LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Server (https://www.linuxquestions.org/questions/linux-server-73/)
-   -   how should I upgrade httpd server if no rpm source has the latest package (https://www.linuxquestions.org/questions/linux-server-73/how-should-i-upgrade-httpd-server-if-no-rpm-source-has-the-latest-package-921004/)

hahacc 12-29-2011 01:53 AM
how should I upgrade httpd server if no rpm source has the latest package
 
Hi,
As we all know, there's always bug for any software(include httpd). For example, to fix bug CVE-2011-3348, we should install/upgrade httpd to version 2.2.21.
Now on my server, httpd version is 2.2.15. When using yum list|grep httpd, I can see this 2.2.15 is now the latest version, which means yum update httpd won't upgrade httpd.
What should I do about this? Should I download the source package(.tar.gz one) and transform it into a rpm package and then use rpm -Uvh to upgrade it?(And how to transform it?)
Thanks very much!
PS:
I know there's a software management system called spacewalk which can install one update to several servers at one time, I'm thinking whether we should transform the source package to rpm one in order to take the advantage of spacewalk.

TenTenths 12-29-2011 03:21 AM
If you know what you are doing, or are willing to take the time to learn then you can download the source and configure / compile whatever version of apache you want. There are plenty of how-to's around, Google Is Your Friend!

If you're not confident about configuring / compiling packages then you might want to consider waiting until your upstream distro releases an RPM.

hahacc 12-29-2011 07:31 AM
Quote:
Originally Posted by TenTenths (Post 4560691)
If you know what you are doing, or are willing to take the time to learn then you can download the source and configure / compile whatever version of apache you want. There are plenty of how-to's around, Google Is Your Friend!

If you're not confident about configuring / compiling packages then you might want to consider waiting until your upstream distro releases an RPM.
Thanks.
I know we can just download/compile httpd etc using their source packages, but I think rpm one can be more convenient for software management.
Maybe everything has it's pros and cons. :D

unSpawn 12-29-2011 07:57 AM
Quote:
Originally Posted by hahacc (Post 4560657)
For example, to fix bug CVE-2011-3348, we should install/upgrade httpd to version 2.2.21. Now on my server, httpd version is 2.2.15. When using yum list|grep httpd, I can see this 2.2.15 is now the latest version, which means yum update httpd won't upgrade httpd.
As per https://bugzilla.redhat.com/show_bug.cgi?id=736690 you must be running something other than RHEL-5 as httpd-2.2.3-53.el5 is current because http://cve.mitre.org/cgi-bin/cvename...=CVE-2011-3348 was introduced in version 2.2.12:
Code:
~]$ rpm -q httpd --changelog|awk '/CVE-2011/ {print $6}'
CVE-2011-3368
CVE-2011-3192
It was fixed in https://rhn.redhat.com/errata/RHSA-2011-1391.html so you could try rebuilding the RHEL-6 httpd-2.2.15-9.el6 RPM?..

hahacc 12-30-2011 08:40 PM
Quote:
Originally Posted by unSpawn (Post 4560873)
As per https://bugzilla.redhat.com/show_bug.cgi?id=736690 you must be running something other than RHEL-5 as httpd-2.2.3-53.el5 is current because http://cve.mitre.org/cgi-bin/cvename...=CVE-2011-3348 was introduced in version 2.2.12:
Code:
~]$ rpm -q httpd --changelog|awk '/CVE-2011/ {print $6}'
CVE-2011-3368
CVE-2011-3192
It was fixed in https://rhn.redhat.com/errata/RHSA-2011-1391.html so you could try rebuilding the RHEL-6 httpd-2.2.15-9.el6 RPM?..
I think maybe we can just compile the rpm by ourselves using source package. Httpd has it's own SPEC. And
EPEL repo

http://fedoraproject.org/wiki/EPEL/FAQ#howtouse

Rpmforge ( many packages )

http://dag.wieers.com/rpm/FAQ.php#B1

these two repos are good


All times are GMT -5. The time now is 04:11 AM.