Stuart Henderson writes: > On 2025/04/01 17:30, Igor Zornik wrote: >> Hello, >> >> A bugfix version for dnscrypt was released a few days ago. Still builds >> with Go 1.24.1 and resolves just fine on amd64 VM. I hope there is >> still enough time for this to make it in 7.7. Diff below. > > Reading through changelog, I think there are some good reasons to have > this for our release, and upstream is pretty reliable. This is ok sthen@ > if someone would like to commit it (the diff was q-p encoded, to apply > from mutt use v first then |).
can I commit this still for the QUIC denial-of-service concerns? it is nearing port lock. sthen gave an ok earlier. > > > ---- > Version 2.1.8 > > Dependencies have been updated, notably the QUIC implementation, > which could be vulnerable to denial-of-service attacks. > In forwarding rules, the target can now optionally include a > non-standard DNS port number. The port number is also now optional > when using IPv6. > An annoying log message related to permissions on Windows has been > suppressed. > Resolver IP addresses can now be refreshed more > frequently. Additionally, jitter has been introduced to prevent all > resolvers from being refreshed simultaneously. Further changes have > been implemented to mitigate issues arising from multiple concurrent > attempts to resolve a resolver's IP address. > An empty value for "tls_cipher_suite" is now equivalent to leaving > the property undefined. Previously, it disabled all TLS cipher suites, > which had little practical justification. > In forwarding rules, an optional *. prefix is now accepted. > ---- > > > >> Index: Makefile >> =================================================================== >> RCS file: /cvs/ports/net/dnscrypt-proxy/Makefile,v >> retrieving revision 1.69 >> diff -u -p -u -p -r1.69 Makefile >> --- Makefile 18 Jan 2025 04:32:55 -0000 1.69 >> +++ Makefile 1 Apr 2025 15:20:42 -0000 >> @@ -2,7 +2,7 @@ COMMENT = flexible DNS proxy with suppor >> >> GH_ACCOUNT = DNSCrypt >> GH_PROJECT = dnscrypt-proxy >> -GH_TAGNAME = 2.1.7 >> +GH_TAGNAME = 2.1.8 >> >> CATEGORIES = net >> >> Index: distinfo >> =================================================================== >> RCS file: /cvs/ports/net/dnscrypt-proxy/distinfo,v >> retrieving revision 1.38 >> diff -u -p -u -p -r1.38 distinfo >> --- distinfo 18 Jan 2025 04:32:55 -0000 1.38 >> +++ distinfo 1 Apr 2025 15:20:42 -0000 >> @@ -1,2 +1,2 @@ >> -SHA256 (dnscrypt-proxy-2.1.7.tar.gz) = >> Y5TNLXPe3Kkxeu7kmLbCUguEHOoELYPzmMM1WhPFD3w= >> -SIZE (dnscrypt-proxy-2.1.7.tar.gz) = 4195998 >> +SHA256 (dnscrypt-proxy-2.1.8.tar.gz) = >> 2y1ZPQhNA0I1+q8JdDMYtAOftb4tOm4XywFXCR0j9Ns= >> +SIZE (dnscrypt-proxy-2.1.8.tar.gz) = 4185376 >>
