On 2024/12/27 20:57, Kirill A. Korinsky wrote:
> On Fri, 27 Dec 2024 20:45:18 +0100,
> Stuart Henderson <stu@spacehopper.org> wrote:
> > 
> > On 2024/12/27 18:56, Klemens Nanni wrote:
> > > 26.12.2024 16:00, Kirill A. Korinsky пишет:
> > > > I'm using this for more than a month and quite happy with this.
> > > > 
> > > > I also made small investigation to prove that it is under GPLv2+ as
> > > > dereveative of GPLv2+ code, so we can package and distribute it.
> > > 
> > > Port-wise trivial, OK kn
> > > 
> > > I don't run any of this, so haven't tested it myself.
> > > 
> > > I'd spell out RUN_DEPENDS, though, rather than including ${BUILD_DEPENDS}.
> > 
> > RUN_DEPENDS=${BUILD_DEPENDS} would be a bad way to silently drag
> > hidden BDEPs in as RDRPs, but the p5-Authen-SASL port has it the
> > othwr way round, which is ok:
> > 
> > BUILD_DEPENDS =		${RUN_DEPENDS}
> > RUN_DEPENDS =		security/p5-Authen-SASL
> > 
> > Typo: s/migth/might/ in security/ejabberd-dovecot-auth/pkg/README.
> > 
> 
> I think that use two times the same dependency as KLemens suggested is
> cleaner way. So, here an updated version.
> 
> Ok to import?

ok,

regarding the filtering -

I see the problem for user_dovecot (and sort-of for logs, though
if anything parsing logs is susceptible to shell chars you have bigger
problems ;)

for auth_dovecot, the password and username are b64-encoded. for
simplicity/sanity I think you want the same filtering on username as
for user_dovecot. but for the password, I think you only have \0 to
worry about?