-------------------------------------------------------------------
Tue May 30 04:32:59 UTC 2023 - Samu Voutilainen <smar@smar.fi>

- Refreshed patches
- Removed patch fix-build.patch that was applied to upstream 

-------------------------------------------------------------------
Tue May 30 04:29:40 UTC 2023 - pihole-suse-packages@smar.fi

- Update to version 5.23:
  * Remove traces of ABP_CSS
  * Remove code duplication found in gravit.sh gravity_ParseFileIntoDomains()
  * Update src/tools/gravity-parseList.c
  * Rename src/{gravity-tools.* => tools/gravity-parseList.*}
  * Update adlist.date_updated in parseList command
  * Adding anchors to false_positives_regex
  * Improving the comments
  * Do not consider false positives as invalid domains
  * Allowing underscore and hyfen in any position for gravity parseList
  * Do not run ARP scans in networks where the kernel knows that ARP is not supported (e.g. Wireguard)
  * Do not try to scan for DHCP servers in network where the kernel knows that there is no broadcasting support (e.g. Wireguard)
  * Skip interfaces that are either down or are of loopback type
  * Ensure we are in lock-mode when printing the final result
  * Improve message when packet is rejected by wireguard interfaces
  * Improve deplay.sh script to check against exact matches instead of regex-matching the searched string against the entire collapsed array to avoid incorrect partial matches
  * Query IPv4-capable interfaces instead of packet-interfaces when scanning for DHCP servers
  * Modify logging in such a way that concurrent printing by the involved is prevented and add better error reporting when sending to interfaces is not working due to an error
  * Add capabilities check for feature dhcp-discover in the same way we already have it for arp-scan
  * Align % in reply rate column
  * Apply Pi-hole specific patches
  * Update SQLite3 to 3.42.0
  * Further reduce memory requirements by factor 10x (if not in -x mode)
  * Reduce memory requirements by factor 4x
  * Exit early if insufficient memory is available, perform as many interface scans as possible under these conditions
  * Give reply rate in percent instead of showing the reply matrix
  * Add arp-scan -xtreme mode for very unreliable connections
  * Optimize thread_data structure and store a thread-local copy of the interface name
  * Add capabilities check for CAP_NET_RAW (root always has it)
  * Log more verbose human-readable error string if available
  * Clearly log when scanning interfaces failed
  * Interface names can be up to 16 bytes long. Docker bridge interfaces actually use this space so we need to reserve enough space here
  * Always skip the loopback interface, also in "-a" mode
  * Only print progress if it has changed. Otherwise, print "." as hearthbeat
  * Scale progress percentage according to number of addresses to be scanned by the individual threads
  * Consolidate output in main process
  * Print different warnings if we received multiple replies from (apparently) the same device or if we received replies for the same address from different MAC addresses
  * Print progress in verbose arp-scanning mode
  * Use OVER constant instead of carridge return
  * Spellcheck correction
  * Skip ABP extended CSS selectors (port of core PR #5247)
  * Re-apply Pi-hole specific Lua patches
  * Update embedded Lua to 5.4.6
  * Include hostnames (if available)
  * Add our own address to the scan results so we can detect IP conflicts also here
  * Use dedicated counters per MAC for a more accurate per-device reply matrix
  * Unify warning
  * Add pihole-FTL arp-scan [{-v,-a}]
  * Move dhcp-discover into a dedicated "tools" target
  * Do not log running out of disk space when the disk occupation is > 100%. We are seeing this with docker deployments on macOS hosts. It is a band-aid fix, however, it also seem to be the only thing we can do given that docker didn't fix this in nearly two years now.
  * Also analyze UDP reply headers
  * Add extra debugging output
  * Add header analysis also in tcp_key_recurse to fix an issue with wrong upstream servers being attributed to DNSSEC-related queries when multiple upstream servers are defined (e.g. conditional forwarding)
  * Apply Pi-hole Lua patches
  * Update embedded Lua to 5.4.5
  * Use env variable
  * Run seperate job to trigger removal on comments
  * Bump actions/checkout from 3.5.0 to 3.5.2
  * Trigger stale workflow on issue comments to remove stale label immediately
  * Apply the same logic also for reverse lookups (PTR)
  * Explicitly set INSECURE status for replies received either from upstream (if they are not already validated as SECURE) or from cache. This is a direct consequence from the previous commit.
  * Initial DNSSEC status should be UNSPECIFIED
  * Analyse pseudeoheader before it might get stripped off
  * Log if EDNS header is NULL and we are in debug mode
  * Only try to interpret EDNS EDE when EDE data is available
  * Ignore possible EXTRA-TEXT field in EDNS0 EDE data
  * Use AD bit for IN/SECURE and EDE in SERVFAIL when prox for BOGUSy-dnsmasq option is used
  * Implement EDNS(0) EDE
  * Simplify EDNS handling code and also interpret replies received from upstream
  * Allow TLD blocking using ABP style (port of core PR #5240)
  * Add a few micro-optimizations to enhance speed of the parseList function and transform FQDN to domains. They are equivalent in this context but now they are not considered invalid any longer
  * Store in the database instead of into a temporary file
  * Enhance speed for ABP patterns (don't try to match domains when the line starts in "|")
  * Only match full lines in input file
  * Add gravity parseList funtion to FTL
  * Bump actions/checkout from 3.4.0 to 3.5.0
  * Bump actions/stale from 7.0.0 to 8.0.0
  * Correct declaration for blockingstatus variable.
  * Correct declaration for query_blocked().

• Files Changed
• Browse Source