git.ipfire.org Git - thirdparty/pdns.git/log

Update FIXME comment in build-scripts/gh-actions-setup-inv

Co-authored-by: Remi Gacogne <github@coredump.fr>
(cherry picked from commit 03db3c76cf5b8fdf6df24180e8e5cf64f706e14d)

workaround for grub error raised after apt-get dist-upgrade

(cherry picked from commit 735582e64f176c9fbca3c3fc20c162f6c94ae8cd)

Merge pull request #13273 from Habbie/backport-13194-to-auth-4.7.x

auth-4.7.x: switch from `docker-compose` to `docker compose` and stop installing docker-compose because that uninstalls runc

switch from `docker-compose` to `docker compose` and
stop installing docker-compose because that uninstalls runc

(cherry picked from commit 5bb9f0fcd0c63a8ea31bc150e29b47b301009696)

Merge pull request #13272 from Habbie/backport-13245-to-auth-4.7.x

auth-4.7.x: smysql: stop explicity setting MYSQL_OPT_RECONNECT to 0

smysql: stop explicity setting MYSQL_OPT_RECONNECT to 0

Setting this option, even to 0, causes spurious warnings to the console
with recent libmysqlclient versions. The upstream bug
( https://bugs.mysql.com/bug.php?id=112089 )
has now been open for a month, so we're implementing a workaround.

0 was the default since at least MySQL 5.7, perhaps longer.

closes #13242

(cherry picked from commit f1cbc20b72ab95531f0a84bab40ac6ea1610241f)

Merge pull request #12745 from mind04/auth47-loop

auth-4.7.x: calm down the communicator loop

Merge pull request #12746 from mind04/auth47-nsec-at-delegation

auth-4.7.x: Pick the right signer name when a NSEC name is also a delegation point

Merge pull request #12743 from Habbie/backport-12125-to-auth-4.7.x

auth-4.7.x: timeout handling for IXFRs as a client

Merge pull request #12744 from Habbie/backport-12127-to-auth-4.7.x

auth-4.7.x: Fix multiple-version IXFR request handling in ixfrdist

add ordername testing

Merge pull request #12742 from Habbie/backport-12260-to-auth-4.7.x

auth-4.7.x: Properly encode json string containing binary data

Merge pull request #12741 from Habbie/backport-12659-to-auth-4.7.x

auth-4.7.x: Prevent a race during the processing of SVC auto-hints

make getCommonLabels() root aware

auth: add nsec at delegation point test

auth: fix nsec at delegation point

auth: calm down the communicator loop

Add ixfrdist tests for multi-version IXFR

(cherry picked from commit de934ccdeb9b347e1c70901db4157b6b064a33bd)

Fix generation of multiple-version updates

See https://github.com/PowerDNS/pdns/issues/6880#issuecomment-420980817

(cherry picked from commit f821ff19dcd4ad1bb4e88d40913e40201d81c118)

Better wording in comment

Co-authored-by: Peter van Dijk <peter.van.dijk@powerdns.com>
(cherry picked from commit 240460d77be35a6a1c1e6fa22364efe19dc3ee84)

Timout handling for ixfrs as a client.

One complicating factor is that this is shared code, but auth and
rec do not agree on the definiton of the timeout value: auth states
it is a maximum idle time, while rec state it is the total xfr time.
While both apporaches make sense and in the end we would like to
enforce both, we now go for a more simple solution that respects
auth or rec behaviour based on a flag.

(cherry picked from commit fee334ae0f5083d47f9adc207d5a1a6d36ebc2ac)

Properly encode json string containing binary data

The existing code assumes the strings are alreayd valid UTF8 and contain potential out-of-bound accesses.

Also urlEncode path in log lines, as it trips pytest.xml:

Running tests...

$ 'pytest' '--junitxml=pytest.xml' '-v'
==STDOUT===

==STDERRR===
  File "/home/otto/pdns/regression-tests.api/runtests.py", line 304, in <module>
    print(serverproc.stderr.read())
  File "/usr/lib/python3.9/codecs.py", line 322, in decode
    (result, consumed) = self._buffer_decode(data, self.errors, final)
UnicodeDecodeError: 'utf-8' codec can't decode byte 0xeb in position 4304: invalid continuation byte

There might be more places where this is needed.

(cherry picked from commit 1478a2c8713535e4cbd1943e2526e3527d58a19b)

auth: Prevent a race during the processing of SVC auto-hints

When `svc-autohints` is enabled, the content of SVCB and HTTPS records
is modified in `PacketHandler::doAdditionalProcessing()` to expand
the IPv4 and IPv6 with their actual values.
This causes an issue because the content of these records might be
shared between threads, via the record cache, and one thread could
be trying to read from the internal `std::set` while a second thread
is altering it, leading to a data race and possibly to memory corruption
and a crash.
This is correctly detected by TSAN:
```
WARNING: ThreadSanitizer: data race (pid=102795)
  Write of size 8 at 0x7b3400010350 by thread T33:
    #0 operator delete(void*) <null> (pdns_server+0x211b7c) (BuildId: 384adc19a67695435bd5e89d0a77f562561f4593)
    #1 std::__new_allocator<std::_Rb_tree_node<SvcParam>>::deallocate(std::_Rb_tree_node<SvcParam>*, unsigned long) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/12.2.1/../../../../include/c++/12.2.1/bits/new_allocator.h:158:2 (pdns_server+0x33fc78) (BuildId: 384adc19a67695435bd5e89d0a77f562561f4593)
    #2 std::allocator_traits<std::allocator<std::_Rb_tree_node<SvcParam>>>::deallocate(std::allocator<std::_Rb_tree_node<SvcParam>>&, std::_Rb_tree_node<SvcParam>*, unsigned long) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/12.2.1/../../../../include/c++/12.2.1/bits/alloc_traits.h:496:13 (pdns_server+0x33fc78)
    #3 std::_Rb_tree<SvcParam, SvcParam, std::_Identity<SvcParam>, std::less<SvcParam>, std::allocator<SvcParam>>::_M_put_node(std::_Rb_tree_node<SvcParam>*) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/12.2.1/../../../../include/c++/12.2.1/bits/stl_tree.h:565:9 (pdns_server+0x33fc78)
    #4 std::_Rb_tree<SvcParam, SvcParam, std::_Identity<SvcParam>, std::less<SvcParam>, std::allocator<SvcParam>>::_M_drop_node(std::_Rb_tree_node<SvcParam>*) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/12.2.1/../../../../include/c++/12.2.1/bits/stl_tree.h:632:2 (pdns_server+0x33fc78)
    #5 std::_Rb_tree<SvcParam, SvcParam, std::_Identity<SvcParam>, std::less<SvcParam>, std::allocator<SvcParam>>::_M_erase_aux(std::_Rb_tree_const_iterator<SvcParam>) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/12.2.1/../../../../include/c++/12.2.1/bits/stl_tree.h:2495:7 (pdns_server+0x33fc78)
    #6 std::_Rb_tree<SvcParam, SvcParam, std::_Identity<SvcParam>, std::less<SvcParam>, std::allocator<SvcParam>>::erase[abi:cxx11](std::_Rb_tree_const_iterator<SvcParam>) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/12.2.1/../../../../include/c++/12.2.1/bits/stl_tree.h:1197:2 (pdns_server+0x33fc78)
    #7 std::set<SvcParam, std::less<SvcParam>, std::allocator<SvcParam>>::erase[abi:cxx11](std::_Rb_tree_const_iterator<SvcParam>) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/12.2.1/../../../../include/c++/12.2.1/bits/stl_set.h:655:21 (pdns_server+0x33fc78)
    #8 SVCBBaseRecordContent::setHints(SvcParam::SvcParamKey const&, std::vector<ComboAddress, std::allocator<ComboAddress>> const&) /work/pdns/pdns/dnsrecords.cc:768:14 (pdns_server+0x33fc78)
    #9 PacketHandler::doAdditionalProcessing(DNSPacket&, std::unique_ptr<DNSPacket, std::default_delete<DNSPacket>>&) /work/pdns/pdns/packethandler.cc:565:16 (pdns_server+0x4ed330) (BuildId: 384adc19a67695435bd5e89d0a77f562561f4593)
    #10 PacketHandler::doQuestion(DNSPacket&) /work/pdns/pdns/packethandler.cc:1794:5 (pdns_server+0x4f79b4) (BuildId: 384adc19a67695435bd5e89d0a77f562561f4593)
    #11 PacketHandler::question(DNSPacket&) /work/pdns/pdns/packethandler.cc:1175:10 (pdns_server+0x4f649a) (BuildId: 384adc19a67695435bd5e89d0a77f562561f4593)
    #12 MultiThreadDistributor<DNSPacket, DNSPacket, PacketHandler>::distribute(int) /work/pdns/pdns/./distributor.hh:220:14 (pdns_server+0x260f70) (BuildId: 384adc19a67695435bd5e89d0a77f562561f4593)
    #13 MultiThreadDistributor<DNSPacket, DNSPacket, PacketHandler>::MultiThreadDistributor(int)::'lambda'()::operator()() const /work/pdns/pdns/./distributor.hh:179:25 (pdns_server+0x260b31) (BuildId: 384adc19a67695435bd5e89d0a77f562561f4593)
    #14 void std::__invoke_impl<void, MultiThreadDistributor<DNSPacket, DNSPacket, PacketHandler>::MultiThreadDistributor(int)::'lambda'()>(std::__invoke_other, MultiThreadDistributor<DNSPacket, DNSPacket, PacketHandler>::MultiThreadDistributor(int)::'lambda'()&&) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/12.2.1/../../../../include/c++/12.2.1/bits/invoke.h:61:14 (pdns_server+0x260b31)
    #15 std::__invoke_result<MultiThreadDistributor<DNSPacket, DNSPacket, PacketHandler>::MultiThreadDistributor(int)::'lambda'()>::type std::__invoke<MultiThreadDistributor<DNSPacket, DNSPacket, PacketHandler>::MultiThreadDistributor(int)::'lambda'()>(MultiThreadDistributor<DNSPacket, DNSPacket, PacketHandler>::MultiThreadDistributor(int)::'lambda'()&&) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/12.2.1/../../../../include/c++/12.2.1/bits/invoke.h:96:14 (pdns_server+0x260b31)
    #16 void std::thread::_Invoker<std::tuple<MultiThreadDistributor<DNSPacket, DNSPacket, PacketHandler>::MultiThreadDistributor(int)::'lambda'()>>::_M_invoke<0ul>(std::_Index_tuple<0ul>) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/12.2.1/../../../../include/c++/12.2.1/bits/std_thread.h:258:13 (pdns_server+0x260b31)
    #17 std::thread::_Invoker<std::tuple<MultiThreadDistributor<DNSPacket, DNSPacket, PacketHandler>::MultiThreadDistributor(int)::'lambda'()>>::operator()() /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/12.2.1/../../../../include/c++/12.2.1/bits/std_thread.h:265:11 (pdns_server+0x260b31)
    #18 std::thread::_State_impl<std::thread::_Invoker<std::tuple<MultiThreadDistributor<DNSPacket, DNSPacket, PacketHandler>::MultiThreadDistributor(int)::'lambda'()>>>::_M_run() /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/12.2.1/../../../../include/c++/12.2.1/bits/std_thread.h:210:13 (pdns_server+0x260b31)
    #19 execute_native_thread_routine /usr/src/debug/gcc/gcc/libstdc++-v3/src/c++11/thread.cc:82:18 (libstdc++.so.6+0xd72c2) (BuildId: 6fe66a2d539a78c993bd2d377e00fad389220963)

  Previous read of size 2 at 0x7b3400010350 by thread T39:
    #0 SvcParam::getKey() const /work/pdns/pdns/./svc-records.hh:80:12 (pdns_server+0x3721f3) (BuildId: 384adc19a67695435bd5e89d0a77f562561f4593)
    #1 GenericDNSPacketWriter<std::vector<unsigned char, std::allocator<unsigned char>>>::xfrSvcParamKeyVals(std::set<SvcParam, std::less<SvcParam>, std::allocator<SvcParam>> const&) /work/pdns/pdns/dnswriter.cc:404:23 (pdns_server+0x3721f3)
    #2 void HTTPSRecordContent::xfrPacket<GenericDNSPacketWriter<std::vector<unsigned char, std::allocator<unsigned char>>>>(GenericDNSPacketWriter<std::vector<unsigned char, std::allocator<unsigned char>>>&, bool) /work/pdns/pdns/dnsrecords.cc:348:1 (pdns_server+0x3349bd) (BuildId: 384adc19a67695435bd5e89d0a77f562561f4593)
    #3 HTTPSRecordContent::toPacket(GenericDNSPacketWriter<std::vector<unsigned char, std::allocator<unsigned char>>>&) /work/pdns/pdns/dnsrecords.cc:348:1 (pdns_server+0x3349bd)
    #4 DNSRecordContent::serialize[abi:cxx11](DNSName const&, bool, bool) /work/pdns/pdns/./dnsparser.hh:215:11 (pdns_server+0x311140) (BuildId: 384adc19a67695435bd5e89d0a77f562561f4593)
    #5 DNSPacket::addRecord(DNSZoneRecord&&) /work/pdns/pdns/dnspacket.cc:177:68 (pdns_server+0x2fa894) (BuildId: 384adc19a67695435bd5e89d0a77f562561f4593)
    #6 PacketHandler::doAdditionalProcessing(DNSPacket&, std::unique_ptr<DNSPacket, std::default_delete<DNSPacket>>&) /work/pdns/pdns/packethandler.cc:542:8 (pdns_server+0x4eccf2) (BuildId: 384adc19a67695435bd5e89d0a77f562561f4593)
    #7 PacketHandler::doQuestion(DNSPacket&) /work/pdns/pdns/packethandler.cc:1794:5 (pdns_server+0x4f79b4) (BuildId: 384adc19a67695435bd5e89d0a77f562561f4593)
    #8 PacketHandler::question(DNSPacket&) /work/pdns/pdns/packethandler.cc:1175:10 (pdns_server+0x4f649a) (BuildId: 384adc19a67695435bd5e89d0a77f562561f4593)
    #9 MultiThreadDistributor<DNSPacket, DNSPacket, PacketHandler>::distribute(int) /work/pdns/pdns/./distributor.hh:220:14 (pdns_server+0x260f70) (BuildId: 384adc19a67695435bd5e89d0a77f562561f4593)
    #10 MultiThreadDistributor<DNSPacket, DNSPacket, PacketHandler>::MultiThreadDistributor(int)::'lambda'()::operator()() const /work/pdns/pdns/./distributor.hh:179:25 (pdns_server+0x260b31) (BuildId: 384adc19a67695435bd5e89d0a77f562561f4593)
    #11 void std::__invoke_impl<void, MultiThreadDistributor<DNSPacket, DNSPacket, PacketHandler>::MultiThreadDistributor(int)::'lambda'()>(std::__invoke_other, MultiThreadDistributor<DNSPacket, DNSPacket, PacketHandler>::MultiThreadDistributor(int)::'lambda'()&&) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/12.2.1/../../../../include/c++/12.2.1/bits/invoke.h:61:14 (pdns_server+0x260b31)
    #12 std::__invoke_result<MultiThreadDistributor<DNSPacket, DNSPacket, PacketHandler>::MultiThreadDistributor(int)::'lambda'()>::type std::__invoke<MultiThreadDistributor<DNSPacket, DNSPacket, PacketHandler>::MultiThreadDistributor(int)::'lambda'()>(MultiThreadDistributor<DNSPacket, DNSPacket, PacketHandler>::MultiThreadDistributor(int)::'lambda'()&&) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/12.2.1/../../../../include/c++/12.2.1/bits/invoke.h:96:14 (pdns_server+0x260b31)
    #13 void std::thread::_Invoker<std::tuple<MultiThreadDistributor<DNSPacket, DNSPacket, PacketHandler>::MultiThreadDistributor(int)::'lambda'()>>::_M_invoke<0ul>(std::_Index_tuple<0ul>) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/12.2.1/../../../../include/c++/12.2.1/bits/std_thread.h:258:13 (pdns_server+0x260b31)
    #14 std::thread::_Invoker<std::tuple<MultiThreadDistributor<DNSPacket, DNSPacket, PacketHandler>::MultiThreadDistributor(int)::'lambda'()>>::operator()() /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/12.2.1/../../../../include/c++/12.2.1/bits/std_thread.h:265:11 (pdns_server+0x260b31)
    #15 std::thread::_State_impl<std::thread::_Invoker<std::tuple<MultiThreadDistributor<DNSPacket, DNSPacket, PacketHandler>::MultiThreadDistributor(int)::'lambda'()>>>::_M_run() /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/12.2.1/../../../../include/c++/12.2.1/bits/std_thread.h:210:13 (pdns_server+0x260b31)
    #16 execute_native_thread_routine /usr/src/debug/gcc/gcc/libstdc++-v3/src/c++11/thread.cc:82:18 (libstdc++.so.6+0xd72c2) (BuildId: 6fe66a2d539a78c993bd2d377e00fad389220963)

  Thread T33 'pdns/distributo' (tid=102833, running) created by thread T17 at:
    #0 pthread_create <null> (pdns_server+0x1904e6) (BuildId: 384adc19a67695435bd5e89d0a77f562561f4593)
    #1 __gthread_create /usr/src/debug/gcc/gcc-build/x86_64-pc-linux-gnu/libstdc++-v3/include/x86_64-pc-linux-gnu/bits/gthr-default.h:663:35 (libstdc++.so.6+0xd73a9) (BuildId: 6fe66a2d539a78c993bd2d377e00fad389220963)
    #2 std::thread::_M_start_thread(std::unique_ptr<std::thread::_State, std::default_delete<std::thread::_State>>, void (*)()) /usr/src/debug/gcc/gcc/libstdc++-v3/src/c++11/thread.cc:147:37 (libstdc++.so.6+0xd73a9)
    #3 Distributor<DNSPacket, DNSPacket, PacketHandler>::Create(int) /work/pdns/pdns/./distributor.hh:134:18 (pdns_server+0x256d23) (BuildId: 384adc19a67695435bd5e89d0a77f562561f4593)
    #4 qthread(unsigned int) /work/pdns/pdns/auth-main.cc:536:25 (pdns_server+0x256d23)
    #5 void std::__invoke_impl<void, void (*)(unsigned int), unsigned int>(std::__invoke_other, void (*&&)(unsigned int), unsigned int&&) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/12.2.1/../../../../include/c++/12.2.1/bits/invoke.h:61:14 (pdns_server+0x2635f0) (BuildId: 384adc19a67695435bd5e89d0a77f562561f4593)
    #6 std::__invoke_result<void (*)(unsigned int), unsigned int>::type std::__invoke<void (*)(unsigned int), unsigned int>(void (*&&)(unsigned int), unsigned int&&) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/12.2.1/../../../../include/c++/12.2.1/bits/invoke.h:96:14 (pdns_server+0x2635f0)
    #7 void std::thread::_Invoker<std::tuple<void (*)(unsigned int), unsigned int>>::_M_invoke<0ul, 1ul>(std::_Index_tuple<0ul, 1ul>) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/12.2.1/../../../../include/c++/12.2.1/bits/std_thread.h:258:13 (pdns_server+0x2635f0)
    #8 std::thread::_Invoker<std::tuple<void (*)(unsigned int), unsigned int>>::operator()() /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/12.2.1/../../../../include/c++/12.2.1/bits/std_thread.h:265:11 (pdns_server+0x2635f0)
    #9 std::thread::_State_impl<std::thread::_Invoker<std::tuple<void (*)(unsigned int), unsigned int>>>::_M_run() /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/12.2.1/../../../../include/c++/12.2.1/bits/std_thread.h:210:13 (pdns_server+0x2635f0)
    #10 execute_native_thread_routine /usr/src/debug/gcc/gcc/libstdc++-v3/src/c++11/thread.cc:82:18 (libstdc++.so.6+0xd72c2) (BuildId: 6fe66a2d539a78c993bd2d377e00fad389220963)

  Thread T39 'pdns/distributo' (tid=102837, running) created by thread T19 at:
    #0 pthread_create <null> (pdns_server+0x1904e6) (BuildId: 384adc19a67695435bd5e89d0a77f562561f4593)
    #1 __gthread_create /usr/src/debug/gcc/gcc-build/x86_64-pc-linux-gnu/libstdc++-v3/include/x86_64-pc-linux-gnu/bits/gthr-default.h:663:35 (libstdc++.so.6+0xd73a9) (BuildId: 6fe66a2d539a78c993bd2d377e00fad389220963)
    #2 std::thread::_M_start_thread(std::unique_ptr<std::thread::_State, std::default_delete<std::thread::_State>>, void (*)()) /usr/src/debug/gcc/gcc/libstdc++-v3/src/c++11/thread.cc:147:37 (libstdc++.so.6+0xd73a9)
    #3 Distributor<DNSPacket, DNSPacket, PacketHandler>::Create(int) /work/pdns/pdns/./distributor.hh:134:18 (pdns_server+0x256d23) (BuildId: 384adc19a67695435bd5e89d0a77f562561f4593)
    #4 qthread(unsigned int) /work/pdns/pdns/auth-main.cc:536:25 (pdns_server+0x256d23)
    #5 void std::__invoke_impl<void, void (*)(unsigned int), unsigned int>(std::__invoke_other, void (*&&)(unsigned int), unsigned int&&) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/12.2.1/../../../../include/c++/12.2.1/bits/invoke.h:61:14 (pdns_server+0x2635f0) (BuildId: 384adc19a67695435bd5e89d0a77f562561f4593)
    #6 std::__invoke_result<void (*)(unsigned int), unsigned int>::type std::__invoke<void (*)(unsigned int), unsigned int>(void (*&&)(unsigned int), unsigned int&&) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/12.2.1/../../../../include/c++/12.2.1/bits/invoke.h:96:14 (pdns_server+0x2635f0)
    #7 void std::thread::_Invoker<std::tuple<void (*)(unsigned int), unsigned int>>::_M_invoke<0ul, 1ul>(std::_Index_tuple<0ul, 1ul>) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/12.2.1/../../../../include/c++/12.2.1/bits/std_thread.h:258:13 (pdns_server+0x2635f0)
    #8 std::thread::_Invoker<std::tuple<void (*)(unsigned int), unsigned int>>::operator()() /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/12.2.1/../../../../include/c++/12.2.1/bits/std_thread.h:265:11 (pdns_server+0x2635f0)
    #9 std::thread::_State_impl<std::thread::_Invoker<std::tuple<void (*)(unsigned int), unsigned int>>>::_M_run() /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/12.2.1/../../../../include/c++/12.2.1/bits/std_thread.h:210:13 (pdns_server+0x2635f0)
    #10 execute_native_thread_routine /usr/src/debug/gcc/gcc/libstdc++-v3/src/c++11/thread.cc:82:18 (libstdc++.so.6+0xd72c2) (BuildId: 6fe66a2d539a78c993bd2d377e00fad389220963)

SUMMARY: ThreadSanitizer: data race (/work/pdns-rgacogne/pdns/pdns_server+0x211b7c) (BuildId: 384adc19a67695435bd5e89d0a77f562561f4593) in operator delete(void*)
```

To prevent this issue, this commit wraps the internal `std::set` in a
mutex. In theory this will cause a performance impact, but in practice
I did not find it to be noticeable.
If we ever do, a different solution would be to duplicate the content
of the SVCB/HTTPS records before modifying them.

(cherry picked from commit 18d5647a6fcaa254632eaed334637b3e58156e49)

Merge pull request #12676 from mind04/auth47-catalog-members

auth-4.7.x: pdnsutil, implement list-member-zones

Merge pull request #12675 from mind04/auth47-lmdb-delete

auth-4.7.x backport lmdb delete fixes and tests

auth, lmdb, backport delete fixes

auth: lmdb, fix TSIG key removal

auth: pdnsutil, implement list-member-zones

Merge pull request #12616 from romeroalx/update-gh-actions-auth-to-4.7

Backport GH Actions updates from master to auth-4.7.x

build(deps): bump actions/setup-python from 2 to 4

Bumps [actions/setup-python](https://github.com/actions/setup-python) from 2 to 4.
- [Release notes](https://github.com/actions/setup-python/releases)
- [Commits](https://github.com/actions/setup-python/compare/v2...v4)

---
updated-dependencies:
- dependency-name: actions/setup-python
dependency-type: direct:production
update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

codeql workflow: set ubuntu mirror

build-and-test-all: add functionality to quickly switch ubuntu mirrors

Switch from set-output tot GITHUB_OUTPUT

Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>

build(deps): bump actions/upload-artifact from 1 to 3

Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 1 to 3.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](https://github.com/actions/upload-artifact/compare/v1...v3)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
dependency-type: direct:production
update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

build(deps): bump actions/download-artifact from 2 to 3

Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 2 to 3.
- [Release notes](https://github.com/actions/download-artifact/releases)
- [Commits](https://github.com/actions/download-artifact/compare/v2...v3)

---
updated-dependencies:
- dependency-name: actions/download-artifact
dependency-type: direct:production
update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

build(deps): bump actions/checkout from 2.3.4 to 3.1.0

Bumps [actions/checkout](https://github.com/actions/checkout) from 2.3.4 to 3.1.0.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v2.3.4...v3.1.0)

---
updated-dependencies:
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

build(deps): bump actions/cache from 2 to 3.0.11

Bumps [actions/cache](https://github.com/actions/cache) from 2 to 3.0.11.
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](https://github.com/actions/cache/compare/v2...v3.0.11)

---
updated-dependencies:
- dependency-name: actions/cache
dependency-type: direct:production
update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Avoid Microsoft repo for ODBC. Step 1: codeql allow apt downgrades

Avoid Microsoft repo for ODBC. Step 1: allow apt downgrades

removed ldap and geoip-mmdb tests from circleci

gh actions: simplified collector job in build-and-test-all.yml

gh actions: added ldap and geoip-mmdb tests

GH actions: added auth odbc{sqlitle3, mssql} tests. Removed from CircleCI

Restrict permissions for GITHUB_TOKEN in our workflows

Added using https://github.com/step-security/secure-workflows
For more information see:
- https://github.com/ossf/scorecard/blob/d8fefc9b246db3600c777e9d60d441d7c386ce1d/docs/checks.md#token-permissions
- https://github.blog/changelog/2021-04-20-github-actions-control-permissions-for-github_token/

Merge pull request #12429 from Habbie/auth47-no-leak-hostlist

auth 4.7 minicurl: stop leaking hostlist memory

Merge pull request #12521 from Habbie/auth-4.7-ixfrdist-backports

auth-4.7.x: ixfrdist fixes and improvements

ixfrdist: Make sure that our metrics are properly initialized

Before C++20 std::atomic variables are not guaranteed to be initialized,
even though it looks like compilers are actually doing the initialization
even in C++17.
Reported by Coverity as CID 1504405.

(cherry picked from commit de9fbd402dc05263e8ddb2e6ffc09b5cf01bef1e)

use counters for things that count up over time

(cherry picked from commit b0069a9b63157e05e36f3fbf788b22a1c43e65df)

ixfrdist /metrics: add CPU and memory stats, note unit for uptime

(cherry picked from commit 4be206f56769495b1090f7e39d111560b77494fc)

ixfrdist /metrics: add FD usage

(cherry picked from commit 7bba0dae6d97b248e206e7dbda3813432a77b06d)

ixfrdist: Remove unused counters, simplify prometheus types handling

(cherry picked from commit 54f93cb8542aa46a9a9669fa623f5a6d8a6a5857)

ixfrdist /metrics: add unknown domain in-query counter

(cherry picked from commit ca0831d9a14c409c631b0ee49d6fdba6b2239b6f)

ixfrdist /metrics: quote label values; suffix counters with _total; remove full totals; add promtool test

(cherry picked from commit 7c05901b1d22693a29cced84f9c3b24f5dc4a0ec)

Merge pull request #12458 from Habbie/backport-12453-to-auth-4.7.x

auth-4.7: lock.hh: include <stdexcept>

lock.hh: include <stdexcept>

(cherry picked from commit d8b4ea24dc5dbe7c53c24bfffba24bcae7f58e02)

minicurl: stop leaking hostlist memory

Merge pull request #12299 from Habbie/backport-12282-to-auth-4.7.x

auth-4.7 lmdb: make outgoing notifications work

lmdb tests: actually use lmdb config

(cherry picked from commit f7d7e059f69b1330248ecd904c215630a77f038b)

auth lmdb: make outgoing notifications work

(cherry picked from commit bbd6102241d18d8bce551b5e19d0c315368913b9)

Merge pull request #12291 from Habbie/backport-12285-to-auth-4.7.x

auth-4.7 api: do not create SOA and NS records for consumer zones

Merge pull request #12296 from Habbie/backport-12257-to-auth-4.7.x

auth 4.7 API: slightly clearer message when a backend cannot create domains

Merge pull request #12294 from Habbie/backport-12132-to-auth-4.7.x

auth-4.7: take into account default urlcheck timeout is 2 seconds for Lua records tests

auth API: slightly clearer message when a backend cannot create domains

(cherry picked from commit b53ab9d6ef126f3be04160e36cbc381e27d85e79)

This test assumes the health check timeout is 1 second, while it is 2 seconds by default.

Adapt tests to take that into account, which resolves the occasional failure as tested locally.

(cherry picked from commit 2abc153929e22c4abad73f1eba9395e00f18febd)

auth: api, add create/delete consumer zone test

(cherry picked from commit 2f27a15fb72cdbef5c4f5af8f0d089722ee2253a)

auth: api, do not create SOA and NS records for consumer zones

(cherry picked from commit 1f1674ed5ed14af10a6ce38b9956ffdbef6fcee8)

Merge pull request #12273 from Habbie/backport-12087-to-auth-4.7.x

auth-4.7 API: fix newly created zone not rectified

Merge pull request #12272 from Habbie/backport-12269-to-auth-4.7.x

auth 4.7: fix invalid catalog zone sql query for gpgsqlbackend

API: Auth: honor rectify settings on create zone

(cherry picked from commit 168a76b38bf99c7661e72914c1e634e7fa9d0d0f)

API: Auth: updateDomainSettingsFromDocument: remove always disabled argument

(cherry picked from commit 002de4d7711955188c68726cc9584988b0c89a31)

API: tests: have sdig helper return sdig output

(cherry picked from commit 68fe406a32ec14c8dfc197f3aa60681aa8d7905f)

auth: fix invalid catalog zone sql query for gpgsqlbackend

(cherry picked from commit 5982663f592ece56441ba135ef3003efb2e1ffbe)

Merge pull request #12266 from Habbie/backport-12264-to-auth-4.7.x

auth 4.7 lmdb: implement alsoNotifies

auth lmdb: implement alsoNotifies, fixes #12256

(cherry picked from commit b0e178a7fae71dca241f08b4faa861130a150a76)

Merge pull request #12181 from Habbie/backport-12157-to-auth-4.7.x

auth-4.7.x: fix pdns_control list-zones

auth: fix pdns_control list-zones

(cherry picked from commit 0928e129fbd21c17a2f2e6e6066a58dad8102943)

Merge pull request #12143 from Habbie/backport-12130-to-auth-4.7.x

auth-4.7.x: fix xfr refresh check

Use > for frehsness test, to be consistent with the lmdb backend

(cherry picked from commit 76b236133aa2f3cb7d3fe43d755e73927a45b61a)

Remove (now) unneeded debug prints

(cherry picked from commit 204e3669b25b57b251f06aa1da12691ecff81227)

Fix freshness check for finding unfresh clients

(cherry picked from commit 496d8ebe583acd33ea5acb9538a2e3cd15a0c6d3)

Merge pull request #12124 from mind04/bp-pdns-no-reset

auth-4.7.x: catalog zones, avoid bulk zone reset while migrating to a catalog and fix a bug

auth: catalog zone, stop wasting options update queries

auth: catalog zones, avoid bulk zone reset while migrating to a catalog

Merge pull request #12110 from Habbie/backport-12109-to-auth-4.7.x

auth-4.7: include auth 4.7 schema upgrade files in tarballs and packages

include auth 4.7 schema upgrade files in tarballs and packages

(cherry picked from commit 20ad642888a52d9b0633f0143cd00b7af688f5d1)

Merge pull request #12098 from mind04/auth-4.7.x-axfr

auth-4.7: fix axfr for tinydns and pipe backend

auth: fix axfr for tinydns and pipe backend

Merge pull request #12085 from mind04/auth-4.7.x-metadata

auth-4.7.x: pdnsutil check-zone, skip metadata check for backends without g…

auth: pdnsutil check-zone, skip metadata check for backends without getAllDomainMetadata()

Merge pull request #12069 from Habbie/backport-12046-to-auth-4.7.x

auth-4.7: Fix compilation of the event ports multiplexer

Fix compilation of the event ports multiplexer

Thanks to Jonathan Perkin for the patch!

(cherry picked from commit 7ea87a63ab48e938bdb8b73ebfde1ac6bc71704f)

Merge pull request #12043 from Habbie/backport-11954-to-auth-4.7.x

auth 4.7 AXFR server: abort on chunk with TC set

auth AXFR server: abort on chunk with TC set

(cherry picked from commit 1f07a63f72cd410250b1208c56bda1d33f7d636e)

Merge pull request #12042 from Habbie/backport-11983-to-auth-4.7.x

auth-4.7.x: add keyroller

Merge pull request #12040 from mind04/auth-4.7.x-edit-zone

auth-4.7.x: pdnsutil edit-zone, detect capitalization changes in LUA, TXT a…

Update pdns/keyroller/pdnsapi/api.py

Co-authored-by: Peter van Dijk <peter.van.dijk@powerdns.com>
(cherry picked from commit b959c1638a30625ea85be859bb50381645cedc7d)

keyroller first import

(cherry picked from commit 30150eab3853a999d99f498129c86f23fd548045)

auth: pdnsutil edit-zone, detect capitalization changes in LUA, TXT and SPF records

Merge pull request #12030 from Habbie/backport-11953-to-auth-4.7.x

auth-4.7: axfr-retriever: abort on chunk with TC set