2 files changed, 30 insertions, 21 deletions
diff --git a/community/dnscrypt-proxy/APKBUILD b/community/dnscrypt-proxy/APKBUILD
index cc04af0346..a89960caa9 100644
--- a/community/dnscrypt-proxy/APKBUILD
+++ b/community/dnscrypt-proxy/APKBUILD
@@ -1,7 +1,7 @@
 # Contributor: Ian Bashford <ianbashford@gmail.com>
 # Maintainer: Ian Bashford <ianbashford@gmail.com>
 pkgname=dnscrypt-proxy
-pkgver=2.0.25
+pkgver=2.0.27
 pkgrel=1
 pkgdesc="A tool for securing communications between a client and a DNS resolver"
 url="https://dnscrypt.info"
@@ -54,8 +54,8 @@ setup() {
 	install -m755 -D "$srcdir"/$pkgname.setup "$subpkgdir"/usr/sbin/setup-dnscrypt
 }
 
-sha512sums="74a47b013e15cbdcf8691bf3618cce40149f9832f6fc4c2cbfb6af2a72b4ecb52b068a150999771a77fcf4fdb49c64dabd127c5101ae29fb86723bc30c946133  dnscrypt-proxy-2.0.25.tar.gz
+sha512sums="68cecec0228b3f03d5c50576c7dec32c7474a22bd1740d43b29514b5a00f27376ed5236302fa68c493f0c188134855b277fbbbb922222937fa726783af3f7246  dnscrypt-proxy-2.0.27.tar.gz
 e0a72d39d47dc24b889d08beedbd9fdf21615f42fbab79980debdfd2c3feaa83dc3f776351f7dd13533cc85905ce4e01812e4ff8a80a9ccc0b21e9db7d6cb232  dnscrypt-proxy.initd
 c001ae39da1b2db71764cab568f9ed18e4de0cea3d1a4e7bd6dd01a5668b81a888ea9eef99de6beac08857ad7f8eb1a32d730e946ac3563e4dcfa27147e35052  dnscrypt-proxy.confd
 66dd43d84117a0151ae41f34d82b716760382a5a491424bf6418228ffd21f0dfbc88e34cc5074e11f97f006335d97b85367bb9ab1d96747a48e893c022ad52d0  dnscrypt-proxy.setup
-28eb03f04b7fe8fceff4c9ff03b0f01b45c0a44fd32d38a7cb34b87ea13a801b046d7d81d3e0522cad37c0cb402999739525947477a5fd65f1c0bfd250527e56  config-full-paths.patch"
+5f8979276196db17b418f6d42712fdf2bbc9957a92dfc74db8f97ca9af206902d1739842cfbd798ddb25419e274684cbdbef84c94833d956eb2b8f6bab167910  config-full-paths.patch"
diff --git a/community/dnscrypt-proxy/config-full-paths.patch b/community/dnscrypt-proxy/config-full-paths.patch
index 841afbee5a..4d46d65918 100644
--- a/community/dnscrypt-proxy/config-full-paths.patch
+++ b/community/dnscrypt-proxy/config-full-paths.patch
@@ -1,9 +1,9 @@
 diff --git a/./dnscrypt-proxy.toml b/dnscrypt-proxy/dnscrypt-proxy.toml
 new file mode 100644
-index 0000000..d1f55b0
+index 0000000..8455f8d
 --- /dev/null
 +++ b/dnscrypt-proxy/dnscrypt-proxy.toml
-@@ -0,0 +1,547 @@
+@@ -0,0 +1,556 @@
 +
 +##############################################
 +#                                            #
@@ -98,13 +98,13 @@ index 0000000..d1f55b0
 +## Uncomment the following line to route all TCP connections to a local Tor node
 +## Tor doesn't support UDP, so set `force_tcp` to `true` as well.
 +
-+# proxy = "socks5://127.0.0.1:9050"
++# proxy = 'socks5://127.0.0.1:9050'
 +
 +
 +## HTTP/HTTPS proxy
 +## Only for DoH servers
 +
-+# http_proxy = "http://127.0.0.1:8888"
++# http_proxy = 'http://127.0.0.1:8888'
 +
 +
 +## How long a DNS query will wait for a response, in milliseconds
@@ -117,11 +117,12 @@ index 0000000..d1f55b0
 +keepalive = 30
 +
 +
-+## Use the REFUSED return code for blocked responses
-+## Setting this to `false` means that some responses will be lies.
-+## Unfortunately, `false` appears to be required for Android 8+
++## Response for blocked queries.  Options are `refused`, `hinfo` (default) or
++## an IP response.  To give an IP response, use the format `a:<IPv4>,aaaa:<IPv6>`.
++## Using the `hinfo` option means that some responses will be lies.
++## Unfortunately, the `hinfo` option appears to be required for Android 8+
 +
-+refused_code_in_responses = false
++# blocked_query_response = 'refused'
 +
 +
 +## Load-balancing strategy: 'p2' (default), 'ph', 'first' or 'random'
@@ -171,6 +172,8 @@ index 0000000..d1f55b0
 +## 49195 = TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
 +## 52392 = TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
 +## 52393 = TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
++##  4865 = TLS_AES_128_GCM_SHA256
++##  4867 = TLS_CHACHA20_POLY1305_SHA256
 +##
 +## On non-Intel CPUs such as MIPS routers and ARM systems (Android, Raspberry Pi...),
 +## the following suite improves performance.
@@ -209,7 +212,7 @@ index 0000000..d1f55b0
 +## initializing the proxy.
 +## Useful if the proxy is automatically started at boot, and network
 +## connectivity is not guaranteed to be immediately available.
-+## Use 0 to not test for connectivity at all,
++## Use 0 to not test for connectivity at all (not recommended),
 +## and -1 to wait as much as possible.
 +
 +netprobe_timeout = 60
@@ -223,7 +226,7 @@ index 0000000..d1f55b0
 +## On other operating systems, the connection will be initialized
 +## but nothing will be sent at all.
 +
-+netprobe_address = "9.9.9.9:53"
++netprobe_address = '9.9.9.9:53'
 +
 +
 +## Offline mode - Do not use any remote encrypted servers.
@@ -233,6 +236,14 @@ index 0000000..d1f55b0
 +# offline_mode = false
 +
 +
++## Additional data to attach to outgoing queries.
++## These strings will be added as TXT records to queries.
++## Do not use, except on servers explicitly asking for extra data
++## to be present.
++
++# query_meta = ["key1:value1", "key2:value2", "key3:value3"]
++
++
 +## Automatic log files rotation
 +
 +# Maximum log files size in MB
@@ -522,17 +533,15 @@ index 0000000..d1f55b0
 +  urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v2/public-resolvers.md', 'https://download.dnscrypt.info/resolvers-list/v2/public-resolvers.md']
 +  cache_file = '/var/cache/dnscrypt-proxy/public-resolvers.md'
 +  minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3'
-+  refresh_delay = 72
 +  prefix = ''
 +
 +  ## Quad9 over DNSCrypt - https://quad9.net/
 +
 +  # [sources.quad9-resolvers]
-+  # urls = ["https://www.quad9.net/quad9-resolvers.md"]
-+  # minisign_key = "RWQBphd2+f6eiAqBsvDZEBXBGHQBJfeG6G+wJPPKxCZMoEQYpmoysKUN"
-+  # cache_file = "/var/cache/dnscrypt-proxy/quad9-resolvers.md"
-+  # refresh_delay = 72
-+  # prefix = "quad9-"
++  # urls = ['https://www.quad9.net/quad9-resolvers.md']
++  # minisign_key = 'RWQBphd2+f6eiAqBsvDZEBXBGHQBJfeG6G+wJPPKxCZMoEQYpmoysKUN'
++  # cache_file = '/var/cache/dnscrypt-proxy/quad9-resolvers.md'
++  # prefix = 'quad9-'
 +
 +  ## Another example source, with resolvers censoring some websites not appropriate for children
 +  ## This is a subset of the `public-resolvers` list, so enabling both is useless
@@ -549,5 +558,5 @@ index 0000000..d1f55b0
 +
 +[static]
 +
-+  # [static.'google']
-+  # stamp = 'sdns://AgUAAAAAAAAAAAAOZG5zLmdvb2dsZS5jb20NL2V4cGVyaW1lbnRhbA'
++  # [static.'myserver']
++  # stamp = 'sdns:AQcAAAAAAAAAAAAQMi5kbnNjcnlwdC1jZXJ0Lg'