Memorandum #6.

   I don’t know why but I’m very tired. I jot down for my memory.

   My server OS is Windows7 HP SP1 (x86).

  1. PHP 5.5.15 (php-5.5.15-Win32-VC11-x86.zip)
    —> PHP 5.5.16 (php-5.5.16-Win32-VC11-x86.zip)
  2. MariaDB 10.0.12 (mariadb-10.0.12-win32.zip)
    —> MariaDB 10.0.13 (mariadb-10.0.13-win32.zip)
  3. phpMyAdmin 4.2.7 (phpMyAdmin-4.2.7-english.zip)
    —> phpMyAdmin 4.2.7.1 (phpMyAdmin-4.2.7.1-english.zip)

   My guess tells me all of them are security releases. So I’ve dealt with them promptly.

Memorandum #5.

Update information      Edit(Aug.28)
  1. I found their announcement of PHP 5.6.0 GA on the article about RC4, wow! I can’t wait.
  2. I updated Apache 2.4.10 (httpd-2.4.10-win32-VC11.zip) which was built with openssl-1.0.1i. The reason is this advisory, OpenSSL Security Advisory [6 Aug 2014]. I knew this news but Steffen replied “Coming days the builds here at Apache Lounge are going to be upgraded. It has not that priority and severity ~” to Jan-E. So I waited to be upgraded.
  3. I read a lot of articles about the troubles with Windows Update 2014 Aug. Though I had no trouble with my own PCs, I uninstalled the following updates that were installed on my PCs. Because I heard they suggested to uninstall KB2982791, KB2970228, KB2975719 and KB2975331 even if currently no trouble.
    • Windows8.1(x86) on NJ2100
      KB2982791
      KB2975719
    • Windows7 SP1(x64) on CF-J10
      KB2982791
      KB2970228
    • Windows7 SP1(x86) on xw4200
      KB2982791
      KB2970228
    • Windows Vista SP2(x86) on KeyPaso
      KB2982791

    In the past, Windows update gave us troubles almost every time, but I feel this was the first mess in quite a while. How about your feelings? (^_~)

Edit(Aug.28):
   Hey! We have new MS14-045 update KB2993651. See Microsoft Security Bulletin MS14-045 – Important.

Inconvenient things.

   Recently, I had two inconvenient things. One is about IE11 on Windows7 and the other is about phpMyAdmin version on the service of WebCrow. Yes I know, these things aren’t grouped together because their levels are very different.

   The thing about IE11 on Windows7 is this (Credential authentication does not work if you paste credential information by using the Paste shortcut menu command in Windows 7 or in Windows Server 2008 R2). This looks one of the well-known issues. OK, I need not the Hotfix of KB2547752. OK, I can do CTRL+V or anything. But about the trouble the most frustrating for me is IE11 on Windows7 shows me ‘●●●●●●●●●●’ as if the procedure is normally ended when I use a right click and paste. ‘Don’t Use the Paste shortcut menu command’ is an old story, so itself is no problem. But if it’s requested, they should not make IE show ‘●●●●●●●●●●’. Grrr.

   The other is phpMyAdmin version is 2.11.x.x on WebCrow. This version does not have Configuration storage, so I cannot use the feature bookmarks. Very inconvenient! I realize I am dependent on the feature everyday life, ha-ha-ha.

Updating to PHP5.5.15.

Update information      Edit(Aug.1)

   They released PHP5.5.15 on Jul-24 01:03:48UTC. So, I updated my PHP from 5.5.14 to 5.5.15 on my Web server (Windows7HP+SP1(x86)). ChangeLog.

   PHP 5.6.0RC3 is delayed than planned. What’s happening?

   By the way, I read “Fix a memory consumption denial of service in the WinNT MPM” on Changes with Apache 2.4.10. So I stopped using the word around. But it did not work well. On the next day, I rolled back the work around.

Edit(Aug.1):
   Finally they released PHP 5.6.0RC3. It’s two weeks later than scheduled. They say their next Release Candidate should show up on the 14th of August. Is PHP 5.6.0GA going to show up in September?

Updating to Apache 2.4.10.

   Apache HTTP Server 2.4.10 was released. It includes five security patches. It has a new module named mod_authnz_fcgi, so httpd.conf has a following added line.
    #LoadModule authnz_fcgi_module modules/mod_authnz_fcgi.so
   On the Windows version it was upgraded pcre from 8.34 to 8.35 and APR from 1.5.0 to 1.5.1.

   I downloaded httpd-2.4.10-win32-VC11.zip (17 Jul) from the ApacheLounge for my Windows7 server. If you need the information about Apache 2.4.x configuration on Windows, see my post ‘To create a Wamp-like Web Server in Windows7-#1.‘.

Updating to PHP5.5.14.

   They released PHP5.5.14 on Jun-25 23:06:26UTC. So, I updated my PHP from 5.5.13 to 5.5.14 on my Web server (Windows7HP+SP1(x86)).

   According to ChangeLog, this includes eight CVE fixes, oh! my gosh. They also concerns about bug 67072. If you have issues related to this and need more information, you should visit their upgrading guide.

   The php.ini-production has no change. As the official PHP binary includes php5apache2_4.dll, I extract the zip archive and replace all PHP5.5.13 files with all PHP5.5.14 files except my php.ini. Then, I restart my Apache. That’s it.

   If you need how to configure PHP5.5, please see the post. It is for a mbstrings user, but the information gives some help for you.

   I used this opportunity to update to phpMyAdmin 4.2.5 and MariaDB 10.0.12. If you need more information about their configuration, Please see “phpMyAdmin 4.2.0 is released” and “MariaDB 5.5“.

A solution of “SSL3_READ_BYTES:sslv3 alert handshake failure” on WordPress.

   Since WordPress that was version 3.7 had a ca-bundle.crt in its wp-includes folder, I’ve had troubles when I upgrade my WordPress Network. I misunderstood the message “Warning! Problem updating https://SITENAME.” meant one of my sites had a trouble, but now I think it meant the first site the WordPress checked out was wrong and the WordPress had no information about the rest of my sites.

   First I had the “Error message: SSL certificate problem: self signed certificate in certificate chain” because I use a self-signed certificate. But Oiram gave me its solution. All I need is to add my CA cert data to the ca-bundle.crt.

   Next I had the “Error message: error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure”. I’ve had a hard time with this trouble for more than two months. Finally, I have the complete solution of this today \(^o^)/.

   I look back now and think the trouble had three issues.

  1. My client.crt had no ssl_client extension. so I re-made a client.crt with ssl_client extension like this. The reference of this is “sslv3 alert handshake failure when using SSL client auth”.
    First, I added the next text to the end of my openssl.cnf.

    [ ssl_client ]
    basicConstraints = CA:FALSE
    nsCertType = client
    keyUsage = digitalSignature, keyEncipherment
    extendedKeyUsage = clientAuth
    nsComment = “OpenSSL Certificate for SSL Client”

    And I made a new client.crt with ssl_client extension.
    >openssl ca -config openssl.cnf -policy policy_anything -extensions ssl_client -in client.csr -out client.crt

    • With the old client.crt, I had the next two errors when I did “openssl s_client -connect o6asan.com:443 -cert client.crt -key client.key -CAfile cacert.pem”. But, the new one gives no error.
    • error:14094418:SSL routines:SSL3_READ_BYTES: ~
      error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure: ~
    • Of course I re-made a new clientcert.p12
  2. At “Upgrade Network”, WordPress uses cURL. But cURL doesn’t accept P12 format certificates. So I need PEM format certificates.
    • To make a clientcert.pem from the clientcert.p12
      >openssl pkcs12 -in clientcert.p12 -nokeys -clcerts -out clientcert.pem
    • To make a clientkey.pem from the clientcert.p12
      >openssl pkcs12 -in clientcert.p12 -nocerts -out clientkey.pem
       
      To make a copy of the clientkey.pem and remove the pass phrase from it.
      >copy clientkey.pem cp_clientkey.pem
      >openssl rsa <cp_clientkey.pem> clientkey.pem
  3. To tell my WordPress the places of the client certificates.
    • To add the following lines to just before the line “curl_setopt( $handle, CURLOPT_CAINFO, $r[‘sslcertificates’] );” in the file class-http.php.

      curl_setopt( $handle, CURLOPT_SSLCERT, 'the exact path of clientcert.pem' );
      curl_setopt( $handle, CURLOPT_SSLKEY, 'the exact path of clientkey.pem' );

      I hate to change WordPress core PHP scripts, so I try and try other methods, but nothing is useful. After all, I add the lines above to the class-http.php.

      To copy the clientcert.pem and the clientkey.pem to somewhere in the server, somewhere means a safer place anyone cannot access via the Internet.

    This reference is Client URL Library.

   If you need how to create certificates, see the post “WordPress: Administration Over SSL #1”.

   Now the error has gone. I’m happy, clap,clap!!

Updating to MariaDB 10.0.11.

   I’ve updated to MariaDB 10.0.11 on my server (Server OS : Windows7HP+SP1(x86)). I write the procedures as follows.

   First, I backed up all the sever data. Especially, MariaDB and MyDB.

   Next, I updated to MariaDB 10.0.11.

  1. Downloaded mariadb-10.0.11-win32.zip.
  2. Extracted the Zip archive.
  3. Control Panel >> Administrative tools >> Services
    Select the MariaDB service name and stop.
  4. Delete all contents in the MariaDB folder. Install the four folders named bin, include, lib and share and license files to the folder.
  5. Control Panel >> Administrative tools >> Services
    Select the MariaDB service name and start.

   That’s it.

   I used this opportunity to update to phpMyAdmin 4.2.3 and this is its ChangeLog. If you need its configuration, see “phpMyAdmin 4.2.0 is released”.

Updating to PHP5.5.13.

Update information      Edit(Jun.9)

   They released PHP5.5.13 on May-28 19:57:18UTC. So, I updated my PHP from 5.5.12 to 5.5.13 on my Web server (Windows7HP+SP1(x86)).

   According to ChangeLog, this includes the fixes for CVE-2014-0237 and CVE-2014-0238. At this time, their Description is still ** RESERVED ** on the pages. CVE-2014-0237 is related to bug #67328 and CVE-2014-0238 is related to bug #67327.

   The php.ini-production has no change. As the official PHP binary includes php5apache2_4.dll, I extract the zip archive and replace all PHP5.5.12 files with all PHP5.5.13 files except my php.ini. Then, I restart my Apache. That’s it.

   If you need how to configure PHP5.5, please see the post. It is for a mbstrings user, but the information gives some help for you.

   By the way, they announced their fourth and final beta should show up on the 29th of May. But we cannot see it still now. Do they have something wrong to delay final beta release? When will PHP5.6 come?

Edit(Jun.9):
   They released PHP 5.6.0beta4 on June 5 UTC. This is the final beta version. They say their first Release Candidate should show up on the 19th of June. I don’t know how many RC shows up, but PHP 5.6.0 general availability will come anytime soon.

phpMyAdmin 4.2.0 is released.

   phpMyAdmin 4.2.0 is released. Here is the ChangeLog. I’ve updated.

   I downloaded a phpMyAdmin-4.2.0-english.zip, extracted it, copied my old config.inc.php to the phpmyadmin folder made by extracting, and uploaded all of them to the server (See “To create a Wamp-like Web Server in Windows7-#3.“).

   By the way, when I compared the new config.sample.inc.php with my old one(=Ver.4.1.x), I found two lines were lost and seven lines were added.
   The lost lines.
    At /* First server */ area
     /* Select mysql if your server does not have mysqli */
     $cfg[‘Servers’][$i][‘extension’] = ‘mysqli’;
   Does this mean they don’t support mysql modules anymore? (I noticed ‘Added warning about the mysql extension being deprecated and removed the extension directive’ in the ChangeLog.)

   The added lines.
    At /* Storage database and tables */ area
     // $cfg[‘Servers’][$i][‘favorite’] = ‘pma__favorite’;
     // $cfg[‘Servers’][$i][‘savedsearches’] = ‘pma__savedsearches’;

    As a new parameter of the configuration
     /**
     * Whether to display icons or text or both icons and text in table row
     * action segment. Value can be either of ‘icons’, ‘text’ or ‘both’.
     */
     //$cfg[‘RowActionType’] = ‘both’;

   So, when I logged on the new phphmyadmin at the first time, I got “The phpMyAdmin configuration storage is not completely configured, some extended features have been deactivated. To find out why click here.”.

   By a clicking, I got the next three alerts.

     $cfg[‘Servers’][$i][‘savedsearches’] … not OK [ Documentation ]
     Saving Query-By-Example searches: Disabled

   I had instructions, too.

     Quick steps to setup advanced features:

     Create the needed tables with the examples/create_tables.sql.
     Create a pma user and give access to these tables.
     Enable advanced features in configuration file (config.inc.php), for example by starting from
     config.sample.inc.php.
     Re-login to phpMyAdmin to load the updated configuration file.

   To create the tables with the examples/create_tables.sql or by your hand, it is your choice. Further information about this, see “Configuration storage“. As I already had the pma user, I created the two tables manually. Then, I edited nine lines above in my config.inc.php, and removed “//” from the head of the next lines.
     $cfg[‘Servers’][$i][‘favorite’] = ‘pma__favorite’;
     $cfg[‘Servers’][$i][‘savedsearches’] = ‘pma__savedsearches’;

   I re-logined to phpMyAdmin to load the updated configuration file. Mission complete.