From 9ce2a0fb341c89b1e047649f97f80cbcc088c8e0 Mon Sep 17 00:00:00 2001 From: Ainar Garipov Date: Wed, 23 Mar 2022 16:13:28 +0300 Subject: [PATCH] Pull request: all: upd chlog Merge in DNS/adguard-home from upd-chlog to master Squashed commit of the following: commit 02b33e764d540868df19cd7359f114f98c9a66ca Merge: 999a5f27 5cba78a8 Author: Ainar Garipov Date: Wed Mar 23 16:09:39 2022 +0300 Merge branch 'master' into upd-chlog commit 999a5f2718f5577e13ec59619652cc60ff7a7416 Author: Ainar Garipov Date: Wed Mar 23 16:04:35 2022 +0300 all: fix chlog commit 2fe68c5665ea63c3b3f73b8a6ace88de45f2aec1 Author: Ainar Garipov Date: Wed Mar 23 15:59:36 2022 +0300 all: imp chlog commit d5af9db6365430cc7e96d7681231db24e57aa6a5 Author: Ainar Garipov Date: Wed Mar 23 15:39:27 2022 +0300 all: upd chlog --- CHANGELOG.md | 72 ++++++++++++++++++++++++++++++++-------------------- 1 file changed, 44 insertions(+), 28 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 0a29640a..65e8a64b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -17,8 +17,9 @@ and this project adheres to ### Added -- The ability to customize the set of networks considered private through the - new `private_networks` setting ([#3142]). +- The ability to customize the set of networks that are considered private + through the new `dns.private_networks` property in the configuration file + ([#3142]). - EDNS Client-Subnet information in the request details section of a query log record ([#3978]). - Support for hostnames for plain UDP upstream servers using the `udp://` scheme @@ -32,7 +33,7 @@ and this project adheres to - The default DNS-over-QUIC port number is now `853` instead of `754` in accoradance with the latest [RFC draft][doq-draft-10] ([#4276]). - Reverse DNS now has a greater priority as the source of runtime clients' - informmation than ARP neighborhood. + information than ARP neighborhood. - Improved detection of runtime clients through more resilient ARP processing ([#3597]). - The TTL of responses served from the optimistic cache is now lowered to 10 @@ -49,16 +50,16 @@ and this project adheres to of the commit from which the binary was built ([#4221]). This should simplify reproducible builds for package maintainers and those who compile their own AdGuard Home. -- The setting `local_domain_name` is now in the `dhcp` block in the +- The property `local_domain_name` is now in the `dhcp` object in the configuration file to avoid confusion ([#3367]). -- The `dns.bogus_nxdomain` configuration file parameter now supports CIDR +- The `dns.bogus_nxdomain` property in the configuration file now supports CIDR notation alongside IP addresses ([#1730]). #### Configuration Changes In this release, the schema version has changed from 12 to 13. -- Parameter `local_domain_name`, which in schema versions 12 and earlier used to +- Property `local_domain_name`, which in schema versions 12 and earlier used to be a part of the `dns` object, is now a part of the `dhcp` object: ```yaml @@ -73,8 +74,8 @@ In this release, the schema version has changed from 12 to 13. 'local_domain_name': 'lan' ``` - To rollback this change, move the parameter back into `dns` and change the - `schema_version` back to `12`. + To rollback this change, move the property back into the `dns` object and + change the `schema_version` back to `12`. ### Deprecated @@ -86,7 +87,7 @@ In this release, the schema version has changed from 12 to 13. ### Security -- `User-Agent` HTTP header removed from outcoming DNS-over-HTTPS requests. +- `User-Agent` HTTP header removed from outgoing DNS-over-HTTPS requests. - Enforced password strength policy ([#3503]). - Weaker cipher suites that use the CBC (cipher block chaining) mode of operation have been disabled ([#2993]). @@ -113,15 +114,29 @@ In this release, the schema version has changed from 12 to 13. +## [v0.107.5] - 2022-03-04 + +This is a security update. There is no GitHub milestone, since no GitHub issues +were resolved. + +### Security + +- Go version was updated to prevent the possibility of exploiting the + [CVE-2022-24921] vulnerability. + +[CVE-2022-24921]: https://www.cvedetails.com/cve/CVE-2022-24921 + + + ## [v0.107.4] - 2022-03-01 See also the [v0.107.4 GitHub milestone][ms-v0.107.4]. @@ -135,8 +150,8 @@ See also the [v0.107.4 GitHub milestone][ms-v0.107.4]. ### Security -- Go version was updated to prevent the possibility of exploiting - [CVE-2022-23806], [CVE-2022-23772], and [CVE-2022-23773]. +- Go version was updated to prevent the possibility of exploiting the + [CVE-2022-23806], [CVE-2022-23772], and [CVE-2022-23773] vulnerabilities. [#4216]: https://github.com/AdguardTeam/AdGuardHome/issues/4216 [#4254]: https://github.com/AdguardTeam/AdGuardHome/issues/4254 @@ -235,7 +250,7 @@ See also the [v0.107.0 GitHub milestone][ms-v0.107.0]. through the new `fastest_timeout` field in the configuration file ([#1992]). - Static IP address detection on FreeBSD ([#3289]). - Optimistic cache ([#2145]). -- New possible value of `6h` for `querylog_interval` setting ([#2504]). +- New possible value of `6h` for `querylog_interval` property ([#2504]). - Blocking access using ClientIDs ([#2624], [#3162]). - `source` directives support in `/etc/network/interfaces` on Linux ([#3257]). - [RFC 9000][rfc-9000] support in QUIC. @@ -286,22 +301,22 @@ See also the [v0.107.0 GitHub milestone][ms-v0.107.0]. proxy ([#2799]). - Clients who are blocked by access settings now receive a `REFUSED` response when a protocol other than DNS-over-UDP and DNSCrypt is used. -- `querylog_interval` setting is now formatted in hours. +- `dns.querylog_interval` property is now formatted in hours. - Query log search now supports internationalized domains ([#3012]). - Internationalized domains are now shown decoded in the query log with the original encoded version shown in request details ([#3013]). - When /etc/hosts-type rules have several IPs for one host, all IPs are now returned instead of only the first one ([#1381]). -- The setting `rlimit_nofile` is now in the `os` block of the configuration - file, together with the new `group` and `user` settings ([#2763]). +- Property `rlimit_nofile` is now in the `os` object of the configuration file, + together with the new `group` and `user` properties ([#2763]). - Permissions on filter files are now `0o644` instead of `0o600` ([#3198]). #### Configuration Changes In this release, the schema version has changed from 10 to 12. -- Parameter `dns.querylog_interval`, which in schema versions 11 and earlier - used to be an integer number of days, is now a string with a human-readable +- Property `dns.querylog_interval`, which in schema versions 11 and earlier used + to be an integer number of days, is now a string with a human-readable duration: ```yaml @@ -316,10 +331,10 @@ In this release, the schema version has changed from 10 to 12. 'querylog_interval': '2160h' ``` - To rollback this change, convert the parameter back into days and change the + To rollback this change, convert the property back into days and change the `schema_version` back to `11`. -- Parameter `rlimit_nofile`, which in schema versions 10 and earlier used to be +- Property `rlimit_nofile`, which in schema versions 10 and earlier used to be on the top level, is now moved to the new `os` object: ```yaml @@ -333,7 +348,7 @@ In this release, the schema version has changed from 10 to 12. 'user': '' ``` - To rollback this change, move the parameter on the top level and change the + To rollback this change, move the property on the top level and change the `schema_version` back to `10`. ### Deprecated @@ -686,8 +701,8 @@ See also the [v0.105.1 GitHub milestone][ms-v0.105.1]. - Occasional crashes during startup. - The field `"range_start"` in the `GET /control/dhcp/status` HTTP API response is now correctly named again ([#2678]). -- DHCPv6 server's `ra_slaac_only` and `ra_allow_slaac` settings aren't reset to - `false` on update anymore ([#2653]). +- DHCPv6 server's `ra_slaac_only` and `ra_allow_slaac` properties aren't reset + to `false` on update anymore ([#2653]). - The `Vary` header is now added along with `Access-Control-Allow-Origin` to prevent cache-related and other issues in browsers ([#2658]). - The request body size limit is now set for HTTPS requests as well. @@ -864,11 +879,12 @@ See also the [v0.104.2 GitHub milestone][ms-v0.104.2]. -[Unreleased]: https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.4...HEAD +[Unreleased]: https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.5...HEAD +[v0.107.5]: https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.4...v0.107.5 [v0.107.4]: https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.3...v0.107.4 [v0.107.3]: https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.2...v0.107.3 [v0.107.2]: https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.1...v0.107.2