Apache

PHP released 5.4.13 and Apache was updated to 2.4.4

Two updates in one blogpost. Just to save me some time I’m mentioning these together.

The PHP update is a security update and a bug fix release. The security issues in question are: CVE-2013-1643 and CVE-2013-1635. Read the ChangeLog for all the information.

Apache is updated due to a security issue and I’m advising you to upgrade. I’ve tried it on my test servers without any problem. The security issues in question were:

  • SECURITY: CVE-2012-3499 Various XSS flaws due to unescaped hostnames and URIs HTML output in mod_info, mod_status, mod_imagemap, mod_ldap, and mod_proxy_ftp.
  • SECURITY: CVE-2012-4558 XSS in mod_proxy_balancer manager interface.

For instructions on how to upgrade PHP and Apache please read: Upgrading PHP or Upgrading Apache .

Apache updated to 2.4.3

The Apache proect has released a new version of their popular web server. This is principally a security and bug fix release, including the following 2 security fixes:

  • SECURITY: CVE-2012-3502 (cve.mitre.org) mod_proxy_ajp, mod_proxy_http: Fix an issue in back end connection closing which could lead to privacy issues due to a response mixup. PR 53727.
  • SECURITY: CVE-2012-2687 (cve.mitre.org) mod_negotiation: Escape filenames in variant list to prevent an possible XSS for a site where untrusted users can upload files to a location with MultiViews enabled.

I’ve got this running on my servers without a problem.

If you’ve forgotten how to upgrade your Apache installation in the least painfull way with a possibility to go back if something goes wrong: Upgrading Apache

Mountain Lion progress

If you are dependent on any of the stuff that is documented here then please wait while I upgrade and test all the instructions for Mountain Lion. I will update this post regularly with my progress. Currently I’m upgrading my main desktop to see if this will affect the running setup. After that I will install a clean Mountain Lion machine for documenting the start from scratch.

First discovery after the upgrade is that all you config files in /etc are gone, so are our startup scripts in /System/Library/LaunchDeamons. This means that the config for Apache, php and MySQL are missing.

Got MySQL running by replacing the startup script. Apache ran again after restoring /etc/httpd from a backup but PHP needed recompiling.

Before upgrading make sure you make a copy of the file InstallESD.dmg from the Mountain Lion installer package. How to find it, read this. This because you need to get an optional installer package if you want to use GD. Mount the disk image and install the file from Packages called X11redirect.pkg

The MAMP stack is now done, tested and documented. Not many changes…

Mail part is now also documented!

Apache updated to 2.4.2

Apache got updated last week, finally got round to getting this tested. It’s now running on all my servers without a problem. Please note that the APR modules are not updated, you could copy them from the 2.4.1 directory.

For compiling read the last update and the additional notes that followed.

Follow up on Apache 2.4.1, Xcode 4.3.2

During the last week I’ve seen comments regarding the failing of the compilation. The first one was that I completely missed the dependency on PCRE. Because it’s also required for out Postfix installation I already had it installed and didn’t notice it. You can download it from the sourceforge PCRE site. The latest tested version is 8.30. Download it, unpack it and run the following commands in the source directory:

./configure
make
sudo make install

The other thing I missed was the new release of Xcode. Apple released a new version of Xcode 4.3.2 which has a new method of installing. Instead of downloading the Installer from the App Store you can now install Xcode directly from the App Store. However somehow i think they needed to make the package smaller and they left out some the for us essential parts. Luckily its all still free. If you install Xcode from the App Store you need to perform some follow up actions to make it work. Startup Xcode, then let Xcode uninstall the older version, go to the preferences and go for the download tab.

Then select to install the command line tools. Use your apple-id and password to make it happen. After this you’ll be up and running in no time.

Update: If you have a developer account and can login to http://developer.apple.com you can also download the command line tools as a standalone package. Go to the download section and try it there. I’ve got the full Xcode installation as I sometimes try to write that one iPhone app that will make me a millionaire. Let me know if this works for you.

Next Page »