Again a new version of Dovecot is released. As far as I can tell it’s just a bug fix release (mostly concerning ACL’s) and not a security fix. I think that if you are not affected then you are not required to upgrade and can skip this one. But sometimes it’s better to be safe then sorry.

Now I’ve got my production server running Dovecot (finally) and can tell you that it really rocks and I performed the upgrade without any problem. Just configure, compile and install as per instructions and then kill the current running dovecot process. The new version should start automatically.

Just an small remark, just saw in my Wordpress dashboard before posting this, that I’ve passed the 200 blogposts on this blog. That is excluding the 134 pages (the actual documentation) and the 920 comments (which I tend to prune every now and then to keep them relevant).

For everyone who is using to a 5.1.x version. This is a bug fix release and it is up to you if you want to upgrade. Check all the fixes and changes that are listed on the release notes to see what issues are resolved and if you are affected. Most of them are about replication which we don’t use in our setup. If you are still using a 5.0.x version I would urge you to plan a upgrade to a 5.1.x version.

I’ve compiled this version and did some simple tests on my servers and it worked without any problems.

Read the documentation on how to ugrade MySQL.

The PHP development team released a new version of the 5.3.x release. Before you upgrade to a 5.3.x release on a production machine, please check if all PHP based apps are supporting 5.3.x as there are some compatibility problems and you might get some strange results. This release focuses on improving the stability of the PHP 5.3.x branch with over 100 bug fixes, some of which are security related. This version introduces a new incompatible change with older versions of 5.3.x which affect the use of namespaces.

During compilations tests I’ve discovered some problems which made it impossible to use it with the mysqli module. The error you would get is:

In file included from /Users/richard/php-5.3.3/ext/mysqli/php_mysqli_structs.h:57,
from /Users/richard/php-5.3.3/ext/mysqli/mysqli.c:33:
/usr/local/mysql/include/mysql/my_global.h:1008: error: duplicate ‘unsigned’
/usr/local/mysql/include/mysql/my_global.h:1008: warning: useless type name in empty declaration
make: *** [ext/mysqli/mysqli.lo] Error 1

I’d twittered about it and got a prompt response from Rasmus Lerdorf with a patch which resolves the problem. if you apply the patch before compiling everything will be fine. I would expect that the people at PHP will release an update within a few days.

The problems, bugs and security enhancements which were introduced in 5.3.3 you can read about them in the ChangeLog.

For instructions on how to upgrade PHP please read: Upgrading PHP.

The PHP development team have released PHP 5.2.14. This release focuses on improving the stability of the PHP 5.2.x branch with over 60 bug fixes, some of which are security related. All users of the PHP 5.2.x branch are encouraged to upgrade to this release. I’ve tested this on my test servers and it works without a problem. The biggest security enhancements and fixes in PHP 5.2.14 are:

Security Enhancements and Fixes in PHP 5.2.14:

• Rewrote var_export() to use smart_str rather than output buffering, prevents data disclosure if a fatal error occurs.
• Fixed a possible interruption array leak in strrchr().(CVE-2010-2484)
• Fixed a possible interruption array leak in strchr(), strstr(), substr(), chunk_split(), strtok(), addcslashes(), str_repeat(), trim().
• Fixed a possible memory corruption in substr_replace().
• Fixed SplObjectStorage unserialization problems (CVE-2010-2225).
• Fixed a possible stack exaustion inside fnmatch().
• Fixed a NULL pointer dereference when processing invalid XML-RPC requests (Fixes CVE-2010-0397, bug #51288).
• Fixed handling of session variable serialization on certain prefix characters.
• Fixed a possible arbitrary memory access inside sqlite extension. Reported by Mateusz Kocielski.

Key enhancements in PHP 5.2.14 include:

• Upgraded bundled PCRE to version 8.02.
• Updated timezone database to version 2010.5.
• Fixed bug #52238 (Crash when an Exception occured in iterator_to_array).
• Fixed bug #52237 (Crash when passing the reference of the property of a non-object).
• Fixed bug #52041 (Memory leak when writing on uninitialized variable returned from function).
• Fixed bug #51822 (Segfault with strange __destruct() for static class variables).
• Fixed bug #51552 (debug_backtrace() causes segmentation fault and/or memory issues).
• Fixed bug #49267 (Linking fails for iconv on MacOS: “Undefined symbols: _libiconv”).

For a full list of changes in PHP 5.2.14 see the ChangeLog.

For instructions on how to upgrade PHP please read: Upgrading PHP.

Had some time to spare today so a bit quicker then anticipated here is step 2 in the migration from Courier to Dovecot. In this step we move away from Courier-Auth to the Dovecot built in authentication module for the Postfix SASL SMTP authentication.

Read on for more information on step 2 for the migration.

Finally I’ve started the official migration of my production server from the Courier programs to Dovecot. I’ve done it several times on a test server but that is nothing compared to doing it or real on a server where there are a lot more emails and users working on.

I already ran into some problems that I haven’t seen one any of my test runs, which shows that it was good to do this upgrade myself for real before posting the full writeup. I’m posting the migration in several independent steps which you can do at your own leisure and speed. After each step you will have a fully functioning mailserver where only a small part of the setup has been changed. In this manner everything should be manageable and hopefully will not pose to many issues.

In the first step we are going to replace the Courier IMAP server with the Dovecot IMAP server. The instructions will work for Leopard and Snow Leopard. The next step will be about replacing Courier Auth with the Dovecot Auth module.

But no time to waste, read the first step in migrating from Courier to Dovecot.

A new version of Dovecot has been released. As far as I can tell it’s just a bug fix release and not a security fix. I think that if you are not affected then you are not required to upgrade and can skip this one. But sometimes it’s better to be safe then sorry.

• deliver: Don’t crash when a message with Auto-submitted: header gets rejected.
• lib-storage: Fixed header searches to work correctly when there are multiple headers with same name.
• dict client: Disconnect from dict server after 1 second of idling.
• dict: If process crashed, it wasn’t automatically restarted
• dict file: If dict file’s group permissions equal world permissions, don’t try to change its gid.
• maildir: Fixed a memory leak when copying with hardlinks.
• maildir: Expunging last messages may have assert-crashed if their filenames had just changed.

For all who are using to a 5.1.x version. This is a bug fix release and it is up to you if you want to upgrade. Check all the fixes and changes that are listed on the release notes to see what issues are resolved and if you are affected. Most of them are about replication and partitioning, none of which we actually use in our setup.

I’ve compiled this version and did some simple tests on my test servers and it worked without any problems.

Read the documentation on how to ugrade MySQL.

I’ve installed the updates on all my test machines running Snow Leopard 10.6.3 and Leopard 10.5.8 and I’ve noticed the following problems:

Leopard

On Leopard there are the small known issues with postfix. To correct it perform the following steps after the updates:

Re-install postfix by going into your latest source directory you’ve used the last time and run

sudo make install

Next, comment out or delete the following line from ‘/etc/postfix/main.cf‘:

inet_interfaces = localhost

Restart postfix (reloading config does not work) with:

sudo postfix stop

Postfix should restart automatically (if not run sudo postfix start).

Snow Leopard

Could not detect any postfix problems which I find suspicious but I can’t find the same postfix problems on Snow Leopard. If you can confirm this please leave a comment.

To read more on the updates read the Apple Knowledge Base article on this update.

I had someone reporting a problem with php which got replaced, but he used the default apache installation. So if you use the default apache and did not compile it please check your version of php. It might have been updated.

Thank you Wietse, I was waiting for this update as it fixes the problem we had on Snow Leopard woth the nameserver include. I was told by another user that Wietse was going to release a fix and here it is. Now we can compile Postfix without editing the source code. All the bugs fixed are:

• Bugfix (introduced Postfix 2.6) in the XFORWARD implementation, which sends remote SMTP client attributes through SMTP-based content filters. The Postfix SMTP client did not skip “unknown” SMTP client attributes, causing a syntax error when sending an “unknown” client PORT attribute.
• Robustness: skip LDAP queries with non-ASCII search strings, instead of failing with a database lookup error.
• Safety: Postfix processes now log a warning when a matchlist has a #comment at the end of a line (for example mynetworks or relay_domains).
• Portability: OpenSSL 1.0.0 changes the priority of anonymous cyphers.
• Portability: Mac OS 10.6.3 requires instead of .
• Portability: Berkeley DB 5.x is now supported.

No functionality has been removed, but it is a good idea to review the RELEASE_NOTES file for the usual minor incompatibilities or limitations.

Next up: updating the documentation to reflect the fact that you don’t need to update the source code.

For instructions on how to upgrade Postfix please read Upgrading Postfix.