Merge pull request #16644 from rgacogne/rust-audit-branches

ci: Run the daily Rust dependencies audit for all stable branches

Merge pull request #16652 from rgacogne/auth-doc-api-replace-is-not-new

auth: `EXTEND` and `PRUNE` are new in 4.9.12 and 5.0.2, not `REPLACE`

auth: `EXTEND` and `PRUNE` are new in 4.9.12 and 5.0.2, not `REPLACE`

Spotted by `rdz` on IRC.

Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>

Merge pull request #16651 from omoerbeek/rec-cookie-dump-pretty

rec: Print irrelevent entries in cookie dump more nicely

rec: Print irrelevent entries in cookie dump more nicely

Signed-off-by: Otto Moerbeek <otto.moerbeek@open-xchange.com>

Merge pull request #16646 from omoerbeek/rec-prep-5.4.0-alpha1

Prep for rec-5.4.0-alpha1

Merge pull request #16639 from miodvallat/entropocene

auth: remove configurable random generator leftovers

Prep for rec-5.4.0-alpha1

Signed-off-by: Otto Moerbeek <otto.moerbeek@open-xchange.com>

Merge pull request #16643 from rgacogne/ddist-update-rust-libs

dnsdist: Update our Rust dependencies

Merge pull request #16569 from miodvallat/unsort

pdnsutil: make "zone list" record sorting optional

ci: Run the daily Rust dependencies audit for all stable branches

Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>

dnsdist: Update our Rust dependencies

Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>

Merge pull request #16641 from PowerDNS/dependabot/pip/regression-tests.recursor-dnssec/urllib3-2.6.0

build(deps): bump urllib3 from 2.5.0 to 2.6.0 in /regression-tests.recursor-dnssec

Merge pull request #16627 from omoerbeek/rec-rust-nicer-errs

rec: format rust IOErrors in a nicer way instead of using the default formatter

No need to do a downcast dance and include fix for https://github.com/dtolnay/cxx/issues/1684

Signed-off-by: Otto Moerbeek <otto.moerbeek@open-xchange.com>

Allow (but warn) entropy-source and rng settings until 5.2.

Signed-off-by: Miod Vallat <miod.vallat@powerdns.com>

build(deps): bump urllib3 in /regression-tests.recursor-dnssec

Bumps [urllib3](https://github.com/urllib3/urllib3) from 2.5.0 to 2.6.0.
- [Release notes](https://github.com/urllib3/urllib3/releases)
- [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst)
- [Commits](https://github.com/urllib3/urllib3/compare/2.5.0...2.6.0)

---
updated-dependencies:
- dependency-name: urllib3
  dependency-version: 2.6.0
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

Merge pull request #16637 from romeroalx/ci-build-test-dnsdist-deb11-noarm

gh actions - build-and-test-all skip build dnsdist arm64 on debian 11

Remove KISS rng configuration leftovers.

Signed-off-by: Miod Vallat <miod.vallat@powerdns.com>

Merge pull request #16638 from miodvallat/undercover

auth: i like to std::move it std::move it

Remove use of rng and entropy-source parameters.

Document them as having been removed.

Fixes: #16554
Signed-off-by: Miod Vallat <miod.vallat@powerdns.com>

Address Coverity reported unnecessary object copies.

Signed-off-by: Miod Vallat <miod.vallat@powerdns.com>

build-and-test-all.yml: skip swagger-syntax-check on debian 11

build-and-test-all.yml: skip build dnsdist arm64 on debian 11

Merge pull request #16632 from miodvallat/rectify_docs

auth: minor docs tweaks

Merge pull request #16628 from miodvallat/numbers

auth: changelog and secpoll update for 4.9.12 and 5.0.2

Merge pull request #16631 from romeroalx/manual-install-libh2o

tasks.py: add option to install libh2o manually

Changelog and secpoll update for 4.9.12 and 5.0.2.

Signed-off-by: Miod Vallat <miod.vallat@powerdns.com>

Do not mention rectify will fail on non-DNSSEC zones.

Signed-off-by: Miod Vallat <miod.vallat@powerdns.com>

Replace master/slave with primary/secondary when applicable.

Signed-off-by: Miod Vallat <miod.vallat@powerdns.com>

tasks.py: add option to install libh2o manually

Merge pull request #16620 from Habbie/prune-extend-versions

auth: note that PRUNE/EXTEND are new in 4.9.12/5.0.2

rec: format rust IOErrors in a nicer way instead of using the default formatter

Signed-off-by: Otto Moerbeek <otto.moerbeek@open-xchange.com>

Merge pull request #16568 from miodvallat/path_less_travelled

auth: yet another boring autoconf regression

Merge pull request #16609 from PowerDNS/dependabot/pip/regression-tests.ixfrdist/urllib3-2.6.0

build(deps): bump urllib3 from 2.5.0 to 2.6.0 in /regression-tests.ixfrdist

Merge pull request #16623 from rgacogne/daily-rust-only-when-scheduled

Only run the daily Rust audit when `SCHEDULED_MISC_DAILIES` is set

Merge pull request #16624 from omoerbeek/rec-rust-ruttls-pemfile

rec: move away from rustls-pemfile including update of Rust dependencies

build(deps): bump urllib3 in /regression-tests.ixfrdist

Bumps [urllib3](https://github.com/urllib3/urllib3) from 2.5.0 to 2.6.0.
- [Release notes](https://github.com/urllib3/urllib3/releases)
- [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst)
- [Commits](https://github.com/urllib3/urllib3/compare/2.5.0...2.6.0)

---
updated-dependencies:
- dependency-name: urllib3
  dependency-version: 2.6.0
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

Merge pull request #16607 from PowerDNS/dependabot/pip/pdns/dnsdistdist/docs/urllib3-2.6.0

build(deps): bump urllib3 from 2.5.0 to 2.6.0 in /pdns/dnsdistdist/docs

Merge pull request #16608 from PowerDNS/dependabot/pip/regression-tests.dnsdist/urllib3-2.6.0

build(deps): bump urllib3 from 2.5.0 to 2.6.0 in /regression-tests.dnsdist

Merge pull request #16610 from PowerDNS/dependabot/pip/regression-tests.api/urllib3-2.6.0

build(deps): bump urllib3 from 2.5.0 to 2.6.0 in /regression-tests.api

Merge pull request #16611 from PowerDNS/dependabot/pip/pdns/recursordist/docs/urllib3-2.6.0

build(deps): bump urllib3 from 2.5.0 to 2.6.0 in /pdns/recursordist/docs

Merge pull request #16612 from PowerDNS/dependabot/pip/meson/urllib3-2.6.0

build(deps): bump urllib3 from 2.5.0 to 2.6.0 in /meson

rec: move away from rustls-pemfile

Fixes #16606

Signed-off-by: Otto Moerbeek <otto.moerbeek@open-xchange.com>

Only run the daily Rust audit when `SCHEDULED_MISC_DAILIES` is set

Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>

Merge pull request #16602 from miodvallat/misorder

auth: proactive test fix

Merge pull request #16619 from omoerbeek/rec-prep-20251208

rec: Prep for 20251208 security releases

auth: note that PRUNE/EXTEND are new in 4.9.12/5.0.2

Signed-off-by: Peter van Dijk <peter.van.dijk@powerdns.com>

Merge pull request #16615 from omoerbeek/rec-tcp-notify

rec: Do proper validation of TCP notifies

Merge pull request #16614 from omoerbeek/anyauthrecord

rec: ensure authRecords is empty, as handleHit checks that

rec: Prep for 20251208 security releases

Signed-off-by: Otto Moerbeek <otto.moerbeek@open-xchange.com>

Correct comment

Signed-off-by: Otto Moerbeek <otto.moerbeek@open-xchange.com>

Add tests for disallowed notifies

Signed-off-by: Otto Moerbeek <otto.moerbeek@open-xchange.com>

rec: do proper validation of TCP notifies

Signed-off-by: Otto Moerbeek <otto.moerbeek@open-xchange.com>

Check size of returned vector in test

Signed-off-by: Otto Moerbeek <otto.moerbeek@open-xchange.com>

rec: Handle more cases where the authority records might not be empty

Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>

If we iterator the loop multiple times for ANY requests, authRecords might not be empty

Signed-off-by: Otto Moerbeek <otto.moerbeek@open-xchange.com>

build(deps): bump urllib3 from 2.5.0 to 2.6.0 in /meson

Bumps [urllib3](https://github.com/urllib3/urllib3) from 2.5.0 to 2.6.0.
- [Release notes](https://github.com/urllib3/urllib3/releases)
- [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst)
- [Commits](https://github.com/urllib3/urllib3/compare/2.5.0...2.6.0)

---
updated-dependencies:
- dependency-name: urllib3
  dependency-version: 2.6.0
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

build(deps): bump urllib3 from 2.5.0 to 2.6.0 in /pdns/recursordist/docs

Bumps [urllib3](https://github.com/urllib3/urllib3) from 2.5.0 to 2.6.0.
- [Release notes](https://github.com/urllib3/urllib3/releases)
- [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst)
- [Commits](https://github.com/urllib3/urllib3/compare/2.5.0...2.6.0)

---
updated-dependencies:
- dependency-name: urllib3
  dependency-version: 2.6.0
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

build(deps): bump urllib3 from 2.5.0 to 2.6.0 in /regression-tests.api

Bumps [urllib3](https://github.com/urllib3/urllib3) from 2.5.0 to 2.6.0.
- [Release notes](https://github.com/urllib3/urllib3/releases)
- [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst)
- [Commits](https://github.com/urllib3/urllib3/compare/2.5.0...2.6.0)

---
updated-dependencies:
- dependency-name: urllib3
  dependency-version: 2.6.0
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

build(deps): bump urllib3 in /regression-tests.dnsdist

Bumps [urllib3](https://github.com/urllib3/urllib3) from 2.5.0 to 2.6.0.
- [Release notes](https://github.com/urllib3/urllib3/releases)
- [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst)
- [Commits](https://github.com/urllib3/urllib3/compare/2.5.0...2.6.0)

---
updated-dependencies:
- dependency-name: urllib3
  dependency-version: 2.6.0
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

build(deps): bump urllib3 from 2.5.0 to 2.6.0 in /pdns/dnsdistdist/docs

Bumps [urllib3](https://github.com/urllib3/urllib3) from 2.5.0 to 2.6.0.
- [Release notes](https://github.com/urllib3/urllib3/releases)
- [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst)
- [Commits](https://github.com/urllib3/urllib3/compare/2.5.0...2.6.0)

---
updated-dependencies:
- dependency-name: urllib3
  dependency-version: 2.6.0
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

Merge pull request #16601 from rgacogne/fewer-boost-optional

Remove some `boost::optional` leftovers

Fix test to not depend upon the order of the returned records.

Signed-off-by: Miod Vallat <miod.vallat@powerdns.com>

Remove some `boost::optional` leftovers

Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>

Merge pull request #16589 from miodvallat/gramophone

auth: allow finer-grained rrset changes through the API

No more reasons to reject more than one EXTEND or PRUNE anymore.

Signed-off-by: Miod Vallat <miod.vallat@powerdns.com>

Merge pull request #16521 from rgacogne/ddist-xsk-unit-tests

dnsdist: Cleanup of the `AF_XDP`/`XSK` code

dnsdist: Consistenly use `getL4HeaderOffset()` in our XSK code

Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>

Merge pull request #16590 from rgacogne/ddist-coverity-20251204

dnsdist: Fix missed optimizations reported by Coverity in config

Allow PRUNE/EXTEND to coexist with DELETE/REPLACE.

This causes us to maintain a local cache of the rrsets being modified by
both sets of operations, so that we keep a consistent view of them during
the backend transaction, regardless of what the backend might be able to
return.

Signed-off-by: Miod Vallat <miod.vallat@powerdns.com>

Spelling fixes from review

Co-authored-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
Signed-off-by: Miod Vallat <miod.vallat@powerdns.com>

Logic buglet found during review.

Signed-off-by: Miod Vallat <miod.vallat@powerdns.com>

Merge pull request #16596 from jsoref/codeql-remove-unused-imports

Remove unused imports

Merge pull request #16595 from jsoref/codeql-remove-unused-variable

Remove unused variable

Merge pull request #16594 from jsoref/codeql-test-promtool-result

Tolerate promtool failing with exit code 3

Remove unused imports

Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>

Promtool may return 3 because of the "_total" suffix warnings

Co-authored-by: Miod Vallat <miod.vallat@powerdns.com>
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>

Merge pull request #16593 from jsoref/codeql-unused-global-variable

Remove unused global variable

Remove unused variable

It was introduced (unused) in b8db58a230959585880e15c097851c5139d90f45

Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>

Allow for multiple extend/prune in the same request as long as different RRsets.

Signed-off-by: Miod Vallat <miod.vallat@powerdns.com>

Tolerate promtool failing with exit code 3

Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>

Remove unused global variable

It was orphaned by 0bbd0a64dc496720155c575c5ff438a92b05e76c

Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>

Tests for EXTEND and PRUNE zone patch operations.

Signed-off-by: Miod Vallat <miod.vallat@powerdns.com>

Fix assert_in_json_error because I'm a careless python programmer.

Signed-off-by: Miod Vallat <miod.vallat@powerdns.com>

New API zone patch feature: individual record add/delete (not rrset).

Signed-off-by: Miod Vallat <miod.vallat@powerdns.com>

dnsdist: Fix missed optimizations reported by Coverity in config

This does not really matter because we don't care much about small
performance gains in configuration parsing, but it makes Coverity
happy.

Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>

Merge pull request #16587 from omoerbeek/rec-coverity-20251203

rec: coverity 20251203

Merge pull request #16588 from omoerbeek/janitor-20251203

Kill a handful of clang++ warnings, mostly comparing unsigned to an signed constant

Split patchZone() in smaller bits.

This is preparation work for future changes which would likely to trigger
the "excessive cognitive complexity" diagnostic from clang-tidy, so cut
ahead.

Signed-off-by: Miod Vallat <miod.vallat@powerdns.com>

Kill a handful of clang++ warnings, mostly comparing unsigned to an signed constant

Signed-off-by: Otto Moerbeek <otto.moerbeek@open-xchange.com>

1643551 Variable copied when it could be moved

Signed-off-by: Otto Moerbeek <otto.moerbeek@open-xchange.com>

1643563 Variable copied when it could be moved

Signed-off-by: Otto Moerbeek <otto.moerbeek@open-xchange.com>

1643013 Check of thread-shared field evades lock acquisition

Signed-off-by: Otto Moerbeek <otto.moerbeek@open-xchange.com>

Coverity 1643564 Using a moved object

Looks harmless

Signed-off-by: Otto Moerbeek <otto.moerbeek@open-xchange.com>

Merge pull request #16585 from romeroalx/build-packages-gh-arm64-runners

GH actions: build packages on Github arm64 runners

build-packages.yml: use GH arm64 runners

builder.yml: use GH arm64 runners

Merge pull request #16582 from rgacogne/ddist-202-changelog-typo

dnsdist: Fix a typo in the 2.0.2 ChangeLog

dnsdist: Fix a typo in the 2.0.2 ChangeLog

Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>