Commit Graph

55 Commits

Author SHA1 Message Date
Franz Pletz
eb79649414
bind: disable seccomp by default
Fixes #25645 & #23431.
2017-05-09 18:19:38 +02:00
Nikolay Amiantov
f1e7a60b16
dnsutils: +sigchase support for dig
Fixes #10728, closes #22989.
The dnsutils output got ~60kiB bigger, and I see no extra runtime deps.
2017-02-19 12:13:05 +01:00
Franz Pletz
da5eaa3c21
bind: 9.10.4-P5 -> 9.10.4-P6 for CVE-2017-3135
See https://kb.isc.org/article/AA-01453.

cc #22549
2017-02-09 10:44:16 +01:00
Peter Simons
2fd0a9f3c7 bind: update to 9.10.4-P5 (CVE-2016-9131, CVE-2016-9147, CVE-2016-9444, CVE-2016-9778) 2017-01-12 10:00:22 +01:00
Franz Pletz
e6708cea37
bind: fix collision of binaries in outputs
Using outputsToInstall the intended behaviour of including host and dnsutils
when bind is installed can be implemented instead of using symlinks to fix
installing all outputs individually with nix-env.

Fixes #19761.
2017-01-07 02:44:54 +01:00
Vladimír Čunát
f0b9ecfa01
bind: fixup more openssl.dev references 2016-12-08 19:10:19 +01:00
Peter Simons
0b180d1ca4 bind: update to 9.10.4-P4 to fix CVE-2016-8864 2016-11-01 22:16:26 +01:00
Tuomas Tynkkynen
b4d8f8b8e2 bind: Disable seccomp on non-x86
The list of permitted syscalls in the seccomp sandbox is only defined
for x86. It fails to build otherwise:

````
In file included from /tmp/nix-build-bind-9.10.4-P3.drv-0/bind-9.10.4-P3/lib/isc/include/isc/magic.h:23:0,
                 from /tmp/nix-build-bind-9.10.4-P3.drv-0/bind-9.10.4-P3/lib/isc/include/isc/app.h:89,
                 from ./main.c:26:
./main.c: In function 'setup_seccomp':
./main.c:848:17: error: 'scmp_syscalls' undeclared (first use in this function)
  INSIST((sizeof(scmp_syscalls) / sizeof(int)) ==
````
2016-10-16 23:37:48 +03:00
Franz Pletz
fa405aa264 bind: split out dnsutils & host binaries (#18903)
These tools are commonly used but don't require the other bind binaries.
Bind's libs are used, so they've also been split into an extra output.

The old version of host isn't maintained anymore and was removed From Debian
back in 2009: https://packages.qa.debian.org/h/host.html
2016-10-08 16:01:15 +02:00
Franz Pletz
96b1d15e0c
bind: enable seccomp on linux 2016-09-28 10:50:25 +02:00
Peter Simons
8aaf610d4d bind: cosmetic fix for Emacs' syntax highlighting 2016-09-27 19:30:21 +02:00
Peter Simons
7a5ff282aa bind: update to version 9.10.4-P3 to fix CVE-2016-2776 2016-09-27 19:29:51 +02:00
Tim Steinbach
dbbff67754 bind: 9.10.4 -> 9.10.4-P2 (#18880) 2016-09-24 01:55:00 +02:00
Tuomas Tynkkynen
048a30e4e4 treewide: Fix dev references to libxml2 2016-08-30 03:02:32 +03:00
Tuomas Tynkkynen
a17216af4c treewide: Shuffle outputs
Make either 'bin' or 'out' the first output.
2016-08-29 14:49:51 +03:00
Vladimír Čunát
c4661e9643 Merge: make dev output references explicit
This is a rebase of most commits from #14766,
resolving conflicts and a few other evaluation problems.
2016-05-22 12:09:23 +02:00
Tuomas Tynkkynen
2a73de6e6c treewide: Make explicit that 'dev' output of openssl is used 2016-05-19 10:02:23 +02:00
Tuomas Tynkkynen
ff24ce23c9 bind: Fix references to openssl in *.la files
Avoids reference to the OpenSSL development headers.
2016-05-18 23:05:51 +03:00
Peter Simons
8e462995ba Bring my stdenv.lib.maintainers user name in line with my github nick. 2016-05-16 22:49:55 +02:00
Tuomas Tynkkynen
0561e14c3b bind: Split into multiple outputs
A patch is needed to make bind not print its configure flags on
'named -V'.
2016-05-14 22:12:59 +03:00
Tuomas Tynkkynen
e460267737 bind: Attempt to fix Darwin OpenSSL linking
Issue #15279 reports:

````
Checking for OpenSSL library... using OpenSSL from /nix/store/c6kijfc5py2805lmqczvmcws5cm9jg1l-openssl-1.0.2g-dev/lib and /nix/store/c6kijfc5py2805lmqczvmcws5cm9jg1l-openssl-1.0.2g-dev/include
checking whether linking with OpenSSL works... no
configure: error: Could not run test program using OpenSSL from
/nix/store/c6kijfc5py2805lmqczvmcws5cm9jg1l-openssl-1.0.2g-dev/lib and /nix/store/c6kijfc5py2805lmqczvmcws5cm9jg1l-openssl-1.0.2g-dev/include.
Please check the argument to --with-openssl and your
shared library configuration (e.g., LD_LIBRARY_PATH).
builder for ‘/nix/store/54nni99j4ycwws6zfjwcvv8vxsdk895i-bind-9.10.4.drv’ failed with exit code 1
````
2016-05-13 23:31:30 +03:00
Alexander Ried
5be72c23ea bind: LibreSSL compatibility added upstream 2016-05-03 04:58:01 +02:00
Alexander Ried
19ce448380 bind: 9.10.3-P4 -> 9.10.4 2016-05-03 04:58:01 +02:00
Franz Pletz
404a699a20 bind: 9.10.3 -> 9.10.3-P4 (security)
Fixes:

  * CVE-2016-1285: https://kb.isc.org/article/AA-01352/
  * CVE-2016-1286: https://kb.isc.org/article/AA-01353/
2016-03-21 03:53:21 +01:00
Franz Pletz
0e07172c6d bind: Fix patching Makefile.in
There is no postPatchPhase.
2015-12-25 21:39:56 -05:00
Robin Gloster
bdfc4efd67 bind: add patch to build with libressl 2.3 2015-12-23 22:08:33 +00:00
William A. Kennington III
ecd90e61cc bind: 9.10.2-P4 -> 9.10.3 2015-09-17 14:12:38 -07:00
William A. Kennington III
21370fb150 bind: 9.10.2-P3 -> 9.10.2-P4 2015-09-02 21:49:43 -07:00
William A. Kennington III
3932ba7a54 bind: 9.10.2-P2 -> 9.10.2-P3 2015-07-29 10:36:45 -07:00
Pascal Wittmann
007e288912 bind: update from 9.10.2 to 9.10.2-P2, fixes CVE-2015-4620 2015-07-10 18:20:29 +02:00
Eelco Dolstra
ab8b68cd99 Revert "bind: Modify build"
This reverts commit 0a06b99d69.
2015-06-04 14:54:51 +02:00
Eelco Dolstra
676fbc2578 Revert "bind: Enable parallel building"
This reverts commit e74b5704a8.
2015-06-04 14:54:51 +02:00
Eelco Dolstra
4fdf489073 Revert "dnsutils: Add smaller derivation of bind"
This reverts commit bb6ac771c4.
2015-06-04 14:54:51 +02:00
Eelco Dolstra
0a4de71cb0 Revert "bind: Add propagatedBuildInputs"
This reverts commit 9f70b1ab31.
2015-06-04 14:54:51 +02:00
William A. Kennington III
9f70b1ab31 bind: Add propagatedBuildInputs 2015-05-24 15:01:21 -07:00
William A. Kennington III
bb6ac771c4 dnsutils: Add smaller derivation of bind 2015-05-23 22:26:23 -07:00
William A. Kennington III
e74b5704a8 bind: Enable parallel building 2015-05-23 20:07:51 -07:00
William A. Kennington III
0a06b99d69 bind: Modify build 2015-05-23 19:07:13 -07:00
koral
f1e615f6df bind: 9.9.5-W1 -> 9.10.2 + added rndc key 2015-03-01 20:02:09 +00:00
Bjørn Forsman
c9baba9212 Fix many package descriptions
(My OCD kicked in today...)

Remove repeated package names, capitalize first word, remove trailing
periods and move overlong descriptions to longDescription.

I also simplified some descriptions as well, when they were particularly
long or technical, often based on Arch Linux' package descriptions.

I've tried to stay away from generated expressions (and I think I
succeeded).

Some specifics worth mentioning:
 * cron, has "Vixie Cron" in its description. The "Vixie" part is not
   mentioned anywhere else. I kept it in a parenthesis at the end of the
   description.

 * ctags description started with "Exuberant Ctags ...", and the
   "exuberant" part is not mentioned elsewhere. Kept it in a parenthesis
   at the end of description.

 * nix has the description "The Nix Deployment System". Since that
   doesn't really say much what it is/does (especially after removing
   the package name!), I changed that to "Powerful package manager that
   makes package management reliable and reproducible" (borrowed from
   nixos.org).

 * Tons of "GNU Foo, Foo is a [the important bits]" descriptions
   is changed to just [the important bits]. If the package name doesn't
   contain GNU I don't think it's needed to say it in the description
   either.
2014-08-24 22:31:37 +02:00
Patrick Mahoney
b947cde3a5 bind: Expand to all unix platforms. 2014-08-04 15:09:07 -05:00
Peter Simons
b0c2354809 bind: update to version 9.9.5-W1 (fixes CVE-2013-6230 and CVE 2014-0591) 2014-03-03 13:10:05 +01:00
Peter Simons
6603ef3bf8 bind: update to version 9.9.4-P2 2014-01-14 15:55:24 +01:00
Peter Simons
516377c0b6 bind: update to 9.9.3-p2 to fix CVE-2013-4854 2013-07-28 13:50:11 +02:00
Peter Simons
2e618df532 bind: avoid build impurity by explicitly enabling/disabling features
The BIND configure script finds extra dependencies in /usr/include and /usr/lib,
and activates additional features if it does. This may cause the build to fail
on systems that cannot use a chroot environment. Actively disabling those
additional features prevents this issue from occurring.
2013-06-10 15:38:00 +02:00
Peter Simons
bfa846cd6e bind: update to 9.9.3-P1 to fix CVE-2013-3919 2013-06-07 13:27:12 +02:00
Peter Simons
e655ac24d2 bind: add meta.license attribute 2013-04-01 11:46:14 +02:00
Peter Simons
d95c79bad7 bind: update to version 9.9.2-P2 to fix CVE 2010-4051 /2010-4052 2013-04-01 11:46:13 +02:00
Michael Raskin
8eec7bf2f6 Updating BIND to freshest version 9.9.2 2012-10-17 16:27:38 +04:00
Eelco Dolstra
3cf0b00b5a bind: Update to 9.7.6-P3
Fixes CVE-2012-4244.
2012-10-02 11:48:54 -04:00