1
0
Fork 1
mirror of https://github.com/NixOS/nixpkgs.git synced 2024-11-20 12:42:24 +00:00
Commit graph

220 commits

Author SHA1 Message Date
adisbladis ca094d7af2
bind: License changed to MPL 2.0 2018-01-17 09:39:20 +08:00
Andreas Rammhold d2b852fe7d
bind: 9.11.2 -> 9.11.2-P1 (fixes CVE-2017-3145, CVE-2017-3143, CVE-2017-3141 & CVE-2017-3140)
For more details see [1].

[1] http://ftp.isc.org/isc/bind9/9.11.2-P1/RELEASE-NOTES-bind-9.11.2-P1.html
2018-01-17 02:29:13 +01:00
Samuel Dionne-Riel 7b97c8c0c8 treewide: homepage+src updates (found by repology, #33263) 2018-01-05 20:42:46 +01:00
Vladimír Čunát f29000b002
Merge branch 'master' into staging
Hydra: ?compare=1421760
2017-12-29 10:13:33 +01:00
Robin Gloster 572b2bda4e treewide: generalise for both mysql & mariadb 2017-12-29 02:18:35 +01:00
Christoph Hrdinka f00c17e927
nsd: 4.1.16 -> 4.1.19
Signed-off-by: Christoph Hrdinka <c.github@hrdinka.at>
2017-12-28 14:34:06 +01:00
Christoph Hrdinka 02694384c0
nsd: add configFile parameter
Signed-off-by: Christoph Hrdinka <c.github@hrdinka.at>
2017-12-28 14:34:05 +01:00
Dylan Simon 0f881aec23 bind: explicitly disable lmdb
Autodetected by default (so should be disabled) but avoid finding a
broken system version.
2017-12-21 15:07:22 -05:00
Vladimír Čunát 4d71ad1bc2
knot-resolver: 1.5.0 -> 1.5.1
It seems to be serving fine, atop 17.09.
2017-12-12 15:12:22 +01:00
Samuel Leathers c2e9a1ca3b
powerdns: 4.0.4 -> 4.0.5 for CVE-2017-15091
Closes #32116.
2017-12-11 14:52:11 +01:00
Andreas Rammhold f7b87a773e
pdns-recursor: 4.0.6 -> 4.0.8 (fixes CVE-2017-15120)
For more details see [1].

[1] http://www.openwall.com/lists/oss-security/2017/12/11/1
2017-12-11 13:51:59 +01:00
Vladimír Čunát 4dba2f2158
knot-dns: maintenance 2.6.1 -> 2.6.3 2017-12-01 12:43:05 +01:00
Gregor Kleen a2e40f7254 nixpkgs/bind: use python3 2017-11-17 14:03:30 +01:00
Gregor Kleen 9826f5cc3c nixos/nsd: automatic DNSSEC using BIND toolset 2017-11-16 01:52:28 +01:00
Vladimír Čunát 1435ace4e4
knot-dns: remove unused dependency
https://gitlab.labs.nic.cz/knot/knot-dns/issues/559
2017-11-13 12:44:40 +01:00
Vladimír Čunát 327c351cb2
knot-resolver: disable the hints test for now
It's flaky, unfortunately.
2017-11-12 20:24:03 +01:00
Orivej Desh c1a6665549 pdns-recursor: enable parallel building 2017-11-05 17:16:36 +00:00
rnhmjoj f9031957ed
pdns-recursor: 4.0.4 -> 4.0.6 2017-11-05 17:32:06 +01:00
Vladimír Čunát 4b15ca2248
knot-resolver: 1.4.0 -> 1.5.0
https://lists.nic.cz/pipermail/knot-dns-users/2017-November/001240.html
ICANN wants to watch what root trust anchors people use.
https://www.icann.org/resources/pages/ksk-rollover
2017-11-03 11:04:50 +01:00
Vladimír Čunát 5f86f5d5b1
knot-dns: maintenance 2.6.0 -> 2.6.1
https://lists.nic.cz/pipermail/knot-dns-users/2017-November/001241.html
2017-11-03 10:57:15 +01:00
Vladimír Čunát 8688a5198f
knot-dns: fix kdig +tls sending bad SNI 2017-10-26 12:22:11 +02:00
Franz Pletz 57a0422b03 Merge pull request #30545 from Mic92/pdns
powerdns: 4.0.3 -> 4.0.4
2017-10-25 10:38:24 +02:00
Vladimír Čunát c0e00efdae
knot-dns: fix kdig +tls broken in 2.6.0 2017-10-19 11:18:20 +02:00
Joerg Thalheim c9da6d37e9 powerdns: remove nhooyr as maintainer 2017-10-18 19:50:02 +01:00
Joerg Thalheim 8bd1580d1a powerdns: 4.0.3 -> 4.0.4 2017-10-18 16:46:54 +01:00
Orivej Desh fda26c8476 Merge branch 'master' into staging
* master: (271 commits)
  pysmbc: clarify license
  pysmbc: fix license
  bazel: 0.5.4 -> 0.6.0 (#29990)
  googler: init at 3.3
  go: declare support for aarch64
  firefox-beta-bin: 56.0b5 -> 57.0b4
  spotify: 1.0.64.401.g9d720389-21 -> 1.0.64.407.g9bd02c2d-26
  gogs: 0.11.19 -> 0.11.29
  grafana: 4.5.1 -> 4.5.2
  mopidy-iris: 3.4.1 -> 3.4.9
  nextcloud: 12.0.2 -> 12.0.3
  haskell-json-autotype: jailbreak to fix build within LTS 9.x
  kore: fix up
  kore: init at 2.0.0
  glusterfs service: fix issues with useRpcbind
  tig: 2.2.2 -> 2.3.0
  haskell-hspec-core: enable test suite again
  hackage-packages.nix: automatic Haskell package set update
  librsvg: fix thumbnailer path
  awscli: 1.11.108 -> 1.11.162
  ...
2017-10-02 00:22:12 +00:00
Vladimír Čunát 4a2dd9905c
knot-dns: 2.5.3 -> 2.6.0 2017-09-29 15:59:04 +02:00
John Ericson f037625f87 Merge remote-tracking branch 'upstream/staging' into deps-reorg 2017-09-28 12:32:57 -04:00
Vladimír Čunát 7c7f8c9c1d
knot-*: simplify lmdb dependency
Partly thanks to lmdb.pc, partly thanks to 84bd2f4
(hopefully; untested on Darwin).
2017-09-23 14:15:56 +02:00
Vladimír Čunát fd56648a04
knot-resolver: 1.3.3 -> 1.4.0
Also drop rarely used dependencies, by default,
and utilize root server addresses from nixpkgs.
2017-09-22 11:27:59 +02:00
John Ericson ed14223f8c treewide: Manual fix more pkg-config build-inputs 2017-09-21 15:49:54 -04:00
John Ericson 531e4b80c9 misc pkgs: Basic sed to get fix pkgconfig and autoreconfHook buildInputs
Only acts on one-line dependency lists.
2017-09-21 15:49:53 -04:00
Matthew Justin Bauer 2eacddf0dc treewide: homepage URL fixes (#28475)
* pgadmin: use https homepage

* msn-pecan: move homepage to github

google code is now unavailable

* pidgin-latex: use https for homepage

* pidgin-opensteamworks: use github for homepage

google code is unavailable

* putty: use https for homepage

* ponylang: use https for homepage

* picolisp: use https for homepage

* phonon: use https for homepage

* pugixml: use https for homepage

* pioneer: use https for homepage

* packer: use https for homepage

* pokerth: usee https for homepage

* procps-ng: use https for homepage

* pycaml: use https for homepage

* proot: move homepage to .github.io

* pius: use https for homepage

* pdfread: use https for homepage

* postgresql: use https for homepage

* ponysay: move homepage to new site

* prometheus: use https for homepage

* powerdns: use https for homepage

* pm-utils: use https for homepage

* patchelf: move homepage to https

* tesseract: move homepage to github

* quodlibet: move homepage from google code

* jbrout: move homepage from google code

* eiskaltdcpp: move homepage to github

* nodejs: use https to homepage

* nix: use https for homepage

* pdf2djvu: move homepage from google code

* game-music-emu: move homepage from google code

* vacuum: move homepae from google code
2017-08-22 20:50:04 +02:00
Vladimír Čunát 378c6d7063
knot-dns: try to fixup on Darwin 2017-08-16 08:24:05 +02:00
Vladimír Čunát 10bcf0818f
knot-resolver: security 1.3.2 -> 1.3.3
https://lists.nic.cz/pipermail/knot-dns-users/2017-August/001184.html
2017-08-09 16:36:32 +02:00
Silvan Mosberger f5fa5fa4d6 pkgs: refactor needless quoting of homepage meta attribute (#27809)
* pkgs: refactor needless quoting of homepage meta attribute

A lot of packages are needlessly quoting the homepage meta attribute
(about 1400, 22%), this commit refactors all of those instances.

* pkgs: Fixing some links that were wrongfully unquoted in the previous
commit

* Fixed some instances
2017-08-01 22:03:30 +02:00
Franz Pletz cfbac7bbad
bind: 9.11.1-P2 -> 9.11.2 for multiple CVEs
See: https://kb.isc.org/article/AA-01522

Fixes: CVE-2017-3140 CVE-2017-3141 CVE-2017-3142 CVE-2017-3143
2017-08-01 10:26:20 +02:00
Vladimír Čunát 20d2bfa4ff
knot-resolver: remove unused inputs 2017-07-28 15:34:27 +02:00
Vladimír Čunát 62e4e3301b
knot-resolver: maintenance 1.3.1 -> 1.3.2 2017-07-28 15:12:23 +02:00
Vladimír Čunát 69c67371db
knot-dns: maintenance 2.5.2 -> 2.5.3 2017-07-28 15:12:07 +02:00
Vladimír Čunát 3678981f9f
knot-resolver: remove aarch64 from meta.platforms
It will compile but won't really work ATM.
2017-07-10 18:11:40 +02:00
Tim Steinbach 171c088754
bind: 9.10.5-P2 -> 9.11.1-P2 2017-06-30 13:52:04 -04:00
Peter Simons c4430ba248 bind: update to version 9.10.5-P2 to fix CVE-2017-3142 and CVE-2017-3143 2017-06-29 22:15:01 +02:00
Vladimír Čunát c76f8d9c7a
knot-resolver: maintenance 1.3.0 -> 1.3.1 2017-06-23 14:48:29 +02:00
Vladimír Čunát 75872f3161
knot-dns: security 2.5.1 -> 2.5.2
https://lists.nic.cz/pipermail/knot-dns-users/2017-June/001144.html
2017-06-23 14:48:10 +02:00
Franz Pletz 72c36db003
bind: 9.10.5 -> 9.10.5-P1 for CVE-2017-3140 2017-06-15 13:43:09 +02:00
Franz Pletz 44cb792077
powerdns: 4.0.2 -> 4.0.3 2017-06-13 21:21:59 +02:00
Vladimír Čunát 156a9afb2b
knot-resolver: 1.2.6 -> 1.3.0 2017-06-13 10:57:33 +02:00
Vladimír Čunát db0235ce76
knot-dns: quick bugfix 2.5.0 -> 2.5.1 2017-06-07 17:57:42 +02:00
Franz Pletz f18bcc1e2a
knot-dns: 2.4.2 -> 2.5.0 2017-06-06 03:59:16 +02:00
Michiel Leenaars 16857df2f3
nsd: fix openssl path in nsd-control-setup
Closes #26002
2017-05-26 10:00:28 +02:00
Michiel Leenaars 51269faa08
nsd: 4.1.15 -> 4.1.16 2017-05-26 10:00:16 +02:00
Robin Gloster b447f624c3
bind: 9.10.4-P6 -> 9.10.5 2017-05-20 14:24:57 +02:00
Franz Pletz eb79649414
bind: disable seccomp by default
Fixes #25645 & #23431.
2017-05-09 18:19:38 +02:00
Vladimír Čunát d7501b986a
luajit: 2.1.0-beta2 -> 2.1.0-beta3
The removal of `luaL_reg` alias caused lots of breakage.
Only sysdig and knot-resolver needed (also) other changes.
2017-05-02 14:00:45 +02:00
Vladimír Čunát 125cf35273
knot-resolver: maintenance 1.2.5 -> 1.2.6 2017-04-24 16:36:27 +02:00
Christoph Hrdinka 60160234aa
nsd: 4.1.14 -> 4.1.15 2017-04-08 21:49:13 +02:00
Vladimír Čunát 44168b4b22
knot-resolver: update the source hash
Just nitpick changes in the tarball, minutes after the release.
2017-04-05 16:08:11 +02:00
Vladimír Čunát 12839e4599
knot-resolver: maintenance 1.2.4 -> 1.2.5 2017-04-05 15:49:27 +02:00
John Ericson 4c0d7da183 Get rid of all with { inherit... } and just used let inherit...
The old forms presumably predates, or were made in ignorance of,
`let inherit`. This way is better style as the scoping as more lexical,
something which Nix can (or might already!) take advantage of.
2017-03-30 03:05:05 -04:00
Vladimír Čunát 070ae18422
knot-dns: maintenance 2.4.1 -> 2.4.2 2017-03-23 16:34:11 +01:00
Vladimír Čunát 74f92e9556
knot-resolver: maintenance 1.2.3 -> 1.2.4 2017-03-09 21:25:45 +01:00
Vladimír Čunát cb63a0b2da
knot-resolver: maintenance 1.2.2 -> 1.2.3
Just tiny fixes for some rare circumstances.
https://lists.nic.cz/pipermail/knot-dns-users/2017-February/001066.html
2017-02-23 16:23:23 +01:00
Rene Treffer 055d6399ef coredns: 001 -> 005 2017-02-19 21:26:10 +01:00
Nikolay Amiantov f1e7a60b16
dnsutils: +sigchase support for dig
Fixes #10728, closes #22989.
The dnsutils output got ~60kiB bigger, and I see no extra runtime deps.
2017-02-19 12:13:05 +01:00
Vladimír Čunát e5ac6bc999
knot-resolver: use embedded lmdb on Darwin for now
I don't know what's wrong there, and Darwin isn't among primary platforms
for kresd.
2017-02-15 10:23:44 +01:00
Vladimír Čunát 2fce8dda39
knot-dns: fixup Darwin build again, hopefully 2017-02-14 00:47:26 +01:00
Vladimír Čunát 935ede8a59
knot-resovler: use shared lmdb now 2017-02-13 16:56:54 +01:00
Vladimír Čunát 5b75338a50
knot-dns: use shared lmdb 2017-02-13 16:50:39 +01:00
Vladimír Čunát 45b1d0cb8c
knot-dns: maintenance 2.4.0 -> 2.4.1 2017-02-11 17:51:57 +01:00
Vladimír Čunát 0b7fec6272
knot-resolver: maintenance 1.2.1 -> 1.2.2
In particular, trust anchor bootstrapping is fixed after IANA publishing
an additional key.
2017-02-11 17:47:45 +01:00
Christoph Hrdinka 3047bb2e9c
nsd: 4.1.13 -> 4.1.14
* Fix #1132 for SERVFAIL zones perform backoff, and remembers the timeout on next startup.

* Fix null memcpy for radixtree with single link element.
* Robust fix against missing master in tcp_open for xfrd.
* Fix wildcards in include: config statements with chroot enabled.
* suppress compile warning in lex files.
* Fix to try every master once, then wait for timeout or notify.
* Save backoff timeout into xfrd.state file, this file has a higher version number now. Old files are skipped silently (causes refresh) and created as new files upon exit.
* Fix restart of zone transfers when new config becomes available.
2017-02-10 15:12:18 +01:00
Franz Pletz da5eaa3c21
bind: 9.10.4-P5 -> 9.10.4-P6 for CVE-2017-3135
See https://kb.isc.org/article/AA-01453.

cc #22549
2017-02-09 10:44:16 +01:00
Vladimír Čunát c3badbb366 knot-resolver: 1.2.0 -> 1.2.1
It mainly fixes a single issue that perhaps has a minor security impact.
https://lists.nic.cz/pipermail/knot-dns-users/2017-February/001045.html
2017-02-01 22:46:15 +01:00
Vladimír Čunát dacbca2730
knot-dns: yet another attempt to fix build on Darwin 2017-01-31 12:53:24 +01:00
Vladimír Čunát 612333a770
knot-resolver: yet another attempt to fix build on Darwin 2017-01-30 20:08:16 +01:00
Vladimír Čunát 7f7faab009
knot-dns: yet another attempt to fix build on Darwin 2017-01-30 16:10:59 +01:00
Vladimír Čunát 196b87f707
knot-dns: another attempt to fix build on Darwin 2017-01-30 11:55:30 +01:00
Vladimír Čunát fd32b16f9e
knot-dns: another attempt to fix build on Darwin
The effort is getting long, without any direct access to a Darwin machine.
2017-01-30 10:09:44 +01:00
Vladimír Čunát f27fb8ab75
knot-{dns,resolver}: try to fix on darwin
Evaluation works now, at least.
2017-01-25 22:42:20 +01:00
Vladimír Čunát 278bbe3b33
add kresd service with basic options
Still celebrating today's 1.2.0 release!
2017-01-25 18:46:28 +01:00
Vladimír Čunát 5d5fb4a2fb
knot-resolver: init at 1.2.0
Celebrating today's release!
2017-01-25 15:22:09 +01:00
rnhmjoj d79ea39d04
pdns-recursor: init at 4.0.4 2017-01-23 08:09:51 +01:00
Vladimír Čunát 64b7f096e6
knot-dns: 2.3.3 -> 2.4.0 2017-01-19 11:23:21 +01:00
Jörg Thalheim 1fe51342a9
powerdns: 4.0.1 -> 4.0.2 2017-01-14 23:01:56 +01:00
Peter Simons 2fd0a9f3c7 bind: update to 9.10.4-P5 (CVE-2016-9131, CVE-2016-9147, CVE-2016-9444, CVE-2016-9778) 2017-01-12 10:00:22 +01:00
Franz Pletz e6708cea37
bind: fix collision of binaries in outputs
Using outputsToInstall the intended behaviour of including host and dnsutils
when bind is installed can be implemented instead of using symlinks to fix
installing all outputs individually with nix-env.

Fixes #19761.
2017-01-07 02:44:54 +01:00
Vladimír Čunát df07922e3e
knot-dns: init at 2.3.3
Only .lib is tested ATM.
2016-12-13 15:31:29 +01:00
Vladimír Čunát f0b9ecfa01
bind: fixup more openssl.dev references 2016-12-08 19:10:19 +01:00
Peter Simons 0b180d1ca4 bind: update to 9.10.4-P4 to fix CVE-2016-8864 2016-11-01 22:16:26 +01:00
Graham Christensen c48fd00fae nsd: 4.1.12 -> 4.1.13 for CVE-2016-6173
Closes #19685
2016-10-19 15:16:54 +02:00
Tuomas Tynkkynen b4d8f8b8e2 bind: Disable seccomp on non-x86
The list of permitted syscalls in the seccomp sandbox is only defined
for x86. It fails to build otherwise:

````
In file included from /tmp/nix-build-bind-9.10.4-P3.drv-0/bind-9.10.4-P3/lib/isc/include/isc/magic.h:23:0,
                 from /tmp/nix-build-bind-9.10.4-P3.drv-0/bind-9.10.4-P3/lib/isc/include/isc/app.h:89,
                 from ./main.c:26:
./main.c: In function 'setup_seccomp':
./main.c:848:17: error: 'scmp_syscalls' undeclared (first use in this function)
  INSIST((sizeof(scmp_syscalls) / sizeof(int)) ==
````
2016-10-16 23:37:48 +03:00
Franz Pletz fa405aa264 bind: split out dnsutils & host binaries (#18903)
These tools are commonly used but don't require the other bind binaries.
Bind's libs are used, so they've also been split into an extra output.

The old version of host isn't maintained anymore and was removed From Debian
back in 2009: https://packages.qa.debian.org/h/host.html
2016-10-08 16:01:15 +02:00
Anmol Sethi 489ca7e5c0
powerdns: removed PrivateTmp=true in serviceConfig
As discussed in #18718 PrivateTmp is unnecessary because powerdns is
chrooted to /var/lib/powerdns.

I also added myself as co-maintainer.
2016-10-01 12:27:23 -04:00
Franz Pletz 96b1d15e0c
bind: enable seccomp on linux 2016-09-28 10:50:25 +02:00
Peter Simons 8aaf610d4d bind: cosmetic fix for Emacs' syntax highlighting 2016-09-27 19:30:21 +02:00
Peter Simons 7a5ff282aa bind: update to version 9.10.4-P3 to fix CVE-2016-2776 2016-09-27 19:29:51 +02:00
Christoph Hrdinka 553a3295c1 nsd: 4.1.9 -> 4.1.12
4.1.12
======

Bugfixes
--------

Fix malformed edns query assertion failure, reported by Michal Kepien (NASK).

4.1.11
======

Features
--------

* When tcp is more than half full, use short timeout for tcp session.
* Patch for {max,min}-{refresh,retry}-time from YAMAGUCHI Takanori.
* Fix #790: size-limit-xfr can stop NSD from downloading infinite zone transfer data size, from Toshifumi Sakaguchi. Fixes CVE-2016-6173 JVN#63359718 JPCERT#91251865.

Bugfixes
--------

* Fix build without IPv6, patch from Zdenek Kaspar.
* Fix #783: Trying to run a root server without having configured it silently gives wrong answers.
* Fix #782: Serve DS record but parent zone has no NS record.
* Fix nsec3 missing for nsec3 signed parent and child for DS at zonecut.

4.1.10
======

Features
--------

* ip-freebind: yesno option in nsd.conf sets IP_FREEBIND socket option for Linux, binds to interfaces and addresses that are down.
* NSD includes AAAA before A for queries over IPV6 (in delegations). And TC is set if no glue can be provided with a delegation because of packet size.
* print notice that nsd is starting before taking off.

Bugfixes
--------

* Fix for openssl 1.1.0, HMAC_CTX size not exported from openssl.
* Fix #751: NSD fails to occlude names below a DNAME.
* If set without nsd.db print "" as the default in the man pages.
* Fix #755: NSD spins after a zone update and a lot of TCP queries.
* Fix for NSEC3 with zone signed without exact match for empty nonterminals, the answer for that domain gets closest encloser.
* #772 Document that recvmmsg has IPv6 problems on some linux kernels.

4.1.9
=====

Bugfixes
--------

* Change the nsd.db file version because of nanosecond precision fix.
2016-09-27 00:14:24 +02:00
Tim Steinbach dbbff67754 bind: 9.10.4 -> 9.10.4-P2 (#18880) 2016-09-24 01:55:00 +02:00
rushmorem b93b37cf0a coredns: init at 001 2016-09-22 01:11:13 +02:00