On Mon, 25 Nov 2024 16:21:57 +0100,
Kirill A. Korinsky <kir...@korins.ky> wrote:
>
> On Mon, 25 Nov 2024 12:40:13 +0100,
> Stuart Henderson <s...@spacehopper.org> wrote:
> >
> > p5-Authen-SASL-Authd:
> >
> > s/Commulitive/Cumulative/ in patch comment, then it's ok
> >
> >
> > ejabberd-dovecot-auth:
> >
> > pkg-readme fixes;
> >
> > -ejabeerd. Following code migth be added globally to switch all vhost to
> > +ejabberd. Following code might be added globally to switch all vhosts to
> > - extauth_program: ${PREFIX}/share/ejabberd-dovecot-auth/check-dovecot
> > + extauth_program: ${TRUEPREFIX}/share/ejabberd-dovecot-auth/check-dovecot
> >
> > this does nothing useful; ${WRKINST}/${SYSCONFDIR} doesn't make it into
> > the package
> >
> > ${INSTALL_DATA_DIR} ${WRKINST}/${SYSCONFDIR}/dovecot/conf.d
> >
>
> fixed
>
> > "Restrictions: Username or passwords may not contain some special
> > characters: $'"` nor line breaks"
> >
> > uh oh, that sounds very bad
> >
>
> After careful reading of dovecot prototocl and the code of both new ports...
> The new restrictions are:
> - Username should not contain :$'"`\00\01\t\r\n
> - Password should not contain \00\01\t\r\n
>
> it was tested with passwords like: asd$'":`!!xyz
> Anyone? -- wbr, Kirill
ejabberd-dovecot-auth-with-deps.tgz
Description: Binary data
