commit dnscrypt-proxy for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package dnscrypt-proxy for openSUSE:Factory
checked in at 2024-04-23 18:56:28
Comparing /work/SRC/openSUSE:Factory/dnscrypt-proxy (Old)
and /work/SRC/openSUSE:Factory/.dnscrypt-proxy.new.27645 (New)
Package is "dnscrypt-proxy"
Tue Apr 23 18:56:28 2024 rev:19 rq:1169724 version:2.1.5
Changes:
--- /work/SRC/openSUSE:Factory/dnscrypt-proxy/dnscrypt-proxy.changes
2024-02-06 16:34:41.827373833 +0100
+++ /work/SRC/openSUSE:Factory/.dnscrypt-proxy.new.27645/dnscrypt-proxy.changes
2024-04-23 18:56:54.328263563 +0200
@@ -1,0 +2,5 @@
+Sun Apr 21 12:00:00 UTC 2024 - cu...@mail.de
+
+- added patch quic-go.patch (boo#1222473)
+
+---
New:
quic-go.patch
BETA DEBUG BEGIN:
New:
- added patch quic-go.patch (boo#1222473)
BETA DEBUG END:
Other differences:
--
++ dnscrypt-proxy.spec ++
--- /var/tmp/diff_new_pack.YgPkxI/_old 2024-04-23 18:56:55.276297817 +0200
+++ /var/tmp/diff_new_pack.YgPkxI/_new 2024-04-23 18:56:55.280297963 +0200
@@ -43,6 +43,8 @@
Source6:%{name}.socket.conf
# dnscrypt user configuration
Source7:%{user_group}-user.conf
+# can be dropped in next release with quic-go v0.42 included (boo#1222473)
+Patch0: quic-go.patch
BuildRequires: golang-packaging
BuildRequires: pkgconfig
BuildRequires: systemd-rpm-macros
@@ -67,7 +69,7 @@
and ODoH (Oblivious DoH).
%prep
-%setup -q -n %{name}-%{version}
+%autosetup -p1 -n %{name}-%{version}
# replace with home directory from spec
sed -i "s/home_dir_placeholder/%{home_dir_escaped}/" %{SOURCE7}
++ quic-go.patch ++
From: cu...@mail.de
Date: 2024-04-21 12:00:00
Subject: Memory Exhaustion Attack against QUIC's Connection ID Mechanism
References:
https://github.com/quic-go/quic-go/commit/4a99b816ae3ab03ae5449d15aac45147c85ed47a
https://github.com/quic-go/quic-go/security/advisories/GHSA-c33x-xqrf-c478
https://bugzilla.suse.com/show_bug.cgi?id=1222473
This tries to backport commit
https://github.com/quic-go/quic-go/commit/4a99b816ae3ab03ae5449d15aac45147c85ed47a.patch
from Marten Seemann
to the vendored older version of quic-go.
dnscrypt-proxy upstream already vendors version 0.42 of quic-go with hack
included, but is not released.
Patch should be dropped with next release of dnscrypt-proxy.
---
diff -r -U 5 a/vendor/github.com/quic-go/quic-go/connection.go
b/vendor/github.com/quic-go/quic-go/connection.go
--- a/vendor/github.com/quic-go/quic-go/connection.go
+++ b/vendor/github.com/quic-go/quic-go/connection.go
@@ -516,11 +516,14 @@
var sendQueueAvailable <-chan struct{}
runLoop:
for {
- // Close immediately if requested
+ if s.framer.QueuedTooManyControlFrames() {
+ s.closeLocal(&qerr.TransportError{ErrorCode:
InternalError})
+ }
+ // Close immediately if requested
select {
case closeErr = <-s.closeChan:
break runLoop
default:
}
diff -r -U 5 a/vendor/github.com/quic-go/quic-go/framer.go
b/vendor/github.com/quic-go/quic-go/framer.go
--- a/vendor/github.com/quic-go/quic-go/framer.go
+++ b/vendor/github.com/quic-go/quic-go/framer.go
@@ -19,22 +19,32 @@
AddActiveStream(protocol.StreamID)
AppendStreamFrames([]ackhandler.StreamFrame, protocol.ByteCount,
protocol.VersionNumber) ([]ackhandler.StreamFrame, protocol.ByteCount)
Handle0RTTRejection() error
+
+ // QueuedTooManyControlFrames says if the control frame queue exceeded
its maximum queue length.
+ // This is a hack.
+ // It is easier to implement than propagating an error return value in
QueueControlFrame.
+ // The correct solution would be to queue frames with their respective
structs.
+ // See https://github.com/quic-go/quic-go/issues/4271 for the queueing
of stream-related control frames.
+ QueuedTooManyControlFrames() bool
}
+const maxControlFrames = 16 << 10
+
type framerI struct {
mutex sync.Mutex
streamGetter streamGetter
activeStreams map[protocol.StreamID]struct{}
streamQueue ringbuffer.RingBuffer[protocol.StreamID]
controlFrameMutex sync.Mutex
controlFrames []wire.Frame
+ queuedTooManyControlFrames bool
}
var _ framer = &framerI{}
func newFramer(streamGetter streamGetter) framer {
@@ -56,11 +66,24 @@
f.controlFrameMutex.Unlock()
return hasData
}
func (f *framerI) QueueControlFrame(frame wire.Frame) {
+ var returnearly bool
f.controlFrameMutex.Lock()
+ // This is a hack.
+
commit dnscrypt-proxy for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package dnscrypt-proxy for openSUSE:Factory
checked in at 2023-08-14 22:35:25
Comparing /work/SRC/openSUSE:Factory/dnscrypt-proxy (Old)
and /work/SRC/openSUSE:Factory/.dnscrypt-proxy.new.11712 (New)
Package is "dnscrypt-proxy"
Mon Aug 14 22:35:25 2023 rev:17 rq:1103718 version:2.1.5
Changes:
--- /work/SRC/openSUSE:Factory/dnscrypt-proxy/dnscrypt-proxy.changes
2023-02-11 21:58:26.604040915 +0100
+++ /work/SRC/openSUSE:Factory/.dnscrypt-proxy.new.11712/dnscrypt-proxy.changes
2023-08-14 22:35:30.184318221 +0200
@@ -1,0 +2,9 @@
+Sun Aug 13 12:00:00 UTC 2023 - cu...@mail.de - 2.1.5
+
+- Update to version 2.1.5
+ * Responses to blocked queries now include extended error codes
+ * Reliability of connections using HTTP/3 has been improved
+ * New configuration directive: "tls_key_log_file"
+ to dump TLS secret keys
+
+---
Old:
dnscrypt-proxy-2.1.4.tar.gz
New:
dnscrypt-proxy-2.1.5.tar.gz
Other differences:
--
++ dnscrypt-proxy.spec ++
--- /var/tmp/diff_new_pack.GJUslt/_old 2023-08-14 22:35:31.884329030 +0200
+++ /var/tmp/diff_new_pack.GJUslt/_new 2023-08-14 22:35:31.888329055 +0200
@@ -24,7 +24,7 @@
%define services%{name}.socket %{name}.service %{name}-resolvconf.service
Name: dnscrypt-proxy
-Version:2.1.4
+Version:2.1.5
Release:0
Summary:A tool for securing communications between a client and a DNS
resolver
License:ISC
@@ -44,7 +44,7 @@
BuildRequires: pkgconfig
BuildRequires: shadow
BuildRequires: systemd-rpm-macros
-BuildRequires: golang(API) >= 1.18
+BuildRequires: golang(API) >= 1.20
BuildRequires: pkgconfig(libsystemd)
BuildRequires: vendored_licenses_packager
# For systemd pidfile solution.
++ dnscrypt-proxy-2.1.4.tar.gz -> dnscrypt-proxy-2.1.5.tar.gz ++
/work/SRC/openSUSE:Factory/dnscrypt-proxy/dnscrypt-proxy-2.1.4.tar.gz
/work/SRC/openSUSE:Factory/.dnscrypt-proxy.new.11712/dnscrypt-proxy-2.1.5.tar.gz
differ: char 13, line 1
commit dnscrypt-proxy for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package dnscrypt-proxy for openSUSE:Factory
checked in at 2023-02-11 21:58:00
Comparing /work/SRC/openSUSE:Factory/dnscrypt-proxy (Old)
and /work/SRC/openSUSE:Factory/.dnscrypt-proxy.new.1848 (New)
Package is "dnscrypt-proxy"
Sat Feb 11 21:58:00 2023 rev:16 rq:1064411 version:2.1.4
Changes:
--- /work/SRC/openSUSE:Factory/dnscrypt-proxy/dnscrypt-proxy.changes
2023-02-05 20:19:33.052151303 +0100
+++ /work/SRC/openSUSE:Factory/.dnscrypt-proxy.new.1848/dnscrypt-proxy.changes
2023-02-11 21:58:26.604040915 +0100
@@ -1,0 +2,8 @@
+Sat Feb 11 12:00:00 UTC 2023 - cu...@mail.de - 2.1.4
+
+- Update to version 2.1.4
+ * Fixes a regression from version 2.1.3: when cloaking was enabled,
+ blocked responses were returned for records that were not A//PTR
+ even for names that were not in the cloaked list.
+
+---
Old:
dnscrypt-proxy-2.1.3.tar.gz
New:
dnscrypt-proxy-2.1.4.tar.gz
Other differences:
--
++ dnscrypt-proxy.spec ++
--- /var/tmp/diff_new_pack.BSfW0d/_old 2023-02-11 21:58:27.004043405 +0100
+++ /var/tmp/diff_new_pack.BSfW0d/_new 2023-02-11 21:58:27.008043429 +0100
@@ -24,7 +24,7 @@
%define services%{name}.socket %{name}.service %{name}-resolvconf.service
Name: dnscrypt-proxy
-Version:2.1.3
+Version:2.1.4
Release:0
Summary:A tool for securing communications between a client and a DNS
resolver
License:ISC
++ dnscrypt-proxy-2.1.3.tar.gz -> dnscrypt-proxy-2.1.4.tar.gz ++
/work/SRC/openSUSE:Factory/dnscrypt-proxy/dnscrypt-proxy-2.1.3.tar.gz
/work/SRC/openSUSE:Factory/.dnscrypt-proxy.new.1848/dnscrypt-proxy-2.1.4.tar.gz
differ: char 29, line 1
commit dnscrypt-proxy for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package dnscrypt-proxy for openSUSE:Factory
checked in at 2023-02-05 20:19:32
Comparing /work/SRC/openSUSE:Factory/dnscrypt-proxy (Old)
and /work/SRC/openSUSE:Factory/.dnscrypt-proxy.new.4462 (New)
Package is "dnscrypt-proxy"
Sun Feb 5 20:19:32 2023 rev:15 rq:1063299 version:2.1.3
Changes:
--- /work/SRC/openSUSE:Factory/dnscrypt-proxy/dnscrypt-proxy.changes
2022-08-03 21:17:21.887547068 +0200
+++ /work/SRC/openSUSE:Factory/.dnscrypt-proxy.new.4462/dnscrypt-proxy.changes
2023-02-05 20:19:33.052151303 +0100
@@ -1,0 +2,24 @@
+Sun Feb 5 12:00:00 UTC 2023 - cu...@mail.de - 2.1.3
+
+- Update to version 2.1.3
+ * DNS-over-HTTP/3 (QUIC) should be more reliable. In particular,
+ version 2.1.2 required another (non-QUIC) resolver to be present for
+ bootstrapping, or the resolver's IP address to be present in the
+ stamp. This is not the case any more.
+ * dnscrypt-proxy is now compatible with Go 1.20+
+ * Commands (-check, -show-certs, -list, -list-all) now ignore log
+ files and directly output the result to the standard output.
+ * The "cert_ignore_timestamp" configuration switch is now documented.
+ It allows ignoring timestamps for DNSCrypt certificate verification,
+ until a first server is available. This should only be used on devices
+ that don't have any ways to set the clock before DNS service is up.
+ However, a safer alternative remains to use an NTP server with a fixed
+ IP address (such as time.google.com), configured in the captive portals
+ file.
+ * Cloaking: when a name is cloaked, unsupported record types now
+ return a blocked response rather than the actual records.
+ * systemd: report Ready earlier as dnscrypt-proxy can itself manage
+ retries for updates/refreshes.
+ * vendored dependencies updated
+
+---
Old:
dnscrypt-proxy-2.1.2.tar.gz
New:
dnscrypt-proxy-2.1.3.tar.gz
Other differences:
--
++ dnscrypt-proxy.spec ++
--- /var/tmp/diff_new_pack.Dl5By7/_old 2023-02-05 20:19:33.676154949 +0100
+++ /var/tmp/diff_new_pack.Dl5By7/_new 2023-02-05 20:19:33.684154996 +0100
@@ -24,7 +24,7 @@
%define services%{name}.socket %{name}.service %{name}-resolvconf.service
Name: dnscrypt-proxy
-Version:2.1.2
+Version:2.1.3
Release:0
Summary:A tool for securing communications between a client and a DNS
resolver
License:ISC
++ dnscrypt-proxy-2.1.2.tar.gz -> dnscrypt-proxy-2.1.3.tar.gz ++
/work/SRC/openSUSE:Factory/dnscrypt-proxy/dnscrypt-proxy-2.1.2.tar.gz
/work/SRC/openSUSE:Factory/.dnscrypt-proxy.new.4462/dnscrypt-proxy-2.1.3.tar.gz
differ: char 125, line 1
commit dnscrypt-proxy for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package dnscrypt-proxy for openSUSE:Factory
checked in at 2022-08-03 21:17:03
Comparing /work/SRC/openSUSE:Factory/dnscrypt-proxy (Old)
and /work/SRC/openSUSE:Factory/.dnscrypt-proxy.new.1533 (New)
Package is "dnscrypt-proxy"
Wed Aug 3 21:17:03 2022 rev:14 rq:992596 version:2.1.2
Changes:
--- /work/SRC/openSUSE:Factory/dnscrypt-proxy/dnscrypt-proxy.changes
2022-03-26 22:32:28.718069686 +0100
+++ /work/SRC/openSUSE:Factory/.dnscrypt-proxy.new.1533/dnscrypt-proxy.changes
2022-08-03 21:17:21.887547068 +0200
@@ -1,0 +2,21 @@
+Tue Aug 2 12:00:00 UTC 2022 - cu...@mail.de - 2.1.2
+
+- Update to version 2.1.2
+ * Support for DoH over HTTP/3 (DoH3, HTTP over QUIC)
+ Compatible servers will automatically use it.
+ Note that QUIC uses UDP
+ (usually over port 443, like DNSCrypt) instead of TCP.
+ * fixed memory usage kept growing due to channels not
+ being properly closed
+ * DNS64: "CNAME" records are now translated like other responses
+ * A relay whose name has been configured, but doesn't exist in the
+ list of available relays is now a hard error
+ * "dnscrypt-proxy -resolve" now reports if ECS (EDNS-clientsubnet) is
+ supported by the server
+ * "dnscrypt-proxy -list" now includes ODoH (Oblivious DoH) servers
+ * Local DoH: queries made using the "GET" method are now handled
+ * "PTR" queries are now supported for cloaked domains
+
+- Minimum golang version now at 1.18
+
+---
Old:
dnscrypt-proxy-2.1.1.tar.gz
New:
dnscrypt-proxy-2.1.2.tar.gz
Other differences:
--
++ dnscrypt-proxy.spec ++
--- /var/tmp/diff_new_pack.A8yAUd/_old 2022-08-03 21:17:22.519548727 +0200
+++ /var/tmp/diff_new_pack.A8yAUd/_new 2022-08-03 21:17:22.531548758 +0200
@@ -24,7 +24,7 @@
%define services%{name}.socket %{name}.service %{name}-resolvconf.service
Name: dnscrypt-proxy
-Version:2.1.1
+Version:2.1.2
Release:0
Summary:A tool for securing communications between a client and a DNS
resolver
License:ISC
@@ -44,7 +44,7 @@
BuildRequires: pkgconfig
BuildRequires: shadow
BuildRequires: systemd-rpm-macros
-BuildRequires: golang(API) >= 1.16
+BuildRequires: golang(API) >= 1.18
BuildRequires: pkgconfig(libsystemd)
BuildRequires: vendored_licenses_packager
# For systemd pidfile solution.
++ dnscrypt-proxy-2.1.1.tar.gz -> dnscrypt-proxy-2.1.2.tar.gz ++
/work/SRC/openSUSE:Factory/dnscrypt-proxy/dnscrypt-proxy-2.1.1.tar.gz
/work/SRC/openSUSE:Factory/.dnscrypt-proxy.new.1533/dnscrypt-proxy-2.1.2.tar.gz
differ: char 13, line 1
++ example-dnscrypt-proxy.toml.sed ++
--- /var/tmp/diff_new_pack.A8yAUd/_old 2022-08-03 21:17:22.679549147 +0200
+++ /var/tmp/diff_new_pack.A8yAUd/_new 2022-08-03 21:17:22.683549157 +0200
@@ -12,22 +12,22 @@
s/# map_file = 'example-captive-portals.txt'/# map_file =
'\/etc\/dnscrypt-proxy\/captive-portals.txt'/
s/# cert_file = 'localhost.pem'/# cert_file =
'\/etc\/dnscrypt-proxy\/localhost.pem'/
s/# cert_key_file = 'localhost.pem'/# cert_key_file =
'\/etc\/dnscrypt-proxy\/localhost.pem'/
-s/ # file = 'query.log'/ # file = '\/var\/log\/dnscrypt-proxy\/query.log'/
-s/ # file = 'nx.log'/ # file = '\/var\/log\/dnscrypt-proxy\/nx.log'/
-s/ # blocked_names_file = 'blocked-names.txt'/ # blocked_names_file =
'\/etc\/dnscrypt-proxy\/blocked-names.txt'/
-s/ # log_file = 'blocked-names.log'/ # log_file =
'\/var\/log\/dnscrypt-proxy\/blocked-names.log'/
-s/ # blocked_ips_file = 'blocked-ips.txt'/ # blocked_ips_file =
'\/etc\/dnscrypt-proxy\/blocked-ips.txt'/
-s/ # log_file = 'blocked-ips.log'/ # log_file =
'\/var\/log\/dnscrypt-proxy\/blocked-ips.log'/
-s/ # allowed_names_file = 'allowed-names.txt'/ # allowed_names_file =
'\/etc\/dnscrypt-proxy\/allowed-names.txt'/
-s/ # log_file = 'allowed-names.log'/ # log_file =
'\/var\/log\/dnscrypt-proxy\/allowed-names.log'/
-s/ # allowed_ips_file = 'allowed-ips.txt'/ # allowed_ips_file =
'\/etc\/dnscrypt-proxy\/allowed-ips.txt'/
-s/ # log_file = 'allowed-ips.log'/ # log_file =
'\/var\/log\/dnscrypt-proxy\/allowed-ips.log'/
+s/# file = 'query.log'/# file = '\/var\/log\/dnscrypt-proxy\/query.log'/
+s/# file = 'nx.log'/# file = '\/var\/log\/dnscrypt-proxy\/nx.log'/
+s/# blocked_names_file = 'blocked-names.txt'/# blocked_names_file =
'\/etc\/dnscrypt-proxy\/blocked-names.txt'/
+s/# log_file = 'blocked-names.log'/# log_file =
'\/var\/log\/dnscrypt-proxy\/blocked-names.log'/
+s/# blocked_ips_file = 'blocked-ips.txt'/# blocked_ips_file =
'\/etc\/dnscrypt-proxy\/blocked-ips.txt'/
+s/# log_file = 'blocked-ip
commit dnscrypt-proxy for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package dnscrypt-proxy for openSUSE:Factory
checked in at 2022-03-26 22:32:04
Comparing /work/SRC/openSUSE:Factory/dnscrypt-proxy (Old)
and /work/SRC/openSUSE:Factory/.dnscrypt-proxy.new.1900 (New)
Package is "dnscrypt-proxy"
Sat Mar 26 22:32:04 2022 rev:13 rq:965062 version:2.1.1
Changes:
--- /work/SRC/openSUSE:Factory/dnscrypt-proxy/dnscrypt-proxy.changes
2021-10-05 22:34:40.386955009 +0200
+++ /work/SRC/openSUSE:Factory/.dnscrypt-proxy.new.1900/dnscrypt-proxy.changes
2022-03-26 22:32:28.718069686 +0100
@@ -1,0 +2,5 @@
+Wed Mar 22 12:00:00 UTC 2022 - cu...@mail.de
+
+- switched to vendored_licenses_packager as build dependency
+
+---
Old:
find_licenses.sh
install_licenses.sh
Other differences:
--
++ dnscrypt-proxy.spec ++
--- /var/tmp/diff_new_pack.oXR5BA/_old 2022-03-26 22:32:29.382070595 +0100
+++ /var/tmp/diff_new_pack.oXR5BA/_new 2022-03-26 22:32:29.386070600 +0100
@@ -22,7 +22,6 @@
%define home_dir%{_localstatedir}/lib/%{name}
%define log_dir %{_localstatedir}/log/%{name}
%define services%{name}.socket %{name}.service %{name}-resolvconf.service
-%define vlic_dir vendored
Name: dnscrypt-proxy
Version:2.1.1
@@ -37,20 +36,17 @@
Source3:%{name}-resolvconf.service
# File to use with sed to modify default configuration.
Source4:example-dnscrypt-proxy.toml.sed
-# Find licenses of vendored packages.
-Source5:find_licenses.sh
-# Install licenses of vendored packages.
-Source6:install_licenses.sh
# Some words
-Source7:README.openSUSE
+Source5:README.openSUSE
# Example how to override socket unit
-Source8:%{name}.socket.conf
+Source6:%{name}.socket.conf
BuildRequires: golang-packaging
BuildRequires: pkgconfig
BuildRequires: shadow
BuildRequires: systemd-rpm-macros
BuildRequires: golang(API) >= 1.16
BuildRequires: pkgconfig(libsystemd)
+BuildRequires: vendored_licenses_packager
# For systemd pidfile solution.
Requires: bash
# for daemon group/user
@@ -71,9 +67,6 @@
%prep
%setup -q -n %{name}-%{version}
-# Find licenses of vendored packages and prepare for installation
-bash %{SOURCE5} %{vlic_dir}
-
# duplicate original config file
cp ./%{name}/example-%{name}.toml ./%{name}.toml.default
@@ -89,6 +82,8 @@
# python path instead of env
sed -i "1s/#! \/usr\/bin\/env python3/#! \/usr\/bin\/python3/"
utils/generate-domains-blocklist/generate-domains-blocklist.py
+%vendored_licenses_packager_prep
+
%build
cd %{name}
go build -mod=vendor -buildmode=pie
@@ -128,15 +123,13 @@
ln -sf %{_sbindir}/service %{buildroot}%{_sbindir}/rc%{name}
ln -sf %{_sbindir}/service %{buildroot}%{_sbindir}/rc%{name}-resolvconf
-# Vendor Licenses
-install -d -m 0755 %{buildroot}%{_licensedir}/%{name}/%{vlic_dir}
-bash %{SOURCE6} %{vlic_dir} %{buildroot}/%{_licensedir}/%{name}/%{vlic_dir}
+%vendored_licenses_packager_install
# Some hints. Improvements and feedback welcome!
-cp %{SOURCE7} README.openSUSE
+cp %{SOURCE5} README.openSUSE
# Example drop-in.
-cp %{SOURCE8} %{name}.socket.conf
+cp %{SOURCE6} %{name}.socket.conf
%pre
# group and user
@@ -178,6 +171,6 @@
%dir %attr(0750,%{user_group},%{user_group}) %{home_dir}
%dir %attr(0750,%{user_group},%{user_group}) %{log_dir}
%license LICENSE
-%{_licensedir}/%{name}/%{vlic_dir}/
+%vendored_licenses_packager_files
%changelog
commit dnscrypt-proxy for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package dnscrypt-proxy for openSUSE:Factory checked in at 2021-10-05 22:34:06 Comparing /work/SRC/openSUSE:Factory/dnscrypt-proxy (Old) and /work/SRC/openSUSE:Factory/.dnscrypt-proxy.new.2443 (New) Package is "dnscrypt-proxy" Tue Oct 5 22:34:06 2021 rev:12 rq:923330 version:2.1.1 Changes: --- /work/SRC/openSUSE:Factory/dnscrypt-proxy/dnscrypt-proxy.changes 2021-08-18 08:57:17.386877699 +0200 +++ /work/SRC/openSUSE:Factory/.dnscrypt-proxy.new.2443/dnscrypt-proxy.changes 2021-10-05 22:34:40.386955009 +0200 @@ -1,0 +2,12 @@ +Fri Oct 1 12:00:00 UTC 2021 - cu...@mail.de - 2.1.1 + +- Update to version 2.1.1 + * Serve cached DoH responses when experiencing connectivity issues. + * Time attributes in allow/block lists were ignored. + * TTL served to clients is now rounded and starts decreasing +before the first query is received. + * Time-based rules are properly handled again in generate-domains-blocklist. + * DoH/ODoH: entries with an IP address and using a non-standard port +should not require help from a bootstrap resolver any more. + +--- Old: dnscrypt-proxy-2.1.0.tar.gz New: dnscrypt-proxy-2.1.1.tar.gz Other differences: -- ++ dnscrypt-proxy.spec ++ --- /var/tmp/diff_new_pack.4uhBHe/_old 2021-10-05 22:34:40.862955837 +0200 +++ /var/tmp/diff_new_pack.4uhBHe/_new 2021-10-05 22:34:40.866955844 +0200 @@ -25,7 +25,7 @@ %define vlic_dir vendored Name: dnscrypt-proxy -Version:2.1.0 +Version:2.1.1 Release:0 Summary:A tool for securing communications between a client and a DNS resolver License:ISC ++ dnscrypt-proxy-2.1.0.tar.gz -> dnscrypt-proxy-2.1.1.tar.gz ++ 20701 lines of diff (skipped)
commit dnscrypt-proxy for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package dnscrypt-proxy for openSUSE:Factory
checked in at 2021-08-18 08:56:26
Comparing /work/SRC/openSUSE:Factory/dnscrypt-proxy (Old)
and /work/SRC/openSUSE:Factory/.dnscrypt-proxy.new.1899 (New)
Package is "dnscrypt-proxy"
Wed Aug 18 08:56:26 2021 rev:11 rq:912712 version:2.1.0
Changes:
--- /work/SRC/openSUSE:Factory/dnscrypt-proxy/dnscrypt-proxy.changes
2021-02-03 19:56:46.349750439 +0100
+++ /work/SRC/openSUSE:Factory/.dnscrypt-proxy.new.1899/dnscrypt-proxy.changes
2021-08-18 08:57:17.386877699 +0200
@@ -1,0 +2,16 @@
+Sun Aug 15 12:00:00 UTC 2021 - cu...@mail.de - 2.1.0
+
+- Update to version 2.1.0
+ * "fallback_resolvers" was renamed to "bootstrap_resolvers"
+Please update your configuration file accordingly.
+ * Support for Oblivious DoH.
+ * If the proxy is overloaded, cached and synthetic queries now
+keep being served, while non-cached queries are delayed.
+ * Source URLs are now randomized.
+ * Default "reject_ttl" reduced from 600 to 10
+
+- Minimum golang version now at 1.16
+
+- Find more "legal" files to include.
+
+---
Old:
dnscrypt-proxy-2.0.45.tar.gz
New:
dnscrypt-proxy-2.1.0.tar.gz
Other differences:
--
++ dnscrypt-proxy.spec ++
--- /var/tmp/diff_new_pack.T8W8lw/_old 2021-08-18 08:57:18.002876975 +0200
+++ /var/tmp/diff_new_pack.T8W8lw/_new 2021-08-18 08:57:18.006876970 +0200
@@ -25,7 +25,7 @@
%define vlic_dir vendored
Name: dnscrypt-proxy
-Version:2.0.45
+Version:2.1.0
Release:0
Summary:A tool for securing communications between a client and a DNS
resolver
License:ISC
@@ -49,7 +49,7 @@
BuildRequires: pkgconfig
BuildRequires: shadow
BuildRequires: systemd-rpm-macros
-BuildRequires: golang(API) >= 1.15
+BuildRequires: golang(API) >= 1.16
BuildRequires: pkgconfig(libsystemd)
# For systemd pidfile solution.
Requires: bash
@@ -65,7 +65,8 @@
%description
A flexible DNS proxy, with support for modern encrypted DNS protocols
-such as DNSCrypt v2, DNS-over-HTTPS and Anonymized DNSCrypt.
+such as DNSCrypt v2, DNS-over-HTTPS, Anonymized DNSCrypt
+and ODoH (Oblivious DoH).
%prep
%setup -q -n %{name}-%{version}
++ dnscrypt-proxy-2.0.45.tar.gz -> dnscrypt-proxy-2.1.0.tar.gz ++
470867 lines of diff (skipped)
++ example-dnscrypt-proxy.toml.sed ++
--- /var/tmp/diff_new_pack.T8W8lw/_old 2021-08-18 08:57:19.026875771 +0200
+++ /var/tmp/diff_new_pack.T8W8lw/_new 2021-08-18 08:57:19.026875771 +0200
@@ -22,10 +22,12 @@
s/ # log_file = 'allowed-names.log'/ # log_file =
'\/var\/log\/dnscrypt-proxy\/allowed-names.log'/
s/ # allowed_ips_file = 'allowed-ips.txt'/ # allowed_ips_file =
'\/etc\/dnscrypt-proxy\/allowed-ips.txt'/
s/ # log_file = 'allowed-ips.log'/ # log_file =
'\/var\/log\/dnscrypt-proxy\/allowed-ips.log'/
-s/ cache_file = 'public-resolvers.md'/ cache_file =
'\/var\/lib\/dnscrypt-proxy\/public-resolvers.md'/
-s/ cache_file = 'relays.md'/ cache_file =
'\/var\/lib\/dnscrypt-proxy\/relays.md'/
-s/ # cache_file = 'quad9-resolvers.md'/ # cache_file =
'\/var\/lib\/dnscrypt-proxy\/quad9-resolvers.md'/
-s/ # cache_file = 'parental-control.md'/ # cache_file =
'\/var\/lib\/dnscrypt-proxy\/parental-control.md'/
+s/cache_file = 'public-resolvers.md'/cache_file =
'\/var\/lib\/dnscrypt-proxy\/public-resolvers.md'/
+s/cache_file = 'relays.md'/cache_file =
'\/var\/lib\/dnscrypt-proxy\/relays.md'/
+s/ # cache_file = 'odoh-servers.md'/ # cache_file =
'\/var\/lib\/dnscrypt-proxy\/odoh-servers.md'/
+s/ # cache_file = 'odoh-relays.md'/ # cache_file =
'\/var\/lib\/dnscrypt-proxy\/odoh-relays.md'/
+s/ # cache_file = 'quad9-resolvers.md'/ # cache_file =
'\/var\/lib\/dnscrypt-proxy\/quad9-resolvers.md'/
+s/ #cache_file = 'parental-control.md'/ #cache_file =
'\/var\/lib\/dnscrypt-proxy\/parental-control.md'/
# package directory instead of source code directory
s/## `utils\/generate-domains-blocklists` directory of the dnscrypt-proxy
source code./## '\/usr\/share\/dnscrypt-proxy\/generate-domains-blocklists'
directory./
++ find_licenses.sh ++
--- /var/tmp/diff_new_pack.T8W8lw/_old 2021-08-18 08:57:19.042875752 +0200
+++ /var/tmp/diff_new_pack.T8W8lw/_new 2021-08-18 08:57:19.042875752 +0200
@@ -16,6 +16,7 @@
goahead=0
hash_list=()
filename_list=()
+legal_file_names="copying copyright legal licence license notice patents
unlicense"
if [[ -z "$vendor_licenses_dir" ]]
then
@@ -35,10 +36,11 @@
then
echo Searching for licenses ...
rm $licen
commit dnscrypt-proxy for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package dnscrypt-proxy for openSUSE:Factory
checked in at 2021-02-03 19:56:41
Comparing /work/SRC/openSUSE:Factory/dnscrypt-proxy (Old)
and /work/SRC/openSUSE:Factory/.dnscrypt-proxy.new.28504 (New)
Package is "dnscrypt-proxy"
Wed Feb 3 19:56:41 2021 rev:10 rq:868982 version:2.0.45
Changes:
--- /work/SRC/openSUSE:Factory/dnscrypt-proxy/dnscrypt-proxy.changes
2021-01-19 16:02:56.415447596 +0100
+++ /work/SRC/openSUSE:Factory/.dnscrypt-proxy.new.28504/dnscrypt-proxy.changes
2021-02-03 19:56:46.349750439 +0100
@@ -1,0 +2,5 @@
+Sat Jan 30 12:00:00 UTC 2021 - cu...@mail.de
+
+- Use less predictable temporary files during build (bsc#1181502).
+
+---
Other differences:
--
++ find_licenses.sh ++
--- /var/tmp/diff_new_pack.gv03gR/_old 2021-02-03 19:56:47.693752058 +0100
+++ /var/tmp/diff_new_pack.gv03gR/_new 2021-02-03 19:56:47.693752058 +0100
@@ -12,7 +12,7 @@
vendor_licenses_dir=$1
username=$(whoami)
workingdir=$(pwd)
-licenses_file=/tmp/license_files.txt
+licenses_file=$(mktemp /tmp/license_files_XX.txt)
goahead=0
hash_list=()
filename_list=()
++ install_licenses.sh ++
--- /var/tmp/diff_new_pack.gv03gR/_old 2021-02-03 19:56:47.709752077 +0100
+++ /var/tmp/diff_new_pack.gv03gR/_new 2021-02-03 19:56:47.709752077 +0100
@@ -1,6 +1,7 @@
#!/bin/bash
# written by cunix in 2019
+# updated in 2021
#
# Installs or links previously found licenses.
#
@@ -9,8 +10,8 @@
vendor_licenses_dir=$1
install_licenses_dir=$2
-licenses_files=/tmp/real_license_files.txt
-licenses_links=/tmp/link_license_files.txt
+licenses_files=$(mktemp /tmp/real_license_files_XX.txt)
+licenses_links=$(mktemp /tmp/link_license_files_XX.txt)
rm $licenses_files
rm $licenses_links
@@ -21,6 +22,7 @@
while read line
do
install -D -m 0644 $vendor_licenses_dir/$line $install_licenses_dir/$line
+echo installed: $line
done < $licenses_files
cd $install_licenses_dir
@@ -28,4 +30,5 @@
do
combo=($line)
ln -s ${combo[1]} ${combo[0]}
+echo linked: $line
done < $licenses_links
commit dnscrypt-proxy for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package dnscrypt-proxy for openSUSE:Factory
checked in at 2021-01-19 16:02:28
Comparing /work/SRC/openSUSE:Factory/dnscrypt-proxy (Old)
and /work/SRC/openSUSE:Factory/.dnscrypt-proxy.new.28504 (New)
Package is "dnscrypt-proxy"
Tue Jan 19 16:02:28 2021 rev:9 rq:864131 version:2.0.45
Changes:
--- /work/SRC/openSUSE:Factory/dnscrypt-proxy/dnscrypt-proxy.changes
2021-01-06 19:56:33.229082235 +0100
+++ /work/SRC/openSUSE:Factory/.dnscrypt-proxy.new.28504/dnscrypt-proxy.changes
2021-01-19 16:02:56.415447596 +0100
@@ -1,0 +2,5 @@
+Thu Jan 7 20:00:00 UTC 2021 - cu...@mail.de
+
+- Added optional resolvconf support via systemd unit.
+
+---
New:
dnscrypt-proxy-resolvconf.service
Other differences:
--
++ dnscrypt-proxy.spec ++
--- /var/tmp/diff_new_pack.gcsaEO/_old 2021-01-19 16:02:57.551449304 +0100
+++ /var/tmp/diff_new_pack.gcsaEO/_new 2021-01-19 16:02:57.551449304 +0100
@@ -21,7 +21,7 @@
%define config_dir %{_sysconfdir}/%{name}
%define home_dir%{_localstatedir}/lib/%{name}
%define log_dir %{_localstatedir}/log/%{name}
-%define services%{name}.socket %{name}.service
+%define services%{name}.socket %{name}.service %{name}-resolvconf.service
%define vlic_dir vendored
Name: dnscrypt-proxy
@@ -34,16 +34,17 @@
Source0:
https://codeload.github.com/DNSCrypt/%{name}/tar.gz/%{version}#/%{name}-%{version}.tar.gz
Source1:%{name}.service
Source2:%{name}.socket
+Source3:%{name}-resolvconf.service
# File to use with sed to modify default configuration.
-Source3:example-dnscrypt-proxy.toml.sed
+Source4:example-dnscrypt-proxy.toml.sed
# Find licenses of vendored packages.
-Source4:find_licenses.sh
+Source5:find_licenses.sh
# Install licenses of vendored packages.
-Source5:install_licenses.sh
+Source6:install_licenses.sh
# Some words
-Source6:README.openSUSE
+Source7:README.openSUSE
# Example how to override socket unit
-Source7:%{name}.socket.conf
+Source8:%{name}.socket.conf
BuildRequires: golang-packaging
BuildRequires: pkgconfig
BuildRequires: shadow
@@ -56,6 +57,8 @@
Requires(pre): shadow
%{?systemd_requires}
Recommends: ca-certificates
+# needed for resolvconf support
+Suggests: openresolv
Provides: dnscrypt = %{version}-%{release}
Obsoletes: dnscrypt < %{version}-%{release}
BuildRoot: %{_tmppath}/%{name}-%{version}-build
@@ -68,13 +71,13 @@
%setup -q -n %{name}-%{version}
# Find licenses of vendored packages and prepare for installation
-bash %{SOURCE4} %{vlic_dir}
+bash %{SOURCE5} %{vlic_dir}
# duplicate original config file
cp ./%{name}/example-%{name}.toml ./%{name}.toml.default
# Edit default port and file locations
-sed -i -f %{SOURCE3} ./%{name}.toml.default
+sed -i -f %{SOURCE4} ./%{name}.toml.default
# duplicate edited config file
cp ./%{name}.toml.default ./%{name}.toml
@@ -118,19 +121,21 @@
# Systemd
install -D -m 0644 %{SOURCE1} %{buildroot}%{_unitdir}/%{name}.service
install -D -m 0644 %{SOURCE2} %{buildroot}%{_unitdir}/%{name}.socket
+install -D -m 0644 %{SOURCE3}
%{buildroot}%{_unitdir}/%{name}-resolvconf.service
# service link
ln -sf %{_sbindir}/service %{buildroot}%{_sbindir}/rc%{name}
+ln -sf %{_sbindir}/service %{buildroot}%{_sbindir}/rc%{name}-resolvconf
# Vendor Licenses
install -d -m 0755 %{buildroot}%{_licensedir}/%{name}/%{vlic_dir}
-bash %{SOURCE5} %{vlic_dir} %{buildroot}/%{_licensedir}/%{name}/%{vlic_dir}
+bash %{SOURCE6} %{vlic_dir} %{buildroot}/%{_licensedir}/%{name}/%{vlic_dir}
# Some hints. Improvements and feedback welcome!
-cp %{SOURCE6} README.openSUSE
+cp %{SOURCE7} README.openSUSE
# Example drop-in.
-cp %{SOURCE7} %{name}.socket.conf
+cp %{SOURCE8} %{name}.socket.conf
%pre
# group and user
@@ -163,8 +168,10 @@
%config(noreplace) %attr(-,root,%{user_group})
%{config_dir}/forwarding-rules.txt
%{_sbindir}/%{name}
%{_sbindir}/rc%{name}
+%{_sbindir}/rc%{name}-resolvconf
%{_unitdir}/%{name}.service
%{_unitdir}/%{name}.socket
+%{_unitdir}/%{name}-resolvconf.service
%{_datadir}/%{name}/
%dir %attr(0750,root,%{user_group}) %{config_dir}
%dir %attr(0750,%{user_group},%{user_group}) %{home_dir}
++ README.openSUSE ++
--- /var/tmp/diff_new_pack.gcsaEO/_old 2021-01-19 16:02:57.599449376 +0100
+++ /var/tmp/diff_new_pack.gcsaEO/_new 2021-01-19 16:02:57.603449382 +0100
@@ -1,6 +1,6 @@
***
*
