308767 – Bump to net-mail/dovecot-1.2.11

Bug 308767 - Bump to net-mail/dovecot-1.2.11

Summary: Bump to net-mail/dovecot-1.2.11

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	Current packages (show other bugs)
Hardware:	All Linux

Importance:	High enhancement (vote)
Assignee:	Net-Mail Packages

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2010-03-10 00:27 UTC by Kilburn Abrahams
Modified:	2010-03-29 18:45 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Kilburn Abrahams 2010-03-10 00:27:31 UTC

Possible DoS and some performance issues addressd

mbox users really should upgrade, because by sending a message with a
huge header you could basically cause a DoS (this problem exists only
with v1.2.x, not with v1.0 or v1.1).

	- mbox: Message header reading was unnecessarily slow. Fetching a
	  huge header could have resulted in Dovecot eating a lot of CPU.
	  Also searching messages was much slower than necessary.
	- mbox, dbox, cydir: Mail root directory was created with 0770
	  permissions, instead of 0700.
	- maildir: Reading uidlist could have ended up in an infinite loop.
	- IMAP IDLE: v1.2.7+ caused extra load by checking changes every
	  0.5 seconds after a change had occurred in mailbox


Reproducible: Always




Copied over 1.2.10-r1 and all is fine.

Comment 1 Aurélien Requiem 2010-03-29 00:45:32 UTC

Hi,

for some weeks now, I'm using dovecot 1.2.11 without a glitch.
I've just renamed the ebuild to 1.2.11 and all is fine.

It should be good to have a bump in the repository to address the security issues fixed in this release.

Thank you.

Comment 2 Patrick Lauer gentoo-dev

2010-03-29 18:45:28 UTC

+  29 Mar 2010; Patrick Lauer <patrick@gentoo.org> +dovecot-1.2.11.ebuild:
+  Bump for #308767