New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
knot-resolver: 3.2.1 -> 4.0.0 -> 4.1.0 #59924
Conversation
I don't have the nixos/* changes yet and I expect they would better be merged together, with opportunity to react... so I'm just opening PR for now in case someone wants to try 4.0.0 already. |
https://lists.nic.cz/pipermail/knot-resolver-users/2019/000136.html Similar commit worked fine for me, including the nixos service. I'd like to still improve the service to support easy passing of sockets to http module.
https://lists.nic.cz/pipermail/knot-resolver-users/2019/000189.html Fixes DNS spoofing problems: CVE-2019-10190 CVE-2019-10191 but also minor things, adds new features, etc. In particular aarch64 should work now, at least as long as not using some lua library that suffers from the same problem with lightuserdata, e.g. cqueues does suffer from this.
@GrahamcOfBorg build knot-resolver |
Well, the |
Are the security fixes also relevant to 19.03? |
@ajs124: yes, they are. I had tested this, so you can apply that immediately in case you really hurry. I might resolve one of the less important FIXMEs in the meantime (today or tomorrow).
|
Backported and it got into channels, too. |
Nice, thanks! |
https://lists.nic.cz/pipermail/knot-resolver-users/2019/000136.html
Works fine for me (as of the 4.0.0 commit), including the nixos service. Still, I'd like to improve the service to support easy passing of sockets to http module.
Motivation for this change
Things done
sandbox
innix.conf
on non-NixOS)nix-shell -p nix-review --run "nix-review wip"
./result/bin/
)nix path-info -S
before and after):