Age | Commit message (Collapse) | Author | Files | Lines |
|
|
|
Additionally:
+ split native and other build inputs
+ alphabetically order dependencies
+ explicitly disable libjson support (the configure script looks for it in
/usr, /usr/local, and /opt/local)
|
|
|
|
Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools.
This update was made based on information from https://repology.org/metapackage/bind/versions.
These checks were done:
- built on NixOS
- /nix/store/zxylanld5x7l9n2n24g70qj91n4kmj5x-bind-9.12.1-P2/bin/delv passed the binary check.
- Warning: no invocation of /nix/store/zxylanld5x7l9n2n24g70qj91n4kmj5x-bind-9.12.1-P2/bin/arpaname had a zero exit code or showed the expected version
- /nix/store/zxylanld5x7l9n2n24g70qj91n4kmj5x-bind-9.12.1-P2/bin/named-rrchecker passed the binary check.
- /nix/store/zxylanld5x7l9n2n24g70qj91n4kmj5x-bind-9.12.1-P2/bin/mdig passed the binary check.
- /nix/store/zxylanld5x7l9n2n24g70qj91n4kmj5x-bind-9.12.1-P2/bin/ddns-confgen passed the binary check.
- /nix/store/zxylanld5x7l9n2n24g70qj91n4kmj5x-bind-9.12.1-P2/bin/dnssec-cds passed the binary check.
- /nix/store/zxylanld5x7l9n2n24g70qj91n4kmj5x-bind-9.12.1-P2/bin/dnssec-dsfromkey passed the binary check.
- /nix/store/zxylanld5x7l9n2n24g70qj91n4kmj5x-bind-9.12.1-P2/bin/dnssec-importkey passed the binary check.
- /nix/store/zxylanld5x7l9n2n24g70qj91n4kmj5x-bind-9.12.1-P2/bin/dnssec-keyfromlabel passed the binary check.
- /nix/store/zxylanld5x7l9n2n24g70qj91n4kmj5x-bind-9.12.1-P2/bin/dnssec-keygen passed the binary check.
- /nix/store/zxylanld5x7l9n2n24g70qj91n4kmj5x-bind-9.12.1-P2/bin/dnssec-revoke passed the binary check.
- /nix/store/zxylanld5x7l9n2n24g70qj91n4kmj5x-bind-9.12.1-P2/bin/dnssec-settime passed the binary check.
- /nix/store/zxylanld5x7l9n2n24g70qj91n4kmj5x-bind-9.12.1-P2/bin/dnssec-signzone passed the binary check.
- /nix/store/zxylanld5x7l9n2n24g70qj91n4kmj5x-bind-9.12.1-P2/bin/dnssec-verify passed the binary check.
- Warning: no invocation of /nix/store/zxylanld5x7l9n2n24g70qj91n4kmj5x-bind-9.12.1-P2/bin/genrandom had a zero exit code or showed the expected version
- /nix/store/zxylanld5x7l9n2n24g70qj91n4kmj5x-bind-9.12.1-P2/bin/named passed the binary check.
- /nix/store/zxylanld5x7l9n2n24g70qj91n4kmj5x-bind-9.12.1-P2/bin/named-checkconf passed the binary check.
- /nix/store/zxylanld5x7l9n2n24g70qj91n4kmj5x-bind-9.12.1-P2/bin/named-checkzone passed the binary check.
- /nix/store/zxylanld5x7l9n2n24g70qj91n4kmj5x-bind-9.12.1-P2/bin/named-compilezone passed the binary check.
- Warning: no invocation of /nix/store/zxylanld5x7l9n2n24g70qj91n4kmj5x-bind-9.12.1-P2/bin/named-journalprint had a zero exit code or showed the expected version
- Warning: no invocation of /nix/store/zxylanld5x7l9n2n24g70qj91n4kmj5x-bind-9.12.1-P2/bin/nsec3hash had a zero exit code or showed the expected version
- /nix/store/zxylanld5x7l9n2n24g70qj91n4kmj5x-bind-9.12.1-P2/bin/rndc passed the binary check.
- /nix/store/zxylanld5x7l9n2n24g70qj91n4kmj5x-bind-9.12.1-P2/bin/rndc-confgen passed the binary check.
- /nix/store/zxylanld5x7l9n2n24g70qj91n4kmj5x-bind-9.12.1-P2/bin/tsig-keygen passed the binary check.
- 20 of 24 passed binary check by having a zero exit code.
- 14 of 24 passed binary check by having the new version present in output.
- found 9.12.1-P2 with grep in /nix/store/zxylanld5x7l9n2n24g70qj91n4kmj5x-bind-9.12.1-P2
- directory tree listing: https://gist.github.com/d95b236ef147c4c8ad6a99ca42db1acd
- du listing: https://gist.github.com/f6bcea6b6bdce7df3f66bbf02768bd20
|
|
trivial part)
|
|
|
|
Semi-automatic update generated by https://github.com/ryantm/nix-update tools. These checks were done:
- built on NixOS
- ran `/nix/store/9i6c9yx3p0gvhphd4ahj8pfcm0n78han-bind-9.12.1/bin/delv help` got 0 exit code
- ran `/nix/store/9i6c9yx3p0gvhphd4ahj8pfcm0n78han-bind-9.12.1/bin/delv -v` and found version 9.12.1
- ran `/nix/store/9i6c9yx3p0gvhphd4ahj8pfcm0n78han-bind-9.12.1/bin/named-rrchecker -h` got 0 exit code
- ran `/nix/store/9i6c9yx3p0gvhphd4ahj8pfcm0n78han-bind-9.12.1/bin/named-rrchecker --help` got 0 exit code
- ran `/nix/store/9i6c9yx3p0gvhphd4ahj8pfcm0n78han-bind-9.12.1/bin/named-rrchecker -V` and found version 9.12.1
- ran `/nix/store/9i6c9yx3p0gvhphd4ahj8pfcm0n78han-bind-9.12.1/bin/named-rrchecker -v` and found version 9.12.1
- ran `/nix/store/9i6c9yx3p0gvhphd4ahj8pfcm0n78han-bind-9.12.1/bin/named-rrchecker --version` and found version 9.12.1
- ran `/nix/store/9i6c9yx3p0gvhphd4ahj8pfcm0n78han-bind-9.12.1/bin/named-rrchecker --help` and found version 9.12.1
- ran `/nix/store/9i6c9yx3p0gvhphd4ahj8pfcm0n78han-bind-9.12.1/bin/mdig -h` got 0 exit code
- ran `/nix/store/9i6c9yx3p0gvhphd4ahj8pfcm0n78han-bind-9.12.1/bin/mdig -v` and found version 9.12.1
- ran `/nix/store/9i6c9yx3p0gvhphd4ahj8pfcm0n78han-bind-9.12.1/bin/ddns-confgen -h` got 0 exit code
- ran `/nix/store/9i6c9yx3p0gvhphd4ahj8pfcm0n78han-bind-9.12.1/bin/dnssec-cds -V` and found version 9.12.1
- ran `/nix/store/9i6c9yx3p0gvhphd4ahj8pfcm0n78han-bind-9.12.1/bin/dnssec-dsfromkey -V` and found version 9.12.1
- ran `/nix/store/9i6c9yx3p0gvhphd4ahj8pfcm0n78han-bind-9.12.1/bin/dnssec-importkey -V` and found version 9.12.1
- ran `/nix/store/9i6c9yx3p0gvhphd4ahj8pfcm0n78han-bind-9.12.1/bin/dnssec-keyfromlabel -V` and found version 9.12.1
- ran `/nix/store/9i6c9yx3p0gvhphd4ahj8pfcm0n78han-bind-9.12.1/bin/dnssec-keygen -V` and found version 9.12.1
- ran `/nix/store/9i6c9yx3p0gvhphd4ahj8pfcm0n78han-bind-9.12.1/bin/dnssec-revoke -V` and found version 9.12.1
- ran `/nix/store/9i6c9yx3p0gvhphd4ahj8pfcm0n78han-bind-9.12.1/bin/dnssec-settime -V` and found version 9.12.1
- ran `/nix/store/9i6c9yx3p0gvhphd4ahj8pfcm0n78han-bind-9.12.1/bin/dnssec-signzone -h` got 0 exit code
- ran `/nix/store/9i6c9yx3p0gvhphd4ahj8pfcm0n78han-bind-9.12.1/bin/dnssec-signzone --help` got 0 exit code
- ran `/nix/store/9i6c9yx3p0gvhphd4ahj8pfcm0n78han-bind-9.12.1/bin/dnssec-signzone -V` and found version 9.12.1
- ran `/nix/store/9i6c9yx3p0gvhphd4ahj8pfcm0n78han-bind-9.12.1/bin/dnssec-signzone -v` and found version 9.12.1
- ran `/nix/store/9i6c9yx3p0gvhphd4ahj8pfcm0n78han-bind-9.12.1/bin/dnssec-signzone --version` and found version 9.12.1
- ran `/nix/store/9i6c9yx3p0gvhphd4ahj8pfcm0n78han-bind-9.12.1/bin/dnssec-signzone -h` and found version 9.12.1
- ran `/nix/store/9i6c9yx3p0gvhphd4ahj8pfcm0n78han-bind-9.12.1/bin/dnssec-signzone --help` and found version 9.12.1
- ran `/nix/store/9i6c9yx3p0gvhphd4ahj8pfcm0n78han-bind-9.12.1/bin/dnssec-verify -h` got 0 exit code
- ran `/nix/store/9i6c9yx3p0gvhphd4ahj8pfcm0n78han-bind-9.12.1/bin/dnssec-verify --help` got 0 exit code
- ran `/nix/store/9i6c9yx3p0gvhphd4ahj8pfcm0n78han-bind-9.12.1/bin/dnssec-verify -V` and found version 9.12.1
- ran `/nix/store/9i6c9yx3p0gvhphd4ahj8pfcm0n78han-bind-9.12.1/bin/dnssec-verify -v` and found version 9.12.1
- ran `/nix/store/9i6c9yx3p0gvhphd4ahj8pfcm0n78han-bind-9.12.1/bin/dnssec-verify --version` and found version 9.12.1
- ran `/nix/store/9i6c9yx3p0gvhphd4ahj8pfcm0n78han-bind-9.12.1/bin/dnssec-verify -h` and found version 9.12.1
- ran `/nix/store/9i6c9yx3p0gvhphd4ahj8pfcm0n78han-bind-9.12.1/bin/dnssec-verify --help` and found version 9.12.1
- ran `/nix/store/9i6c9yx3p0gvhphd4ahj8pfcm0n78han-bind-9.12.1/bin/named -V` and found version 9.12.1
- ran `/nix/store/9i6c9yx3p0gvhphd4ahj8pfcm0n78han-bind-9.12.1/bin/named -v` and found version 9.12.1
- ran `/nix/store/9i6c9yx3p0gvhphd4ahj8pfcm0n78han-bind-9.12.1/bin/named-checkconf -v` and found version 9.12.1
- ran `/nix/store/9i6c9yx3p0gvhphd4ahj8pfcm0n78han-bind-9.12.1/bin/named-checkzone -v` and found version 9.12.1
- ran `/nix/store/9i6c9yx3p0gvhphd4ahj8pfcm0n78han-bind-9.12.1/bin/rndc -h` got 0 exit code
- ran `/nix/store/9i6c9yx3p0gvhphd4ahj8pfcm0n78han-bind-9.12.1/bin/rndc -h` and found version 9.12.1
- ran `/nix/store/9i6c9yx3p0gvhphd4ahj8pfcm0n78han-bind-9.12.1/bin/rndc-confgen -h` got 0 exit code
- ran `/nix/store/9i6c9yx3p0gvhphd4ahj8pfcm0n78han-bind-9.12.1/bin/rndc-confgen -h` and found version 9.12.1
- found 9.12.1 with grep in /nix/store/9i6c9yx3p0gvhphd4ahj8pfcm0n78han-bind-9.12.1
- directory tree listing: https://gist.github.com/e9daefd05b7c96cd83a144018a3b6aaf
|
|
|
|
|
|
|
|
|
|
|
|
& CVE-2017-3140)
For more details see [1].
[1] http://ftp.isc.org/isc/bind9/9.11.2-P1/RELEASE-NOTES-bind-9.11.2-P1.html
|
|
Autodetected by default (so should be disabled) but avoid finding a
broken system version.
|
|
|
|
|
|
* pkgs: refactor needless quoting of homepage meta attribute
A lot of packages are needlessly quoting the homepage meta attribute
(about 1400, 22%), this commit refactors all of those instances.
* pkgs: Fixing some links that were wrongfully unquoted in the previous
commit
* Fixed some instances
|
|
See: https://kb.isc.org/article/AA-01522
Fixes: CVE-2017-3140 CVE-2017-3141 CVE-2017-3142 CVE-2017-3143
|
|
|
|
|
|
|
|
|
|
Fixes #25645 & #23431.
|
|
Fixes #10728, closes #22989.
The dnsutils output got ~60kiB bigger, and I see no extra runtime deps.
|
|
See https://kb.isc.org/article/AA-01453.
cc #22549
|
|
CVE-2016-9778)
|
|
Using outputsToInstall the intended behaviour of including host and dnsutils
when bind is installed can be implemented instead of using symlinks to fix
installing all outputs individually with nix-env.
Fixes #19761.
|
|
|
|
|
|
The list of permitted syscalls in the seccomp sandbox is only defined
for x86. It fails to build otherwise:
````
In file included from /tmp/nix-build-bind-9.10.4-P3.drv-0/bind-9.10.4-P3/lib/isc/include/isc/magic.h:23:0,
from /tmp/nix-build-bind-9.10.4-P3.drv-0/bind-9.10.4-P3/lib/isc/include/isc/app.h:89,
from ./main.c:26:
./main.c: In function 'setup_seccomp':
./main.c:848:17: error: 'scmp_syscalls' undeclared (first use in this function)
INSIST((sizeof(scmp_syscalls) / sizeof(int)) ==
````
|
|
These tools are commonly used but don't require the other bind binaries.
Bind's libs are used, so they've also been split into an extra output.
The old version of host isn't maintained anymore and was removed From Debian
back in 2009: https://packages.qa.debian.org/h/host.html
|
|
|
|
|
|
|
|
|
|
|
|
Make either 'bin' or 'out' the first output.
|
|
This is a rebase of most commits from #14766,
resolving conflicts and a few other evaluation problems.
|
|
|
|
Avoids reference to the OpenSSL development headers.
|
|
|
|
A patch is needed to make bind not print its configure flags on
'named -V'.
|
|
Issue #15279 reports:
````
Checking for OpenSSL library... using OpenSSL from /nix/store/c6kijfc5py2805lmqczvmcws5cm9jg1l-openssl-1.0.2g-dev/lib and /nix/store/c6kijfc5py2805lmqczvmcws5cm9jg1l-openssl-1.0.2g-dev/include
checking whether linking with OpenSSL works... no
configure: error: Could not run test program using OpenSSL from
/nix/store/c6kijfc5py2805lmqczvmcws5cm9jg1l-openssl-1.0.2g-dev/lib and /nix/store/c6kijfc5py2805lmqczvmcws5cm9jg1l-openssl-1.0.2g-dev/include.
Please check the argument to --with-openssl and your
shared library configuration (e.g., LD_LIBRARY_PATH).
builder for ‘/nix/store/54nni99j4ycwws6zfjwcvv8vxsdk895i-bind-9.10.4.drv’ failed with exit code 1
````
|
|
|
|
|
|
Fixes:
* CVE-2016-1285: https://kb.isc.org/article/AA-01352/
* CVE-2016-1286: https://kb.isc.org/article/AA-01353/
|
|
There is no postPatchPhase.
|
|
|
|
|
|
|