Summary: | mysql and maildir support for qpopper | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Francesco R. (RETIRED) <vivo> |
Component: | [OLD] Server | Assignee: | Net-Mail Packages <net-mail+disabled> |
Status: | RESOLVED WONTFIX | ||
Severity: | normal | ||
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | All | ||
URL: | http://www.asteroid-b612.org/software/#qpopper | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- | |
Attachments: | qpopper-mysql.tar.gz |
Description
Francesco R. (RETIRED)
2005-01-30 16:21:20 UTC
Created attachment 50004 [details]
qpopper-mysql.tar.gz
:oops:
1)
in the ebuild:
< --with-mysqlconfig=/etc/mysql/my.cnf
> --with-mysqlconfig=/etc/mail/mysql-popper.conf
2)
qpopper.config is not copied
Ok, it work fine. Still using cleartext password. Also tested SQL injection, the sql from the user is like this: SELECT clear,active FROM mailbox WHERE username= 'username@mydomain.com' so the inject tested was 1) "' OR true" without double quotes, this give an error to the client and the sql is not passed to the mysql server. 2) "'", this is accepted but slash is added like "\'" and it's a well formed query qpopper.config is not copied this remain, but I'm sure that a gentoo-dev can see istantly the error. thanks Please, provide both diffs (ebuild's diff and the actual patch) as attachments. Never attach tarballs to bugzilla. Anyway, we normally don't like supporting 3rd party patches. I think the first approach should be trying to get upstream to apply these patches. Cheers, Ferdy The original attachment provide three files, the modified ebuild, the diffs from the original ebuild and the modified one, the patch that add mysql support to qpopper. For the moment I've choosen to use courier which has natively support for mysql and it's already in portage. Regards Since we don't normally support third party patches, its upstream task to decide whether to include it or not. Cheers, Ferdy |