https://lists.nic.cz/pipermail/knot-resolver-users/2019/000189.html
Fixes DNS spoofing problems: CVE-2019-10190 CVE-2019-10191
but also minor things, adds new features, etc.
In particular aarch64 should work now, at least as long as not using
some lua library that suffers from the same problem with lightuserdata,
e.g. cqueues does suffer from this.
luaPackages replaced by generated ones:
- bit32
- compat53
- cqueues
- luacyrussasl -> cyrussasl (luarocks name)
- luaexpat
- luadbi -> luadbi front-end module + separate backend modules
luadbi-{mysql,postgresql,sqlite3}
- luafilesystem
- luaossl
- luasec
- luasocket
- luastdlib -> stdlib (luarocks name)
- lrexlib -> lrexlib-pcre (we already have lrexlib-gnu and
lrexlib-posix, lrexlib-pcre however appears to be the variant used in
mudlet, which is the only current dep in nixpkgs)
- luasqlite -> luasql-sqlite3 (luarocks name)
- lfs -> luafilesytem (we literally had two manually written
luafilesystem expressions, under different names)
Changes and additions to overrides to generated luarocks packgaes,
including:
- busted: Install bash completions along with the zsh ones
- cqueues:
- Perform minor surgery on the rockspec to allow using a single
rockspec to build for all supported Lua versions
- Add a patch by @vcunat to work around a build issue
- luuid: Wrote a tiny patch to allow for Lua 5.1/Luajit compatibility
- General changes:
- Sorted the packages
- Attempted to make the formatting consistent
- Preferenced `.override` instead of `.overrideAttrs` wherever
possible
Minor changes to other packages to adjust for the Lua package changes:
- luakit expression simplified
- prosody expression simplified; but users will now need to specify the
luadbi backend module they intend to use in withExtraLibs
- knot-resolver inputs correctd
- mudlet inputs corrected (although this package was and should still be
broken)
One bugfix patch is included - merged upstream but not released yet.
knot-resolver wrapper would need to add binaryheap explicitly,
so it's migrated to the automatic LUA path discovery instead.
* treewide: http -> https sources
This updates the source urls of all top-level packages from http to
https where possible.
* buildtorrent: fix url and tab -> spaces
Semi-automatic update generated by https://github.com/ryantm/nix-update tools.
This update was made based on information from https://repology.org/metapackage/knot-resolver/versions.
These checks were done:
- built on NixOS
- ran `/nix/store/2fpr2hzspmrnnvmawxd3mv28774rysma-knot-resolver-2.2.0/bin/kresd -h` got 0 exit code
- ran `/nix/store/2fpr2hzspmrnnvmawxd3mv28774rysma-knot-resolver-2.2.0/bin/kresd --help` got 0 exit code
- ran `/nix/store/2fpr2hzspmrnnvmawxd3mv28774rysma-knot-resolver-2.2.0/bin/kresd -V` and found version 2.2.0
- ran `/nix/store/2fpr2hzspmrnnvmawxd3mv28774rysma-knot-resolver-2.2.0/bin/kresd --version` and found version 2.2.0
- ran `/nix/store/2fpr2hzspmrnnvmawxd3mv28774rysma-knot-resolver-2.2.0/bin/kresd -h` and found version 2.2.0
- ran `/nix/store/2fpr2hzspmrnnvmawxd3mv28774rysma-knot-resolver-2.2.0/bin/kresd --help` and found version 2.2.0
- found 2.2.0 with grep in /nix/store/2fpr2hzspmrnnvmawxd3mv28774rysma-knot-resolver-2.2.0
- directory tree listing: https://gist.github.com/3b59aaaf9f7d90b8de351b6eb712e2a5