Overview Repositories Revisions Requests Users Attributes Meta

Revisions of pihole-ftl

Samu Voutilainen's avatar Samu Voutilainen (Smar) committed (revision 40) 
- Update to version 5.25.1:
  * Update embedded dnsmasq version to 2.90+1
  * Fix spurious "resource limit exceeded" messages.
  * Update dnsmasq version to 2.90
  * Update expected dnsmasq warnings
  * Reverse suppression of ANY query answer logging.
  * Add --dnssec-limits option.
Samu Voutilainen's avatar Samu Voutilainen (Smar) committed (revision 39) 
- Update to version 5.25:
  * Update dnsmasq version to 2.90
  * Update expected dnsmasq warnings
  * Reverse suppression of ANY query answer logging.
  * Add --dnssec-limits option.
  * Better allocation code for DS digest cache.
  * Better stats and logging from DNSSEC resource limiting.
  * Overhaul data checking in NSEC code.
  * Rework validate-by-DS to avoid DoS vuln without arbitrary limits.
  * Update EDE code -> text conversion.
  * Parameterise work limits for DNSSEC validation.
  * Fix error introduced in 635bc51cac3d5d7dd49ce9e27149cf7e402b7e79
  * Measure cryptographic work done by DNSSEC.
  * Update NSEC3 iterations handling to conform with RFC 9276.
  * Update header with new EDE values.
  * Protection against pathalogical DNSSEC domains.
  * Update embedded dnsmasq version to 2.90test4
  * Make --filter-rr=ANY filter the answer to ANY queries.
  * Tweak logging and special handling of T_ANY in rr-filter code.
  * Force-update embedded dnsmasq version. We are loosing the individual dnsmasq history of the ~ last year, however, given the multitude of merge conflicts and the fact that this code will soon(ish) be replaced by development-v6 (where the history is 100% intact), this isn't much of an issue
  * Update changed indentation of known DNSMASQ warning
  * =/== typo in last commit.
  * Behave better when attempting to contact unresponsive TCP servers.
  * Necessary changed to handle the most recent dnsmasq changes in FTL
  * Log truncated DNS replies.
  * Apply suggestions from code review
  * Add special non-interactive mode for the embedded sqlite3 engine accessible via "-ni"
  * Bump actions/stale from 8.0.0 to 9.0.0
  * Change priorities such that special domains (Firefox and Apple at this time) can be explicitly allowed for some clients (per group assignments) while they stay blocked for all others in the network
  * Fix possible race-collision leading to a theoretical out-of-bounds read
Samu Voutilainen's avatar Samu Voutilainen (Smar) committed (revision 38) 
- Update to version 5.23:
  * Tweak conditional, add in missing `env:`
  * Update stale.yml
  * Read this, added requestor(s) to the ignore list https://oneminuteenglish.org/en/requestor-or-requester/
  * Update dependabot.yml
  * Use env variable
  * Do not try to remove stale lables on PRs
Samu Voutilainen's avatar Samu Voutilainen (Smar) committed (revision 37) 
- Include pi-hole during build to allow it to handle permissions of
  /etc/pihole directory.
Samu Voutilainen's avatar Samu Voutilainen (Smar) committed (revision 36) 
Added missing source file
Samu Voutilainen's avatar Samu Voutilainen (Smar) committed (revision 35) 
-------------------------------------------------------------------
Tue May 30 04:32:59 UTC 2023 - Samu Voutilainen <smar@smar.fi>

- Refreshed patches
- Removed patch fix-build.patch that was applied to upstream 

-------------------------------------------------------------------
Tue May 30 04:29:40 UTC 2023 - pihole-suse-packages@smar.fi

- Update to version 5.23:
  * Remove traces of ABP_CSS
  * Remove code duplication found in gravit.sh gravity_ParseFileIntoDomains()
  * Update src/tools/gravity-parseList.c
  * Rename src/{gravity-tools.* => tools/gravity-parseList.*}
  * Update adlist.date_updated in parseList command
  * Adding anchors to false_positives_regex
  * Improving the comments
  * Do not consider false positives as invalid domains
  * Allowing underscore and hyfen in any position for gravity parseList
  * Do not run ARP scans in networks where the kernel knows that ARP is not supported (e.g. Wireguard)
  * Do not try to scan for DHCP servers in network where the kernel knows that there is no broadcasting support (e.g. Wireguard)
  * Skip interfaces that are either down or are of loopback type
  * Ensure we are in lock-mode when printing the final result
  * Improve message when packet is rejected by wireguard interfaces
  * Improve deplay.sh script to check against exact matches instead of regex-matching the searched string against the entire collapsed array to avoid incorrect partial matches
  * Query IPv4-capable interfaces instead of packet-interfaces when scanning for DHCP servers
  * Modify logging in such a way that concurrent printing by the involved is prevented and add better error reporting when sending to interfaces is not working due to an error
  * Add capabilities check for feature dhcp-discover in the same way we already have it for arp-scan
  * Align % in reply rate column
  * Apply Pi-hole specific patches
  * Update SQLite3 to 3.42.0
  * Further reduce memory requirements by factor 10x (if not in -x mode)
  * Reduce memory requirements by factor 4x
  * Exit early if insufficient memory is available, perform as many interface scans as possible under these conditions
  * Give reply rate in percent instead of showing the reply matrix
  * Add arp-scan -xtreme mode for very unreliable connections
  * Optimize thread_data structure and store a thread-local copy of the interface name
  * Add capabilities check for CAP_NET_RAW (root always has it)
  * Log more verbose human-readable error string if available
  * Clearly log when scanning interfaces failed
  * Interface names can be up to 16 bytes long. Docker bridge interfaces actually use this space so we need to reserve enough space here
  * Always skip the loopback interface, also in "-a" mode
  * Only print progress if it has changed. Otherwise, print "." as hearthbeat
  * Scale progress percentage according to number of addresses to be scanned by the individual threads
  * Consolidate output in main process
  * Print different warnings if we received multiple replies from (apparently) the same device or if we received replies for the same address from different MAC addresses
  * Print progress in verbose arp-scanning mode
  * Use OVER constant instead of carridge return
  * Spellcheck correction
  * Skip ABP extended CSS selectors (port of core PR #5247)
  * Re-apply Pi-hole specific Lua patches
  * Update embedded Lua to 5.4.6
  * Include hostnames (if available)
  * Add our own address to the scan results so we can detect IP conflicts also here
  * Use dedicated counters per MAC for a more accurate per-device reply matrix
  * Unify warning
  * Add pihole-FTL arp-scan [{-v,-a}]
  * Move dhcp-discover into a dedicated "tools" target
  * Do not log running out of disk space when the disk occupation is > 100%. We are seeing this with docker deployments on macOS hosts. It is a band-aid fix, however, it also seem to be the only thing we can do given that docker didn't fix this in nearly two years now.
  * Also analyze UDP reply headers
  * Add extra debugging output
  * Add header analysis also in tcp_key_recurse to fix an issue with wrong upstream servers being attributed to DNSSEC-related queries when multiple upstream servers are defined (e.g. conditional forwarding)
  * Apply Pi-hole Lua patches
  * Update embedded Lua to 5.4.5
  * Use env variable
  * Run seperate job to trigger removal on comments
  * Bump actions/checkout from 3.5.0 to 3.5.2
  * Trigger stale workflow on issue comments to remove stale label immediately
  * Apply the same logic also for reverse lookups (PTR)
  * Explicitly set INSECURE status for replies received either from upstream (if they are not already validated as SECURE) or from cache. This is a direct consequence from the previous commit.
  * Initial DNSSEC status should be UNSPECIFIED
  * Analyse pseudeoheader before it might get stripped off
  * Log if EDNS header is NULL and we are in debug mode
  * Only try to interpret EDNS EDE when EDE data is available
  * Ignore possible EXTRA-TEXT field in EDNS0 EDE data
  * Use AD bit for IN/SECURE and EDE in SERVFAIL when prox for BOGUSy-dnsmasq option is used
  * Implement EDNS(0) EDE
  * Simplify EDNS handling code and also interpret replies received from upstream
  * Allow TLD blocking using ABP style (port of core PR #5240)
  * Add a few micro-optimizations to enhance speed of the parseList function and transform FQDN to domains. They are equivalent in this context but now they are not considered invalid any longer
  * Store in the database instead of into a temporary file
  * Enhance speed for ABP patterns (don't try to match domains when the line starts in "|")
  * Only match full lines in input file
  * Add gravity parseList funtion to FTL
  * Bump actions/checkout from 3.4.0 to 3.5.0
  * Bump actions/stale from 7.0.0 to 8.0.0
  * Correct declaration for blockingstatus variable.
  * Correct declaration for query_blocked().
Samu Voutilainen's avatar Samu Voutilainen (Smar) committed (revision 34) 
Added missing patch
Samu Voutilainen's avatar Samu Voutilainen (Smar) committed (revision 33) 
- Added patch fix-build.patch
    * Fixes build on Tumbleweed.
Samu Voutilainen's avatar Samu Voutilainen (Smar) committed (revision 32) 
trigger service run
Samu Voutilainen's avatar Samu Voutilainen (Smar) committed (revision 31) 
- Update to version 5.22:
  * Bump actions/checkout from 3.3.0 to 3.4.0
  * Update dnsmasq version to pi-hole-v2.89-9461807
  * Add RISC-V 64-bit support and builds
  * Add .codespellignore file to fix spell-checker action
  * Remove limitation on --dynamic-host.
  * Fix DHCPv6 "use multicast" response which previously failed to set the message type correctly.
  * Allow configuring filter-A/AAAA via dbus.
  * Generalise cached NXDOMAIN replies.
  * Set the default maximum DNS UDP packet size to 1232.
  * Fix possible SEGV when no servers defined.
  * Fix --rev-server option. It was broken in 1db9943c6879c160a5fbef885d5ceadd3668b74d when resolving upstream servers by name was extended to --rev-server without accounting for the fact that re-using one and the same upstream server for each of the x.y.z.in-addr.arpa is actually a wanted feature
  * Avoid undefined behaviour with the ctype(3) functions.
  * Put version.ftl also behind new no-ident config option
  * Apply Pi-hole SQLite3 patches
  * Update embedded SQLite3 engine to version 3.41.1
  * Remove last traces of temporarily added benchmarking tools. Also remove the hint about ABP domains, this can easily be checked in gravity
  * Remove debugging timing output
  * Set abp_domains = 1 during the CI tests.
  * Use property "abp_domains" from info table to decide whether ABP blocking is to be used or not. Also log when FTL enabled ABP-style blocking
  * Add timing for ABP style detection
  * Update src/database/gravity-db.c
  * Fix spellcheck to get things deployed
  * Fix handling of rare (but possible) gravity database issues such as "list not available"
  * Do not use a new option but instead automatically detect if ABP-style domains are present in the database. This ensures that this addition comes at no extra costs to any installs using pure HOSTS-style adlists.
  * Add ABP format blocking support for gravity. Note that the option needs to be switched on by setting GRAVITY_ABP_STYLE=true in pihole-FTL.conf to avoid running this computationally expensive task on the vast majority of user databases only fed from properly formatted HOSTS lists. Gravity can enable the setting when it detects ABP format automatically.
  * Update dnsmasq version to 2.89
  * Update dnsmasq version to 2.89rc1
  * New syntax: querytype=A accepts now also a list (like querytype=A,AAAA,MX). You can use the exclamation mark as before for inversion (querytype=!A) matches everything BUT type A queries. This has now been extended to be able to invert a list, too (like (querytype=!A,AAAA matches everything BUT A and AAAA queries)
  * Add --no-ident option.
Samu Voutilainen's avatar Samu Voutilainen (Smar) committed (revision 30) 
- Made /var/log/pihole to be group writable, to allow php-fpm
  as nobody:pihole to write a log inside here.
Samu Voutilainen's avatar Samu Voutilainen (Smar) committed (revision 29) 
- Ghost own /run/pihole
Samu Voutilainen's avatar Samu Voutilainen (Smar) committed (revision 28) 
- Add fortify_source_3.patch
  * Applied only for Tumbleweed.
  * Avoid error due redifinion of _FORTIFY_SOURCE
Samu Voutilainen's avatar Samu Voutilainen (Smar) committed (revision 27) 
- Added link_against_readline.patch
  * Fixes build
Samu Voutilainen's avatar Samu Voutilainen (Smar) committed (revision 26) 
- Use shared libraries instead of static
Samu Voutilainen's avatar Samu Voutilainen (Smar) committed (revision 25) 
Build fixes
Samu Voutilainen's avatar Samu Voutilainen (Smar) committed (revision 24) 
- Update to version 5.20:
  * Update embedded dnsmasq to v2.88
  * Add posix-timezone and tzdb-timezone DHCPv6 options.
  * Review comments
  * Exit immediately after running dnsmasq-test
  * Fix logic for status code parsing
  * Fix incorrect DNSSEC-related warning during history import
Samu Voutilainen's avatar Samu Voutilainen (Smar) committed (revision 23) 
- Only enable malloc error muting on Tumbleweed.
Samu Voutilainen's avatar Samu Voutilainen (Smar) committed (revision 22) 
- Use -Wno-error=suggest-attribute=malloc as build flag to fix
  Tumbleweed building.
Samu Voutilainen's avatar Samu Voutilainen (Smar) committed (revision 21) 
--------------------------------------------------------------------
- Update to version v5.10.2
  + Move SFTP xfer to happen before attach to release. Seeing some SSL errors in the github-action-publish-binaries action.
  + Fix REPLY_ADDR{4,6} address overwriting for pi.hole and <hostname>
  + Fix confusion in DNS retries and --strict-order.
  + Fix FTBFS when CONNTRACK and UBUS but not DNSSEC compile options selected.
  + dnsmasq_time: avoid signed integer overflow when HAVE_BROKEN_RTC
  + Do not fail hard when rev-server has a non-zero final address part
  + Update embedded dnsmasq version to 2.87test3
Displaying revisions 1 - 20 of 40
Places