Commit Graph

164 Commits

Author SHA1 Message Date
Randy Eckenrode
ae3a87ecc3
bind: add CoreServices framework on Darwin
Fixes the following error:

    CCLD     dig
    ld: file not found: /System/Library/Frameworks/CoreServices.framework/Versions/A/CoreServices for architecture arm64
    ld: file not found: /System/Library/Frameworks/CoreServices.framework/Versions/A/CoreServices for architecture arm64
    clang-16: clang-16: error: error: linker command failed with exit code 1 (use -v to see invocation)linker command failed with exit code 1 (use -v to see invocation)
2024-07-27 11:43:42 -04:00
Martin Weinelt
bbb4e2f9e2
bind: 9.18.27 -> 9.18.28
https://downloads.isc.org/isc/bind9/cur/9.18/CHANGES
https://www.openwall.com/lists/oss-security/2024/07/23/1

Fixes: CVE-2024-1975, CVE-2024-4076, CVE-2024-1737, CVE-2024-0760
2024-07-23 18:30:10 +02:00
Sergei Trofimovich
9f34127646 bind: 9.18.26 -> 9.18.27
Changes: https://downloads.isc.org/isc/bind9/9.18.27/doc/arm/html/notes.html#notes-for-bind-9-18-27
2024-05-15 21:48:24 +01:00
Sergei Trofimovich
16c31e6a1e bind: 9.18.25 -> 9.18.26
Changes: https://downloads.isc.org/isc/bind9/9.18.26/doc/arm/html/notes.html#notes-for-bind-9-18-26
2024-04-18 22:13:55 +01:00
Vladimír Čunát
d7d6471a69
bind: doCheck = false;
The flakiness of netmgr_test and doh_test on Hydra is very annoying.
It's a long-term problem, and sometimes really bad:
https://hydra.nixos.org/build/254045328#tabs-buildsteps

Feel free to do partial test instead of full disabling,
or anything that's relatively reliable.
2024-03-28 11:28:22 +01:00
Sergei Trofimovich
31987782cc bind: 9.18.24 -> 9.18.25
Changes: https://downloads.isc.org/isc/bind9/9.18.25/doc/arm/html/notes.html#notes-for-bind-9-18-25
2024-03-21 21:43:58 +00:00
Thomas Gerbet
324f730e54 bind: 9.18.21 -> 9.18.24
Fixes CVE-2023-4408, CVE-2023-5517, CVE-2023-5679, CVE-2023-6516, CVE-2023-50387 and CVE-2023-50868.

Security advisories:
https://kb.isc.org/docs/cve-2023-4408
https://kb.isc.org/docs/cve-2023-5517
https://kb.isc.org/docs/cve-2023-5679
https://kb.isc.org/docs/cve-2023-6516
https://kb.isc.org/docs/cve-2023-50387
https://kb.isc.org/docs/cve-2023-50868

Release notes:
https://bind9.readthedocs.io/en/v9.18.24/notes.html
2024-02-14 16:18:41 +01:00
Sergei Trofimovich
5d81c1faa8 bind: 9.18.20 -> 9.18.21
Changes: https://downloads.isc.org/isc/bind9/9.18.21/doc/arm/html/notes.html#notes-for-bind-9-18-21
2023-12-21 10:42:54 +00:00
R. Ryantm
8f2ec8ab2b bind: 9.18.19 -> 9.18.20 2023-11-17 21:51:41 +00:00
Yaya
b0c03e1684 bind: 9.18.18 -> 9.18.19
https://downloads.isc.org/isc/bind9/cur/9.18/CHANGES
https://downloads.isc.org/isc/bind9/9.18.19/doc/arm/html/notes.html#notes-for-bind-9-18-19

Fixes CVE-2023-3341
Fixes CVE-2023-4236
2023-09-20 21:32:41 +00:00
Vladimír Čunát
5842d103dc
bind: disable tests on *all* 32-bit platforms
https://github.com/NixOS/nixpkgs/pull/250563#issuecomment-1702271179
https://gitlab.isc.org/isc-projects/bind9/-/issues/4269#note_397062
2023-09-01 09:13:10 +02:00
Vladimír Čunát
7526787a4e
bind: disable tests on i686
rbtdb_test started to fail reproducibly because of last update:
https://hydra.nixos.org/build/232089292/nixlog/127/tail

Of course, feel free to instead investigate deeper or disable tests
on a more fine-grained level, etc.
2023-08-21 17:20:35 +02:00
linsui
a7c6b07478 dig: add IDN support 2023-08-20 22:56:34 +08:00
Sergei Trofimovich
d932fc0163 bind: 9.18.17 -> 9.18.18
While at it added trivial updater.

Changes: https://bind9.readthedocs.io/en/v9.18.18/notes.html#notes-for-bind-9-18-18
2023-08-19 09:11:35 +01:00
Sergei Trofimovich
0092231e84 bind: 9.18.16 -> 9.18.17
Changes: https://downloads.isc.org/isc/bind9/9.18.17/doc/arm/html/notes.html#notes-for-bind-9-18-17
2023-07-28 19:26:00 +01:00
Martin Weinelt
75a902e253
bind: 9.18.14 -> 9.18.16
https://downloads.isc.org/isc/bind9/cur/9.18/CHANGES
https://downloads.isc.org/isc/bind9/9.18.16/doc/arm/html/notes.html

Fixes: CVE-2023-2828, CVE-2023-2911, CVE-202-3094, CVE-2022-3736,
       CVE-2023-3924
2023-06-22 11:59:22 +02:00
R. Ryantm
8cac6243a3 bind: 9.18.12 -> 9.18.14 2023-05-11 19:13:50 +00:00
Vladimír Čunát
41020c3241
bind: avoid tests on aarch64-linux for now
They fail on some machines repeatedly and they were only enabled
around a day ago (6fa6198586).
2023-03-06 12:14:35 +01:00
Robert Scott
ce5093b787 bind: enable unit tests 2023-03-04 17:04:45 +00:00
R. Ryantm
e23609cd21 bind: 9.18.11 -> 9.18.12 2023-03-03 09:43:35 +00:00
Thomas Gerbet
d258b4e1e8 bind: 9.8.10 -> 9.8.11
Fixes CVE-2022-3094, CVE-2022-3736 and CVE-2022-3924.

Security advisories:
* https://kb.isc.org/docs/cve-2022-3094
* https://kb.isc.org/docs/cve-2022-3736
* https://kb.isc.org/docs/cve-2022-3924

Changelog:
https://downloads.isc.org/isc/bind9/9.18.11/CHANGES
2023-01-28 17:28:16 +01:00
R. Ryantm
983e50113c bind: 9.18.9 -> 9.18.10 2023-01-09 04:01:42 +00:00
ajs124
e63fa6e21e bind: enable parallel building
because non-parallel is slow
2023-01-06 16:06:43 +01:00
R. Ryantm
c4d3b3a8da bind: 9.18.8 -> 9.18.9 2022-12-25 12:10:01 +01:00
R. Ryantm
ee3bea9255 bind: 9.18.7 -> 9.18.8 2022-10-21 06:32:53 +00:00
R. Ryantm
a6fe6e968b bind: 9.18.6 -> 9.18.7 2022-09-24 05:13:52 +00:00
Franz Pletz
54cca744d9
Merge pull request #176126 from posch/bind2 2022-09-05 15:18:23 +02:00
R. Ryantm
89d680fa2b bind: 9.18.5 -> 9.18.6 2022-08-20 00:40:32 +00:00
R. Ryantm
79d65a8851 bind: 9.18.4 -> 9.18.5 2022-07-30 14:30:51 +00:00
Arnout Engelen
c52f737f27
Merge pull request #173904 from risicle/ris-bind-extra-passthru-tests
bind: add some more nixosTests to `passthru.tests`
2022-07-29 16:58:09 +02:00
github-actions[bot]
86c34bf774
Merge master into staging-next 2022-06-27 12:01:26 +00:00
Robert Schütz
2847e6e691 bind: 9.18.3 -> 9.18.4
https://downloads.isc.org/isc/bind9/9.18.4/doc/arm/html/notes.html
2022-06-27 04:45:49 +00:00
Tobias Poschwatta
53c3bec163 bind: add default rndc.conf 2022-06-03 14:40:13 +02:00
ajs124
6a803b01ae bind: remove broken configure flags
configure: WARNING: unrecognized options: --without-atf, --without-docbook-xsl, --without-idn, --without-idnlib, --with-randomdev, --with-ecdsa, --with-gost, --without-eddsa, --with-aes, --with-libcap
2022-05-30 15:32:17 +02:00
Robert Scott
2830a7976f bind: add some more nixosTests to passthru.tests 2022-05-21 15:43:47 +01:00
Martin Weinelt
f33b07e728
bind: 9.18.1 -> 9.18.3
> An assertion failure can be triggered if a TLS connection to a
> configured http TLS listener with a defined endpoint is destroyed too
> early.

https://kb.isc.org/v1/docs/cve-2022-1183

Fixes: CVE-2022-1183
2022-05-20 01:20:16 +02:00
7c6f434c
8188f10752
Merge pull request #166430 from alyssais/openssl-static-retry
treewide: use lib.getLib for OpenSSL libraries
2022-04-02 12:59:55 +00:00
Alyssa Ross
fd78240ac8
treewide: use lib.getLib for OpenSSL libraries
At some point, I'd like to make another attempt at
71f1f4884b ("openssl: stop static binaries referencing libs"), which
was reverted in 195c7da07d.  One problem with my previous attempt is
that I moved OpenSSL's libraries to a lib output, but many dependent
packages were hardcoding the out output as the location of the
libraries.  This patch fixes every such case I could find in the tree.
It won't have any effect immediately, but will mean these packages
will automatically use an OpenSSL lib output if it is reintroduced in
future.

This patch should cause very few rebuilds, because it shouldn't make
any change at all to most packages I'm touching.  The few rebuilds
that are introduced come from when I've changed a package builder not
to use variable names like openssl.out in scripts / substitution
patterns, which would be confusing since they don't hardcode the
output any more.

I started by making the following global replacements:

    ${pkgs.openssl.out}/lib -> ${lib.getLib pkgs.openssl}/lib
    ${openssl.out}/lib -> ${lib.getLib openssl}/lib

Then I removed the ".out" suffix when part of the argument to
lib.makeLibraryPath, since that function uses lib.getLib internally.

Then I fixed up cases where openssl was part of the -L flag to the
compiler/linker, since that unambigously is referring to libraries.

Then I manually investigated and fixed the following packages:

 - pycurl
 - citrix-workspace
 - ppp
 - wraith
 - unbound
 - gambit
 - acl2

I'm reasonably confindent in my fixes for all of them.

For acl2, since the openssl library paths are manually provided above
anyway, I don't think openssl is required separately as a build input
at all.  Removing it doesn't make a difference to the output size, the
file list, or the closure.

I've tested evaluation with the OfBorg meta checks, to protect against
introducing evaluation failures.
2022-03-30 15:10:00 +00:00
Sandro
b53ee0c6eb
bind: add meta.changelog 2022-03-27 17:48:45 +02:00
Martin Weinelt
8c2ee334e5
bind: 9.18.0 -> 9.18.1
https://downloads.isc.org/isc/bind9/9.18.1/RELEASE-NOTES-bind-9.18.1.html

Fixes: CVE-2021-25220, CVE-2022-0396, CVE-2022-0635, CVE-2022-0667
2022-03-17 13:16:02 +01:00
Luflosi
65b2a74267
bind: 9.16.25 -> 9.18.0 (#161427) 2022-03-07 12:54:11 +01:00
Thomas Gerbet
4cfcbac24a bind: 9.16.16 -> 9.16.25
Fixes CVE-2021-25219.
https://downloads.isc.org/isc/bind9/9.16.25/doc/arm/html/notes.html
2022-01-28 13:28:20 +01:00
illustris
185e6a477a sssd: 1.16.5 -> 2.6.0, fix broken build 2021-10-30 09:48:28 -07:00
Peter Simons
476635afe1 Drop myself from meta.maintainers for most packages.
I'd like to reduce the number of Github notifications and
review requests I receive.
2021-10-14 11:01:27 +02:00
R. RyanTM
d0335f16b5 bind: 9.16.15 -> 9.16.16 2021-05-20 10:21:52 +00:00
Martin Weinelt
84b6596098
bind: 9.16.13 -> 9.16.15
https://kb.isc.org/docs/cve-2021-25214

https://kb.isc.org/docs/cve-2021-25215

https://kb.isc.org/docs/cve-2021-25216

Fixes: CVE-2021-25214, CVE-2021-25215, CVE-2021-25216
2021-04-29 03:39:40 +02:00
R. RyanTM
602499378d bind: 9.16.12 -> 9.16.13 2021-03-20 01:51:13 +00:00
R. RyanTM
9b2e8cac52 bind: 9.16.11 -> 9.16.12 2021-02-22 02:17:24 -05:00
R. RyanTM
5854a34ede bind: 9.16.10 -> 9.16.11 2021-01-28 10:07:22 -05:00
Profpatsch
4a7f99d55d treewide: with stdenv.lib; in meta -> with lib;
Part of: https://github.com/NixOS/nixpkgs/issues/108938

meta = with stdenv.lib;

is a widely used pattern. We want to slowly remove
the `stdenv.lib` indirection and encourage people
to use `lib` directly. Thus let’s start with the meta
field.

This used a rewriting script to mostly automatically
replace all occurances of this pattern, and add the
`lib` argument to the package header if it doesn’t
exist yet.

The script in its current form is available at
https://cs.tvl.fyi/depot@2f807d7f141068d2d60676a89213eaa5353ca6e0/-/blob/users/Profpatsch/nixpkgs-rewriter/default.nix
2021-01-11 10:38:22 +01:00