Commit Graph

56 Commits

Author SHA1 Message Date
R. Ryantm
0070f29a13 dnsmasq: 2.88 -> 2.89 2023-03-07 17:12:51 +00:00
Shawn8901
133fa5f867 treewide: remove global with lib; in pkgs/tools 2023-01-24 17:41:44 +01:00
R. Ryantm
88800d588b dnsmasq: 2.87 -> 2.88 2022-12-05 08:29:16 +00:00
Robert Scott
4a46a86bcf dnsmasq: add some nixos tests to passthru.tests
no specific nixos test (yet) so we'll have to make do with
ones that use dnsmasq on the periphery
2022-09-30 19:59:41 +01:00
R. Ryantm
2fc8634038 dnsmasq: 2.86 -> 2.87 2022-09-27 06:34:44 +00:00
Adam Joseph
f9a2402ab0 dnsmasq: honor dbusSupport
This commit exposes support for compilation without dbus, controlled
by the global dbusSupport argument.  This argument is understood by
many other nixpkgs expressions and can be set globally in
~/.config/nixpkgs/config.nix.
2022-03-06 21:24:28 +02:00
R. Ryantm
ea8c590fe0 dnsmasq: 2.85 -> 2.86 2021-12-11 07:38:41 +00:00
Thomas Gerbet
380bb617c0 dnsmasq: 2.84 -> 2.85
Fixes CVE-2021-3448.
https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2021q1/014835.html
2021-04-24 09:52:50 +02:00
Rick van Schijndel
b12f16f283 dnsmasq: fix cross-compilation
This is done by specifying pkg-config in the makeFlags, ensuring that
the correct pkg-config is injected.

Depends on changes that are currently only in staging:

- 07ecf87693
- 4f6ec19dbc

See https://github.com/NixOS/nixpkgs/pull/114902 for those changes.
2021-03-14 21:14:50 +00:00
R. RyanTM
0d4e6f52ec dnsmasq: 2.83 -> 2.84 2021-02-04 09:09:20 +00:00
Stig Palmquist
cecd2c8362 dnsmasq: 2.82 -> 2.83, pname + version
CVEs:
CVE-2020-25681
CVE-2020-25682
CVE-2020-25683
CVE-2020-25687
CVE-2020-25684
CVE-2020-25685
CVE-2020-25686
2021-01-19 20:21:49 +01:00
Ben Siraphob
76f93cc731 pkgs/tools: pkgconfig -> pkg-config 2021-01-16 23:49:59 -08:00
Ben Siraphob
8c5d37129f pkgs/tools: stdenv.lib -> lib 2021-01-15 17:12:36 +07:00
R. RyanTM
26c6b14a4c dnsmasq: 2.81 -> 2.82 2020-07-31 08:51:25 +02:00
Martin Weinelt
c9fef6230a dnsmasq: 2.80 → 2.81
Fixes: CVE-2019-14834

A vulnerability was found in dnsmasq before version 2.81, where the
memory leak allows remote attackers to cause a denial of service
(memory consumption) via vectors involving DHCP response creation.

Changelog:

version 2.81
	Improve cache behaviour for TCP connections. For ease of
	implementaion, dnsmasq has always forked a new process to handle
	each incoming TCP connection. A side-effect of this is that
	any DNS queries answered from TCP connections are not cached:
	when TCP connections were rare, this was not a problem.
	With the coming of DNSSEC, it is now the case that some
	DNSSEC queries have answers which spill to TCP, and if,
	for instance, this applies to the keys for the root, then
	those never get cached, and performance is very bad.
	This fix passes cache entries back from the TCP child process to
	the main server process, and fixes the problem.

	Remove the NO_FORK compile-time option, and support for uclinux.
	In an era where everything has an MMU, this looks like
	an anachronism, and it adds to (Ok, multiplies!) the
	combinatorial explosion of compile-time options. Thanks to
	Kevin Darbyshire-Bryant for the patch.

	Fix line-counting when reading /etc/hosts and friends; for
	correct error messages. Thanks to Christian Rosentreter
	for reporting this.

	Fix bug in DNS non-terminal code, added in 2.80, which could
	sometimes cause a NODATA rather than an NXDOMAIN reply.
	Thanks to Norman Rasmussen, Sven Mueller and Maciej Żenczykowski
	for spotting and diagnosing the bug and providing patches.

	Support TCP-fastopen (RFC-7413) on both incoming and
	outgoing TCP connections, if supported and enabled in the OS.

	Improve kernel-capability manipulation code under Linux. Dnsmasq
	now fails early if a required capability is not available, and
	tries not to request capabilities not required by its
	configuration.

	Add --shared-network config. This enables allocation of addresses
	by the DHCP server in subnets where the server (or relay) does not
	have an interface on the network in that subnet. Many thanks to
	kamp.de for sponsoring this feature.

	Fix broken contrib/lease_tools/dhcp_lease_time.c. A packet
	validation check got borked in commit 2b38e382 and release 2.80.
	Thanks to Tomasz Szajner for spotting this.

	Fix compilation against nettle version 3.5 and later.

	Fix spurious DNSSEC validation failures when the auth section
	of a reply contains unsigned RRs from a signed zone,
	with the exception that NSEC and NSEC3 RRs must always be signed.
        Thanks to Tore Anderson for spotting and diagnosing the bug.

	Add --dhcp-ignore-clid. This disables reading of DHCP client
	identifier option (option 61), so clients are only identified by
	MAC addresses.

	Fix a bug which stopped --dhcp-name-match from working when a hostname
	is supplied in --dhcp-host. Thanks to James Feeney for spotting this.

	Fix bug which caused very rarely caused zero-length DHCPv6 packets.
	Thanks to Dereck Higgins for spotting this.

	Add --tftp-single-port option.

	Enhance --conf-dir to load files in a deterministic order. Thanks to
	Evgenii Seliavka for the suggestion and initial patch.

	In the router advert code, handle case where we have two
	different interfaces on the same IPv6 net, and we are doing
	RA/DHCP service on only one of them. Thanks to NIIBE Yutaka
	for spotting this case and making the initial patch.

	Support prefixed ranges of ipv6 addresses in dhcp-host.
	This eases problems chain-netbooting, where each link in the
	chain requests an address using a different UID. With a single
	address, only one gets the "static" address, but with this
	fix, enough addresses can be reserved for all the stages of the
	boot. Many thanks to Harald Jensås for his work on this idea and
	earlier patches.

	Add filtering by tag of --dhcp-host directives. Based on a patch
	by Harald Jensås.

	Allow empty server spec in --rev-server, to match --server.

	Remove DSA signature verification from DNSSEC, as specified in
	RFC 8624. Thanks to Loganaden Velvindron for the original patch.

	Add --script-on-renewal option.
2020-04-29 04:22:08 +02:00
Michael Reilly
84cf00f980
treewide: Per RFC45, remove all unquoted URLs 2020-04-10 17:54:53 +01:00
Vladimír Čunát
944775e0c5
dnsmasq: correct previous change for Darwin
I was a bit hasty in commit 482642a73.
2020-02-19 15:20:46 +01:00
Vladimír Čunát
482642a733
dnsmasq: fixup build after kernel header changes
https://github.com/torvalds/linux/commit/0768e17073d
2020-02-19 13:14:04 +01:00
worldofpeace
9058ad8c74 dnsmasq: fix build with nettle 3.5 2019-10-14 18:25:28 -04:00
worldofpeace
2220086061 dnsmasq: Move D-Bus conf file to share/dbus-1/system.d
Since D-Bus 1.9.18 configuration files installed by third-party should
go in share/dbus-1/system.d. The old location is for sysadmin overrides.
2019-09-16 13:59:09 -04:00
Robin Gloster
4e60b0efae
treewide: update globin's maintained drvs 2019-08-20 19:36:05 +02:00
R. RyanTM
904ae0b116 dnsmasq: 2.79 -> 2.80
Semi-automatic update generated by
https://github.com/ryantm/nixpkgs-update tools. This update was made
based on information from
https://repology.org/metapackage/dnsmasq/versions
2018-11-10 03:18:29 -08:00
volth
52f53c69ce pkgs/*: remove unreferenced function arguments 2018-07-21 02:48:04 +00:00
Matthew Bauer
76999cc40e treewide: remove aliases in nixpkgs
This makes the command ‘nix-env -qa -f. --arg config '{skipAliases =
true;}'’ work in Nixpkgs.

Misc...

- qtikz: use libsForQt5.callPackage

  This ensures we get the right poppler.

- rewrites:

  docbook5_xsl -> docbook_xsl_ns
  docbook_xml_xslt -> docbook_xsl

diffpdf: fixup
2018-07-18 23:25:20 -04:00
Franz Pletz
d856ad7fc4
dnsmasq: 2.78 -> 2.79 2018-07-15 20:15:36 +02:00
adisbladis
b492e2a164
dnsmasq: Patch CVE-2017-15107 2018-02-24 01:36:45 +08:00
Franz Pletz
2f188ff37f
dnsmasq: 2.77 -> 2.78 for multiple CVEs
Fixes CVE-2017-14491, CVE-2017-14492, CVE-2017-14493, CVE-2017-14494,
CVE-2017-14495, CVE-2017-14496.
2017-10-02 17:06:22 +02:00
Franz Pletz
bc3ee6bfd4
dnsmasq: 2.76 -> 2.77 2017-06-20 03:45:43 +02:00
Nick Novitski
44cf3c44b0 dnsmasq: install launchd plist on darwin 2017-03-09 11:30:50 +13:00
Robin Gloster
5185bc1773 Merge remote-tracking branch 'upstream/master' into hardened-stdenv 2016-07-15 14:41:01 +00:00
Franz Pletz
033e593a4f dnsmasq: 2.75 -> 2.76 (security)
Fixes CVE-2015-8899.
2016-07-10 10:48:10 +02:00
Franz Pletz
aff1f4ab94 Use general hardening flag toggle lists
The following parameters are now available:

  * hardeningDisable
    To disable specific hardening flags
  * hardeningEnable
    To enable specific hardening flags

Only the cc-wrapper supports this right now, but these may be reused by
other wrappers, builders or setup hooks.

cc-wrapper supports the following flags:

  * fortify
  * stackprotector
  * pie (disabled by default)
  * pic
  * strictoverflow
  * format
  * relro
  * bindnow
2016-03-05 18:55:26 +01:00
Robin Gloster
e392824fb3 dnsmasq: enable pie hardening 2016-02-26 17:55:51 +00:00
Dan Peebles
50a00101c1 dnsmasq: get it working on darwin again 2015-12-24 23:27:31 -05:00
Domen Kožar
29befbeb95 dnsmasq: install dhcp_* tools 2015-12-03 11:09:40 +01:00
William A. Kennington III
8c244bc21c dnsmasq: 2.73 -> 2.75 2015-08-03 12:52:22 -07:00
William A. Kennington III
6f4fbcc981 dnsmasq: Fix build 2015-06-19 00:54:41 -07:00
William A. Kennington III
bdeac100db dnsmasq: 2.72 -> 2.73 2015-06-18 21:56:18 -07:00
Aristid Breitkreuz
68c15230c6 dnsmasq: update from 2.71 to 2.72 2014-10-06 22:31:43 +02:00
Patrick Mahoney
7fc369cfca dnsmasq: Replace deprecated ensureDir with mkdir. 2014-08-30 09:19:23 -05:00
William A. Kennington III
9194f69e73 dnsmasq: Meta Update 2014-08-28 11:39:03 -07:00
Paul Colomiets
adbb9ff796 dnsmasq: upgrade to 2.71, fixed dnsmasq module
* The module now has systemd config

* Add resolveLocalQueries option which sets up it as a dns server for
  local host (including reasonable setup of resolvconf)

* Add "dnsmasq" user for running daemon

* Enabled dbus and dnssec support for the package

Conflicts:
	nixos/modules/misc/ids.nix
2014-08-28 11:39:03 -07:00
Frerich Raabe
965237a6ee Use .tar.xz instead of .tar.gz for dnsmasq
To save precious bandwidth.
2014-08-07 21:40:45 +02:00
Frerich Raabe
dee49fa1b2 Update dnsmasq to version 2.71 2014-08-07 21:40:45 +02:00
Frerich Raabe
1ff81347ec Enable dnsmasq on OS X
It seems to work alright.
2014-08-07 21:40:45 +02:00
Eelco Dolstra
1833b1a4cc dnsmasq: Update to 2.69 2014-04-18 15:39:11 +02:00
Nixpkgs Monitor
53261424c3 dnsmasq: update from 2.67 to 2.68 2013-12-15 12:19:28 +02:00
Bjørn Forsman
f21e9f0a07 dnsmasq: bump 2.63 -> 2.67
See changelog at http://www.thekelleys.org.uk/dnsmasq/CHANGELOG
2013-11-27 19:29:37 +01:00
Eelco Dolstra
0efbc7d3bf dnsmasq: Update to 2.63 2012-10-26 16:23:30 +02:00
Eelco Dolstra
9da1dd6c90 * dnsmasq updated to 2.59.
svn path=/nixpkgs/trunk/; revision=32334
2012-02-16 18:03:12 +00:00