From a9a4a188ed9f4a4dec84543bdb23231a7105bc3da9c74263061fe82f39c8fd5b Mon Sep 17 00:00:00 2001
From: Marcus Rueckert <mrueckert@suse.com>
Date: Fri, 6 Mar 2015 10:36:58 +0000
Subject: [PATCH] Accepting request 289614 from
 home:dsterba:branches:server:dns

OBS-URL: https://build.opensuse.org/request/show/289614
OBS-URL: https://build.opensuse.org/package/show/server:dns/dnscrypt-proxy?expand=0&rev=4
---
 dnscrypt                     | 19 +++++++
 dnscrypt-proxy-1.4.1.tar.bz2 |  3 --
 dnscrypt-proxy-1.4.3.tar.bz2 |  3 ++
 dnscrypt-proxy.changes       | 18 +++++++
 dnscrypt-proxy.service       | 16 +++---
 dnscrypt-proxy.spec          | 57 +++++++++++++++++++--
 sysconfig.dnscrypt           | 98 ++++++++++++++++++++++++++++++++++++
 7 files changed, 199 insertions(+), 15 deletions(-)
 create mode 100644 dnscrypt
 delete mode 100644 dnscrypt-proxy-1.4.1.tar.bz2
 create mode 100644 dnscrypt-proxy-1.4.3.tar.bz2
 create mode 100644 sysconfig.dnscrypt

diff --git a/dnscrypt b/dnscrypt
new file mode 100644
index 0000000..c87a4ec
--- /dev/null
+++ b/dnscrypt
@@ -0,0 +1,19 @@
+#!/bin/sh
+
+# wrapper to feed dnscrypt-proxy with user config
+
+if test -f /etc/sysconfig/dnscrypt; then
+	source /etc/sysconfig/dnscrypt
+fi
+
+/usr/sbin/dnscrypt-proxy \
+	${DNSCRYPT_LOCAL_ADDRESS:+--local-address "$DNSCRYPT_LOCAL_ADDRESS"} \
+	${DNSCRYPT_USER:+--user "$DNSCRYPT_USER"}		\
+	--resolver-name "${DNSCRYPT_RESOLVER_NAME:-opendns}"	\
+	${DNSCRYPT_LOGFILE:+--logfile "$DNSCRYPT_LOGFILE"}	\
+	${DNSCRYPT_PLUGIN1:+--plugin "$DNSCRYPT_PLUGIN1"}	\
+	${DNSCRYPT_PLUGIN2:+--plugin "$DNSCRYPT_PLUGIN2"}	\
+	${DNSCRYPT_PLUGIN3:+--plugin "$DNSCRYPT_PLUGIN3"}	\
+	${DNSCRYPT_PLUGIN4:+--plugin "$DNSCRYPT_PLUGIN4"}	\
+	${DNSCRYPT_OPTIONS}					\
+	"$@"
diff --git a/dnscrypt-proxy-1.4.1.tar.bz2 b/dnscrypt-proxy-1.4.1.tar.bz2
deleted file mode 100644
index 23ad741..0000000
--- a/dnscrypt-proxy-1.4.1.tar.bz2
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:00cf5c520c8a5a71ad4916b33aa0c8f9f55434039304f4ba10d7fffc620563f8
-size 1274638
diff --git a/dnscrypt-proxy-1.4.3.tar.bz2 b/dnscrypt-proxy-1.4.3.tar.bz2
new file mode 100644
index 0000000..d68df64
--- /dev/null
+++ b/dnscrypt-proxy-1.4.3.tar.bz2
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:0b645813dfa4247e9acd1d14df78f8b12df3b0132c1d6d6abd33daee33403232
+size 1256110
diff --git a/dnscrypt-proxy.changes b/dnscrypt-proxy.changes
index 05111ed..ab13a7e 100644
--- a/dnscrypt-proxy.changes
+++ b/dnscrypt-proxy.changes
@@ -1,3 +1,21 @@
+-------------------------------------------------------------------
+Fri Mar 6 00:00:00 CET 2015 - dsterba@suse.cz
+
+- update to 1.4.3
+  - libevent update, including a fix for CVE-2014-6272
+  - Two new public dnscrypt resolvers were added: opennic-us-wa-ns1 and
+    dnscrypt.org-fr
+  - d0wn servers in France IP have changed.
+  - Compilation fixes.
+- version 1.4.2
+  - New compilation switch: --with-systemd, to enable socket activation support
+    when using systemd
+  - The list of public DNSCrypt-enabled resolvers was updated
+  - Libevent2 updates
+- add sysconfig file for more flexible configuration
+- build -devel package and enable plugins
+- create user dnscrypt:dnscrypt during installation
+
 -------------------------------------------------------------------
 Wed Oct  1 15:04:43 CEST 2014 - dsterba@suse.cz
 
diff --git a/dnscrypt-proxy.service b/dnscrypt-proxy.service
index 72d32ca..31c5bf6 100644
--- a/dnscrypt-proxy.service
+++ b/dnscrypt-proxy.service
@@ -1,6 +1,6 @@
 # This file is part of dnscrypt-proxy
 # Author: Marguerite Su <i@marguerite.su> with some AUR references.
-# Version: 1.4.0
+# Version: 1.4.3
 # Description: dnscrypt is a tool that encrypts your DNS queries in order to
 #              protect against man-in-the-middle attacks and DNS hijacking
 #              (commonly seen in China). It uses OpenDNS resolvers by default.
@@ -10,18 +10,20 @@
 [Unit]
 Description=Secure connection between your computer and a DNS resolver
 After=network.target ntp.service
-# Ntp always has local servers, and there's nothing to encrypt for time.
+# NTP always has local servers, and there's nothing to encrypt for time.
 # and ntp.service isn't native systemd service, if we start before it,
 # it will take a long time to sync. just save 20000+ms on boot.
 
 [Service]
 Type=forking
 PIDFile=/var/run/dnscrypt-proxy.pid
-ExecStart=/usr/sbin/dnscrypt-proxy --daemonize \
-		  --resolver-name=opendns \
-          -p /var/run/dnscrypt-proxy.pid \
-          -l /var/log/dnscrypt-proxy.log 
-# Automatically Restart 
+# Execute a wrapper that calls the dnscrypt-proxy with config from
+# /etc/sysconfig/dnscrypt and substitutes defaults that cannot be passed
+# to ExecStart in combination with EnvironmentFile
+ExecStart=/usr/sbin/dnscrypt \
+	--daemonize \
+	--pidfile /var/run/dnscrypt-proxy.pid
+# Automatically Restart
 Restart=on-abort
 
 [Install]
diff --git a/dnscrypt-proxy.spec b/dnscrypt-proxy.spec
index 46dd8b5..dc2db86 100644
--- a/dnscrypt-proxy.spec
+++ b/dnscrypt-proxy.spec
@@ -17,7 +17,7 @@
 
 
 Name:           dnscrypt-proxy
-Version:        1.4.1
+Version:        1.4.3
 Release:        0
 Summary:        A tool for securing communications between a client and a DNS resolver
 License:        BSD-3-Clause
@@ -26,7 +26,13 @@ Group:          Productivity/Networking/DNS/Utilities
 Url:            http://dnscrypt.org
 Source:         http://download.dnscrypt.org/dnscrypt-proxy/%{name}-%{version}.tar.bz2
 Source1:        %{name}.service
+Source2:        dnscrypt
+Source3:        sysconfig.dnscrypt
 BuildRequires:  libsodium-devel
+BuildRequires:  shadow
+BuildRequires:  autoconf
+BuildRequires:  automake
+BuildRequires:  libtool
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 %if 0%{?suse_version} >= 1210
 BuildRequires:  systemd
@@ -46,44 +52,85 @@ DNSCurve, but focuses on securing communications between a client and its first-
 While not providing end-to-end security, it protects the local network, which is often the weakest point
 of the chain, against man-in-the-middle attacks. It also provides some confidentiality to DNS queries.
 
+%package devel
+Summary:        Header files for developent of DNSCrypt plugins
+Group:          Development/Languages/C and C++
+Requires:       %{name} = %{version}
+
+%description devel
+Header files for developent of DNSCrypt plugins.
+
 %prep
 %setup -q
 
 %build
-%configure
+%configure --enable-plugins
 make %{?_smp_mflags}
 
 %install
 %make_install
 
-# install systemd service
-mkdir -p %{buildroot}%{_unitdir}
-cp -r %{SOURCE1} %{buildroot}%{_unitdir}
+install -d -m 755 %{buildroot}%{_unitdir}
+install -m 644 %{S:1} %{buildroot}%{_unitdir}
+install -d -m 755 %{buildroot}%{_sbindir}
+install -m 755 %{S:2} %{buildroot}%{_sbindir}
+install -m 755 -d %{buildroot}%{_localstatedir}/adm/fillup-templates
+install -m 644 -D %{S:3} %{buildroot}%{_localstatedir}/adm/fillup-templates
+ln -s %{_mandir}/man8/%{name}.8.gz %{buildroot}%{_mandir}/man8/dnscrypt.8.gz
+ln -s %{_sbindir}/service %{buildroot}%{_sbindir}/rc%{name}
+ln -s %{_sbindir}/service %{buildroot}%{_sbindir}/rcdnscrypt
 
 %if 0%{?suse_version}
 
 %pre
+if ! /usr/bin/getent group dnscrypt >/dev/null; then
+    %{_sbindir}/groupadd -r dnscrypt 2>/dev/null || :
+fi
+if ! /usr/bin/getent passwd dnscrypt >/dev/null; then
+    %{_sbindir}/useradd -c "DNSCrypt daemon" -d /var/lib/empty -g dnscrypt \
+  -r -s /bin/false dnscrypt 2>/dev/null || :
+fi
 %service_add_pre %{name}.service
 
 %post
 %service_add_post %{name}.service
+%{fillup_only dnscrypt}
 
 %preun
 %service_del_preun %{name}.service
 
 %postun
 %service_del_postun %{name}.service
+
+%else
+
+# non-systemd
+%post
+%{fillup_only dnscrypt}
 %endif
 
 %files
 %defattr(-,root,root)
 %doc AUTHORS ChangeLog README COPYING NEWS TECHNOTES THANKS
 %{_bindir}/hostip
+%{_sbindir}/dnscrypt
+%{_sbindir}/%{name}
+%{_sbindir}/rc%{name}
+%{_sbindir}/rcdnscrypt
 %{_sbindir}/%{name}
 %{_unitdir}/%{name}.service
 %{_mandir}/man8/hostip.8.gz
 %{_mandir}/man8/%{name}.8.gz
+%{_mandir}/man8/dnscrypt.8.gz
 %dir %{_datadir}/%{name}
 %{_datadir}/%{name}/dnscrypt-resolvers.csv
+%{_localstatedir}/adm/fillup-templates/sysconfig.dnscrypt
+
+%files devel
+%defattr(-,root,root)
+%dir /usr/include/dnscrypt/
+/usr/include/dnscrypt/*
+%dir %{_libdir}/%{name}
+%{_libdir}/%{name}/*
 
 %changelog
diff --git a/sysconfig.dnscrypt b/sysconfig.dnscrypt
new file mode 100644
index 0000000..794ec6d
--- /dev/null
+++ b/sysconfig.dnscrypt
@@ -0,0 +1,98 @@
+## Path:        Network/DNS/DNSCrypt
+## Description: Local address
+## Type:        string
+## Default:     ""
+#
+# Address and port where the dnscrypt-proxy daemon listens. Format is
+# address:port, with dnscrypt-proxy's default 127.0.0.1:53 .
+#
+DNSCRYPT_LOCAL_ADDRESS=
+
+## Path:        Network/DNS/DNSCrypt
+## Description: Run daemon under specified user
+## Type:        string
+## Default:     "dnscrypt"
+#
+# The recommended user is 'dnscrypt' but the empty value will not pass
+# any --user parameter to dnscrypt-proxy if this is desired by the user.
+#
+DNSCRYPT_USER=dnscrypt
+
+## Path:        Network/DNS/DNSCrypt
+## Description: Resolver name
+## Type:        string
+## Default:     "opendns"
+#
+# Short name of resolver, see /usr/share/dnscrypt-proxy/dnscrypt-resolvers.csv
+# for the full list.
+#
+# If the value is empty, the default is substituted.
+#
+DNSCRYPT_RESOLVER_NAME=
+
+## Path:        Network/DNS/DNSCrypt
+## Description: Log file
+## Type:        string
+## Default:     "/var/log/dnscrypt-proxy.log"
+#
+# Use the given log file instead of standard out, where the output is possibly
+# grabbed by the system logger.
+#
+DNSCRYPT_LOGFILE=/var/log/dnscrypt-proxy.log
+
+## Path:        Network/DNS/DNSCrypt
+## Description: Log level
+## Type:        string
+## Default:     ""
+#
+# Don't log events with priority above this level after the service has been
+# started up. Default is the value for LOG_INFO.
+#
+# NOTE: currently unused
+#
+DNSCRYPT_LOGLEVEL=
+
+## Path:        Network/DNS/DNSCrypt
+## Description: Optional plugin (1)
+## Type:        string
+## Default:     ""
+#
+# Use the given dnscrypt plugin.
+#
+DNSCRYPT_PLUGIN1=
+
+## Path:        Network/DNS/DNSCrypt
+## Description: Optional plugin (2)
+## Type:        string
+## Default:     ""
+#
+# Use the given dnscrypt plugin.
+#
+DNSCRYPT_PLUGIN2=
+
+## Path:        Network/DNS/DNSCrypt
+## Description: Optional plugin (3)
+## Type:        string
+## Default:     ""
+#
+# Use the given dnscrypt plugin.
+#
+DNSCRYPT_PLUGIN3=
+
+## Path:        Network/DNS/DNSCrypt
+## Description: Optional plugin (4)
+## Type:        string
+## Default:     ""
+#
+# Use the given dnscrypt plugin.
+#
+DNSCRYPT_PLUGIN4=
+
+## Path:        Network/DNS/DNSCrypt
+## Description: Other options
+## Type:        string
+## Default:     ""
+#
+# Additional user options
+#
+DNSCRYPT_OPTIONS=