Commit Graph

154 Commits

Author SHA1 Message Date
Vladimír Čunát
2fce8dda39
knot-dns: fixup Darwin build again, hopefully 2017-02-14 00:47:26 +01:00
Vladimír Čunát
935ede8a59
knot-resovler: use shared lmdb now 2017-02-13 16:56:54 +01:00
Vladimír Čunát
5b75338a50
knot-dns: use shared lmdb 2017-02-13 16:50:39 +01:00
Vladimír Čunát
45b1d0cb8c
knot-dns: maintenance 2.4.0 -> 2.4.1 2017-02-11 17:51:57 +01:00
Vladimír Čunát
0b7fec6272
knot-resolver: maintenance 1.2.1 -> 1.2.2
In particular, trust anchor bootstrapping is fixed after IANA publishing
an additional key.
2017-02-11 17:47:45 +01:00
Christoph Hrdinka
3047bb2e9c
nsd: 4.1.13 -> 4.1.14
* Fix #1132 for SERVFAIL zones perform backoff, and remembers the timeout on next startup.

* Fix null memcpy for radixtree with single link element.
* Robust fix against missing master in tcp_open for xfrd.
* Fix wildcards in include: config statements with chroot enabled.
* suppress compile warning in lex files.
* Fix to try every master once, then wait for timeout or notify.
* Save backoff timeout into xfrd.state file, this file has a higher version number now. Old files are skipped silently (causes refresh) and created as new files upon exit.
* Fix restart of zone transfers when new config becomes available.
2017-02-10 15:12:18 +01:00
Franz Pletz
da5eaa3c21
bind: 9.10.4-P5 -> 9.10.4-P6 for CVE-2017-3135
See https://kb.isc.org/article/AA-01453.

cc #22549
2017-02-09 10:44:16 +01:00
Vladimír Čunát
c3badbb366 knot-resolver: 1.2.0 -> 1.2.1
It mainly fixes a single issue that perhaps has a minor security impact.
https://lists.nic.cz/pipermail/knot-dns-users/2017-February/001045.html
2017-02-01 22:46:15 +01:00
Vladimír Čunát
dacbca2730
knot-dns: yet another attempt to fix build on Darwin 2017-01-31 12:53:24 +01:00
Vladimír Čunát
612333a770
knot-resolver: yet another attempt to fix build on Darwin 2017-01-30 20:08:16 +01:00
Vladimír Čunát
7f7faab009
knot-dns: yet another attempt to fix build on Darwin 2017-01-30 16:10:59 +01:00
Vladimír Čunát
196b87f707
knot-dns: another attempt to fix build on Darwin 2017-01-30 11:55:30 +01:00
Vladimír Čunát
fd32b16f9e
knot-dns: another attempt to fix build on Darwin
The effort is getting long, without any direct access to a Darwin machine.
2017-01-30 10:09:44 +01:00
Vladimír Čunát
f27fb8ab75
knot-{dns,resolver}: try to fix on darwin
Evaluation works now, at least.
2017-01-25 22:42:20 +01:00
Vladimír Čunát
278bbe3b33
add kresd service with basic options
Still celebrating today's 1.2.0 release!
2017-01-25 18:46:28 +01:00
Vladimír Čunát
5d5fb4a2fb
knot-resolver: init at 1.2.0
Celebrating today's release!
2017-01-25 15:22:09 +01:00
rnhmjoj
d79ea39d04
pdns-recursor: init at 4.0.4 2017-01-23 08:09:51 +01:00
Vladimír Čunát
64b7f096e6
knot-dns: 2.3.3 -> 2.4.0 2017-01-19 11:23:21 +01:00
Jörg Thalheim
1fe51342a9
powerdns: 4.0.1 -> 4.0.2 2017-01-14 23:01:56 +01:00
Peter Simons
2fd0a9f3c7 bind: update to 9.10.4-P5 (CVE-2016-9131, CVE-2016-9147, CVE-2016-9444, CVE-2016-9778) 2017-01-12 10:00:22 +01:00
Franz Pletz
e6708cea37
bind: fix collision of binaries in outputs
Using outputsToInstall the intended behaviour of including host and dnsutils
when bind is installed can be implemented instead of using symlinks to fix
installing all outputs individually with nix-env.

Fixes #19761.
2017-01-07 02:44:54 +01:00
Vladimír Čunát
df07922e3e
knot-dns: init at 2.3.3
Only .lib is tested ATM.
2016-12-13 15:31:29 +01:00
Vladimír Čunát
f0b9ecfa01
bind: fixup more openssl.dev references 2016-12-08 19:10:19 +01:00
Peter Simons
0b180d1ca4 bind: update to 9.10.4-P4 to fix CVE-2016-8864 2016-11-01 22:16:26 +01:00
Graham Christensen
c48fd00fae nsd: 4.1.12 -> 4.1.13 for CVE-2016-6173
Closes #19685
2016-10-19 15:16:54 +02:00
Tuomas Tynkkynen
b4d8f8b8e2 bind: Disable seccomp on non-x86
The list of permitted syscalls in the seccomp sandbox is only defined
for x86. It fails to build otherwise:

````
In file included from /tmp/nix-build-bind-9.10.4-P3.drv-0/bind-9.10.4-P3/lib/isc/include/isc/magic.h:23:0,
                 from /tmp/nix-build-bind-9.10.4-P3.drv-0/bind-9.10.4-P3/lib/isc/include/isc/app.h:89,
                 from ./main.c:26:
./main.c: In function 'setup_seccomp':
./main.c:848:17: error: 'scmp_syscalls' undeclared (first use in this function)
  INSIST((sizeof(scmp_syscalls) / sizeof(int)) ==
````
2016-10-16 23:37:48 +03:00
Franz Pletz
fa405aa264 bind: split out dnsutils & host binaries (#18903)
These tools are commonly used but don't require the other bind binaries.
Bind's libs are used, so they've also been split into an extra output.

The old version of host isn't maintained anymore and was removed From Debian
back in 2009: https://packages.qa.debian.org/h/host.html
2016-10-08 16:01:15 +02:00
Anmol Sethi
489ca7e5c0
powerdns: removed PrivateTmp=true in serviceConfig
As discussed in #18718 PrivateTmp is unnecessary because powerdns is
chrooted to /var/lib/powerdns.

I also added myself as co-maintainer.
2016-10-01 12:27:23 -04:00
Franz Pletz
96b1d15e0c
bind: enable seccomp on linux 2016-09-28 10:50:25 +02:00
Peter Simons
8aaf610d4d bind: cosmetic fix for Emacs' syntax highlighting 2016-09-27 19:30:21 +02:00
Peter Simons
7a5ff282aa bind: update to version 9.10.4-P3 to fix CVE-2016-2776 2016-09-27 19:29:51 +02:00
Christoph Hrdinka
553a3295c1 nsd: 4.1.9 -> 4.1.12
4.1.12
======

Bugfixes
--------

Fix malformed edns query assertion failure, reported by Michal Kepien (NASK).

4.1.11
======

Features
--------

* When tcp is more than half full, use short timeout for tcp session.
* Patch for {max,min}-{refresh,retry}-time from YAMAGUCHI Takanori.
* Fix #790: size-limit-xfr can stop NSD from downloading infinite zone transfer data size, from Toshifumi Sakaguchi. Fixes CVE-2016-6173 JVN#63359718 JPCERT#91251865.

Bugfixes
--------

* Fix build without IPv6, patch from Zdenek Kaspar.
* Fix #783: Trying to run a root server without having configured it silently gives wrong answers.
* Fix #782: Serve DS record but parent zone has no NS record.
* Fix nsec3 missing for nsec3 signed parent and child for DS at zonecut.

4.1.10
======

Features
--------

* ip-freebind: yesno option in nsd.conf sets IP_FREEBIND socket option for Linux, binds to interfaces and addresses that are down.
* NSD includes AAAA before A for queries over IPV6 (in delegations). And TC is set if no glue can be provided with a delegation because of packet size.
* print notice that nsd is starting before taking off.

Bugfixes
--------

* Fix for openssl 1.1.0, HMAC_CTX size not exported from openssl.
* Fix #751: NSD fails to occlude names below a DNAME.
* If set without nsd.db print "" as the default in the man pages.
* Fix #755: NSD spins after a zone update and a lot of TCP queries.
* Fix for NSEC3 with zone signed without exact match for empty nonterminals, the answer for that domain gets closest encloser.
* #772 Document that recvmmsg has IPv6 problems on some linux kernels.

4.1.9
=====

Bugfixes
--------

* Change the nsd.db file version because of nanosecond precision fix.
2016-09-27 00:14:24 +02:00
Tim Steinbach
dbbff67754 bind: 9.10.4 -> 9.10.4-P2 (#18880) 2016-09-24 01:55:00 +02:00
rushmorem
b93b37cf0a coredns: init at 001 2016-09-22 01:11:13 +02:00
Jörg Thalheim
b0a1c0b343
powerdns: init at 4.0.1
fixes #18703
2016-09-18 14:52:44 +02:00
Tuomas Tynkkynen
048a30e4e4 treewide: Fix dev references to libxml2 2016-08-30 03:02:32 +03:00
Tuomas Tynkkynen
a17216af4c treewide: Shuffle outputs
Make either 'bin' or 'out' the first output.
2016-08-29 14:49:51 +03:00
Vladimír Čunát
c4661e9643 Merge: make dev output references explicit
This is a rebase of most commits from #14766,
resolving conflicts and a few other evaluation problems.
2016-05-22 12:09:23 +02:00
Tuomas Tynkkynen
2a73de6e6c treewide: Make explicit that 'dev' output of openssl is used 2016-05-19 10:02:23 +02:00
Tuomas Tynkkynen
ff24ce23c9 bind: Fix references to openssl in *.la files
Avoids reference to the OpenSSL development headers.
2016-05-18 23:05:51 +03:00
Peter Simons
8e462995ba Bring my stdenv.lib.maintainers user name in line with my github nick. 2016-05-16 22:49:55 +02:00
Tuomas Tynkkynen
0561e14c3b bind: Split into multiple outputs
A patch is needed to make bind not print its configure flags on
'named -V'.
2016-05-14 22:12:59 +03:00
Tuomas Tynkkynen
e460267737 bind: Attempt to fix Darwin OpenSSL linking
Issue #15279 reports:

````
Checking for OpenSSL library... using OpenSSL from /nix/store/c6kijfc5py2805lmqczvmcws5cm9jg1l-openssl-1.0.2g-dev/lib and /nix/store/c6kijfc5py2805lmqczvmcws5cm9jg1l-openssl-1.0.2g-dev/include
checking whether linking with OpenSSL works... no
configure: error: Could not run test program using OpenSSL from
/nix/store/c6kijfc5py2805lmqczvmcws5cm9jg1l-openssl-1.0.2g-dev/lib and /nix/store/c6kijfc5py2805lmqczvmcws5cm9jg1l-openssl-1.0.2g-dev/include.
Please check the argument to --with-openssl and your
shared library configuration (e.g., LD_LIBRARY_PATH).
builder for ‘/nix/store/54nni99j4ycwws6zfjwcvv8vxsdk895i-bind-9.10.4.drv’ failed with exit code 1
````
2016-05-13 23:31:30 +03:00
Robin Gloster
2ef7fbe4a0 Merge pull request #15185 from hrdinka/update/nsd
nsd: 4.1.7 -> 4.1.9
2016-05-03 11:44:54 +02:00
Alexander Ried
5be72c23ea bind: LibreSSL compatibility added upstream 2016-05-03 04:58:01 +02:00
Alexander Ried
19ce448380 bind: 9.10.3-P4 -> 9.10.4 2016-05-03 04:58:01 +02:00
Christoph Hrdinka
199c998bcc nsd: 4.1.7 -> 4.1.9
Features
========

* Fix #732: tcp-mss, outgoing-tcp-mss options for nsd.conf, patch from Daisuke Higashi.
* Fix #739: zonefile changes when mtime is small are detected on reload, if filesystem supports precision mtime values.
* RR type CSYNC (RFC7477) syntax is supported.

Bugfixes
========

* Change the nsd.db file version because of nanosecond precision fix.
* take advantage of arc4random_uniform if available, patch from Loganaden Velvindron.
* Fix flto check for OSX clang.
* Define _DEFAULT_SOURCE with _BSD_SOURCE for glibc 2.20 on Linux.
* Fix #736: segfault during zone transfer.
* Fix #744: Fix that NSD replies for configured but unloaded zone with SERVFAIL, not REFUSED.
2016-05-02 16:46:46 +02:00
Vladimír Čunát
ab15a62c68 Merge branch 'master' into closure-size
Beware that stdenv doesn't build. It seems something more will be needed
than just resolution of merge conflicts.
2016-04-01 10:06:01 +02:00
Franz Pletz
404a699a20 bind: 9.10.3 -> 9.10.3-P4 (security)
Fixes:

  * CVE-2016-1285: https://kb.isc.org/article/AA-01352/
  * CVE-2016-1286: https://kb.isc.org/article/AA-01353/
2016-03-21 03:53:21 +01:00
Vladimír Čunát
09af15654f Merge master into closure-size
The kde-5 stuff still didn't merge well.
I hand-fixed what I saw, but there may be more problems.
2016-03-08 09:58:19 +01:00
Christoph Hrdinka
a0753c7cb2 nsd: 4.1.6 -> 4.1.7 2016-02-28 09:17:46 +01:00
Vladimír Čunát
f9f6f41bff Merge branch 'master' into closure-size
TODO: there was more significant refactoring of qtbase and plasma 5.5
on master, and I'm deferring pointing to correct outputs to later.
2015-12-31 09:53:02 +01:00
Franz Pletz
0e07172c6d bind: Fix patching Makefile.in
There is no postPatchPhase.
2015-12-25 21:39:56 -05:00
Robin Gloster
bdfc4efd67 bind: add patch to build with libressl 2.3 2015-12-23 22:08:33 +00:00
Vladimír Čunát
333d69a5f0 Merge staging into closure-size
The most complex problems were from dealing with switches reverted in
the meantime (gcc5, gmp6, ncurses6).
It's likely that darwin is (still) broken nontrivially.
2015-11-20 14:32:58 +01:00
Christoph Hrdinka
a4ea5e4e4b nsd: 4.13 -> 4.16 2015-11-12 14:51:47 +01:00
Vladimír Čunát
6d86a93c43 libevent: split into multiple outputs
Hopefully all references are fixed.
2015-10-05 15:58:37 +02:00
William A. Kennington III
ecd90e61cc bind: 9.10.2-P4 -> 9.10.3 2015-09-17 14:12:38 -07:00
William A. Kennington III
fe8a27cd64 mesos-dns: Move to go-packages 2015-09-04 23:57:00 -07:00
William A. Kennington III
68be570a0a skydns: Move to go-packages 2015-09-04 21:26:35 -07:00
William A. Kennington III
21370fb150 bind: 9.10.2-P3 -> 9.10.2-P4 2015-09-02 21:49:43 -07:00
Jaka Hudoklin
e2f673e024 skydns: 2.5.0a -> 2.5.2b 2015-08-29 18:28:50 +02:00
William A. Kennington III
3932ba7a54 bind: 9.10.2-P2 -> 9.10.2-P3 2015-07-29 10:36:45 -07:00
Christoph Hrdinka
1e95b76c67 nsd: 4.1.2 -> 4.1.3 2015-07-13 14:49:50 +02:00
Pascal Wittmann
007e288912 bind: update from 9.10.2 to 9.10.2-P2, fixes CVE-2015-4620 2015-07-10 18:20:29 +02:00
Jaka Hudoklin
ef1f827671 skydns: update to 2.5.0a 2015-06-19 13:35:32 +02:00
Christoph Hrdinka
7b207ab10b nsd: update 4.1.1 -> 4.1.2 2015-06-18 14:08:39 +02:00
Eelco Dolstra
ab8b68cd99 Revert "bind: Modify build"
This reverts commit 0a06b99d69.
2015-06-04 14:54:51 +02:00
Eelco Dolstra
676fbc2578 Revert "bind: Enable parallel building"
This reverts commit e74b5704a8.
2015-06-04 14:54:51 +02:00
Eelco Dolstra
4fdf489073 Revert "dnsutils: Add smaller derivation of bind"
This reverts commit bb6ac771c4.
2015-06-04 14:54:51 +02:00
Eelco Dolstra
0a4de71cb0 Revert "bind: Add propagatedBuildInputs"
This reverts commit 9f70b1ab31.
2015-06-04 14:54:51 +02:00
William A. Kennington III
9f70b1ab31 bind: Add propagatedBuildInputs 2015-05-24 15:01:21 -07:00
William A. Kennington III
bb6ac771c4 dnsutils: Add smaller derivation of bind 2015-05-23 22:26:23 -07:00
William A. Kennington III
e74b5704a8 bind: Enable parallel building 2015-05-23 20:07:51 -07:00
William A. Kennington III
0a06b99d69 bind: Modify build 2015-05-23 19:07:13 -07:00
Pascal Wittmann
d811c6cf41 skydns: fixed typo 2015-05-19 20:30:49 +02:00
Jaka Hudoklin
ca0d1aa9a3 Merge pull request #6880 from offlinehacker/pkgs/skydns/add
Add skydns
2015-04-19 10:43:05 +02:00
Christoph Hrdinka
d3a2edb8ce nsd: Fix automatic config options 2015-03-19 12:10:55 +01:00
Christoph Hrdinka
6db8155e37 nsd: Update from 4.1.0 -> 4.1.1 2015-03-18 21:01:35 +01:00
Jaka Hudoklin
26f671155e Add skydns 2015-03-18 20:29:11 +01:00
Benjamin Staffin
dec05e9b28 mesos-dns: Update to newer commit
Notable upstream changes:
- Support for multiple ports per task
- Records generated for mesos master nodes
- SRV records resolve to hostnames rather than IPs
- Query handling is now properly case-insensitive
- Better AAAA record handling
2015-03-15 14:00:54 -07:00
koral
f1e615f6df bind: 9.9.5-W1 -> 9.10.2 + added rndc key 2015-03-01 20:02:09 +00:00
Benjamin Staffin
d382667537 New package: mesos-dns 2015-02-20 17:11:49 -08:00
Christoph Hrdinka
f5cd9d2460 nsd: fix description, license and platforms 2014-09-28 15:30:39 +02:00
Christoph Hrdinka
f1b3196f2d nsd: update to version 4.1.0 2014-09-28 14:43:26 +02:00
Christoph Hrdinka
29b4258622 nsd: add hrdinka to maintainers 2014-09-28 14:43:16 +02:00
aszlig
fd9c8fa3dc
pkgs/nsd: Allow to easily override the package.
Allowing to use nixpkgs config to provide different defaults is not
going to help us here, so we would like to use nsd.override {} in order
to supply the correct options in the module.

Eventually removing the nixpkgs config option would make sense here as
well.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-09-05 02:54:39 +02:00
Bjørn Forsman
c9baba9212 Fix many package descriptions
(My OCD kicked in today...)

Remove repeated package names, capitalize first word, remove trailing
periods and move overlong descriptions to longDescription.

I also simplified some descriptions as well, when they were particularly
long or technical, often based on Arch Linux' package descriptions.

I've tried to stay away from generated expressions (and I think I
succeeded).

Some specifics worth mentioning:
 * cron, has "Vixie Cron" in its description. The "Vixie" part is not
   mentioned anywhere else. I kept it in a parenthesis at the end of the
   description.

 * ctags description started with "Exuberant Ctags ...", and the
   "exuberant" part is not mentioned elsewhere. Kept it in a parenthesis
   at the end of description.

 * nix has the description "The Nix Deployment System". Since that
   doesn't really say much what it is/does (especially after removing
   the package name!), I changed that to "Powerful package manager that
   makes package management reliable and reproducible" (borrowed from
   nixos.org).

 * Tons of "GNU Foo, Foo is a [the important bits]" descriptions
   is changed to just [the important bits]. If the package name doesn't
   contain GNU I don't think it's needed to say it in the description
   either.
2014-08-24 22:31:37 +02:00
Patrick Mahoney
b947cde3a5 bind: Expand to all unix platforms. 2014-08-04 15:09:07 -05:00
Christoph Hrdinka
e59c465103 nsd: add package version 4.0.3 2014-06-12 11:14:44 +02:00
Peter Simons
b0c2354809 bind: update to version 9.9.5-W1 (fixes CVE-2013-6230 and CVE 2014-0591) 2014-03-03 13:10:05 +01:00
Peter Simons
6603ef3bf8 bind: update to version 9.9.4-P2 2014-01-14 15:55:24 +01:00
Peter Simons
516377c0b6 bind: update to 9.9.3-p2 to fix CVE-2013-4854 2013-07-28 13:50:11 +02:00
Peter Simons
2e618df532 bind: avoid build impurity by explicitly enabling/disabling features
The BIND configure script finds extra dependencies in /usr/include and /usr/lib,
and activates additional features if it does. This may cause the build to fail
on systems that cannot use a chroot environment. Actively disabling those
additional features prevents this issue from occurring.
2013-06-10 15:38:00 +02:00
Peter Simons
bfa846cd6e bind: update to 9.9.3-P1 to fix CVE-2013-3919 2013-06-07 13:27:12 +02:00
Peter Simons
e655ac24d2 bind: add meta.license attribute 2013-04-01 11:46:14 +02:00
Peter Simons
d95c79bad7 bind: update to version 9.9.2-P2 to fix CVE 2010-4051 /2010-4052 2013-04-01 11:46:13 +02:00
Michael Raskin
8eec7bf2f6 Updating BIND to freshest version 9.9.2 2012-10-17 16:27:38 +04:00
Eelco Dolstra
3cf0b00b5a bind: Update to 9.7.6-P3
Fixes CVE-2012-4244.
2012-10-02 11:48:54 -04:00
Eelco Dolstra
36667965f9 * Updated bind to 9.7.6-P1, which includes a fix for CVE-2012-1667.
svn path=/nixpkgs/trunk/; revision=34370
2012-06-06 15:51:48 +00:00