Apache

Apache update to 2.4.1

The upgrade to 2.4.x was a bit more complicated then first expected as there is more to it then just a compilation and check if it works. This release has some more changes to it then just a bug fix and some new features.

First most apparent change is that the APR stuff is no longer included in the download. You now have go get it yourself from http://apr.apache.org/.

Download the APR and APR-util from the site, unpack them and copy them into the ‘./srclib‘ directory (after you downloaded Apache and unpacked the archive). Rename the directories to ‘./srclib/apr‘ and ‘./srclib/apr-util‘ (without the version number). For instance by using these commands:

cp -R apr-1.4.6 httpd-2.4.1/srclib/apr
cp -R apr-util-1.4.1 httpd-2.4.1/srclib/apr-util

From then on you can follow the regular instructions on Compiling Apache.

The only problem is the change in the modules that are compiled and included by this new version. Please comment the following list of modules out of the httpd.conf configuration file located in /etc/httpd/.

LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_connect_module modules/mod_proxy_connect.so
LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule proxy_fcgi_module modules/mod_proxy_fcgi.so
LoadModule proxy_scgi_module modules/mod_proxy_scgi.so
LoadModule proxy_ajp_module modules/mod_proxy_ajp.so
LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
LoadModule proxy_express_module modules/mod_proxy_express.so

We are not using the proxy anyway ;-)

You need to recompile PHP as well to get it working with this version of Apache. Next I will change the actual compilation instructions.

Note: this works on Snow Leopard and Leopard as well as PowerPC!

Too much at once

I feel the need to ask for patience as this week we got bombarders by a lot of updates. Dovecot did a major upgrade to 2.1, Apache released a major upgrade to 2.4, postfix released 2.9.1 a small bugfix and MySQL released 5.5.21.

I need to compile, test and adjust everything where necessary and as you might understand with major upgrade there is more going on then just a compile, run and test. There are new configuration options to be evaluated and older ones deprecated that might need a new one or a workaround for lost functionality.

So I’m working on it but it take a bit longer then usual…

Apache updated to 2.2.22

The Apache team have released a security update to the popular webserver. This version of Apache is a security and bug fix release. I strongly suggest you should upgrade to this latest version as it solves the following securtiy issues:

  • SECURITY: CVE-2011-3368 (cve.mitre.org) Reject requests where the request-URI does not match the HTTP specification, preventing unexpected expansion of target URLs in some reverse proxy configurations.
  • SECURITY: CVE-2011-3607 (cve.mitre.org) Fix integer overflow in ap_pregsub() which, when the mod_setenvif module is enabled, could allow local users to gain privileges via a .htaccess file.
  • SECURITY: CVE-2011-4317 (cve.mitre.org) Resolve additional cases of URL rewriting with ProxyPassMatch or RewriteRule, where particular request-URIs could result in undesired backend network exposure in some configurations.
  • SECURITY: CVE-2012-0021 (cve.mitre.org) mod_log_config: Fix segfault (crash) when the ‘%{cookiename}C’ log format string is in use and a client sends a nameless, valueless cookie, causing
    a denial of service. The issue existed since version 2.2.17.
  • SECURITY: CVE-2012-0031 (cve.mitre.org) Fix scoreboard issue which could allow an unprivileged child process could cause the parent to crash at shutdown rather than terminate cleanly.
  • SECURITY: CVE-2012-0053 (cve.mitre.org) Fixed an issue in error responses that could expose “httpOnly” cookies when no custom ErrorDocument is specified for status code 400.

If you’ve forgotten how to upgrade your Apache installation in the least painfull way with a possibility to go back if something goes wrong: Upgrading Apache

Apache updated to 2.2.21

The Apache team have released a security update to the popular webserver. This version of Apache is a security and bug fix release:

  • SECURITY: CVE-2011-3348 (cve.mitre.org) mod_proxy_ajp when combined with mod_proxy_balancer: Prevents unrecognized HTTP methods from marking ajp: balancer members in an error state, avoiding denial of service.
  • SECURITY: CVE-2011-3192 (cve.mitre.org) core: Further fixes to the handling of byte-range requests to use less memory, to avoid denial of service. This patch includes fixes to the patch introduced in release 2.2.20 for protocol compliance, as well as the MaxRanges directive.

I would strongly advise you to upgrade your server accordingly as this will solve the problem of the apache killer security issue by which someone could take over your server.

If you’ve forgotten how to upgrade your Apache installation in the least painfull way with a possibility to go back if something goes wrong: Upgrading Apache

First documentation set for Lion

Alright here is the first result of adapting the instructions to Mac OS X 10.7 aka Lion. First some remarks, to get the quickest results I decided to first do everything in a virtual machine as I wanted to take the time to upgrade my desktop. It was remarkably easy to install Lion as a virtual OS using VMWare. First I tried with Virtualbox which works with Snow Leopard but that didn’t work for Lion. So I tried with the current beta of VMWare Fusion which I am currently testing and that one went without any problem. Just do a “Show Package Contents” of “Install Mac OS X Lion” and copy the file “InstallESD.dmg”. Create a new virtual machine and point it to this DMG file for installing and it will install like a regular Mac. If anyone has a regular version of VMWare Fusion 3.1.x can you verify that this works?

Next step was getting XCode on the machine for which I had to use the “App Store” but luckily XCode is again free! Everything installed I was ready to go. One of the things I noticed is that I can install everything in 64 bits without needing to explicitly specifying it which we had to do on Snow Leopard. Also note that there is no more 32 bits on Lion! This is why it won’t run on some of the older Intel Macs.

So if you’ve already upgraded your Mac to Lion or just have bought a new one and need to install MAMP, that part is no finished. Next step is me taking the time to upgrade my desktop and then attack the mail-server documentation.

http://diymacserver.com/lion/

Update: Just got this in my RSS reader, VMWare 3.1.3 does not support Lion as a guest. The current Beta does so I guess you have to wait till 3.1.4 or join the beta program!

Also found that PostgresSQL 9.0.4 is installed with OS X Lion! There is documentation in /Library/Webserver/Documents and the psql command is available. Let’s see what we can find out moreā€¦

Found this in the official Apple documentation What is new in Mac OS X 10.7

Beginning in Mac OS X v10.7, Mac OS X Server ships with PostgreSQL instead of MySQL as its database server. If you are using other software that requires MySQL, you must install it yourself.

« Previous PageNext Page »