Commit graph

85 commits

Author SHA1 Message Date
Andreas Rammhold
6edbb14e81
unbound: remove references to compile-time dependencies in outputs
Previously unbound dev dependencies would leak into the unbound binary
through the embedded configure flags string in the binary.

Before this commit `unbound -V` would list something like this:

> Version 1.13.1
> Configure line: --disable-static --prefix=/nix/store/1892sms7ciiki99jra4qhmwysaipv1qz-unbound-1.13.1 --bindir=/nix/store/1892sms7ciiki99jra4qhmwysaipv1qz-unbound-1.13.1/bin --sbindir=/nix/store/1892sms7ciiki99jra4qhmwysaipv1qz-unbound-1.13.1/sbin --includedir=/nix/store/1892sms7ciiki99jra4qhmwysaipv1qz-unbound-1.13.1/include --oldincludedir=/nix/store/1892sms7ciiki99jra4qhmwysaipv1qz-unbound-1.13.1/include --mandir=/nix/store/n4kgsi87dxjm2ifpllh31grfcg7q3n8x-unbound-1.13.1-man/share/man --infodir=/nix/store/1892sms7ciiki99jra4qhmwysaipv1qz-unbound-1.13.1/share/info --docdir=/nix/store/1892sms7ciiki99jra4qhmwysaipv1qz-unbound-1.13.1/share/doc/unbound --libdir=/nix/store/ncpggv4bmdh22y6108qrdvnid6rqamlz-unbound-1.13.1-lib/lib --libexecdir=/nix/store/ncpggv4bmdh22y6108qrdvnid6rqamlz-unbound-1.13.1-lib/libexec --localedir=/nix/store/ncpggv4bmdh22y6108qrdvnid6rqamlz-unbound-1.13.1-lib/share/locale --with-ssl=/nix/store/dndqy1r8h0kcnd55895czs8lrpv8xqf4-openssl-1.1.1k-dev --with-libexpat=/nix/store/x5kjng6iha7kcdm3p12fxfvzg09wizwc-expat-2.2.10-dev --with-libevent=/nix/store/89i6mpzp1n866i86y07pxka1a58v4s1a-libevent-2.1.12-dev --localstatedir=/var --sysconfdir=/etc --sbindir=${out}/bin --with-rootkey-file=/nix/store/gyz4nxg9s1faqkhaqbasdxzldm8zial8-dns-root-data-2019-01-11/root.key --enable-pie --enable-relro-now
> Linked libs: libevent 2.1.12-stable (it uses epoll), OpenSSL 1.1.1k  25 Mar 2021
> Linked modules: dns64 respip validator iterator

After this commit:

> Version 1.13.1
> Configure line: --disable-static --prefix=/nix/store/eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee-unbound-1.13.1 --bindir=/nix/store/eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee-unbound-1.13.1/bin --sbindir=/nix/store/eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee-unbound-1.13.1/sbin --includedir=/nix/store/eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee-unbound-1.13.1/include --oldincludedir=/nix/store/eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee-unbound-1.13.1/include --mandir=/nix/store/eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee-unbound-1.13.1-man/share/man --infodir=/nix/store/eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee-unbound-1.13.1/share/info --docdir=/nix/store/eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee-unbound-1.13.1/share/doc/unbound --libdir=/nix/store/eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee-unbound-1.13.1-lib/lib --libexecdir=/nix/store/eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee-unbound-1.13.1-lib/libexec --localedir=/nix/store/eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee-unbound-1.13.1-lib/share/locale --with-ssl=/nix/store/eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee-openssl-1.1.1k-dev --with-libexpat=/nix/store/eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee-expat-2.2.10-dev --with-libevent=/nix/store/eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee-libevent-2.1.12-dev --localstatedir=/var --sysconfdir=/etc --sbindir=${out}/bin --with-rootkey-file=/nix/store/eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee-dns-root-data-2019-01-11/root.key --enable-pie --enable-relro-now
> Linked libs: libevent 2.1.12-stable (it uses epoll), OpenSSL 1.1.1k  25 Mar 2021
> Linked modules: dns64 respip validator iterator

Notice: All the paths are now invalid and thus do not produce a
reference in the output binaries.

This removes a total of 2MiB from the closure of unbound.
2021-06-02 01:56:46 +02:00
Sandro Jäckel
ac309027ab
unbound: wrap unbound-control-setup with openssl 2021-04-24 10:26:40 +02:00
R. RyanTM
a24b40bd40 unbound: 1.13.0 -> 1.13.1 2021-03-20 09:22:21 +01:00
Daniel Nagy
a40f86e390 unbound: optionally support DNS-over-HTTPS
unbound can be used as a DNS-over-HTTPS (DoH) server.

This is a blog post introducing the feature:

https://www.nlnetlabs.nl/news/2020/Oct/08/unbound-1.12.0-released/
2021-02-25 18:37:57 -05:00
Ben Siraphob
8c5d37129f pkgs/tools: stdenv.lib -> lib 2021-01-15 17:12:36 +07:00
Profpatsch
4a7f99d55d treewide: with stdenv.lib; in meta -> with lib;
Part of: https://github.com/NixOS/nixpkgs/issues/108938

meta = with stdenv.lib;

is a widely used pattern. We want to slowly remove
the `stdenv.lib` indirection and encourage people
to use `lib` directly. Thus let’s start with the meta
field.

This used a rewriting script to mostly automatically
replace all occurances of this pattern, and add the
`lib` argument to the package header if it doesn’t
exist yet.

The script in its current form is available at
https://cs.tvl.fyi/depot@2f807d7f141068d2d60676a89213eaa5353ca6e0/-/blob/users/Profpatsch/nixpkgs-rewriter/default.nix
2021-01-11 10:38:22 +01:00
Martin Weinelt
e8959c4660 unbound: 1.12.0 -> 1.13.0
https://lists.nlnetlabs.nl/pipermail/unbound-users/2020-December/007102.html

Fixes: CVE-2020-28935
2020-12-08 05:22:41 +01:00
Ninjatrappeur
5f5d38e88f
Merge pull request #101218 from andir/unbound-systemd 2020-11-08 16:55:29 +01:00
Andreas Rammhold
c07ce093ec
unbound: allow building with systemd support
Systemd has to remain an optional (non-default) dependency as otherwise
we will have an unpleasant bootstrap cycle. Most (if not all) of the
(lib)unbound consumers will likely not care about unbound's systemd
integration that only affects the daemon mode, anyway.
2020-11-03 13:15:53 +01:00
Vladimír Čunát
89023c38fc
Recover the complicated situation after my bad merge
I made a mistake merge.  Reverting it in c778945806 undid the state
on master, but now I realize it crippled the git merge mechanism.
As the merge contained a mix of commits from `master..staging-next`
and other commits from `staging-next..staging`, it got the
`staging-next` branch into a state that was difficult to recover.

I reconstructed the "desired" state of staging-next tree by:
 - checking out the last commit of the problematic range: 4effe769e2
 - `git rebase -i --preserve-merges a8a018ddc0` - dropping the mistaken
   merge commit and its revert from that range (while keeping
   reapplication from 4effe769e2)
 - merging the last unaffected staging-next commit (803ca85c20)
 - fortunately no other commits have been pushed to staging-next yet
 - applying a diff on staging-next to get it into that state
2020-10-26 09:01:04 +01:00
Vladimír Čunát
c778945806
Revert "Merge #101508: libraw: 0.20.0 -> 0.20.2"
I'm sorry; I didn't notice it contained staging commits.

This reverts commit 17f5305b6c, reversing
changes made to a8a018ddc0.
2020-10-25 09:41:51 +01:00
Martin Weinelt
7d2a6beb6d
unbound: 1.11.0 -> 1.12.0 2020-10-09 00:46:40 +02:00
Frederik Rietdijk
377242d587 Merge staging-next into staging 2020-09-03 19:21:10 +02:00
Arthur Gautier
cc1920a109
unbound: disable lto on static builds (PR #96020)
Signed-off-by: Arthur Gautier <baloo@superbaloo.net>

Amended by vcunat (isMusl != isStatic).
https://github.com/NixOS/nixpkgs/pull/96223#issuecomment-681204478
2020-09-01 08:49:31 +02:00
Vladimír Čunát
848a3a4d4a
Revert "unbound: fix build with nettle-3.5"
This reverts commit 96d65875f8.
The fix has been upstreamed a long time ago.
2020-08-29 07:47:41 +02:00
R. RyanTM
73cd1efe6d unbound: 1.10.1 -> 1.11.0 2020-08-02 22:43:22 +02:00
Vladimír Čunát
73390e3349
unbound: 1.10.0 -> 1.10.1 (security)
https://www.nlnetlabs.nl/news/2020/May/19/unbound-1.10.1-released/
It fixes DoS CVEs; details e.g. on http://www.nxnsattack.com/

On each Linux platform this should be around 8k rebuilds,
so as a compromise I'm pushing to staging-next.
2020-05-19 11:00:51 +02:00
Michael Reilly
84cf00f980
treewide: Per RFC45, remove all unquoted URLs 2020-04-10 17:54:53 +01:00
Michiel Leenaars
2410dbb3c7 Unbound: 1.9.5 -> 1.10.0 2020-03-14 23:32:04 +00:00
Robert Scott
d17ecebcf0 unbound: install headers etc for libevent support as postInstall step 2019-12-15 18:48:53 +01:00
R. RyanTM
335e62b6f3 unbound: 1.9.4 -> 1.9.5 2019-12-01 18:28:50 +01:00
Jan Tojnar
e2e3861d6b
Merge branch 'staging-next' into staging 2019-10-12 00:51:55 +02:00
Linus Heckemann
5aa4b19946 treewide: mark some broken packages as broken
Refs:
e6754980264fe927320d5ff2dbd24ca4fac9a160
1e9cc5b9844ef603fe160e9f671178f96200774f
793a2fe1e8bb886ca2096c5904e1193dc3268b6d
c19cf65261639f749012454932a532aa7c681e4b
f6544d618f30fae0bc4798c4387a8c7c9c047a7c
2019-10-08 17:14:26 +02:00
Vladimír Čunát
dc322c76d6
unbound: 1.9.3 -> 1.9.4
This only fixes CVE-2019-16866 (DoS, minor one IMHO)
https://www.nlnetlabs.nl/projects/unbound/security-advisories/#vulnerability-in-parsing-notify-queries
2019-10-04 09:37:50 +02:00
Vladimír Čunát
96d65875f8
unbound: fix build with nettle-3.5 2019-10-02 20:15:47 +02:00
Michiel Leenaars
44b695a26e
pyunbound: 1.9.0 -> 1.9.3 2019-08-31 07:25:12 -04:00
Michiel Leenaars
ff824dedbc
unbound: 1.9.2 -> 1.9.3 2019-08-31 07:22:44 -04:00
Vladimír Čunát
2e6bf42a22
Merge branch 'master' into staging-next
There ver very many conflicts, basically all due to
name -> pname+version.  Fortunately, almost everything was auto-resolved
by kdiff3, and for now I just fixed up a couple evaluation problems,
as verified by the tarball job.  There might be some fallback to these
conflicts, but I believe it should be minimal.

Hydra nixpkgs: ?compare=1538299
2019-08-24 08:55:37 +02:00
Robin Gloster
4e60b0efae
treewide: update globin's maintained drvs 2019-08-20 19:36:05 +02:00
volth
46420bbaa3 treewide: name -> pname (easy cases) (#66585)
treewide replacement of

stdenv.mkDerivation rec {
  name = "*-${version}";
  version = "*";

to pname
2019-08-15 13:41:18 +01:00
R. RyanTM
f7eee05a22 unbound: 1.9.1 -> 1.9.2
Semi-automatic update generated by
https://github.com/ryantm/nixpkgs-update tools. This update was made
based on information from
https://repology.org/metapackage/unbound/versions
2019-07-03 08:28:23 +02:00
R. RyanTM
2db96ffe49 unbound: 1.9.0 -> 1.9.1
Semi-automatic update generated by
https://github.com/ryantm/nixpkgs-update tools. This update was made
based on information from
https://repology.org/metapackage/unbound/versions
2019-04-16 18:56:09 +02:00
Michiel Leenaars
43bf31eb99 pythonPackages.pyunbound: 1.7.3 -> 1.9.0 2019-03-14 00:50:56 +01:00
R. RyanTM
c84e7d1b6d unbound: 1.8.3 -> 1.9.0
Semi-automatic update generated by
https://github.com/ryantm/nixpkgs-update tools. This update was made
based on information from
https://repology.org/metapackage/unbound/versions
2019-02-15 02:45:27 -08:00
Frederik Rietdijk
0a2caa41fe Python: drop python.majorVersion
Drop `python.majorVersion`. For Python language version, use `python.pythonVersion`.
For implementation version, use `python.sourceVersion`.

Some expressions were broken. Those that were identified were fixed.

fixup major
2019-01-04 10:45:22 +01:00
R. RyanTM
fdfb809a9b unbound: 1.8.1 -> 1.8.3
Semi-automatic update generated by
https://github.com/ryantm/nixpkgs-update tools. This update was made
based on information from
https://repology.org/metapackage/unbound/versions
2018-12-19 09:15:47 +01:00
Tristan Helmich (omniIT)
1bfaa0157e unbound: 1.8.0 -> 1.8.1 2018-10-27 14:04:01 +02:00
R. RyanTM
2d759f2b0a unbound: 1.7.3 -> 1.8.0 (#46938)
Semi-automatic update generated by
https://github.com/ryantm/nixpkgs-update tools. This update was made
based on information from
https://repology.org/metapackage/unbound/versions
2018-10-03 00:44:42 +02:00
R. RyanTM
9d460f0051 python27Packages.pyunbound: 1.6.0 -> 1.7.3 (#42952)
Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools.

This update was made based on information from https://repology.org/metapackage/pyunbound/versions.

These checks were done:

- built on NixOS

- 0 of 0 passed binary check by having a zero exit code.
- 0 of 0 passed binary check by having the new version present in output.
- found 1.7.3 with grep in /nix/store/1m9fiqaz72ry8jkwgw52v3wv1n5pgx0l-pyunbound-1.7.3
- directory tree listing: https://gist.github.com/2a7b7a3d8411e63dec56620537e2d00f
- du listing: https://gist.github.com/82633a34688c0630480a740b7562ac4c
2018-07-04 16:28:02 +02:00
Vladimír Čunát
f769004e5b
unbound: 1.7.2 -> 1.7.3
The NEWS seems safe.

My motivation: fixes resolution of some Microsoft names if using
qname-minimisation: yes
2018-06-21 13:55:32 +02:00
Yegor Timoshenko
d04444295c
Merge pull request #41933 from r-ryantm/auto-update/unbound
unbound: 1.7.1 -> 1.7.2
2018-06-15 01:53:26 +00:00
R. RyanTM
94d678d9b3 unbound: 1.7.1 -> 1.7.2
Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools.

This update was made based on information from https://repology.org/metapackage/unbound/versions.

These checks were done:

- built on NixOS
- Warning: no invocation of /nix/store/pka3ii26dp5xsxi7xs2rx3laxca2bv9l-unbound-1.7.2/bin/unbound had a zero exit code or showed the expected version
- Warning: no invocation of /nix/store/pka3ii26dp5xsxi7xs2rx3laxca2bv9l-unbound-1.7.2/bin/unbound-checkconf had a zero exit code or showed the expected version
- Warning: no invocation of /nix/store/pka3ii26dp5xsxi7xs2rx3laxca2bv9l-unbound-1.7.2/bin/unbound-control had a zero exit code or showed the expected version
- /nix/store/pka3ii26dp5xsxi7xs2rx3laxca2bv9l-unbound-1.7.2/bin/unbound-host passed the binary check.
- Warning: no invocation of /nix/store/pka3ii26dp5xsxi7xs2rx3laxca2bv9l-unbound-1.7.2/bin/unbound-anchor had a zero exit code or showed the expected version
- Warning: no invocation of /nix/store/pka3ii26dp5xsxi7xs2rx3laxca2bv9l-unbound-1.7.2/bin/unbound-control-setup had a zero exit code or showed the expected version
- 1 of 6 passed binary check by having a zero exit code.
- 0 of 6 passed binary check by having the new version present in output.
- found 1.7.2 with grep in /nix/store/pka3ii26dp5xsxi7xs2rx3laxca2bv9l-unbound-1.7.2
- directory tree listing: https://gist.github.com/24f2136689bd3209095feb3b71734811
- du listing: https://gist.github.com/9efb5b527b161e93a47f0237c7d556a8
2018-06-13 08:56:56 -07:00
Matthew Bauer
e93a8cba4a unbound: also replace -R in libunbound.la
This was increasing closure sizes as well.
2018-06-09 13:00:50 -04:00
R. RyanTM
64bb57972c unbound: 1.7.0 -> 1.7.1
Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools.

This update was made based on information from https://repology.org/metapackage/unbound/versions.

These checks were done:

- built on NixOS
- ran ‘/nix/store/456crrnsgkrbicb54bwrwwl76n2645gq-unbound-1.7.1/bin/unbound-host help’ got 0 exit code
- found 1.7.1 with grep in /nix/store/456crrnsgkrbicb54bwrwwl76n2645gq-unbound-1.7.1
- directory tree listing: https://gist.github.com/ab82a0d52e5fd8bda918bbdaa6ce7609
2018-05-06 20:13:16 -07:00
Ryan Mulligan
955898a05f unbound: 1.6.8 -> 1.7.0
Semi-automatic update generated by https://github.com/ryantm/nix-update tools. These checks were done:

- built on NixOS
- ran `/nix/store/p36fksfjzi9715cgx8s3kmngy51qfjki-unbound-1.7.0/bin/unbound-host help` got 0 exit code
- found 1.7.0 with grep in /nix/store/p36fksfjzi9715cgx8s3kmngy51qfjki-unbound-1.7.0
- directory tree listing: https://gist.github.com/bb22fcb9572c54b0464c82405bf26b56
2018-03-18 12:24:54 -07:00
Will Dietz
5d3af42250 unbound: don't build twice w/musl, second time fails :( 2018-02-13 09:44:50 -06:00
Dmitry Moskowski
baa23aa2fc
unbound: 1.6.7 -> 1.6.8
Fixes CVE-2017-15105
2018-01-21 19:09:27 +00:00
adisbladis
2da692dfc1 unbound: 1.6.6 -> 1.6.7 2017-10-28 10:29:17 +02:00
Joachim Fasting
c41af35c04
unbound: 1.6.5 -> 1.6.6 2017-09-20 22:23:05 +02:00
Franz Pletz
0f043d497d
unbound: 1.6.4 -> 1.6.5 2017-08-28 19:49:43 +02:00