mirror of
git://slackware.nl/current.git
synced 2024-12-29 10:25:00 +01:00
5edf138e9c
patches/packages/dovecot-2.3.21.1-x86_64-1_slack15.0.txz: Upgraded.
This update fixes security issues:
A large number of address headers in email resulted in excessive CPU usage.
Abnormally large email headers are now truncated or discarded, with a limit
of 10MB on a single header and 50MB for all the headers of all the parts of
an email.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2024-23184
https://www.cve.org/CVERecord?id=CVE-2024-23185
(* Security fix *)
20 lines
841 B
Diff
20 lines
841 B
Diff
--- ./doc/example-config/README.in.orig 2017-06-23 06:18:28.000000000 -0500
|
|
+++ ./doc/example-config/README.in 2017-11-14 19:04:46.621109623 -0600
|
|
@@ -1,2 +1,15 @@
|
|
-Configuration files go to this directory. See example configuration files in
|
|
-@exampledir@/
|
|
+Configuration files go to this directory.
|
|
+
|
|
+The configuration files that are provided here should work out of the box on
|
|
+Slackware once you've installed security certificates to support SSL/TLS.
|
|
+
|
|
+See the config file beneath this directory: conf.d/10-ssl.conf
|
|
+
|
|
+For a script that will install self-signed certificates, see mkcert.sh in
|
|
+/usr/doc/dovecot-2.*
|
|
+
|
|
+It is also recommended to edit conf.d/10-auth.conf and uncomment this line:
|
|
+#disable_plaintext_auth = yes
|
|
+
|
|
+This will prevent usernames and passwords from being sent until a secure
|
|
+connection has been established.
|