Navigation Menu

Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

opensmtpd: 6.6.4p1 -> 6.7.0p1 #88640

Merged
merged 1 commit into from May 23, 2020
Merged

opensmtpd: 6.6.4p1 -> 6.7.0p1 #88640

merged 1 commit into from May 23, 2020

Conversation

r-ryantm
Copy link
Contributor

Semi-automatic update generated by nixpkgs-update tools. This update was made based on information from https://repology.org/metapackage/opensmtpd/versions.

meta.description for opensmtpd is: "A free implementation of the server-side SMTP protocol as defined by\nRFC 5321, with some additional standard extensions\n"

meta.homepage for opensmtpd is: "https://www.opensmtpd.org/"

Updates performed
  • Version update
To inspect upstream changes
Impact
Checks done (click to expand)
Rebuild report (if merged into master) (click to expand) 
3 total rebuild path(s)

1 package rebuild(s)

1 x86_64-linux rebuild(s)
1 i686-linux rebuild(s)
0 x86_64-darwin rebuild(s)
1 aarch64-linux rebuild(s)


First fifty rebuilds by attrpath
opensmtpd
Instructions to test this update (click to expand)

Either download from Cachix:

nix-store -r /nix/store/14730j4q4561w3x9lzf6h8v3wyk6ijck-opensmtpd-6.7.0p1 \
  --option binary-caches 'https://cache.nixos.org/ https://r-ryantm.cachix.org/' \
  --option trusted-public-keys '
  r-ryantm.cachix.org-1:gkUbLkouDAyvBdpBX0JOdIiD2/DP1ldF3Z3Y6Gqcc4c=
  cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=
  '

(r-ryantm's Cachix cache is only trusted for this store-path realization.)
For the Cachix download to work, your user must be in the trusted-users list or you can use sudo since root is effectively trusted.

Or, build yourself:

nix-build -A opensmtpd https://github.com/r-ryantm/nixpkgs/archive/cd79923c142152b7c068c26f54865e1e9e11a673.tar.gz

After you've downloaded or built it, look at the files and if there are any, run the binaries:

ls -la /nix/store/14730j4q4561w3x9lzf6h8v3wyk6ijck-opensmtpd-6.7.0p1
ls -la /nix/store/14730j4q4561w3x9lzf6h8v3wyk6ijck-opensmtpd-6.7.0p1/bin

Pre-merge build results

We have automatically built all packages that will get rebuilt due to
this change.

This gives evidence on whether the upgrade will break dependent packages.
Note sometimes packages show up as failed to build independent of the
change, simply because they are already broken on the target branch.

Result of nixpkgs-review 1

1 package built:
- opensmtpd
Maintainer pings

cc @rickynils @obadz @Ekleog for testing.

@ofborg ofborg bot requested review from Ekleog, obadz and rickynils May 23, 2020 00:34
@Ekleog Ekleog merged commit cac4473 into NixOS:master May 23, 2020
@Ekleog
Copy link
Member

Ekleog commented May 23, 2020

Seeing the changelog, I'm not sure whether this should be backported — I've asked #opensmtpd to know whether the security vulnerabilities listed in the middle of the bugfixes are qualified or just preventive fixes; if they're just preventive I'd say the backport breakage risk is probably too high, but if there's a security vulnerability then there's no choice but to do the backport.

@r-ryantm r-ryantm deleted the auto-update/opensmtpd branch May 24, 2020 15:25
@Ekleog
Copy link
Member

Ekleog commented May 25, 2020

I've received confirmation that the vulnerabilities were also fixed in 6.6.4p1, so there's no need for backport :)

@Izorkin
Copy link
Contributor

Izorkin commented Jun 6, 2020

After this update error work smtpctl:

smtpctl: this program must be setgid smtpq

@Ekleog
Copy link
Member

Ekleog commented Jun 6, 2020

Hmm… that looks weird, it wasn't in the release notes, and making it setgid smtpq sounds like it'd allow every user on the system to run it, which we definitely don't want to do. I've just asked on the opensmtpd IRC whether that's expected as well as the correct way forward on this matter :)

@romildo
Copy link
Contributor

romildo commented Jun 9, 2020

I've just asked on the opensmtpd IRC whether that's expected as well as the correct way forward on this matter :)

Have you got any answer?

@romildo
Copy link
Contributor

romildo commented Jun 9, 2020

There is an issue for this in the archlinux bug tracker.

@Ekleog
Copy link
Member

Ekleog commented Jun 9, 2020

Indeed, sorry for having forgotten to report here. yesterday, I got the answer that the setgid is currently required for offline enqueuing, and unfortunately smtpctl is currently not split from sendmail so there's little running around it.

Meaning that we'll have to add a setgid wrapper for smtpctl, I'll try to get to it when I get some spare time, but if someone beats me to it (and I'd love someone to beat me to it :p), feel free to ping me for review :)

@romildo romildo mentioned this pull request Jun 9, 2020
Merged
10 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Ekleog Ekleog Awaiting requested review from Ekleog

@obadz obadz Awaiting requested review from obadz

@rickynils rickynils Awaiting requested review from rickynils

Assignees
No one assigned
Labels
10.rebuild-darwin: 0 10.rebuild-linux: 1-10 10.rebuild-linux: 1
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@r-ryantm @Ekleog @Izorkin @romildo