Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: NixOS/nixpkgs
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: b5d622a7cdf2
Choose a base ref
...
head repository: NixOS/nixpkgs
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: 9712027d46df
Choose a head ref
  • 3 commits
  • 2 files changed
  • 1 contributor

Commits on May 23, 2020

  1. bind: 9.14.11 -> 9.14.12 (security, PR #88159) 

    https://www.isc.org/blogs/bind9-vulnerabilities-2020-05/
$ nix build -f nixos/release.nix tests.bind.x86_64-linux

(cherry picked from commit 13c485d)
    @vcunat
    vcunat committed May 23, 2020
    Copy the full SHA
    0b473aa View commit details

  2. knot-resolver: 5.0.1 -> 5.1.0 

    https://gitlab.labs.nic.cz/knot/knot-resolver/-/tags/v5.1.0

The upcoming major version will contain reworked
hints/policy/prefill/rebinding/view modules and related functionalities.
Please participate in the following survey to ensure we do not forget
about your particular use-case:
https://www.knot-resolver.cz/survey/
It will help us to improve Knot Resolver. Thank you!

(cherry picked from commit 26d3ae2)
This is needed for the followup security bump.
    @vcunat
    vcunat committed May 23, 2020
    Copy the full SHA
    05fe963 View commit details

  3. knot-resolver: 5.1.0 -> 5.1.1 (security, PR #88159) 

    https://en.blog.nic.cz/2020/05/19/nxnsattack-upgrade-resolvers-to-stop-new-kind-of-random-subdomain-attack/
(cherry picked from commit d0d9090)
    @vcunat
    vcunat committed May 23, 2020
    Copy the full SHA
    9712027 View commit details
Showing with 4 additions and 12 deletions.
  1. +2 −2 pkgs/servers/dns/bind/default.nix
  2. +2 −10 pkgs/servers/dns/knot-resolver/default.nix
4 changes: 2 additions & 2 deletions pkgs/servers/dns/bind/default.nix
View file
Original file line number Diff line number Diff line change
@@ -10,11 +10,11 @@ assert enablePython -> python3 != null;

stdenv.mkDerivation rec {
pname = "bind";
version = "9.14.11";
version = "9.14.12";

src = fetchurl {
url = "https://ftp.isc.org/isc/bind9/${version}/${pname}-${version}.tar.gz";
sha256 = "1v4y9308w0gd98gjzni4cgxmh8g1s37lbnnkyhsn70xs3xki5b4c";
sha256 = "1j7ldvdschmvzxrbajjhmdsl2iqxc1lm64vk0a5sdykxpy9y8kcw";
};

outputs = [ "out" "lib" "dev" "man" "dnsutils" "host" ];
12 changes: 2 additions & 10 deletions pkgs/servers/dns/knot-resolver/default.nix
View file
Original file line number Diff line number Diff line change
@@ -16,21 +16,13 @@ lua = luajitPackages;

unwrapped = stdenv.mkDerivation rec {
pname = "knot-resolver";
version = "5.0.1";
version = "5.1.1";

src = fetchurl {
url = "https://secure.nic.cz/files/knot-resolver/${pname}-${version}.tar.xz";
sha256 = "4a93264ad0cda7ea2252d1ba057e474722f77848165f2893e0c76e21ae406415";
sha256 = "f72214046df8aae2b1a5c6d1ad0bc8b166aa060df5b008f6e88b4f6ba79cbf4e";
};

patches = [
(fetchpatch { # merged to upstream master, remove on update
name = "zfs-cpu-usage.diff";
url = "https://gitlab.labs.nic.cz/knot/knot-resolver/merge_requests/946.diff";
sha256 = "0mcvx4pfnl19h6zrv2fcgxdjarqzczn2dz85sylcczsfvdmn6i5m";
})
];

outputs = [ "out" "dev" ];

# Path fixups for the NixOS service.