>On Aug 23, 2004, at 5:26 PM, Dave wrote:
>> Give that the mail systems on these machines are rock solid from a  
>> stability perspective, and have had multiple tweaks and other patches
>> made to accompanying packages since installation, not to mention the 
>> database format changes for some of the older versions that would be 
>> required in the case of an upgrade, I would prefer a diff or patch to
>> insert this functionality into the existing vchkpw code.  I can then
>> manually create a patch, or edit the appropriate files and recompile.
>
>Here's what you're looking for:
>
>http://cvs.sourceforge.net/viewcvs.py/vpopmail/vpopmail/vchkpw.c? 
>r1=1.6&r2=1.8
>
>or, a simpler patch from an earlier release that just covers the port  
>587 stuff:
>
>http://cvs.sourceforge.net/viewcvs.py/vpopmail/vpopmail/vchkpw.c? 
>r1=1.3&r2=1.4

perfect, will play with this to start.

>The CVS interface on SourceForge should help you craft custom patches  
>and be selective with what to include and not include.
>
>If your CRAM-MD5 auth isn't working properly, be sure to apply the  
>vchkpw patch from between 1.9 and 1.10.  It makes vchkpw's CRAM-MD5  
>compatible with the latest SMTP AUTH patches (which follow a standard  
>protocol for passing information between qmail-smtpd and vchkpw).

Will look into it.

>If you're using MySQL as a backend though, I highly recommend you go  
>through the painful process of upgrading to 5.4.6 as it has numerous  
>bug fixes over the 5.3.x releases, and closes an SQL-injection  
>vulnerability.  It should be an easy upgrade from the 5.3.x 
>servers, I  
>got involved with vpopmail well after 4.9.10, so I don't know much  
>about that release.

There were some structural changes in the mysql tables some time back, which
has been one of the reasons(excuses) to avoid the upgrade.  Bottom line is
we are waiting for a security/functionality issue that isn't so easy to
implement a patch which will leave us with no choice but to upgrade, or
stability becomes affected with all the patches.

Thanks for the link.

Dave


Reply via email to