There is a security fix with this update so consider committing this to -stable.
Details: The changelog omits the details so I inferred that "[security] Predictable TXID can lead to response forgeries" was the issue. "The miegkg/dns module was updated to version 1.1.26, that fixes a security issue affecting non-encrypted/non-authenticated DNS traffic. In dnscrypt-proxy, this only affects the forwarding feature." https://github.com/miekg/dns/pull/1044 https://github.com/miekg/dns/issues/1043 https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Forwarding Changelog: https://github.com/DNSCrypt/dnscrypt-proxy/blob/2.0.36/ChangeLog This update is for dnscrypt-proxy 2.0.36, released December 21, 2019. Tests are welcome. Index: Makefile =================================================================== RCS file: /cvs/ports/net/dnscrypt-proxy/Makefile,v retrieving revision 1.49 diff -u -p -r1.49 Makefile --- Makefile 12 Dec 2019 16:00:21 -0000 1.49 +++ Makefile 22 Dec 2019 08:38:58 -0000 @@ -4,7 +4,7 @@ COMMENT = flexible DNS proxy with suppor GH_ACCOUNT = jedisct1 GH_PROJECT = dnscrypt-proxy -GH_TAGNAME = 2.0.35 +GH_TAGNAME = 2.0.36 CATEGORIES = net Index: distinfo =================================================================== RCS file: /cvs/ports/net/dnscrypt-proxy/distinfo,v retrieving revision 1.25 diff -u -p -r1.25 distinfo --- distinfo 12 Dec 2019 16:00:21 -0000 1.25 +++ distinfo 22 Dec 2019 08:38:58 -0000 @@ -1,2 +1,2 @@ -SHA256 (dnscrypt-proxy-2.0.35.tar.gz) = cjOV5a+krbVQ8gUIASYK7zzJ7ZGMwmeAx0dLEQqa2dc= -SIZE (dnscrypt-proxy-2.0.35.tar.gz) = 2740595 +SHA256 (dnscrypt-proxy-2.0.36.tar.gz) = 3ckiW4a/NZXO7a7WRwdk5hlCQc4mz+qG+f389r06dXU= +SIZE (dnscrypt-proxy-2.0.36.tar.gz) = 2814470 Index: patches/patch-dnscrypt-proxy_example-dnscrypt-proxy_toml =================================================================== RCS file: /cvs/ports/net/dnscrypt-proxy/patches/patch-dnscrypt-proxy_example-dnscrypt-proxy_toml,v retrieving revision 1.10 diff -u -p -r1.10 patch-dnscrypt-proxy_example-dnscrypt-proxy_toml --- patches/patch-dnscrypt-proxy_example-dnscrypt-proxy_toml 12 Dec 2019 16:00:21 -0000 1.10 +++ patches/patch-dnscrypt-proxy_example-dnscrypt-proxy_toml 22 Dec 2019 08:38:58 -0000 @@ -12,7 +12,7 @@ Index: dnscrypt-proxy/example-dnscrypt-p ## Require servers (from static + remote sources) to satisfy specific properties -@@ -574,7 +574,7 @@ cache_neg_max_ttl = 600 +@@ -584,7 +584,7 @@ cache_neg_max_ttl = 600 [sources.'public-resolvers'] urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v2/public-resolvers.md', 'https://download.dnscrypt.info/resolvers-list/v2/public-resolvers.md'] @@ -21,7 +21,7 @@ Index: dnscrypt-proxy/example-dnscrypt-p minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3' prefix = '' -@@ -582,7 +582,7 @@ cache_neg_max_ttl = 600 +@@ -592,7 +592,7 @@ cache_neg_max_ttl = 600 [sources.'relays'] urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v2/relays.md', 'https://download.dnscrypt.info/resolvers-list/v2/relays.md'] Index: pkg/PLIST =================================================================== RCS file: /cvs/ports/net/dnscrypt-proxy/pkg/PLIST,v retrieving revision 1.1 diff -u -p -r1.1 PLIST --- pkg/PLIST 16 Oct 2018 14:55:02 -0000 1.1 +++ pkg/PLIST 22 Dec 2019 08:38:58 -0000 @@ -14,5 +14,6 @@ share/examples/dnscrypt-proxy/example-cl share/examples/dnscrypt-proxy/example-dnscrypt-proxy.toml @sample ${SYSCONFDIR}/dnscrypt-proxy.toml share/examples/dnscrypt-proxy/example-forwarding-rules.txt +share/examples/dnscrypt-proxy/example-ip-blacklist.txt share/examples/dnscrypt-proxy/example-whitelist.txt @sample ${LOCALSTATEDIR}/dnscrypt-proxy/
