Commit Graph

536 Commits

Author SHA1 Message Date
Shea Levy
a1e219e562
bind: Fix cross-compilation 2018-02-28 15:01:31 -05:00
Ryan Mulligan
72d9c1fdf1 nsd: 4.1.19 -> 4.1.20
Semi-automatic update. These checks were performed:

- built on NixOS
- ran `/nix/store/4za086gx5nlvf44i0syc2y6lprhh49kz-nsd-4.1.20/bin/nsd -h` got 0 exit code
- ran `/nix/store/4za086gx5nlvf44i0syc2y6lprhh49kz-nsd-4.1.20/bin/nsd -v` and found version 4.1.20
- ran `/nix/store/4za086gx5nlvf44i0syc2y6lprhh49kz-nsd-4.1.20/bin/nsd -h` and found version 4.1.20
- ran `/nix/store/4za086gx5nlvf44i0syc2y6lprhh49kz-nsd-4.1.20/bin/nsd-checkzone -h` got 0 exit code
- ran `/nix/store/4za086gx5nlvf44i0syc2y6lprhh49kz-nsd-4.1.20/bin/nsd-checkzone -h` and found version 4.1.20
- found 4.1.20 with grep in /nix/store/4za086gx5nlvf44i0syc2y6lprhh49kz-nsd-4.1.20
- found 4.1.20 in filename of file in /nix/store/4za086gx5nlvf44i0syc2y6lprhh49kz-nsd-4.1.20

cc "@hrdinka"
2018-02-28 07:05:12 +00:00
Tim Steinbach
54415188b2
bind: 9.11.2 -> 9.12.0 2018-02-25 13:20:47 -05:00
Vladimír Čunát
e74b61edde
knot-resolver: 2.1.0 -> 2.1.1 (bugfix)
https://gitlab.labs.nic.cz/knot/knot-resolver/blob/v2.1.1/NEWS
2018-02-23 13:55:29 +01:00
Jörg Thalheim
03d9a36941 powerdns: 4.0.5 -> 4.1.1 2018-02-17 14:16:24 +00:00
Vladimír Čunát
01a49f38ef
knot-resolver: 2.0.0 -> 2.1.0
No exciting changes to most people, I suppose.
https://lists.nic.cz/pipermail/knot-resolver-users/2018/000007.html
2018-02-16 18:16:33 +01:00
Vladimír Čunát
47d479253d
knot-dns: 2.6.4 -> 2.6.5 (maintenance) 2018-02-12 17:08:51 +01:00
Tuomas Tynkkynen
10c8e6d0c5 Merge remote-tracking branch 'upstream/master' into staging 2018-02-03 02:50:21 +02:00
Vladimír Čunát
b31642ac72
knot-dns: 2.6.3 -> 2.6.4 (bugfix) 2018-02-02 15:26:39 +01:00
Vladimír Čunát
bbfca0f371
knot-resolver: 1.5.3 -> 2.0.0 (feature update)
Also split extraFeatures into a wrapper derivation.
So far, no changes like user renaming nor systemd unit rework.
2018-02-02 15:26:36 +01:00
Vladimír Čunát
c9171e5a4c
Merge branch 'master' into staging
Hydra: ?compare=1430035
2018-01-30 19:51:33 +01:00
rnhmjoj
8853d4408b
pdns-recursor: 4.0.8 -> 4.1.1 2018-01-29 00:57:05 +01:00
Frederik Rietdijk
769342b37b Merge remote-tracking branch 'upstream/master' into HEAD 2018-01-24 14:17:49 +01:00
Vladimír Čunát
b200979d6e
knot-resolver: 1.5.2 -> 1.5.3 (bugfix)
The fixed problem seems not to happen on NixOS, but let's update anyway.
2018-01-23 15:47:28 +01:00
Will Dietz
24dd0323b1 bind: perl as nativeBuildInput 2018-01-22 17:24:53 -06:00
Vladimír Čunát
7dd50deae5
knot-resolver: 1.5.1 -> 1.5.2 (security)
Fixes CVE-2018-1000002.
https://gitlab.labs.nic.cz/knot/knot-resolver/blob/v1.5.2/NEWS
2018-01-22 12:03:56 +01:00
adisbladis
ca094d7af2
bind: License changed to MPL 2.0 2018-01-17 09:39:20 +08:00
Andreas Rammhold
d2b852fe7d
bind: 9.11.2 -> 9.11.2-P1 (fixes CVE-2017-3145, CVE-2017-3143, CVE-2017-3141 & CVE-2017-3140)
For more details see [1].

[1] http://ftp.isc.org/isc/bind9/9.11.2-P1/RELEASE-NOTES-bind-9.11.2-P1.html
2018-01-17 02:29:13 +01:00
Samuel Dionne-Riel
7b97c8c0c8 treewide: homepage+src updates (found by repology, #33263) 2018-01-05 20:42:46 +01:00
Vladimír Čunát
f29000b002
Merge branch 'master' into staging
Hydra: ?compare=1421760
2017-12-29 10:13:33 +01:00
Robin Gloster
572b2bda4e treewide: generalise for both mysql & mariadb 2017-12-29 02:18:35 +01:00
Christoph Hrdinka
f00c17e927
nsd: 4.1.16 -> 4.1.19
Signed-off-by: Christoph Hrdinka <c.github@hrdinka.at>
2017-12-28 14:34:06 +01:00
Christoph Hrdinka
02694384c0
nsd: add configFile parameter
Signed-off-by: Christoph Hrdinka <c.github@hrdinka.at>
2017-12-28 14:34:05 +01:00
Dylan Simon
0f881aec23 bind: explicitly disable lmdb
Autodetected by default (so should be disabled) but avoid finding a
broken system version.
2017-12-21 15:07:22 -05:00
Vladimír Čunát
4d71ad1bc2
knot-resolver: 1.5.0 -> 1.5.1
It seems to be serving fine, atop 17.09.
2017-12-12 15:12:22 +01:00
Samuel Leathers
c2e9a1ca3b
powerdns: 4.0.4 -> 4.0.5 for CVE-2017-15091
Closes #32116.
2017-12-11 14:52:11 +01:00
Andreas Rammhold
f7b87a773e
pdns-recursor: 4.0.6 -> 4.0.8 (fixes CVE-2017-15120)
For more details see [1].

[1] http://www.openwall.com/lists/oss-security/2017/12/11/1
2017-12-11 13:51:59 +01:00
Vladimír Čunát
4dba2f2158
knot-dns: maintenance 2.6.1 -> 2.6.3 2017-12-01 12:43:05 +01:00
Gregor Kleen
a2e40f7254 nixpkgs/bind: use python3 2017-11-17 14:03:30 +01:00
Gregor Kleen
9826f5cc3c nixos/nsd: automatic DNSSEC using BIND toolset 2017-11-16 01:52:28 +01:00
Vladimír Čunát
1435ace4e4
knot-dns: remove unused dependency
https://gitlab.labs.nic.cz/knot/knot-dns/issues/559
2017-11-13 12:44:40 +01:00
Vladimír Čunát
327c351cb2
knot-resolver: disable the hints test for now
It's flaky, unfortunately.
2017-11-12 20:24:03 +01:00
Orivej Desh
c1a6665549 pdns-recursor: enable parallel building 2017-11-05 17:16:36 +00:00
rnhmjoj
f9031957ed
pdns-recursor: 4.0.4 -> 4.0.6 2017-11-05 17:32:06 +01:00
Vladimír Čunát
4b15ca2248
knot-resolver: 1.4.0 -> 1.5.0
https://lists.nic.cz/pipermail/knot-dns-users/2017-November/001240.html
ICANN wants to watch what root trust anchors people use.
https://www.icann.org/resources/pages/ksk-rollover
2017-11-03 11:04:50 +01:00
Vladimír Čunát
5f86f5d5b1
knot-dns: maintenance 2.6.0 -> 2.6.1
https://lists.nic.cz/pipermail/knot-dns-users/2017-November/001241.html
2017-11-03 10:57:15 +01:00
Vladimír Čunát
8688a5198f
knot-dns: fix kdig +tls sending bad SNI 2017-10-26 12:22:11 +02:00
Franz Pletz
57a0422b03 Merge pull request #30545 from Mic92/pdns
powerdns: 4.0.3 -> 4.0.4
2017-10-25 10:38:24 +02:00
Vladimír Čunát
c0e00efdae
knot-dns: fix kdig +tls broken in 2.6.0 2017-10-19 11:18:20 +02:00
Joerg Thalheim
c9da6d37e9 powerdns: remove nhooyr as maintainer 2017-10-18 19:50:02 +01:00
Joerg Thalheim
8bd1580d1a powerdns: 4.0.3 -> 4.0.4 2017-10-18 16:46:54 +01:00
Orivej Desh
fda26c8476 Merge branch 'master' into staging
* master: (271 commits)
  pysmbc: clarify license
  pysmbc: fix license
  bazel: 0.5.4 -> 0.6.0 (#29990)
  googler: init at 3.3
  go: declare support for aarch64
  firefox-beta-bin: 56.0b5 -> 57.0b4
  spotify: 1.0.64.401.g9d720389-21 -> 1.0.64.407.g9bd02c2d-26
  gogs: 0.11.19 -> 0.11.29
  grafana: 4.5.1 -> 4.5.2
  mopidy-iris: 3.4.1 -> 3.4.9
  nextcloud: 12.0.2 -> 12.0.3
  haskell-json-autotype: jailbreak to fix build within LTS 9.x
  kore: fix up
  kore: init at 2.0.0
  glusterfs service: fix issues with useRpcbind
  tig: 2.2.2 -> 2.3.0
  haskell-hspec-core: enable test suite again
  hackage-packages.nix: automatic Haskell package set update
  librsvg: fix thumbnailer path
  awscli: 1.11.108 -> 1.11.162
  ...
2017-10-02 00:22:12 +00:00
Vladimír Čunát
4a2dd9905c
knot-dns: 2.5.3 -> 2.6.0 2017-09-29 15:59:04 +02:00
John Ericson
f037625f87 Merge remote-tracking branch 'upstream/staging' into deps-reorg 2017-09-28 12:32:57 -04:00
Vladimír Čunát
7c7f8c9c1d
knot-*: simplify lmdb dependency
Partly thanks to lmdb.pc, partly thanks to 84bd2f4
(hopefully; untested on Darwin).
2017-09-23 14:15:56 +02:00
Vladimír Čunát
fd56648a04
knot-resolver: 1.3.3 -> 1.4.0
Also drop rarely used dependencies, by default,
and utilize root server addresses from nixpkgs.
2017-09-22 11:27:59 +02:00
John Ericson
ed14223f8c treewide: Manual fix more pkg-config build-inputs 2017-09-21 15:49:54 -04:00
John Ericson
531e4b80c9 misc pkgs: Basic sed to get fix pkgconfig and autoreconfHook buildInputs
Only acts on one-line dependency lists.
2017-09-21 15:49:53 -04:00
Matthew Justin Bauer
2eacddf0dc treewide: homepage URL fixes (#28475)
* pgadmin: use https homepage

* msn-pecan: move homepage to github

google code is now unavailable

* pidgin-latex: use https for homepage

* pidgin-opensteamworks: use github for homepage

google code is unavailable

* putty: use https for homepage

* ponylang: use https for homepage

* picolisp: use https for homepage

* phonon: use https for homepage

* pugixml: use https for homepage

* pioneer: use https for homepage

* packer: use https for homepage

* pokerth: usee https for homepage

* procps-ng: use https for homepage

* pycaml: use https for homepage

* proot: move homepage to .github.io

* pius: use https for homepage

* pdfread: use https for homepage

* postgresql: use https for homepage

* ponysay: move homepage to new site

* prometheus: use https for homepage

* powerdns: use https for homepage

* pm-utils: use https for homepage

* patchelf: move homepage to https

* tesseract: move homepage to github

* quodlibet: move homepage from google code

* jbrout: move homepage from google code

* eiskaltdcpp: move homepage to github

* nodejs: use https to homepage

* nix: use https for homepage

* pdf2djvu: move homepage from google code

* game-music-emu: move homepage from google code

* vacuum: move homepae from google code
2017-08-22 20:50:04 +02:00
Vladimír Čunát
378c6d7063
knot-dns: try to fixup on Darwin 2017-08-16 08:24:05 +02:00
Vladimír Čunát
10bcf0818f
knot-resolver: security 1.3.2 -> 1.3.3
https://lists.nic.cz/pipermail/knot-dns-users/2017-August/001184.html
2017-08-09 16:36:32 +02:00
Silvan Mosberger
f5fa5fa4d6 pkgs: refactor needless quoting of homepage meta attribute (#27809)
* pkgs: refactor needless quoting of homepage meta attribute

A lot of packages are needlessly quoting the homepage meta attribute
(about 1400, 22%), this commit refactors all of those instances.

* pkgs: Fixing some links that were wrongfully unquoted in the previous
commit

* Fixed some instances
2017-08-01 22:03:30 +02:00
Franz Pletz
cfbac7bbad
bind: 9.11.1-P2 -> 9.11.2 for multiple CVEs
See: https://kb.isc.org/article/AA-01522

Fixes: CVE-2017-3140 CVE-2017-3141 CVE-2017-3142 CVE-2017-3143
2017-08-01 10:26:20 +02:00
Vladimír Čunát
20d2bfa4ff
knot-resolver: remove unused inputs 2017-07-28 15:34:27 +02:00
Vladimír Čunát
62e4e3301b
knot-resolver: maintenance 1.3.1 -> 1.3.2 2017-07-28 15:12:23 +02:00
Vladimír Čunát
69c67371db
knot-dns: maintenance 2.5.2 -> 2.5.3 2017-07-28 15:12:07 +02:00
Vladimír Čunát
3678981f9f
knot-resolver: remove aarch64 from meta.platforms
It will compile but won't really work ATM.
2017-07-10 18:11:40 +02:00
Tim Steinbach
171c088754
bind: 9.10.5-P2 -> 9.11.1-P2 2017-06-30 13:52:04 -04:00
Peter Simons
c4430ba248 bind: update to version 9.10.5-P2 to fix CVE-2017-3142 and CVE-2017-3143 2017-06-29 22:15:01 +02:00
Vladimír Čunát
c76f8d9c7a
knot-resolver: maintenance 1.3.0 -> 1.3.1 2017-06-23 14:48:29 +02:00
Vladimír Čunát
75872f3161
knot-dns: security 2.5.1 -> 2.5.2
https://lists.nic.cz/pipermail/knot-dns-users/2017-June/001144.html
2017-06-23 14:48:10 +02:00
Franz Pletz
72c36db003
bind: 9.10.5 -> 9.10.5-P1 for CVE-2017-3140 2017-06-15 13:43:09 +02:00
Franz Pletz
44cb792077
powerdns: 4.0.2 -> 4.0.3 2017-06-13 21:21:59 +02:00
Vladimír Čunát
156a9afb2b
knot-resolver: 1.2.6 -> 1.3.0 2017-06-13 10:57:33 +02:00
Vladimír Čunát
db0235ce76
knot-dns: quick bugfix 2.5.0 -> 2.5.1 2017-06-07 17:57:42 +02:00
Franz Pletz
f18bcc1e2a
knot-dns: 2.4.2 -> 2.5.0 2017-06-06 03:59:16 +02:00
Michiel Leenaars
16857df2f3
nsd: fix openssl path in nsd-control-setup
Closes #26002
2017-05-26 10:00:28 +02:00
Michiel Leenaars
51269faa08
nsd: 4.1.15 -> 4.1.16 2017-05-26 10:00:16 +02:00
Robin Gloster
b447f624c3
bind: 9.10.4-P6 -> 9.10.5 2017-05-20 14:24:57 +02:00
Franz Pletz
eb79649414
bind: disable seccomp by default
Fixes #25645 & #23431.
2017-05-09 18:19:38 +02:00
Vladimír Čunát
d7501b986a
luajit: 2.1.0-beta2 -> 2.1.0-beta3
The removal of `luaL_reg` alias caused lots of breakage.
Only sysdig and knot-resolver needed (also) other changes.
2017-05-02 14:00:45 +02:00
Vladimír Čunát
125cf35273
knot-resolver: maintenance 1.2.5 -> 1.2.6 2017-04-24 16:36:27 +02:00
Christoph Hrdinka
60160234aa
nsd: 4.1.14 -> 4.1.15 2017-04-08 21:49:13 +02:00
Vladimír Čunát
44168b4b22
knot-resolver: update the source hash
Just nitpick changes in the tarball, minutes after the release.
2017-04-05 16:08:11 +02:00
Vladimír Čunát
12839e4599
knot-resolver: maintenance 1.2.4 -> 1.2.5 2017-04-05 15:49:27 +02:00
John Ericson
4c0d7da183 Get rid of all with { inherit... } and just used let inherit...
The old forms presumably predates, or were made in ignorance of,
`let inherit`. This way is better style as the scoping as more lexical,
something which Nix can (or might already!) take advantage of.
2017-03-30 03:05:05 -04:00
Vladimír Čunát
070ae18422
knot-dns: maintenance 2.4.1 -> 2.4.2 2017-03-23 16:34:11 +01:00
Vladimír Čunát
74f92e9556
knot-resolver: maintenance 1.2.3 -> 1.2.4 2017-03-09 21:25:45 +01:00
Vladimír Čunát
cb63a0b2da
knot-resolver: maintenance 1.2.2 -> 1.2.3
Just tiny fixes for some rare circumstances.
https://lists.nic.cz/pipermail/knot-dns-users/2017-February/001066.html
2017-02-23 16:23:23 +01:00
Rene Treffer
055d6399ef coredns: 001 -> 005 2017-02-19 21:26:10 +01:00
Nikolay Amiantov
f1e7a60b16
dnsutils: +sigchase support for dig
Fixes #10728, closes #22989.
The dnsutils output got ~60kiB bigger, and I see no extra runtime deps.
2017-02-19 12:13:05 +01:00
Vladimír Čunát
e5ac6bc999
knot-resolver: use embedded lmdb on Darwin for now
I don't know what's wrong there, and Darwin isn't among primary platforms
for kresd.
2017-02-15 10:23:44 +01:00
Vladimír Čunát
2fce8dda39
knot-dns: fixup Darwin build again, hopefully 2017-02-14 00:47:26 +01:00
Vladimír Čunát
935ede8a59
knot-resovler: use shared lmdb now 2017-02-13 16:56:54 +01:00
Vladimír Čunát
5b75338a50
knot-dns: use shared lmdb 2017-02-13 16:50:39 +01:00
Vladimír Čunát
45b1d0cb8c
knot-dns: maintenance 2.4.0 -> 2.4.1 2017-02-11 17:51:57 +01:00
Vladimír Čunát
0b7fec6272
knot-resolver: maintenance 1.2.1 -> 1.2.2
In particular, trust anchor bootstrapping is fixed after IANA publishing
an additional key.
2017-02-11 17:47:45 +01:00
Christoph Hrdinka
3047bb2e9c
nsd: 4.1.13 -> 4.1.14
* Fix #1132 for SERVFAIL zones perform backoff, and remembers the timeout on next startup.

* Fix null memcpy for radixtree with single link element.
* Robust fix against missing master in tcp_open for xfrd.
* Fix wildcards in include: config statements with chroot enabled.
* suppress compile warning in lex files.
* Fix to try every master once, then wait for timeout or notify.
* Save backoff timeout into xfrd.state file, this file has a higher version number now. Old files are skipped silently (causes refresh) and created as new files upon exit.
* Fix restart of zone transfers when new config becomes available.
2017-02-10 15:12:18 +01:00
Franz Pletz
da5eaa3c21
bind: 9.10.4-P5 -> 9.10.4-P6 for CVE-2017-3135
See https://kb.isc.org/article/AA-01453.

cc #22549
2017-02-09 10:44:16 +01:00
Vladimír Čunát
c3badbb366 knot-resolver: 1.2.0 -> 1.2.1
It mainly fixes a single issue that perhaps has a minor security impact.
https://lists.nic.cz/pipermail/knot-dns-users/2017-February/001045.html
2017-02-01 22:46:15 +01:00
Vladimír Čunát
dacbca2730
knot-dns: yet another attempt to fix build on Darwin 2017-01-31 12:53:24 +01:00
Vladimír Čunát
612333a770
knot-resolver: yet another attempt to fix build on Darwin 2017-01-30 20:08:16 +01:00
Vladimír Čunát
7f7faab009
knot-dns: yet another attempt to fix build on Darwin 2017-01-30 16:10:59 +01:00
Vladimír Čunát
196b87f707
knot-dns: another attempt to fix build on Darwin 2017-01-30 11:55:30 +01:00
Vladimír Čunát
fd32b16f9e
knot-dns: another attempt to fix build on Darwin
The effort is getting long, without any direct access to a Darwin machine.
2017-01-30 10:09:44 +01:00
Vladimír Čunát
f27fb8ab75
knot-{dns,resolver}: try to fix on darwin
Evaluation works now, at least.
2017-01-25 22:42:20 +01:00
Vladimír Čunát
278bbe3b33
add kresd service with basic options
Still celebrating today's 1.2.0 release!
2017-01-25 18:46:28 +01:00
Vladimír Čunát
5d5fb4a2fb
knot-resolver: init at 1.2.0
Celebrating today's release!
2017-01-25 15:22:09 +01:00
rnhmjoj
d79ea39d04
pdns-recursor: init at 4.0.4 2017-01-23 08:09:51 +01:00
Vladimír Čunát
64b7f096e6
knot-dns: 2.3.3 -> 2.4.0 2017-01-19 11:23:21 +01:00
Jörg Thalheim
1fe51342a9
powerdns: 4.0.1 -> 4.0.2 2017-01-14 23:01:56 +01:00
Peter Simons
2fd0a9f3c7 bind: update to 9.10.4-P5 (CVE-2016-9131, CVE-2016-9147, CVE-2016-9444, CVE-2016-9778) 2017-01-12 10:00:22 +01:00
Franz Pletz
e6708cea37
bind: fix collision of binaries in outputs
Using outputsToInstall the intended behaviour of including host and dnsutils
when bind is installed can be implemented instead of using symlinks to fix
installing all outputs individually with nix-env.

Fixes #19761.
2017-01-07 02:44:54 +01:00
Vladimír Čunát
df07922e3e
knot-dns: init at 2.3.3
Only .lib is tested ATM.
2016-12-13 15:31:29 +01:00
Vladimír Čunát
f0b9ecfa01
bind: fixup more openssl.dev references 2016-12-08 19:10:19 +01:00
Peter Simons
0b180d1ca4 bind: update to 9.10.4-P4 to fix CVE-2016-8864 2016-11-01 22:16:26 +01:00
Graham Christensen
c48fd00fae nsd: 4.1.12 -> 4.1.13 for CVE-2016-6173
Closes #19685
2016-10-19 15:16:54 +02:00
Tuomas Tynkkynen
b4d8f8b8e2 bind: Disable seccomp on non-x86
The list of permitted syscalls in the seccomp sandbox is only defined
for x86. It fails to build otherwise:

````
In file included from /tmp/nix-build-bind-9.10.4-P3.drv-0/bind-9.10.4-P3/lib/isc/include/isc/magic.h:23:0,
                 from /tmp/nix-build-bind-9.10.4-P3.drv-0/bind-9.10.4-P3/lib/isc/include/isc/app.h:89,
                 from ./main.c:26:
./main.c: In function 'setup_seccomp':
./main.c:848:17: error: 'scmp_syscalls' undeclared (first use in this function)
  INSIST((sizeof(scmp_syscalls) / sizeof(int)) ==
````
2016-10-16 23:37:48 +03:00
Franz Pletz
fa405aa264 bind: split out dnsutils & host binaries (#18903)
These tools are commonly used but don't require the other bind binaries.
Bind's libs are used, so they've also been split into an extra output.

The old version of host isn't maintained anymore and was removed From Debian
back in 2009: https://packages.qa.debian.org/h/host.html
2016-10-08 16:01:15 +02:00
Anmol Sethi
489ca7e5c0
powerdns: removed PrivateTmp=true in serviceConfig
As discussed in #18718 PrivateTmp is unnecessary because powerdns is
chrooted to /var/lib/powerdns.

I also added myself as co-maintainer.
2016-10-01 12:27:23 -04:00
Franz Pletz
96b1d15e0c
bind: enable seccomp on linux 2016-09-28 10:50:25 +02:00
Peter Simons
8aaf610d4d bind: cosmetic fix for Emacs' syntax highlighting 2016-09-27 19:30:21 +02:00
Peter Simons
7a5ff282aa bind: update to version 9.10.4-P3 to fix CVE-2016-2776 2016-09-27 19:29:51 +02:00
Christoph Hrdinka
553a3295c1 nsd: 4.1.9 -> 4.1.12
4.1.12
======

Bugfixes
--------

Fix malformed edns query assertion failure, reported by Michal Kepien (NASK).

4.1.11
======

Features
--------

* When tcp is more than half full, use short timeout for tcp session.
* Patch for {max,min}-{refresh,retry}-time from YAMAGUCHI Takanori.
* Fix #790: size-limit-xfr can stop NSD from downloading infinite zone transfer data size, from Toshifumi Sakaguchi. Fixes CVE-2016-6173 JVN#63359718 JPCERT#91251865.

Bugfixes
--------

* Fix build without IPv6, patch from Zdenek Kaspar.
* Fix #783: Trying to run a root server without having configured it silently gives wrong answers.
* Fix #782: Serve DS record but parent zone has no NS record.
* Fix nsec3 missing for nsec3 signed parent and child for DS at zonecut.

4.1.10
======

Features
--------

* ip-freebind: yesno option in nsd.conf sets IP_FREEBIND socket option for Linux, binds to interfaces and addresses that are down.
* NSD includes AAAA before A for queries over IPV6 (in delegations). And TC is set if no glue can be provided with a delegation because of packet size.
* print notice that nsd is starting before taking off.

Bugfixes
--------

* Fix for openssl 1.1.0, HMAC_CTX size not exported from openssl.
* Fix #751: NSD fails to occlude names below a DNAME.
* If set without nsd.db print "" as the default in the man pages.
* Fix #755: NSD spins after a zone update and a lot of TCP queries.
* Fix for NSEC3 with zone signed without exact match for empty nonterminals, the answer for that domain gets closest encloser.
* #772 Document that recvmmsg has IPv6 problems on some linux kernels.

4.1.9
=====

Bugfixes
--------

* Change the nsd.db file version because of nanosecond precision fix.
2016-09-27 00:14:24 +02:00
Tim Steinbach
dbbff67754 bind: 9.10.4 -> 9.10.4-P2 (#18880) 2016-09-24 01:55:00 +02:00
rushmorem
b93b37cf0a coredns: init at 001 2016-09-22 01:11:13 +02:00
Jörg Thalheim
b0a1c0b343
powerdns: init at 4.0.1
fixes #18703
2016-09-18 14:52:44 +02:00
Tuomas Tynkkynen
048a30e4e4 treewide: Fix dev references to libxml2 2016-08-30 03:02:32 +03:00
Tuomas Tynkkynen
a17216af4c treewide: Shuffle outputs
Make either 'bin' or 'out' the first output.
2016-08-29 14:49:51 +03:00
Vladimír Čunát
c4661e9643 Merge: make dev output references explicit
This is a rebase of most commits from #14766,
resolving conflicts and a few other evaluation problems.
2016-05-22 12:09:23 +02:00
Tuomas Tynkkynen
2a73de6e6c treewide: Make explicit that 'dev' output of openssl is used 2016-05-19 10:02:23 +02:00
Tuomas Tynkkynen
ff24ce23c9 bind: Fix references to openssl in *.la files
Avoids reference to the OpenSSL development headers.
2016-05-18 23:05:51 +03:00
Peter Simons
8e462995ba Bring my stdenv.lib.maintainers user name in line with my github nick. 2016-05-16 22:49:55 +02:00
Tuomas Tynkkynen
0561e14c3b bind: Split into multiple outputs
A patch is needed to make bind not print its configure flags on
'named -V'.
2016-05-14 22:12:59 +03:00
Tuomas Tynkkynen
e460267737 bind: Attempt to fix Darwin OpenSSL linking
Issue #15279 reports:

````
Checking for OpenSSL library... using OpenSSL from /nix/store/c6kijfc5py2805lmqczvmcws5cm9jg1l-openssl-1.0.2g-dev/lib and /nix/store/c6kijfc5py2805lmqczvmcws5cm9jg1l-openssl-1.0.2g-dev/include
checking whether linking with OpenSSL works... no
configure: error: Could not run test program using OpenSSL from
/nix/store/c6kijfc5py2805lmqczvmcws5cm9jg1l-openssl-1.0.2g-dev/lib and /nix/store/c6kijfc5py2805lmqczvmcws5cm9jg1l-openssl-1.0.2g-dev/include.
Please check the argument to --with-openssl and your
shared library configuration (e.g., LD_LIBRARY_PATH).
builder for ‘/nix/store/54nni99j4ycwws6zfjwcvv8vxsdk895i-bind-9.10.4.drv’ failed with exit code 1
````
2016-05-13 23:31:30 +03:00
Robin Gloster
2ef7fbe4a0 Merge pull request #15185 from hrdinka/update/nsd
nsd: 4.1.7 -> 4.1.9
2016-05-03 11:44:54 +02:00
Alexander Ried
5be72c23ea bind: LibreSSL compatibility added upstream 2016-05-03 04:58:01 +02:00
Alexander Ried
19ce448380 bind: 9.10.3-P4 -> 9.10.4 2016-05-03 04:58:01 +02:00
Christoph Hrdinka
199c998bcc nsd: 4.1.7 -> 4.1.9
Features
========

* Fix #732: tcp-mss, outgoing-tcp-mss options for nsd.conf, patch from Daisuke Higashi.
* Fix #739: zonefile changes when mtime is small are detected on reload, if filesystem supports precision mtime values.
* RR type CSYNC (RFC7477) syntax is supported.

Bugfixes
========

* Change the nsd.db file version because of nanosecond precision fix.
* take advantage of arc4random_uniform if available, patch from Loganaden Velvindron.
* Fix flto check for OSX clang.
* Define _DEFAULT_SOURCE with _BSD_SOURCE for glibc 2.20 on Linux.
* Fix #736: segfault during zone transfer.
* Fix #744: Fix that NSD replies for configured but unloaded zone with SERVFAIL, not REFUSED.
2016-05-02 16:46:46 +02:00
Vladimír Čunát
ab15a62c68 Merge branch 'master' into closure-size
Beware that stdenv doesn't build. It seems something more will be needed
than just resolution of merge conflicts.
2016-04-01 10:06:01 +02:00
Franz Pletz
404a699a20 bind: 9.10.3 -> 9.10.3-P4 (security)
Fixes:

  * CVE-2016-1285: https://kb.isc.org/article/AA-01352/
  * CVE-2016-1286: https://kb.isc.org/article/AA-01353/
2016-03-21 03:53:21 +01:00
Vladimír Čunát
09af15654f Merge master into closure-size
The kde-5 stuff still didn't merge well.
I hand-fixed what I saw, but there may be more problems.
2016-03-08 09:58:19 +01:00
Christoph Hrdinka
a0753c7cb2 nsd: 4.1.6 -> 4.1.7 2016-02-28 09:17:46 +01:00
Vladimír Čunát
f9f6f41bff Merge branch 'master' into closure-size
TODO: there was more significant refactoring of qtbase and plasma 5.5
on master, and I'm deferring pointing to correct outputs to later.
2015-12-31 09:53:02 +01:00
Franz Pletz
0e07172c6d bind: Fix patching Makefile.in
There is no postPatchPhase.
2015-12-25 21:39:56 -05:00
Robin Gloster
bdfc4efd67 bind: add patch to build with libressl 2.3 2015-12-23 22:08:33 +00:00
Vladimír Čunát
333d69a5f0 Merge staging into closure-size
The most complex problems were from dealing with switches reverted in
the meantime (gcc5, gmp6, ncurses6).
It's likely that darwin is (still) broken nontrivially.
2015-11-20 14:32:58 +01:00
Christoph Hrdinka
a4ea5e4e4b nsd: 4.13 -> 4.16 2015-11-12 14:51:47 +01:00
Vladimír Čunát
6d86a93c43 libevent: split into multiple outputs
Hopefully all references are fixed.
2015-10-05 15:58:37 +02:00
William A. Kennington III
ecd90e61cc bind: 9.10.2-P4 -> 9.10.3 2015-09-17 14:12:38 -07:00
William A. Kennington III
fe8a27cd64 mesos-dns: Move to go-packages 2015-09-04 23:57:00 -07:00
William A. Kennington III
68be570a0a skydns: Move to go-packages 2015-09-04 21:26:35 -07:00
William A. Kennington III
21370fb150 bind: 9.10.2-P3 -> 9.10.2-P4 2015-09-02 21:49:43 -07:00
Jaka Hudoklin
e2f673e024 skydns: 2.5.0a -> 2.5.2b 2015-08-29 18:28:50 +02:00
William A. Kennington III
3932ba7a54 bind: 9.10.2-P2 -> 9.10.2-P3 2015-07-29 10:36:45 -07:00
Christoph Hrdinka
1e95b76c67 nsd: 4.1.2 -> 4.1.3 2015-07-13 14:49:50 +02:00
Pascal Wittmann
007e288912 bind: update from 9.10.2 to 9.10.2-P2, fixes CVE-2015-4620 2015-07-10 18:20:29 +02:00
Jaka Hudoklin
ef1f827671 skydns: update to 2.5.0a 2015-06-19 13:35:32 +02:00
Christoph Hrdinka
7b207ab10b nsd: update 4.1.1 -> 4.1.2 2015-06-18 14:08:39 +02:00
Eelco Dolstra
ab8b68cd99 Revert "bind: Modify build"
This reverts commit 0a06b99d69.
2015-06-04 14:54:51 +02:00
Eelco Dolstra
676fbc2578 Revert "bind: Enable parallel building"
This reverts commit e74b5704a8.
2015-06-04 14:54:51 +02:00
Eelco Dolstra
4fdf489073 Revert "dnsutils: Add smaller derivation of bind"
This reverts commit bb6ac771c4.
2015-06-04 14:54:51 +02:00
Eelco Dolstra
0a4de71cb0 Revert "bind: Add propagatedBuildInputs"
This reverts commit 9f70b1ab31.
2015-06-04 14:54:51 +02:00
William A. Kennington III
9f70b1ab31 bind: Add propagatedBuildInputs 2015-05-24 15:01:21 -07:00
William A. Kennington III
bb6ac771c4 dnsutils: Add smaller derivation of bind 2015-05-23 22:26:23 -07:00
William A. Kennington III
e74b5704a8 bind: Enable parallel building 2015-05-23 20:07:51 -07:00
William A. Kennington III
0a06b99d69 bind: Modify build 2015-05-23 19:07:13 -07:00
Pascal Wittmann
d811c6cf41 skydns: fixed typo 2015-05-19 20:30:49 +02:00
Jaka Hudoklin
ca0d1aa9a3 Merge pull request #6880 from offlinehacker/pkgs/skydns/add
Add skydns
2015-04-19 10:43:05 +02:00
Christoph Hrdinka
d3a2edb8ce nsd: Fix automatic config options 2015-03-19 12:10:55 +01:00
Christoph Hrdinka
6db8155e37 nsd: Update from 4.1.0 -> 4.1.1 2015-03-18 21:01:35 +01:00
Jaka Hudoklin
26f671155e Add skydns 2015-03-18 20:29:11 +01:00
Benjamin Staffin
dec05e9b28 mesos-dns: Update to newer commit
Notable upstream changes:
- Support for multiple ports per task
- Records generated for mesos master nodes
- SRV records resolve to hostnames rather than IPs
- Query handling is now properly case-insensitive
- Better AAAA record handling
2015-03-15 14:00:54 -07:00
koral
f1e615f6df bind: 9.9.5-W1 -> 9.10.2 + added rndc key 2015-03-01 20:02:09 +00:00
Benjamin Staffin
d382667537 New package: mesos-dns 2015-02-20 17:11:49 -08:00
Christoph Hrdinka
f5cd9d2460 nsd: fix description, license and platforms 2014-09-28 15:30:39 +02:00
Christoph Hrdinka
f1b3196f2d nsd: update to version 4.1.0 2014-09-28 14:43:26 +02:00
Christoph Hrdinka
29b4258622 nsd: add hrdinka to maintainers 2014-09-28 14:43:16 +02:00
aszlig
fd9c8fa3dc
pkgs/nsd: Allow to easily override the package.
Allowing to use nixpkgs config to provide different defaults is not
going to help us here, so we would like to use nsd.override {} in order
to supply the correct options in the module.

Eventually removing the nixpkgs config option would make sense here as
well.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-09-05 02:54:39 +02:00
Bjørn Forsman
c9baba9212 Fix many package descriptions
(My OCD kicked in today...)

Remove repeated package names, capitalize first word, remove trailing
periods and move overlong descriptions to longDescription.

I also simplified some descriptions as well, when they were particularly
long or technical, often based on Arch Linux' package descriptions.

I've tried to stay away from generated expressions (and I think I
succeeded).

Some specifics worth mentioning:
 * cron, has "Vixie Cron" in its description. The "Vixie" part is not
   mentioned anywhere else. I kept it in a parenthesis at the end of the
   description.

 * ctags description started with "Exuberant Ctags ...", and the
   "exuberant" part is not mentioned elsewhere. Kept it in a parenthesis
   at the end of description.

 * nix has the description "The Nix Deployment System". Since that
   doesn't really say much what it is/does (especially after removing
   the package name!), I changed that to "Powerful package manager that
   makes package management reliable and reproducible" (borrowed from
   nixos.org).

 * Tons of "GNU Foo, Foo is a [the important bits]" descriptions
   is changed to just [the important bits]. If the package name doesn't
   contain GNU I don't think it's needed to say it in the description
   either.
2014-08-24 22:31:37 +02:00
Patrick Mahoney
b947cde3a5 bind: Expand to all unix platforms. 2014-08-04 15:09:07 -05:00
Christoph Hrdinka
e59c465103 nsd: add package version 4.0.3 2014-06-12 11:14:44 +02:00
Peter Simons
b0c2354809 bind: update to version 9.9.5-W1 (fixes CVE-2013-6230 and CVE 2014-0591) 2014-03-03 13:10:05 +01:00
Peter Simons
6603ef3bf8 bind: update to version 9.9.4-P2 2014-01-14 15:55:24 +01:00
Peter Simons
516377c0b6 bind: update to 9.9.3-p2 to fix CVE-2013-4854 2013-07-28 13:50:11 +02:00
Peter Simons
2e618df532 bind: avoid build impurity by explicitly enabling/disabling features
The BIND configure script finds extra dependencies in /usr/include and /usr/lib,
and activates additional features if it does. This may cause the build to fail
on systems that cannot use a chroot environment. Actively disabling those
additional features prevents this issue from occurring.
2013-06-10 15:38:00 +02:00
Peter Simons
bfa846cd6e bind: update to 9.9.3-P1 to fix CVE-2013-3919 2013-06-07 13:27:12 +02:00
Peter Simons
e655ac24d2 bind: add meta.license attribute 2013-04-01 11:46:14 +02:00
Peter Simons
d95c79bad7 bind: update to version 9.9.2-P2 to fix CVE 2010-4051 /2010-4052 2013-04-01 11:46:13 +02:00
Michael Raskin
8eec7bf2f6 Updating BIND to freshest version 9.9.2 2012-10-17 16:27:38 +04:00
Eelco Dolstra
3cf0b00b5a bind: Update to 9.7.6-P3
Fixes CVE-2012-4244.
2012-10-02 11:48:54 -04:00
Eelco Dolstra
36667965f9 * Updated bind to 9.7.6-P1, which includes a fix for CVE-2012-1667.
svn path=/nixpkgs/trunk/; revision=34370
2012-06-06 15:51:48 +00:00
Lluís Batlle i Rossell
8dc9474e4d Making bind use /var/run/named instead of $out/var/run/named for the runtime temporary files.
svn path=/nixpkgs/trunk/; revision=25509
2011-01-11 22:08:43 +00:00
Lluís Batlle i Rossell
a9345a51c5 Updating bind
svn path=/nixpkgs/trunk/; revision=25457
2011-01-07 11:33:04 +00:00
Eelco Dolstra
7f5b839524 * Removed selectVersion. There's no good reason to write
`selectVersion ./foo "bar"' instead of `import ./foo/bar.nix'.
* Replaced `with args' with formal function arguments in several
  packages.
* Renamed several files to `default.nix'.  As a general rule, version
  numbers should only be included in the filename when there is a
  reason to keep multiple versions of a package in Nixpkgs.
  Otherwise, it just makes it harder to update the package.

svn path=/nixpkgs/trunk/; revision=18403
2009-11-18 09:39:59 +00:00
Michael Raskin
3d7f5dd7d6 Added BIND
svn path=/nixpkgs/trunk/; revision=12064
2008-06-12 18:10:08 +00:00