X-Original-To: alpine-devel@lists.alpinelinux.org Delivered-To: alpine-devel@mail.alpinelinux.org Received: from ncopa-desktop.alpinelinux.org (unknown [79.160.13.133]) (using TLSv1 with cipher ECDHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: n@tanael.org) by mail.alpinelinux.org (Postfix) with ESMTPSA id 6931BDC012C; Fri, 30 Jan 2015 12:46:04 +0000 (UTC) Date: Fri, 30 Jan 2015 13:46:01 +0100 From: Natanael Copa To: Isaac Dunham Cc: alpine-devel@lists.alpinelinux.org Subject: Re: [alpine-devel] considering packaging another mailx Message-ID: <20150130134601.6e9f928b@ncopa-desktop.alpinelinux.org> In-Reply-To: <20150128013455.GB1798@newbook> References: <20140913203317.GA5578@newbook> <20140915104643.25dea7f5@ncopa-desktop.alpinelinux.org> <20140915143728.GA514@muslin> <20150127161535.698aa7dd@ncopa-desktop.alpinelinux.org> <20150128013455.GB1798@newbook> X-Mailer: Claws Mail 3.11.0 (GTK+ 2.24.25; x86_64-alpine-linux-musl) X-Mailinglist: alpine-devel Precedence: list List-Id: Alpine Development List-Unsubscribe: List-Post: List-Help: List-Subscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit On Tue, 27 Jan 2015 17:35:36 -0800 Isaac Dunham wrote: > On Tue, Jan 27, 2015 at 04:15:35PM +0100, Natanael Copa wrote: > > I'm bringing up this old issue because there are a couple of CVE issues: > > http://seclists.org/oss-sec/2014/q4/1066 > > > > Do you think it would be possible to completely replace main/mailx with > > heirloom-mailx without breaking too much? More specifically, does > > heirloom/mailx' mail implementation support all the args in current > > mail/mailx? > > > > -nc > > Yes. > heirloom-mailx does not mention -v in its help, but seems to accept it. > Other options/arguments seem to be compatible. I'm thinking how to do this for stable to fix the CVE issues. I looked at backporting the patches to our version but that seems like alot of work so I don't think that is a good option. It seems that heirloom-mailx also introduces krb5 dependency. I think we don't want that for stable, but it also looks like its optional. The /etc/mail.rc has been renamed to /etc/nail.rc but I suppose we can add a pre-upgrade script that will rename existing /etc/mail.rc to /etc/nail.rc and add a symlink /etc/mail.rc. There is also a heirloom-mailx fork named s-nail. I don't know if that is a better alternative. other thoughts? -nc --- Unsubscribe: alpine-devel+unsubscribe@lists.alpinelinux.org Help: alpine-devel+help@lists.alpinelinux.org ---