From 6bf49e3777859714e14e187a88f00b3a23ce2147 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Vladim=C3=ADr=20=C4=8Cun=C3=A1t?= <v@cunat.cz>
Date: Tue, 19 May 2020 11:16:14 +0200
Subject: [PATCH 1/3] pdns-recursor: 4.3.0 -> 4.3.1 (security)

https://doc.powerdns.com/recursor/changelog/4.3.html#change-4.3.1
It fixes DoS CVEs; details e.g. on http://www.nxnsattack.com/

$ nix build -f nixos/release.nix tests.pdns-recursor.x86_64-linux
---
 pkgs/servers/dns/pdns-recursor/default.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pkgs/servers/dns/pdns-recursor/default.nix b/pkgs/servers/dns/pdns-recursor/default.nix
index 7d6fa7d9c91..10a18ab1d45 100644
--- a/pkgs/servers/dns/pdns-recursor/default.nix
+++ b/pkgs/servers/dns/pdns-recursor/default.nix
@@ -8,11 +8,11 @@ with stdenv.lib;
 
 stdenv.mkDerivation rec {
   pname = "pdns-recursor";
-  version = "4.3.0";
+  version = "4.3.1";
 
   src = fetchurl {
     url = "https://downloads.powerdns.com/releases/pdns-recursor-${version}.tar.bz2";
-    sha256 = "13v2iah7z10wc43v9agcjrzi3wds4jna8f0b7ph35nyzhzr31h9b";
+    sha256 = "1n9gymis0h1grgg63ig3kk9cb27ayy1w6s8hcn8n4g5dzi90h8sl";
   };
 
   nativeBuildInputs = [ pkgconfig ];

From 13c485d63da8c7fa6a705dc0f4bbd42313beee6c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Vladim=C3=ADr=20=C4=8Cun=C3=A1t?= <v@cunat.cz>
Date: Tue, 19 May 2020 11:21:25 +0200
Subject: [PATCH 2/3] bind: 9.14.11 -> 9.14.12 (security)

https://www.isc.org/blogs/bind9-vulnerabilities-2020-05/
$ nix build -f nixos/release.nix tests.bind.x86_64-linux
---
 pkgs/servers/dns/bind/default.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pkgs/servers/dns/bind/default.nix b/pkgs/servers/dns/bind/default.nix
index b641699c733..a7581ccbb11 100644
--- a/pkgs/servers/dns/bind/default.nix
+++ b/pkgs/servers/dns/bind/default.nix
@@ -10,11 +10,11 @@ assert enablePython -> python3 != null;
 
 stdenv.mkDerivation rec {
   pname = "bind";
-  version = "9.14.11";
+  version = "9.14.12";
 
   src = fetchurl {
     url = "https://ftp.isc.org/isc/bind9/${version}/${pname}-${version}.tar.gz";
-    sha256 = "1v4y9308w0gd98gjzni4cgxmh8g1s37lbnnkyhsn70xs3xki5b4c";
+    sha256 = "1j7ldvdschmvzxrbajjhmdsl2iqxc1lm64vk0a5sdykxpy9y8kcw";
   };
 
   outputs = [ "out" "lib" "dev" "man" "dnsutils" "host" ];

From d0d90908c8cf99f09be227b339c8369a0888054d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Vladim=C3=ADr=20=C4=8Cun=C3=A1t?= <v@cunat.cz>
Date: Tue, 19 May 2020 11:29:33 +0200
Subject: [PATCH 3/3] knot-resolver: 5.1.0 -> 5.1.1 (security)

https://en.blog.nic.cz/2020/05/19/nxnsattack-upgrade-resolvers-to-stop-new-kind-of-random-subdomain-attack/
---
 pkgs/servers/dns/knot-resolver/default.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pkgs/servers/dns/knot-resolver/default.nix b/pkgs/servers/dns/knot-resolver/default.nix
index 4964755332d..f596934a429 100644
--- a/pkgs/servers/dns/knot-resolver/default.nix
+++ b/pkgs/servers/dns/knot-resolver/default.nix
@@ -16,11 +16,11 @@ lua = luajitPackages;
 
 unwrapped = stdenv.mkDerivation rec {
   pname = "knot-resolver";
-  version = "5.1.0";
+  version = "5.1.1";
 
   src = fetchurl {
     url = "https://secure.nic.cz/files/knot-resolver/${pname}-${version}.tar.xz";
-    sha256 = "9ab179d1dccc6ba59aacac81a4cd10a039615c7a846d9f77f26b851da25d1a86";
+    sha256 = "f72214046df8aae2b1a5c6d1ad0bc8b166aa060df5b008f6e88b4f6ba79cbf4e";
   };
 
   outputs = [ "out" "dev" ];