Vladimír Čunát
ad03cc98bb
knot-resolver: 5.7.0 -> 5.7.1
...
Fixes significant DoS: CVE-2023-50387 "KeyTrap" and CVE-2023-50868
https://gitlab.nic.cz/knot/knot-resolver/-/releases/v5.7.1
2024-02-13 14:32:42 +01:00
Vladimír Čunát
3bfd251c0c
knot-resolver: add dnstap support
...
Fortunately the closure increases only by 0.5 MB,
so that sounds suitable to include in the defaults.
Knot Resolver packages for other distros typically do have it.
2024-01-25 16:06:08 +01:00
Adam Joseph
c7e0f6b905
treewide: s_targetPlatform_hostPlatform_ in non-compiler packages
...
stdenv.targetPlatform really shouldn't be used by software that
doesn't generate or manipulate binaries. I reviewed all uses of
targetPlatform outside of pkgs/development/compilers and pkgs/stdenv
and replaced those which weren't involved in something which fits
these criteria.
2023-11-17 08:07:34 +00:00
Vladimír Čunát
1c505f6bb3
knot-resolver: 5.6.0 -> 5.7.0
...
https://gitlab.nic.cz/knot/knot-resolver/-/releases/v5.7.0
2023-08-22 12:05:57 +02:00
Vladimír Čunát
962e2323a2
knot-resolver: respect doInstallCheck even in wrapper
...
The main point is to avoid it when cross-compiling.
2023-06-21 18:37:28 +02:00
Vladimír Čunát
50c0e3188c
knot-resolver: avoid a flaky test
...
The test is relatively sensitive on timing, so it can fail in case
a builder is heavily loaded. In practice we occasionally see that
on *-darwin. In distro such tests are more trouble than worth;
and we keep running these upstream anyway.
2023-02-03 10:54:27 +01:00
Vladimír Čunát
d027021c71
knot-resolver: 5.5.3 -> 5.6.0
...
https://gitlab.nic.cz/knot/knot-resolver/-/tags/v5.6.0
There's a security fix, though I don't consider it severe.
2023-01-26 18:19:22 +01:00
Guillaume Girol
33afbf39f6
treewide: switch to nativeCheckInputs
...
checkInputs used to be added to nativeBuildInputs. Now we have
nativeCheckInputs to do that instead. Doing this treewide change allows
to keep hashes identical to before the introduction of
nativeCheckInputs.
2023-01-21 12:00:00 +00:00
Vladimír Čunát
0c0c230cd2
Merge #192065 : knot-*: set .meta.mainProgram
2022-09-25 17:06:45 +02:00
Vladimír Čunát
14384cf3ca
knot-resolver: 5.5.2 -> 5.5.3
...
CVE-2022-40188 and also the patches were included in the release.
https://gitlab.nic.cz/knot/knot-resolver/-/tags/v5.5.3
2022-09-21 14:34:46 +02:00
Vladimír Čunát
f60377210e
knot-*: set .meta.mainProgram
...
I believe it's clear what "main program" is in these cases.
It seems unclear if this change is useful, but it's very simple
and it shouldn't hurt anything.
2022-09-20 13:10:16 +02:00
Vladimír Čunát
6ffee2b5d0
knot-resolver: run more tests also on *-darwin
...
The tests need patching a bit, until the next release.
These tests would e.g. discover that kresd didn't work at all
until the patch in the parent commit.
2022-08-25 18:30:57 +02:00
Vladimír Čunát
6d2168c73c
knot-resolver: patch library loading for darwin
...
Apparently until now it could never start up on x86_64-darwin :-/
2022-08-25 18:30:22 +02:00
Vladimír Čunát
55a29891d4
knot-resolver: 5.5.1 -> 5.5.2
...
https://gitlab.nic.cz/knot/knot-resolver/-/tags/v5.5.2
2022-08-16 15:10:08 +02:00
Vladimír Čunát
bac638e75b
knot-resolver: 5.5.0 -> 5.5.1
...
https://gitlab.nic.cz/knot/knot-resolver/-/tags/v5.5.1
2022-06-14 10:41:50 +02:00
Vladimír Čunát
9791289e84
knot-resolver: enable more tests
...
Apparently luarocks works now on aarch64-darwin.
2022-04-29 15:10:27 +02:00
Vladimír Čunát
3eab641238
knot-resolver: switch to systemdMinimal
...
It was in closure anyway, and this saves 62M from
$ nix path-info -S ./result
Still, for those using the service this won't change the closure.
2022-04-29 15:10:25 +02:00
Vladimír Čunát
a1a2ae2955
knot-resolver: 5.4.4 -> 5.5.0
...
https://gitlab.nic.cz/knot/knot-resolver/-/tags/v5.5.0
2022-03-15 13:42:23 +01:00
Vladimír Čunát
1071b77c21
knot-resolver: 5.4.3 -> 5.4.4
...
This is basically just no-op. Only version number changes.
https://gitlab.nic.cz/knot/knot-resolver/-/tags/v5.4.4
2022-01-05 15:28:59 +01:00
Vladimír Čunát
02d8ed2eb1
knot-resolver: patch a possibly unpleasant issue
...
No more releasing in 2021.
2021-12-09 19:30:31 +01:00
Vladimír Čunát
93ee1a9cb0
knot-resolver: 5.4.2 -> 5.4.3
...
https://gitlab.nic.cz/knot/knot-resolver/-/tags/v5.4.3
2021-12-01 13:32:57 +01:00
Vladimír Čunát
4329cbdcc4
knot-resolver: 5.4.1 -> 5.4.2
...
https://gitlab.nic.cz/knot/knot-resolver/-/tags/v5.4.2
2021-10-13 13:21:50 +02:00
Vladimír Čunát
c0238e110a
knot-resolver: 5.4.0 -> 5.4.1
...
https://gitlab.nic.cz/knot/knot-resolver/-/tags/v5.4.1
2021-08-19 14:58:08 +02:00
Vladimír Čunát
88742cf661
knot-resolver: 5.3.2 -> 5.4.0
...
https://gitlab.nic.cz/knot/knot-resolver/-/tags/v5.4.0
It's a prerequisite to updating knot-dns to >= 3.1.0.
2021-07-29 17:14:37 +02:00
Vladimír Čunát
389f628c08
knot-resolver: skip tests on aarch64-darwin (for now)
...
It used to build in a previous iteration
https://hydra.nixos.org/job/nixpkgs/aarch64-darwin/knot-resolver.aarch64-darwin
so I expect it will work without these tests
(I have no access to a darwin machine).
2021-06-11 20:39:06 +02:00
Vladimír Čunát
fed7086f21
knot-resolver: clean the expression a bit
2021-05-05 13:34:10 +02:00
Vladimír Čunát
fdd9671234
knot-resolver: 5.3.1 -> 5.3.2
...
https://gitlab.nic.cz/knot/knot-resolver/-/tags/v5.3.2
2021-05-05 11:45:27 +02:00
Vladimír Čunát
3dee9271d7
knot-resolver: 5.3.0 -> 5.3.1
...
https://gitlab.nic.cz/knot/knot-resolver/-/tags/v5.3.1
2021-03-31 20:26:17 +02:00
Vladimír Čunát
d464a379d1
knot-resolver: 5.2.1 -> 5.3.0
...
https://gitlab.nic.cz/knot/knot-resolver/-/tags/v5.3.0
2021-02-25 15:08:18 +01:00
Jonathan Ringer
9bb3fccb5b
treewide: pkgs.pkgconfig -> pkgs.pkg-config, move pkgconfig to alias.nix
...
continuation of #109595
pkgconfig was aliased in 2018, however, it remained in
all-packages.nix due to its wide usage. This cleans
up the remaining references to pkgs.pkgsconfig and
moves the entry to aliases.nix.
python3Packages.pkgconfig remained unchanged because
it's the canonical name of the upstream package
on pypi.
2021-01-19 01:16:25 -08:00
Ben Siraphob
872973d7d1
pkgs/servers: stdenv.lib -> lib
2021-01-15 14:24:03 +07:00
Profpatsch
4a7f99d55d
treewide: with stdenv.lib; in meta -> with lib;
...
Part of: https://github.com/NixOS/nixpkgs/issues/108938
meta = with stdenv.lib;
is a widely used pattern. We want to slowly remove
the `stdenv.lib` indirection and encourage people
to use `lib` directly. Thus let’s start with the meta
field.
This used a rewriting script to mostly automatically
replace all occurances of this pattern, and add the
`lib` argument to the package header if it doesn’t
exist yet.
The script in its current form is available at
https://cs.tvl.fyi/depot@2f807d7f141068d2d60676a89213eaa5353ca6e0/-/blob/users/Profpatsch/nixpkgs-rewriter/default.nix
2021-01-11 10:38:22 +01:00
Vladimír Čunát
ace04464b6
knot-resolver: 5.2.0 -> 5.2.1
...
https://gitlab.nic.cz/knot/knot-resolver/-/tags/v5.2.1
2020-12-09 11:07:28 +01:00
Vladimír Čunát
9a38c3a11b
knot-resolver: fix evaluation on darwin
...
I somehow forgot that libcap_ng is linux-only. I'm missing ofborg's
darwin builder, but I might've tested evaluation at least...
2020-11-18 08:41:28 +01:00
Vladimír Čunát
335798d243
knot-resolver: fix a stupid system breaking non-systemd
...
I hope this will fix darwin build (no good way of testing locally).
2020-11-17 20:05:51 +01:00
Vladimír Čunát
cd5c7c0ee6
knot-resolver: drop capabilities after startup
...
By default. I forgot to add this a long time ago.
The difference in runtime closure is really tiny (232 KiB by du).
2020-11-17 20:04:56 +01:00
Vladimír Čunát
3087df3e8f
knot-resolver: add support for new DoH implementation
...
By default. I'm not a DoH fan, but the difference in runtime closure
is really tiny (216 KiB by du). I somehow forgot this during update.
Some of the newly running tests were failing and got disabled.
2020-11-17 20:04:55 +01:00
Vladimír Čunát
280e27327d
knot-resolver: 5.1.3 -> 5.2.0
...
https://lists.nic.cz/pipermail/knot-resolver-users/2020/000318.html
NixOS service: we'll probably want to switch listenDoH
to the new 'doh2' kind, but let me leave that for later.
2020-11-11 15:51:54 +01:00
Vladimír Čunát
3c45610ddd
knot-resolver: 5.1.2 -> 5.1.3
...
https://gitlab.nic.cz/knot/knot-resolver/-/tags/v5.1.3
2020-09-09 11:10:16 +02:00
Vladimír Čunát
ec5ef6bd2b
knot-resolver: 5.1.1 -> 5.1.2
...
https://gitlab.nic.cz/knot/knot-resolver/-/tags/v5.1.2
I could highlight fixing the garbage collector on 32-bit systems.
2020-07-01 16:20:49 +02:00
Vladimír Čunát
d0d90908c8
knot-resolver: 5.1.0 -> 5.1.1 (security)
...
https://en.blog.nic.cz/2020/05/19/nxnsattack-upgrade-resolvers-to-stop-new-kind-of-random-subdomain-attack/
2020-05-19 11:29:33 +02:00
Vladimír Čunát
26d3ae2f24
knot-resolver: 5.0.1 -> 5.1.0
...
https://gitlab.labs.nic.cz/knot/knot-resolver/-/tags/v5.1.0
The upcoming major version will contain reworked
hints/policy/prefill/rebinding/view modules and related functionalities.
Please participate in the following survey to ensure we do not forget
about your particular use-case:
https://www.knot-resolver.cz/survey/
It will help us to improve Knot Resolver. Thank you!
2020-04-29 17:38:21 +02:00
Michael Reilly
84cf00f980
treewide: Per RFC45, remove all unquoted URLs
2020-04-10 17:54:53 +01:00
Vladimír Čunát
b7f5450e4d
knot-resolver: apply upstream patch
...
Encrypted ZFS users were affected, in particular some NixOS users
who reported the issue upstream. Close #81188 .
2020-03-04 13:36:54 +01:00
Frederik Rietdijk
419bc0a4cd
Revert "Revert "Merge master into staging-next""
...
In 87a19e9048
I merged staging-next into master using the GitHub gui as intended.
In ac241fb7a5
I merged master into staging-next for the next staging cycle, however, I accidentally pushed it to master.
Thinking this may cause trouble, I reverted it in 0be87c7979
. This was however wrong, as it "removed" master.
This reverts commit 0be87c7979
.
2020-02-05 19:41:25 +01:00
Frederik Rietdijk
0be87c7979
Revert "Merge master into staging-next"
...
I merged master into staging-next but accidentally pushed it to master.
This should get us back to 87a19e9048
.
This reverts commit ac241fb7a5
, reversing
changes made to 76a439239e
.
2020-02-05 19:18:35 +01:00
Vladimír Čunát
e3edb004c6
knot-resolver: 5.0.0 -> 5.0.1
...
https://gitlab.labs.nic.cz/knot/knot-resolver/tags/v5.0.1
2020-02-05 16:53:40 +01:00
Vladimír Čunát
ae74a0e27c
(nixos/)knot-resolver: 4.3.0 -> 5.0.0
...
Minor incompatibilities due to moving to upstream defaults:
- capabilities are used instead of systemd.socket units
- the control socket moved:
/run/kresd/control -> /run/knot-resolver/control/1
- cacheDir moved and isn't configurable anymore
- different user+group names, without static IDs
Thanks Mic92 for multiple ideas.
2020-01-31 15:22:52 +01:00
Vladimír Čunát
93ad21dedd
knot-resolver: remove older lua path workarounds
...
Part of this is approximate revert of commit f0d2da43a7
.
2020-01-31 15:06:20 +01:00
Vladimír Čunát
e980e7a3ab
knot-resolver: enable checks on aarch64
...
The cqueues fix is in nixpkgs already, so it works now.
2020-01-30 18:48:57 +01:00