May 2012

Dovecot updated to 2.1.6

Timo released a new version of Dovecot, I’ve installed it on my test servers and production server without a problem. No security issues solved, upgrade at your own leisure. The noticeable changes are:

  • Session ID is now included by default in auth and login process log lines. It can be added to mail processes also by adding %{session} to mail_log_prefix.
  • Added ssl_require_crl setting, which specifies if CRL check must be successful when verifying client certificates.
  • Added mail_shared_explicit_inbox setting to specify if a shared INBOX should be accessible as “shared/$user” or “shared/$user/INBOX”.
  • v2.1.5: Using “~/” as mail_location or elsewhere failed to actually expand it to home directory.
  • dbox: Fixed potential assert-crash when reading dbox files.
  • trash plugin: Fixed behavior when quota is already over limit.
  • mail_log plugin: Logging “copy” event didn’t work.
  • Proxying to backend server with SSL: Verifying server certificate
    name always failed, because it was compared to an IP address.

And here are the upgrade instructions for Dovecot!

PHP released 5.4.3

The PHP development team first released 5.4.2 which had a security fix for CGI string parameters and shortly thereafter the released 5.4.3 which solved some other security problems with buffer overflows. I urge you to update it if you are using older versions on a production platform. I’ve successfully tested it on my servers without a noticeable problem.

  • Fixed bug #61807 Buffer Overflow in apache_request_headers, CVE-2012-2329.
  • Fixed bug #61910 Improve fix for PHP-CGI query string parameter vulnerability, CVE-2012-2311.
  • Fixed bug #61910 Fix PHP-CGI query string parameter vulnerability, CVE-2012-1823.

To see the complete buglist solved in this release, read them in the ChangeLog.

For instructions on how to upgrade PHP please read: Upgrading PHP.

DIYMacServer is up and running for 5 years

We’ll I couldn’t let this pass by without posting a little tid-bit but today this site is up and running for 5 years. It has been running much longer then anticipated. While I still enjoy running the site I’m finding less time available to spend on maintaining the documentation. Mostly because other stuff is creeping up on my. Having a child growing up, currently 5 years, that requires attention and getting other non-computer related hobby’s do that to you. Since last year I’ve joined a Barbershop Choir with fills me with tremendous energy, I never knew singing could be this much fun.

I will try my utmost to keep everything up to date as much as possible as I know many of you use the information provided and there are still new people joining in. Currently I’m current with all the software but my WordPress installation is way behind and I desperately need to upgrade and I need to do something about the forums which have bee disabled because the spam was getting beyond managing manually.

Everybody: Thanks for all the support, that was and is the main thing I keep running this site.