On 24.05.20 01:34, Sandro Knauß wrote:
Could you please have a look at this regression report? You authored
the patch and my PHP-fu is failing me :-P It should definitely not
retry the very same incorrect credentials. Even on systems without
anti-bruteforce logic that locks the user out, Roundcube still takes 5
times longer to complain a about a failed login — which is not
negligible when an expensive PBKDF is used for credential verification.
ACK
I think it's rather unfortunate that
debian/patches/retry_to_reach_imap_server.patch was AFAICT never submitted
upstream and landed into stable through -p-u. I dunno whether
program/lib/Roundcube/rcube_imap.php:connect() has access to the IMAP state
machine to determine whether a greeting was seen (AFAICT your intention was
to retry on missing greeting lines, not on NO/BYE greeting conditions let
alone failed authentication attempts) or to another interface returning
whether the error is transient or not. Either way it'd be good to have
upstream's blessing before adopting such patches to Debian :-)
Well I tried several times to reach upstream and they are often not answering.
Never the less I created a pull request with an updated version, that does no
retry for unrecoverable failures like authentication failure, no password,
configuration failure. That should improve the situation already in this issue.
@Matus UHLAR: please try the patch attached to the pull request if this fixes
your issue:
https://github.com/roundcube/roundcubemail/pull/7402
this patch works properly when invalid password is entered.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Enter any 12-digit prime number to continue.
