auth mssql CI: switch to 2022-CU12 image

https://github.com/actions/runner-images/releases/tag/ubuntu22%2F20240915.1 broke mssql.

https://github.com/microsoft/mssql-docker/issues/868 fits the kernel upgrade.

this commit switches from 2017-GA to 2022-CU12, which unbreaks the build

(cherry picked from commit 0b805ddebc3e14f78effa44ebf06377c593276ed)

Merge pull request #14422 from Habbie/backport-14403-to-auth-4.7.x

auth-4.7: switch el7 builds to Oracle Linux 7

use devtoolset-8

build el-7, not centos-7

switch el7 builds to Oracle Linux 7

(cherry picked from commit 73a1b98f92c671c590540ac19d74d70499f89066)
(cherry picked from commit 87e2e08b41de7453f144721ed232219052205651)

Merge pull request #14424 from Habbie/backport-14405-to-auth-4.7.x

auth-4.7: dns.cc: use pdns::views::UnsignedCharView

dns.cc: use pdns::views::UnsignedCharView

Includes minor cleanup and additions to make UnsignedCharView usable for this use case.
Supersedes #14356
Fixes
/usr/include/c++/v1/__fwd/string_view.h:22:41: warning: 'char_traits<unsigned char>' is deprecated: char_traits<T> for T not equal to char, wchar_t, char8_t, char16_t or char32_t is non-standard and is provided for a temporary period. It will be removed in LLVM 19, so please migrate off of it. [-Wdeprecated-declarations]

(cherry picked from commit 949ea9456dbe76e78aeff5f6f37f218549d1b493)
(cherry picked from commit c3a5649044ae49bdf0f0271744d76b948efcffc5)

import views.hh from master

(cherry picked from commit 99bf661661e46c6ca4ee71b955fb00f5b9baa130)

Merge pull request #14315 from romeroalx/backport-14241-to-auth-4.7.x

auth-4.7.x: Backport removal of centos-8 and centos-8-stream as build targets

remove centos-8 and centos-8-stream as build targets

Merge pull request #14291 from romeroalx/backport-14171-to-auth-4.7.x-2

auth-4.7.x: backport of #14171 for fixing the build of images on new tags

gh actions: add WF for building and pushing images when a new tag is created

gh actions: add WF for building and pushing images manually

gh actions: modify docker.yml for building and pushing images daily (master)

gh actions: add WF for building and pushing multi-platform images on workflow_call events

Merge pull request #14212 from romeroalx/backport-14171-to-auth-4.7.x

auth-4.7.x: Partial backport of #14171 for fixing the build of arm64 images

Adding liblua5.3-dev/libluajit-5.1-dev to dockerfiles

Merge pull request #14154 from romeroalx/backport-14044-to-auth-4.7.x

auth: Backport 14044 to auth-4.7.x: gh actions - replace yq snap in collect job build-and-test-all

gh actions - build-and-test-all: use a ubuntu-22 runner for job collect

gh actions - replace yq snap in collect job build-and-test-all

Merge pull request #13568 from romeroalx/rel/auth-4.7.x-wc

GH Actions - rel/auth-4.7.x: make `build-and-test-all` and `builder` workflows reusable from other branches

make builder workflow reusable

make build-and-test-all reusable

Use actions/cache@v3

Use actions/checkout@v3

test ubuntu jammy build target

builder: drop ubuntu kinetic, it is EOL

Switch from deprecated ::set-output

https://github.blog/changelog/2022-10-11-github-actions-deprecating-save-state-and-set-output-commands/

Merge pull request #13333 from Habbie/backport-12961-to-auth-4.7.x

auth-4.7: Work around Red Hat 8 pooping the bed in OpenSSL's headers

Merge pull request #13334 from Habbie/backport-13005-to-auth-4.7.x

auth-4.7: Fix incorrect optsize

Work around Red Hat 8 pooping the bed in OpenSSL's headers

The openssl/kdf.h header on EL8 is invalid because someone backported
a work-in-progress feature to an older OpenSSL branch and did not
bother to backport the fixes that were added later.

Red Hat declined to fix their mess and helpfully suggested we do the
work instead in https://bugzilla.redhat.com/show_bug.cgi?id=2215856

(cherry picked from commit 3dabf2d4a1a478fb00a232259e8043f075eb4d03)

Fix incorrect optsize

(cherry picked from commit ca250bdad16b9ac6a2789541be88bf17a653262b)

Merge pull request #13337 from Habbie/backport-12562-to-auth-4.7.x

auth-4.7: fix github actions grub issue

Update FIXME comment in build-scripts/gh-actions-setup-inv

Co-authored-by: Remi Gacogne <github@coredump.fr>
(cherry picked from commit 03db3c76cf5b8fdf6df24180e8e5cf64f706e14d)

workaround for grub error raised after apt-get dist-upgrade

(cherry picked from commit 735582e64f176c9fbca3c3fc20c162f6c94ae8cd)

Merge pull request #13273 from Habbie/backport-13194-to-auth-4.7.x

auth-4.7.x: switch from `docker-compose` to `docker compose` and stop installing docker-compose because that uninstalls runc

switch from `docker-compose` to `docker compose` and
stop installing docker-compose because that uninstalls runc

(cherry picked from commit 5bb9f0fcd0c63a8ea31bc150e29b47b301009696)

Merge pull request #13272 from Habbie/backport-13245-to-auth-4.7.x

auth-4.7.x: smysql: stop explicity setting MYSQL_OPT_RECONNECT to 0

smysql: stop explicity setting MYSQL_OPT_RECONNECT to 0

Setting this option, even to 0, causes spurious warnings to the console
with recent libmysqlclient versions. The upstream bug
( https://bugs.mysql.com/bug.php?id=112089 )
has now been open for a month, so we're implementing a workaround.

0 was the default since at least MySQL 5.7, perhaps longer.

closes #13242

(cherry picked from commit f1cbc20b72ab95531f0a84bab40ac6ea1610241f)

Merge pull request #12745 from mind04/auth47-loop

auth-4.7.x: calm down the communicator loop

Merge pull request #12746 from mind04/auth47-nsec-at-delegation

auth-4.7.x: Pick the right signer name when a NSEC name is also a delegation point

Merge pull request #12743 from Habbie/backport-12125-to-auth-4.7.x

auth-4.7.x: timeout handling for IXFRs as a client

Merge pull request #12744 from Habbie/backport-12127-to-auth-4.7.x

auth-4.7.x: Fix multiple-version IXFR request handling in ixfrdist

add ordername testing

Merge pull request #12742 from Habbie/backport-12260-to-auth-4.7.x

auth-4.7.x: Properly encode json string containing binary data

Merge pull request #12741 from Habbie/backport-12659-to-auth-4.7.x

auth-4.7.x: Prevent a race during the processing of SVC auto-hints

make getCommonLabels() root aware

auth: add nsec at delegation point test

auth: fix nsec at delegation point

auth: calm down the communicator loop

Add ixfrdist tests for multi-version IXFR

(cherry picked from commit de934ccdeb9b347e1c70901db4157b6b064a33bd)

Fix generation of multiple-version updates

See https://github.com/PowerDNS/pdns/issues/6880#issuecomment-420980817

(cherry picked from commit f821ff19dcd4ad1bb4e88d40913e40201d81c118)

Better wording in comment

Co-authored-by: Peter van Dijk <peter.van.dijk@powerdns.com>
(cherry picked from commit 240460d77be35a6a1c1e6fa22364efe19dc3ee84)

Timout handling for ixfrs as a client.

One complicating factor is that this is shared code, but auth and
rec do not agree on the definiton of the timeout value: auth states
it is a maximum idle time, while rec state it is the total xfr time.
While both apporaches make sense and in the end we would like to
enforce both, we now go for a more simple solution that respects
auth or rec behaviour based on a flag.

(cherry picked from commit fee334ae0f5083d47f9adc207d5a1a6d36ebc2ac)

Properly encode json string containing binary data

The existing code assumes the strings are alreayd valid UTF8 and contain potential out-of-bound accesses.

Also urlEncode path in log lines, as it trips pytest.xml:

Running tests...

$ 'pytest' '--junitxml=pytest.xml' '-v'
==STDOUT===

==STDERRR===
  File "/home/otto/pdns/regression-tests.api/runtests.py", line 304, in <module>
    print(serverproc.stderr.read())
  File "/usr/lib/python3.9/codecs.py", line 322, in decode
    (result, consumed) = self._buffer_decode(data, self.errors, final)
UnicodeDecodeError: 'utf-8' codec can't decode byte 0xeb in position 4304: invalid continuation byte

There might be more places where this is needed.

(cherry picked from commit 1478a2c8713535e4cbd1943e2526e3527d58a19b)

auth: Prevent a race during the processing of SVC auto-hints

When `svc-autohints` is enabled, the content of SVCB and HTTPS records
is modified in `PacketHandler::doAdditionalProcessing()` to expand
the IPv4 and IPv6 with their actual values.
This causes an issue because the content of these records might be
shared between threads, via the record cache, and one thread could
be trying to read from the internal `std::set` while a second thread
is altering it, leading to a data race and possibly to memory corruption
and a crash.
This is correctly detected by TSAN:
```
WARNING: ThreadSanitizer: data race (pid=102795)
  Write of size 8 at 0x7b3400010350 by thread T33:
    #0 operator delete(void*) <null> (pdns_server+0x211b7c) (BuildId: 384adc19a67695435bd5e89d0a77f562561f4593)
    #1 std::__new_allocator<std::_Rb_tree_node<SvcParam>>::deallocate(std::_Rb_tree_node<SvcParam>*, unsigned long) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/12.2.1/../../../../include/c++/12.2.1/bits/new_allocator.h:158:2 (pdns_server+0x33fc78) (BuildId: 384adc19a67695435bd5e89d0a77f562561f4593)
    #2 std::allocator_traits<std::allocator<std::_Rb_tree_node<SvcParam>>>::deallocate(std::allocator<std::_Rb_tree_node<SvcParam>>&, std::_Rb_tree_node<SvcParam>*, unsigned long) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/12.2.1/../../../../include/c++/12.2.1/bits/alloc_traits.h:496:13 (pdns_server+0x33fc78)
    #3 std::_Rb_tree<SvcParam, SvcParam, std::_Identity<SvcParam>, std::less<SvcParam>, std::allocator<SvcParam>>::_M_put_node(std::_Rb_tree_node<SvcParam>*) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/12.2.1/../../../../include/c++/12.2.1/bits/stl_tree.h:565:9 (pdns_server+0x33fc78)
    #4 std::_Rb_tree<SvcParam, SvcParam, std::_Identity<SvcParam>, std::less<SvcParam>, std::allocator<SvcParam>>::_M_drop_node(std::_Rb_tree_node<SvcParam>*) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/12.2.1/../../../../include/c++/12.2.1/bits/stl_tree.h:632:2 (pdns_server+0x33fc78)
    #5 std::_Rb_tree<SvcParam, SvcParam, std::_Identity<SvcParam>, std::less<SvcParam>, std::allocator<SvcParam>>::_M_erase_aux(std::_Rb_tree_const_iterator<SvcParam>) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/12.2.1/../../../../include/c++/12.2.1/bits/stl_tree.h:2495:7 (pdns_server+0x33fc78)
    #6 std::_Rb_tree<SvcParam, SvcParam, std::_Identity<SvcParam>, std::less<SvcParam>, std::allocator<SvcParam>>::erase[abi:cxx11](std::_Rb_tree_const_iterator<SvcParam>) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/12.2.1/../../../../include/c++/12.2.1/bits/stl_tree.h:1197:2 (pdns_server+0x33fc78)
    #7 std::set<SvcParam, std::less<SvcParam>, std::allocator<SvcParam>>::erase[abi:cxx11](std::_Rb_tree_const_iterator<SvcParam>) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/12.2.1/../../../../include/c++/12.2.1/bits/stl_set.h:655:21 (pdns_server+0x33fc78)
    #8 SVCBBaseRecordContent::setHints(SvcParam::SvcParamKey const&, std::vector<ComboAddress, std::allocator<ComboAddress>> const&) /work/pdns/pdns/dnsrecords.cc:768:14 (pdns_server+0x33fc78)
    #9 PacketHandler::doAdditionalProcessing(DNSPacket&, std::unique_ptr<DNSPacket, std::default_delete<DNSPacket>>&) /work/pdns/pdns/packethandler.cc:565:16 (pdns_server+0x4ed330) (BuildId: 384adc19a67695435bd5e89d0a77f562561f4593)
    #10 PacketHandler::doQuestion(DNSPacket&) /work/pdns/pdns/packethandler.cc:1794:5 (pdns_server+0x4f79b4) (BuildId: 384adc19a67695435bd5e89d0a77f562561f4593)
    #11 PacketHandler::question(DNSPacket&) /work/pdns/pdns/packethandler.cc:1175:10 (pdns_server+0x4f649a) (BuildId: 384adc19a67695435bd5e89d0a77f562561f4593)
    #12 MultiThreadDistributor<DNSPacket, DNSPacket, PacketHandler>::distribute(int) /work/pdns/pdns/./distributor.hh:220:14 (pdns_server+0x260f70) (BuildId: 384adc19a67695435bd5e89d0a77f562561f4593)
    #13 MultiThreadDistributor<DNSPacket, DNSPacket, PacketHandler>::MultiThreadDistributor(int)::'lambda'()::operator()() const /work/pdns/pdns/./distributor.hh:179:25 (pdns_server+0x260b31) (BuildId: 384adc19a67695435bd5e89d0a77f562561f4593)
    #14 void std::__invoke_impl<void, MultiThreadDistributor<DNSPacket, DNSPacket, PacketHandler>::MultiThreadDistributor(int)::'lambda'()>(std::__invoke_other, MultiThreadDistributor<DNSPacket, DNSPacket, PacketHandler>::MultiThreadDistributor(int)::'lambda'()&&) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/12.2.1/../../../../include/c++/12.2.1/bits/invoke.h:61:14 (pdns_server+0x260b31)
    #15 std::__invoke_result<MultiThreadDistributor<DNSPacket, DNSPacket, PacketHandler>::MultiThreadDistributor(int)::'lambda'()>::type std::__invoke<MultiThreadDistributor<DNSPacket, DNSPacket, PacketHandler>::MultiThreadDistributor(int)::'lambda'()>(MultiThreadDistributor<DNSPacket, DNSPacket, PacketHandler>::MultiThreadDistributor(int)::'lambda'()&&) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/12.2.1/../../../../include/c++/12.2.1/bits/invoke.h:96:14 (pdns_server+0x260b31)
    #16 void std::thread::_Invoker<std::tuple<MultiThreadDistributor<DNSPacket, DNSPacket, PacketHandler>::MultiThreadDistributor(int)::'lambda'()>>::_M_invoke<0ul>(std::_Index_tuple<0ul>) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/12.2.1/../../../../include/c++/12.2.1/bits/std_thread.h:258:13 (pdns_server+0x260b31)
    #17 std::thread::_Invoker<std::tuple<MultiThreadDistributor<DNSPacket, DNSPacket, PacketHandler>::MultiThreadDistributor(int)::'lambda'()>>::operator()() /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/12.2.1/../../../../include/c++/12.2.1/bits/std_thread.h:265:11 (pdns_server+0x260b31)
    #18 std::thread::_State_impl<std::thread::_Invoker<std::tuple<MultiThreadDistributor<DNSPacket, DNSPacket, PacketHandler>::MultiThreadDistributor(int)::'lambda'()>>>::_M_run() /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/12.2.1/../../../../include/c++/12.2.1/bits/std_thread.h:210:13 (pdns_server+0x260b31)
    #19 execute_native_thread_routine /usr/src/debug/gcc/gcc/libstdc++-v3/src/c++11/thread.cc:82:18 (libstdc++.so.6+0xd72c2) (BuildId: 6fe66a2d539a78c993bd2d377e00fad389220963)

  Previous read of size 2 at 0x7b3400010350 by thread T39:
    #0 SvcParam::getKey() const /work/pdns/pdns/./svc-records.hh:80:12 (pdns_server+0x3721f3) (BuildId: 384adc19a67695435bd5e89d0a77f562561f4593)
    #1 GenericDNSPacketWriter<std::vector<unsigned char, std::allocator<unsigned char>>>::xfrSvcParamKeyVals(std::set<SvcParam, std::less<SvcParam>, std::allocator<SvcParam>> const&) /work/pdns/pdns/dnswriter.cc:404:23 (pdns_server+0x3721f3)
    #2 void HTTPSRecordContent::xfrPacket<GenericDNSPacketWriter<std::vector<unsigned char, std::allocator<unsigned char>>>>(GenericDNSPacketWriter<std::vector<unsigned char, std::allocator<unsigned char>>>&, bool) /work/pdns/pdns/dnsrecords.cc:348:1 (pdns_server+0x3349bd) (BuildId: 384adc19a67695435bd5e89d0a77f562561f4593)
    #3 HTTPSRecordContent::toPacket(GenericDNSPacketWriter<std::vector<unsigned char, std::allocator<unsigned char>>>&) /work/pdns/pdns/dnsrecords.cc:348:1 (pdns_server+0x3349bd)
    #4 DNSRecordContent::serialize[abi:cxx11](DNSName const&, bool, bool) /work/pdns/pdns/./dnsparser.hh:215:11 (pdns_server+0x311140) (BuildId: 384adc19a67695435bd5e89d0a77f562561f4593)
    #5 DNSPacket::addRecord(DNSZoneRecord&&) /work/pdns/pdns/dnspacket.cc:177:68 (pdns_server+0x2fa894) (BuildId: 384adc19a67695435bd5e89d0a77f562561f4593)
    #6 PacketHandler::doAdditionalProcessing(DNSPacket&, std::unique_ptr<DNSPacket, std::default_delete<DNSPacket>>&) /work/pdns/pdns/packethandler.cc:542:8 (pdns_server+0x4eccf2) (BuildId: 384adc19a67695435bd5e89d0a77f562561f4593)
    #7 PacketHandler::doQuestion(DNSPacket&) /work/pdns/pdns/packethandler.cc:1794:5 (pdns_server+0x4f79b4) (BuildId: 384adc19a67695435bd5e89d0a77f562561f4593)
    #8 PacketHandler::question(DNSPacket&) /work/pdns/pdns/packethandler.cc:1175:10 (pdns_server+0x4f649a) (BuildId: 384adc19a67695435bd5e89d0a77f562561f4593)
    #9 MultiThreadDistributor<DNSPacket, DNSPacket, PacketHandler>::distribute(int) /work/pdns/pdns/./distributor.hh:220:14 (pdns_server+0x260f70) (BuildId: 384adc19a67695435bd5e89d0a77f562561f4593)
    #10 MultiThreadDistributor<DNSPacket, DNSPacket, PacketHandler>::MultiThreadDistributor(int)::'lambda'()::operator()() const /work/pdns/pdns/./distributor.hh:179:25 (pdns_server+0x260b31) (BuildId: 384adc19a67695435bd5e89d0a77f562561f4593)
    #11 void std::__invoke_impl<void, MultiThreadDistributor<DNSPacket, DNSPacket, PacketHandler>::MultiThreadDistributor(int)::'lambda'()>(std::__invoke_other, MultiThreadDistributor<DNSPacket, DNSPacket, PacketHandler>::MultiThreadDistributor(int)::'lambda'()&&) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/12.2.1/../../../../include/c++/12.2.1/bits/invoke.h:61:14 (pdns_server+0x260b31)
    #12 std::__invoke_result<MultiThreadDistributor<DNSPacket, DNSPacket, PacketHandler>::MultiThreadDistributor(int)::'lambda'()>::type std::__invoke<MultiThreadDistributor<DNSPacket, DNSPacket, PacketHandler>::MultiThreadDistributor(int)::'lambda'()>(MultiThreadDistributor<DNSPacket, DNSPacket, PacketHandler>::MultiThreadDistributor(int)::'lambda'()&&) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/12.2.1/../../../../include/c++/12.2.1/bits/invoke.h:96:14 (pdns_server+0x260b31)
    #13 void std::thread::_Invoker<std::tuple<MultiThreadDistributor<DNSPacket, DNSPacket, PacketHandler>::MultiThreadDistributor(int)::'lambda'()>>::_M_invoke<0ul>(std::_Index_tuple<0ul>) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/12.2.1/../../../../include/c++/12.2.1/bits/std_thread.h:258:13 (pdns_server+0x260b31)
    #14 std::thread::_Invoker<std::tuple<MultiThreadDistributor<DNSPacket, DNSPacket, PacketHandler>::MultiThreadDistributor(int)::'lambda'()>>::operator()() /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/12.2.1/../../../../include/c++/12.2.1/bits/std_thread.h:265:11 (pdns_server+0x260b31)
    #15 std::thread::_State_impl<std::thread::_Invoker<std::tuple<MultiThreadDistributor<DNSPacket, DNSPacket, PacketHandler>::MultiThreadDistributor(int)::'lambda'()>>>::_M_run() /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/12.2.1/../../../../include/c++/12.2.1/bits/std_thread.h:210:13 (pdns_server+0x260b31)
    #16 execute_native_thread_routine /usr/src/debug/gcc/gcc/libstdc++-v3/src/c++11/thread.cc:82:18 (libstdc++.so.6+0xd72c2) (BuildId: 6fe66a2d539a78c993bd2d377e00fad389220963)

  Thread T33 'pdns/distributo' (tid=102833, running) created by thread T17 at:
    #0 pthread_create <null> (pdns_server+0x1904e6) (BuildId: 384adc19a67695435bd5e89d0a77f562561f4593)
    #1 __gthread_create /usr/src/debug/gcc/gcc-build/x86_64-pc-linux-gnu/libstdc++-v3/include/x86_64-pc-linux-gnu/bits/gthr-default.h:663:35 (libstdc++.so.6+0xd73a9) (BuildId: 6fe66a2d539a78c993bd2d377e00fad389220963)
    #2 std::thread::_M_start_thread(std::unique_ptr<std::thread::_State, std::default_delete<std::thread::_State>>, void (*)()) /usr/src/debug/gcc/gcc/libstdc++-v3/src/c++11/thread.cc:147:37 (libstdc++.so.6+0xd73a9)
    #3 Distributor<DNSPacket, DNSPacket, PacketHandler>::Create(int) /work/pdns/pdns/./distributor.hh:134:18 (pdns_server+0x256d23) (BuildId: 384adc19a67695435bd5e89d0a77f562561f4593)
    #4 qthread(unsigned int) /work/pdns/pdns/auth-main.cc:536:25 (pdns_server+0x256d23)
    #5 void std::__invoke_impl<void, void (*)(unsigned int), unsigned int>(std::__invoke_other, void (*&&)(unsigned int), unsigned int&&) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/12.2.1/../../../../include/c++/12.2.1/bits/invoke.h:61:14 (pdns_server+0x2635f0) (BuildId: 384adc19a67695435bd5e89d0a77f562561f4593)
    #6 std::__invoke_result<void (*)(unsigned int), unsigned int>::type std::__invoke<void (*)(unsigned int), unsigned int>(void (*&&)(unsigned int), unsigned int&&) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/12.2.1/../../../../include/c++/12.2.1/bits/invoke.h:96:14 (pdns_server+0x2635f0)
    #7 void std::thread::_Invoker<std::tuple<void (*)(unsigned int), unsigned int>>::_M_invoke<0ul, 1ul>(std::_Index_tuple<0ul, 1ul>) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/12.2.1/../../../../include/c++/12.2.1/bits/std_thread.h:258:13 (pdns_server+0x2635f0)
    #8 std::thread::_Invoker<std::tuple<void (*)(unsigned int), unsigned int>>::operator()() /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/12.2.1/../../../../include/c++/12.2.1/bits/std_thread.h:265:11 (pdns_server+0x2635f0)
    #9 std::thread::_State_impl<std::thread::_Invoker<std::tuple<void (*)(unsigned int), unsigned int>>>::_M_run() /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/12.2.1/../../../../include/c++/12.2.1/bits/std_thread.h:210:13 (pdns_server+0x2635f0)
    #10 execute_native_thread_routine /usr/src/debug/gcc/gcc/libstdc++-v3/src/c++11/thread.cc:82:18 (libstdc++.so.6+0xd72c2) (BuildId: 6fe66a2d539a78c993bd2d377e00fad389220963)

  Thread T39 'pdns/distributo' (tid=102837, running) created by thread T19 at:
    #0 pthread_create <null> (pdns_server+0x1904e6) (BuildId: 384adc19a67695435bd5e89d0a77f562561f4593)
    #1 __gthread_create /usr/src/debug/gcc/gcc-build/x86_64-pc-linux-gnu/libstdc++-v3/include/x86_64-pc-linux-gnu/bits/gthr-default.h:663:35 (libstdc++.so.6+0xd73a9) (BuildId: 6fe66a2d539a78c993bd2d377e00fad389220963)
    #2 std::thread::_M_start_thread(std::unique_ptr<std::thread::_State, std::default_delete<std::thread::_State>>, void (*)()) /usr/src/debug/gcc/gcc/libstdc++-v3/src/c++11/thread.cc:147:37 (libstdc++.so.6+0xd73a9)
    #3 Distributor<DNSPacket, DNSPacket, PacketHandler>::Create(int) /work/pdns/pdns/./distributor.hh:134:18 (pdns_server+0x256d23) (BuildId: 384adc19a67695435bd5e89d0a77f562561f4593)
    #4 qthread(unsigned int) /work/pdns/pdns/auth-main.cc:536:25 (pdns_server+0x256d23)
    #5 void std::__invoke_impl<void, void (*)(unsigned int), unsigned int>(std::__invoke_other, void (*&&)(unsigned int), unsigned int&&) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/12.2.1/../../../../include/c++/12.2.1/bits/invoke.h:61:14 (pdns_server+0x2635f0) (BuildId: 384adc19a67695435bd5e89d0a77f562561f4593)
    #6 std::__invoke_result<void (*)(unsigned int), unsigned int>::type std::__invoke<void (*)(unsigned int), unsigned int>(void (*&&)(unsigned int), unsigned int&&) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/12.2.1/../../../../include/c++/12.2.1/bits/invoke.h:96:14 (pdns_server+0x2635f0)
    #7 void std::thread::_Invoker<std::tuple<void (*)(unsigned int), unsigned int>>::_M_invoke<0ul, 1ul>(std::_Index_tuple<0ul, 1ul>) /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/12.2.1/../../../../include/c++/12.2.1/bits/std_thread.h:258:13 (pdns_server+0x2635f0)
    #8 std::thread::_Invoker<std::tuple<void (*)(unsigned int), unsigned int>>::operator()() /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/12.2.1/../../../../include/c++/12.2.1/bits/std_thread.h:265:11 (pdns_server+0x2635f0)
    #9 std::thread::_State_impl<std::thread::_Invoker<std::tuple<void (*)(unsigned int), unsigned int>>>::_M_run() /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/12.2.1/../../../../include/c++/12.2.1/bits/std_thread.h:210:13 (pdns_server+0x2635f0)
    #10 execute_native_thread_routine /usr/src/debug/gcc/gcc/libstdc++-v3/src/c++11/thread.cc:82:18 (libstdc++.so.6+0xd72c2) (BuildId: 6fe66a2d539a78c993bd2d377e00fad389220963)

SUMMARY: ThreadSanitizer: data race (/work/pdns-rgacogne/pdns/pdns_server+0x211b7c) (BuildId: 384adc19a67695435bd5e89d0a77f562561f4593) in operator delete(void*)
```

To prevent this issue, this commit wraps the internal `std::set` in a
mutex. In theory this will cause a performance impact, but in practice
I did not find it to be noticeable.
If we ever do, a different solution would be to duplicate the content
of the SVCB/HTTPS records before modifying them.

(cherry picked from commit 18d5647a6fcaa254632eaed334637b3e58156e49)

Merge pull request #12676 from mind04/auth47-catalog-members

auth-4.7.x: pdnsutil, implement list-member-zones

Merge pull request #12675 from mind04/auth47-lmdb-delete

auth-4.7.x backport lmdb delete fixes and tests

auth, lmdb, backport delete fixes

auth: lmdb, fix TSIG key removal

update completions

auth: pdnsutil, implement list-member-zones

Merge pull request #12616 from romeroalx/update-gh-actions-auth-to-4.7

Backport GH Actions updates from master to auth-4.7.x

build(deps): bump actions/setup-python from 2 to 4

Bumps [actions/setup-python](https://github.com/actions/setup-python) from 2 to 4.
- [Release notes](https://github.com/actions/setup-python/releases)
- [Commits](https://github.com/actions/setup-python/compare/v2...v4)

---
updated-dependencies:
- dependency-name: actions/setup-python
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

codeql workflow: set ubuntu mirror

build-and-test-all: add functionality to quickly switch ubuntu mirrors

Switch from set-output tot GITHUB_OUTPUT

Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>

build(deps): bump actions/upload-artifact from 1 to 3

Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 1 to 3.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](https://github.com/actions/upload-artifact/compare/v1...v3)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

build(deps): bump actions/download-artifact from 2 to 3

Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 2 to 3.
- [Release notes](https://github.com/actions/download-artifact/releases)
- [Commits](https://github.com/actions/download-artifact/compare/v2...v3)

---
updated-dependencies:
- dependency-name: actions/download-artifact
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

build(deps): bump actions/checkout from 2.3.4 to 3.1.0

Bumps [actions/checkout](https://github.com/actions/checkout) from 2.3.4 to 3.1.0.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v2.3.4...v3.1.0)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

build(deps): bump actions/cache from 2 to 3.0.11

Bumps [actions/cache](https://github.com/actions/cache) from 2 to 3.0.11.
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](https://github.com/actions/cache/compare/v2...v3.0.11)

---
updated-dependencies:
- dependency-name: actions/cache
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Avoid Microsoft repo for ODBC. Step 1: codeql allow apt downgrades

Avoid Microsoft repo for ODBC. Step 1: allow apt downgrades

removed ldap and geoip-mmdb tests from circleci

gh actions: simplified collector job in build-and-test-all.yml

gh actions: added ldap and geoip-mmdb tests

GH actions: added auth odbc{sqlitle3, mssql} tests. Removed from CircleCI

Restrict permissions for GITHUB_TOKEN in our workflows

Added using https://github.com/step-security/secure-workflows
For more information see:
- https://github.com/ossf/scorecard/blob/d8fefc9b246db3600c777e9d60d441d7c386ce1d/docs/checks.md#token-permissions
- https://github.blog/changelog/2021-04-20-github-actions-control-permissions-for-github_token/

Merge pull request #12429 from Habbie/auth47-no-leak-hostlist

auth 4.7 minicurl: stop leaking hostlist memory

Merge pull request #12521 from Habbie/auth-4.7-ixfrdist-backports

auth-4.7.x: ixfrdist fixes and improvements

ixfrdist: Make sure that our metrics are properly initialized

Before C++20 std::atomic variables are not guaranteed to be initialized,
even though it looks like compilers are actually doing the initialization
even in C++17.
Reported by Coverity as CID 1504405.

(cherry picked from commit de9fbd402dc05263e8ddb2e6ffc09b5cf01bef1e)

use counters for things that count up over time

(cherry picked from commit b0069a9b63157e05e36f3fbf788b22a1c43e65df)

ixfrdist /metrics: add CPU and memory stats, note unit for uptime

(cherry picked from commit 4be206f56769495b1090f7e39d111560b77494fc)

ixfrdist /metrics: add FD usage

(cherry picked from commit 7bba0dae6d97b248e206e7dbda3813432a77b06d)

ixfrdist: Remove unused counters, simplify prometheus types handling

(cherry picked from commit 54f93cb8542aa46a9a9669fa623f5a6d8a6a5857)

ixfrdist /metrics: add unknown domain in-query counter

(cherry picked from commit ca0831d9a14c409c631b0ee49d6fdba6b2239b6f)

ixfrdist /metrics: quote label values; suffix counters with _total; remove full totals; add promtool test

(cherry picked from commit 7c05901b1d22693a29cced84f9c3b24f5dc4a0ec)

Merge pull request #12458 from Habbie/backport-12453-to-auth-4.7.x

auth-4.7: lock.hh: include <stdexcept>

lock.hh: include <stdexcept>

(cherry picked from commit d8b4ea24dc5dbe7c53c24bfffba24bcae7f58e02)

minicurl: stop leaking hostlist memory

Merge pull request #12299 from Habbie/backport-12282-to-auth-4.7.x

auth-4.7 lmdb: make outgoing notifications work

lmdb tests: actually use lmdb config

(cherry picked from commit f7d7e059f69b1330248ecd904c215630a77f038b)

auth lmdb: make outgoing notifications work

(cherry picked from commit bbd6102241d18d8bce551b5e19d0c315368913b9)

Merge pull request #12291 from Habbie/backport-12285-to-auth-4.7.x

auth-4.7 api: do not create SOA and NS records for consumer zones

Merge pull request #12296 from Habbie/backport-12257-to-auth-4.7.x

auth 4.7 API: slightly clearer message when a backend cannot create domains

Merge pull request #12294 from Habbie/backport-12132-to-auth-4.7.x

auth-4.7: take into account default urlcheck timeout is 2 seconds for Lua records tests

auth API: slightly clearer message when a backend cannot create domains

(cherry picked from commit b53ab9d6ef126f3be04160e36cbc381e27d85e79)

This test assumes the health check timeout is 1 second, while it is 2 seconds by default.

Adapt tests to take that into account, which resolves the occasional failure as tested locally.

(cherry picked from commit 2abc153929e22c4abad73f1eba9395e00f18febd)

auth: api, add create/delete consumer zone test

(cherry picked from commit 2f27a15fb72cdbef5c4f5af8f0d089722ee2253a)

auth: api, do not create SOA and NS records for consumer zones

(cherry picked from commit 1f1674ed5ed14af10a6ce38b9956ffdbef6fcee8)