Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

knot-resolver: 3.2.1 -> 4.0.0 -> 4.1.0 #59924

Merged
merged 3 commits into from Jul 12, 2019
Merged

knot-resolver: 3.2.1 -> 4.0.0 -> 4.1.0 #59924

merged 3 commits into from Jul 12, 2019

Conversation

vcunat
Copy link
Member

@vcunat vcunat commented Apr 20, 2019
edited

https://lists.nic.cz/pipermail/knot-resolver-users/2019/000136.html

Works fine for me (as of the 4.0.0 commit), including the nixos service. Still, I'd like to improve the service to support easy passing of sockets to http module.

Motivation for this change
Things done
  • Tested using sandboxing (nix.useSandbox on NixOS, or option sandbox in nix.conf on non-NixOS)
  • Built on platform(s)
    • NixOS
    • macOS
    • other Linux distributions
  • N/A Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
  • N/A Tested compilation of all pkgs that depend on this change using nix-shell -p nix-review --run "nix-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • Determined the impact on package closure size (by running nix path-info -S before and after):
    • no changes in runtime dependencies
    • a few KiB changes in the package itself
  • N/A Assured whether relevant documentation is up to date
  • Fits CONTRIBUTING.md.

@vcunat
Copy link
Member Author

vcunat commented Apr 20, 2019

I don't have the nixos/* changes yet and I expect they would better be merged together, with opportunity to react... so I'm just opening PR for now in case someone wants to try 4.0.0 already.

@vcunat
knot-resolver: 3.2.1 -> 4.0.0
9efdd2e 
https://lists.nic.cz/pipermail/knot-resolver-users/2019/000136.html

Similar commit worked fine for me, including the nixos service.
I'd like to still improve the service to support easy passing of sockets
to http module.
@vcunat
knot-resolver: 4.0.0 -> 4.1.0 (security)
f15625a 
https://lists.nic.cz/pipermail/knot-resolver-users/2019/000189.html
Fixes DNS spoofing problems: CVE-2019-10190 CVE-2019-10191
but also minor things, adds new features, etc.
In particular aarch64 should work now, at least as long as not using
some lua library that suffers from the same problem with lightuserdata,
e.g. cqueues does suffer from this.
@vcunat vcunat changed the title knot-resolver: 3.2.1 -> 4.0.0 knot-resolver: 3.2.1 -> 4.0.0 -> 4.1.0 Jul 10, 2019
@vcunat vcunat marked this pull request as ready for review July 10, 2019 16:30
@vcunat
Copy link
Member Author

vcunat commented Jul 10, 2019

@GrahamcOfBorg build knot-resolver

@teto teto merged commit 75369ad into NixOS:master Jul 12, 2019
@vcunat
Copy link
Member Author

vcunat commented Jul 12, 2019
edited

Well, the nixos/* changes don't hurry and the new security fixes do, so no more waiting. (I pushed to master myself, only GitHub mis-detects as usual.)

@vcunat vcunat deleted the p/knot-majors branch July 12, 2019 07:18
vcunat added a commit that referenced this pull request Jul 12, 2019
@vcunat
Merge #59924: knot-resolver: 3.2.1 -> 4.1.0 (security)
2c3f187
@ajs124
Copy link
Member

ajs124 commented Jul 12, 2019

Are the security fixes also relevant to 19.03?

@vcunat
Copy link
Member Author

vcunat commented Jul 12, 2019
edited

@ajs124: yes, they are. I had tested this, so you can apply that immediately in case you really hurry. I might resolve one of the less important FIXMEs in the meantime (today or tomorrow).

I'm really sorry to pull a "major" update, but the upcoming security fixes are rather hard to backport correctly. Please contact me in case you run into problems when upgrading.

@vcunat
Copy link
Member Author

vcunat commented Jul 12, 2019

Backported and it got into channels, too.

@ajs124
Copy link
Member

ajs124 commented Jul 12, 2019

Nice, thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
1.severity: security 6.topic: nixos 8.has: module (update) 8.has: package (new) 10.rebuild-darwin: 1-10 10.rebuild-linux: 1-10 11.by: package-maintainer
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@vcunat @ajs124 @teto @GrahamcOfBorg