Date: Wednesday, October 3, 2018 @ 20:33:57 Author: dvzrv Revision: 389296
upgpkg: dnscrypt-proxy 2.0.17-1 Upgrading to 2.0.17. Adding further hardening to systemd service and adding ipv6 to socket. Modified: dnscrypt-proxy/trunk/PKGBUILD dnscrypt-proxy/trunk/dnscrypt-proxy.service dnscrypt-proxy/trunk/dnscrypt-proxy.socket ------------------------+ PKGBUILD | 8 ++++---- dnscrypt-proxy.service | 6 +++++- dnscrypt-proxy.socket | 2 ++ 3 files changed, 11 insertions(+), 5 deletions(-) Modified: PKGBUILD =================================================================== --- PKGBUILD 2018-10-03 20:17:14 UTC (rev 389295) +++ PKGBUILD 2018-10-03 20:33:57 UTC (rev 389296) @@ -4,7 +4,7 @@ # Contributor: peace4all <markspost at rocketmail dot com> pkgname=dnscrypt-proxy -pkgver=2.0.16 +pkgver=2.0.17 pkgrel=1 pkgdesc="DNS proxy, supporting encrypted DNS protocols such as DNSCrypt v2 and DNS-over-HTTP." arch=('x86_64') @@ -24,9 +24,9 @@ "${pkgname}.service" "${pkgname}.socket" 'configuration.diff') -sha512sums=('f138df20560dd440a2ed390c1468d630191ae7b0e50521b4dde3fa7ef4377c3ae6409e8c547858bace53216c84aeeea6794305546b9ff87832f704c160c6782f' - '3b24392c1ba20a38863f2424c9d891aef84c48239340a124ee569e564f04dd06d356e03d95ef0a723c2c43a1c03c8efb3d029c99810f93ecee968e3eefbc51ea' - '17175397a5a35692f300d6caff84eb236b21a6e41a870bca966c5576f0db2bc7556d6a214d2f7e985fe9e0be99ef6e0bb067f29cebd41c2ea374540d6f4bd990' +sha512sums=('c1cb2cfff4a5f6eba81ac3b520ddb3acb311031588495b9f94a7ee5ab35ed0827a856369ce0ac7ff206445dbf24f7931cf937ccd9f724b4e38c97f10814df129' + 'aa871927bbc37d0c629e75a39cbfe50ce6062a19d7fe5b61895c604d6a480ba8f484cf207943c6ee7bf2dc3c7799d8f7a2b1ea5c8e586920c97730a7c503985e' + '56a56e87032da9316b392b0613124b0743673041596c717005541ae9b3994c7fc16c02497ea773d321f45d8e0f9ea8fda00783062cef4d5c8277b5b6f7cb10d5' '6144f3d33f3d85c9a4e5573f88e92f1b9d7118fd654072eeac6c3f76085086d4b2464e1d3579d8501153f453bc5125859d148fc3b3486d26368d1f51911aeb33') prepare() { Modified: dnscrypt-proxy.service =================================================================== --- dnscrypt-proxy.service 2018-10-03 20:17:14 UTC (rev 389295) +++ dnscrypt-proxy.service 2018-10-03 20:33:57 UTC (rev 389296) @@ -7,14 +7,18 @@ [Service] NonBlocking=true ExecStart=/usr/bin/dnscrypt-proxy --config /etc/dnscrypt-proxy/dnscrypt-proxy.toml +DynamicUser=yes +ProtectSystem=strict ProtectHome=yes ProtectControlGroups=yes ProtectKernelModules=yes -DynamicUser=yes +ProtectKernelTunables=yes +LockPersonality=yes CacheDirectory=dnscrypt-proxy LogsDirectory=dnscrypt-proxy RuntimeDirectory=dnscrypt-proxy AmbientCapabilities=CAP_NET_BIND_SERVICE +NoNewPrivileges=yes [Install] WantedBy=multi-user.target Modified: dnscrypt-proxy.socket =================================================================== --- dnscrypt-proxy.socket 2018-10-03 20:17:14 UTC (rev 389295) +++ dnscrypt-proxy.socket 2018-10-03 20:33:57 UTC (rev 389296) @@ -7,6 +7,8 @@ [Socket] ListenStream=127.0.0.1:53 ListenDatagram=127.0.0.1:53 +ListenStream=[::1]:53 +ListenDatagram=[::1]:53 NoDelay=true DeferAcceptSec=1