4.1.12
======
Bugfixes
--------
Fix malformed edns query assertion failure, reported by Michal Kepien (NASK).
4.1.11
======
Features
--------
* When tcp is more than half full, use short timeout for tcp session.
* Patch for {max,min}-{refresh,retry}-time from YAMAGUCHI Takanori.
* Fix#790: size-limit-xfr can stop NSD from downloading infinite zone transfer data size, from Toshifumi Sakaguchi. Fixes CVE-2016-6173 JVN#63359718 JPCERT#91251865.
Bugfixes
--------
* Fix build without IPv6, patch from Zdenek Kaspar.
* Fix#783: Trying to run a root server without having configured it silently gives wrong answers.
* Fix#782: Serve DS record but parent zone has no NS record.
* Fix nsec3 missing for nsec3 signed parent and child for DS at zonecut.
4.1.10
======
Features
--------
* ip-freebind: yesno option in nsd.conf sets IP_FREEBIND socket option for Linux, binds to interfaces and addresses that are down.
* NSD includes AAAA before A for queries over IPV6 (in delegations). And TC is set if no glue can be provided with a delegation because of packet size.
* print notice that nsd is starting before taking off.
Bugfixes
--------
* Fix for openssl 1.1.0, HMAC_CTX size not exported from openssl.
* Fix#751: NSD fails to occlude names below a DNAME.
* If set without nsd.db print "" as the default in the man pages.
* Fix#755: NSD spins after a zone update and a lot of TCP queries.
* Fix for NSEC3 with zone signed without exact match for empty nonterminals, the answer for that domain gets closest encloser.
* #772 Document that recvmmsg has IPv6 problems on some linux kernels.
4.1.9
=====
Bugfixes
--------
* Change the nsd.db file version because of nanosecond precision fix.
The services/networking directory is already quite polluted and the
first point where I was looking for the offlineimap module was in
services/mail and didn't find it there.
Offlineimap already has IMAP in its name and clearly belongs to the
"mail" category so let's move it there.
Tested by evaluating a configuration with services.offlineimap enabled.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Cc: @DamienCassou
Coercing the derivation to string causes the package to be built during
evaluation rather than during actual realization which is completely
unnecessary because we don't need additional Nix expression information
for the package (nor do we need it for the service).
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Cc: @DamienCassou
Cc: @Profpatsch (stumbled on this because of him)
Using "tmpfs" as a script part for system.activationScripts is a bit
misleading since 6efcfe03ae.
We no longer solely mount tmpfs within this script, so using "specialfs"
fits more nicely in terms of naming.
Tested against the "simple" NixOS installer test.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Regression introduced by 79d4636d50.
The mentioned commit moves /run/keys from stage 2 to
boot.specialFileSystems, the latter being remounted during system
activation.
Unfortunately, the specialMount function in the activation script does
this unconditionally and thus will fail if it can't be remounted because
the mount point simply doesn't exist.
We now check the mount point for existance and only remount if it exists
but mkdir + mount it if it doesn't.
Tested against the "simple" NixOS installer test.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
When Grub is to be used with UEFI, it is not going to write to any MBR
of any disk. As such, it is safe to use multiple "nodev" device entries
when mirroring the ESP partition to multiple disks.
E.g.:
```
boot.loader.grub = {
enable = true;
version = 2;
zfsSupport = true;
efiSupport = true;
mirroredBoots = [
{ devices = [ "nodev" ]; path = "/boot1"; efiSysMountPoint = "/boot1"; }
{ devices = [ "nodev" ]; path = "/boot2"; efiSysMountPoint = "/boot2"; }
{ devices = [ "nodev" ]; path = "/boot3"; efiSysMountPoint = "/boot3"; }
];
};
boot.loader.efi.canTouchEfiVariables = true;
```
Fixes#18584
...instead of mesa_noglu.out. Closures of systems remain unchanged,
as both are in (and the .out output is very small anyway).
This is to make sure that we use lib*GL* that aren't slowed down by grsecurity.
All swap device option sets "have" a label, it's just that sometimes it's
undefined. Because we set a `device` attribute when we have a label anyway it's
ok to just check device prefix.
Fixes#18891.
Get rid of the "or null" stuff. Also change 'cfg . "foo"' to 'cfg.foo'.
Also fixed what appears to be an actual bug: in postStartScript,
cfg.attribute (where attribute is a function argument) should be
cfg.${attribute}.
Using types.str doesn't work if you want to mkBefore/mkAfter across
different module definitions, because it only allows for one definition
for the same priority.
This is especially useful if you deploy Hetzner machines via NixOps,
because the physical specification already defines localCommands.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
