- Remove custom build/install targets left in place after r505321
- Switch to the new GO_TARGET tuple syntax introduced in r512001
- Switch to go:modules when upstream already uses them
Reviewed by: tobik
Approved by: araujo (mentor), portmgr (adamw)
Differential Revision: https://reviews.freebsd.org/D21741
- .onion servers are now automatically ignored,
if Tor routing is not enabled;
- caching of server addresses has been improved,
especially when using proxies;
- DNSCrypt communications are now automatically forced to using TCP,
when a SOCKS proxy has been set up.
https://raw.githubusercontent.com/jedisct1/dnscrypt-proxy/2.0.23/ChangeLog
Approved by: mentors (implicit)
- The value for netprobe_timeout was read from the command-line,
but not from the configuration file any more. This is a regression
introduced in the previous version, that has been fixed;
- The default value for netprobe timeouts has been raised to 60 seconds;
- A hash of the body is added to query parameters when sending DoH
queries with the POST method in order to work around badly configured
proxies.
https://raw.githubusercontent.com/jedisct1/dnscrypt-proxy/2.0.19/ChangeLog
Approved by: araujo (mentor)
Differential Revision: https://reviews.freebsd.org/D18341
- official builds now support TLS 1.3;
- timeout for the initial connectivity check can be set from the cli;
- an 'Accept:' header is now always sent with GET queries;
- BOM is now ignored in configuration files;
- HTTP and HTTPS proxies are now supported for DoH servers.
https://github.com/jedisct1/dnscrypt-proxy/blob/2.0.18/ChangeLog
Approved by: araujo (mentor)
Differential Revision: https://reviews.freebsd.org/D18005
Version 2 of dnscrypt-proxy is written in Go and therefore isn't capable
of dropping privileges after binding to a low port on FreeBSD.
By default, this port's daemon will listen on port 5353 (TCP/UDP).
With this option it's possible to bind it and listen on port 53 (TCP/UDP)
with mac_portacl(4) kernel module (network port access control policy).
For this add dnscrypt_proxy_mac_portacl_enable=YES in your rc.conf.
The dnscrypt-proxy startup script will load mac_portacl and add a rule
where %%USER%% user will be able to bind on port 53 (TCP/UDP). This port
can be changed by dnscrypt_proxy_mac_portacl_port variable in your rc.conf.
You also need to change dnscrypt-proxy config file to use port 53.
Suggested by: feld
Approved by: egypcio@googlemail.com (maintainer)
Differential Revision: https://reviews.freebsd.org/D15151
Main changes in the port:
- Improve instructions for using dnscrypt-proxy2 together with unbound. [1]
- Add dnscrypt_proxy_suexec option for users who want to run the daemon as
root.
- Move the configuration file from ${PREFIX}/etc/dnscrypt-proxy.toml to
${PREFIX}/etc/dnscrypt-proxy/dnscrypt-proxy.toml, because by default
temporary files will use the path of the config file.
This fixes a permission issue when fetching the public resolvers list.
Changes: https://raw.githubusercontent.com/jedisct1/dnscrypt-proxy/2.0.10/ChangeLog
PR: 227129 [1]
Submitted by: egypcio@googlemail.com (maintainer)
Reported by: erik@nordstroem.no [1]
Differential Revision: https://reviews.freebsd.org/D15024
