Michael, Great pkg! No wonder it takes Sun so long, they just rely on the open community to take care of each other.
Thanks! -----Original Message----- From: Michael Stauber [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 12, 2003 6:50 PM To: [EMAIL PROTECTED] Subject: [cobalt-security] RaQ3/RaQ4 Qpopper-4.0.5fc2 PKG released Hi all, To fix the recently discovered vulnerability in Qpopper-4.0.4 I created a PKG for the RaQ3 and RaQ4 which is based on the 4.0.5fc2 sources of Qpopper. Who should upgrade? Basically everyone who installed the Solarspeed Qpopper-4.0.4 for the RaQ3 and RaQ4. A stock Cobalt RaQ3 or RaQ4 is not vulnerable to this issue - unless you installed the free Qpopper-4.0.4 upgrade or compiled Qpopper-4.0.4 yourself from the sources. The new PKG can be downloaded here: http://www.solarspeed.net/downloads/index.php As this is an often asked question in regards to Qpopper, here are the configure options I used when compiling the sources: ./configure --prefix=/usr \ --enable-apop=/etc/pop.auth \ --with-popuid=pop \ --enable-specialauth \ --enable-servermode \ --enable-uw-kludge \ --enable-log-login Before someone asks the next obvious question: The option ... --with-pam=qpop ... was NOT used for performance reasons. So this package doesn't use PAM authentication because POP based authentication against PAM uses a tremendous amount of ressources without any actual gains. So especially on heavy duty POP3 servers this package will create less load than the previos Qpopper-4.0.4 or the stock Sun Cobalt Qpopper-3.0.2. -- With best regards, Michael Stauber _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
