On 2024/12/27 20:57, Kirill A. Korinsky wrote:
> On Fri, 27 Dec 2024 20:45:18 +0100,
> Stuart Henderson <s...@spacehopper.org> wrote:
> >
> > On 2024/12/27 18:56, Klemens Nanni wrote:
> > > 26.12.2024 16:00, Kirill A. Korinsky пишет:
> > > > I'm using this for more than a month and quite happy with this.
> > > >
> > > > I also made small investigation to prove that it is under GPLv2+ as
> > > > dereveative of GPLv2+ code, so we can package and distribute it.
> > >
> > > Port-wise trivial, OK kn
> > >
> > > I don't run any of this, so haven't tested it myself.
> > >
> > > I'd spell out RUN_DEPENDS, though, rather than including ${BUILD_DEPENDS}.
> >
> > RUN_DEPENDS=${BUILD_DEPENDS} would be a bad way to silently drag
> > hidden BDEPs in as RDRPs, but the p5-Authen-SASL port has it the
> > othwr way round, which is ok:
> >
> > BUILD_DEPENDS = ${RUN_DEPENDS}
> > RUN_DEPENDS = security/p5-Authen-SASL
> >
> > Typo: s/migth/might/ in security/ejabberd-dovecot-auth/pkg/README.
> >
>
> I think that use two times the same dependency as KLemens suggested is
> cleaner way. So, here an updated version.
>
> Ok to import?
ok,
regarding the filtering -
I see the problem for user_dovecot (and sort-of for logs, though
if anything parsing logs is susceptible to shell chars you have bigger
problems ;)
for auth_dovecot, the password and username are b64-encoded. for
simplicity/sanity I think you want the same filtering on username as
for user_dovecot. but for the password, I think you only have \0 to
worry about?
