GitLab now enforces expiry dates on tokens that originally had no set expiration date. Those tokens were given an expiration date of one year later. Please review your personal access tokens, project access tokens, and group access tokens to ensure you are aware of upcoming expirations. Administrators of GitLab can find more information on how to identify and mitigate interruption in our documentation.

Self sign-up has been disabled due to increased spam activity. If you want to get access, please send an email to a project owner (preferred) or at gitlab(at)nic(dot)cz. We apologize for the inconvenience.

Race condition in Onlinesign during key rollover

In onlinesign module, during key rollover, the code goes to the point where keyset shall be reloaded:

		free_zone_keys(mod->keyset);
		free(mod->keyset);
		ret = knotd_mod_dnssec_load_keyset(mod, true);

If at the same time, another thread is answering from the same zone and it gets to signing phase, it attempts read from freed memory.

The solution is:

load keyset to temporary pointer and exchange the pointers atomically
RCU on the allocated keysets