otto Moerbeek [Mon, 23 Jan 2023 15:55:14 +0000 (16:55 +0100)]
rec: backport 12395 to rec-4.8.x: When the stale function is triggered, wrong data can be returned from negcache and record cache
Backport of #12395
Otto Moerbeek [Mon, 23 Jan 2023 15:44:56 +0000 (16:44 +0100)]
rec: backport 12368 to rec-4.8.x: Add the 'parse packet from auth' error message to structured logging
Otto Moerbeek [Wed, 21 Dec 2022 09:12:46 +0000 (10:12 +0100)]
Change the logic a bit, as negcache->get() can be called with qtype = QType:::ENT,
but we do not want to push a task with QType::ENT
Also change a few QType& to QType, it's a small int, no need to pass by reference.
(cherry picked from commit
2541e0f53c6abba298b4a86032bdbc7dfff3ee03 )
zhaojingshi [Wed, 21 Dec 2022 03:22:57 +0000 (11:22 +0800)]
change negcache stale resolveTask qtype
(cherry picked from commit
cce57cb0c4a7112c02b82549149818faccaaa5f7 )
Otto Moerbeek [Fri, 20 Jan 2023 12:42:28 +0000 (13:42 +0100)]
Merge pull request #12418 from omoerbeek/rec-backport-12374-to-4.8.x
rec: Backport 12374 to rec-4.8.x: make cache cleaning more fair when under pressure
Otto Moerbeek [Fri, 20 Jan 2023 12:42:12 +0000 (13:42 +0100)]
Merge pull request #12408 from omoerbeek/rec-backport-12407-to-4.8.x
rec: Backport 12407 to 4.8.x: do not chain ecs enabled queries
Otto Moerbeek [Fri, 20 Jan 2023 12:41:35 +0000 (13:41 +0100)]
Merge pull request #12346 from omoerbeek/backport-12317-to-rec-4.8.x
rec: Backport 12317 to rec-4.8.x: Fix compilation on FreeBSD. reported by HellSpawn
Otto Moerbeek [Fri, 20 Jan 2023 12:41:19 +0000 (13:41 +0100)]
Merge pull request #12345 from omoerbeek/backport-12333-to-rec-4.8.x
rec: Backport 12333 to rec-4.8.x: For setting socket buf size not decreasing is not an error
Otto Moerbeek [Fri, 20 Jan 2023 12:41:04 +0000 (13:41 +0100)]
Merge pull request #12344 from omoerbeek/backport-12260-to-rec-4.8.x
rec: Backport 12260 to rec-4.8.x: Properly encode json string containing binary data
Otto Moerbeek [Fri, 20 Jan 2023 12:40:48 +0000 (13:40 +0100)]
Merge pull request #12343 from omoerbeek/backport-12254-to-rec-4.8.x
rec: Backport 12254 to rec-4.8.x: Restrict permissions for GITHUB_TOKEN in our workflows
Otto Moerbeek [Fri, 20 Jan 2023 11:51:20 +0000 (12:51 +0100)]
Merge pull request #12442 from omoerbeek/rec-48-backport-qm-ds-fallback
rec: Backport to 4.8.x: Do *not* use QName Minimization for DS retrievals in QM fallback mode.
Otto Moerbeek [Mon, 2 Jan 2023 15:34:56 +0000 (16:34 +0100)]
Backport to 4.8.x: Do *not* use QName Minimization for DS retrievals in QM fallback mode.
Otto Moerbeek [Mon, 16 Jan 2023 13:23:36 +0000 (14:23 +0100)]
Include <cmath>
Otto Moerbeek [Mon, 16 Jan 2023 13:20:37 +0000 (14:20 +0100)]
close newfs on fopen fail
Co-authored-by: Remi Gacogne <github@coredump.fr>
Otto Moerbeek [Mon, 16 Jan 2023 12:48:14 +0000 (13:48 +0100)]
rec: Backport 12374 to rec-4.8.x: make cache cleaning more fair when under pressure
Otto Moerbeek [Tue, 10 Jan 2023 14:06:45 +0000 (15:06 +0100)]
Reformat
Otto Moerbeek [Tue, 10 Jan 2023 13:48:39 +0000 (14:48 +0100)]
rec: Backport 12407 to rec-4.8.x: do not chain ecs enabled queries
Backport of #12407
Otto Moerbeek [Fri, 16 Dec 2022 08:24:44 +0000 (09:24 +0100)]
For setting socket buf size not decreasing is not an error
(cherry picked from commit
fe65dec04f3fadaca8f5319cf02f4b302463afe9 )
Otto Moerbeek [Mon, 12 Dec 2022 19:03:04 +0000 (20:03 +0100)]
Fix compilation on FreeBSD. reported by HellSpawn
(cherry picked from commit
398bb0f1e7122d6de0e6c5ec3383ba49a446d580 )
Otto Moerbeek [Fri, 2 Dec 2022 08:16:55 +0000 (09:16 +0100)]
Properly encode json string containing binary data
The existing code assumes the strings are alreayd valid UTF8 and contain potential out-of-bound accesses.
Also urlEncode path in log lines, as it trips pytest.xml:
Running tests...
$ 'pytest' '--junitxml=pytest.xml' '-v'
==STDOUT===
==STDERRR===
File "/home/otto/pdns/regression-tests.api/runtests.py", line 304, in <module>
print(serverproc.stderr.read())
File "/usr/lib/python3.9/codecs.py", line 322, in decode
(result, consumed) = self._buffer_decode(data, self.errors, final)
UnicodeDecodeError: 'utf-8' codec can't decode byte 0xeb in position 4304: invalid continuation byte
There might be more places where this is needed.
(cherry picked from commit
1478a2c8713535e4cbd1943e2526e3527d58a19b )
Remi Gacogne [Thu, 1 Dec 2022 13:34:19 +0000 (14:34 +0100)]
Restrict permissions for GITHUB_TOKEN in our workflows
Added using https://github.com/step-security/secure-workflows
For more information see:
- https://github.com/ossf/scorecard/blob/
d8fefc9b246db3600c777e9d60d441d7c386ce1d /docs/checks.md#token-permissions
- https://github.blog/changelog/2021-04-20-github-actions-control-permissions-for-github_token/
(cherry picked from commit
aff4e1eafa5bbc4e9ef6acee9d73b2154e0ab9b9 )
Otto Moerbeek [Wed, 7 Dec 2022 14:29:38 +0000 (15:29 +0100)]
Merge pull request #12293 from omoerbeek/backport-12289-to-rec-4.8.x
rec: Backport 12289 to rec 4.8.x: refactor unsuppored qtype code and make sure we ServFail on all unsupported qtypes