Categories
Windows

Memorandum #5.

同一記事の日本語版
Update information      Edit(Aug.28)
  1. I found their announcement of PHP 5.6.0 GA on the article about RC4, wow! I can’t wait.
  2. I updated Apache 2.4.10 (httpd-2.4.10-win32-VC11.zip) which was built with openssl-1.0.1i. The reason is this advisory, OpenSSL Security Advisory [6 Aug 2014]. I knew this news but Steffen replied “Coming days the builds here at Apache Lounge are going to be upgraded. It has not that priority and severity ~” to Jan-E. So I waited to be upgraded.
  3. I read a lot of articles about the troubles with Windows Update 2014 Aug. Though I had no trouble with my own PCs, I uninstalled the following updates that were installed on my PCs. Because I heard they suggested to uninstall KB2982791, KB2970228, KB2975719 and KB2975331 even if currently no trouble.
    • Windows8.1(x86) on NJ2100
      KB2982791
      KB2975719
    • Windows7 SP1(x64) on CF-J10
      KB2982791
      KB2970228
    • Windows7 SP1(x86) on xw4200
      KB2982791
      KB2970228
    • Windows Vista SP2(x86) on KeyPaso
      KB2982791

    In the past, Windows update gave us troubles almost every time, but I feel this was the first mess in quite a while. How about your feelings? (^_~)

Edit(Aug.28):
   Hey! We have new MS14-045 update KB2993651. See Microsoft Security Bulletin MS14-045 – Important.

Categories
Windows

Updating to PHP5.5.15.

同一記事の日本語版
Update information      Edit(Aug.1)

   They released PHP5.5.15 on Jul-24 01:03:48UTC. So, I updated my PHP from 5.5.14 to 5.5.15 on my Web server (Windows7HP+SP1(x86)). ChangeLog.

   PHP 5.6.0RC3 is delayed than planned. What’s happening?

   By the way, I read “Fix a memory consumption denial of service in the WinNT MPM” on Changes with Apache 2.4.10. So I stopped using the word around. But it did not work well. On the next day, I rolled back the work around.

Edit(Aug.1):
   Finally they released PHP 5.6.0RC3. It’s two weeks later than scheduled. They say their next Release Candidate should show up on the 14th of August. Is PHP 5.6.0GA going to show up in September?

Categories
Uncategorized

Updating to Apache 2.4.10.

同一記事の日本語版

   Apache HTTP Server 2.4.10 was released. It includes five security patches. It has a new module named mod_authnz_fcgi, so httpd.conf has a following added line.
    #LoadModule authnz_fcgi_module modules/mod_authnz_fcgi.so
   On the Windows version it was upgraded pcre from 8.34 to 8.35 and APR from 1.5.0 to 1.5.1.

   I downloaded httpd-2.4.10-win32-VC11.zip (17 Jul) from the ApacheLounge for my Windows7 server. If you need the information about Apache 2.4.x configuration on Windows, see my post ‘To create a Wamp-like Web Server in Windows7-#1.‘.

Categories
Windows

Updating to PHP5.5.14.

同一記事の日本語版

   They released PHP5.5.14 on Jun-25 23:06:26UTC. So, I updated my PHP from 5.5.13 to 5.5.14 on my Web server (Windows7HP+SP1(x86)).

   According to ChangeLog, this includes eight CVE fixes, oh! my gosh. They also concerns about bug 67072. If you have issues related to this and need more information, you should visit their upgrading guide.

   The php.ini-production has no change. As the official PHP binary includes php5apache2_4.dll, I extract the zip archive and replace all PHP5.5.13 files with all PHP5.5.14 files except my php.ini. Then, I restart my Apache. That’s it.

   If you need how to configure PHP5.5, please see the post. It is for a mbstrings user, but the information gives some help for you.

   I used this opportunity to update to phpMyAdmin 4.2.5 and MariaDB 10.0.12. If you need more information about their configuration, Please see “phpMyAdmin 4.2.0 is released” and “MariaDB 5.5“.

Categories
WordPress

A solution of “SSL3_READ_BYTES:sslv3 alert handshake failure” on WordPress.

同一記事の日本語版

   Since WordPress that was version 3.7 had a ca-bundle.crt in its wp-includes folder, I’ve had troubles when I upgrade my WordPress Network. I misunderstood the message “Warning! Problem updating https://SITENAME.” meant one of my sites had a trouble, but now I think it meant the first site the WordPress checked out was wrong and the WordPress had no information about the rest of my sites.

   First I had the “Error message: SSL certificate problem: self signed certificate in certificate chain” because I use a self-signed certificate. But Oiram gave me its solution. All I need is to add my CA cert data to the ca-bundle.crt.

   Next I had the “Error message: error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure”. I’ve had a hard time with this trouble for more than two months. Finally, I have the complete solution of this today \(^o^)/.

   I look back now and think the trouble had three issues.

  1. My client.crt had no ssl_client extension. so I re-made a client.crt with ssl_client extension like this. The reference of this is “sslv3 alert handshake failure when using SSL client auth”.
    First, I added the next text to the end of my openssl.cnf.

    [ ssl_client ]
    basicConstraints = CA:FALSE
    nsCertType = client
    keyUsage = digitalSignature, keyEncipherment
    extendedKeyUsage = clientAuth
    nsComment = “OpenSSL Certificate for SSL Client”

    And I made a new client.crt with ssl_client extension.
    >openssl ca -config openssl.cnf -policy policy_anything -extensions ssl_client -in client.csr -out client.crt

    • With the old client.crt, I had the next two errors when I did “openssl s_client -connect o6asan.com:443 -cert client.crt -key client.key -CAfile cacert.pem”. But, the new one gives no error.
    • error:14094418:SSL routines:SSL3_READ_BYTES: ~
      error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure: ~
    • Of course I re-made a new clientcert.p12
  2. At “Upgrade Network”, WordPress uses cURL. But cURL doesn’t accept P12 format certificates. So I need PEM format certificates.
    • To make a clientcert.pem from the clientcert.p12
      >openssl pkcs12 -in clientcert.p12 -nokeys -clcerts -out clientcert.pem
    • To make a clientkey.pem from the clientcert.p12
      >openssl pkcs12 -in clientcert.p12 -nocerts -out clientkey.pem
       
      To make a copy of the clientkey.pem and remove the pass phrase from it.
      >copy clientkey.pem cp_clientkey.pem
      >openssl rsa <cp_clientkey.pem> clientkey.pem
  3. To tell my WordPress the places of the client certificates.
    • To add the following lines to just before the line “curl_setopt( $handle, CURLOPT_CAINFO, $r[‘sslcertificates’] );” in the file class-http.php.curl_setopt( $handle, CURLOPT_SSLCERT, 'the exact path of clientcert.pem' );
      curl_setopt( $handle, CURLOPT_SSLKEY, 'the exact path of clientkey.pem' );

      I hate to change WordPress core PHP scripts, so I try and try other methods, but nothing is useful. After all, I add the lines above to the class-http.php.

      To copy the clientcert.pem and the clientkey.pem to somewhere in the server, somewhere means a safer place anyone cannot access via the Internet.

    This reference is Client URL Library.

   If you need how to create certificates, see the post “WordPress: Administration Over SSL #1”.

   Now the error has gone. I’m happy, clap,clap!!

Categories
Windows

Updating to MariaDB 10.0.11.

同一記事の日本語版

   I’ve updated to MariaDB 10.0.11 on my server (Server OS : Windows7HP+SP1(x86)). I write the procedures as follows.

   First, I backed up all the sever data. Especially, MariaDB and MyDB.

   Next, I updated to MariaDB 10.0.11.

  1. Downloaded mariadb-10.0.11-win32.zip.
  2. Extracted the Zip archive.
  3. Control Panel >> Administrative tools >> Services
    Select the MariaDB service name and stop.
  4. Delete all contents in the MariaDB folder. Install the four folders named bin, include, lib and share and license files to the folder.
  5. Control Panel >> Administrative tools >> Services
    Select the MariaDB service name and start.

   That’s it.

   I used this opportunity to update to phpMyAdmin 4.2.3 and this is its ChangeLog. If you need its configuration, see “phpMyAdmin 4.2.0 is released”.

Categories
Uncategorized

Updating Apache because of OpenSSL Security Advisory [05 Jun].

同一記事の日本語版
Update information      Edit(Jun.9)

   I updated my Apache 2.4.9 to 2014 5 Jun version because of OpenSSL Security Advisory [05 Jun]..

   It is built with ‘IPv6 Crypto apr-1.5.0 apr-util-1.5.3 apr-iconv-1.2.1 openssl-1.0.1h zlib-1.2.8 pcre-8.34 libxml2-2.9.1 lua-5.1.5 expat-2.1.0’. Its Changelog.

   I really appreciate Steffen’s hard and quick work. Thanks again, Steffen.

Edit(Jun.9):
   I found this on the Net, so linked to it as a reference.
OpenSSL Patches Critical Vulnerabilities Two Months After Heartbleed

Categories
Windows

Updating to PHP5.5.13.

同一記事の日本語版
Update information      Edit(Jun.9)

   They released PHP5.5.13 on May-28 19:57:18UTC. So, I updated my PHP from 5.5.12 to 5.5.13 on my Web server (Windows7HP+SP1(x86)).

   According to ChangeLog, this includes the fixes for CVE-2014-0237 and CVE-2014-0238. At this time, their Description is still ** RESERVED ** on the pages. CVE-2014-0237 is related to bug #67328 and CVE-2014-0238 is related to bug #67327.

   The php.ini-production has no change. As the official PHP binary includes php5apache2_4.dll, I extract the zip archive and replace all PHP5.5.12 files with all PHP5.5.13 files except my php.ini. Then, I restart my Apache. That’s it.

   If you need how to configure PHP5.5, please see the post. It is for a mbstrings user, but the information gives some help for you.

   By the way, they announced their fourth and final beta should show up on the 29th of May. But we cannot see it still now. Do they have something wrong to delay final beta release? When will PHP5.6 come?

Edit(Jun.9):
   They released PHP 5.6.0beta4 on June 5 UTC. This is the final beta version. They say their first Release Candidate should show up on the 19th of June. I don’t know how many RC shows up, but PHP 5.6.0 general availability will come anytime soon.

Categories
Uncategorized

phpMyAdmin 4.2.0 is released.

同一記事の日本語版

   phpMyAdmin 4.2.0 is released. Here is the ChangeLog. I’ve updated.

   I downloaded a phpMyAdmin-4.2.0-english.zip, extracted it, copied my old config.inc.php to the phpmyadmin folder made by extracting, and uploaded all of them to the server (See “To create a Wamp-like Web Server in Windows7-#3.“).

   By the way, when I compared the new config.sample.inc.php with my old one(=Ver.4.1.x), I found two lines were lost and seven lines were added.
   The lost lines.
    At /* First server */ area
     /* Select mysql if your server does not have mysqli */
     $cfg[‘Servers’][$i][‘extension’] = ‘mysqli’;
   Does this mean they don’t support mysql modules anymore? (I noticed ‘Added warning about the mysql extension being deprecated and removed the extension directive’ in the ChangeLog.)

   The added lines.
    At /* Storage database and tables */ area
     // $cfg[‘Servers’][$i][‘favorite’] = ‘pma__favorite’;
     // $cfg[‘Servers’][$i][‘savedsearches’] = ‘pma__savedsearches’;

    As a new parameter of the configuration
     /**
     * Whether to display icons or text or both icons and text in table row
     * action segment. Value can be either of ‘icons’, ‘text’ or ‘both’.
     */
     //$cfg[‘RowActionType’] = ‘both’;

   So, when I logged on the new phphmyadmin at the first time, I got “The phpMyAdmin configuration storage is not completely configured, some extended features have been deactivated. To find out why click here.”.

   By a clicking, I got the next three alerts.

     $cfg[‘Servers’][$i][‘savedsearches’] … not OK [ Documentation ]
     Saving Query-By-Example searches: Disabled

   I had instructions, too.

     Quick steps to setup advanced features:

     Create the needed tables with the examples/create_tables.sql.
     Create a pma user and give access to these tables.
     Enable advanced features in configuration file (config.inc.php), for example by starting from
     config.sample.inc.php.
     Re-login to phpMyAdmin to load the updated configuration file.

   To create the tables with the examples/create_tables.sql or by your hand, it is your choice. Further information about this, see “Configuration storage“. As I already had the pma user, I created the two tables manually. Then, I edited nine lines above in my config.inc.php, and removed “//” from the head of the next lines.
     $cfg[‘Servers’][$i][‘favorite’] = ‘pma__favorite’;
     $cfg[‘Servers’][$i][‘savedsearches’] = ‘pma__savedsearches’;

   I re-logined to phpMyAdmin to load the updated configuration file. Mission complete.

Categories
Windows

Updating to PHP5.5.12.

同一記事の日本語版

   They released PHP5.5.12 on Apr-30 21:11:32UTC. So, I updated my PHP from 5.5.11 to 5.5.12 yesterday.

   According to ChangeLog, this includes the fix for CVE-2014-0185. At this time, its Description is still ** RESERVED ** on the page but it is related with PHP-FPM and I think it was first reported by Christian Hoffmann. You can find its detail at php-fpm: privilege escalation due to insecure default config. Otherwise php5embed.lib comes back.

   The php.ini-production has two small changes about the comment lines. As the official PHP binary includes php5apache2_4.dll, I extract the zip archive and replace all PHP5.5.11 files with all PHP5.5.12 files except my php.ini. Then, I restart my Apache. That’s it.

   If you need how to configure PHP5.5, please see the post. It is for a mbstrings user, but the information gives some help for you.