Sorry that I’m later than I’m supposed to be with this blogpost, but my new day job needs all the attention at the moment. The good news is there are not much problems when you update your Mac with the latest security update. Read more about it in Apple’s Knowledge base article.

On Leopard there is a small known issue with postfix. To correct it comment out or delete the following line from ‘/etc/postfix/main.cf‘:

inet_interfaces = localhost

Restart postfix (reloading config does not work) with:

sudo postfix stop
sudo postfix start

And all should be fine. If you find another issue please use the comments.

A new version of Dovecot has been released a few days ago but I’ve only been able to test it in the last few days. Sorry, my day job is getting a bit hecktic at the moment and is eating in my personal time.

There is mention of moving o a 2.0 version in a few weeks. I hope to have that ready and tested as soon as possible.

Here is a list of the changes:

• Upgraded to Unicode 5.2.0
• Added authtest utility for doing passdb and userdb lookups.
• login: ssl_security string now also shows the used compression.
• quota: Don’t crash with non-Maildir++ quota backend.
• imap proxy: Fixed crashing with some specific password characters.
• dovecot –exec-mail was broken.
• Avoid assert-crashing when two processes try to create index at the same time.

Update: There is a small issue when compiling this version on Leopard. It’s has to do with the fact that Leopard is using an older version (0.7.8) of OpenSSL than Snow Leopard (using 0.9.8).

The error will show itself during the make fase of the build. You would see errors like:

Undefined symbols:
“_SSL_get_current_compression”, referenced from:
_ssl_proxy_get_security_string in liblogin-common.a(ssl-proxy-openssl.o)
“_SSL_COMP_get_name”, referenced from:
_ssl_proxy_get_security_string in liblogin-common.a(ssl-proxy-openssl.o)
ld: symbol(s) not found

You can solve it by downloading and applying this fix, execute the following commands from the 1.2.6 source directory:

curl "http://hg.dovecot.org/dovecot-1.2/raw-file/4add5c3f13ea/configure.in" \
-o ./configure.in
 
curl "http://hg.dovecot.org/dovecot-1.2/raw-file/4add5c3f13ea/src/login-common/ssl-proxy-openssl.c" \
-o ./src/login-common/ssl-proxy-openssl.c

Then run the normal ./configure and make statements from the regular install instructions.

For everyone who has not updated to a 5.1.x version. This is a bug fix release and it is up to you if you want to upgrade. If you don’t have any current issues you don’t need to upgrade.

Check all the fixes that are listed on the release notes to see what issues are resolved and if you are affected.

I’ve compiled this version and did some simple tests on Leopard and Tiger and both can be compiled and installed using the instructions in the documentation set without problems.

Read the documentation on how to ugrade MySQL.

For everyone who has upgraded to a 5.1.x version. This is again a bug fix release like 5.1.39 and it is up to you if you want to upgrade. There are no apparent security issues solved in this release. This is a very quick release after 5.1.38.

Check all the fixes and changes that are listed on the release notes to see what issues are resolved and if you are affected. Most of them are concerning replication.

I’ve compiled this version and did some simple tests on my test servers and it worked without any problems.

Read the documentation on how to ugrade MySQL.

For the people still running the Courier setup. Yes I know I still need to publish the migration scenario. The IMAP server got a small update. It is not a security fix so if you haven’t run into any problems you can skip this one.

Issues solved in this release are:

• outbox.c (imapd_sendmsg): Renamed sendmsg() to avoid library name clash.
• courier.sysvinit.in: Fix typo in init file.
• tls: change the default OpenSSL configuration to disable anonymous
  authentication ciphers.
• DROP options for couriertcpd, set in the esmtpd configuration file: drop connections from blacklisted IP addresses, rather than accepting connections and rejecting all mail from them.

PHP have released an update to the 5.2.x version. Many people still have problems with the backwards compatibility of 5.3 and are still using 5.2.10. In this release which is a security bug-fix and if you are running 5.2.10 I would urge you to upgrade.

Security Enhancements and Fixes in PHP 5.2.11:

• Fixed certificate validation inside php_openssl_apply_verification_policy.
• Fixed sanity check for the color index in imagecolortransparent().
• Added missing sanity checks around exif processing.
• Fixed bug #44683 (popen crashes when an invalid mode is passed).

Key enhancements in PHP 5.2.11 include:

• Fixed regression in cURL extension that prevented flush of data to output defined as a file handle.
• A number of fixes for the FILTER_VALIDATE_EMAIL validation rule
• Fixed bug #49361 (wordwrap() wraps incorrectly on end of line boundaries).
• Fixed bug #48696 (ldap_read() segfaults with invalid parameters)
• Fixed bug #48645 (mb_convert_encoding() doesn’t understand hexadecimal html-entities).
• Fixed bug #48619 (imap_search ALL segfaults).
• Fixed bug #48400 (imap crashes when closing stream opened with OP_PROTOTYPE flag).
• Fixed bug #47351 (Memory leak in DateTime).
• Over 60 bug fixes.

For instructions on how to upgrade PHP please read: Upgrading PHP.

A new verison of Dovecot has been released a few days ago but I’ve only been able to test it today, sorry busy week.

The bugfixes include:

• Authentication: DIGEST-MD5 and RPA mechanisms no longer require user’s login realm to be listed in auth_realms. It only made configuration more difficult without really providing extra security.
• zlib plugin: Don’t allow clients to save compressed data directly. This prevents users from exploiting (most of the) potential security holes in zlib/bzlib.
• Added pop3_save_uidl setting.
• dict quota: When updating quota and user isn’t already in dict, recalculate and save the quota.
• file_set_size() was broken with OSes that didn’t support posix_fallocate() (almost everyone except Linux), causing all kinds of index file errors.
• v1.2.4 index file handling could have caused an assert-crash
• IMAP: Fixes to QRESYNC extension.
• virtual plugin: Crashfix
• deliver: Don’t send rejects to any messages that have Auto-Submitted
  header. This avoids emails loops.
• Maildir: Performance fixes, especially with maildir_very_dirty_syncs.
• Maildir++ quota: Limits weren’t read early enough from maildirsize file (when quota limits not enforced by Dovecot)
• Message decoding fixes (mainly for IMAP SEARCH, Sieve).

I’ve updated my test server with Mac OSX 10.6.1 The update went without any problem and my setup was not affected in a negative way. It took me some time to check everything.

If you want to read more on what is affected in the updates I would suggest reading the Apple support site for the 10.6.1 update.

In case of doubt, please make a full bootable disk image backup with Carbon Copy Cloner before you start. There are some people having reported problems with previous update so better be safe then sorry!

It’s looking mighty fine from a user perspective, even more now as I use my MBP for work in a Microsoft environment. The Exchange integration with Addressbook and iCal is very welcome. I will find out more next week when I get back in the office.

But as I also use my MBP as the 64 bit test server. I was very dissapointed to find out that a lot was gone aftet the upgrade. All launchdaemon plist files where gone so nothing was started. Postfix binary had been replaced (was to be expected). All the configuration for Apache was gone, Postfix config replaced (but old ones renamed). Still assessing most of the damage at the moment.

But first success was that the Apache installation for Leopard also works for Snow Leopard. Don’t forget to install the XCode package from the Snow Leopard install DVD.

By the way I had to buy a copy today (which was hard because it was sold out at many places) because the family pack was not yet available.

I will post of my findings tomorrow.

Update: If you follow me on Twitter I will give you earlier smaller notifications on my discoveries! Twitter.com/diymacserver

Postfix 2.6.5 has been released a few days ago during my holiday and I jut finished installing and testing it on my test server and it all works as one should expect. There are no major changes in this release just some bugfixes which had not affected my systems.

The official release note for 2.6.5.

The stable release Postfix 2.6.5 addresses the defects described below (some already addressed with the not-announced Postfix 2.6.3 release). These defects are also addressed in the legacy releases that are still maintained: Postfix 2.5.9, 2.4.13 and 2.3.19.

Do not use Postfix 2.6.4, 2.5.8, 2.4.12, 2.3.18, 2.7-20090807, and 2.7-20090807-nonprod. These contain a DNS workaround that causes more trouble than it prevents. It is removed until further notice.

Defects fixed with Postfix 2.6.3, 2.5.9, 2.4.13 and 2.3.19:

• The Postfix Milter client got out of step with a Milter application after the application sent a “quarantine” request at end-of-message time. The Milter application would still be in the end-of-message state, while Postfix would already be working on the next SMTP event, typically, QUIT or MAIL FROM. In the latter case, Milter responses for the previously-received email message would be applied towards the next MAIL FROM transaction. This problem was diagnosed with help from Alban Deniz.

Defects fixed with Postfix 2.6.5, 2.5.9, 2.4.13 and 2.3.19:

• The Postfix SMTP server would abort with an “unexpected lookup table” error when an SMTPD policy server was mis-configured in a particular way.

For instructions on how to upgrade Postfix please read Upgrading Postfix.