Merge branch 'master' of github.com:jedisct1/dnscrypt-proxy

* 'master' of github.com:jedisct1/dnscrypt-proxy: Travis: use Ubuntu Bionic so we don't have to compile libsodium Downcase wiki Handle clientsCount in the local DoH handler, too Remove beta Bump deps Fix typo Bump whitelist Add some extra blacklists
2019-12-05 16:49:48 +01:00 · 2019-12-05 16:49:48 +01:00 · 4d0c5ad569
parent 57a88eda56 63e8494b44
commit 4d0c5ad569
12 changed files with 62 additions and 20 deletions
--- a/.travis.yml
+++ b/.travis.yml
@ -1,9 +1,17 @@
+dist: bionic
+
 language: go
 os:
 - linux
 go:
 - 1.x

+before_install:
+  - sudo apt-get -y install libsodium
+addons:
+  apt:
+    update: true
+
 script:
 - gimme --list
 - echo $TRAVIS_GO_VERSION
@ -216,14 +224,6 @@ deploy:
    tags: true

 before_deploy:
- mkdir -p /tmp/bin /tmp/lib /tmp/include
- export LD_LIBRARY_PATH=/tmp/lib:LD_LIBRARY_PATH
- export PATH=/tmp/bin:$PATH
- git clone --depth 1 https://github.com/jedisct1/libsodium.git --branch=stable
- cd libsodium
- env ./configure --disable-dependency-tracking --prefix=/tmp
- make -j$(nproc) install
- cd -
 - git clone --depth 1 https://github.com/jedisct1/minisign.git
 - cd minisign/src
 - gcc -O2 -o /tmp/bin/minisign -I/tmp/include -L/tmp/lib *.c -lsodium
--- a/2
+++ b/2
@ -1,4 +1,4 @@
-* Version 2.0.34 (not released yet)
+* Version 2.0.34
 - Blacklisted names are now also blocked if they appear in `CNAME`
 pointers.
 - `dnscrypt-proxy` can now act as a local DoH *server*. Firefox can
--- a/README.md
+++ b/README.md
@ -6,7 +6,7 @@

 A flexible DNS proxy, with support for modern encrypted DNS protocols such as [DNSCrypt v2](https://dnscrypt.info/protocol), [DNS-over-HTTPS](https://www.rfc-editor.org/rfc/rfc8484.txt) and [Anonymized DNSCrypt](https://github.com/DNSCrypt/dnscrypt-protocol/blob/master/ANONYMIZED-DNSCRYPT.txt).

-* [dnscrypt-proxy documentation](https://dnscrypt.info/doc) – This project's documentation (Wiki)
+* [dnscrypt-proxy documentation](https://dnscrypt.info/doc) – This project's documentation (wiki)
 * [DNSCrypt project home page](https://dnscrypt.info/)
 * [DNS-over-HTTPS and DNSCrypt resolvers](https://dnscrypt.info/public-servers)
 * [Server and client implementations](https://dnscrypt.info/implementations)
--- a/dnscrypt-proxy/example-dnscrypt-proxy.toml
+++ b/dnscrypt-proxy/example-dnscrypt-proxy.toml
@ -364,7 +364,7 @@ cache_neg_max_ttl = 600


 ## Certificate file and key - Note that the certificate has to be trusted.
-## See the documentatio (wiki) for more information.
+## See the documentation (wiki) for more information.

 # cert_file = "localhost.pem"
 # cert_key_file = "localhost.pem"
--- a/dnscrypt-proxy/local-doh.go
+++ b/dnscrypt-proxy/local-doh.go
@ -18,6 +18,11 @@ type localDoHHandler struct {

 func (handler localDoHHandler) ServeHTTP(writer http.ResponseWriter, request *http.Request) {
 	proxy := handler.proxy
+	if !proxy.clientsCountInc() {
+		dlog.Warnf("Too many incoming connections (max=%d)", proxy.maxClients)
+		return
+	}
+	defer proxy.clientsCountDec()
 	dataType := "application/dns-message"
 	writer.Header().Set("Server", "dnscrypt-proxy")
 	if request.URL.Path != proxy.localDoHPath {
--- a/dnscrypt-proxy/main.go
+++ b/dnscrypt-proxy/main.go
@ -15,7 +15,7 @@ import (
 )

 const (
-	AppVersion            = "2.0.34-beta.1"
+	AppVersion            = "2.0.34"
 	DefaultConfigFileName = "dnscrypt-proxy.toml"
 )

--- a/dnscrypt-proxy/proxy.go
+++ b/dnscrypt-proxy/proxy.go
@ -264,7 +264,7 @@ func (proxy *Proxy) udpListener(clientPc *net.UDPConn) {
 		go func() {
 			start := time.Now()
 			if !proxy.clientsCountInc() {
-				dlog.Warnf("Too many connections (max=%d)", proxy.maxClients)
+				dlog.Warnf("Too many incoming connections (max=%d)", proxy.maxClients)
 				return
 			}
 			defer proxy.clientsCountDec()
@ -294,7 +294,7 @@ func (proxy *Proxy) tcpListener(acceptPc *net.TCPListener) {
 			start := time.Now()
 			defer clientPc.Close()
 			if !proxy.clientsCountInc() {
-				dlog.Warnf("Too many connections (max=%d)", proxy.maxClients)
+				dlog.Warnf("Too many incoming connections (max=%d)", proxy.maxClients)
 				return
 			}
 			defer proxy.clientsCountDec()
--- a/go.mod
+++ b/go.mod
@ -21,7 +21,7 @@ require (
 	github.com/kardianos/service v1.0.1-0.20191017145738-4df36c9fc1c6
 	github.com/miekg/dns v1.1.22
 	github.com/powerman/check v1.2.1
-	golang.org/x/crypto v0.0.0-20191128160524-b544559bb6d1
+	golang.org/x/crypto v0.0.0-20191202143827-86a70503ff7e
 	golang.org/x/net v0.0.0-20191126235420-ef20fe5d7933
 	golang.org/x/sys v0.0.0-20191128015809-6d18c012aee9
 	gopkg.in/natefinch/lumberjack.v2 v2.0.0
--- a/go.sum
+++ b/go.sum
@ -62,8 +62,8 @@ github.com/smartystreets/goconvey v1.6.4/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20190909091759-094676da4a83/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20190923035154-9ee001bba392/go.mod h1:/lpIB1dKB+9EgE3H3cr1v9wB50oz8l4C4h62xy7jSTY=
-golang.org/x/crypto v0.0.0-20191128160524-b544559bb6d1 h1:anGSYQpPhQwXlwsu5wmfq0nWkCNaMEMUwAv13Y92hd8=
-golang.org/x/crypto v0.0.0-20191128160524-b544559bb6d1/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
+golang.org/x/crypto v0.0.0-20191202143827-86a70503ff7e h1:egKlR8l7Nu9vHGWbcUV8lqR4987UfUbBd7GbhqGzNYU=
+golang.org/x/crypto v0.0.0-20191202143827-86a70503ff7e/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
--- a/utils/generate-domains-blacklists/domains-blacklist.conf
+++ b/utils/generate-domains-blacklists/domains-blacklist.conf
@ -1,4 +1,3 @@
-
 ##################################################################################
 #                                                                                #
 #   Generate a black list of domains using public data sources, and the local    #
@ -93,6 +92,15 @@ https://someonewhocares.org/hosts/hosts
 # NoTracking's list - blocking ads, trackers and other online garbage
 https://raw.githubusercontent.com/notracking/hosts-blocklists/master/domains.txt

+# NextDNS CNAME cloaking list
+https://raw.githubusercontent.com/nextdns/cname-cloaking-blocklist/master/domains
+
+# Minimal Hosts
+https://reddestdream.github.io/Projects/MinimalHosts/etc/MinimalHostsBlocker/minimalhosts
+
+# AdGuard Simplified Domain Names filter
+https://adguardteam.github.io/AdGuardSDNSFilter/Filters/filter.txt
+
 # CoinBlockerLists: blocks websites serving cryptocurrency miners - https://gitlab.com/ZeroDot1/CoinBlockerLists/ - Contains false positives
 # https://gitlab.com/ZeroDot1/CoinBlockerLists/raw/master/list_browser.txt

@ -105,12 +113,32 @@ https://raw.githubusercontent.com/notracking/hosts-blocklists/master/domains.txt
 # Quidsup Malware Blocklist - Contains too many false positives to be enabled by default
 # https://gitlab.com/quidsup/notrack-blocklists/raw/master/notrack-malware.txt

+# AntiSocial Blacklist is an extensive collection of potentially malicious domains
+# https://theantisocialengineer.com/AntiSocial_Blacklist_Community_V1.txt
+
+# Steven Black hosts file
+# https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts
+
+# A list of adserving and tracking sites maintained by @anudeepND
+# https://raw.githubusercontent.com/anudeepND/blacklist/master/adservers.txt
+
+# Anudeep's Blacklist (CoinMiner) - Blocks cryptojacking sites
+# https://raw.githubusercontent.com/anudeepND/blacklist/master/CoinMiner.txt
+
+# Block Spotify ads
+# https://raw.githubusercontent.com/CHEF-KOCH/Spotify-Ad-free/master/filter/Spotify-HOSTS.txt
+
+# Energized Ultimate
+# https://raw.githubusercontent.com/EnergizedProtection/block/master/ultimate/formats/domains.txt
+
 # Dynamic DNS services, sadly often used by malware
 # https://mirror1.malwaredomains.com/files/dynamic_dns.txt

 # Block pornography
 # https://raw.githubusercontent.com/Clefspeare13/pornhosts/master/0.0.0.0/hosts
 # https://raw.githubusercontent.com/Sinfonietta/hostfiles/master/pornography-hosts
+# https://raw.githubusercontent.com/cbuijs/shallalist/master/porn/domains
+# https://raw.githubusercontent.com/olbat/ut1-blacklists/master/blacklists/adult/domains

 # Block gambling sites
 # https://raw.githubusercontent.com/Sinfonietta/hostfiles/master/gambling-hosts
--- a/utils/generate-domains-blacklists/domains-whitelist.txt
+++ b/utils/generate-domains-blacklists/domains-whitelist.txt
@ -1,15 +1,21 @@
+163.com
 a-msedge.net
 amazon.com
+app.link
 appsflyer.com
 azurewebsites.net
+cdn.optimizely.com
 cdnetworks.com
+cdninstagram.com
 cloudapp.net
 download.dnscrypt.info
 edgekey.net
 elasticbeanstalk.com
 github.com
 github.io
-raw.githubusercontent.com
+googleadservices.com
+gvt1.com
+gvt2.com
 invalid
 j.mp
 l-msedge.net
@ -19,11 +25,14 @@ localdomain
 microsoft.com
 msedge.net
 nsatc.net
+ocsp.apple.com
 ovh.net
 polyfill.io
 pusher.com
 pusherapp.com
+raw.githubusercontent.com
 revinate.com
+s.youtube.com
 spotify.com
 tagcommander.com
 windows.net
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@ -52,7 +52,7 @@ github.com/powerman/check
 # github.com/smartystreets/goconvey v1.6.4
 github.com/smartystreets/goconvey/convey/gotest
 github.com/smartystreets/goconvey/convey/reporting
-# golang.org/x/crypto v0.0.0-20191128160524-b544559bb6d1
+# golang.org/x/crypto v0.0.0-20191202143827-86a70503ff7e
 golang.org/x/crypto/curve25519
 golang.org/x/crypto/ed25519
 golang.org/x/crypto/ed25519/internal/edwards25519