aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--community/dnscrypt-proxy/APKBUILD6
-rw-r--r--community/dnscrypt-proxy/config-full-paths.patch45
2 files changed, 30 insertions, 21 deletions
diff --git a/community/dnscrypt-proxy/APKBUILD b/community/dnscrypt-proxy/APKBUILD
index cc04af0346f..a89960caa90 100644
--- a/community/dnscrypt-proxy/APKBUILD
+++ b/community/dnscrypt-proxy/APKBUILD
@@ -1,7 +1,7 @@
# Contributor: Ian Bashford <ianbashford@gmail.com>
# Maintainer: Ian Bashford <ianbashford@gmail.com>
pkgname=dnscrypt-proxy
-pkgver=2.0.25
+pkgver=2.0.27
pkgrel=1
pkgdesc="A tool for securing communications between a client and a DNS resolver"
url="https://dnscrypt.info"
@@ -54,8 +54,8 @@ setup() {
install -m755 -D "$srcdir"/$pkgname.setup "$subpkgdir"/usr/sbin/setup-dnscrypt
}
-sha512sums="74a47b013e15cbdcf8691bf3618cce40149f9832f6fc4c2cbfb6af2a72b4ecb52b068a150999771a77fcf4fdb49c64dabd127c5101ae29fb86723bc30c946133 dnscrypt-proxy-2.0.25.tar.gz
+sha512sums="68cecec0228b3f03d5c50576c7dec32c7474a22bd1740d43b29514b5a00f27376ed5236302fa68c493f0c188134855b277fbbbb922222937fa726783af3f7246 dnscrypt-proxy-2.0.27.tar.gz
e0a72d39d47dc24b889d08beedbd9fdf21615f42fbab79980debdfd2c3feaa83dc3f776351f7dd13533cc85905ce4e01812e4ff8a80a9ccc0b21e9db7d6cb232 dnscrypt-proxy.initd
c001ae39da1b2db71764cab568f9ed18e4de0cea3d1a4e7bd6dd01a5668b81a888ea9eef99de6beac08857ad7f8eb1a32d730e946ac3563e4dcfa27147e35052 dnscrypt-proxy.confd
66dd43d84117a0151ae41f34d82b716760382a5a491424bf6418228ffd21f0dfbc88e34cc5074e11f97f006335d97b85367bb9ab1d96747a48e893c022ad52d0 dnscrypt-proxy.setup
-28eb03f04b7fe8fceff4c9ff03b0f01b45c0a44fd32d38a7cb34b87ea13a801b046d7d81d3e0522cad37c0cb402999739525947477a5fd65f1c0bfd250527e56 config-full-paths.patch"
+5f8979276196db17b418f6d42712fdf2bbc9957a92dfc74db8f97ca9af206902d1739842cfbd798ddb25419e274684cbdbef84c94833d956eb2b8f6bab167910 config-full-paths.patch"
diff --git a/community/dnscrypt-proxy/config-full-paths.patch b/community/dnscrypt-proxy/config-full-paths.patch
index 841afbee5a8..4d46d65918b 100644
--- a/community/dnscrypt-proxy/config-full-paths.patch
+++ b/community/dnscrypt-proxy/config-full-paths.patch
@@ -1,9 +1,9 @@
diff --git a/./dnscrypt-proxy.toml b/dnscrypt-proxy/dnscrypt-proxy.toml
new file mode 100644
-index 0000000..d1f55b0
+index 0000000..8455f8d
--- /dev/null
+++ b/dnscrypt-proxy/dnscrypt-proxy.toml
-@@ -0,0 +1,547 @@
+@@ -0,0 +1,556 @@
+
+##############################################
+# #
@@ -98,13 +98,13 @@ index 0000000..d1f55b0
+## Uncomment the following line to route all TCP connections to a local Tor node
+## Tor doesn't support UDP, so set `force_tcp` to `true` as well.
+
-+# proxy = "socks5://127.0.0.1:9050"
++# proxy = 'socks5://127.0.0.1:9050'
+
+
+## HTTP/HTTPS proxy
+## Only for DoH servers
+
-+# http_proxy = "http://127.0.0.1:8888"
++# http_proxy = 'http://127.0.0.1:8888'
+
+
+## How long a DNS query will wait for a response, in milliseconds
@@ -117,11 +117,12 @@ index 0000000..d1f55b0
+keepalive = 30
+
+
-+## Use the REFUSED return code for blocked responses
-+## Setting this to `false` means that some responses will be lies.
-+## Unfortunately, `false` appears to be required for Android 8+
++## Response for blocked queries. Options are `refused`, `hinfo` (default) or
++## an IP response. To give an IP response, use the format `a:<IPv4>,aaaa:<IPv6>`.
++## Using the `hinfo` option means that some responses will be lies.
++## Unfortunately, the `hinfo` option appears to be required for Android 8+
+
-+refused_code_in_responses = false
++# blocked_query_response = 'refused'
+
+
+## Load-balancing strategy: 'p2' (default), 'ph', 'first' or 'random'
@@ -171,6 +172,8 @@ index 0000000..d1f55b0
+## 49195 = TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
+## 52392 = TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
+## 52393 = TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
++## 4865 = TLS_AES_128_GCM_SHA256
++## 4867 = TLS_CHACHA20_POLY1305_SHA256
+##
+## On non-Intel CPUs such as MIPS routers and ARM systems (Android, Raspberry Pi...),
+## the following suite improves performance.
@@ -209,7 +212,7 @@ index 0000000..d1f55b0
+## initializing the proxy.
+## Useful if the proxy is automatically started at boot, and network
+## connectivity is not guaranteed to be immediately available.
-+## Use 0 to not test for connectivity at all,
++## Use 0 to not test for connectivity at all (not recommended),
+## and -1 to wait as much as possible.
+
+netprobe_timeout = 60
@@ -223,7 +226,7 @@ index 0000000..d1f55b0
+## On other operating systems, the connection will be initialized
+## but nothing will be sent at all.
+
-+netprobe_address = "9.9.9.9:53"
++netprobe_address = '9.9.9.9:53'
+
+
+## Offline mode - Do not use any remote encrypted servers.
@@ -233,6 +236,14 @@ index 0000000..d1f55b0
+# offline_mode = false
+
+
++## Additional data to attach to outgoing queries.
++## These strings will be added as TXT records to queries.
++## Do not use, except on servers explicitly asking for extra data
++## to be present.
++
++# query_meta = ["key1:value1", "key2:value2", "key3:value3"]
++
++
+## Automatic log files rotation
+
+# Maximum log files size in MB
@@ -522,17 +533,15 @@ index 0000000..d1f55b0
+ urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v2/public-resolvers.md', 'https://download.dnscrypt.info/resolvers-list/v2/public-resolvers.md']
+ cache_file = '/var/cache/dnscrypt-proxy/public-resolvers.md'
+ minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3'
-+ refresh_delay = 72
+ prefix = ''
+
+ ## Quad9 over DNSCrypt - https://quad9.net/
+
+ # [sources.quad9-resolvers]
-+ # urls = ["https://www.quad9.net/quad9-resolvers.md"]
-+ # minisign_key = "RWQBphd2+f6eiAqBsvDZEBXBGHQBJfeG6G+wJPPKxCZMoEQYpmoysKUN"
-+ # cache_file = "/var/cache/dnscrypt-proxy/quad9-resolvers.md"
-+ # refresh_delay = 72
-+ # prefix = "quad9-"
++ # urls = ['https://www.quad9.net/quad9-resolvers.md']
++ # minisign_key = 'RWQBphd2+f6eiAqBsvDZEBXBGHQBJfeG6G+wJPPKxCZMoEQYpmoysKUN'
++ # cache_file = '/var/cache/dnscrypt-proxy/quad9-resolvers.md'
++ # prefix = 'quad9-'
+
+ ## Another example source, with resolvers censoring some websites not appropriate for children
+ ## This is a subset of the `public-resolvers` list, so enabling both is useless
@@ -549,5 +558,5 @@ index 0000000..d1f55b0
+
+[static]
+
-+ # [static.'google']
-+ # stamp = 'sdns://AgUAAAAAAAAAAAAOZG5zLmdvb2dsZS5jb20NL2V4cGVyaW1lbnRhbA'
++ # [static.'myserver']
++ # stamp = 'sdns:AQcAAAAAAAAAAAAQMi5kbnNjcnlwdC1jZXJ0Lg'
generated by cgit v1.2.3 (git 2.41.0) at 2024-04-25 14:44:37 +0000