X-Original-To: alpine-devel@lists.alpinelinux.org
Delivered-To: alpine-devel@mail.alpinelinux.org
Received: from ncopa-desktop.alpinelinux.org (unknown [79.160.13.133])
	(using TLSv1 with cipher ECDHE-RSA-AES128-SHA (128/128 bits))
	(No client certificate requested)
	(Authenticated sender: n@tanael.org)
	by mail.alpinelinux.org (Postfix) with ESMTPSA id 6931BDC012C;
	Fri, 30 Jan 2015 12:46:04 +0000 (UTC)
Date: Fri, 30 Jan 2015 13:46:01 +0100
From: Natanael Copa <ncopa@alpinelinux.org>
To: Isaac Dunham <ibid.ag@gmail.com>
Cc: alpine-devel@lists.alpinelinux.org
Subject: Re: [alpine-devel] considering packaging another mailx
Message-ID: <20150130134601.6e9f928b@ncopa-desktop.alpinelinux.org>
In-Reply-To: <20150128013455.GB1798@newbook>
References: <20140913203317.GA5578@newbook>
	<20140915104643.25dea7f5@ncopa-desktop.alpinelinux.org>
	<20140915143728.GA514@muslin>
	<20150127161535.698aa7dd@ncopa-desktop.alpinelinux.org>
	<20150128013455.GB1798@newbook>
X-Mailer: Claws Mail 3.11.0 (GTK+ 2.24.25; x86_64-alpine-linux-musl)
X-Mailinglist: alpine-devel
Precedence: list
List-Id: Alpine Development <alpine-devel.lists.alpinelinux.org>
List-Unsubscribe: 
	<mailto:alpine-devel+unsubscribe@lists.alpinelinux.org?subject=unsubscribe>
List-Post: <mailto:alpine-devel@lists.alpinelinux.org>
List-Help: <mailto:alpine-devel+help@lists.alpinelinux.org?subject=help>
List-Subscribe: 
	<mailto:alpine-devel+subscribe@lists.alpinelinux.org?subject=subscribe>
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit

On Tue, 27 Jan 2015 17:35:36 -0800
Isaac Dunham <ibid.ag@gmail.com> wrote:

> On Tue, Jan 27, 2015 at 04:15:35PM +0100, Natanael Copa wrote:
> > I'm bringing up this old issue because there are a couple of CVE issues:
> > http://seclists.org/oss-sec/2014/q4/1066
> > 
> > Do you think it would be possible to completely replace main/mailx with
> > heirloom-mailx without breaking too much? More specifically, does
> > heirloom/mailx' mail implementation support all the args in current
> > mail/mailx?
> > 
> > -nc
> 
> Yes.
> heirloom-mailx does not mention -v in its help, but seems to accept it.
> Other options/arguments seem to be compatible.

I'm thinking how to do this for stable to fix the CVE issues. I looked
at backporting the patches to our version but that seems like alot of
work so I don't think that is a good option.

It seems that heirloom-mailx also introduces krb5 dependency. I think
we don't want that for stable, but it also looks like its optional.

The /etc/mail.rc has been renamed to /etc/nail.rc but I suppose we can
add a pre-upgrade script that will rename existing /etc/mail.rc
to /etc/nail.rc and add a symlink /etc/mail.rc.

There is also a heirloom-mailx fork named s-nail. I don't know if that
is a better alternative.

other thoughts?

-nc


---
Unsubscribe:  alpine-devel+unsubscribe@lists.alpinelinux.org
Help:         alpine-devel+help@lists.alpinelinux.org
---