Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

FTL v5.19.2 #1486

Merged
merged 14 commits into from
Nov 17, 2022
Merged

FTL v5.19.2 #1486

merged 14 commits into from
Nov 17, 2022

Conversation

DL6ER
Copy link
Member

@DL6ER DL6ER commented Nov 17, 2022

This hotfix release does not only fix #1478 but also updates the embedded SQLite3 engine to the most recent version (#1482) and the embedded dnsmasq to version v2.88rc1 (#1484) mainly providing bugfixes for GOST-related DNSSEC signatures. Furthermore, we will now always ensure that FTL messages are unique (#1480) to avoid issues with ever and ever repeating messages (#1475).

DL6ER and others added 14 commits November 14, 2022 23:05
@DL6ER
Merge pull request #1477 from pi-hole/master
7af658b 
sync: master to development
@DL6ER
Always ensure FTL messages are unique
fc212c3 
Signed-off-by: DL6ER <[email protected]>
@DL6ER
Adlist warning -> ADLIST WARNING
af49566 
Signed-off-by: DL6ER <[email protected]>
@DL6ER
Add debugging output to verify_shmem_pid()
c689cf2 
Signed-off-by: DL6ER <[email protected]>
@DL6ER
Update embedded SQLite3 engine to version 3.40.0
bb57105 
Signed-off-by: DL6ER <[email protected]>
@simonkelley @DL6ER
Handle known DNSSEC signature algorithms which are not supported.
c030b2d 
This fixes a confusion if certain algorithms are not supported
because the version is the crypto library is too old.  The validation
should be treated the same as for a completely unknown algorithm,
(ie return unverified answer) and not as a validation failure
(ie return SERVFAIL).

The algorithems affected are GOST and ED448.

Signed-off-by: DL6ER <[email protected]>
@simonkelley @DL6ER
Fix GOST signature algorithms for DNSSEC validation.
b6e61c2 
Use CryptoPro version of the hash function.
Handle the little-endian wire format of key data.
Get the wire order of S and R correct.

Note that Nettle version 3.6 or later is required for GOST support.

Signed-off-by: DL6ER <[email protected]>
@simonkelley @DL6ER
Handle DS records for unsupported crypto algorithms correctly.
bc1acb2 
Such a DS, as long as it is validated, should allow answers
in the domain is attests to be returned as unvalidated, and not
as a validation error.

Signed-off-by: DL6ER <[email protected]>
@DL6ER
Update embedded dnsmasq to v2.88rc1
b72d3b7 
Signed-off-by: DL6ER <[email protected]>
@DL6ER
Verify PID of shared memory without remapping global shmSettings object
78597dd 
Signed-off-by: DL6ER <[email protected]>
@DL6ER
Merge pull request #1484 from pi-hole/update/dnsmasq
08b347b 
Update embedded dnsmasq to v2.88rc1
@DL6ER
Merge pull request #1480 from pi-hole/tweak/unique_messages
9dd37ec 
Always ensure FTL messages are unique
@DL6ER
Merge pull request #1482 from pi-hole/update/sqlite_3.40.0
cafa2ef 
Update embedded SQLite3 engine to version 3.40.0
@DL6ER
Merge pull request #1485 from pi-hole/fix/forked_shmSettings
f4c9460 
Fix shared memory crashes in TCP forks
@DL6ER DL6ER added the Release label Nov 17, 2022
@DL6ER DL6ER requested a review from a team November 17, 2022 12:02
@DL6ER DL6ER marked this pull request as ready for review November 17, 2022 12:02
@PromoFaux PromoFaux merged commit 844c8b9 into master Nov 17, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@PromoFaux PromoFaux PromoFaux approved these changes

@yubiuser yubiuser yubiuser approved these changes

Assignees
No one assigned
Labels
internal Release
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

FTL crashed [Fixed in 5.19.2]
4 participants
@DL6ER @PromoFaux @yubiuser @simonkelley