mod_security, mod_perl, mod_python, php-pear, mysql updated
September 21, 2007 by Jason · 16 Comments
Earlier today I rolled out a bunch of updates to the packages in the repo. If you use any of these you'll need to run a "yum update" to pull them in. Complete details on the updates are at the bottom of this post.
The only update I would consider "critical" is MySQL. Bug #31001 was found after the release of the sources and is probably a deal-breaker for anyone using InnoDB tables as "ORDER BY DESC" no longer works. This respin includes a patch to fix that glitch.
Packages Updated:
- php-pear 1.5.0 -> 1.6.2
- mod_security 2.1.2 -> 2.1.3
- mod_perl 2.0.2 -> 2.0.3
- mod_python 3.2.8 -> 3.3.1
- mysql 5.0.48 (respin)
Jason
Just want to say thanks for all the help you've given me in getting this n00b's LAMP server up and running. Your repositories have everything, and your advice has been flawless, unlike so many others.
Without it, I think I would have given up. Now get on and do your masters!
Dave Mc
@Dave,
Thanks! Kind words are always welcome.
Would you be willing to make your SRPMS repository browsable as well ?
Appreciate all your work.
@Reviax,
That is something I am planning on doing eventually. The reason the SRPMS folder isn't browsable is because it does not actually contain all of the SRPMS that I use. For now, if there is a file you would like, just let me know and I'll post a link.
Jason, do you create your own .spec files or do you use the SRPMs from Fedora and just rebuild? I'm currently using PHP 5.2.3 with Apache 2.0.52 on CentOS 4.5; I've always just used the Fedora/Rawhide SRPMs but for some reason when I upgraded using their PHP 5.2.4 SRPM I'm getting segfaults in the child processes.
If I understand correctly I can't use your binary RPM since it's compiled against Apache 2.2, correct? Have you had any problems with segfaults in 5.2.4?
@Toby,
Some of the SRPMS I use come from Fedora, some are my own, and some are a combination of the two. In this case, my PHP 5.2.4 Source RPM is based off of the 5.2.3 src.rpm from Fedora Devel with updated patches to reflect source changes made in 5.2.4 (the Fedora 5.2.4 src.rpm was not available at the time of my original release). My src.rpm should be basically identical to the current 5.2.4 package available in Fedora Devel.
As to your second question, no, I have not had any issues with 5.2.4 segfaulting. Have you tried rebuilding my package (link below)?
http://www.jasonlitka.com/2007/09/05/upgrading-to-php-524-on-rhel-and-centos/
Thanks for the reply; no, I hadn't tried rebuilding your pkg, I didn't realize the SRPM was avialable. I'll try that now...
@Toby,
Let me know how it goes. If you're still experiencing issues then it's got to be something else as I run my build on close to two dozen boxes.
I just checked the logs and I'm still getting segfaults using the 5.2.4 built from your SRPM. I thought the culprit might be the Suhosin patch[1] since I have been including that in my PHP builds but I built yours without it so that's not it. I've also disabled eAccelerator/xcache.
I may try disabling more dynamic modules when I get the chance to try to narrow it down...
[1] http://www.hardened-php.net/suhosin/
@Toby,
If you're using the Zend Optimizer or Ioncube loaders then remove those as well and see if the problem goes away. If it does then you were probably loading them in the wrong order.
Hi Jason, I had a couple things I wanted to ask you.
First off, thank you so much for your repositories! I have been searching for a way to update my CentOS 5's PHP to 5.2.5 and after hours of searching, I stumbled into your site and with the help of your repository, got PHP upgraded to 5.2.5.
Also, I was wondering if I could get some advice from you regarding mod_security (yeah, I am a newbie to this stuff). I issued the command yum install mod_security and it looks like it installed it through your repository. The only problem is I am not sure what to do with it next. I've read instructions at about 5 different areas, and they all seem to be different. That being said, I thought it would be best to just check it out with you since I installed it via your repository.
@James,
mod_security will block many attacks and vulnerabilities out of the box courtesy of the core rules so you don't actually NEED to change anything. If you notice that you are seeing a lot of traffic in your logs for URLs that don't exist or are obviously attempts at intrusion, you could write an additional rule to block them.
The newest documentation for mod_security can be found at the URL below.
http://www.modsecurity.org/documentation/index.html
It is true, mod_security is really helpful in protecting web security, especially when many websites in a box that is still using old/outdated php script that is open for hacking.
Good post.
i followed all the step of the link
http://www.jasonlitka.com/yum-repository/
but i can't update my centos 5.1 with the rpm package
The console shows me the following message
Setting up Update Process
Setting up repositories
Reading repository metadata in from local files
No Packages marked for Update/Obsoletion
Dear Jason,
Thanks for the trouble you have taken to help me.
With best wishes,
Francis Mathew
thanx for your info dude.