This problem is only present with versions 1.2.x and it's fixed in 1.2.11: - mbox: Message header reading was unnecessarily slow. Fetching a huge header could have resulted in Dovecot eating a lot of CPU. Also searching messages was much slower than necessary. - mbox, dbox, cydir: Mail root directory was created with 0770 permissions, instead of 0700. - maildir: Reading uidlist could have ended up in an infinite loop. - IMAP IDLE: v1.2.7+ caused extra load by checking changes every 0.5 seconds after a change had occurred in mailbox Is it ok for version 1.2.11 to go stable?
dovecot-1.2.11-r1 is ready for stable. Only concern is it was committed to the tree on April 7th and this is a minor issue. Advice is welcome on gentoo policy whether this warrents foregoing "30 days before stabilization". Patrick?
(In reply to comment #1) > Advice is welcome on gentoo policy whether this warrents foregoing "30 days > before stabilization". Patrick? Eray, security issues should not wait. I see there is also bug 314103.
Fair enough. Arches, please test and mark stable: =net-mail/dovecot-1.2.11-r1 Target keywords : "alpha amd64 sparc x86"
*** Bug 314103 has been marked as a duplicate of this bug. ***
x86 team: Stable host, upgraded to 1.2.11-r1 with no issues in my mail setup.
stable x86, thanks Jeremy, interested in a position as x86 AT? :)
No problems so far on an amd64 platform
amd64 stable
*ping* sparc
alpha/sparc stable
All arches done. Vote required, I vote NO.
arm has keyworded dovecot-1.2.11-r1 as well. Please stabilize too. Thanks.
(In reply to comment #12) > arm has keyworded dovecot-1.2.11-r1 as well. Please stabilize too. Thanks. > The package was never stable, NACK.
What is happening with ppc? They are still stuck at 1.1.19
I've marked the ppc builds ~ppc. In a few days, I'll mark the requested ebuild ppc stable, quickly due to the security issue. Sorry for the delay.
*ping*
Sorry, I forgot about this. Marked ppc stable.
I vote YES though.
GLSA Vote: Yes, with 286844.
This issue was resolved and addressed in GLSA 201110-04 at http://security.gentoo.org/glsa/glsa-201110-04.xml by GLSA coordinator Stefan Behte (craig).