commit dnscrypt-proxy for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package dnscrypt-proxy for openSUSE:Factory checked in at 2024-04-23 18:56:28 Comparing /work/SRC/openSUSE:Factory/dnscrypt-proxy (Old) and /work/SRC/openSUSE:Factory/.dnscrypt-proxy.new.27645 (New) Package is "dnscrypt-proxy" Tue Apr 23 18:56:28 2024 rev:19 rq:1169724 version:2.1.5 Changes: --- /work/SRC/openSUSE:Factory/dnscrypt-proxy/dnscrypt-proxy.changes 2024-02-06 16:34:41.827373833 +0100 +++ /work/SRC/openSUSE:Factory/.dnscrypt-proxy.new.27645/dnscrypt-proxy.changes 2024-04-23 18:56:54.328263563 +0200 @@ -1,0 +2,5 @@ +Sun Apr 21 12:00:00 UTC 2024 - cu...@mail.de + +- added patch quic-go.patch (boo#1222473) + +--- New: quic-go.patch BETA DEBUG BEGIN: New: - added patch quic-go.patch (boo#1222473) BETA DEBUG END: Other differences: -- ++ dnscrypt-proxy.spec ++ --- /var/tmp/diff_new_pack.YgPkxI/_old 2024-04-23 18:56:55.276297817 +0200 +++ /var/tmp/diff_new_pack.YgPkxI/_new 2024-04-23 18:56:55.280297963 +0200 @@ -43,6 +43,8 @@ Source6:%{name}.socket.conf # dnscrypt user configuration Source7:%{user_group}-user.conf +# can be dropped in next release with quic-go v0.42 included (boo#1222473) +Patch0: quic-go.patch BuildRequires: golang-packaging BuildRequires: pkgconfig BuildRequires: systemd-rpm-macros @@ -67,7 +69,7 @@ and ODoH (Oblivious DoH). %prep -%setup -q -n %{name}-%{version} +%autosetup -p1 -n %{name}-%{version} # replace with home directory from spec sed -i "s/home_dir_placeholder/%{home_dir_escaped}/" %{SOURCE7} ++ quic-go.patch ++ From: cu...@mail.de Date: 2024-04-21 12:00:00 Subject: Memory Exhaustion Attack against QUIC's Connection ID Mechanism References: https://github.com/quic-go/quic-go/commit/4a99b816ae3ab03ae5449d15aac45147c85ed47a https://github.com/quic-go/quic-go/security/advisories/GHSA-c33x-xqrf-c478 https://bugzilla.suse.com/show_bug.cgi?id=1222473 This tries to backport commit https://github.com/quic-go/quic-go/commit/4a99b816ae3ab03ae5449d15aac45147c85ed47a.patch from Marten Seemann to the vendored older version of quic-go. dnscrypt-proxy upstream already vendors version 0.42 of quic-go with hack included, but is not released. Patch should be dropped with next release of dnscrypt-proxy. --- diff -r -U 5 a/vendor/github.com/quic-go/quic-go/connection.go b/vendor/github.com/quic-go/quic-go/connection.go --- a/vendor/github.com/quic-go/quic-go/connection.go +++ b/vendor/github.com/quic-go/quic-go/connection.go @@ -516,11 +516,14 @@ var sendQueueAvailable <-chan struct{} runLoop: for { - // Close immediately if requested + if s.framer.QueuedTooManyControlFrames() { + s.closeLocal(&qerr.TransportError{ErrorCode: InternalError}) + } + // Close immediately if requested select { case closeErr = <-s.closeChan: break runLoop default: } diff -r -U 5 a/vendor/github.com/quic-go/quic-go/framer.go b/vendor/github.com/quic-go/quic-go/framer.go --- a/vendor/github.com/quic-go/quic-go/framer.go +++ b/vendor/github.com/quic-go/quic-go/framer.go @@ -19,22 +19,32 @@ AddActiveStream(protocol.StreamID) AppendStreamFrames([]ackhandler.StreamFrame, protocol.ByteCount, protocol.VersionNumber) ([]ackhandler.StreamFrame, protocol.ByteCount) Handle0RTTRejection() error + + // QueuedTooManyControlFrames says if the control frame queue exceeded its maximum queue length. + // This is a hack. + // It is easier to implement than propagating an error return value in QueueControlFrame. + // The correct solution would be to queue frames with their respective structs. + // See https://github.com/quic-go/quic-go/issues/4271 for the queueing of stream-related control frames. + QueuedTooManyControlFrames() bool } +const maxControlFrames = 16 << 10 + type framerI struct { mutex sync.Mutex streamGetter streamGetter activeStreams map[protocol.StreamID]struct{} streamQueue ringbuffer.RingBuffer[protocol.StreamID] controlFrameMutex sync.Mutex controlFrames []wire.Frame + queuedTooManyControlFrames bool } var _ framer = &framerI{} func newFramer(streamGetter streamGetter) framer { @@ -56,11 +66,24 @@ f.controlFrameMutex.Unlock() return hasData } func (f *framerI) QueueControlFrame(frame wire.Frame) { + var returnearly bool f.controlFrameMutex.Lock() + // This is a hack. +
commit dnscrypt-proxy for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package dnscrypt-proxy for openSUSE:Factory checked in at 2023-08-14 22:35:25 Comparing /work/SRC/openSUSE:Factory/dnscrypt-proxy (Old) and /work/SRC/openSUSE:Factory/.dnscrypt-proxy.new.11712 (New) Package is "dnscrypt-proxy" Mon Aug 14 22:35:25 2023 rev:17 rq:1103718 version:2.1.5 Changes: --- /work/SRC/openSUSE:Factory/dnscrypt-proxy/dnscrypt-proxy.changes 2023-02-11 21:58:26.604040915 +0100 +++ /work/SRC/openSUSE:Factory/.dnscrypt-proxy.new.11712/dnscrypt-proxy.changes 2023-08-14 22:35:30.184318221 +0200 @@ -1,0 +2,9 @@ +Sun Aug 13 12:00:00 UTC 2023 - cu...@mail.de - 2.1.5 + +- Update to version 2.1.5 + * Responses to blocked queries now include extended error codes + * Reliability of connections using HTTP/3 has been improved + * New configuration directive: "tls_key_log_file" + to dump TLS secret keys + +--- Old: dnscrypt-proxy-2.1.4.tar.gz New: dnscrypt-proxy-2.1.5.tar.gz Other differences: -- ++ dnscrypt-proxy.spec ++ --- /var/tmp/diff_new_pack.GJUslt/_old 2023-08-14 22:35:31.884329030 +0200 +++ /var/tmp/diff_new_pack.GJUslt/_new 2023-08-14 22:35:31.888329055 +0200 @@ -24,7 +24,7 @@ %define services%{name}.socket %{name}.service %{name}-resolvconf.service Name: dnscrypt-proxy -Version:2.1.4 +Version:2.1.5 Release:0 Summary:A tool for securing communications between a client and a DNS resolver License:ISC @@ -44,7 +44,7 @@ BuildRequires: pkgconfig BuildRequires: shadow BuildRequires: systemd-rpm-macros -BuildRequires: golang(API) >= 1.18 +BuildRequires: golang(API) >= 1.20 BuildRequires: pkgconfig(libsystemd) BuildRequires: vendored_licenses_packager # For systemd pidfile solution. ++ dnscrypt-proxy-2.1.4.tar.gz -> dnscrypt-proxy-2.1.5.tar.gz ++ /work/SRC/openSUSE:Factory/dnscrypt-proxy/dnscrypt-proxy-2.1.4.tar.gz /work/SRC/openSUSE:Factory/.dnscrypt-proxy.new.11712/dnscrypt-proxy-2.1.5.tar.gz differ: char 13, line 1
commit dnscrypt-proxy for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package dnscrypt-proxy for openSUSE:Factory checked in at 2023-02-11 21:58:00 Comparing /work/SRC/openSUSE:Factory/dnscrypt-proxy (Old) and /work/SRC/openSUSE:Factory/.dnscrypt-proxy.new.1848 (New) Package is "dnscrypt-proxy" Sat Feb 11 21:58:00 2023 rev:16 rq:1064411 version:2.1.4 Changes: --- /work/SRC/openSUSE:Factory/dnscrypt-proxy/dnscrypt-proxy.changes 2023-02-05 20:19:33.052151303 +0100 +++ /work/SRC/openSUSE:Factory/.dnscrypt-proxy.new.1848/dnscrypt-proxy.changes 2023-02-11 21:58:26.604040915 +0100 @@ -1,0 +2,8 @@ +Sat Feb 11 12:00:00 UTC 2023 - cu...@mail.de - 2.1.4 + +- Update to version 2.1.4 + * Fixes a regression from version 2.1.3: when cloaking was enabled, + blocked responses were returned for records that were not A//PTR + even for names that were not in the cloaked list. + +--- Old: dnscrypt-proxy-2.1.3.tar.gz New: dnscrypt-proxy-2.1.4.tar.gz Other differences: -- ++ dnscrypt-proxy.spec ++ --- /var/tmp/diff_new_pack.BSfW0d/_old 2023-02-11 21:58:27.004043405 +0100 +++ /var/tmp/diff_new_pack.BSfW0d/_new 2023-02-11 21:58:27.008043429 +0100 @@ -24,7 +24,7 @@ %define services%{name}.socket %{name}.service %{name}-resolvconf.service Name: dnscrypt-proxy -Version:2.1.3 +Version:2.1.4 Release:0 Summary:A tool for securing communications between a client and a DNS resolver License:ISC ++ dnscrypt-proxy-2.1.3.tar.gz -> dnscrypt-proxy-2.1.4.tar.gz ++ /work/SRC/openSUSE:Factory/dnscrypt-proxy/dnscrypt-proxy-2.1.3.tar.gz /work/SRC/openSUSE:Factory/.dnscrypt-proxy.new.1848/dnscrypt-proxy-2.1.4.tar.gz differ: char 29, line 1
commit dnscrypt-proxy for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package dnscrypt-proxy for openSUSE:Factory checked in at 2023-02-05 20:19:32 Comparing /work/SRC/openSUSE:Factory/dnscrypt-proxy (Old) and /work/SRC/openSUSE:Factory/.dnscrypt-proxy.new.4462 (New) Package is "dnscrypt-proxy" Sun Feb 5 20:19:32 2023 rev:15 rq:1063299 version:2.1.3 Changes: --- /work/SRC/openSUSE:Factory/dnscrypt-proxy/dnscrypt-proxy.changes 2022-08-03 21:17:21.887547068 +0200 +++ /work/SRC/openSUSE:Factory/.dnscrypt-proxy.new.4462/dnscrypt-proxy.changes 2023-02-05 20:19:33.052151303 +0100 @@ -1,0 +2,24 @@ +Sun Feb 5 12:00:00 UTC 2023 - cu...@mail.de - 2.1.3 + +- Update to version 2.1.3 + * DNS-over-HTTP/3 (QUIC) should be more reliable. In particular, + version 2.1.2 required another (non-QUIC) resolver to be present for + bootstrapping, or the resolver's IP address to be present in the + stamp. This is not the case any more. + * dnscrypt-proxy is now compatible with Go 1.20+ + * Commands (-check, -show-certs, -list, -list-all) now ignore log + files and directly output the result to the standard output. + * The "cert_ignore_timestamp" configuration switch is now documented. + It allows ignoring timestamps for DNSCrypt certificate verification, + until a first server is available. This should only be used on devices + that don't have any ways to set the clock before DNS service is up. + However, a safer alternative remains to use an NTP server with a fixed + IP address (such as time.google.com), configured in the captive portals + file. + * Cloaking: when a name is cloaked, unsupported record types now + return a blocked response rather than the actual records. + * systemd: report Ready earlier as dnscrypt-proxy can itself manage + retries for updates/refreshes. + * vendored dependencies updated + +--- Old: dnscrypt-proxy-2.1.2.tar.gz New: dnscrypt-proxy-2.1.3.tar.gz Other differences: -- ++ dnscrypt-proxy.spec ++ --- /var/tmp/diff_new_pack.Dl5By7/_old 2023-02-05 20:19:33.676154949 +0100 +++ /var/tmp/diff_new_pack.Dl5By7/_new 2023-02-05 20:19:33.684154996 +0100 @@ -24,7 +24,7 @@ %define services%{name}.socket %{name}.service %{name}-resolvconf.service Name: dnscrypt-proxy -Version:2.1.2 +Version:2.1.3 Release:0 Summary:A tool for securing communications between a client and a DNS resolver License:ISC ++ dnscrypt-proxy-2.1.2.tar.gz -> dnscrypt-proxy-2.1.3.tar.gz ++ /work/SRC/openSUSE:Factory/dnscrypt-proxy/dnscrypt-proxy-2.1.2.tar.gz /work/SRC/openSUSE:Factory/.dnscrypt-proxy.new.4462/dnscrypt-proxy-2.1.3.tar.gz differ: char 125, line 1
commit dnscrypt-proxy for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package dnscrypt-proxy for openSUSE:Factory checked in at 2022-08-03 21:17:03 Comparing /work/SRC/openSUSE:Factory/dnscrypt-proxy (Old) and /work/SRC/openSUSE:Factory/.dnscrypt-proxy.new.1533 (New) Package is "dnscrypt-proxy" Wed Aug 3 21:17:03 2022 rev:14 rq:992596 version:2.1.2 Changes: --- /work/SRC/openSUSE:Factory/dnscrypt-proxy/dnscrypt-proxy.changes 2022-03-26 22:32:28.718069686 +0100 +++ /work/SRC/openSUSE:Factory/.dnscrypt-proxy.new.1533/dnscrypt-proxy.changes 2022-08-03 21:17:21.887547068 +0200 @@ -1,0 +2,21 @@ +Tue Aug 2 12:00:00 UTC 2022 - cu...@mail.de - 2.1.2 + +- Update to version 2.1.2 + * Support for DoH over HTTP/3 (DoH3, HTTP over QUIC) + Compatible servers will automatically use it. + Note that QUIC uses UDP + (usually over port 443, like DNSCrypt) instead of TCP. + * fixed memory usage kept growing due to channels not + being properly closed + * DNS64: "CNAME" records are now translated like other responses + * A relay whose name has been configured, but doesn't exist in the + list of available relays is now a hard error + * "dnscrypt-proxy -resolve" now reports if ECS (EDNS-clientsubnet) is + supported by the server + * "dnscrypt-proxy -list" now includes ODoH (Oblivious DoH) servers + * Local DoH: queries made using the "GET" method are now handled + * "PTR" queries are now supported for cloaked domains + +- Minimum golang version now at 1.18 + +--- Old: dnscrypt-proxy-2.1.1.tar.gz New: dnscrypt-proxy-2.1.2.tar.gz Other differences: -- ++ dnscrypt-proxy.spec ++ --- /var/tmp/diff_new_pack.A8yAUd/_old 2022-08-03 21:17:22.519548727 +0200 +++ /var/tmp/diff_new_pack.A8yAUd/_new 2022-08-03 21:17:22.531548758 +0200 @@ -24,7 +24,7 @@ %define services%{name}.socket %{name}.service %{name}-resolvconf.service Name: dnscrypt-proxy -Version:2.1.1 +Version:2.1.2 Release:0 Summary:A tool for securing communications between a client and a DNS resolver License:ISC @@ -44,7 +44,7 @@ BuildRequires: pkgconfig BuildRequires: shadow BuildRequires: systemd-rpm-macros -BuildRequires: golang(API) >= 1.16 +BuildRequires: golang(API) >= 1.18 BuildRequires: pkgconfig(libsystemd) BuildRequires: vendored_licenses_packager # For systemd pidfile solution. ++ dnscrypt-proxy-2.1.1.tar.gz -> dnscrypt-proxy-2.1.2.tar.gz ++ /work/SRC/openSUSE:Factory/dnscrypt-proxy/dnscrypt-proxy-2.1.1.tar.gz /work/SRC/openSUSE:Factory/.dnscrypt-proxy.new.1533/dnscrypt-proxy-2.1.2.tar.gz differ: char 13, line 1 ++ example-dnscrypt-proxy.toml.sed ++ --- /var/tmp/diff_new_pack.A8yAUd/_old 2022-08-03 21:17:22.679549147 +0200 +++ /var/tmp/diff_new_pack.A8yAUd/_new 2022-08-03 21:17:22.683549157 +0200 @@ -12,22 +12,22 @@ s/# map_file = 'example-captive-portals.txt'/# map_file = '\/etc\/dnscrypt-proxy\/captive-portals.txt'/ s/# cert_file = 'localhost.pem'/# cert_file = '\/etc\/dnscrypt-proxy\/localhost.pem'/ s/# cert_key_file = 'localhost.pem'/# cert_key_file = '\/etc\/dnscrypt-proxy\/localhost.pem'/ -s/ # file = 'query.log'/ # file = '\/var\/log\/dnscrypt-proxy\/query.log'/ -s/ # file = 'nx.log'/ # file = '\/var\/log\/dnscrypt-proxy\/nx.log'/ -s/ # blocked_names_file = 'blocked-names.txt'/ # blocked_names_file = '\/etc\/dnscrypt-proxy\/blocked-names.txt'/ -s/ # log_file = 'blocked-names.log'/ # log_file = '\/var\/log\/dnscrypt-proxy\/blocked-names.log'/ -s/ # blocked_ips_file = 'blocked-ips.txt'/ # blocked_ips_file = '\/etc\/dnscrypt-proxy\/blocked-ips.txt'/ -s/ # log_file = 'blocked-ips.log'/ # log_file = '\/var\/log\/dnscrypt-proxy\/blocked-ips.log'/ -s/ # allowed_names_file = 'allowed-names.txt'/ # allowed_names_file = '\/etc\/dnscrypt-proxy\/allowed-names.txt'/ -s/ # log_file = 'allowed-names.log'/ # log_file = '\/var\/log\/dnscrypt-proxy\/allowed-names.log'/ -s/ # allowed_ips_file = 'allowed-ips.txt'/ # allowed_ips_file = '\/etc\/dnscrypt-proxy\/allowed-ips.txt'/ -s/ # log_file = 'allowed-ips.log'/ # log_file = '\/var\/log\/dnscrypt-proxy\/allowed-ips.log'/ +s/# file = 'query.log'/# file = '\/var\/log\/dnscrypt-proxy\/query.log'/ +s/# file = 'nx.log'/# file = '\/var\/log\/dnscrypt-proxy\/nx.log'/ +s/# blocked_names_file = 'blocked-names.txt'/# blocked_names_file = '\/etc\/dnscrypt-proxy\/blocked-names.txt'/ +s/# log_file = 'blocked-names.log'/# log_file = '\/var\/log\/dnscrypt-proxy\/blocked-names.log'/ +s/# blocked_ips_file = 'blocked-ips.txt'/# blocked_ips_file = '\/etc\/dnscrypt-proxy\/blocked-ips.txt'/ +s/# log_file = 'blocked-ip
commit dnscrypt-proxy for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package dnscrypt-proxy for openSUSE:Factory checked in at 2022-03-26 22:32:04 Comparing /work/SRC/openSUSE:Factory/dnscrypt-proxy (Old) and /work/SRC/openSUSE:Factory/.dnscrypt-proxy.new.1900 (New) Package is "dnscrypt-proxy" Sat Mar 26 22:32:04 2022 rev:13 rq:965062 version:2.1.1 Changes: --- /work/SRC/openSUSE:Factory/dnscrypt-proxy/dnscrypt-proxy.changes 2021-10-05 22:34:40.386955009 +0200 +++ /work/SRC/openSUSE:Factory/.dnscrypt-proxy.new.1900/dnscrypt-proxy.changes 2022-03-26 22:32:28.718069686 +0100 @@ -1,0 +2,5 @@ +Wed Mar 22 12:00:00 UTC 2022 - cu...@mail.de + +- switched to vendored_licenses_packager as build dependency + +--- Old: find_licenses.sh install_licenses.sh Other differences: -- ++ dnscrypt-proxy.spec ++ --- /var/tmp/diff_new_pack.oXR5BA/_old 2022-03-26 22:32:29.382070595 +0100 +++ /var/tmp/diff_new_pack.oXR5BA/_new 2022-03-26 22:32:29.386070600 +0100 @@ -22,7 +22,6 @@ %define home_dir%{_localstatedir}/lib/%{name} %define log_dir %{_localstatedir}/log/%{name} %define services%{name}.socket %{name}.service %{name}-resolvconf.service -%define vlic_dir vendored Name: dnscrypt-proxy Version:2.1.1 @@ -37,20 +36,17 @@ Source3:%{name}-resolvconf.service # File to use with sed to modify default configuration. Source4:example-dnscrypt-proxy.toml.sed -# Find licenses of vendored packages. -Source5:find_licenses.sh -# Install licenses of vendored packages. -Source6:install_licenses.sh # Some words -Source7:README.openSUSE +Source5:README.openSUSE # Example how to override socket unit -Source8:%{name}.socket.conf +Source6:%{name}.socket.conf BuildRequires: golang-packaging BuildRequires: pkgconfig BuildRequires: shadow BuildRequires: systemd-rpm-macros BuildRequires: golang(API) >= 1.16 BuildRequires: pkgconfig(libsystemd) +BuildRequires: vendored_licenses_packager # For systemd pidfile solution. Requires: bash # for daemon group/user @@ -71,9 +67,6 @@ %prep %setup -q -n %{name}-%{version} -# Find licenses of vendored packages and prepare for installation -bash %{SOURCE5} %{vlic_dir} - # duplicate original config file cp ./%{name}/example-%{name}.toml ./%{name}.toml.default @@ -89,6 +82,8 @@ # python path instead of env sed -i "1s/#! \/usr\/bin\/env python3/#! \/usr\/bin\/python3/" utils/generate-domains-blocklist/generate-domains-blocklist.py +%vendored_licenses_packager_prep + %build cd %{name} go build -mod=vendor -buildmode=pie @@ -128,15 +123,13 @@ ln -sf %{_sbindir}/service %{buildroot}%{_sbindir}/rc%{name} ln -sf %{_sbindir}/service %{buildroot}%{_sbindir}/rc%{name}-resolvconf -# Vendor Licenses -install -d -m 0755 %{buildroot}%{_licensedir}/%{name}/%{vlic_dir} -bash %{SOURCE6} %{vlic_dir} %{buildroot}/%{_licensedir}/%{name}/%{vlic_dir} +%vendored_licenses_packager_install # Some hints. Improvements and feedback welcome! -cp %{SOURCE7} README.openSUSE +cp %{SOURCE5} README.openSUSE # Example drop-in. -cp %{SOURCE8} %{name}.socket.conf +cp %{SOURCE6} %{name}.socket.conf %pre # group and user @@ -178,6 +171,6 @@ %dir %attr(0750,%{user_group},%{user_group}) %{home_dir} %dir %attr(0750,%{user_group},%{user_group}) %{log_dir} %license LICENSE -%{_licensedir}/%{name}/%{vlic_dir}/ +%vendored_licenses_packager_files %changelog
commit dnscrypt-proxy for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package dnscrypt-proxy for openSUSE:Factory checked in at 2021-10-05 22:34:06 Comparing /work/SRC/openSUSE:Factory/dnscrypt-proxy (Old) and /work/SRC/openSUSE:Factory/.dnscrypt-proxy.new.2443 (New) Package is "dnscrypt-proxy" Tue Oct 5 22:34:06 2021 rev:12 rq:923330 version:2.1.1 Changes: --- /work/SRC/openSUSE:Factory/dnscrypt-proxy/dnscrypt-proxy.changes 2021-08-18 08:57:17.386877699 +0200 +++ /work/SRC/openSUSE:Factory/.dnscrypt-proxy.new.2443/dnscrypt-proxy.changes 2021-10-05 22:34:40.386955009 +0200 @@ -1,0 +2,12 @@ +Fri Oct 1 12:00:00 UTC 2021 - cu...@mail.de - 2.1.1 + +- Update to version 2.1.1 + * Serve cached DoH responses when experiencing connectivity issues. + * Time attributes in allow/block lists were ignored. + * TTL served to clients is now rounded and starts decreasing +before the first query is received. + * Time-based rules are properly handled again in generate-domains-blocklist. + * DoH/ODoH: entries with an IP address and using a non-standard port +should not require help from a bootstrap resolver any more. + +--- Old: dnscrypt-proxy-2.1.0.tar.gz New: dnscrypt-proxy-2.1.1.tar.gz Other differences: -- ++ dnscrypt-proxy.spec ++ --- /var/tmp/diff_new_pack.4uhBHe/_old 2021-10-05 22:34:40.862955837 +0200 +++ /var/tmp/diff_new_pack.4uhBHe/_new 2021-10-05 22:34:40.866955844 +0200 @@ -25,7 +25,7 @@ %define vlic_dir vendored Name: dnscrypt-proxy -Version:2.1.0 +Version:2.1.1 Release:0 Summary:A tool for securing communications between a client and a DNS resolver License:ISC ++ dnscrypt-proxy-2.1.0.tar.gz -> dnscrypt-proxy-2.1.1.tar.gz ++ 20701 lines of diff (skipped)
commit dnscrypt-proxy for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package dnscrypt-proxy for openSUSE:Factory checked in at 2021-08-18 08:56:26 Comparing /work/SRC/openSUSE:Factory/dnscrypt-proxy (Old) and /work/SRC/openSUSE:Factory/.dnscrypt-proxy.new.1899 (New) Package is "dnscrypt-proxy" Wed Aug 18 08:56:26 2021 rev:11 rq:912712 version:2.1.0 Changes: --- /work/SRC/openSUSE:Factory/dnscrypt-proxy/dnscrypt-proxy.changes 2021-02-03 19:56:46.349750439 +0100 +++ /work/SRC/openSUSE:Factory/.dnscrypt-proxy.new.1899/dnscrypt-proxy.changes 2021-08-18 08:57:17.386877699 +0200 @@ -1,0 +2,16 @@ +Sun Aug 15 12:00:00 UTC 2021 - cu...@mail.de - 2.1.0 + +- Update to version 2.1.0 + * "fallback_resolvers" was renamed to "bootstrap_resolvers" +Please update your configuration file accordingly. + * Support for Oblivious DoH. + * If the proxy is overloaded, cached and synthetic queries now +keep being served, while non-cached queries are delayed. + * Source URLs are now randomized. + * Default "reject_ttl" reduced from 600 to 10 + +- Minimum golang version now at 1.16 + +- Find more "legal" files to include. + +--- Old: dnscrypt-proxy-2.0.45.tar.gz New: dnscrypt-proxy-2.1.0.tar.gz Other differences: -- ++ dnscrypt-proxy.spec ++ --- /var/tmp/diff_new_pack.T8W8lw/_old 2021-08-18 08:57:18.002876975 +0200 +++ /var/tmp/diff_new_pack.T8W8lw/_new 2021-08-18 08:57:18.006876970 +0200 @@ -25,7 +25,7 @@ %define vlic_dir vendored Name: dnscrypt-proxy -Version:2.0.45 +Version:2.1.0 Release:0 Summary:A tool for securing communications between a client and a DNS resolver License:ISC @@ -49,7 +49,7 @@ BuildRequires: pkgconfig BuildRequires: shadow BuildRequires: systemd-rpm-macros -BuildRequires: golang(API) >= 1.15 +BuildRequires: golang(API) >= 1.16 BuildRequires: pkgconfig(libsystemd) # For systemd pidfile solution. Requires: bash @@ -65,7 +65,8 @@ %description A flexible DNS proxy, with support for modern encrypted DNS protocols -such as DNSCrypt v2, DNS-over-HTTPS and Anonymized DNSCrypt. +such as DNSCrypt v2, DNS-over-HTTPS, Anonymized DNSCrypt +and ODoH (Oblivious DoH). %prep %setup -q -n %{name}-%{version} ++ dnscrypt-proxy-2.0.45.tar.gz -> dnscrypt-proxy-2.1.0.tar.gz ++ 470867 lines of diff (skipped) ++ example-dnscrypt-proxy.toml.sed ++ --- /var/tmp/diff_new_pack.T8W8lw/_old 2021-08-18 08:57:19.026875771 +0200 +++ /var/tmp/diff_new_pack.T8W8lw/_new 2021-08-18 08:57:19.026875771 +0200 @@ -22,10 +22,12 @@ s/ # log_file = 'allowed-names.log'/ # log_file = '\/var\/log\/dnscrypt-proxy\/allowed-names.log'/ s/ # allowed_ips_file = 'allowed-ips.txt'/ # allowed_ips_file = '\/etc\/dnscrypt-proxy\/allowed-ips.txt'/ s/ # log_file = 'allowed-ips.log'/ # log_file = '\/var\/log\/dnscrypt-proxy\/allowed-ips.log'/ -s/ cache_file = 'public-resolvers.md'/ cache_file = '\/var\/lib\/dnscrypt-proxy\/public-resolvers.md'/ -s/ cache_file = 'relays.md'/ cache_file = '\/var\/lib\/dnscrypt-proxy\/relays.md'/ -s/ # cache_file = 'quad9-resolvers.md'/ # cache_file = '\/var\/lib\/dnscrypt-proxy\/quad9-resolvers.md'/ -s/ # cache_file = 'parental-control.md'/ # cache_file = '\/var\/lib\/dnscrypt-proxy\/parental-control.md'/ +s/cache_file = 'public-resolvers.md'/cache_file = '\/var\/lib\/dnscrypt-proxy\/public-resolvers.md'/ +s/cache_file = 'relays.md'/cache_file = '\/var\/lib\/dnscrypt-proxy\/relays.md'/ +s/ # cache_file = 'odoh-servers.md'/ # cache_file = '\/var\/lib\/dnscrypt-proxy\/odoh-servers.md'/ +s/ # cache_file = 'odoh-relays.md'/ # cache_file = '\/var\/lib\/dnscrypt-proxy\/odoh-relays.md'/ +s/ # cache_file = 'quad9-resolvers.md'/ # cache_file = '\/var\/lib\/dnscrypt-proxy\/quad9-resolvers.md'/ +s/ #cache_file = 'parental-control.md'/ #cache_file = '\/var\/lib\/dnscrypt-proxy\/parental-control.md'/ # package directory instead of source code directory s/## `utils\/generate-domains-blocklists` directory of the dnscrypt-proxy source code./## '\/usr\/share\/dnscrypt-proxy\/generate-domains-blocklists' directory./ ++ find_licenses.sh ++ --- /var/tmp/diff_new_pack.T8W8lw/_old 2021-08-18 08:57:19.042875752 +0200 +++ /var/tmp/diff_new_pack.T8W8lw/_new 2021-08-18 08:57:19.042875752 +0200 @@ -16,6 +16,7 @@ goahead=0 hash_list=() filename_list=() +legal_file_names="copying copyright legal licence license notice patents unlicense" if [[ -z "$vendor_licenses_dir" ]] then @@ -35,10 +36,11 @@ then echo Searching for licenses ... rm $licen
commit dnscrypt-proxy for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package dnscrypt-proxy for openSUSE:Factory checked in at 2021-02-03 19:56:41 Comparing /work/SRC/openSUSE:Factory/dnscrypt-proxy (Old) and /work/SRC/openSUSE:Factory/.dnscrypt-proxy.new.28504 (New) Package is "dnscrypt-proxy" Wed Feb 3 19:56:41 2021 rev:10 rq:868982 version:2.0.45 Changes: --- /work/SRC/openSUSE:Factory/dnscrypt-proxy/dnscrypt-proxy.changes 2021-01-19 16:02:56.415447596 +0100 +++ /work/SRC/openSUSE:Factory/.dnscrypt-proxy.new.28504/dnscrypt-proxy.changes 2021-02-03 19:56:46.349750439 +0100 @@ -1,0 +2,5 @@ +Sat Jan 30 12:00:00 UTC 2021 - cu...@mail.de + +- Use less predictable temporary files during build (bsc#1181502). + +--- Other differences: -- ++ find_licenses.sh ++ --- /var/tmp/diff_new_pack.gv03gR/_old 2021-02-03 19:56:47.693752058 +0100 +++ /var/tmp/diff_new_pack.gv03gR/_new 2021-02-03 19:56:47.693752058 +0100 @@ -12,7 +12,7 @@ vendor_licenses_dir=$1 username=$(whoami) workingdir=$(pwd) -licenses_file=/tmp/license_files.txt +licenses_file=$(mktemp /tmp/license_files_XX.txt) goahead=0 hash_list=() filename_list=() ++ install_licenses.sh ++ --- /var/tmp/diff_new_pack.gv03gR/_old 2021-02-03 19:56:47.709752077 +0100 +++ /var/tmp/diff_new_pack.gv03gR/_new 2021-02-03 19:56:47.709752077 +0100 @@ -1,6 +1,7 @@ #!/bin/bash # written by cunix in 2019 +# updated in 2021 # # Installs or links previously found licenses. # @@ -9,8 +10,8 @@ vendor_licenses_dir=$1 install_licenses_dir=$2 -licenses_files=/tmp/real_license_files.txt -licenses_links=/tmp/link_license_files.txt +licenses_files=$(mktemp /tmp/real_license_files_XX.txt) +licenses_links=$(mktemp /tmp/link_license_files_XX.txt) rm $licenses_files rm $licenses_links @@ -21,6 +22,7 @@ while read line do install -D -m 0644 $vendor_licenses_dir/$line $install_licenses_dir/$line +echo installed: $line done < $licenses_files cd $install_licenses_dir @@ -28,4 +30,5 @@ do combo=($line) ln -s ${combo[1]} ${combo[0]} +echo linked: $line done < $licenses_links
commit dnscrypt-proxy for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package dnscrypt-proxy for openSUSE:Factory checked in at 2021-01-19 16:02:28 Comparing /work/SRC/openSUSE:Factory/dnscrypt-proxy (Old) and /work/SRC/openSUSE:Factory/.dnscrypt-proxy.new.28504 (New) Package is "dnscrypt-proxy" Tue Jan 19 16:02:28 2021 rev:9 rq:864131 version:2.0.45 Changes: --- /work/SRC/openSUSE:Factory/dnscrypt-proxy/dnscrypt-proxy.changes 2021-01-06 19:56:33.229082235 +0100 +++ /work/SRC/openSUSE:Factory/.dnscrypt-proxy.new.28504/dnscrypt-proxy.changes 2021-01-19 16:02:56.415447596 +0100 @@ -1,0 +2,5 @@ +Thu Jan 7 20:00:00 UTC 2021 - cu...@mail.de + +- Added optional resolvconf support via systemd unit. + +--- New: dnscrypt-proxy-resolvconf.service Other differences: -- ++ dnscrypt-proxy.spec ++ --- /var/tmp/diff_new_pack.gcsaEO/_old 2021-01-19 16:02:57.551449304 +0100 +++ /var/tmp/diff_new_pack.gcsaEO/_new 2021-01-19 16:02:57.551449304 +0100 @@ -21,7 +21,7 @@ %define config_dir %{_sysconfdir}/%{name} %define home_dir%{_localstatedir}/lib/%{name} %define log_dir %{_localstatedir}/log/%{name} -%define services%{name}.socket %{name}.service +%define services%{name}.socket %{name}.service %{name}-resolvconf.service %define vlic_dir vendored Name: dnscrypt-proxy @@ -34,16 +34,17 @@ Source0: https://codeload.github.com/DNSCrypt/%{name}/tar.gz/%{version}#/%{name}-%{version}.tar.gz Source1:%{name}.service Source2:%{name}.socket +Source3:%{name}-resolvconf.service # File to use with sed to modify default configuration. -Source3:example-dnscrypt-proxy.toml.sed +Source4:example-dnscrypt-proxy.toml.sed # Find licenses of vendored packages. -Source4:find_licenses.sh +Source5:find_licenses.sh # Install licenses of vendored packages. -Source5:install_licenses.sh +Source6:install_licenses.sh # Some words -Source6:README.openSUSE +Source7:README.openSUSE # Example how to override socket unit -Source7:%{name}.socket.conf +Source8:%{name}.socket.conf BuildRequires: golang-packaging BuildRequires: pkgconfig BuildRequires: shadow @@ -56,6 +57,8 @@ Requires(pre): shadow %{?systemd_requires} Recommends: ca-certificates +# needed for resolvconf support +Suggests: openresolv Provides: dnscrypt = %{version}-%{release} Obsoletes: dnscrypt < %{version}-%{release} BuildRoot: %{_tmppath}/%{name}-%{version}-build @@ -68,13 +71,13 @@ %setup -q -n %{name}-%{version} # Find licenses of vendored packages and prepare for installation -bash %{SOURCE4} %{vlic_dir} +bash %{SOURCE5} %{vlic_dir} # duplicate original config file cp ./%{name}/example-%{name}.toml ./%{name}.toml.default # Edit default port and file locations -sed -i -f %{SOURCE3} ./%{name}.toml.default +sed -i -f %{SOURCE4} ./%{name}.toml.default # duplicate edited config file cp ./%{name}.toml.default ./%{name}.toml @@ -118,19 +121,21 @@ # Systemd install -D -m 0644 %{SOURCE1} %{buildroot}%{_unitdir}/%{name}.service install -D -m 0644 %{SOURCE2} %{buildroot}%{_unitdir}/%{name}.socket +install -D -m 0644 %{SOURCE3} %{buildroot}%{_unitdir}/%{name}-resolvconf.service # service link ln -sf %{_sbindir}/service %{buildroot}%{_sbindir}/rc%{name} +ln -sf %{_sbindir}/service %{buildroot}%{_sbindir}/rc%{name}-resolvconf # Vendor Licenses install -d -m 0755 %{buildroot}%{_licensedir}/%{name}/%{vlic_dir} -bash %{SOURCE5} %{vlic_dir} %{buildroot}/%{_licensedir}/%{name}/%{vlic_dir} +bash %{SOURCE6} %{vlic_dir} %{buildroot}/%{_licensedir}/%{name}/%{vlic_dir} # Some hints. Improvements and feedback welcome! -cp %{SOURCE6} README.openSUSE +cp %{SOURCE7} README.openSUSE # Example drop-in. -cp %{SOURCE7} %{name}.socket.conf +cp %{SOURCE8} %{name}.socket.conf %pre # group and user @@ -163,8 +168,10 @@ %config(noreplace) %attr(-,root,%{user_group}) %{config_dir}/forwarding-rules.txt %{_sbindir}/%{name} %{_sbindir}/rc%{name} +%{_sbindir}/rc%{name}-resolvconf %{_unitdir}/%{name}.service %{_unitdir}/%{name}.socket +%{_unitdir}/%{name}-resolvconf.service %{_datadir}/%{name}/ %dir %attr(0750,root,%{user_group}) %{config_dir} %dir %attr(0750,%{user_group},%{user_group}) %{home_dir} ++ README.openSUSE ++ --- /var/tmp/diff_new_pack.gcsaEO/_old 2021-01-19 16:02:57.599449376 +0100 +++ /var/tmp/diff_new_pack.gcsaEO/_new 2021-01-19 16:02:57.603449382 +0100 @@ -1,6 +1,6 @@ *** *