* A new module `uci` added since this version.
* Fix an installation issue: Existing soft links should be preserved when installing libeco.
Signed-off-by: Jianhui Zhao <zhaojh329@gmail.com>
(cherry picked from commit d1f9862893)
* added a new "divested" feed, see https://divested.dev/pages/dnsbl
* added a new nsfw category of the hagezi feed
* added the missing custom feed file handling in the backend
* added a geoIP map with all blocked domains (plus the homeIP) in a
modal popup window on the Reporting tab in LuCI
* fixed the fetchcmd autodetection
* small code fixes and improvements
* update the readme, added a new "Best practise" section
* update different LuCI components (separate commit)
Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit 58d0992886)
It needs to be group writable or session.key can't be written once
named drops privileges.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
(cherry picked from commit b82574b31c)
CVE-2025-40775: Prevent assertion when processing TSIG algorithm. DNS messages
that included a Transaction Signature (TSIG) containing an invalid value in the
algorithm field caused named to crash with an assertion failure. This has been
fixed.
Signed-off-by: Noah Meyerhans <frodo@morgul.net>
(cherry picked from commit bafabd520e)
Until now it was not possible to stop the acme service, because the handling
was done via cron. With this change, the acme handler can now be stopped by
calling '/etc/init.d/acme' stop. This call removes the entry from the crontab.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Since procd is now used, the call of '/etc/init.d/acme' does not have to be
locked separately. This code block can therefore be removed.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
In the current implementation, the config change trigger is no longer set
at boot time. This is because during boot, only the '$CHALLENGE_DIR' is
created with the boot function. The 'start_service' is first called by first
cron call at midnight. This call is installing the service_triggers reload
handling.
To fix this, add a new extra_command 'renew' that is responsible to renew
the acme. This function is called from cron and the start_service
function does the rest.
* Create directories
* Install service reload trigger form acme config change
Fixes: 76f17ab15b (acme-common: Create challenge directory on boot)
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
The challenge directory (for webroot challenges) is on a tmpfs, which
means it doesn't exist on boot. Some web servers (uhttpd in particular)
don't like being configured to serve files from a non-existent
directory. So add a boot() section to the ACME init script that just
creates the challenge directory, and make sure it runs relatively early.
That should take care of the non-existent directory issue, while still
keeping the actual certificate renewal controlled by cron.
Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
Verbatim copy from upstream's release notes:
Notes for BIND 9.20.7
- New Features
- Implement the min-transfer-rate-in configuration option.
- A new option min-transfer-rate-in has been added to the view and zone configurations. It can abort incoming zone transfers that run very slowly due to network-related issues, for example. The default value is 10240 bytes in five minutes. [GL #3914]
- Add HTTPS record query to host command line tool.
- The host command was extended to also query for the HTTPS RR type by default.
- Implement sig0key-checks-limit and sig0message-checks-limit.
- Previously, a hard-coded limitation of a maximum of two key or message verification checks was introduced when checking a message’s SIG(0) signature, to protect against possible DoS attacks. Two as a maximum was chosen so that more than a single key should only be required during key rotations, and in that case two keys are enough. It later became apparent that there are other use cases where even more keys are required; see the related GitLab issue for examples.
- This change introduces two new configuration options for the views: sig0key-checks-limit and sig0message-checks-limit. They define how many keys can be checked to find a matching key, and how many message verifications are allowed to take place once a matching key has been found. The former provides slightly less “expensive” key parsing operations and defaults to 16. The latter protects against expensive cryptographic operations when there are keys with colliding tags and algorithm numbers; the default is 2. [GL #5050]
- Bug Fixes
- Fix dual-stack-servers configuration option.
- The dual-stack-servers configuration option was not working as expected; the specified servers were not being used when they should have been, leading to resolution failures. This has been fixed. [GL #5019]
- Fix a data race causing a permanent active client increase.
- Previously, a data race could cause a newly created fetch context for a new client to be used before it had been fully initialized, which would cause the query to become stuck; queries for the same data would be either paused indefinitely or dropped because of the clients-per-query limit. This has been fixed. [GL #5053]
- Fix deferred validation of unsigned DS and DNSKEY records.
- When processing a query with the “checking disabled” bit set (CD=1), named stores the invalidated result in the cache, marked “pending”. When the same query is sent with CD=0, the cached data is validated and either accepted as an answer, or ejected from the cache as invalid. This deferred validation was not attempted for DS and DNSKEY records if they had no cached signatures, causing spurious validation failures. The deferred validation is now completed in this scenario.
- Also, if deferred validation fails, the data is now re-queried to find out whether the zone has been corrected since the invalid data was cached. [GL #5066]
- Fix RPZ race condition during a reconfiguration.
- With RPZ in use, named could terminate unexpectedly because of a race condition when a reconfiguration command was received using rndc. This has been fixed. [GL #5146]
- “CNAME and other data check” not applied to all types.
- An incorrect optimization caused “CNAME and other data” errors not to be detected if certain types were at the same node as a CNAME. This has been fixed. [GL #5150]
- Relax private DNSKEY and RRSIG constraints.
- DNSKEY, KEY, RRSIG, and SIG constraints have been relaxed to allow empty key and signature material after the algorithm identifier for PRIVATEOID and PRIVATEDNS. It is arguable whether this falls within the expected use of these types, as no key material is shared and the signatures are ineffective, but these are private algorithms and they can be totally insecure. [GL #5167]
- Remove NSEC/DS/NSEC3 RRSIG check from dns_message_parse().
- Previously, when parsing responses, named incorrectly rejected responses without matching RRSIG records for NSEC/DS/NSEC3 records in the authority section. This rejection, if appropriate, should have been left for the validator to determine and has been fixed. [GL #5185]
- Fix TTL issue with ANY queries processed through RPZ “passthru”.
- Answers to an “ANY” query which were processed by the RPZ “passthru” policy had the response-policy’s max-policy-ttl value unexpectedly applied. This has been fixed. [GL #5187]
- dnssec-signzone needs to check for a NULL key when setting offline.
- dnssec-signzone could dereference a NULL key pointer when resigning a zone. This has been fixed. [GL #5192]
- Fix a bug in the statistics channel when querying zone transfer information.
- When querying zone transfer information from the statistics channel, there was a rare possibility that named could terminate unexpectedly if a zone transfer was in a state when transferring from all the available primary servers had failed earlier. This has been fixed. [GL #5198]
- Fix assertion failure when dumping recursing clients.
- Previously, if a new counter was added to the hash table while dumping recursing clients via the rndc recursing command, and fetches-per-zone was enabled, an assertion failure could occur. This has been fixed. [GL #5200]
- Dump the active resolver fetches from dns_resolver_dumpfetches()
- Previously, active resolver fetches were only dumped when the fetches-per-zone configuration option was enabled. Now, active resolver fetches are dumped along with the number of clients-per-query counters per resolver fetch.
Notes for BIND 9.20.6
- New Features
- Adds support for EDE code 1 and 2.
- Support was added for EDE codes 1 and 2, which might occur during DNSSEC validation in the case of an unsupported RRSIG algorithm or DNSKEY digest. [GL #2715]
- Add an rndc command to toggle jemalloc profiling.
- The new command is rndc memprof; the memory profiling status is also reported inside rndc status. The status shows whether named can toggle memory profiling, and whether the server is built with jemalloc. [GL #4759]
- Add support for multiple extended DNS errors.
- The Extended DNS Error (EDE) mechanism may raise errors during a DNS resolution. named is now able to add up to three EDE codes in a DNS response. If there are duplicate error codes, only the first one is part of the DNS response. [GL #5085]
- Print the expiration time of stale records.
- BIND now prints the expiration time of any stale RRsets in the cache dump.
- Bug Fixes
- Recently expired records could be returned with a timestamp in future.
- Under rare circumstances, an RRSet that expired at the time of the query could be returned with a TTL in the future. This has been fixed.
- As a side effect, the expiration time of expired RRSets is no longer returned in a cache dump. [GL #5094]
- YAML string not terminated in negative response in delv.
- [GL #5098]
- Fix a bug in dnssec-signzone related to keys being offline.
- When dnssec-signzone was called on an already-signed zone and the private key file was unavailable, a signature that needed to be refreshed was dropped without being able to generate a replacement. This has been fixed. [GL #5126]
- Apply the memory limit only to ADB database items.
- Under heavy load, a resolver could exhaust the memory available for storing the information in the Address Database (ADB), effectively discarding previously stored information in the ADB. The memory used to retrieve and provide information from the ADB is no longer subject to the same memory limits that are applied to the Address Database. [GL #5127]
- Avoid unnecessary locking in the zone/cache database.
- Lock contention among many worker threads referring to the same database node at the same time is now prevented. This improves zone and cache database performance for any heavily contended database nodes. [GL #5130]
- Fix reporting of Extended DNS Error 22 (No Reachable Authority).
- This error code was previously not reported in some applicable situations. This has been fixed. [GL #5137]
Compile tested: x86/64, QEMU Standard PC (Q35 + ICH9, 2009), r29064-696ad7b1aa09
Compile tested: ath79/generic, TP-Link Archer C7 v4, r29064-696ad7b1aa09
Compile tested: realtek/rtl838x, Netgear GS108T v3, r29064-696ad7b1aa09
Run tested: x86/64, QEMU Standard PC (Q35 + ICH9, 2009), r29064-696ad7b1aa09, booted and used for 7h without issues
Run tested: ath79/generic, TP-Link Archer C7 v4, r29064-696ad7b1aa09, booted and used for 7h without issues
Run tested: realtek/rtl838x, Netgear GS108T v3, r29064-696ad7b1aa09, booted and used for 7h without issues
Signed-off-by: Pascal Ernster <git@hardfalcon.net>
(cherry picked from commit 2d66b6c8f2)
* update to 2025.05.11 from upstream: a34e20d6e2
* update default config with default value for procd_fw_src_interfaces
Signed-off-by: Stan Grishin <stangri@melmac.ca>
(cherry picked from commit ece4291596)
- chore(lib): expose model methods to obtain progress
- feat(gui): explanation to options enabled or disabled per folder type
- fix(gui): validate device ID in canonical form
- fix(config): remove discontinued primary STUN server
- fix(stun): better error handling
- chore(config): remove discontinued secondary STUN servers
- chore(fs): speed up case normalization
- build(deps): update dependencies
- feat(fs, config): add support for custom filesystem type construction
- build: replace underscore in Debian version
- chore(model): add metric for total number of conflicts
- fix(config): properly apply defaults when reading folder configuration
- fix(config): zero filesystemtype is "basic"
- build: push artifacts to Azure
- chore(config): resolve primary STUN servers via SRV record
- chore(fs): changes to allow Filesystem to be implemented externally
- fix(strings): differentiate setup(n) and set(v) up
- fix(gui): mark unseen disconnected devices as inactive
- fix(syncthing): use separate lock file instead of locking the
certificate
- feat(api, gui): allow authentication bypass for metrics
- chore: add missing copyright in new files from infra branch
- fix(osutil): give threads same I/O priority on Linux
- chore(syncthing): remove support for TLS 1.2 sync connections
- chore(gui): update dependency copyrights, add script for periodic
maintenance
- chore(api): log X-Forwarded-For
- feat(config): add option for audit file
- chore(gui): use go list --deps for dependency list
- fix(strelaysrv): make the session limiter session-dependent
Changelog: https://github.com/syncthing/syncthing/compare/v1.29.5...v1.29.6
Signed-off-by: George Sapkin <george@sapk.in>
(cherry picked from commit 9f78bed3f8)
* do not display errors on negated values
* improved output in verbose mode
Signed-off-by: Stan Grishin <stangri@melmac.ca>
(cherry picked from commit a443f2e200)
