IMPORTANT: Courier-Auth updated to 0.60.6

There is a important security release of Courier-Auth, in the older versions Courier-Auth has an SQL injection exploit. This release should prevent any further security threaths. This release has the following changes:

  • Use mysql_set_character_set() instead of SET NAMES. This fixes a SQL injection possibility with MySQL databases that use non-Latin character sets.

This bug will affect you and I advise you to upgrade as soon as possible. I’ve upgraded al servers without a problem. If you want to upgrade your installation please read my upgrade instructions for Courier-auth.

Update on Apache 2.2.8 and mod_ssl

As noted earlier there are some problems since 2.2.6 with the mod_ssl module in Leopard.

There seems to be some progress being made by people at apache as someone posted a comment to the original post which you might have missed. You can read the bugreport at: http://issues.apache.org/bugzilla/show_bug.cgi?id=44384

It looks like a version issue of the libtool, a new version of libtool has solved the problem. I hope it works out and I will see what I can do to help you compile it properly on your Mac running Leopard.

Update on MySQL issues on Leopard

MySQL is still working on the problems regarding the incompatibilities. In the bug reports there are some advices which will be released in the next release I guess. If you can’t wait, here are the solutions:

The not working preference pane has an update which you can download from here.

The issue of not starting up properly has to do with the user rights on the data directory. You can change them to the proper user by the command:

chown -R mysql:wheel /usr/local/mysql/data

Hopefully the next release will address all the issues. If ou want to read the bugreport yourself you can do that here: http://bugs.mysql.com/bug.php?id=28854

Leopard, Apache and mod_ssl

Thanks to Tim we’ve got a simple workaround to get our own compiled Apache version 2.2.6 running on Leopard with a proper SSL module. The solution is to just use the original mod_ssl module from the original installation. The original mod_ssl module can be found in /usr/libexec/apache2/.

To use this original module the best way possible use these commands:

cd /usr/local/apache2/modules/
sudo mv mod_ssl.so mod_ssl.so.old
sudo ln -s /usr/libexec/apache2/mod_ssl.so mod_ssl.so

Restart the server, uncomment the mod_ssl module in your httpd.conf and restart the server to see it working.

You could also copy the module from its original location but I choose this method because it will benefit from any update that might happen with a security update from Apple.

I can only hope it will also work with a new version of Apache, but we’ll have to wait and see.

MySQL has some issues with Leopard

There is a small issue with installing MySQL on Leopard. The preference pane to start/stop Mysql does not work. Don’t know why but it just doesn’t. It will start manually but you need to make a slight adjustment to one file called ‘mysql.server’ in the directory ‘/usr/local/mysql/support-files/’. On line 62 change:




The following has happened in Leopard. All the users that are used for running applications have a changed username. All the daemon users start with an underscore in Leopard. This means that the user ‘mysql’ which we remember in Tiger is currenty known as ‘_mysql’. You will see this user as the owner of ‘/usr/local/mysql/data’. So somehow everything gets installed with the correct user.

The error of the Preference pane has been logged as a bug on the MySQL bug site.

If anyone can explain why the usernames have changed I would like to know!

By the way the only difference in installing MySQL on Leopard is the configure statement to compile MySQL, the rest is still the same. The new ./configure statement for PowerPC and Intel based Macs is:

./configure –prefix=/usr/local/mysql \
–localstatedir=/usr/local/mysql/data \
–libexecdir=/usr/local/mysql/bin \
–libdir=/usr/local/mysql/lib \
–with-server-suffix=-standard \
–enable-thread-safe-client \
–enable-local-infile \
–enable-shared \
–with-zlib-dir=bundled \
–with-big-tables \
–with-readline \
–with-archive-storage-engine \
–with-innodb \
–without-docs \

As you see the CFLAGS have gone, the new XCode tools do their auto detection a lot better I guess.