changes for 0.8.3, and checksum updates

2025-01-29 15:43:34 -05:00 · 2022-11-11 15:12:30 +01:00 · 2022-11-11 15:12:30 +01:00 · 2023cc4655
commit 2023cc4655
parent 20ce084a49
3 changed files with 22 additions and 2 deletions
--- a/CHANGES.md
+++ b/CHANGES.md
@ -1,3 +1,23 @@
+### 0.8.3 (2022-11-11)
+
+- Fix "DNS issues", a firewall ruleset with a domain name lead to 100% CPU usage
+  (reported by fiftyfourthparallel on
+  https://forum.qubes-os.org/t/mirage-firewall-0-8-2-broken-new-users-should-install-0-8-1/14566,
+  re-reported by @palainp in #158, fixed by @hannesm in mirage/mirage-nat#48
+  (release 3.0.1)) - underlying issue was a wrong definition of `is_port_free`
+  (since 3.0.0, used since mirage-qubes-firewall 0.8.2).
+- Fix "crash on downstream vm start", after more than 64 client VMs have been
+  connected and disconnected with the qubes-mirage-firewall (reported by @xaki23
+  in #155, fixed by @hannesm in #161) - underlying issue was a leak of xenstore
+  watchers and a hard limit in xen on the amount of watchers
+- Fix "detach netvm fails" (reported by @rootnoob in #157, fixed by @palainp
+  in mirage/mirage-net-xen#105 (release 2.1.2)) - underlying issue was that the
+  network interface state was never set to closed, but directly removed
+- Fix potential DoS in handling DNS replies (#162 @hannesm)
+- Avoid potential forever loop in My_nat.free_udp_port (#159 @hannesm)
+- Assorted code removals (#161 @hannesm)
+- Update to dns 6.4.0 changes (#154, @hannesm)
+
 ### 0.8.2 (2022-10-12)

 - Advise to use 32 MB memory, which is sufficient (#150, @palainp)
--- a/2
+++ b/2
@ -11,7 +11,7 @@ RUN sudo ln -sf /usr/bin/opam-2.1 /usr/bin/opam
 # Pin last known-good version for reproducible builds.
 # Remove this line (and the base image pin above) if you want to test with the
 # latest versions.
-RUN cd /home/opam/opam-repository && git fetch origin master && git reset --hard 7b89f6e5c24cf4076252e71abcbbe4d205705627 && opam update
+RUN cd /home/opam/opam-repository && git fetch origin master && git reset --hard 685eb4efcebfa671660e55d76dea017f00fed4d9 && opam update

 RUN opam install -y mirage opam-monorepo
 RUN mkdir /home/opam/qubes-mirage-firewall
--- a/build-with-docker.sh
+++ b/build-with-docker.sh
@ -5,5 +5,5 @@ docker build -t qubes-mirage-firewall .
 echo Building Firewall...
 docker run --rm -i -v `pwd`:/home/opam/qubes-mirage-firewall qubes-mirage-firewall
 echo "SHA2 of build:   $(sha256sum ./dist/qubes-firewall.xen)"
-echo "SHA2 last known: 88fdd86993dfbd2e2c4a4d502c350bef091d7831405cf983aebe85f936799f2d"
+echo "SHA2 last known: f499b2379c62917ac32854be63f201e6b90466e645e54dea51e376baccdf26ab"
 echo "(hashes should match for released versions)"