April 2012

PHP released 5.4.1

The PHP development team released 5.4.1, it contains some security updates and I urge you to update it if you were using 5.4.0 on a production platform. I’ve successfully tested it on my servers without a noticeable problem.

  • Fixed bug #54374 (Insufficient validating of upload name leading to corrupted $_FILES indices). (CVE-2012-1172).
  • Add open_basedir checks to readline_write_history and readline_read_history.

To see the complete buglist solved in this release, read them in the ChangeLog.

For instructions on how to upgrade PHP please read: Upgrading PHP.

Apache updated to 2.4.2

Apache got updated last week, finally got round to getting this tested. It’s now running on all my servers without a problem. Please note that the APR modules are not updated, you could copy them from the 2.4.1 directory.

For compiling read the last update and the additional notes that followed.

Dovecot updated to 2.1.5

First my apologies, due to the other priorities I completely missed the 2.1.4 release. Hopefully you didn’t run into any problems. I’ve tested and deployed 2.1.5 on my servers today without a problem. The list of fixes for 2.1.5 include:

  • IMAP: When neither the session nor the mailbox has modseq tracking enabled, return the mailbox as having NOMODSEQ in SELECT/EXAMINE reply. Old versions in this situation always simply returned HIGHESTMODSEQ as 1, which could have broken some clients.
  • dict file: Added optional fcntl/flock locking (default is dotlock)
  • fts-solr: doveadm fts rescan now resets indexes, which allows reindexing mails. (This isn’t a full rescan implementation like fts-lucene has.)
  • doveadm expunge: Added -d parameter to delete mailbox if it’s empty after expunging.
  • IMAP: Several fixes related to mailbox listing in some configs
  • director: A lot of fixes and performance improvements
  • v2.1.4 didn’t work without a mail home directory set
  • mbox: Deleting a mailbox didn’t delete its index files.
  • pop3c: TOP command was sent incorrectly
  • trash plugin didn’t work properly
  • LMTP: Don’t add a duplicate Return-Path: header when proxying.
  • listescape: Don’t unescape namespace prefixes.

And here are the upgrade instructions for Dovecot!