Commit Graph

77 Commits

Author SHA1 Message Date
Matthew Justin Bauer
6af1426421
bind: only include libcap on linux 2018-06-10 20:04:29 -04:00
Nicolas Dudebout
72fe3d7b08 bind: compile with libcap (#41755)
Additionally:

   + split native and other build inputs
   + alphabetically order dependencies
   + explicitly disable libjson support (the configure script looks for it in
     /usr, /usr/local, and /opt/local)
2018-06-10 01:43:13 +02:00
John Ericson
db4d77779c Merge remote-tracking branch 'upstream/master' into staging 2018-05-21 20:21:48 -04:00
R. RyanTM
d2329184a9 bind: 9.12.1 -> 9.12.1-P2
Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools.

This update was made based on information from https://repology.org/metapackage/bind/versions.

These checks were done:

- built on NixOS
- /nix/store/zxylanld5x7l9n2n24g70qj91n4kmj5x-bind-9.12.1-P2/bin/delv passed the binary check.
- Warning: no invocation of /nix/store/zxylanld5x7l9n2n24g70qj91n4kmj5x-bind-9.12.1-P2/bin/arpaname had a zero exit code or showed the expected version
- /nix/store/zxylanld5x7l9n2n24g70qj91n4kmj5x-bind-9.12.1-P2/bin/named-rrchecker passed the binary check.
- /nix/store/zxylanld5x7l9n2n24g70qj91n4kmj5x-bind-9.12.1-P2/bin/mdig passed the binary check.
- /nix/store/zxylanld5x7l9n2n24g70qj91n4kmj5x-bind-9.12.1-P2/bin/ddns-confgen passed the binary check.
- /nix/store/zxylanld5x7l9n2n24g70qj91n4kmj5x-bind-9.12.1-P2/bin/dnssec-cds passed the binary check.
- /nix/store/zxylanld5x7l9n2n24g70qj91n4kmj5x-bind-9.12.1-P2/bin/dnssec-dsfromkey passed the binary check.
- /nix/store/zxylanld5x7l9n2n24g70qj91n4kmj5x-bind-9.12.1-P2/bin/dnssec-importkey passed the binary check.
- /nix/store/zxylanld5x7l9n2n24g70qj91n4kmj5x-bind-9.12.1-P2/bin/dnssec-keyfromlabel passed the binary check.
- /nix/store/zxylanld5x7l9n2n24g70qj91n4kmj5x-bind-9.12.1-P2/bin/dnssec-keygen passed the binary check.
- /nix/store/zxylanld5x7l9n2n24g70qj91n4kmj5x-bind-9.12.1-P2/bin/dnssec-revoke passed the binary check.
- /nix/store/zxylanld5x7l9n2n24g70qj91n4kmj5x-bind-9.12.1-P2/bin/dnssec-settime passed the binary check.
- /nix/store/zxylanld5x7l9n2n24g70qj91n4kmj5x-bind-9.12.1-P2/bin/dnssec-signzone passed the binary check.
- /nix/store/zxylanld5x7l9n2n24g70qj91n4kmj5x-bind-9.12.1-P2/bin/dnssec-verify passed the binary check.
- Warning: no invocation of /nix/store/zxylanld5x7l9n2n24g70qj91n4kmj5x-bind-9.12.1-P2/bin/genrandom had a zero exit code or showed the expected version
- /nix/store/zxylanld5x7l9n2n24g70qj91n4kmj5x-bind-9.12.1-P2/bin/named passed the binary check.
- /nix/store/zxylanld5x7l9n2n24g70qj91n4kmj5x-bind-9.12.1-P2/bin/named-checkconf passed the binary check.
- /nix/store/zxylanld5x7l9n2n24g70qj91n4kmj5x-bind-9.12.1-P2/bin/named-checkzone passed the binary check.
- /nix/store/zxylanld5x7l9n2n24g70qj91n4kmj5x-bind-9.12.1-P2/bin/named-compilezone passed the binary check.
- Warning: no invocation of /nix/store/zxylanld5x7l9n2n24g70qj91n4kmj5x-bind-9.12.1-P2/bin/named-journalprint had a zero exit code or showed the expected version
- Warning: no invocation of /nix/store/zxylanld5x7l9n2n24g70qj91n4kmj5x-bind-9.12.1-P2/bin/nsec3hash had a zero exit code or showed the expected version
- /nix/store/zxylanld5x7l9n2n24g70qj91n4kmj5x-bind-9.12.1-P2/bin/rndc passed the binary check.
- /nix/store/zxylanld5x7l9n2n24g70qj91n4kmj5x-bind-9.12.1-P2/bin/rndc-confgen passed the binary check.
- /nix/store/zxylanld5x7l9n2n24g70qj91n4kmj5x-bind-9.12.1-P2/bin/tsig-keygen passed the binary check.
- 20 of 24 passed binary check by having a zero exit code.
- 14 of 24 passed binary check by having the new version present in output.
- found 9.12.1-P2 with grep in /nix/store/zxylanld5x7l9n2n24g70qj91n4kmj5x-bind-9.12.1-P2
- directory tree listing: https://gist.github.com/d95b236ef147c4c8ad6a99ca42db1acd
- du listing: https://gist.github.com/f6bcea6b6bdce7df3f66bbf02768bd20
2018-05-20 20:57:32 -07:00
Jan Malakhovski
7438083a4d tree-wide: disable doCheck and doInstallCheck where it fails (the trivial part) 2018-04-25 04:18:46 +00:00
Matthew Justin Bauer
7a516cd0c3
Merge branch 'master' into feat/nsd/dnssec 2018-04-21 14:48:30 -05:00
Ryan Mulligan
eb7b4ce256 bind: 9.12.0 -> 9.12.1
Semi-automatic update generated by https://github.com/ryantm/nix-update tools. These checks were done:

- built on NixOS
- ran `/nix/store/9i6c9yx3p0gvhphd4ahj8pfcm0n78han-bind-9.12.1/bin/delv help` got 0 exit code
- ran `/nix/store/9i6c9yx3p0gvhphd4ahj8pfcm0n78han-bind-9.12.1/bin/delv -v` and found version 9.12.1
- ran `/nix/store/9i6c9yx3p0gvhphd4ahj8pfcm0n78han-bind-9.12.1/bin/named-rrchecker -h` got 0 exit code
- ran `/nix/store/9i6c9yx3p0gvhphd4ahj8pfcm0n78han-bind-9.12.1/bin/named-rrchecker --help` got 0 exit code
- ran `/nix/store/9i6c9yx3p0gvhphd4ahj8pfcm0n78han-bind-9.12.1/bin/named-rrchecker -V` and found version 9.12.1
- ran `/nix/store/9i6c9yx3p0gvhphd4ahj8pfcm0n78han-bind-9.12.1/bin/named-rrchecker -v` and found version 9.12.1
- ran `/nix/store/9i6c9yx3p0gvhphd4ahj8pfcm0n78han-bind-9.12.1/bin/named-rrchecker --version` and found version 9.12.1
- ran `/nix/store/9i6c9yx3p0gvhphd4ahj8pfcm0n78han-bind-9.12.1/bin/named-rrchecker --help` and found version 9.12.1
- ran `/nix/store/9i6c9yx3p0gvhphd4ahj8pfcm0n78han-bind-9.12.1/bin/mdig -h` got 0 exit code
- ran `/nix/store/9i6c9yx3p0gvhphd4ahj8pfcm0n78han-bind-9.12.1/bin/mdig -v` and found version 9.12.1
- ran `/nix/store/9i6c9yx3p0gvhphd4ahj8pfcm0n78han-bind-9.12.1/bin/ddns-confgen -h` got 0 exit code
- ran `/nix/store/9i6c9yx3p0gvhphd4ahj8pfcm0n78han-bind-9.12.1/bin/dnssec-cds -V` and found version 9.12.1
- ran `/nix/store/9i6c9yx3p0gvhphd4ahj8pfcm0n78han-bind-9.12.1/bin/dnssec-dsfromkey -V` and found version 9.12.1
- ran `/nix/store/9i6c9yx3p0gvhphd4ahj8pfcm0n78han-bind-9.12.1/bin/dnssec-importkey -V` and found version 9.12.1
- ran `/nix/store/9i6c9yx3p0gvhphd4ahj8pfcm0n78han-bind-9.12.1/bin/dnssec-keyfromlabel -V` and found version 9.12.1
- ran `/nix/store/9i6c9yx3p0gvhphd4ahj8pfcm0n78han-bind-9.12.1/bin/dnssec-keygen -V` and found version 9.12.1
- ran `/nix/store/9i6c9yx3p0gvhphd4ahj8pfcm0n78han-bind-9.12.1/bin/dnssec-revoke -V` and found version 9.12.1
- ran `/nix/store/9i6c9yx3p0gvhphd4ahj8pfcm0n78han-bind-9.12.1/bin/dnssec-settime -V` and found version 9.12.1
- ran `/nix/store/9i6c9yx3p0gvhphd4ahj8pfcm0n78han-bind-9.12.1/bin/dnssec-signzone -h` got 0 exit code
- ran `/nix/store/9i6c9yx3p0gvhphd4ahj8pfcm0n78han-bind-9.12.1/bin/dnssec-signzone --help` got 0 exit code
- ran `/nix/store/9i6c9yx3p0gvhphd4ahj8pfcm0n78han-bind-9.12.1/bin/dnssec-signzone -V` and found version 9.12.1
- ran `/nix/store/9i6c9yx3p0gvhphd4ahj8pfcm0n78han-bind-9.12.1/bin/dnssec-signzone -v` and found version 9.12.1
- ran `/nix/store/9i6c9yx3p0gvhphd4ahj8pfcm0n78han-bind-9.12.1/bin/dnssec-signzone --version` and found version 9.12.1
- ran `/nix/store/9i6c9yx3p0gvhphd4ahj8pfcm0n78han-bind-9.12.1/bin/dnssec-signzone -h` and found version 9.12.1
- ran `/nix/store/9i6c9yx3p0gvhphd4ahj8pfcm0n78han-bind-9.12.1/bin/dnssec-signzone --help` and found version 9.12.1
- ran `/nix/store/9i6c9yx3p0gvhphd4ahj8pfcm0n78han-bind-9.12.1/bin/dnssec-verify -h` got 0 exit code
- ran `/nix/store/9i6c9yx3p0gvhphd4ahj8pfcm0n78han-bind-9.12.1/bin/dnssec-verify --help` got 0 exit code
- ran `/nix/store/9i6c9yx3p0gvhphd4ahj8pfcm0n78han-bind-9.12.1/bin/dnssec-verify -V` and found version 9.12.1
- ran `/nix/store/9i6c9yx3p0gvhphd4ahj8pfcm0n78han-bind-9.12.1/bin/dnssec-verify -v` and found version 9.12.1
- ran `/nix/store/9i6c9yx3p0gvhphd4ahj8pfcm0n78han-bind-9.12.1/bin/dnssec-verify --version` and found version 9.12.1
- ran `/nix/store/9i6c9yx3p0gvhphd4ahj8pfcm0n78han-bind-9.12.1/bin/dnssec-verify -h` and found version 9.12.1
- ran `/nix/store/9i6c9yx3p0gvhphd4ahj8pfcm0n78han-bind-9.12.1/bin/dnssec-verify --help` and found version 9.12.1
- ran `/nix/store/9i6c9yx3p0gvhphd4ahj8pfcm0n78han-bind-9.12.1/bin/named -V` and found version 9.12.1
- ran `/nix/store/9i6c9yx3p0gvhphd4ahj8pfcm0n78han-bind-9.12.1/bin/named -v` and found version 9.12.1
- ran `/nix/store/9i6c9yx3p0gvhphd4ahj8pfcm0n78han-bind-9.12.1/bin/named-checkconf -v` and found version 9.12.1
- ran `/nix/store/9i6c9yx3p0gvhphd4ahj8pfcm0n78han-bind-9.12.1/bin/named-checkzone -v` and found version 9.12.1
- ran `/nix/store/9i6c9yx3p0gvhphd4ahj8pfcm0n78han-bind-9.12.1/bin/rndc -h` got 0 exit code
- ran `/nix/store/9i6c9yx3p0gvhphd4ahj8pfcm0n78han-bind-9.12.1/bin/rndc -h` and found version 9.12.1
- ran `/nix/store/9i6c9yx3p0gvhphd4ahj8pfcm0n78han-bind-9.12.1/bin/rndc-confgen -h` got 0 exit code
- ran `/nix/store/9i6c9yx3p0gvhphd4ahj8pfcm0n78han-bind-9.12.1/bin/rndc-confgen -h` and found version 9.12.1
- found 9.12.1 with grep in /nix/store/9i6c9yx3p0gvhphd4ahj8pfcm0n78han-bind-9.12.1
- directory tree listing: https://gist.github.com/e9daefd05b7c96cd83a144018a3b6aaf
2018-03-17 12:32:55 -07:00
Shea Levy
60c8c02877
bind: Remove unnecessary environment defines. 2018-03-01 18:33:36 -05:00
Shea Levy
a1e219e562
bind: Fix cross-compilation 2018-02-28 15:01:31 -05:00
Tim Steinbach
54415188b2
bind: 9.11.2 -> 9.12.0 2018-02-25 13:20:47 -05:00
Will Dietz
24dd0323b1 bind: perl as nativeBuildInput 2018-01-22 17:24:53 -06:00
adisbladis
ca094d7af2
bind: License changed to MPL 2.0 2018-01-17 09:39:20 +08:00
Andreas Rammhold
d2b852fe7d
bind: 9.11.2 -> 9.11.2-P1 (fixes CVE-2017-3145, CVE-2017-3143, CVE-2017-3141 & CVE-2017-3140)
For more details see [1].

[1] http://ftp.isc.org/isc/bind9/9.11.2-P1/RELEASE-NOTES-bind-9.11.2-P1.html
2018-01-17 02:29:13 +01:00
Dylan Simon
0f881aec23 bind: explicitly disable lmdb
Autodetected by default (so should be disabled) but avoid finding a
broken system version.
2017-12-21 15:07:22 -05:00
Gregor Kleen
a2e40f7254 nixpkgs/bind: use python3 2017-11-17 14:03:30 +01:00
Gregor Kleen
9826f5cc3c nixos/nsd: automatic DNSSEC using BIND toolset 2017-11-16 01:52:28 +01:00
Silvan Mosberger
f5fa5fa4d6 pkgs: refactor needless quoting of homepage meta attribute (#27809)
* pkgs: refactor needless quoting of homepage meta attribute

A lot of packages are needlessly quoting the homepage meta attribute
(about 1400, 22%), this commit refactors all of those instances.

* pkgs: Fixing some links that were wrongfully unquoted in the previous
commit

* Fixed some instances
2017-08-01 22:03:30 +02:00
Franz Pletz
cfbac7bbad
bind: 9.11.1-P2 -> 9.11.2 for multiple CVEs
See: https://kb.isc.org/article/AA-01522

Fixes: CVE-2017-3140 CVE-2017-3141 CVE-2017-3142 CVE-2017-3143
2017-08-01 10:26:20 +02:00
Tim Steinbach
171c088754
bind: 9.10.5-P2 -> 9.11.1-P2 2017-06-30 13:52:04 -04:00
Peter Simons
c4430ba248 bind: update to version 9.10.5-P2 to fix CVE-2017-3142 and CVE-2017-3143 2017-06-29 22:15:01 +02:00
Franz Pletz
72c36db003
bind: 9.10.5 -> 9.10.5-P1 for CVE-2017-3140 2017-06-15 13:43:09 +02:00
Robin Gloster
b447f624c3
bind: 9.10.4-P6 -> 9.10.5 2017-05-20 14:24:57 +02:00
Franz Pletz
eb79649414
bind: disable seccomp by default
Fixes #25645 & #23431.
2017-05-09 18:19:38 +02:00
Nikolay Amiantov
f1e7a60b16
dnsutils: +sigchase support for dig
Fixes #10728, closes #22989.
The dnsutils output got ~60kiB bigger, and I see no extra runtime deps.
2017-02-19 12:13:05 +01:00
Franz Pletz
da5eaa3c21
bind: 9.10.4-P5 -> 9.10.4-P6 for CVE-2017-3135
See https://kb.isc.org/article/AA-01453.

cc #22549
2017-02-09 10:44:16 +01:00
Peter Simons
2fd0a9f3c7 bind: update to 9.10.4-P5 (CVE-2016-9131, CVE-2016-9147, CVE-2016-9444, CVE-2016-9778) 2017-01-12 10:00:22 +01:00
Franz Pletz
e6708cea37
bind: fix collision of binaries in outputs
Using outputsToInstall the intended behaviour of including host and dnsutils
when bind is installed can be implemented instead of using symlinks to fix
installing all outputs individually with nix-env.

Fixes #19761.
2017-01-07 02:44:54 +01:00
Vladimír Čunát
f0b9ecfa01
bind: fixup more openssl.dev references 2016-12-08 19:10:19 +01:00
Peter Simons
0b180d1ca4 bind: update to 9.10.4-P4 to fix CVE-2016-8864 2016-11-01 22:16:26 +01:00
Tuomas Tynkkynen
b4d8f8b8e2 bind: Disable seccomp on non-x86
The list of permitted syscalls in the seccomp sandbox is only defined
for x86. It fails to build otherwise:

````
In file included from /tmp/nix-build-bind-9.10.4-P3.drv-0/bind-9.10.4-P3/lib/isc/include/isc/magic.h:23:0,
                 from /tmp/nix-build-bind-9.10.4-P3.drv-0/bind-9.10.4-P3/lib/isc/include/isc/app.h:89,
                 from ./main.c:26:
./main.c: In function 'setup_seccomp':
./main.c:848:17: error: 'scmp_syscalls' undeclared (first use in this function)
  INSIST((sizeof(scmp_syscalls) / sizeof(int)) ==
````
2016-10-16 23:37:48 +03:00
Franz Pletz
fa405aa264 bind: split out dnsutils & host binaries (#18903)
These tools are commonly used but don't require the other bind binaries.
Bind's libs are used, so they've also been split into an extra output.

The old version of host isn't maintained anymore and was removed From Debian
back in 2009: https://packages.qa.debian.org/h/host.html
2016-10-08 16:01:15 +02:00
Franz Pletz
96b1d15e0c
bind: enable seccomp on linux 2016-09-28 10:50:25 +02:00
Peter Simons
8aaf610d4d bind: cosmetic fix for Emacs' syntax highlighting 2016-09-27 19:30:21 +02:00
Peter Simons
7a5ff282aa bind: update to version 9.10.4-P3 to fix CVE-2016-2776 2016-09-27 19:29:51 +02:00
Tim Steinbach
dbbff67754 bind: 9.10.4 -> 9.10.4-P2 (#18880) 2016-09-24 01:55:00 +02:00
Tuomas Tynkkynen
048a30e4e4 treewide: Fix dev references to libxml2 2016-08-30 03:02:32 +03:00
Tuomas Tynkkynen
a17216af4c treewide: Shuffle outputs
Make either 'bin' or 'out' the first output.
2016-08-29 14:49:51 +03:00
Vladimír Čunát
c4661e9643 Merge: make dev output references explicit
This is a rebase of most commits from #14766,
resolving conflicts and a few other evaluation problems.
2016-05-22 12:09:23 +02:00
Tuomas Tynkkynen
2a73de6e6c treewide: Make explicit that 'dev' output of openssl is used 2016-05-19 10:02:23 +02:00
Tuomas Tynkkynen
ff24ce23c9 bind: Fix references to openssl in *.la files
Avoids reference to the OpenSSL development headers.
2016-05-18 23:05:51 +03:00
Peter Simons
8e462995ba Bring my stdenv.lib.maintainers user name in line with my github nick. 2016-05-16 22:49:55 +02:00
Tuomas Tynkkynen
0561e14c3b bind: Split into multiple outputs
A patch is needed to make bind not print its configure flags on
'named -V'.
2016-05-14 22:12:59 +03:00
Tuomas Tynkkynen
e460267737 bind: Attempt to fix Darwin OpenSSL linking
Issue #15279 reports:

````
Checking for OpenSSL library... using OpenSSL from /nix/store/c6kijfc5py2805lmqczvmcws5cm9jg1l-openssl-1.0.2g-dev/lib and /nix/store/c6kijfc5py2805lmqczvmcws5cm9jg1l-openssl-1.0.2g-dev/include
checking whether linking with OpenSSL works... no
configure: error: Could not run test program using OpenSSL from
/nix/store/c6kijfc5py2805lmqczvmcws5cm9jg1l-openssl-1.0.2g-dev/lib and /nix/store/c6kijfc5py2805lmqczvmcws5cm9jg1l-openssl-1.0.2g-dev/include.
Please check the argument to --with-openssl and your
shared library configuration (e.g., LD_LIBRARY_PATH).
builder for ‘/nix/store/54nni99j4ycwws6zfjwcvv8vxsdk895i-bind-9.10.4.drv’ failed with exit code 1
````
2016-05-13 23:31:30 +03:00
Alexander Ried
5be72c23ea bind: LibreSSL compatibility added upstream 2016-05-03 04:58:01 +02:00
Alexander Ried
19ce448380 bind: 9.10.3-P4 -> 9.10.4 2016-05-03 04:58:01 +02:00
Franz Pletz
404a699a20 bind: 9.10.3 -> 9.10.3-P4 (security)
Fixes:

  * CVE-2016-1285: https://kb.isc.org/article/AA-01352/
  * CVE-2016-1286: https://kb.isc.org/article/AA-01353/
2016-03-21 03:53:21 +01:00
Franz Pletz
0e07172c6d bind: Fix patching Makefile.in
There is no postPatchPhase.
2015-12-25 21:39:56 -05:00
Robin Gloster
bdfc4efd67 bind: add patch to build with libressl 2.3 2015-12-23 22:08:33 +00:00
William A. Kennington III
ecd90e61cc bind: 9.10.2-P4 -> 9.10.3 2015-09-17 14:12:38 -07:00
William A. Kennington III
21370fb150 bind: 9.10.2-P3 -> 9.10.2-P4 2015-09-02 21:49:43 -07:00