Re: Cyrus IMAPd 2.2.13p1 & 2.3.15 Released

2009-09-10 Thread Simon Matter
> > I have a fixed clean-shutdown that applies over the zlib changes in my > github repository. I went through and re-ordered everything so I could > pop this to the top of the patch queue. > >> It has worked very well for us in the past and I'd love to see this one >> go >> in. > > Yeah - I need

Re: Cyrus IMAPd 2.2.13p1 & 2.3.15 Released

2009-09-10 Thread Sebastian Hagedorn
-- Bron Gondwana is rumored to have mumbled on 10. September 2009 14:49:14 +1000 regarding Re: Cyrus IMAPd 2.2.13p1 & 2.3.15 Released: While we're at it, what about #2642? <https://bugzilla.andrew.cmu.edu/show_bug.cgi?id=2642> We were recently bitten by that particular

Re: Cyrus IMAPd 2.2.13p1 & 2.3.15 Released

2009-09-10 Thread Bron Gondwana
On Thu, Sep 10, 2009 at 09:59:32AM +0200, Simon Matter wrote: > > On Wed, Sep 09, 2009 at 10:20:33PM +0200, Simon Matter wrote: > >> 2) Old (ancient) zlib doesn't have the deflateBound() function. Looks > >> like > >> at least zlib >= 1.2.x is needed. Maybe the zlib detection could also > >> check

Re: Cyrus IMAPd 2.2.13p1 & 2.3.15 Released

2009-09-10 Thread Simon Matter
> On Wed, Sep 09, 2009 at 10:20:33PM +0200, Simon Matter wrote: >> 2) Old (ancient) zlib doesn't have the deflateBound() function. Looks >> like >> at least zlib >= 1.2.x is needed. Maybe the zlib detection could also >> check the version of the deflateBound() function? > > Try this patch (attached

Re: Cyrus IMAPd 2.2.13p1 & 2.3.15 Released

2009-09-10 Thread Bron Gondwana
On Wed, Sep 09, 2009 at 10:20:33PM +0200, Simon Matter wrote: > 2) Old (ancient) zlib doesn't have the deflateBound() function. Looks like > at least zlib >= 1.2.x is needed. Maybe the zlib detection could also > check the version of the deflateBound() function? Try this patch (attached) and see i

Re: Cyrus IMAPd 2.2.13p1 & 2.3.15 Released

2009-09-10 Thread Duncan Gibb
Bron Gondwana wrote: DBR> BG> we use nginx in front of cyrus, so we don't use the built-in BG> tls engine at all. I wouldn't feel comfortable testing this BG> one. Is anyone running it on top of 2.3.14, or only on the BG> 2.2 series? Not y

Re: Cyrus IMAPd 2.2.13p1 & 2.3.15 Released

2009-09-09 Thread Simon Matter
> (un-CCed CERT, they don't care!) > > On Wed, Sep 09, 2009 at 10:20:33PM +0200, Simon Matter wrote: >> > I'd like to announce the releases of Cyrus IMAPd 2.2.13p1 and 2.3.15. >> > These releases should both be considered production quality. These >> > releases are being made at this time to fix t

Re: Cyrus IMAPd 2.2.13p1 & 2.3.15 Released

2009-09-09 Thread Bron Gondwana
(un-CCed CERT, they don't care!) On Wed, Sep 09, 2009 at 10:20:33PM +0200, Simon Matter wrote: > > I'd like to announce the releases of Cyrus IMAPd 2.2.13p1 and 2.3.15. > > These releases should both be considered production quality. These > > releases are being made at this time to fix the poten

Re: Cyrus IMAPd 2.2.13p1 & 2.3.15 Released

2009-09-09 Thread Bron Gondwana
On Wed, Sep 09, 2009 at 07:31:51PM +0200, Sebastian Hagedorn wrote: > -- David R Bosso is rumored to > have mumbled on 9. September 2009 10:07:31 -0700 regarding Re: Cyrus > IMAPd 2.2.13p1 & 2.3.15 Released: > > >Is there a specific reason the patch for bug #3159 wasn

Re: Cyrus IMAPd 2.2.13p1 & 2.3.15 Released

2009-09-09 Thread Simon Matter
> I'd like to announce the releases of Cyrus IMAPd 2.2.13p1 and 2.3.15. > These releases should both be considered production quality. These > releases are being made at this time to fix the potential buffer > overflow vulnerability described in CERT VU#336053: > http://www.kb.cert.org/vuls/id/336

Re: Cyrus IMAPd 2.2.13p1 & 2.3.15 Released

2009-09-09 Thread Adam Tauno Williams
On Wed, 2009-09-09 at 09:47 -0400, Ken Murchison wrote: > I'd like to announce the releases of Cyrus IMAPd 2.2.13p1 and 2.3.15. > These releases should both be considered production quality. These > releases are being made at this time to fix the potential buffer > overflow vulnerability descri

Re: Cyrus IMAPd 2.2.13p1 & 2.3.15 Released

2009-09-09 Thread Sebastian Hagedorn
-- David R Bosso is rumored to have mumbled on 9. September 2009 10:07:31 -0700 regarding Re: Cyrus IMAPd 2.2.13p1 & 2.3.15 Released: Is there a specific reason the patch for bug #3159 wasn't included? I've been adding it locally and just wondering if should continue to do so.

Re: Cyrus IMAPd 2.2.13p1 & 2.3.15 Released

2009-09-09 Thread David R Bosso
Is there a specific reason the patch for bug #3159 wasn't included? I've been adding it locally and just wondering if should continue to do so. Thanks. -David --On September 9, 2009 9:47:14 AM -0400 Ken Murchison wrote: > I'd like to announce the releases of Cyrus IMAPd 2.2.13p1 and 2.3.15

Cyrus IMAPd 2.2.13p1 & 2.3.15 Released

2009-09-09 Thread Ken Murchison
I'd like to announce the releases of Cyrus IMAPd 2.2.13p1 and 2.3.15. These releases should both be considered production quality. These releases are being made at this time to fix the potential buffer overflow vulnerability described in CERT VU#336053: http://www.kb.cert.org/vuls/id/336053 Th