May 2007

Security Update 2007-5

It’s time again for a security update. It fills some new holes that could be exploited. I’ve installed it on my servers and didn’t run into any issues as expected because of the affected components don’t touch our programs. Read more about the update here. If you haven’t updated yet please do it now !

Included a Lighttpd installation to the documentation

I’ve been looking at Lighttpd for some time now and finally found some time to get it setup and to document the process. I’m not going to replace Apache on my production systems just yet but I thought it would be nice to have a choice. You can find the Lighttpd install instructions here and I also added a page on how to compile PHP5 for Lighttpd as it needs to be compiled differently.

Virtual servers and a SSL/HTTPS setup are planned to follow soon…

If you would like other software included in the documentation project let me know, try to convince me to include it. Donations usually help ;-)

Roundcube updated to 0.1 RC 01

Thomas Bruederli has found the time to release an update on our favorite webmail client Roundcube. It’s still beta, version 0.1 and this is release candidate 1, but as some of you people know it is still pretty solid and very usable. I myself use it everyday when I’m not at home to read my mail! Read more about what has changed and how to download it in the announcement.

There is an update manual included in the download file so there is no need for me to explain, although I had some issues with the database update script and I went for re-initialization of the database. So dropping all tables and run the mysql5.initial.sql script.

If you are new to roundcube, here is my installation manual.

MySQL released version 5.0.41

Yes it’s finally there, the version that includes shared libraries in the binary distribution package which would mean we never have to recompile MySQL ourselves. I’ve downloaded the package and installed it on my test server. The installation went without a problem as usual, but trying to compile PHP brought a new issue, some linking issue with zlib libraries.

/usr/bin/ld: warning multiple definitions of symbol _inflateInit_
/usr/local/mysql/lib/libmysqlclient.dylib(inflate.o) definition of _inflateInit_
/Developer/SDKs/MacOSX10.4u.sdk/usr/lib/gcc/i686-apple-darwin8/4.0.1/../../../libz.dylib(inflate.o) definition of _inflateInit_

I guess we still need to recompile. I hope it is not due to some left over trial I did earlier, could someone confirm my findings ?

Courier updates

Sorry for the late post but I wanted to check the software myself before announcing the updates and let you update your systems. Sam Varshavchik has been busy in April and created fixes and small updates for most of the Courier software stack. The ones that concern us are:

Courier-Auth was updated to 0.59.3

  • Minor fixes in several man pages — workaround for some minor issues with Docbook XML stylesheets
  • Added support for CRAM authentication in the vchkpw module
  • Fix a memory leak when authpipe module is enabled, but the actual authpipe script/external prog is not installed
  • Fix several other pedantic leaks flagged by a static code analysis tool, that occur only after courier-authlib already runs out of memory

Courier-IMAP was updated to 4.1.3

  • Fix several pedantic memory leaks flagged by a static code analysis tool, that occur only after the server already runs out of memory
  • Updated man pages to Docbook XML 4.4
  • Fix parsing of raw 8bit headers

Courier Maildrop was updated to 2.0.4

  • Updated manual pages to Docbook XML V4.4
  • Include the make dat script (the man page is already here)

Updating should be easy, just follow the install instructions as usual.

Next Page »