We already had python3Packages.mailman, but that's only really usable
as a library. The only other option was to create a whole Python
environment, which was undesirable to install as a system-wide
package.
This replaces all Mailman secrets with ones that are generated the
first time the service is run. This replaces the hyperkittyApiKey
option, which would lead to a secret in the world-readable store.
Even worse were the secrets hard-coded into mailman-web, which are not
just world-readable, but identical for all users!
services.mailman.hyperkittyApiKey has been removed, and so can no
longer be used to determine whether to enable Hyperkitty. In its
place, there is a new option, services.mailman.hyperkitty.enable. For
consistency, services.mailman.hyperkittyBaseUrl has been renamed to
services.mailman.hyperkitty.baseUrl.
Using a custom path in the Nix store meant that users of the module
couldn't add their own config files, which is a desirable feature. I
don't think avoiding /etc buys us anything.
The previously propagated build inputs are optional, and so are
included in checkInputs so the tests can run, but not propagated so
they aren't included if unneeded.
This fixes some two-digit year rounding bugs that started triggering
because 2020 is closer to 2070 than 1970. Apparently two digits years
are still a thing.
highlight's Perl bindings are currently disabled on Darwin, but I
didn't make the dependency here conditional so that if that is ever
fixed, this function won't need to be updated. p-i is smart enough to
disable the test for highlight if it can't find the Perl module.
Update to latest version & updated the patch file to match with the
lastest verison.
Fixes the following security issue:
* CVE-2019-19722: Mails with group addresses in From or To fields
caused crash in push notification drivers.
Communication between spamc and spamd would fail with messages about
addresses being too long:
error: Bad arg length for Socket::unpack_sockaddr_in, length is 28,
should be 16
By adding Socket6 as a buildInput, spamd is now able to process emails
without choking on IPv6 addresses.
The substitition in smtpd/parse.y isn't necessary anymore.
The hardcoded /usr/libexec/ has been replaced by a PATH_LIBEXEC #define,
which will be set properly by the build system.