SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for pi-hole-ftl-5.25.2-9.4.x86_64.rpm :

* Thu Aug 29 2024 Robert Herb - removed rc
*-symlinks for Tumbleweed --> deprecated
* Fri May 31 2024 Robert Herb - update to 5.25.2
* Wed Mar 06 2024 Robert Herb - update to 5.25.1
* Sun Feb 18 2024 Robert Herb - update to 5.25
* Mon Jan 08 2024 Robert Herb - update to 5.24
* Tue May 30 2023 Robert Herb - update to 5.23
* Fri Mar 24 2023 Robert Herb - update to 5.22
* Thu Jan 19 2023 Robert Herb - update to 5.20.1
* Tue Dec 27 2022 Robert Herb - update to 5.20
* Fri Dec 09 2022 Robert Herb - fix syntax error in permissions file
* Sun Nov 27 2022 Robert Herb - show correct arch in webgui
* Wed Nov 23 2022 Robert Herb - update to 5.19.2- removed service
* Wed Nov 16 2022 Robert Herb - show correct gcc version
* Wed Nov 02 2022 Robert Herb - removed permissions stuff from pi-hole-ftl.service- updated capabilities in pi-hole-ftl.service
* Mon Oct 24 2022 Robert Herb - update required capabilities
* Sat Oct 15 2022 Robert Herb - added dependency to time-sync.target
* Tue Oct 11 2022 Robert Herb - update to 5.18.2
* Tue Oct 11 2022 Robert Herb - update permissions of /var/log/pihole
* Sun Oct 09 2022 Robert Herb - remove dependency for chkstat
* Sat Oct 08 2022 Robert Herb - remove unnecessary %posttrans message
* Tue Oct 04 2022 Axel Braun - change SUSE.readme -> openSUSE.readme correct service name in readme
* Wed Jul 06 2022 Robert Herb - - based on https://build.opensuse.org/package/show/home:Smar:pi-hole/pihole-ftl- rebuild for Leap 15- update to latest git version
* Sat Oct 02 2021 Samu Voutilainen - Only enable malloc error muting on Tumbleweed.
* Sat Oct 02 2021 Samu Voutilainen - Use -Wno-error=suggest-attribute=malloc as build flag to fix Tumbleweed building.
* Sat Oct 02 2021 pihole-suse-packagesAATTsmar.fi- Update to version v5.10.2 + Move SFTP xfer to happen before attach to release. Seeing some SSL errors in the github-action-publish-binaries action. + Fix REPLY_ADDR{4,6} address overwriting for pi.hole and + Fix confusion in DNS retries and --strict-order. + Fix FTBFS when CONNTRACK and UBUS but not DNSSEC compile options selected. + dnsmasq_time: avoid signed integer overflow when HAVE_BROKEN_RTC + Do not fail hard when rev-server has a non-zero final address part + Update embedded dnsmasq version to 2.87test3
* Thu Sep 30 2021 Samu Voutilainen - Removed unnecessary patches: + ftl-2.8.1-build-fix.patch + ignore-shmem.c-strncpy-error.patch
* Thu Sep 30 2021 pihole-suse-packagesAATTsmar.fi- Update to version v5.10.1 + Fix specific NOERR/NXDOMAIN confusion. + Reduce code duplication by merging FTL_cache() into FTL_reply() + Also process automatically generated queries, e.g. for DNSSEC validation + Add option to suppress automatically generated DNSSEC queries from being analyzed and shown (legacy behavior) + Fix bug in 6860cf932baeaf1c2f09c2a58e38be189ae394de + Fix bug introduced in 6860cf932baeaf1c2f09c2a58e38be189ae394de + Don\'t print flags multiple times in debug mode. + Log client requesting automatically generated DS/DNSKEY queries explicitly as \"pi.hole\" + Further work from a0a3b8ad3e91db5181023fceea6732eb6c6f0759 + Connection track mark based DNS query filtering. + Use correct packet-size limit in make_local_answer() + Include EDNS0 in connmark REFUSED replies. + Rename replyt ype 11 DNSKEY -> DNSSEC + Add src/dnsmasq/pattern.c to src/dnsmasq/CMakeList.txt + Update SQLite engine to 3.36.0 + Also cancel other threads when terminating + Ensure API threads can be canceled asynchronously + Add limit of maximum threads to warning + Add explicit limit logging also in the second place. + If DELAY_STARTUP is set, we can delay earlier to have this option being useful for misbehaving fake hwclocks as well. + Correct domain search algorithm. + Analyze which upstream server sent us the reply + Store real over-time counts of forwarded queries. So far, we counted only the first server a query was sent to. + Change upstream associated with a query if it is different than the first server we sent a query to + Log resolution of pi.hole and hostname as \"internal\" instead of the last blocking reason (e.g. \"gravity blocked\"). + Tests: Debug messages do now include the port a client sent the query from + Add more debugging output to short-circuited replies + Fix automatic IP hostname responding for blocking modes NXDOMAIN, NODATA and NODATA-IPv6 + Simplify logic in FTL_make_answer() + Fix error in try to make outer SHM lock consistent on dead of previous owner + Initial changes for extended DNS error codes. + Rationalise --server parsing and datastructure building. + Deprecate DEBUG_DNSMASQ_LINES (now included in DEBUG_FLAGS) + Initial implementation of RFC-8914 extended DNS errors. + Implement Extended DNS Errors (ERE, RFC 8914) in FTL + Don\'t re-use datastructures for --address and --local. + Rationalise domain parsing for --rev-server and --domain. + Fix problem with re-allocation of serverarray. + Include EDE in telnet API getAllQueries + Tidy up interface to dbus and ubus modules. + Compiler warnings. + Fix trivial breakage of DBUS done by 85bc7534dae7711f6c82742feaa7dacb41af3f36 + Fix compiler warning. + Tidy up name buffer use in report_addresses(). + Treat failure of ubus_add_object() in ubus_init() as retry-able. + Revert \"Treat failure of ubus_add_object() in ubus_init() as retry-able.\" + Fix ipset support. + Reduce memory footprint of FTL by 11%%. We don\'t store the rowid of a query in memory because we don\'t really need that. + Further reduce memory footprint of FTL by about 12%%. We don\'t store the char pointer of the extended DNS errors because we can get this at any time. + Reuse workspace bit in struct server ->flags. + Allow wildcards in domain patterns. + Fix oversight in build_server_array(). + Rationalise SERV_MARK use. + Modify and propagate changed lease. + Hide \"unknown\" EDE in API + Implement special handling of the Mozilla canary domain to disable Firefox auto-DoH + Initialize over-time data only after a possible startup delay + Tidy domain parsing, make --server=/
*/1.2.3.4 equivalent to --server=1.2.3.4 + Make --rebind-localhost-ok apply to :: and 0.0.0.0 + Support IPv6 in --bogus-nxdomian and --ignore-address + Fix order of calls to resize-packet() and add_pseudoheader(). + Add calls to dump internally generated answers for dumpmask=0x0002 + Fix logical error in d0ae3f5a4dc094e8fe2a3c607028c1c59f42f473 + Fix thinko in a92c6d77dcd475579c39bdff141f5eb128e2a048 + Include interface name in more errors printed by dhcp-discover + Check lock ownership only when debugging shared memory locks. This increases the general execution speed because getting PID and TID is a slow process. + Subtle change to priority of --server types. + Propagate dnsmasq defines into target FTL + Simplify FTL_iface() + Add pi.hole PTR record if requested IP matches the address of a local interface + Add config option PIHOLE_PTR to control the new auto-PTR behavior. + Do not reply with \"pi.hole\" to loopback PTRs + Add EDE return when no matching key found. + Add --quiet-tftp. + Fix forcing of reply type in regex replies only being done in debug mode (this never had any adverse effect) + Ensure shared memory is locked when reloading dnsmasq + Allow shorter IPv6 prefix lengths in (some) --synth-domain options. + --synth-domain now works in auth mode. + Return REFUSED in auth mode when we are not authoritative for the query. + Checks on prefix-length in --domain --synth-domain and --rev-server. + canonicalise_opt must always return heap memory. + Fix argument checking for --dhcp-match. + Detect malformed --dhcp-relay option. + Handle empty hostmaster in --auth-soa + Typo in new EDE code. + Add UINT32_MAX if not defined by system. + Add config option ADDR2LINE=true|false + Better fix than f2266d9678d71633d62d70238be3782ea74019c9 + Add additional checks for validity of data before trying to access it. Fixes #1151 + Properly handle edge-case when a query comes in at the exact end of the last overTime interval + Add further cache metrics + Warn about clients reaching rate-limit. Only warn once per interval and client to avoid log spamming. + Log for how many more seconds we rate-limit a client when this happens + Log rate-limiting of clients to the message table + Reload blockingmode on receipt of real-time signal 0 (a.k.a. pihole restartdns reload-lists) + Set extended DNS error to UNSET (-1) when importing from the database + Log how many queries have been saved in the final query storing + CONNTRACK needs CAP_NET_ADMIN. + Simplify linux capability check output + Fix NOERR/NXDOMAIN in answers configured by --domain-needed. + There was a `notify` variable to keep track whether a subscriber is observing our UBus object. However, it was not properly cleaned up in `ubus_destroy`, potentially becoming stale over UBus reconnections. The variable was removed and the current state is examined when sending notifications, similarly as is done in other existing OpenWrt code. + Re-order UBus teardown logic. + Remove remaining uses of deprecated inet_addr() function. + Remove remaining uses of deprecated inet_ntoa() + dhcp_buff2 not availble in log_packet, use daemon->addrbuff + Fiz sizeof() confusion in 527c3c7d0d3bb4bf5fad699f10cf0d1a45a54692 + Define order of reading files when --addn-hosts given a directory. + Revert \"Re-order UBus teardown logic.\" + Revert \"There was a `notify` variable to keep track whether a subscriber is\" + Handle UBus serialization errors. + Eliminate redundant UBus `notify` variable. + Re-order UBus teardown logic. + Adjust logging levels for connmark patterns. + Make comment style consistent. + Use getnameinfo() instead of deprecated gethostbyaddr() for internal name resolving. + Log if hostname was imported from the network database. + Lookup IP addresses in local /etc/hosts file before sending out PTR requests + Allow users to configure how FTL reacts to queries when the gravity database is not available + Ensure we are not sending empty replies when we actually want to drop the entire answer + Ensure busy blocking is also done when database was not available initially (incl. when forking a TCP worker) + Log when adding entries to FTLs DNS cache (DEBUG_QUERIES) + Correct upstream->overTime when queries are blocked after they have already been forwarded upstream (e.g., during CNAME inspection) + Explicitly log when a retried query was a DNSSEC query. + Always count forwardings upstream, even if this was done for a (partially) cached CNAME + Remove redundant upstream->count + Some DEBUG_NETWORKING enhancements + Copy interface name before skipping when REPLY_ADDR is configured manually + Fix empty domain in server option parsing when more than one domain is given + Add BLOB reply type + Handle queries generated by FTL_make_answer() (i.e., blocked queries) as queries served from cache, not upstream (because they were never upstreamed) + Empty replies generated by FTL are NODATA (instead of BLOB) + Tests: DNS reply analysis test (using netmeister.org records) + Hard-code 8.8.8.8 as upstream server for the tests. It turned out to be more reliable as the CircleCI-provided DNS server tends to show a few timeouts on certain query types. + Tests: Use 1.1.1.1 as upstream as 8.8.8.8 SERVFAILs the HTTPS and SVCB tests domains + 1.1.1.1 rejects ANY queries... + Support limited wildcards in the input tags for --tag-if. + Rationalise query-reply logging. + Store validation result of internally generated DNSSEC queries + Store validation result of queries answered from cache + Avoid duplicated NXDOMAIN PTR queries. There is no no need to temporarily force FTL as system resolver when it is already the primary sytem resolver + Tests: Adjust for DNSSEC status now included for cache replies + Final logging tweaks. + Skip DNSSEC analysis if DNSSEC validation is disabled. Add new DEBUG_DNSSEC flag. + Tests: We want extra logging enabled in pihole.log during the tests + Tests: Never lauch DNS resolver thread when names are not to be resolved (e.g., on the CI) + Tests: Use pihole-FTL.pid when reloading to ensure the signal is not sent to a TCP worker (which would just ignore it altogether) + Tests: Use OpenDNS only for dig tests, use Google DNS for everything else. + Tests: Enable DNSSEC for query validation during the CI tests + Only open database when really necessary. This may reduce disk activity slightly and save a bit of CPU time. + Update DB counters still within the running TRANSACTION to reduce disk I/O + dhcp-discover: Implement Classless Static Route Option (options 121 and 249) + Get logging of DNSSEC status right when Checking Disabled bit set. + Add RFC 4833 DHCP options \"posix-timezone\" and \"tzdb-timezone\". + Prevent a possible deadlock in dhcp-discover. + Also check for capabilities CAP_IPC_LOCK and CAP_CHOWN + Tests: Adjust for newly added capability warnings. + Improvements suggested by cppcheck + Ensure we can the correct error string when \"ip neigh show\" or \"ip address show\" fails. Before, we picked up the error from the logg() which was likely always a not ver helpful \"Success\" message + Abort database routines early if database is known to be broken due to database file corruption. + Treat ANY queries the same as CNAME queries WRT to DNSSEC on CNAME targets. + Add regex extension \";reply=NXDOMAIN,NODATA,REFUSED,IP,NONE\" + Tests: Add new regex extension tests + Implement support for custom redirection targets in regex extension, e.g., \"someregex;reply=1.2.3.4;reply=fe80::1234\" + Tests: Add tests for regex extension \"reply=1.2.3.4\", \"reply=fe80:1234\", and \"reply=1.2.3.4;reply=fe80:1234\" + Caching cleanup. Use cached NXDOMAIN to answer queries of any type. + Skip ascii-only names IDN processing + Revert \"Skip ascii-only names IDN processing\" + check_name() determines if IDN processing is needed. + Add all current RR types to the table of type names used for query logging. + Required FTL changes due to the preceding dnsmasq commit. + Small sanity check in wildcard tag matching code. + Retry on interrupted error in tftp + Add safety checks to places pointed by Coverity + Fix bunch of warnings in auth.c + Fix coverity formats issues in blockdata + Retry dhcp6 ping on interrupts + Fix coverity warnings on dbus + Address coverity issues detected in util.c + Fix coverity detected issues in option.c + Fix coverity detected issue in radv.c + Fix coverity detected issues in cache.c + Tests: \"TYPE5\" is now \"[CNAME]\" + Add NEG flag when replying to queries with forced NXDOMAIN. This ensures logging is correct and that the web interface will show the correct status. + Tests: Check Mozilla canary domain is blocked and logged correctly + Add PIHOLE_PTR=HOSTNAME allowing users to specify that Pi-hole should respond with the device\'s hostname (instead of \"pi.hole\") for local interface IP address PTR requests. + Valid option values for PIHOLE_PTR are now \"PI.HOLE\" (default), \"HOSTNAME\" or \"NONE\" + Add final newline + Trim excess whitespace + Add handling for \"pi.hole.\" and \".\". This fixes #1168 + Ensure virtual interfaces are recognized as distinct interfaces when finding their bound addresses + Reply with NODATA (instead of 0.0.0.0 or ::) if the interface we received a query on doesn\'t have the requested address type (e.g. virtual interfaces only configured with one IPv6 but no IPv6 address) + Fix coverity issues detected in domain-match.c + Fix coverity detected issues in dnsmasq.c + Fix coverity issues in dnssec.c + Fix confusion is server=/domain/# combined with server|address=/domain/.... + Add support for arbitrary prefix lengths in --rev-server and --domain=....,local + Thinko in immediately previous commit. + Optimize inserting records into server list. + Improvements based on static-analysis of source code + Fix --address=/#/...... which was lost in 2.86 + Correcly warn if dynamic directory is actually no directory + Make TTL served for blocked queries independent from local-tll setting in dnsmasq\'s config. + Improve last patch by splitting the previously combined if + Make --rebind-domain-ok work with IDN. + Change database permission to 664 + Set database permissions everytime the database is initialized + Change test suite to reflect changed file permissions + Fix indentation + Add special handling of iCloud Private Relay domains + Improve empty domain name handling + Add GitHub Actions integration + Add --nftset option, like --ipset but for the newer nftables. + Update embedded dnsmasq version to v2.87test2 + Tweak expected result for line 8 in \"Get all queries shows expected content\" + Ready GHA to take over from circle... + Fix a test that was already fixed, but then unfixed by a dodgy merge commit + Add in upload to our server + Single
* is not enough it seems
* Sat Sep 11 2021 Samu Voutilainen - Added patch ftl-2.8.1-build-fix.patch. Fixes Tumbleweed build.- Miscellaneous fixes to spec.
* Sun May 16 2021 Samu Voutilainen - systemd service needs to clean up SHM files manually in order to avoid a failure in FTL restart.
* Wed May 05 2021 pihole-suse-packagesAATTsmar.fi- Update to version v5.8.1 + Retried queries due to missing DNSSEC valdiation have no upstream server (the related DNSSEC queries where retried, not this one). Hence, we shouldn\'t update the counts of any upstream here. This silences an incorrect \"FATAL: Trying to access upstream ID -1\" warning in the logs. + Do not terminate threads which may not be running. They\'ll be cleaned up at process termination anyway. + Ensure we clean up always behind us. Also when FTL crashes + Also clean up when crashing + Improve process-already-running detection + Tests: Update tests for new expected output on two concurrent instances + Terminate threads before closing database connections and finishing shared memory + Clean up after dnsmasq errors (port not available config errors, etc.) + Do not detach threads we want to be able to cancel and add logfile log to shared memory locks. Other forks may want to log as well. + Change to refreshed logo. + Give the images some space. + Center vortex. + Remove incorrect informaion. + Use dropshadowed logo + Escape DHCP options if necessary + Print raw bytes for unknown DHCP options + Implement DHCPv4 PCP Option (RFC 7291) + Resize shared memory only when locking. This ensures all shm pointers are invariant inside locks. + Preallocate one pagesize (usually 4K) for per-client-regex data. + Reduce code-duplication by using an array of shared memory pointers we can iterate on when chown-ing or deleteing. + Fix incorrect printf format identifier + Fix problem with DNS retries in 2.83/2.84. + Simplify preceding fix. + The preceeding commit changes the handling of retried queries. The logic is now changed so that distinct requests for repeated queries still get merged into a single ID/source port, but they now always trigger a re-try upstream. This effectively removes our IN-PROGRESS status so we remove the code handling this as well. + dhcp-host selection fix for v4/v6. + Correct occasional --bind-dynamic synchronization break + Always use + Move flags to recvmsg function in netlink + Obtain MTU of interface only when it would be used + Update embedded SQLite engine to 3.35.0 + Update .gitignore and add VSCode workspace exclude-settings + Add --dynamic-host option. + Add --log-debug option and MS_DEBUG flag to my_syslog(). + Only log changes to DNS listeners when --log-debug is set. + Log creation of listeners and enable dnsmasq log-debug when any FTL debug option is set. + Fix a memory leak when re-opening the databases (when forking or reloading the lists). The memory leak is on the order of a few bytes but scales quickly with the number of clients. It is caused by SQLite3 not being able to clean up behind itself when we\'re not finalizing and closing everything explicitly. + Avoid jump depending on uninitialized bytes (only relevant in debug mode). + Join canceled threads on exit to ensure they exited properly before we exit from the main process. This includes waiting for them to clean up their own stack memory, etc. + Ensure we close FTL database connection when exiting the main process. This has no consequences else than silencing some meomry-lost complaints by valgrind (any allocated memory is release on process exit anyway) + Ensure shared memory strings bucket is large enough when locking. Do not resize it when we are holding the lock. Also, optimize FTL-domains size + Don\'t try to finalize gravity statements two times + More fine-grained locking in network table processing should decrease delays in DNS resolution on very slow machines + Reduce rate-limiting checking to once per second (rather than every 100 msec) + Simplify locking during network table processing and generalize spacial handling for virtual interfaces (hwaddr 00:00:00:00:00:00) + Simplify signal handling and catch SIGABRT in addition + tftp warning fix. + Teach --bogus-nxdomain and --ignore-address to take a subnet argument. + Use random source ports where possible if source addresses/interfaces in use. + Update SQLite3 from 3.35.0 to 3.35.2 + Do not skip remapping if the size hasn\'t changed + Avoid leaking memory if dbquery() fails + Automatically reply with IP address a query came in from when in blockingmode=IP + Scan through local interfaces to find IPv4/IPv6 addresses to reply with in IP blocking mode + Add fallback in case docker does not reveal the interface we\'re running in + Simplify and unify interface address derivation + Do not close FTL database connection when forking TCP workers + Open database after forking + Add timeout to joining of threads + Remove additional log file locking + Open individual database connections where we need them. Do not use global pointers anywhere. This may mean we have more than one connection open at the sae time. SQLite3 will take care of thread-safety. + Fix FTBS on FreeBSD due to Linux-specific optimisation of if_nametoindex() + Always set database pointer to NULL, even when closing failed + Prepare for dnsmasq code refactoring patches. This commit needs to be undone later. + Reduce few repetitions in forward code + Create common function for forward dump, log and send + Move repeated test pattern to server_test_type + If the first argument ends in \".lua\", we immediately start the embedded LUA engine. Same for \".db\" and \".sql\" files which are directly routed into the embedded SQLite3 engine. + Add tests for new feature + Favor ULA and GUA addresses over LL when picking an IP address for replying to blocked AAAA queries. + MUSL and GNU C define the substructure of in6_addr differently so we cannot rely on being able to access the substructure directly. + Use properly-sized buffer for format_time() + Fix thinko in 51f7bc924cbcdeb09cbb83249b70c121d1ffa31e + Change the method of allocation of random source ports for DNS. + Scale the DNS random scket pool on the value of dns-forward-max. + Update SQLite3 from 3.35.2 to 3.35.3 + Ensure FTL can be compiled from source archives offered by GitHub for each release + Print special notice when no version can be obtained + Improve error reporting in network table routines + Also log ignored extra regex extensions to the message database table + Prevent forks from adding regex compilation errors to the message table + mpid() should return PID even if we are not forking at all + Log correct database index on regex warnings + Correct missing SERV_DO_DNSSEC flag, add new spot + Enable DNSSEC compilation on nettle 2.7.1 + Replace ad-hoc libnettle version detecion with MIN_VERSION macro. + Fix spacing in translatable strings. + Re-add FTL hooks into dnsmasq\'s forward code + Update dnsmasq version string to 2.85 + Circle CI: skip uploading build artifacts on forks + TFTP tweak. + Update SQLite3 from 3.35.3 to 3.35.4 + Do not flag query as retried when we decide ourselves that it should be retried without any new query triggering this. Deprecate DEBUG_EXTBLOCKED (now covered by DEBUG_QUERIES and add DEBUG_STATUS) + Ignore duplicated replies to the same query. This is useful in general and also happens to circumvent a dnsmasq bug (we already reported this one upstream). + Subtly change behaviour on repeated DNS query. + Simplify status and reply type handling in FTL + Ensure we always set the status of cached queries + Assert size of countersStruct + Combine queries for the same DNS name if close in time. + Handle resource exhaustion of struct frec_src same as struct frec. + Ensure reply type is always stored for cached queries + Re-add IN_PROGRESS query status + Do not try to log if no log file is defined + Prevent a possible infitite loop in the inunterruptible syscalls. + Queries read from the database need to be counted as unknown before restoring the query status + Add missing newline after \"Notice: Found no readable FTL config file\" + Add config options REPLY_ADDR4 and REPLY_ADDR6 to overwrite automatic IP detection in IP blocking mode. + Use MAXLOGAGE to control which queries get deleted by GC + Tidy error logging in 961daf8f921503457d1f539f79b3a2def7d479e2 + Work around warning on tag build due to && logic. + Fix database update to version 7 reporting error when there is none. This is not a critical bug as the issue resolves itself on the next start of FTL. + Test: Add test for \"database not available\" messages indicating failed database updates and creations. + Give threads a bit more time to reach a point where cancellation is safe. We cannot give them too much time because, otherwise, the proces trying to TERMinate FTL may decide to KILL it instead. We should avoid this to be able to properly cleanup. + Don\'t try to terminate threads when we never launched them.
* Wed Apr 14 2021 pihole-suse-packagesAATTsmar.fi- Update to version v5.7 + Fix incorrect \"FATAL\" error message during garbage collection + Fix incorrect \"FATAL\" error message during garbage collection + Move fd into frec_src, fixes 15b60ddf935a531269bb8c68198de012a4967156 + Fix to 75e2f0aec33e58ef5b8d4d107d821c215a52827c + Optimise sort_rrset for the case where the RR type no canonicalisation. + Fix for 12af2b171de0d678d98583e2190789e544440e02 + Don\'t display unrelated CNAME queries when filtering for specific domain + dnsmasq-v2.83 forwards multiple queries to the same destination only once and stores the other queries as duplicates. They do receive the answer later on, however, this is usually not logged (when log-queries=extra is enabled, there will be a warning about the duplicate). This commit handles such duplicates and introduces a new reply type 14 = \"already forwarded\" + When seeing duplicated queries, the original query may have been blocked during CNAME inspection. In this case, we need to change the status from \"OK (already forwarded)\" to the correspondig blocked status. The \"already forwarded\" information is lost but that seems okay. + Check source query for its status when checking if we need to update the duplicated ones + Tidy initialisation in hash_questions.c + Change HAVE_NETTLEHASH compile-time to HAVE_CRYPTOHASH. + Bump copyright notices for 2021. Happy New Year! + Fix possible free-memory ref in e75069f79aa6b8a61034a9a4db9b6265b8be8ae4 + Fixes incorrect \"Found unknown status 14 in long term database\" warning in the logs. We change the code to use a enum-based struct so we cannot forget to update this in the future when adding further query status types. + Add per-client rate-limiting. The default limit is 1000 queries in 60 seconds. + Add output of how much memory in /dev/shm is used by FTL itself + Try to create shared memory objects before reading the settings + Do not try to delete existing shmem objects on start - that may cause running FTL instances to crash when it tries to access them. Instead, new instances should properly fail to start. + Tests: Running a second instance is detected and prevented, FTL continues to work as expected afterwards + Do not explicitly request a lease time in our DHCPREQUEST as this may lead to incorrect responses. Also, when sending a request to lo, we should send it to the interface address instead of the broadcast (lo doesn\'t support broadcast destinations). + Fix queries sent upstream being counted incorrectly when modified later on (blocked externally, blocked during CNAME inspection). This also applies to queries loaded from the database. + Increment forward counters when immporting QUERY_RETRIED or QUERY_RETRIED_DNSSEC fromthe database + Retain EDNS0 bits from incoming queries when blocking requests
* Tue Jan 19 2021 pihole-suse-packagesAATTsmar.fi- Update to version v5.5 + Detect and handle interface changes of clients with the same IP + Update SQLite3 to 3.34.0 and expose sqlite3 shell as \'pihole-FTL sqlite3\' (drop-in replacement is available as well) + mend + Added missing NS query type to getQueryTypes() + Log date/time of FTL in header just as SQLite3 does as well + Test for embedded SQLite3 shell available and functional + Modified test for NS type + Fix for errno not being set by posix_fallocate() in contrast to fallocte() who did set it. + Add new query types SVCB and HTTPS + Tests: Add SVCB and HTTPS as expected query types + Implement support for displaying exact type instead of the catch-them-all category OTHER. The OTHER category is still used when it comes to computing statistics to ensure your chart\'s legend does not explode. + We cannot really decide whether local configuration lines are meant for blocking or something else. Just record such queries as replied to from cache because this is what they are. This code made sense at the time where wildcards were implemented as dnsmasq config lines, however, we\'ve advanced to our own regex engine since then and all config lines should have also been auto-migrated. + Clarify comment + Only return regex index when allowed by privacy settings. This may leak information, otherwise. + Check for validity if iface pointe before dereferencing it. + Don\'t show retried queries when filtering for blocked queries. + Optimize datastructures using bitfields and item re-arrangement (to minimize padding). This reduces the size of query, client, and regex records by 8 bytes per item. Note that this optimization was done on x86_64 and may not apply for other architectures (32bit architectures already used less padding). + Statically assert struct sizes are what we expect. This prevents us from increasing the memory needs unintentionally (e.g. due to sub-optimal padding) + Store blocked property in query flags. + Use blocked property in API code. Make query->upstreamID = -1 the new default to differentiate easily what was forwarded (ID will be >= 0) and what not (ID == -1). Store the upstream server also for other query types that were forwarded (like queries blocked during CNAME inspection). + Add MAXDBDAYS=-1 to disable auto-cleaning and ensure overflow cannot happen (we just enforce the maximum in this case) + pxe: support pxe clients with custom vendor-class + Use the values of --min-port and --max-port in TCP connections. + Fix remote buffer overflow CERT VU#434904 + Check destination of DNS UDP query replies. + Use SHA-256 to provide security against DNS cache poisoning. + Optimse RR digest calculation in DNSSEC. + Fix DNS reply when asking for DNSSEC and a validated CNAME is already cached. + Add missing check for NULL return from allocate_rfd(). + Handle multiple identical near simultaneous DNS queries better. + Handle caching with EDNS options better. + Support hash function from nettle (only) + Small cleanups in frec_src datastucture handling. + Adapt for change in struct forward to forward->frec_src + Update dnsmasq version string + Fix warning message logic. + Update to new struct frec fields in conntrack code.
* Tue Jan 12 2021 pihole-suse-packagesAATTsmar.fi- Update to version v5.3.4 + Show BOOTP server and file strings used by TFTP + Update dnsmasq version to 2.82 + Use fork-private regex substructure because each regex has an opaque structure (once compiled) and cannot be kept globally available through shared memory (at least not with any realistic effort) + We have to explicitly set conflinebuffersize to zero when freeing the buffer itself to avoid getline() crashing in some special edge-cases + Rename memory.c -> syscalls.c + Factor out syscalls for calloc, free, realloc and strdup into dedicated syscalls/{}.c files + Add interrupt-safe fprintf() and printf() routines + Add interrupt-safe vfprintf() and vprintf() routines + Make calloc(), realloc() and strdup() interrupt-safe + Add interrupt-safe write() routine + Add interrupt-safe accept() routine + Avoid redundant error reporting + Improve printf(), fprintf(), vprintf(), and vfprintf() error reporting + Add interrupt-safe recv() routine + Add interrupt-safe recvfrom() routine + Add interrupt-safe pthread_mutex_lock() routine + Add interrupt-safe select() routine + Add interrupt-safe fopen() routine + Add interrupt-safe sendto() routine + Backup and restore errno in real-time signal handler. + Add interrupt-safe vsnprintf() routine + Add interrupt-safe snprintf() routine + Add interrupt-safe vsprintf() routine + Add interrupt-safe sprintf() routine + Show complete list of args when complaining about unsupported argument + Adjust test for unknown argument to support the new format + Expose lua-interpreter as virtual pihole-lua binary + Add drop-in support for lua binary + Add drop-in replacement support for luac as well + Fix freeing regex pointers to set the global not the local object to NULL after free(). + Add interrupt-safe asprintf() and vasprintf() routines + Add more debugging output for domain reloading (on receipt of SIGHUP) + Add REFRESH_HOSTNAMES=UNKNWON to support only refreshing recently active clients with unknown hostnames + Force refreshing of hostnames (according to REFRESH_HOSTNAMES config) on receipt of SIGRT4 + Give explicit reason for skipping in debug message + Fall back to using ftruncate() when fallocate() return with \"Operation not supported\". This may happen if the kernel is older than 2.6.23 or glibc older than 2.10. ftruncate() has its own disadvantages, however, it is POSIX compliant (POSIX.1-2001) so should be supported even by ancient kernels. + Add new DEBUG_EXTRA flag used for special (temporary) debugging + Update src/resolve.c + num_regex is not in counters any more + Enable extra logging only when DEBUG_EXTRA is set + docs: fix simple typo, timestemp -> timestamp + Add interrupt-safe fallocate() routine, due to the special nature of the fallocate() macro, we hav to use a modified name fTLallocate() to implement this function + Prevent possible deadlock if log is not writable (e.g., permission denied) + Don\'t fail when trying to free(NULL) + Fix Unix socket error handling + Do not print user change information if there is no user change + Reply with configured BLOCKINGMODE to blocked CNAME requests + Revert \"Improve compatibility with old (ancient) kernels\" + Analyze original question and use it to decide whether we mock an A or AAAA reply when blocking + Don\'t iterate over all clients every minute trying to find new ones but only do this when the RESOLVE_NEW_HOSTNAMES event is set + Add DEBUG_EXTRA flag (#994) + Escape spaces by ~ + Do not sync after executing regular expression on a domain- Use proper version handling in spec
  
ICM