Merge branch 'master' into 4990-custom-ciphers

ssrahul96 · Oct 14, 2022 · a736f67 · a736f67
2 parents a126f51 + fee81b3
commit a736f67
Show file tree

Hide file tree

Showing 109 changed files with 3,917 additions and 1,991 deletions.
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -1,7 +1,7 @@
 'name': 'build'
 
 'env':
-  'GO_VERSION': '1.18.6'
+  'GO_VERSION': '1.18.7'
   'NODE_VERSION': '14'
 
 'on':

diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml
@@ -1,7 +1,7 @@
 'name': 'lint'
 
 'env':
-  'GO_VERSION': '1.18.6'
+  'GO_VERSION': '1.18.7'
 
 'on':
   'push':

diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -11,30 +11,80 @@ and this project adheres to
 
 ## [Unreleased]
 
+<!--
+## [v0.108.0] - TBA (APPROX.)
+-->
 
-### Added
+## Added
+
+- The new optional `tls.override_tls_ciphers` property, which allows
+  overriding TLS ciphers used by AdGuard Home ([#4925], [#4990]).
+- The ability to serve DNS on link-local IPv6 addresses ([#2926]).
+- The ability to put [ClientIDs][clientid] into DNS-over-HTTPS hostnames as
+  opposed to URL paths ([#3418]).  Note that AdGuard Home checks the server name
+  only if the URL does not contain a ClientID.
+
+### Changed
 
-- The new optional `tls.override_tls_ciphers` property list, which can be set in
-  the configuration file.  It allows overriding TLS Ciphers that are used for
-  https listeners ([#4925])
+- Responses with `SERVFAIL` code are now cached for at least 30 seconds.
 
+### Fixed
+
+- The default value of `dns.cache_size` accidentally set to 0 has now been
+  reverted to 4 MiB ([#5010]).
+- Responses for which the DNSSEC validation had explicitly been omitted aren't
+  cached now ([#4942]).
+- Web UI not switching to HTTP/3 ([#4986], [#4993]).
+
+[#2926]: https://github.com/AdguardTeam/AdGuardHome/issues/2926
+[#3418]: https://github.com/AdguardTeam/AdGuardHome/issues/3418
 [#4925]: https://github.com/AdguardTeam/AdGuardHome/issues/4925
+[#4942]: https://github.com/AdguardTeam/AdGuardHome/issues/4942
+[#4986]: https://github.com/AdguardTeam/AdGuardHome/issues/4986
+[#4990]: https://github.com/AdguardTeam/AdGuardHome/issues/4990
+[#4993]: https://github.com/AdguardTeam/AdGuardHome/issues/4993
+[#5010]: https://github.com/AdguardTeam/AdGuardHome/issues/5010
 
-<!--
-## [v0.108.0] - TBA (APPROX.)
--->
+[clientid]:  https://github.com/AdguardTeam/AdGuardHome/wiki/Clients#clientid
 
 
 
 <!--
-## [v0.107.16] - 2022-11-02 (APPROX.)
+## [v0.107.17] - 2022-11-02 (APPROX.)
 
-See also the [v0.107.16 GitHub milestone][ms-v0.107.15].
+See also the [v0.107.17 GitHub milestone][ms-v0.107.17].
 
+<<<<<<< HEAD
 [ms-v0.107.16]: https://github.com/AdguardTeam/AdGuardHome/milestone/52?closed=1
+||||||| bf792b83f
+[ms-v0.107.16]:   https://github.com/AdguardTeam/AdGuardHome/milestone/52?closed=1
+=======
+[ms-v0.107.17]:   https://github.com/AdguardTeam/AdGuardHome/milestone/52?closed=1
+>>>>>>> master
 -->
 
 
+<<<<<<< HEAD
+||||||| bf792b83f
+
+=======
+
+## [v0.107.16] - 2022-10-07
+
+This is a security update.  There is no GitHub milestone, since no GitHub issues
+were resolved.
+
+## Security
+
+- Go version has been updated to prevent the possibility of exploiting the
+  CVE-2022-2879, CVE-2022-2880, and CVE-2022-41715 Go vulnerabilities fixed in
+  [Go 1.18.7][go-1.18.7].
+
+[go-1.18.7]: https://groups.google.com/g/golang-announce/c/xtuG5faxtaU
+
+
+
+>>>>>>> master
 ## [v0.107.15] - 2022-10-03
 
 See also the [v0.107.15 GitHub milestone][ms-v0.107.15].
@@ -57,7 +107,7 @@ experimental and may break or change in the future.
   explicitly enabled by setting the new property `dns.serve_http3` in the
   configuration file to `true`.
 - DNS-over-HTTP upstreams can now upgrade to HTTP/3 if the new configuration
-  file property `use_http3_upstreams` is set to `true`.
+  file property `dns.use_http3_upstreams` is set to `true`.
 - Upstreams with forced DNS-over-HTTP/3 and no fallback to prior HTTP versions
   using the `h3://` scheme.
 
@@ -171,7 +221,7 @@ See also the [v0.107.12 GitHub milestone][ms-v0.107.12].
 
 ### Security
 
-- Go version was updated to prevent the possibility of exploiting the
+- Go version has been updated to prevent the possibility of exploiting the
   CVE-2022-27664 and CVE-2022-32190 Go vulnerabilities fixed in
   [Go 1.18.6][go-1.18.6].
 
@@ -292,7 +342,7 @@ See also the [v0.107.9 GitHub milestone][ms-v0.107.9].
 
 ### Security
 
-- Go version was updated to prevent the possibility of exploiting the
+- Go version has been updated to prevent the possibility of exploiting the
   CVE-2022-32189 Go vulnerability fixed in [Go 1.18.5][go-1.18.5].  Go 1.17
   support has also been removed, as it has reached end of life and will not
   receive security updates.
@@ -335,7 +385,7 @@ See also the [v0.107.8 GitHub milestone][ms-v0.107.8].
 
 ### Security
 
-- Go version was updated to prevent the possibility of exploiting the
+- Go version has been updated to prevent the possibility of exploiting the
   CVE-2022-1705, CVE-2022-32148, CVE-2022-30631, and other Go vulnerabilities
   fixed in [Go 1.17.12][go-1.17.12].
 
@@ -371,7 +421,7 @@ See also the [v0.107.7 GitHub milestone][ms-v0.107.7].
 
 ### Security
 
-- Go version was updated to prevent the possibility of exploiting the
+- Go version has been updated to prevent the possibility of exploiting the
   [CVE-2022-29526], [CVE-2022-30634], [CVE-2022-30629], [CVE-2022-30580], and
   [CVE-2022-29804] Go vulnerabilities.
 - Enforced password strength policy ([#3503]).
@@ -528,7 +578,7 @@ See also the [v0.107.6 GitHub milestone][ms-v0.107.6].
 ### Security
 
 - `User-Agent` HTTP header removed from outgoing DNS-over-HTTPS requests.
-- Go version was updated to prevent the possibility of exploiting the
+- Go version has been updated to prevent the possibility of exploiting the
   [CVE-2022-24675], [CVE-2022-27536], and [CVE-2022-28327] Go vulnerabilities.
 
 ### Added
@@ -583,7 +633,7 @@ were resolved.
 
 ### Security
 
-- Go version was updated to prevent the possibility of exploiting the
+- Go version has been updated to prevent the possibility of exploiting the
   [CVE-2022-24921] Go vulnerability.
 
 [CVE-2022-24921]: https://www.cvedetails.com/cve/CVE-2022-24921
@@ -596,7 +646,7 @@ See also the [v0.107.4 GitHub milestone][ms-v0.107.4].
 
 ### Security
 
-- Go version was updated to prevent the possibility of exploiting the
+- Go version has been updated to prevent the possibility of exploiting the
   [CVE-2022-23806], [CVE-2022-23772], and [CVE-2022-23773] Go vulnerabilities.
 
 ### Fixed
@@ -1333,11 +1383,12 @@ See also the [v0.104.2 GitHub milestone][ms-v0.104.2].
 
 
 <!--
-[Unreleased]: https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.16...HEAD
-[v0.107.16]:  https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.15...v0.107.15
+[Unreleased]: https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.17...HEAD
+[v0.107.17]:  https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.16...v0.107.17
 -->
 
-[Unreleased]: https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.15...HEAD
+[Unreleased]: https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.16...HEAD
+[v0.107.16]:  https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.15...v0.107.16
 [v0.107.15]:  https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.14...v0.107.15
 [v0.107.14]:  https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.13...v0.107.14
 [v0.107.13]:  https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.12...v0.107.13

diff --git a/Makefile b/Makefile
@@ -34,7 +34,7 @@ YARN_INSTALL_FLAGS = $(YARN_FLAGS) --network-timeout 120000 --silent\
 	--ignore-engines --ignore-optional --ignore-platform\
 	--ignore-scripts
 
-V1API = 0
+NEXTAPI = 0
 
 # Macros for the build-release target.  If FRONTEND_PREBUILT is 0, the
 # default, the macro $(BUILD_RELEASE_DEPS_$(FRONTEND_PREBUILT)) expands
@@ -63,7 +63,7 @@ ENV = env\
 	PATH="$${PWD}/bin:$$( "$(GO.MACRO)" env GOPATH )/bin:$${PATH}"\
 	RACE='$(RACE)'\
 	SIGN='$(SIGN)'\
-	V1API='$(V1API)'\
+	NEXTAPI='$(NEXTAPI)'\
 	VERBOSE='$(VERBOSE)'\
 	VERSION='$(VERSION)'\