2020-06-11 22:29:58 +02:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
Tue Jun 09 16:00:00 UTC 2020 - cunix@mail.de - 2.0.43
|
|
|
|
|
|
|
|
- Minimum golang version now at 1.14
|
|
|
|
|
|
|
|
- Update to version 2.0.43
|
|
|
|
* When stored into a file, service logs now only contain data
|
|
|
|
from the most recent launch. This can be changed with the
|
|
|
|
new 'log_file_latest' option.
|
|
|
|
* Support for DNS64 translation implemented.
|
|
|
|
* Connections to DoH servers can be authenticated
|
|
|
|
using TLS client certificates.
|
|
|
|
* Multiple stamps are now allowed for a single server
|
|
|
|
in resolvers and relays lists.
|
|
|
|
* Updates and additions for the example domain block lists.
|
|
|
|
* Cached configuration files can now be temporarily used if
|
|
|
|
they are out of date, but bootstraping is impossible.
|
|
|
|
* 'generate-domains-blacklists' now tries to deduplicate
|
|
|
|
entries clobbered by wildcard rules.
|
|
|
|
* 'generate-domains-blacklists' can now directly
|
|
|
|
write lists to a file with the `-o` command-line option.
|
|
|
|
* Cache files are now downloaded as the user the daemon will
|
|
|
|
be running as. This fixes permission issues at startup time.
|
|
|
|
* Forwarded queries are now subject to global timeouts,
|
|
|
|
and can be forced to use TCP.
|
|
|
|
* The 'ct' parameter has been removed from DoH queries,
|
|
|
|
as Google doesn't require it any more.
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Sat May 23 12:00:00 UTC 2020 - cunix@mail.de - 2.0.42
|
|
|
|
|
|
|
|
- Upgrade to 2.0.42 (boo#1165343)
|
|
|
|
|
|
|
|
- Spec files from home:darix:apps/dnscrypt-proxy and
|
|
|
|
home:cunix:go/dnscrypt-proxy2 merged into existing spec.
|
|
|
|
|
|
|
|
- v1 of dnscrypt-proxy is not supported anymore and v2 is
|
|
|
|
a new project. This will require v1 users to migrate their
|
|
|
|
configuration.
|
|
|
|
|
2020-01-04 06:48:56 +01:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
Thu Dec 19 15:27:22 UTC 2019 - Dominique Leuenberger <dimstar@opensuse.org>
|
|
|
|
|
|
|
|
- BuildRequire pkgconfig(libsystemd) instead of systemd-devel:
|
|
|
|
Allow OBS to shortcut through the -mini flavors.
|
|
|
|
|
2017-09-07 14:51:00 +02:00
|
|
|
-------------------------------------------------------------------
|
2017-11-24 11:30:30 +01:00
|
|
|
Mon Oct 23 08:42:59 UTC 2017 - bwiedemann@suse.com
|
|
|
|
|
|
|
|
- Make builds reproducible by using a constant __DATE__ (boo#1047218)
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
2017-09-07 14:51:00 +02:00
|
|
|
Wed Sep 6 08:51:47 UTC 2017 - jengelh@inai.de
|
|
|
|
|
|
|
|
- Errors from user creation from pre scriptlet must not be ignored.
|
|
|
|
- Ensure neutrality of description.
|
|
|
|
|
2017-09-04 12:23:01 +02:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
Sat Aug 5 13:44:34 UTC 2017 - sebix+novell.com@sebix.at
|
|
|
|
|
|
|
|
- use packaged dnscrypt-resolvers.csv
|
|
|
|
- fix systemd macros
|
|
|
|
|
2017-08-05 15:09:15 +02:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
Sun Jul 9 19:35:45 UTC 2017 - sebix+novell.com@sebix.at
|
|
|
|
|
|
|
|
- upgrade to 1.9.5, shortened upstream changelog:
|
|
|
|
* Cache plugin: fix the way items are moved from recent to frequent lists
|
|
|
|
* In addition to making the cache work as expected, this prevents
|
|
|
|
`CacheEntry` items from becoming orphans.
|
|
|
|
* Cache plugin: fix the way items are moved from recent to frequent lists
|
|
|
|
* In addition to making the cache work as expected, this prevents
|
|
|
|
`CacheEntry` items from becoming orphans.
|
|
|
|
* Adding Babylon Network resolvers (#647)
|
|
|
|
* Update resolvers list
|
|
|
|
* Reset the reachability of nameservers if all are unreachable (#609)
|
|
|
|
* If all nameservers have been marked unreachable, they will not be queried
|
|
|
|
* again until dnscrypt-proxy is restarted. This fix allows for queries to be
|
|
|
|
* retried without restarting dnscrypt-proxy.
|
|
|
|
* Doc error: client-pk is the client' public key. Spotted by @willnix Fixes #603
|
|
|
|
* Whitelist some TLDs typically used on local networks
|
|
|
|
* Normalize the dnscrypt-resolvers.csv format
|
|
|
|
* ldns-blocking: fix another corner case with suffix matching
|
|
|
|
|
|
|
|
Ruleset:
|
|
|
|
```
|
|
|
|
*.example.com
|
|
|
|
ru.example.com
|
|
|
|
```
|
|
|
|
|
|
|
|
A query for `xru.example.com` would find `ru.example.com` as the longest
|
|
|
|
suffix. The expression didn't match since this is neither an exact match
|
|
|
|
nor a match that stops at a label.
|
|
|
|
|
|
|
|
However, this was ignoring the fact that there a different, shorter rule
|
|
|
|
could match.
|
|
|
|
|
|
|
|
This is pretty annoying, as keeping our promise to log the longest match
|
|
|
|
means that we need at least yet another lookup in that specific case.
|
|
|
|
Alternatively, the fpst lookup function could be specialized to stop at
|
|
|
|
labels, but that would defeat the point of this example plugin. So,
|
|
|
|
perform an extra lookup after striping the first (last, once the name is
|
|
|
|
reversed) label.
|
|
|
|
* Added pidfile
|
|
|
|
- specfile fixes, cleanup
|
|
|
|
|
2017-01-31 09:30:46 +01:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
Sun Jan 29 08:58:58 UTC 2017 - i@marguerite.su
|
|
|
|
|
|
|
|
- update version 1.9.4
|
|
|
|
* The resolver name can be set to 'random' in order to pick a
|
|
|
|
random resolver.
|
|
|
|
* changelog for older releases see github/jedisct1/dnscrypt-proxy
|
|
|
|
- use upstream configuration instead
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Sun Jan 29 04:20:43 UTC 2017 - i@marguerite.su
|
|
|
|
|
|
|
|
- drop /etc/sysconfig/dnscrypt-proxy, it can'be used in instantiated
|
|
|
|
services, now instantiated services should be started with
|
|
|
|
"sudo systemctl start dnscrypt-proxy@config.service", the switch
|
|
|
|
from IP:Port to Config is because we need not only the IP:Port
|
|
|
|
customizable, but also the DNSCRYPT_RESOLVER_NAME, to start multi-
|
|
|
|
instances. (boo#977946)
|
|
|
|
- add /etc/dnscrypt-proxy.conf.d directory for configurations.
|
|
|
|
|
2016-08-13 16:32:32 +02:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
Sat Aug 13 13:52:25 UTC 2016 - i@marguerite.su
|
|
|
|
|
|
|
|
- switched to systemd template service. in the future, users
|
|
|
|
should use 'sudo systemctl start dnscrypt-proxy@127.0.0.1:53.service'
|
|
|
|
to start the service. any local address can be used.
|
|
|
|
- dropped dnscrypt-proxy.socket again. the listen address in the
|
|
|
|
socket can't be substituted at runtime that makes it impossible
|
|
|
|
to use multiple instances. and it doesn't work together with
|
|
|
|
the forking method in our systemd service.
|
|
|
|
- move pidfile and logfile into their own directories. in previous
|
|
|
|
submit, we finnaly used the user 'dnscrypt' to start the job, but
|
|
|
|
that user doesn't have write permission for /var/run and /var/log.
|
|
|
|
- dropped the /usr/sbin/dnscrypt wrapper that broke the systemd
|
|
|
|
service from forking. we used EnvironmentFile in systemd service
|
|
|
|
to load the user-customizable variables.
|
|
|
|
- changed /etc/sysconfig/dnscrypt to /etc/sysconfig/dnscrypt-proxy.
|
|
|
|
deleted those plugin items that can't be loaded by systemd. users
|
|
|
|
can use DNSCRYPT_OPTIONS to configure the plugins anyway, no need
|
|
|
|
to keep those placeholders.
|
|
|
|
|
2016-06-09 19:53:40 +02:00
|
|
|
-------------------------------------------------------------------
|
2016-08-06 06:29:59 +02:00
|
|
|
Sat Aug 6 04:14:25 UTC 2016 - i@marguerite.su
|
|
|
|
|
|
|
|
- update version 1.7.0
|
|
|
|
* Plugins are now enabled by default.
|
|
|
|
* New command-line option: `--ignore-timestamps` to ignore timestamps
|
|
|
|
when performing certificate validation.
|
|
|
|
* New command-line option: `--syslog-prefix` to add a prefix to log
|
|
|
|
messages.
|
|
|
|
* Certificates can now be retrieved using TCP.
|
|
|
|
* Libevent was updated to version 2.0.23.
|
|
|
|
* Certificates serial numbers are printed as a string if possible.
|
|
|
|
* The list of known public resolvers was updated.
|
2016-08-06 16:58:36 +02:00
|
|
|
- add upstream's systemd socket, fix boo#977946 again
|
2016-08-06 06:29:59 +02:00
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
2016-06-09 19:53:40 +02:00
|
|
|
Thu Jun 9 09:59:26 UTC 2016 - i@marguerite.su
|
|
|
|
|
|
|
|
- fix boo#977946 & boo#957003
|
|
|
|
* use %fillup_only macro right. can't skip "-n", or it'll use
|
|
|
|
package name while sysconfig.dnscrypt-proxy doesn't exist.
|
|
|
|
- use %fillup_prereq macro
|
|
|
|
- move libraries out from -devel subpackage, it's just not right.
|
|
|
|
- don't link dnscrypt-proxy.8.gz to dnscrypt.8.gz
|
|
|
|
- don't link /sbin/service to /sbin/rcdnscrypt.
|
2017-01-31 09:30:46 +01:00
|
|
|
* that method is used for backward compability w/ SysVInit service
|
2016-06-09 19:53:40 +02:00
|
|
|
while /sbin/dnscrypt is a wrapper to the actual command, and
|
|
|
|
dnscrypt is not a valid service name but dnscrypt-proxy.
|
|
|
|
|
2016-02-12 13:04:36 +01:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
Fri Feb 12 00:00:00 CET 2016 - dsterba@suse.cz
|
|
|
|
|
|
|
|
* version 1.6.1:
|
|
|
|
- Security: malformed packets could cause the OpenDNS deviceid,
|
|
|
|
OpenDNS set-client-ip, blocking and AAAA blocking plugins to use
|
|
|
|
uninitialized pointers, leading to a denial of service or possibly
|
|
|
|
code execution. The vulnerable code is present since dnscrypt-proxy
|
|
|
|
1.1.0. OpenDNS users and people using dnscrypt-proxy in order to block
|
|
|
|
domain names and IP addresses should upgrade as soon as possible.
|
|
|
|
|
|
|
|
- add dnscrypt-resolvers.csv from git (41c6d8bb1f49a0216357)
|
|
|
|
|
2015-12-23 08:34:10 +01:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
Fri Dec 18 00:00:00 CET 2015 - dsterba@suse.cz
|
|
|
|
|
|
|
|
- add dnscrypt-resolvers.csv from git (e6b4e93d07bdce39d4656c5a6)
|
|
|
|
- change default resolver to cisco (bnc#957003)
|
|
|
|
|
2015-09-02 17:48:08 +02:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
Tue Sep 1 00:00:00 CEST 2015 - dsterba@suse.cz
|
|
|
|
|
|
|
|
* version 1.6.0:
|
|
|
|
- New feature: public-key based client authentication (-K), for private and
|
|
|
|
commercial DNS services to securely authenticate the sender of a query no
|
|
|
|
matter what the source IP address is, without altering the DNS query.
|
|
|
|
* version 1.5.0:
|
|
|
|
- New option: -E, to use an ephemeral key pair for each query.
|
|
|
|
- Logging to files is supported on Windows.
|
|
|
|
- TCP FASTOPEN is now enabled on Linux.
|
|
|
|
* version 1.4.4
|
|
|
|
- edns used by default
|
|
|
|
- server list updated
|
|
|
|
- various build fixes
|
|
|
|
- spec file cleanup
|
|
|
|
|
2015-03-06 11:36:58 +01:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
Fri Mar 6 00:00:00 CET 2015 - dsterba@suse.cz
|
|
|
|
|
|
|
|
- update to 1.4.3
|
|
|
|
- libevent update, including a fix for CVE-2014-6272
|
|
|
|
- Two new public dnscrypt resolvers were added: opennic-us-wa-ns1 and
|
|
|
|
dnscrypt.org-fr
|
|
|
|
- d0wn servers in France IP have changed.
|
|
|
|
- Compilation fixes.
|
|
|
|
- version 1.4.2
|
|
|
|
- New compilation switch: --with-systemd, to enable socket activation support
|
|
|
|
when using systemd
|
|
|
|
- The list of public DNSCrypt-enabled resolvers was updated
|
|
|
|
- Libevent2 updates
|
|
|
|
- add sysconfig file for more flexible configuration
|
|
|
|
- build -devel package and enable plugins
|
|
|
|
- create user dnscrypt:dnscrypt during installation
|
|
|
|
|
2014-10-01 15:36:41 +02:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
Wed Oct 1 15:04:43 CEST 2014 - dsterba@suse.cz
|
|
|
|
|
|
|
|
- update to 1.4.1
|
|
|
|
|
2014-09-05 20:46:48 +02:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
Fri May 2 11:27:44 UTC 2014 - i@marguerite.su
|
|
|
|
|
|
|
|
- update version 1.4.0
|
|
|
|
* see https://github.com/jedisct1/dnscrypt-proxy/commits/master
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Tue Oct 23 16:58:22 UTC 2012 - i@marguerite.su
|
|
|
|
|
|
|
|
- fix a hang bug in dnscrypt.service
|
|
|
|
- upstream clarify license, it's BSD.
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Sun Oct 21 18:28:26 UTC 2012 - i@marguerite.su
|
|
|
|
|
|
|
|
- add systemd service.
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Sun Oct 21 12:57:13 UTC 2012 - i@marguerite.su
|
|
|
|
|
|
|
|
- Version 1.2.0:
|
|
|
|
* A pre-filter can now totally bypass the resolver and directly send a
|
|
|
|
reply to the client.
|
|
|
|
* A new example plugin has been shipped: ldns-aaaa-blocking. It
|
|
|
|
directly sends an empty response to AAAA queries in order to
|
|
|
|
significantly speed up lookups on hosts without IPv6 connectivity
|
|
|
|
(but with clients still asking for AAAA records anyway).
|
|
|
|
* Example plugins requiring ldns can be compiled on Windows.
|
|
|
|
* Paths with a drive name are now recognized as absolute paths on
|
|
|
|
Windows.
|
|
|
|
|