From: "Igor Zornik" Subject: [UPDATE] net/dnscrypt-proxy 2.1.8 -> 2.1.13 To: "OpenBSD ports" Cc: "Nam Nguyen" Date: Thu, 14 Aug 2025 17:19:24 +0200 Hello, ports! Another version of DNSCrypt proxy. This is a continuation of a previous version as that one hasn't been committed yet: https://marc.info/?l=openbsd-ports&m=174841902127065&w=2 The upstream was cooperative enough to consider my idea of keeping manual reloading always enabled so now we can use this without a disclaimer. As far as the configuration file goes, we can keep it as is, as the web monitoring UI isn't enabled by default. It's up to you to secure if you include any sensitive information in it. QP-encoded diff below was tested on Tuesday's amd64 snap. Index: Makefile =================================================================== RCS file: /cvs/ports/net/dnscrypt-proxy/Makefile,v retrieving revision 1.70 diff -u -p -u -p -r1.70 Makefile --- Makefile 4 Apr 2025 09:33:41 -0000 1.70 +++ Makefile 14 Aug 2025 14:53:40 -0000 @@ -2,7 +2,7 @@ COMMENT = flexible DNS proxy with suppor GH_ACCOUNT = DNSCrypt GH_PROJECT = dnscrypt-proxy -GH_TAGNAME = 2.1.8 +GH_TAGNAME = 2.1.13 CATEGORIES = net Index: distinfo =================================================================== RCS file: /cvs/ports/net/dnscrypt-proxy/distinfo,v retrieving revision 1.39 diff -u -p -u -p -r1.39 distinfo --- distinfo 4 Apr 2025 09:33:41 -0000 1.39 +++ distinfo 14 Aug 2025 14:53:40 -0000 @@ -1,2 +1,2 @@ -SHA256 (dnscrypt-proxy-2.1.8.tar.gz) = 2y1ZPQhNA0I1+q8JdDMYtAOftb4tOm4XywFXCR0j9Ns= -SIZE (dnscrypt-proxy-2.1.8.tar.gz) = 4185376 +SHA256 (dnscrypt-proxy-2.1.13.tar.gz) = f2o9JhP5Gs5ALy9oKSlSlWWlTW1+QhNAPn5qDbRIvdw= +SIZE (dnscrypt-proxy-2.1.13.tar.gz) = 4180107 Index: patches/patch-dnscrypt-proxy_example-dnscrypt-proxy_toml =================================================================== RCS file: /cvs/ports/net/dnscrypt-proxy/patches/patch-dnscrypt-proxy_example-dnscrypt-proxy_toml,v retrieving revision 1.17 diff -u -p -u -p -r1.17 patch-dnscrypt-proxy_example-dnscrypt-proxy_toml --- patches/patch-dnscrypt-proxy_example-dnscrypt-proxy_toml 11 Mar 2022 19:45:54 -0000 1.17 +++ patches/patch-dnscrypt-proxy_example-dnscrypt-proxy_toml 14 Aug 2025 14:53:40 -0000 @@ -1,7 +1,7 @@ Index: dnscrypt-proxy/example-dnscrypt-proxy.toml --- dnscrypt-proxy/example-dnscrypt-proxy.toml.orig +++ dnscrypt-proxy/example-dnscrypt-proxy.toml -@@ -52,7 +52,7 @@ max_clients = 250 +@@ -50,7 +50,7 @@ max_clients = 250 ## Note (2): this feature is not compatible with systemd socket activation. ## Note (3): when using -pidfile, the PID file directory must be writable by the new user @@ -9,4 +9,4 @@ Index: dnscrypt-proxy/example-dnscrypt-p +user_name = '_dnscrypt-proxy' - ## Require servers (from remote sources) to satisfy specific properties + ############################################################################### Index: pkg/DESCR =================================================================== RCS file: /cvs/ports/net/dnscrypt-proxy/pkg/DESCR,v retrieving revision 1.3 diff -u -p -u -p -r1.3 DESCR --- pkg/DESCR 18 Jan 2025 04:32:55 -0000 1.3 +++ pkg/DESCR 14 Aug 2025 14:53:40 -0000 @@ -12,6 +12,7 @@ DNSCrypt and ODoH (Oblivious DoH), and f Compatible with all DNS services - Time-based filtering, with a flexible weekly schedule - Transparent redirection of specific domains to specific resolvers +- Optional hot-reloading of configuration files - DNS caching, to reduce latency and improve privacy - Local IPv6 blocking to reduce latency on IPv4-only networks - Load balancing: pick a set of resolvers, dnscrypt-proxy will Index: pkg/README =================================================================== RCS file: /cvs/ports/net/dnscrypt-proxy/pkg/README,v retrieving revision 1.6 diff -u -p -u -p -r1.6 README --- pkg/README 11 Jul 2024 16:09:29 -0000 1.6 +++ pkg/README 14 Aug 2025 14:53:40 -0000 @@ -26,10 +26,12 @@ Note the load balancing strategy, contro set to one of the following values: - 'first' (always pick the fastest server in the list) - 'p2' (randomly choose between the top two fastest servers) + - 'wp2' (choose better performing server from two random candidates) - 'ph' (randomly choose between the top fastest half of all servers) + - 'p' (randomly choose from fastest n servers) - 'random' (just pick any random server from the list) -'p2' is the default option. For more information, see +'wp2' is the default option. For more information, see https://github.com/jedisct1/dnscrypt-proxy/wiki/Load-Balancing-Options Logging Index: pkg/dnscrypt_proxy.rc =================================================================== RCS file: /cvs/ports/net/dnscrypt-proxy/pkg/dnscrypt_proxy.rc,v retrieving revision 1.7 diff -u -p -u -p -r1.7 dnscrypt_proxy.rc --- pkg/dnscrypt_proxy.rc 18 Jan 2025 04:32:55 -0000 1.7 +++ pkg/dnscrypt_proxy.rc 14 Aug 2025 14:53:40 -0000 @@ -8,7 +8,6 @@ daemon_flags="-config ${SYSCONFDIR}/dnsc pexp="${daemon}${daemon_flags:+ ${daemon_flags}}.*" rc_bg=YES -rc_reload=NO rc_configtest() { ${daemon} ${daemon_flags} -check