October 2010

Dovecot updated to 2.0.6

It’s a busy weekend with 2 updates for me and Timo found another couple of errors in Dovecot 2.x and released a new version. I’ve compiled and tested it without any issues…

  • Pre-login CAPABILITY includes IDLE again. Mainly to make Blackberry servers happy.
  • auth: auth_cache_negative_ttl default was 0 in earlier v2.0.x, but it was supposed to be 1 hour as in v1.x. Changed it back to 1h. If you want it disabled, make sure doveconf shows it as 0.
  • dbox: Added support for saving mail attachments to external files, with also support for single instance storage. This feature hasn’t had much testing yet, so be careful with it.
  • doveadm: Added import command for importing mails from other storages.
  • Reduced NFS I/O operations for index file accesses
  • dbox, Maildir: When copying messages, copy also already cached fields from dovecot.index.cache
  • mdbox: Added mdbox_preallocate_space setting (Linux+ext3/XFS only)
  • Maildir: LDA/LMTP assert-crashed sometimes when saving a mail.
  • Fixed leaking fds when writing to dovecot.mailbox.log.
  • Fixed rare dovecot.index.cache corruption
  • IMAP: SEARCH YOUNGER/OLDER wasn’t working correctly

Apache updated to 2.2.17

The Apache team have released a security update to the popular webserver. This version of Apache is principally a bug fix release, and a security fix release of the APR-util 1.3.10 dependency; I would advise you to upgrade your server accordingly. I’ve tested and updated all my servers without any problem. Read all about the changes and bugs fixed in the 2.2.17 changelog.

  • SECURITY: CVE-2010-1623 (cve.mitre.org) Fix a denial of service attack against apr_brigade_split_line().
  • SECURITY: CVE-2009-3560, CVE-2009-3720 (cve.mitre.org) Fix two buffer over-read flaws in the bundled copy of expat which could cause httpd to crash while parsing specially-crafted XML documents.

If you’ve forgotten how to upgrade your Apache installation in the least painfull way with a possibility to go back if something goes wrong: Upgrading Apache

MySQL released 5.1.51

MySQL released version 5.1.51, this is a bug fix release which also includes some security fixes and it is up to you if you want to upgrade. Check all the fixes and changes that are listed on the release notes to see what issues are resolved and if you are affected. Most of them are about replication which we don’t use in our setup.

If you are still using a 5.0.x version I would urge you to plan a upgrade to a 5.1.x version.

I’ve compiled this version and did some tests on my servers and it worked without any problems.

Read the documentation on how to ugrade MySQL.

Dovecot updated to 2.0.5

Sorry for the late post but the updates kept coming sooner then I could test them. So I’ve skipped 2.0.3 and 2.0.4 and tested 2.0.5 directly. i’ve updated 2 of my test machines, didn’t have time yet for the production machine, and it’s running fine with the improvements noted below:

  • acl: Fixed the logic of merging multiple ACL entries. Now it works as documented, while previously it could have done slightly different things depending on the order of the entries.
  • virtual: Allow opening virtual mailboxes that refer to non-existing mailboxes. It seems that the benefits of this outweigh the lack of error message when typoing a mailbox name.
  • Added some disk I/O optimizations to Maildir and index code. They’re especially helpful with short-lived connections like POP3.
  • pop3: Added pop3_fast_size_lookups setting.
  • doveconf sometimes failed with complaining about missing ssl_key setting, causing e.g. dovecot-lda to fail.
  • lda: If there’s an error in configuration, doveconf didn’t exit with EX_TEMPFAIL as it should have.
  • sdbox: Fixed memory leak when copying messages with hard links.
  • zlib + sdbox combination didn’t work
  • zlib: Fixed several crashes, which mainly showed up with mbox.
  • quota: Don’t crash if user has quota disabled, but plugin loaded.
  • doveadm fetch uid was actually returning sequence, not uid.
  • 2.0.4′s subscription listing ignored (and logged a warning about) subscriptions=no namespaces’ entries in some configurations. (So listing shared mailboxes’ subscriptions could have been broken.)
  • acl: Fixed crashing when sometimes listing shared mailboxes via dict proxy.

Dovecot updated to 1.2.15

A new version has been released of the 1.2.x branch for the people who haven’t upgraded to the Dovecot 2.x branch. I’ve installed 1.2.15 on my test machine still running 1.2.x and didn’t find any issues with it (production is already running 2.x). The improvements are:

  • acl: Fixed the logic of merging multiple ACL entries. Now it works as documented, while previously it could have done slightly different things depending on the order of the entries.
  • acl: Don’t give admin rights to all owner mailboxes. This was originally done to make sure that mailbox owner couldn’t accidentally remove their own admin rights. But this is already prevented by SETACL command, so it’s not necessary. Also sysadmin may have intentionally removed some admin rights from some mailboxes (especially when using symlinked shared mailboxes).
  • Maildir: Fixed potential “Duplicate file entry” in dovecot-uidlist file errors.
  • Maildir: Avoid unnecessary uidlist recreation during mail delivery.
  • imap: When SELECT fails, it didn’t close the previous mailbox.
  • Dovecot master process could have died if it got SIGCHLD signals very rapidly while it was trying to log. This could have happened for example if a lot of imap/pop3 sessions disconnected at the exact same time.