Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 80146 - mysql and maildir support for qpopper
Summary: mysql and maildir support for qpopper
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: [OLD] Server (show other bugs)
Hardware: All All
: High normal (vote)
Assignee: Net-Mail Packages
Depends on:
Reported: 2005-01-30 16:21 UTC by Francesco R. (RETIRED)
Modified: 2005-02-21 12:04 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---

qpopper-mysql.tar.gz (qpopper-mysql.tar.gz,37.84 KB, application/octet-stream)
2005-01-30 16:23 UTC, Francesco R. (RETIRED)

Note You need to log in before you can comment on or make changes to this bug.
Description Francesco R. (RETIRED) gentoo-dev 2005-01-30 16:21:20 UTC
The title sayd it all ;)

content of the attachment (next message):

--------- WARNING!!! ---------
1) the files/qpopper-mysql-4.1-0.13.patch has been modified to compile under mysql-4.1, the function "hash_password" has been renamed as "qp_hash_password" because of a conflict with mysql one. This has *not* been tested. So if in doubt please attach the original patch from the url above and mask for <dev-db/mysql-4.1
2) a first try to compile with USE="-gdbm" has failed, this seems not to be related to the mysql patch but I've not tested it.
3) saying all the truth still not tested running, I will give it a try this week.

emerge -pv qpopper ;qpkg -l qpopper
[ebuild   R   ] net-mail/qpopper-4.0.5-r1  -debug +gdbm -mailbox +mysql -pam +ssl +xinetd 0 kB [1]

net-mail/qpopper-4.0.5-r1 *
Comment 1 Francesco R. (RETIRED) gentoo-dev 2005-01-30 16:23:41 UTC
Created attachment 50004 [details]
Comment 2 Francesco R. (RETIRED) gentoo-dev 2005-01-30 17:06:14 UTC
in the ebuild:
< --with-mysqlconfig=/etc/mysql/my.cnf
> --with-mysqlconfig=/etc/mail/mysql-popper.conf
qpopper.config is not copied
Comment 3 Francesco R. (RETIRED) gentoo-dev 2005-01-31 15:04:20 UTC
Ok, it work fine. Still using cleartext password.
Also tested SQL injection, the sql from the user is like this:
SELECT clear,active FROM mailbox WHERE username= ''
so the inject tested was 
1) "' OR true" without double quotes, this give an error to the client and the sql is not passed to the mysql server.
2) "'", this is accepted but slash is added like "\'" and it's a well formed query

qpopper.config is not copied
this remain, but I'm sure that a gentoo-dev can see istantly the error.

Comment 4 Fernando J. Pereda (RETIRED) gentoo-dev 2005-02-17 01:17:43 UTC
Please, provide both diffs (ebuild's diff and the actual patch) as attachments. Never attach tarballs to bugzilla.

Anyway, we normally don't like supporting 3rd party patches. I think the first approach should be trying to get upstream to apply these patches.

Comment 5 Francesco R. (RETIRED) gentoo-dev 2005-02-18 04:46:26 UTC
The original attachment provide three files, 
the modified ebuild, 
the diffs from the original ebuild and the modified one, 
the patch that add mysql support to qpopper.

For the moment I've choosen to use courier which has natively support for mysql and it's already in portage.


Comment 6 Fernando J. Pereda (RETIRED) gentoo-dev 2005-02-21 12:04:33 UTC
Since we don't normally support third party patches, its upstream task to decide whether to include it or not.