From c46c2423288c0b5daf2b9095775ab85f8fe965da Mon Sep 17 00:00:00 2001 From: nmfretz Date: Mon, 12 Aug 2024 13:06:04 +1000 Subject: [PATCH 1/3] Update pi-hole to 2024.07.0 --- pi-hole/docker-compose.yml | 4 ++-- pi-hole/umbrel-app.yml | 13 ++++++++----- 2 files changed, 10 insertions(+), 7 deletions(-) diff --git a/pi-hole/docker-compose.yml b/pi-hole/docker-compose.yml index f89eac417f..bb2566f72d 100644 --- a/pi-hole/docker-compose.yml +++ b/pi-hole/docker-compose.yml @@ -2,7 +2,7 @@ version: "3.7" services: server: - image: pihole/pihole:2024.02.0@sha256:8077053835c2d2449041adad0c272d6e5fea3df91c5dfc3dae2bd950999c3118 + image: pihole/pihole:2024.07.0@sha256:0def896a596e8d45780b6359dbf82fc8c75ef05b97e095452e67a0a4ccc95377 # Pi-hole doesn't currently support running as non-root # https://github.com/pi-hole/docker-pi-hole/issues/685 # user: "1000:1000" @@ -18,4 +18,4 @@ services: # Listen on all interfaces, permit all origins - DNSMASQ_LISTENING=all cap_add: - - NET_ADMIN + - NET_ADMIN \ No newline at end of file diff --git a/pi-hole/umbrel-app.yml b/pi-hole/umbrel-app.yml index f4e2e61626..364e02eea6 100644 --- a/pi-hole/umbrel-app.yml +++ b/pi-hole/umbrel-app.yml @@ -2,7 +2,7 @@ manifestVersion: 1.1 id: pi-hole category: networking name: Pi-hole -version: "2024.02.0" +version: "2024.07.0" tagline: Block ads on your entire network description: >- Instead of browser plugins or other software on each computer, @@ -13,7 +13,7 @@ description: >- improved and will feel faster. - In addition to blocking advertisements, Pi-hole® has an informative Web interface that shows stats on all the domains being queried on your network. Pi-hole® works fine with an existing DHCP server, but you can use Pi-hole®’s to keep your network management in one place. + In addition to blocking advertisements, Pi-hole® has an informative Web interface that shows stats on all the domains being queried on your network. Pi-hole® works fine with an existing DHCP server, but you can use Pi-hole®'s to keep your network management in one place. Pi-hole® and the Pi-hole® logo are registered trademarks of Pi-hole. Umbrel is not sponsored, endorsed by, or associated with Pi-hole®. developer: Pi-hole® @@ -31,9 +31,12 @@ defaultUsername: "" deterministicPassword: true torOnly: false releaseNotes: >- - This is a minor bug-fix release, and includes FTL v5.24, Web 5.12, and Core v5.17.3. + 🚨 A vulnerability was recently discovered in Pi-hole's gravity script that could allow an authenticated user to read system files through the web interface. - Full release notes can be found here: https://pi-hole.net/blog/2024/01/06/pi-hole-ftl-v5-24-and-core-v5-17-3-released/ + This release mitigates the vulnerability by limiting gravity's ability to read local files to only those that are explicitly readable by anyone on the system. + + + Full release notes can be found here: https://github.com/pi-hole/pi-hole/security/advisories/GHSA-95g6-7q26-mp9x submitter: Umbrel -submission: https://github.com/getumbrel/umbrel/commit/9ca55a25e043dcd50d5cb92c6ec756d368bb4794 +submission: https://github.com/getumbrel/umbrel/commit/9ca55a25e043dcd50d5cb92c6ec756d368bb4794 \ No newline at end of file From b6f1bcaa8e1cd6de127823a1762353cc2a4b605d Mon Sep 17 00:00:00 2001 From: nmfretz Date: Tue, 13 Aug 2024 12:31:23 +1000 Subject: [PATCH 2/3] Tweak release notes --- pi-hole/umbrel-app.yml | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/pi-hole/umbrel-app.yml b/pi-hole/umbrel-app.yml index 364e02eea6..6b04eaaa40 100644 --- a/pi-hole/umbrel-app.yml +++ b/pi-hole/umbrel-app.yml @@ -31,12 +31,9 @@ defaultUsername: "" deterministicPassword: true torOnly: false releaseNotes: >- - 🚨 A vulnerability was recently discovered in Pi-hole's gravity script that could allow an authenticated user to read system files through the web interface. + 🚨 This release fixes a vulnerability that was recently discovered in Pi-hole's gravity script that could allow an authenticated user to read system files through the web interface. Please update immediately. - This release mitigates the vulnerability by limiting gravity's ability to read local files to only those that are explicitly readable by anyone on the system. - - - Full release notes can be found here: https://github.com/pi-hole/pi-hole/security/advisories/GHSA-95g6-7q26-mp9x + More information can be found at https://github.com/pi-hole/pi-hole/security/advisories/GHSA-95g6-7q26-mp9x submitter: Umbrel submission: https://github.com/getumbrel/umbrel/commit/9ca55a25e043dcd50d5cb92c6ec756d368bb4794 \ No newline at end of file From ec8b14daea13cc117d3078c969626a51f7a97aa5 Mon Sep 17 00:00:00 2001 From: nmfretz Date: Tue, 13 Aug 2024 12:32:56 +1000 Subject: [PATCH 3/3] Add whitespace to description --- pi-hole/umbrel-app.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/pi-hole/umbrel-app.yml b/pi-hole/umbrel-app.yml index 6b04eaaa40..9e039db1bb 100644 --- a/pi-hole/umbrel-app.yml +++ b/pi-hole/umbrel-app.yml @@ -15,6 +15,7 @@ description: >- In addition to blocking advertisements, Pi-hole® has an informative Web interface that shows stats on all the domains being queried on your network. Pi-hole® works fine with an existing DHCP server, but you can use Pi-hole®'s to keep your network management in one place. + Pi-hole® and the Pi-hole® logo are registered trademarks of Pi-hole. Umbrel is not sponsored, endorsed by, or associated with Pi-hole®. developer: Pi-hole® website: https://pi-hole.net