Void's Forums

[Doogee]

What is the easiest way to upgrade apache2 on a redhat 9 box?

[Void Main]

I don't understand, Apache 2 comes with Red Hat 9.

[Doogee]

yeah but i want to upgrade it to the newest version. it comes with 2.0.40 or something, the newest one is 2.0.48.

This isnt for me, im a slackhead, its for a mates server i kinda half administer.

[Void Main]

Well, you could stick the Fedora apt repository in your sources.list and just upgrade the whole thing to Fedora (comes with 2.0.48), or here are some RPMS that someone built for RH9 if you can't build them yourself:

http://www.involution.com/rh9_php434.php

Or you could install from source using the Apache toolbox:

http://fedoranews.org/krishnan/tutorial/lamp/

Or you could just stick with 2.0.40. Is there anything in particular that you are missing? I have a couple of RH9 boxes at work and it works pretty well. Heck I even installed Apache::ASP and FrontPage extensions on one yesterday to replace an NT4 intranet server (it made me ill putting the FrontPage stuff on there, but hey, one more Windoze box bit the dust).

I personally prefer to stick with the stock vendor RPMS because then keeping things updated with security patches is a no brainer (e.g. apt-get dist-upgrade or up2date nightly) but everyone has different needs.

[Doogee]

But if the update doesnt that means usually theres a security patch? i mean its a linux rule of thumb to always stay updated especcially when running a server.

[Void Main]

No, a higher version number does not = more secure. Red Hat rarely upgrades to a newer version of an app, within a particular version of the distribution. They *do* fix any security holes in the the version that they distribute. There are several reasons for this. Upgrading to a newer release of the software could break things where keeping the same version but plugging holes in that version will not break things (unless there is a terrible mistake, which I can't recall ever happening).

Take Red Hat 9 for instance. It shipped with 2.0.40 patch level 21 which means the RPM is named "httpd-2.0.40-21" and if you are running an Intel/AMD box would have a ".i386.rpm" extension. Now, since Red Hat 9 shipped, apache has had a security patch applied and is now at 2.0.40-21.9.

If you look at the changelog in the httpd.spec file included in the src.rpm you will see this is the 9th patch since RH9 shipped and here are the changes that were made:

* Tue Oct 28 2003 Joe Orton <jorton@redhat.com> 2.0.40-21.9
- add security fixes for CVE CAN-2003-0542, CAN-2003-0789
- return test page for "/+" in default httpd.conf
- add bug fixes for #103049, #105725, #106454
- further fixes for CGI regressions in -21.5 (#103744)

* Thu Sep 11 2003 Joe Orton <jorton@redhat.com> 2.0.40-21.6
- fix for streaming CGIs (#103744)

* Thu Jul 31 2003 Joe Orton <jorton@redhat.com> 2.0.40-21.5
- fix EXTRA_INCLUDES for #92313
- add mod_include fixes from upstream

* Wed Jul 9 2003 Joe Orton <jorton@redhat.com> 2.0.40-21.4
- add security fixes for CVE CAN-2003-0192, CAN-2003-0253,
CAN-2003-0254, CERT VU#379828
- add bug fixes for #78019, #82985, #85022, #97111, #98545, #98653
- install special.mk, fix apxs -q LIBTOOL (#92313)
* Tue May 20 2003 Joe Orton <jorton@redhat.com> 2.0.40-21.3
- add security fix for CAN-2003-0189

* Mon May 12 2003 Joe Orton <jorton@redhat.com> 2.0.40-21.2
- add security fix for CAN-2003-0245
- add bug fixes for #88575, #89086, #89170, #89179

* Tue Apr 1 2003 Joe Orton <jorton@redhat.com> 2.0.40-21.1
- add security fixes for CAN-2003-0020, CAN-2003-0132, CAN-2003-0083
- add security fix for file descriptor leaks, #82142
- add bug fix for #82587

* Mon Feb 24 2003 Joe Orton <jorton@redhat.com> 2.0.40-21
- add security fix for CAN-2003-0020; replace non-printable characters
with '!' when printing to error log.
- disable debuginfo on IA64.

If you run "apt-get dist-upgrade" or "up2date" every night, then your system would be upgraded with these patched versions of the software automatically. Now, if you install from source, or install a 3rd party RPM that is at a higher version number than what Red Hat ships or that is kept up in your favorite repository then if there is a vulnerability found it will have to be updated manually. I don't know about you but I don't like doing things manually if I don't have to and I prefer to have my systems up to date with any security patches. If I had to do it manually then something would surely get missed.

Here are all the latest updated RPMS for Red Hat 9 in the FreshRPMS repository:

http://ayo.freshrpms.net/redhat/9/i386/RPMS.updates/

[Doogee]

oh i understand, so they continually update the software that comes with the distribution.


Cool!

[Void Main]

Yes, but it is up to you to make sure the updated software is installed via some method which could be manual or automated.

[Doogee]

yep. i understand. thanks.

[kovax]

I know it is good to be updated but sometime the updates can break stuff. If you are working fine, make sure you get a backup before upgrading.
It is bitten me once or twice.