diff --git a/README.openSUSE b/README.openSUSE index 9238ad6..b9197f8 100644 --- a/README.openSUSE +++ b/README.openSUSE @@ -1,6 +1,6 @@ *************************************************************************** * * -* README.openSUSE last edited for version 2.0.44 * +* README.openSUSE last edited by cunix for version 2.0.44 * * * *************************************************************************** diff --git a/dnscrypt-proxy-2.0.44.tar.gz b/dnscrypt-proxy-2.0.44.tar.gz deleted file mode 100644 index 4c30247..0000000 --- a/dnscrypt-proxy-2.0.44.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:c2c9968f07a414e973ec5734f4598d756a35c32beedb18268590ea1355794237 -size 2279842 diff --git a/dnscrypt-proxy-2.0.45.tar.gz b/dnscrypt-proxy-2.0.45.tar.gz new file mode 100644 index 0000000..3fc362f --- /dev/null +++ b/dnscrypt-proxy-2.0.45.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:f7aac28c6a60404683d436072b89d18ed3bb309f8d8a95c8e87ad250da190821 +size 2721610 diff --git a/dnscrypt-proxy.changes b/dnscrypt-proxy.changes index b3ceb5d..3e69024 100644 --- a/dnscrypt-proxy.changes +++ b/dnscrypt-proxy.changes @@ -1,3 +1,60 @@ +------------------------------------------------------------------- +Mon Jan 4 20:00:00 UTC 2021 - cunix@mail.de + +- Minimum golang version now at 1.15 + +- Include 'notice' and 'patents' files of vendored packages. + +- Paths and hints in configuration file adjusted and added. + +------------------------------------------------------------------- +Mon Jan 4 11:45:57 UTC 2021 - Ismail Dönmez + +- Update to version 2.0.45 + * Configuration changes (to be required in versions 2.1.x): + - [blacklist] has been renamed to [blocked_names] + - [ip_blacklist] has been renamed to [blocked_ips] + - [whitelist] has been renamed to [allowed_names] + - generate-domains-blacklist.py has been renamed to + generate-domains-blocklist.py, and the configuration files + have been renamed as well. + * dnscrypt-proxy -resolve has been completely revamped, and now + requires the configuration file to be accessible. It will send + a query to an IP address of the dnscrypt-proxy server by default. + Sending queries to arbitrary servers is also supported with the + new -resolve name,address syntax. + * Relay lists can be set to * for automatic relay selection. + When a wildcard is used, either for the list of servers or relays, + the proxy ensures that relays and servers are on distinct networks. + * Lying resolvers are detected and reported. + * New return code: NOT_READY for queries received before the proxy + has been initialized. + * Server lists can't be older than a week any more, even if directory + permissions are incorrect and cache files cannot be written. + * New feature: allowed_ips, to configure a set of IP addresses to never + block no matter what DNS name resolves to them. + * Hard-coded IP addresses can be immediately returned for test queries + sent by operating systems in order to check for connectivity and captive portals. + Such responses can be sent even before an interface is considered as enabled by the + operating system. This can be configured in a new section called [captive_portals]. + * On Linux, OpenBSD and FreeBSD, listen_addresses can now include IP addresses + that haven't been assigned to an interface yet. + * generate-domains-blocklist.py: regular expressions are now ignored in time-based entries. + * Minor bug fixes and logging improvements. + * Cloaking plugin: if an entry has multiple IP addresses for a type, all the IP + addresses are now returned instead of a random one. + * Static entries can now include DNSCrypt relays. + * Name blocking: aliases relying on SVCB and HTTPS records can now be blocked in + addition to aliases via regular CNAME records. + * EDNS-Client-Subnet information can be added to outgoing queries. Instead of sending + the actual client IP, ECS information is user configurable, and IP addresses will be + randomly chosen for every query. + * Initial DoH queries are now checked using random names in order to properly measure + CDNs such as Tencent that ignore the padding. + * DoH: the max-stale cache control directive is now present in queries. + * Logs can now be sent to /dev/stdout instead of actual files. + * New download mirror (https://download.dnscrypt.net) for resolvers, relays and parental-control. + ------------------------------------------------------------------- Wed Jul 22 01:43:47 UTC 2020 - Bernhard Wiedemann diff --git a/dnscrypt-proxy.spec b/dnscrypt-proxy.spec index 26d5955..b94b8b2 100644 --- a/dnscrypt-proxy.spec +++ b/dnscrypt-proxy.spec @@ -1,7 +1,7 @@ # # spec file for package dnscrypt-proxy # -# Copyright (c) 2019 SUSE LLC +# Copyright (c) 2021 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -15,6 +15,7 @@ # Please submit bugfixes or comments via https://bugs.opensuse.org/ # + %define _buildshell /bin/bash %define user_group dnscrypt %define config_dir %{_sysconfdir}/%{name} @@ -24,7 +25,7 @@ %define vlic_dir vendored Name: dnscrypt-proxy -Version: 2.0.44 +Version: 2.0.45 Release: 0 Summary: A tool for securing communications between a client and a DNS resolver License: ISC @@ -43,11 +44,11 @@ Source5: install_licenses.sh Source6: README.openSUSE # Example how to override socket unit Source7: %{name}.socket.conf -BuildRequires: golang(API) >= 1.14 BuildRequires: golang-packaging BuildRequires: pkgconfig BuildRequires: shadow BuildRequires: systemd-rpm-macros +BuildRequires: golang(API) >= 1.15 BuildRequires: pkgconfig(libsystemd) # For systemd pidfile solution. Requires: bash @@ -82,7 +83,7 @@ cp ./%{name}.toml.default ./%{name}.toml sed -i "s/## This is an example configuration file./## This is a configuration file./" ./dnscrypt-proxy.toml # python path instead of env -sed -i "1s/#! \/usr\/bin\/env python3/#! \/usr\/bin\/python3/" utils/generate-domains-blacklists/generate-domains-blacklist.py +sed -i "1s/#! \/usr\/bin\/env python3/#! \/usr\/bin\/python3/" utils/generate-domains-blocklist/generate-domains-blocklist.py %build cd %{name} @@ -100,26 +101,19 @@ install -D -d -m 0755 %{buildroot}%{_datadir}/%{name}/ # Binary install -D -m 0755 %{name}/%{name} %{buildroot}%{_sbindir}/%{name} -# blacklist generator -cp -a utils/generate-domains-blacklists/ %{buildroot}%{_datadir}/%{name}/ - -# Config file examples -install -D -m 0644 ./%{name}/example-%{name}.toml %{buildroot}/%{_docdir}/%{name}/example-%{name}.toml -install -D -m 0644 ./%{name}.toml.default %{buildroot}/%{_docdir}/%{name}/%{name}.toml.default -install -D -m 0644 ./%{name}/example-blacklist.txt %{buildroot}/%{_docdir}/%{name}/example-blacklist.txt -install -D -m 0644 ./%{name}/example-ip-blacklist.txt %{buildroot}/%{_docdir}/%{name}/example-ip-blacklist.txt -install -D -m 0644 ./%{name}/example-cloaking-rules.txt %{buildroot}/%{_docdir}/%{name}/example-cloaking-rules.txt -install -D -m 0644 ./%{name}/example-forwarding-rules.txt %{buildroot}/%{_docdir}/%{name}/example-forwarding-rules.txt -install -D -m 0644 ./%{name}/example-whitelist.txt %{buildroot}/%{_docdir}/%{name}/example-whitelist.txt +# blocklist generator +cp -a utils/generate-domains-blocklist/ %{buildroot}%{_datadir}/%{name}/ # Config files install -D -m 0640 ./%{name}.toml %{buildroot}/%{config_dir}/%{name}.toml install -D -m 0640 ./%{name}.toml.default %{buildroot}/%{config_dir}/%{name}.toml.default -install -D -m 0640 ./%{name}/example-blacklist.txt %{buildroot}/%{config_dir}/blacklist.txt -install -D -m 0640 ./%{name}/example-ip-blacklist.txt %{buildroot}/%{config_dir}/ip-blacklist.txt +install -D -m 0640 ./%{name}/example-allowed-ips.txt %{buildroot}/%{config_dir}/allowed-ips.txt +install -D -m 0640 ./%{name}/example-allowed-names.txt %{buildroot}/%{config_dir}/allowed-names.txt +install -D -m 0640 ./%{name}/example-blocked-ips.txt %{buildroot}/%{config_dir}/blocked-ips.txt +install -D -m 0640 ./%{name}/example-blocked-names.txt %{buildroot}/%{config_dir}/blocked-names.txt +install -D -m 0640 ./%{name}/example-captive-portals.txt %{buildroot}/%{config_dir}/captive-portals.txt install -D -m 0640 ./%{name}/example-cloaking-rules.txt %{buildroot}/%{config_dir}/cloaking-rules.txt install -D -m 0640 ./%{name}/example-forwarding-rules.txt %{buildroot}/%{config_dir}/forwarding-rules.txt -install -D -m 0640 ./%{name}/example-whitelist.txt %{buildroot}/%{config_dir}/whitelist.txt # Systemd install -D -m 0644 %{SOURCE1} %{buildroot}%{_unitdir}/%{name}.service @@ -156,13 +150,17 @@ getent passwd %{user_group} >/dev/null || %{_sbindir}/useradd -r -g %{user_group %service_del_postun %{services} %files +%doc ChangeLog README.md README.openSUSE %{name}.socket.conf %{name}.toml.default +%doc %{name}/example-* %config(noreplace) %attr(-,root,%{user_group}) %{config_dir}/%{name}.toml -%config(noreplace) %attr(-,root,%{user_group}) %{config_dir}/blacklist.txt -%config(noreplace) %attr(-,root,%{user_group}) %{config_dir}/ip-blacklist.txt +%config %attr(-,root,%{user_group}) %{config_dir}/%{name}.toml.default +%config(noreplace) %attr(-,root,%{user_group}) %{config_dir}/allowed-ips.txt +%config(noreplace) %attr(-,root,%{user_group}) %{config_dir}/allowed-names.txt +%config(noreplace) %attr(-,root,%{user_group}) %{config_dir}/blocked-ips.txt +%config(noreplace) %attr(-,root,%{user_group}) %{config_dir}/blocked-names.txt +%config(noreplace) %attr(-,root,%{user_group}) %{config_dir}/captive-portals.txt %config(noreplace) %attr(-,root,%{user_group}) %{config_dir}/cloaking-rules.txt %config(noreplace) %attr(-,root,%{user_group}) %{config_dir}/forwarding-rules.txt -%config(noreplace) %attr(-,root,%{user_group}) %{config_dir}/whitelist.txt -%config %attr(-,root,%{user_group}) %{config_dir}/%{name}.toml.default %{_sbindir}/%{name} %{_sbindir}/rc%{name} %{_unitdir}/%{name}.service @@ -171,8 +169,6 @@ getent passwd %{user_group} >/dev/null || %{_sbindir}/useradd -r -g %{user_group %dir %attr(0750,root,%{user_group}) %{config_dir} %dir %attr(0750,%{user_group},%{user_group}) %{home_dir} %dir %attr(0750,%{user_group},%{user_group}) %{log_dir} -%{_docdir}/%{name}/ -%doc ChangeLog README.md README.openSUSE %{name}.socket.conf %license LICENSE %{_licensedir}/%{name}/%{vlic_dir}/ diff --git a/example-dnscrypt-proxy.toml.sed b/example-dnscrypt-proxy.toml.sed index 6057984..d1ba8f7 100644 --- a/example-dnscrypt-proxy.toml.sed +++ b/example-dnscrypt-proxy.toml.sed @@ -9,17 +9,23 @@ s/listen_addresses = \['127.0.0.1:53']/#listen_addresses = ['127.0.0.1:53']\nlis s/# log_file = 'dnscrypt-proxy.log'/# log_file = '\/var\/log\/dnscrypt-proxy\/dnscrypt-proxy.log'/ s/# forwarding_rules = 'forwarding-rules.txt'/# forwarding_rules = '\/etc\/dnscrypt-proxy\/forwarding-rules.txt'/ s/# cloaking_rules = 'cloaking-rules.txt'/# cloaking_rules = '\/etc\/dnscrypt-proxy\/cloaking-rules.txt'/ -s/# cert_file = "localhost.pem"/# cert_file = '\/etc\/dnscrypt-proxy\/localhost.pem'/ -s/# cert_key_file = "localhost.pem"/# cert_key_file = '\/etc\/dnscrypt-proxy\/localhost.pem'/ +s/# map_file = 'example-captive-portals.txt'/# map_file = '\/etc\/dnscrypt-proxy\/captive-portals.txt'/ +s/# cert_file = 'localhost.pem'/# cert_file = '\/etc\/dnscrypt-proxy\/localhost.pem'/ +s/# cert_key_file = 'localhost.pem'/# cert_key_file = '\/etc\/dnscrypt-proxy\/localhost.pem'/ s/ # file = 'query.log'/ # file = '\/var\/log\/dnscrypt-proxy\/query.log'/ s/ # file = 'nx.log'/ # file = '\/var\/log\/dnscrypt-proxy\/nx.log'/ -s/ # blacklist_file = 'blacklist.txt'/ # blacklist_file = '\/etc\/dnscrypt-proxy\/blacklist.txt'/ -s/ # log_file = 'blocked.log'/ # log_file = '\/var\/log\/dnscrypt-proxy\/blocked.log'/ -s/ # blacklist_file = 'ip-blacklist.txt'/# blacklist_file = '\/etc\/dnscrypt-proxy\/ip-blacklist.txt'/ -s/ # log_file = 'ip-blocked.log'/ # log_file = '\/var\/log\/dnscrypt-proxy\/ip-blocked.log'/ -s/ # whitelist_file = 'whitelist.txt'/# blacklist_file = '\/etc\/dnscrypt-proxy\/whitelist.txt'/ -s/ # log_file = 'whitelisted.log'/ # log_file = '\/var\/log\/dnscrypt-proxy\/whitelisted.log'/ +s/ # blocked_names_file = 'blocked-names.txt'/ # blocked_names_file = '\/etc\/dnscrypt-proxy\/blocked-names.txt'/ +s/ # log_file = 'blocked-names.log'/ # log_file = '\/var\/log\/dnscrypt-proxy\/blocked-names.log'/ +s/ # blocked_ips_file = 'blocked-ips.txt'/ # blocked_ips_file = '\/etc\/dnscrypt-proxy\/blocked-ips.txt'/ +s/ # log_file = 'blocked-ips.log'/ # log_file = '\/var\/log\/dnscrypt-proxy\/blocked-ips.log'/ +s/ # allowed_names_file = 'allowed-names.txt'/ # allowed_names_file = '\/etc\/dnscrypt-proxy\/allowed-names.txt'/ +s/ # log_file = 'allowed-names.log'/ # log_file = '\/var\/log\/dnscrypt-proxy\/allowed-names.log'/ +s/ # allowed_ips_file = 'allowed-ips.txt'/ # allowed_ips_file = '\/etc\/dnscrypt-proxy\/allowed-ips.txt'/ +s/ # log_file = 'allowed-ips.log'/ # log_file = '\/var\/log\/dnscrypt-proxy\/allowed-ips.log'/ s/ cache_file = 'public-resolvers.md'/ cache_file = '\/var\/lib\/dnscrypt-proxy\/public-resolvers.md'/ s/ cache_file = 'relays.md'/ cache_file = '\/var\/lib\/dnscrypt-proxy\/relays.md'/ -s/ # cache_file = "quad9-resolvers.md"/ # cache_file = '\/var\/lib\/dnscrypt-proxy\/quad9-resolvers.md'/ +s/ # cache_file = 'quad9-resolvers.md'/ # cache_file = '\/var\/lib\/dnscrypt-proxy\/quad9-resolvers.md'/ s/ # cache_file = 'parental-control.md'/ # cache_file = '\/var\/lib\/dnscrypt-proxy\/parental-control.md'/ + +# package directory instead of source code directory +s/## `utils\/generate-domains-blocklists` directory of the dnscrypt-proxy source code./## '\/usr\/share\/dnscrypt-proxy\/generate-domains-blocklists' directory./ diff --git a/find_licenses.sh b/find_licenses.sh index 457f9f9..1a5f434 100644 --- a/find_licenses.sh +++ b/find_licenses.sh @@ -1,6 +1,8 @@ #!/bin/bash # written by cunix in 2019 +# corrected by Bernhard Wiedemann in 2020 (pipe through sort) +# updated by cunix in 2021 # # Tries to find and prepare licenses from vendored packages for # installation as file or link to existing file. @@ -35,6 +37,8 @@ if [[ -z "$vendor_licenses_dir" ]] rm $licenses_file find ./*/ -iname "license*" | sort > $licenses_file find ./*/ -iname "copying*" | sort >> $licenses_file + find ./*/ -iname "notice*" | sort >> $licenses_file + find ./*/ -iname "patents*" | sort >> $licenses_file goahead=1 else echo "$vendor_licenses_dir" is not a directory.