From ee4fc39aa7bdfd2eebf88c76cb782210efaf9e12 Mon Sep 17 00:00:00 2001 From: Will Dietz Date: Fri, 17 May 2019 02:59:53 -0500 Subject: [PATCH] bind: 9.12.4-P1 -> 9.14.2 9.12 is EOL as of May 2019. 9.14.2 release notes (which appear to extend those for 9.14.1): https://ftp.isc.org/isc/bind9/9.14.2/RELEASE-NOTES-bind-9.14.2.html Please check the security fixes and prioritize this as appropriate. --- pkgs/servers/dns/bind/default.nix | 20 +++++--------- .../dns/bind/dont-keep-configure-flags.patch | 26 +++++++++---------- 2 files changed, 19 insertions(+), 27 deletions(-) diff --git a/pkgs/servers/dns/bind/default.nix b/pkgs/servers/dns/bind/default.nix index 068834140048..9ce85032c8de 100644 --- a/pkgs/servers/dns/bind/default.nix +++ b/pkgs/servers/dns/bind/default.nix @@ -8,30 +8,22 @@ assert enableSeccomp -> libseccomp != null; assert enablePython -> python3 != null; -let version = "9.12.4-P1"; in +let version = "9.14.2"; in stdenv.mkDerivation rec { name = "bind-${version}"; src = fetchurl { url = "https://ftp.isc.org/isc/bind9/${version}/${name}.tar.gz"; - sha256 = "1if7zc5gzrfd28csc63v9bjwrc0rgvm1x9yx058946hc5gp5lyp2"; + sha256 = "033zqajnj5ys45g899132xkhh9f0hsh76ffv7302wl166xbjfh0f"; }; outputs = [ "out" "lib" "dev" "man" "dnsutils" "host" ]; - patches = [ ./dont-keep-configure-flags.patch ./remove-mkdir-var.patch ] ++ - [ - # Workaround for missing atomic operations on aarch64. Upstream added the - # below patch after the release. Can probably be dropped with the next - # version. - (fetchpatch { - name = "client-atomics-as-refcount.patch"; - url = https://gitlab.isc.org/isc-projects/bind9/commit/d72f436b7d7c697b262968c48c2d7643069ab17f.diff; - sha256 = "0sidlab9wcv21751fbq3h9m4wy6hk7frag9ar2jndw8rn3axr2qy"; - }) - ] ++ - stdenv.lib.optional stdenv.isDarwin ./darwin-openssl-linking-fix.patch; + patches = [ + ./dont-keep-configure-flags.patch + ./remove-mkdir-var.patch + ] ++ stdenv.lib.optional stdenv.isDarwin ./darwin-openssl-linking-fix.patch; nativeBuildInputs = [ perl ]; buildInputs = [ libtool libxml2 openssl ] diff --git a/pkgs/servers/dns/bind/dont-keep-configure-flags.patch b/pkgs/servers/dns/bind/dont-keep-configure-flags.patch index 5a934056d13d..17fdb15ad460 100644 --- a/pkgs/servers/dns/bind/dont-keep-configure-flags.patch +++ b/pkgs/servers/dns/bind/dont-keep-configure-flags.patch @@ -1,8 +1,8 @@ diff --git a/bin/named/include/named/globals.h b/bin/named/include/named/globals.h -index 388dc97..3c6135c 100644 +index b8e356b..cbe6c94 100644 --- a/bin/named/include/named/globals.h +++ b/bin/named/include/named/globals.h -@@ -65,7 +65,9 @@ EXTERN const char * named_g_version INIT(VERSION); +@@ -68,7 +68,9 @@ EXTERN const char * named_g_version INIT(VERSION); EXTERN const char * named_g_product INIT(PRODUCT); EXTERN const char * named_g_description INIT(DESCRIPTION); EXTERN const char * named_g_srcid INIT(SRCID); @@ -13,21 +13,21 @@ index 388dc97..3c6135c 100644 EXTERN in_port_t named_g_port INIT(0); EXTERN isc_dscp_t named_g_dscp INIT(-1); diff --git a/bin/named/main.c b/bin/named/main.c -index 4fb0566..60d56cd 100644 +index 62d9ce3..342abdc 100644 --- a/bin/named/main.c +++ b/bin/named/main.c -@@ -672,8 +672,10 @@ parse_command_line(int argc, char *argv[]) { - (*named_g_description != '\0') ? " " : "", - named_g_description, named_g_srcid); - printf("running on %s\n", named_os_uname()); -+ #if 0 - printf("built by %s with %s\n", - named_g_builder, named_g_configargs); -+ #endif +@@ -459,8 +459,10 @@ printversion(bool verbose) { + } + + printf("running on %s\n", named_os_uname()); ++#if 0 + printf("built by %s with %s\n", + named_g_builder, named_g_configargs); ++#endif #ifdef __clang__ - printf("compiled by CLANG %s\n", __VERSION__); + printf("compiled by CLANG %s\n", __VERSION__); #else -@@ -1075,9 +1077,11 @@ setup(void) { +@@ -1001,9 +1003,11 @@ setup(void) { NAMED_LOGMODULE_MAIN, ISC_LOG_NOTICE, "running on %s", named_os_uname());