Commit Graph

177 Commits

Author SHA1 Message Date
Anmol Sethi
489ca7e5c0
powerdns: removed PrivateTmp=true in serviceConfig
As discussed in #18718 PrivateTmp is unnecessary because powerdns is
chrooted to /var/lib/powerdns.

I also added myself as co-maintainer.
2016-10-01 12:27:23 -04:00
Franz Pletz
96b1d15e0c
bind: enable seccomp on linux 2016-09-28 10:50:25 +02:00
Peter Simons
8aaf610d4d bind: cosmetic fix for Emacs' syntax highlighting 2016-09-27 19:30:21 +02:00
Peter Simons
7a5ff282aa bind: update to version 9.10.4-P3 to fix CVE-2016-2776 2016-09-27 19:29:51 +02:00
Christoph Hrdinka
553a3295c1 nsd: 4.1.9 -> 4.1.12
4.1.12
======

Bugfixes
--------

Fix malformed edns query assertion failure, reported by Michal Kepien (NASK).

4.1.11
======

Features
--------

* When tcp is more than half full, use short timeout for tcp session.
* Patch for {max,min}-{refresh,retry}-time from YAMAGUCHI Takanori.
* Fix #790: size-limit-xfr can stop NSD from downloading infinite zone transfer data size, from Toshifumi Sakaguchi. Fixes CVE-2016-6173 JVN#63359718 JPCERT#91251865.

Bugfixes
--------

* Fix build without IPv6, patch from Zdenek Kaspar.
* Fix #783: Trying to run a root server without having configured it silently gives wrong answers.
* Fix #782: Serve DS record but parent zone has no NS record.
* Fix nsec3 missing for nsec3 signed parent and child for DS at zonecut.

4.1.10
======

Features
--------

* ip-freebind: yesno option in nsd.conf sets IP_FREEBIND socket option for Linux, binds to interfaces and addresses that are down.
* NSD includes AAAA before A for queries over IPV6 (in delegations). And TC is set if no glue can be provided with a delegation because of packet size.
* print notice that nsd is starting before taking off.

Bugfixes
--------

* Fix for openssl 1.1.0, HMAC_CTX size not exported from openssl.
* Fix #751: NSD fails to occlude names below a DNAME.
* If set without nsd.db print "" as the default in the man pages.
* Fix #755: NSD spins after a zone update and a lot of TCP queries.
* Fix for NSEC3 with zone signed without exact match for empty nonterminals, the answer for that domain gets closest encloser.
* #772 Document that recvmmsg has IPv6 problems on some linux kernels.

4.1.9
=====

Bugfixes
--------

* Change the nsd.db file version because of nanosecond precision fix.
2016-09-27 00:14:24 +02:00
Tim Steinbach
dbbff67754 bind: 9.10.4 -> 9.10.4-P2 (#18880) 2016-09-24 01:55:00 +02:00
rushmorem
b93b37cf0a coredns: init at 001 2016-09-22 01:11:13 +02:00
Jörg Thalheim
b0a1c0b343
powerdns: init at 4.0.1
fixes #18703
2016-09-18 14:52:44 +02:00
Tuomas Tynkkynen
048a30e4e4 treewide: Fix dev references to libxml2 2016-08-30 03:02:32 +03:00
Tuomas Tynkkynen
a17216af4c treewide: Shuffle outputs
Make either 'bin' or 'out' the first output.
2016-08-29 14:49:51 +03:00
Vladimír Čunát
c4661e9643 Merge: make dev output references explicit
This is a rebase of most commits from #14766,
resolving conflicts and a few other evaluation problems.
2016-05-22 12:09:23 +02:00
Tuomas Tynkkynen
2a73de6e6c treewide: Make explicit that 'dev' output of openssl is used 2016-05-19 10:02:23 +02:00
Tuomas Tynkkynen
ff24ce23c9 bind: Fix references to openssl in *.la files
Avoids reference to the OpenSSL development headers.
2016-05-18 23:05:51 +03:00
Peter Simons
8e462995ba Bring my stdenv.lib.maintainers user name in line with my github nick. 2016-05-16 22:49:55 +02:00
Tuomas Tynkkynen
0561e14c3b bind: Split into multiple outputs
A patch is needed to make bind not print its configure flags on
'named -V'.
2016-05-14 22:12:59 +03:00
Tuomas Tynkkynen
e460267737 bind: Attempt to fix Darwin OpenSSL linking
Issue #15279 reports:

````
Checking for OpenSSL library... using OpenSSL from /nix/store/c6kijfc5py2805lmqczvmcws5cm9jg1l-openssl-1.0.2g-dev/lib and /nix/store/c6kijfc5py2805lmqczvmcws5cm9jg1l-openssl-1.0.2g-dev/include
checking whether linking with OpenSSL works... no
configure: error: Could not run test program using OpenSSL from
/nix/store/c6kijfc5py2805lmqczvmcws5cm9jg1l-openssl-1.0.2g-dev/lib and /nix/store/c6kijfc5py2805lmqczvmcws5cm9jg1l-openssl-1.0.2g-dev/include.
Please check the argument to --with-openssl and your
shared library configuration (e.g., LD_LIBRARY_PATH).
builder for ‘/nix/store/54nni99j4ycwws6zfjwcvv8vxsdk895i-bind-9.10.4.drv’ failed with exit code 1
````
2016-05-13 23:31:30 +03:00
Robin Gloster
2ef7fbe4a0 Merge pull request #15185 from hrdinka/update/nsd
nsd: 4.1.7 -> 4.1.9
2016-05-03 11:44:54 +02:00
Alexander Ried
5be72c23ea bind: LibreSSL compatibility added upstream 2016-05-03 04:58:01 +02:00
Alexander Ried
19ce448380 bind: 9.10.3-P4 -> 9.10.4 2016-05-03 04:58:01 +02:00
Christoph Hrdinka
199c998bcc nsd: 4.1.7 -> 4.1.9
Features
========

* Fix #732: tcp-mss, outgoing-tcp-mss options for nsd.conf, patch from Daisuke Higashi.
* Fix #739: zonefile changes when mtime is small are detected on reload, if filesystem supports precision mtime values.
* RR type CSYNC (RFC7477) syntax is supported.

Bugfixes
========

* Change the nsd.db file version because of nanosecond precision fix.
* take advantage of arc4random_uniform if available, patch from Loganaden Velvindron.
* Fix flto check for OSX clang.
* Define _DEFAULT_SOURCE with _BSD_SOURCE for glibc 2.20 on Linux.
* Fix #736: segfault during zone transfer.
* Fix #744: Fix that NSD replies for configured but unloaded zone with SERVFAIL, not REFUSED.
2016-05-02 16:46:46 +02:00
Vladimír Čunát
ab15a62c68 Merge branch 'master' into closure-size
Beware that stdenv doesn't build. It seems something more will be needed
than just resolution of merge conflicts.
2016-04-01 10:06:01 +02:00
Franz Pletz
404a699a20 bind: 9.10.3 -> 9.10.3-P4 (security)
Fixes:

  * CVE-2016-1285: https://kb.isc.org/article/AA-01352/
  * CVE-2016-1286: https://kb.isc.org/article/AA-01353/
2016-03-21 03:53:21 +01:00
Vladimír Čunát
09af15654f Merge master into closure-size
The kde-5 stuff still didn't merge well.
I hand-fixed what I saw, but there may be more problems.
2016-03-08 09:58:19 +01:00
Christoph Hrdinka
a0753c7cb2 nsd: 4.1.6 -> 4.1.7 2016-02-28 09:17:46 +01:00
Vladimír Čunát
f9f6f41bff Merge branch 'master' into closure-size
TODO: there was more significant refactoring of qtbase and plasma 5.5
on master, and I'm deferring pointing to correct outputs to later.
2015-12-31 09:53:02 +01:00
Franz Pletz
0e07172c6d bind: Fix patching Makefile.in
There is no postPatchPhase.
2015-12-25 21:39:56 -05:00
Robin Gloster
bdfc4efd67 bind: add patch to build with libressl 2.3 2015-12-23 22:08:33 +00:00
Vladimír Čunát
333d69a5f0 Merge staging into closure-size
The most complex problems were from dealing with switches reverted in
the meantime (gcc5, gmp6, ncurses6).
It's likely that darwin is (still) broken nontrivially.
2015-11-20 14:32:58 +01:00
Christoph Hrdinka
a4ea5e4e4b nsd: 4.13 -> 4.16 2015-11-12 14:51:47 +01:00
Vladimír Čunát
6d86a93c43 libevent: split into multiple outputs
Hopefully all references are fixed.
2015-10-05 15:58:37 +02:00
William A. Kennington III
ecd90e61cc bind: 9.10.2-P4 -> 9.10.3 2015-09-17 14:12:38 -07:00
William A. Kennington III
fe8a27cd64 mesos-dns: Move to go-packages 2015-09-04 23:57:00 -07:00
William A. Kennington III
68be570a0a skydns: Move to go-packages 2015-09-04 21:26:35 -07:00
William A. Kennington III
21370fb150 bind: 9.10.2-P3 -> 9.10.2-P4 2015-09-02 21:49:43 -07:00
Jaka Hudoklin
e2f673e024 skydns: 2.5.0a -> 2.5.2b 2015-08-29 18:28:50 +02:00
William A. Kennington III
3932ba7a54 bind: 9.10.2-P2 -> 9.10.2-P3 2015-07-29 10:36:45 -07:00
Christoph Hrdinka
1e95b76c67 nsd: 4.1.2 -> 4.1.3 2015-07-13 14:49:50 +02:00
Pascal Wittmann
007e288912 bind: update from 9.10.2 to 9.10.2-P2, fixes CVE-2015-4620 2015-07-10 18:20:29 +02:00
Jaka Hudoklin
ef1f827671 skydns: update to 2.5.0a 2015-06-19 13:35:32 +02:00
Christoph Hrdinka
7b207ab10b nsd: update 4.1.1 -> 4.1.2 2015-06-18 14:08:39 +02:00
Eelco Dolstra
ab8b68cd99 Revert "bind: Modify build"
This reverts commit 0a06b99d69.
2015-06-04 14:54:51 +02:00
Eelco Dolstra
676fbc2578 Revert "bind: Enable parallel building"
This reverts commit e74b5704a8.
2015-06-04 14:54:51 +02:00
Eelco Dolstra
4fdf489073 Revert "dnsutils: Add smaller derivation of bind"
This reverts commit bb6ac771c4.
2015-06-04 14:54:51 +02:00
Eelco Dolstra
0a4de71cb0 Revert "bind: Add propagatedBuildInputs"
This reverts commit 9f70b1ab31.
2015-06-04 14:54:51 +02:00
William A. Kennington III
9f70b1ab31 bind: Add propagatedBuildInputs 2015-05-24 15:01:21 -07:00
William A. Kennington III
bb6ac771c4 dnsutils: Add smaller derivation of bind 2015-05-23 22:26:23 -07:00
William A. Kennington III
e74b5704a8 bind: Enable parallel building 2015-05-23 20:07:51 -07:00
William A. Kennington III
0a06b99d69 bind: Modify build 2015-05-23 19:07:13 -07:00
Pascal Wittmann
d811c6cf41 skydns: fixed typo 2015-05-19 20:30:49 +02:00
Jaka Hudoklin
ca0d1aa9a3 Merge pull request #6880 from offlinehacker/pkgs/skydns/add
Add skydns
2015-04-19 10:43:05 +02:00
Christoph Hrdinka
d3a2edb8ce nsd: Fix automatic config options 2015-03-19 12:10:55 +01:00
Christoph Hrdinka
6db8155e37 nsd: Update from 4.1.0 -> 4.1.1 2015-03-18 21:01:35 +01:00
Jaka Hudoklin
26f671155e Add skydns 2015-03-18 20:29:11 +01:00
Benjamin Staffin
dec05e9b28 mesos-dns: Update to newer commit
Notable upstream changes:
- Support for multiple ports per task
- Records generated for mesos master nodes
- SRV records resolve to hostnames rather than IPs
- Query handling is now properly case-insensitive
- Better AAAA record handling
2015-03-15 14:00:54 -07:00
koral
f1e615f6df bind: 9.9.5-W1 -> 9.10.2 + added rndc key 2015-03-01 20:02:09 +00:00
Benjamin Staffin
d382667537 New package: mesos-dns 2015-02-20 17:11:49 -08:00
Christoph Hrdinka
f5cd9d2460 nsd: fix description, license and platforms 2014-09-28 15:30:39 +02:00
Christoph Hrdinka
f1b3196f2d nsd: update to version 4.1.0 2014-09-28 14:43:26 +02:00
Christoph Hrdinka
29b4258622 nsd: add hrdinka to maintainers 2014-09-28 14:43:16 +02:00
aszlig
fd9c8fa3dc
pkgs/nsd: Allow to easily override the package.
Allowing to use nixpkgs config to provide different defaults is not
going to help us here, so we would like to use nsd.override {} in order
to supply the correct options in the module.

Eventually removing the nixpkgs config option would make sense here as
well.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-09-05 02:54:39 +02:00
Bjørn Forsman
c9baba9212 Fix many package descriptions
(My OCD kicked in today...)

Remove repeated package names, capitalize first word, remove trailing
periods and move overlong descriptions to longDescription.

I also simplified some descriptions as well, when they were particularly
long or technical, often based on Arch Linux' package descriptions.

I've tried to stay away from generated expressions (and I think I
succeeded).

Some specifics worth mentioning:
 * cron, has "Vixie Cron" in its description. The "Vixie" part is not
   mentioned anywhere else. I kept it in a parenthesis at the end of the
   description.

 * ctags description started with "Exuberant Ctags ...", and the
   "exuberant" part is not mentioned elsewhere. Kept it in a parenthesis
   at the end of description.

 * nix has the description "The Nix Deployment System". Since that
   doesn't really say much what it is/does (especially after removing
   the package name!), I changed that to "Powerful package manager that
   makes package management reliable and reproducible" (borrowed from
   nixos.org).

 * Tons of "GNU Foo, Foo is a [the important bits]" descriptions
   is changed to just [the important bits]. If the package name doesn't
   contain GNU I don't think it's needed to say it in the description
   either.
2014-08-24 22:31:37 +02:00
Patrick Mahoney
b947cde3a5 bind: Expand to all unix platforms. 2014-08-04 15:09:07 -05:00
Christoph Hrdinka
e59c465103 nsd: add package version 4.0.3 2014-06-12 11:14:44 +02:00
Peter Simons
b0c2354809 bind: update to version 9.9.5-W1 (fixes CVE-2013-6230 and CVE 2014-0591) 2014-03-03 13:10:05 +01:00
Peter Simons
6603ef3bf8 bind: update to version 9.9.4-P2 2014-01-14 15:55:24 +01:00
Peter Simons
516377c0b6 bind: update to 9.9.3-p2 to fix CVE-2013-4854 2013-07-28 13:50:11 +02:00
Peter Simons
2e618df532 bind: avoid build impurity by explicitly enabling/disabling features
The BIND configure script finds extra dependencies in /usr/include and /usr/lib,
and activates additional features if it does. This may cause the build to fail
on systems that cannot use a chroot environment. Actively disabling those
additional features prevents this issue from occurring.
2013-06-10 15:38:00 +02:00
Peter Simons
bfa846cd6e bind: update to 9.9.3-P1 to fix CVE-2013-3919 2013-06-07 13:27:12 +02:00
Peter Simons
e655ac24d2 bind: add meta.license attribute 2013-04-01 11:46:14 +02:00
Peter Simons
d95c79bad7 bind: update to version 9.9.2-P2 to fix CVE 2010-4051 /2010-4052 2013-04-01 11:46:13 +02:00
Michael Raskin
8eec7bf2f6 Updating BIND to freshest version 9.9.2 2012-10-17 16:27:38 +04:00
Eelco Dolstra
3cf0b00b5a bind: Update to 9.7.6-P3
Fixes CVE-2012-4244.
2012-10-02 11:48:54 -04:00
Eelco Dolstra
36667965f9 * Updated bind to 9.7.6-P1, which includes a fix for CVE-2012-1667.
svn path=/nixpkgs/trunk/; revision=34370
2012-06-06 15:51:48 +00:00
Lluís Batlle i Rossell
8dc9474e4d Making bind use /var/run/named instead of $out/var/run/named for the runtime temporary files.
svn path=/nixpkgs/trunk/; revision=25509
2011-01-11 22:08:43 +00:00
Lluís Batlle i Rossell
a9345a51c5 Updating bind
svn path=/nixpkgs/trunk/; revision=25457
2011-01-07 11:33:04 +00:00
Eelco Dolstra
7f5b839524 * Removed selectVersion. There's no good reason to write
`selectVersion ./foo "bar"' instead of `import ./foo/bar.nix'.
* Replaced `with args' with formal function arguments in several
  packages.
* Renamed several files to `default.nix'.  As a general rule, version
  numbers should only be included in the filename when there is a
  reason to keep multiple versions of a package in Nixpkgs.
  Otherwise, it just makes it harder to update the package.

svn path=/nixpkgs/trunk/; revision=18403
2009-11-18 09:39:59 +00:00
Michael Raskin
3d7f5dd7d6 Added BIND
svn path=/nixpkgs/trunk/; revision=12064
2008-06-12 18:10:08 +00:00