Commit Graph

580 Commits

Author SHA1 Message Date
Artturin
b3caa2f1fe treewide: extraPostFetch -> postFetch 2022-05-23 17:18:50 +03:00
Martin Weinelt
f33b07e728
bind: 9.18.1 -> 9.18.3
> An assertion failure can be triggered if a TLS connection to a
> configured http TLS listener with a defined endpoint is destroyed too
> early.

https://kb.isc.org/v1/docs/cve-2022-1183

Fixes: CVE-2022-1183
2022-05-20 01:20:16 +02:00
Vladimír Čunát
c84e5f8e1f
Merge #170909: knot-resolver: minor improvements 2022-05-06 16:27:57 +02:00
Bobby Rong
dbed5813eb
Merge pull request #170523 from armeenm/bump-pdns
pdns: 4.6.1 -> 4.6.2
2022-05-02 20:19:00 +08:00
Vladimír Čunát
9791289e84
knot-resolver: enable more tests
Apparently luarocks works now on aarch64-darwin.
2022-04-29 15:10:27 +02:00
Vladimír Čunát
3eab641238
knot-resolver: switch to systemdMinimal
It was in closure anyway, and this saves 62M from
 $ nix path-info -S ./result
Still, for those using the service this won't change the closure.
2022-04-29 15:10:25 +02:00
Vladimír Čunát
871065de22
knot: 3.1.7 -> 3.1.8
https://gitlab.nic.cz/knot/knot-dns/-/tags/v3.1.8
2022-04-28 13:44:41 +02:00
Armeen Mahdian
ab9d6e8f9d pdns: 4.6.1 -> 4.6.2 2022-04-26 17:16:06 -05:00
github-actions[bot]
1ebc1944ed
Merge master into staging-next 2022-04-10 06:01:27 +00:00
Sandro
1136ad6c65
Merge pull request #166333 from SuperSandro2000/doh-proxy 2022-04-10 03:25:32 +02:00
github-actions[bot]
f78cc67bac
Merge master into staging-next 2022-04-09 18:01:20 +00:00
R. Ryantm
82040f52c9 pdns-recursor: 4.6.1 -> 4.6.2 2022-04-08 17:26:24 +00:00
Guillaume Girol
45a5514f55
Merge pull request #166534 from vcunat/p/powerdns-32bit
powerdns: fix 32-bit builds against glibc
2022-04-05 19:42:04 +00:00
Vladimír Čunát
6b7bd8d06e
powerdns: fix typo
Co-authored-by: Guillaume Girol <symphorien@users.noreply.github.com>
2022-04-03 18:41:21 +02:00
7c6f434c
8188f10752
Merge pull request #166430 from alyssais/openssl-static-retry
treewide: use lib.getLib for OpenSSL libraries
2022-04-02 12:59:55 +00:00
Vladimír Čunát
f588040472
powerdns: fix 32-bit builds against glibc 2022-03-31 08:33:20 +02:00
Alyssa Ross
fd78240ac8
treewide: use lib.getLib for OpenSSL libraries
At some point, I'd like to make another attempt at
71f1f4884b ("openssl: stop static binaries referencing libs"), which
was reverted in 195c7da07d.  One problem with my previous attempt is
that I moved OpenSSL's libraries to a lib output, but many dependent
packages were hardcoding the out output as the location of the
libraries.  This patch fixes every such case I could find in the tree.
It won't have any effect immediately, but will mean these packages
will automatically use an OpenSSL lib output if it is reintroduced in
future.

This patch should cause very few rebuilds, because it shouldn't make
any change at all to most packages I'm touching.  The few rebuilds
that are introduced come from when I've changed a package builder not
to use variable names like openssl.out in scripts / substitution
patterns, which would be confusing since they don't hardcode the
output any more.

I started by making the following global replacements:

    ${pkgs.openssl.out}/lib -> ${lib.getLib pkgs.openssl}/lib
    ${openssl.out}/lib -> ${lib.getLib openssl}/lib

Then I removed the ".out" suffix when part of the argument to
lib.makeLibraryPath, since that function uses lib.getLib internally.

Then I fixed up cases where openssl was part of the -L flag to the
compiler/linker, since that unambigously is referring to libraries.

Then I manually investigated and fixed the following packages:

 - pycurl
 - citrix-workspace
 - ppp
 - wraith
 - unbound
 - gambit
 - acl2

I'm reasonably confindent in my fixes for all of them.

For acl2, since the openssl library paths are manually provided above
anyway, I don't think openssl is required separately as a build input
at all.  Removing it doesn't make a difference to the output size, the
file list, or the closure.

I've tested evaluation with the OfBorg meta checks, to protect against
introducing evaluation failures.
2022-03-30 15:10:00 +00:00
Sandro Jäckel
4bba51b8d0
doh-proxy: drop 2022-03-30 17:08:53 +02:00
Vladimír Čunát
2a5a99c586
knot-dns: 3.1.6 -> 3.1.7
This version primarily fixes incomplete implementation of
the Offline KSK signing mode in the IXFR and DDNS processing.

https://gitlab.nic.cz/knot/knot-dns/-/tags/v3.1.7
2022-03-30 10:23:34 +02:00
Martin Weinelt
999f3c2b9d
pdns: rename from powerdns
https://github.com/PowerDNS/pdns
https://repology.org/project/pdns/versions
2022-03-28 18:04:19 +02:00
Martin Weinelt
0165645499
Merge pull request #164116 from NickCao/powerdns 2022-03-28 17:34:07 +02:00
Sandro
970a37ff47
Merge pull request #165962 from SuperSandro2000/bind 2022-03-28 16:34:13 +02:00
Nick Cao
fc49bc19ed
powerdns: redact configure flags from version output to reduce closure size 2022-03-28 22:05:39 +08:00
Nick Cao
e85e545dbd
powerdns: 4.3.1 -> 4.6.1 2022-03-28 22:05:31 +08:00
Sandro
b53ee0c6eb
bind: add meta.changelog 2022-03-27 17:48:45 +02:00
rnhmjoj
e501354c13
pdns-recursor: 4.6.0 -> 4.6.1 2022-03-26 23:26:28 +01:00
Peter Hoeg
39f24ef7a0 https-dns-proxy: 2020-04-19 -> 2021-03-29 2022-03-24 15:36:28 +08:00
Vladimír Čunát
1a9a8d2ec0
Merge #164261: knot-resolver: 5.4.4 -> 5.5.0 2022-03-19 21:54:45 +01:00
Robert Scott
3eb0953ae8
Merge pull request #164586 from mweinelt/bind9
bind: 9.18.0 -> 9.18.1
2022-03-19 11:26:16 +00:00
Bobby Rong
5eeca624d5
Merge pull request #163756 from r-ryantm/auto-update/coredns
coredns: 1.9.0 -> 1.9.1
2022-03-18 10:38:36 +08:00
Martin Weinelt
8c2ee334e5
bind: 9.18.0 -> 9.18.1
https://downloads.isc.org/isc/bind9/9.18.1/RELEASE-NOTES-bind-9.18.1.html

Fixes: CVE-2021-25220, CVE-2022-0396, CVE-2022-0635, CVE-2022-0667
2022-03-17 13:16:02 +01:00
superherointj
2578e884f9 coredns: enable tests 2022-03-16 10:42:28 -03:00
Vladimír Čunát
a1a2ae2955
knot-resolver: 5.4.4 -> 5.5.0
https://gitlab.nic.cz/knot/knot-resolver/-/tags/v5.5.0
2022-03-15 13:42:23 +01:00
R. Ryantm
138471e084 coredns: 1.9.0 -> 1.9.1 2022-03-12 05:23:45 +00:00
Luflosi
65b2a74267
bind: 9.16.25 -> 9.18.0 (#161427) 2022-03-07 12:54:11 +01:00
R. Ryantm
b20eba3135 nsd: 4.3.9 -> 4.4.0 2022-02-19 11:56:36 +00:00
R. Ryantm
353338bfb0 coredns: 1.8.6 -> 1.9.0 2022-02-12 21:23:50 -08:00
Vladimír Čunát
043cccef2c knot-dns: 3.1.5 -> 3.1.6
https://gitlab.nic.cz/knot/knot-dns/-/tags/v3.1.6
2022-02-08 12:02:16 -08:00
Thomas Gerbet
4cfcbac24a bind: 9.16.16 -> 9.16.25
Fixes CVE-2021-25219.
https://downloads.isc.org/isc/bind9/9.16.25/doc/arm/html/notes.html
2022-01-28 13:28:20 +01:00
Fabian Möller
4329d79dba
nixos/tests: link tests to their packages 2022-01-23 21:08:10 +01:00
Johannes Schleifenbaum
9dfed5c9aa
dnsdist: adopt 2022-01-19 08:24:03 +01:00
Johannes Schleifenbaum
612ad7776a
nixos/dnsdist: add test 2022-01-19 08:24:02 +01:00
Johannes Schleifenbaum
30ae792cd0
dnsdist: 1.5.2 -> 1.7.0 2022-01-18 08:59:18 +01:00
Vladimír Čunát
1071b77c21
knot-resolver: 5.4.3 -> 5.4.4
This is basically just no-op.  Only version number changes.
https://gitlab.nic.cz/knot/knot-resolver/-/tags/v5.4.4
2022-01-05 15:28:59 +01:00
R. Ryantm
22eb1ae0fe nsd: 4.3.8 -> 4.3.9 2021-12-31 11:20:10 -08:00
Michele Guerini Rocco
41716bad68
Merge pull request #151877 from rnhmjoj/pr-pdns
pdns-recursor: 4.5.7 -> 4.6.0
2021-12-23 21:22:33 +01:00
rnhmjoj
390341ca9f
pdns-recursor: 4.5.7 -> 4.6.0 2021-12-23 10:45:18 +01:00
Vladimír Čunát
b1c17320af
knot-dns: make passthru.tests usable on non-Linux 2021-12-20 17:17:55 +01:00
Vladimír Čunát
c83103e77c
knot-dns: add knot-resolver build into passthru.tests 2021-12-20 16:43:21 +01:00
Vladimír Čunát
0fe64c6929
knot-dns: 3.1.4 -> 3.1.5
https://gitlab.nic.cz/knot/knot-dns/-/tags/v3.1.5
2021-12-20 16:19:44 +01:00