June 2007

Update for Mac OS X 10.4.10 and Security Update 2007-6

Well, that was not expected, another update before we hit Leopard. It was followed by a security update a day later as well. You can install them without any issues related to our server software. There is however a problem reported with popping noises coming from the speakers on Intel Mac’s after installing this update. I haven’t noticed it myself but be warned.

More about the software update or the security update

Outage again… Sorry.

Sorry for having the site offline, almost for 24 hours this time. The cause, a telco-telco migration of my DSL line! My ISP has been taken over by another larger ISP and now they are moving everybody to the new owners network. The actual move yesterday wasn’t announced, I only noticed I was suddenly offline while I wasn’t at home and couldn’t do a thing. We’ll see how they will perform and if it will become a buggy connection I guess I’ll have to get myself a different ISP.

PHP updated to 5.2.3

The PHP development team released a new version of PHP called 5.2.3. Sorry it took some time to blog about it but I had a problem testing it. There was a problem getting it compiled for Lighttpd (the new webserver in the documentation set). It took me a while as it wasn’t quite clear why it didn’t work properly but I found out that the ‘make install’ script has changed to rename the fastcgi version of php to php-cgi and have a cli version of the php binary. This wasn’t the case when using the previous version where the php binary was also usable as a fastcgi. So I had to change the documentation as well.

Here are the major changes, bugfixes, improvements and new features:

Security Enhancements and Fixes in PHP 5.2.3:

  • Fixed an integer overflow inside chunk_split() (by Gerhard Wagner, CVE-2007-2872)
  • Fixed possible infinite loop in imagecreatefrompng. (by Xavier Roche, CVE-2007-2756)
  • Fixed ext/filter Email Validation Vulnerability (MOPB-45 by Stefan Esser, CVE-2007-1900)
  • Fixed bug #41492 (open_basedir/safe_mode bypass inside realpath()) (by bugs dot php dot net at chsc dot dk)
  • Improved fix for CVE-2007-1887 to work with non-bundled sqlite2 lib.
  • Added mysql_set_charset() to allow runtime altering of connection encoding.

The key improvements of PHP 5.2.3 include:

  • Improved compilation of heredocs and interpolated strings.
  • Optimized out a couple of per-request syscalls.
  • Optimized digest generation in md5() and sha1() functions.
  • Fixed bug #41236 (Regression in timeout handling of non-blocking SSL connections during reads and writes)
  • Fixed bug #39542 (Behavior of require/include different to < 5.2.0)
  • Fixed bug #41293 (Fixed creation of HTTP_RAW_POST_DATA when there is no default post handler)
  • Fixed bug #41347 (checkdnsrr() segfaults on empty hostname)
  • Fixed bug #41353 (crash in openssl_pkcs12_read() on invalid input)
  • Fixed bug #41403 (json_decode cannot decode floats if localeconv decimal_point is not ‘.’)
  • Fixed bug #41421 (Uncaught exception from a stream wrapper segfaults)
  • Fixed bug #41504 (json_decode() incorrectly decodes JSON arrays with empty string keys).
  • Over 40 bug fixes.

For users upgrading from PHP 5.0 and PHP 5.1, an upgrade guide is available
here, detailing the changes between those releases
and PHP 5.2.3.

For a full list of changes in PHP 5.2.3, see the ChangeLog.

Postfix updated and tested to 2.4.3

Wietse just released a quick update on the just released 2.4.2, it looks like the 2.4.2 release introduced a compiler bug on some platforms which was easily fixed. The bugs solved in this last release where:

  • 20070425
    Bugfix: don’t falsely report “lost connection from localhost[]” when Postfix is being portscanned. Files: smtpd/smtpd_peer.c, qmqpd/qmqpd_peer.c.
  • 20070430
    Robustness: recommend a “0″ process limit for policy servers to avoid “connection refused” problems when the smtpd process limit exceeds the default process limit. File: proto/SMTPD_POLICY_README.html.
  • 20070501
    Safety: when IPv6 (or IPv4) is turned off, don’t treat an IPv6 (or IPv4) connection from e.g. inetd as if it comes from localhost[]. Files: smtpd/smtpd_peer.c, qmqpd/qmqpd_peer.c.
  • 20070508
    Bugfix: Content-Transfer-Encoding: attribute values are case insensitive. File: src/cleanup/cleanup_message.c.
  • 20070514
    Bugfix: mailbox_transport(_maps) and fallback_transport(_maps) were broken when used with the error(8) or discard(8) transports. Cause: insufficient documentation. Files: error/error.c, discard/discard.c.
  • 20070520
    Bugfix (problem introduced Postfix 2.3): when DSN support was introduced it broke “agressive” recipient duplicate elimination with “enable_original_recipient = no”. File: cleanup/cleanup_out_recipient.c.
  • 20070529
    Bugfix (introduced Postfix 2.3): the sendmail/postdrop commands would hang when trying to submit a message larger than the per-message size limit. File: postdrop/postdrop.c.
  • 20070530
    Sabotage the saboteur who insists on breaking Postfix by adding gethostbyname() calls that cause maildir delivery to fail when the machine name is not found in /etc/hosts, or that cause Postfix processes to hang when the network is down.
  • 20070531
    Portability: Victor helpfully pointed out that change 20070425 broke on non-IPv6 systems. Files: smtpd/smtpd_peer.c, qmqpd/qmqpd_peer.c.

If you have no issues currently and all is working fine, there is no real need to upgrade. If it ain’t broke, don’t fix it.