[arch-commits] Commit in dnscrypt-proxy/trunk (3 files)
David Runge
dvzrv at archlinux.org
Wed Oct 3 20:33:57 UTC 2018
Date: Wednesday, October 3, 2018 @ 20:33:57
Author: dvzrv
Revision: 389296
upgpkg: dnscrypt-proxy 2.0.17-1
Upgrading to 2.0.17. Adding further hardening to systemd service and adding ipv6 to socket.
Modified:
dnscrypt-proxy/trunk/PKGBUILD
dnscrypt-proxy/trunk/dnscrypt-proxy.service
dnscrypt-proxy/trunk/dnscrypt-proxy.socket
------------------------+
PKGBUILD | 8 ++++----
dnscrypt-proxy.service | 6 +++++-
dnscrypt-proxy.socket | 2 ++
3 files changed, 11 insertions(+), 5 deletions(-)
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2018-10-03 20:17:14 UTC (rev 389295)
+++ PKGBUILD 2018-10-03 20:33:57 UTC (rev 389296)
@@ -4,7 +4,7 @@
# Contributor: peace4all <markspost at rocketmail dot com>
pkgname=dnscrypt-proxy
-pkgver=2.0.16
+pkgver=2.0.17
pkgrel=1
pkgdesc="DNS proxy, supporting encrypted DNS protocols such as DNSCrypt v2 and DNS-over-HTTP."
arch=('x86_64')
@@ -24,9 +24,9 @@
"${pkgname}.service"
"${pkgname}.socket"
'configuration.diff')
-sha512sums=('f138df20560dd440a2ed390c1468d630191ae7b0e50521b4dde3fa7ef4377c3ae6409e8c547858bace53216c84aeeea6794305546b9ff87832f704c160c6782f'
- '3b24392c1ba20a38863f2424c9d891aef84c48239340a124ee569e564f04dd06d356e03d95ef0a723c2c43a1c03c8efb3d029c99810f93ecee968e3eefbc51ea'
- '17175397a5a35692f300d6caff84eb236b21a6e41a870bca966c5576f0db2bc7556d6a214d2f7e985fe9e0be99ef6e0bb067f29cebd41c2ea374540d6f4bd990'
+sha512sums=('c1cb2cfff4a5f6eba81ac3b520ddb3acb311031588495b9f94a7ee5ab35ed0827a856369ce0ac7ff206445dbf24f7931cf937ccd9f724b4e38c97f10814df129'
+ 'aa871927bbc37d0c629e75a39cbfe50ce6062a19d7fe5b61895c604d6a480ba8f484cf207943c6ee7bf2dc3c7799d8f7a2b1ea5c8e586920c97730a7c503985e'
+ '56a56e87032da9316b392b0613124b0743673041596c717005541ae9b3994c7fc16c02497ea773d321f45d8e0f9ea8fda00783062cef4d5c8277b5b6f7cb10d5'
'6144f3d33f3d85c9a4e5573f88e92f1b9d7118fd654072eeac6c3f76085086d4b2464e1d3579d8501153f453bc5125859d148fc3b3486d26368d1f51911aeb33')
prepare() {
Modified: dnscrypt-proxy.service
===================================================================
--- dnscrypt-proxy.service 2018-10-03 20:17:14 UTC (rev 389295)
+++ dnscrypt-proxy.service 2018-10-03 20:33:57 UTC (rev 389296)
@@ -7,14 +7,18 @@
[Service]
NonBlocking=true
ExecStart=/usr/bin/dnscrypt-proxy --config /etc/dnscrypt-proxy/dnscrypt-proxy.toml
+DynamicUser=yes
+ProtectSystem=strict
ProtectHome=yes
ProtectControlGroups=yes
ProtectKernelModules=yes
-DynamicUser=yes
+ProtectKernelTunables=yes
+LockPersonality=yes
CacheDirectory=dnscrypt-proxy
LogsDirectory=dnscrypt-proxy
RuntimeDirectory=dnscrypt-proxy
AmbientCapabilities=CAP_NET_BIND_SERVICE
+NoNewPrivileges=yes
[Install]
WantedBy=multi-user.target
Modified: dnscrypt-proxy.socket
===================================================================
--- dnscrypt-proxy.socket 2018-10-03 20:17:14 UTC (rev 389295)
+++ dnscrypt-proxy.socket 2018-10-03 20:33:57 UTC (rev 389296)
@@ -7,6 +7,8 @@
[Socket]
ListenStream=127.0.0.1:53
ListenDatagram=127.0.0.1:53
+ListenStream=[::1]:53
+ListenDatagram=[::1]:53
NoDelay=true
DeferAcceptSec=1
More information about the arch-commits
mailing list