1
0
Fork 1
mirror of https://github.com/NixOS/nixpkgs.git synced 2024-12-17 18:34:41 +00:00
Commit graph

626 commits

Author SHA1 Message Date
Alyssa Ross e917903079
spamassassin: 3.4.3 -> 3.4.4
Fixes: CVE-2020-1930
Fixes: CVE-2020-1931
2021-01-06 15:35:59 +00:00
Andreas Rammhold bedb3528b6
dovecot_pigeonhole: 0.5.11 -> 0.5.13
This updates to the latest version. According to the changelog 0.5.12
was skipped. The changes in this release are required to be compatible
with the latest dovecot release.

Changes:
  - duplicate: The test was handled badly in a multiscript (sieve_before,
    sieve_after) scenario in which an earlier script in the sequence with
    a duplicate test succeeded, while a later script caused a runtime
    failure. In that case, the message is recorded for duplicate tracking,
    while the message may not actually have been delivered in the end.
  - editheader: Sieve interpreter entered infinite loop at startup when
    the "editheader" configuration listed an invalid header name. This
    problem can only be triggered by the administrator.
  - relational: The Sieve relational extension can cause a segfault at
    compile time. This is triggered by invalid script syntax. The segfault
    happens when this match type is the last argument of the test command.
    This situation is not possible in a valid script; positional arguments
    are normally present after that, which would prevent the segfault.
  - sieve: For some Sieve commands the provided mailbox name is not
    properly checked for UTF-8 validity, which can cause assert crashes at
    runtime when an invalid mailbox name is encountered. This can be
    caused by the user by writing a bad Sieve script involving the
    affected commands ("mailboxexists", "specialuse_exists").
    This can be triggered by the remote sender only when the user has
    written a Sieve script that passes message content to one of the
    affected commands.
  - sieve: Large sequences of 8-bit octets passed to certain Sieve
    commands that create or modify message headers that allow UTF-8 text
    (vacation, notify and addheader) can cause the delivery or IMAP
    process (when IMAPSieve is used) to enter a memory-consuming
    semi-infinite loop that ends when the process exceeds its memory
    limits. Logged in users can cause these hangs only for their own
    processes.
2021-01-04 17:59:57 +01:00
Andreas Rammhold 4fee20e267
dovecot: add the dovecot NixOS test to passthru.tests
While we already had some test we might as well add the test for that
exact package to the tests attribute set. After all that should be what
(primarily) tests dovecot.
2021-01-04 17:45:28 +01:00
Andreas Rammhold 58c7d3ff17
dovecot: 2.3.11.3 -> 2.3.13
This fixes CVE_2020-24386, CVE-2020-25725 and a bunch of regular bugs
[1].

* CVE-2020-24386: Specially crafted command can cause IMAP hibernate to
	  allow logged in user to access other people's emails and filesystem
	  information.

* CVE-2020-25275: Mail delivery / parsing crashed when the 10 000th MIME part was
  message/rfc822 (or if parent was multipart/digest). This happened
  due to earlier MIME parsing changes for CVE-2020-12100.

[1] https://raw.githubusercontent.com/dovecot/core/2.3.13/NEWS
2021-01-04 17:37:32 +01:00
Johannes Schleifenbaum d0ec6db7ce
mailhog: 1.0.0 -> 1.0.1 2020-12-17 16:58:29 +01:00
R. RyanTM 24f37c858a postsrsd: 1.8 -> 1.9 2020-12-08 03:10:37 +00:00
Sandro Jäckel a3c02a34e2
mailman: Disable tests 2020-12-07 11:02:01 +01:00
R. RyanTM 0e0b2c8030 postsrsd: 1.7 -> 1.8 2020-12-04 20:29:25 +00:00
R. RyanTM 4aabd257ea postsrsd: 1.6 -> 1.7 2020-12-03 05:27:35 +00:00
Yannick Markus 0e87647421
postfix: fix "cant find <mysql.h>" 2020-11-26 10:56:11 +01:00
R. RyanTM 47ee51869f postfix: 3.5.7 -> 3.5.8 2020-11-19 16:14:56 +00:00
Vika 71998ddc33
rspamd: fix builds on non-x86_64-linux platforms
LuaJIT is built in rspamd only on x86_64-linux, and LuaJIT support
became enabled by default in 2.6, breaking builds without it. This
commit explicitly disables LuaJIT support on non-x86_64 architectures.
2020-11-16 16:38:11 +03:00
Martin Weinelt 9309563332
postfix: add passthru tests 2020-11-12 20:00:50 +01:00
R. RyanTM 2e6b023570 postfix: 3.5.6 -> 3.5.7 2020-11-10 22:28:59 -08:00
freezeboy 2549a11c58 freepops: remove
this software has not received any update since 2014, the website
is stating that it is unmaintained:

http://freepops.sourceforge.net/

It is also marked broken since 6 years
2020-11-03 00:34:04 +01:00
Philipp Kern f433d25ea0 exim: unconditionally build with dsearch lookups enabled
dsearch is required to do untainted lookups in directories. There's
no reason not to build it in and it's a standard feature in other
distributions.
2020-10-31 10:57:46 +01:00
Niklas Hambüchen 1c20e2c9f2 rspamd: add passthru.tests 2020-10-22 02:36:53 +02:00
Niklas Hambüchen ff7792dd05 rspamd: 2.5 -> 2.6 2020-10-11 07:28:16 +02:00
Rickard Nilsson 5d4cc0e25c Unmaintain a few packages 2020-09-24 21:12:32 +02:00
Robert Schütz c62812c321 dovecot_pigeonhole: 0.5.10 -> 0.5.11 2020-08-13 09:56:43 +02:00
Robert Schütz 4f5b797ec3 dovecot: 2.3.10.1 -> 2.3.11.3 2020-08-13 09:54:32 +02:00
Robert Schütz 91d6b557b5 postfix: 3.5.4 -> 3.5.6 2020-08-01 18:15:33 +02:00
ajs124 549540559a exim: add DMARC support 2020-07-24 16:58:32 +02:00
ajs124 0a998fcdfc exim: 4.93 -> 4.94 2020-07-19 17:30:12 +02:00
Robert Schütz 2b54a7ed51
postfix: 3.5.3 -> 3.5.4 (#91768) 2020-07-03 12:15:49 +02:00
Linus Heckemann 176bc68a69 mailman: log to journal 2020-06-18 17:23:33 +02:00
Linus Heckemann f5a57c6c40 mailman-web: remove django version checks and override
This is nonsense! Postorius and Hyperkitty don't even support 1.11 anymore.
2020-06-18 17:21:41 +02:00
Léo Gaspard b0a2d1cef7
Merge pull request #78780 from ju1m/dovecot_fts_xapian
Dovecot plugin for Full Text Search (FTS) with Xapian
2020-06-16 22:00:26 +02:00
Robert Schütz 6c9186d267
postfix: 3.5.2 -> 3.5.3 (#90493) 2020-06-15 19:08:59 +02:00
Frederik Rietdijk febc27b59a Merge master into staging-next 2020-06-12 08:57:26 +02:00
Peter Simons c9c79d7dba
Merge pull request #88972 from asbachb/update-postfix-3.5.2
postfix: 3.4.10 -> 3.4.12 -> 3.5.2
2020-06-11 08:43:42 +02:00
R. RyanTM 736363d715
opensmtpd: 6.7.0p1 -> 6.7.1p1 (#90090) 2020-06-10 23:11:05 +02:00
Jan Tojnar acb53e0698
Merge branch 'staging-next' into staging 2020-06-10 04:10:57 +02:00
Alyssa Ross 9e59980eb5 python3.pkgs.hyperkitty: 1.3.2 -> 1.3.3 2020-06-06 01:05:29 +00:00
Alyssa Ross 1fe94466e6 python3.pkgs.postorius: 1.3.2 -> 1.3.3 2020-06-06 01:05:29 +00:00
Alyssa Ross 5322686d53 mailman: 3.3.0 -> 3.3.1 2020-06-06 01:05:29 +00:00
Martin Milata 31789d15c8 sympa: 6.2.54 -> 6.2.56
Fixes: https://nvd.nist.gov/vuln/detail/CVE-2020-10936
       https://sympa-community.github.io/security/2020-002.html

ChangeLog: https://github.com/sympa-community/sympa/blob/6.2.56/NEWS.md
2020-06-04 18:39:01 +02:00
Benjamin Asbach e86ed7e693 postfix: 3.4.12 -> 3.5.2 2020-05-26 11:19:55 +02:00
Benjamin Asbach ae7b57c8ca postfix: 3.4.10 -> 3.4.12
`0001-Fix-build-with-glibx-2.30` was removed since the patch is already applied to upstream source.
2020-05-25 01:44:21 +02:00
R. RyanTM cd79923c14 opensmtpd: 6.6.4p1 -> 6.7.0p1 2020-05-23 00:25:43 +00:00
Andreas Rammhold f72b603a6d
Merge pull request #88076 from mweinelt/dovecot
dovecot: v2.3.10 → v2.3.10.1
2020-05-20 11:40:12 +02:00
ajs124 7ed1c6f1b2 exim: 4.92.3 -> 4.93.0.4
As per the updating notes[1], DISABLE_TLS replaces SUPPORT_TLS.
The build system also wants you to choose between OpenSSL and GnuTLS.
Since we were using OpenSSL until now, I chose that.

[1]: https://git.exim.org/exim.git/blob_plain/885bb037cb791e057de2105bb3790c6135914c62:/src/README.UPDATING
2020-05-18 19:23:13 +02:00
Martin Weinelt 6cf48856d2
dovecot: v2.3.10 → v2.3.10.1
Fixes: CVE-2020-10957, CVE-2020-10958, CVE-2020-10967
2020-05-18 18:40:40 +02:00
Julien Moutinho 8be7358384 maintainers: add julm 2020-05-09 14:13:31 +02:00
Julien Moutinho 1ef7bea94d dovecot_fts_xapian: init at 1.3.1 2020-05-09 13:46:53 +02:00
R. RyanTM 8fb5360fa5 opensmtpd-extras: 6.4.0 -> 6.7.1 2020-05-06 23:13:04 -07:00
Matthew Bauer 1c8aba8334 treewide: use blas and lapack
This makes packages use lapack and blas, which can wrap different
BLAS/LAPACK implementations.

treewide: cleanup from blas/lapack changes

A few issues in the original treewide:

- can’t assume blas64 is a bool
- unused commented code
2020-04-17 16:24:09 -05:00
Michael Reilly 84cf00f980
treewide: Per RFC45, remove all unquoted URLs 2020-04-10 17:54:53 +01:00
R. RyanTM f9423c1431 rspamd: 2.4 -> 2.5 2020-04-07 15:38:55 +00:00
Martin Milata 8f632b404f sympa: build with --enable-fhs
Update module accordingly.
2020-03-24 02:32:22 +01:00
Martin Milata adc7388930 sympa: 6.2.52 -> 6.2.54 2020-03-21 03:58:37 +01:00
Mario Rodas 1df02c839b
Merge pull request #82463 from r-ryantm/auto-update/dovecot-pigeonhole
dovecot_pigeonhole: 0.5.9 -> 0.5.10
2020-03-20 06:13:55 -05:00
R. RyanTM 5c207933b7 postfix: 3.4.9 -> 3.4.10 2020-03-15 16:09:15 +00:00
R. RyanTM da5e9d4ab9 dovecot_pigeonhole: 0.5.9 -> 0.5.10 2020-03-13 03:37:40 +00:00
R. RyanTM 8d08f45368 dovecot: 2.3.9.3 -> 2.3.10 2020-03-12 00:00:26 +00:00
R. RyanTM ab4d825f3b rspamd: 2.3 -> 2.4 2020-03-03 17:08:22 +00:00
Andreas Rammhold 09725e5f9e
opensmtpd: 6.6.3p1 -> 6.6.4p1
Release notes aren't available at this time [1] it is likely to be
related to a recent mail to oss-security (either [2] or [3]).

[1] https://www.mail-archive.com/misc@opensmtpd.org/msg04888.html
[2] https://www.openwall.com/lists/oss-security/2020/02/24/5
[3] https://www.openwall.com/lists/oss-security/2020/02/24/4
2020-02-24 20:50:51 +01:00
Franz Pletz f9a34082e6
dovecot: 2.3.9.2 -> 2.3.9.3
Fixes CVE-2020-7046 & CVE-2020-7957:

  https://dovecot.org/pipermail/dovecot-news/2020-February/000429.html
2020-02-17 15:14:29 +01:00
Mario Rodas 3ab13fce6d
Merge pull request #80085 from r-ryantm/auto-update/rspamd
rspamd: 2.2 -> 2.3
2020-02-16 14:26:13 -05:00
Léo Gaspard da4d9241fc
Merge pull request #79971 from r-ryantm/auto-update/opensmtpd
opensmtpd: 6.6.2p1 -> 6.6.3p1
2020-02-14 12:08:05 +01:00
R. RyanTM 6ef1edbeaa rspamd: 2.2 -> 2.3 2020-02-14 03:38:53 +00:00
Jonathan Ringer 6730bc5144 python3Packages.mailman-web: prevent error from crashing eval 2020-02-12 22:27:24 -08:00
R. RyanTM 77da4954da opensmtpd: 6.6.2p1 -> 6.6.3p1 2020-02-13 02:50:37 +00:00
R. RyanTM 6884a53089 postfix: 3.4.8 -> 3.4.9 2020-02-10 18:02:13 +01:00
Frederik Rietdijk ec3edaf7b5 Merge master into staging-next 2020-02-10 12:55:47 +01:00
Silvan Mosberger b9d7f1fe24 Merge pull request #65397 from mmilata/sympa
sympa: init at 6.2.52 + NixOS module
2020-02-10 01:23:45 +01:00
Lancelot SIX 2711c7477d pythonPackages.django: django_1_11 -> django_lts 2020-02-09 09:17:31 +01:00
Richard Marko e39d7fab27 sympa: init at 6.2.52 2020-02-07 22:54:23 +01:00
Vladimír Čunát 48a997cd76
Merge #66528: glibc: 2.27 -> 2.30 (into staging)
Includes update of stdenv bootstap tools (for three main platforms)
and many package fixes with new glibc.
2020-02-05 13:41:09 +01:00
Alyssa Ross 95de02942f
Revert "mailman-wrapper: crazy hack to work around the missing urllib3 dependency"
This reverts commit ce6b2419be, which
was unnecessary (mailman worked just fine on its parent commit).

See #79222.
2020-02-04 15:40:37 +00:00
Peter Simons ce6b2419be mailman-wrapper: crazy hack to work around the missing urllib3 dependency
Please remove the explicit urllib3 dependency from this expression again once
https://github.com/NixOS/nixpkgs/issues/79222 is fixed.
2020-02-04 14:43:56 +01:00
Peter Simons 5717f312a4 mailman-web: add myself as a maintainer 2020-02-04 14:43:46 +01:00
Maximilian Bosch ea8ae88f04
Merge branch 'staging' into glibc230 2020-02-01 17:42:03 +01:00
Franz Pletz e8b8e8c615
rspamd: 1.9.4 -> 2.2 2020-02-01 14:20:51 +01:00
Franz Pletz 4d5d5ed62d
rmilter: remove unused files
The merge 98640fd482 was done incorrectly.
2020-02-01 13:38:22 +01:00
Alyssa Ross 881dd9963f mailman-web: use upstream, improve NixOS module
Previously, some files were copied into the Nixpkgs tree, which meant
we wouldn't easily be able to update them, and was also just messy.

The reason it was done that way before was so that a few NixOS
options could be substituted in.  Some problems with doing it this way
were that the _package_ changed depending on the values of the
settings, which is pretty strange, and also that it only allowed those
few settings to be set.

In the new model, mailman-web is a usable package without needing to
override, and I've implemented the NixOS options in a much more
flexible way.  NixOS' mailman-web config file first reads the
mailman-web settings to use as defaults, but then it loads another
configuration file generated from the new services.mailman.webSettings
option, so _any_ mailman-web Django setting can be customised by the
user, rather than just the three that were supported before.  I've
kept the old options, but there might not really be any good reason to
keep them.
2020-01-30 23:14:45 +00:00
Alyssa Ross a8538a73a7 mailman: init package for Mailman CLI
We already had python3Packages.mailman, but that's only really usable
as a library.  The only other option was to create a whole Python
environment, which was undesirable to install as a system-wide
package.
2020-01-30 23:14:45 +00:00
Alyssa Ross bc8eece849 python3.pkgs.mailman-hyperkitty: HTTPS homepage 2020-01-30 23:14:45 +00:00
Alyssa Ross c397d1909f nixos/mailman: don't keep secrets in the Nix store
This replaces all Mailman secrets with ones that are generated the
first time the service is run.  This replaces the hyperkittyApiKey
option, which would lead to a secret in the world-readable store.
Even worse were the secrets hard-coded into mailman-web, which are not
just world-readable, but identical for all users!

services.mailman.hyperkittyApiKey has been removed, and so can no
longer be used to determine whether to enable Hyperkitty.  In its
place, there is a new option, services.mailman.hyperkitty.enable.  For
consistency, services.mailman.hyperkittyBaseUrl has been renamed to
services.mailman.hyperkitty.baseUrl.
2020-01-30 23:14:45 +00:00
Alyssa Ross 85a9743f13 spamassassin: use /etc/mail/spamassassin for config
Using a custom path in the Nix store meant that users of the module
couldn't add their own config files, which is a desirable feature.  I
don't think avoiding /etc buys us anything.
2020-01-30 00:47:10 +00:00
Franz Pletz 7b9bd595cd
opensmtpd: 6.6.1p1 -> 6.6.2p1
Fixes critical vulnerability:
  https://www.mail-archive.com/misc@opensmtpd.org/msg04850.html
2020-01-29 03:03:39 +01:00
Maximilian Bosch 6b0cd9ad47
Merge branch 'staging' into glibc230
Conflicts:
	pkgs/applications/misc/vit/default.nix
2020-01-28 14:54:51 +01:00
Maximilian Bosch eddfcc32b4
Merge branch 'staging' into glibc230 2020-01-23 11:31:13 +01:00
Alyssa Ross 126ff4d97e python3.pkgs.mailman*: check isPy3k inside package 2020-01-20 14:36:56 +00:00
Peter Simons 3e26640352 python3.pkgs.mailman: 3.2.2 -> 3.3.0 2020-01-20 14:36:56 +00:00
Alyssa Ross aec2382b38 python3.pkgs.postorius: 1.2.4 -> 1.3.2 2020-01-20 14:36:56 +00:00
Alyssa Ross 9a43cdc1c6 python3.pkgs.postorius: use checkInputs 2020-01-20 14:36:56 +00:00
Alyssa Ross 6af4de84d3 python3.pkgs.hyperkitty: use checkInputs
The previously propagated build inputs are optional, and so are
included in checkInputs so the tests can run, but not propagated so
they aren't included if unneeded.
2020-01-20 14:36:56 +00:00
Alyssa Ross 38f2103de9 python3.pkgs.hyperkitty: 1.2.2 -> 1.3.2 2020-01-20 14:36:56 +00:00
Alyssa Ross 0b9bfc0132 python3.pkgs.mailman: core.nix -> default.nix
The actual upstream "mailman" name just refers to this, so we should
use the Nixpkgs convention of default.nix.
2020-01-20 14:36:56 +00:00
Alyssa Ross 89b311fa4d mailman: remove unused derivation for mailman 2
This isn't referenced anywhere, so it's just dead code.
2020-01-20 14:36:56 +00:00
Maximilian Bosch 8e7bbb7d4f
postfix: fix build w/glibc 2.30 2020-01-17 01:44:33 +01:00
Alyssa Ross 10b1ba0c93 public-inbox: fix build
This fixes some two-digit year rounding bugs that started triggering
because 2020 is closer to 2070 than 1970.  Apparently two digits years
are still a thing.
2020-01-14 19:54:35 +00:00
Robin Gloster 6ca6ac796b
treewide: configureFlags is a flat list 2019-12-31 01:37:49 +01:00
Robin Gloster 313da176d3
treewide: NIX_*_FLAGS -> string 2019-12-31 00:16:46 +01:00
Robin Gloster ab0cfd9e03
treewide: NIX_*_COMPILE -> string 2019-12-31 00:10:18 +01:00
Frederik Rietdijk 6d059becd3 Merge gcc-9 into staging (#68029) 2019-12-30 16:38:38 +01:00
Merijn Broeren 133103d709
treewide: replace make/build/configure/patchFlags with nix lists 2019-12-30 12:58:11 +01:00
Franz Pletz 77b6c3cd06
Merge remote-tracking branch 'origin/master' into gcc-9 2019-12-26 14:17:36 +01:00
Alyssa Ross 7ea65c5746
spamassassin: fix IPv6
The Net::CIDR::Lite package was missing.
2019-12-24 23:41:03 +00:00