-------------------------------------------------------------------
Sat Aug  6 04:14:25 UTC 2016 - i@marguerite.su

- update version 1.7.0
  * Plugins are now enabled by default.
  * New command-line option: `--ignore-timestamps` to ignore timestamps
    when performing certificate validation.
  * New command-line option: `--syslog-prefix` to add a prefix to log
    messages.
  * Certificates can now be retrieved using TCP.
  * Libevent was updated to version 2.0.23.
  * Certificates serial numbers are printed as a string if possible.
  * The list of known public resolvers was updated.
- add upstream's systemd socket, fix boo#977946 again

-------------------------------------------------------------------
Thu Jun  9 09:59:26 UTC 2016 - i@marguerite.su

- fix boo#977946 & boo#957003
  * use %fillup_only macro right. can't skip "-n", or it'll use
    package name while sysconfig.dnscrypt-proxy doesn't exist.
- use %fillup_prereq macro
- move libraries out from -devel subpackage, it's just not right.
- don't link dnscrypt-proxy.8.gz to dnscrypt.8.gz
- don't link /sbin/service to /sbin/rcdnscrypt.
  * that method is used for backward compability w/ systemd service
    while /sbin/dnscrypt is a wrapper to the actual command, and
    dnscrypt is not a valid service name but dnscrypt-proxy.

-------------------------------------------------------------------
Fri Feb 12 00:00:00 CET 2016 - dsterba@suse.cz

* version 1.6.1:
 - Security: malformed packets could cause the OpenDNS deviceid,
   OpenDNS set-client-ip, blocking and AAAA blocking plugins to use
   uninitialized pointers, leading to a denial of service or possibly
   code execution. The vulnerable code is present since dnscrypt-proxy
   1.1.0. OpenDNS users and people using dnscrypt-proxy in order to block
   domain names and IP addresses should upgrade as soon as possible.

- add dnscrypt-resolvers.csv from git (41c6d8bb1f49a0216357)

-------------------------------------------------------------------
Fri Dec 18 00:00:00 CET 2015 - dsterba@suse.cz

- add dnscrypt-resolvers.csv from git (e6b4e93d07bdce39d4656c5a6)
- change default resolver to cisco (bnc#957003)

-------------------------------------------------------------------
Tue Sep 1 00:00:00 CEST 2015 - dsterba@suse.cz

* version 1.6.0:
 - New feature: public-key based client authentication (-K), for private and
   commercial DNS services to securely authenticate the sender of a query no
   matter what the source IP address is, without altering the DNS query.
* version 1.5.0:
 - New option: -E, to use an ephemeral key pair for each query.
 - Logging to files is supported on Windows.
 - TCP FASTOPEN is now enabled on Linux.
* version 1.4.4
  - edns used by default
  - server list updated
  - various build fixes
- spec file cleanup

-------------------------------------------------------------------
Fri Mar 6 00:00:00 CET 2015 - dsterba@suse.cz

- update to 1.4.3
  - libevent update, including a fix for CVE-2014-6272
  - Two new public dnscrypt resolvers were added: opennic-us-wa-ns1 and
    dnscrypt.org-fr
  - d0wn servers in France IP have changed.
  - Compilation fixes.
- version 1.4.2
  - New compilation switch: --with-systemd, to enable socket activation support
    when using systemd
  - The list of public DNSCrypt-enabled resolvers was updated
  - Libevent2 updates
- add sysconfig file for more flexible configuration
- build -devel package and enable plugins
- create user dnscrypt:dnscrypt during installation

-------------------------------------------------------------------
Wed Oct  1 15:04:43 CEST 2014 - dsterba@suse.cz

- update to 1.4.1

-------------------------------------------------------------------
Fri May  2 11:27:44 UTC 2014 - i@marguerite.su

- update version 1.4.0
  * see https://github.com/jedisct1/dnscrypt-proxy/commits/master

-------------------------------------------------------------------
Tue Oct 23 16:58:22 UTC 2012 - i@marguerite.su

- fix a hang bug in dnscrypt.service
- upstream clarify license, it's BSD.

-------------------------------------------------------------------
Sun Oct 21 18:28:26 UTC 2012 - i@marguerite.su

- add systemd service.

-------------------------------------------------------------------
Sun Oct 21 12:57:13 UTC 2012 - i@marguerite.su

- Version 1.2.0:
  * A pre-filter can now totally bypass the resolver and directly send a
   reply to the client.
  * A new example plugin has been shipped: ldns-aaaa-blocking. It
   directly sends an empty response to AAAA queries in order to
   significantly speed up lookups on hosts without IPv6 connectivity
   (but with clients still asking for AAAA records anyway).
  * Example plugins requiring ldns can be compiled on Windows.
  * Paths with a drive name are now recognized as absolute paths on
   Windows.