October 11th, 2021
Now running Apache 2.4.51, PHP 7.4.24, OpenSSL 1.1.1l, and more
Posted at
02:34:39 PM by
froems
A lot of the software on the server had been out of date, so I took some time to upgrade a few things. Along the way, I had to install four new packages from slackware64-current that had not been part of the standard Slackware 14.2 install, those being the pam, krb5, libnsl, and nghttp2 packages.
I started by upgrading the Apache http server from 2.4.43 to 2.4.51 and then upgraded php from 7.4.8 to 7.4.24. These upgrades were compiled from source and were fairly straightforward.
Next, I upgraded to the openssl-1.1.1l package from slackware64-current. When I tried to use the new version, it immediately threw an error referencing a glibc 2.33 dependency. So I reverted the upgrade, upgraded to the glibc-2.33 package first, then upgraded to openssl-1.1.1l, and everything worked fine.
After that, I tried to upgrade OpenSSH from 8.2p1 to 8.3p1, which I had attempted to upgrade in the past without success. Based on errors I encountered, I determined that I needed to install pam-1.5.2 and krb5-1.19.2 from slackware64-current first, and then I could upgrade openssh-8.2p1 to openssh-8.3p1.
To upgrade all the way to the current OpenSSH package (8.8p1), I discovered yet another library dependency. So I first installed libnsl-1.3.0 from slackware64-current, and then upgraded openssh-8.3p1 to openssh-8.8p1. Finally, everything was working after all of these upgrades. The web server, PHP, OpenSSL, and OpenSSH were all running a current version.
The last package I installed from slackware64-current was nghttp2-1.45.1. It turns out that if you want to have access to the http module that enables http2, this package must be installed first. I installed the package, modified http.conf, and http2 was now working.
While I was in http.conf, I also made a few changes to disable some weak security ciphers and enabled mod_deflate to serve text in a compressed format. I also renewed the site's security certificates using a new 4096 bit RSA key.
With these changes, the system should be quite secure now, without sacrificing much in the way of performance.
April 13th, 2019
Now running Apache 2.4.39 and PHP 7.3.4
Posted at
01:49:40 AM by
froems
I had neglected to mention I had upgraded to PHP 7.3.3 a month ago, too. The site is now running Apache 2.4.39 and PHP 7.3.4, and everything is running well.
I've also modified the site security settings to disallow TLS 1.0 and TLS 1.1, and also disallow some of the older and weaker cipher suites.
Qualys SSL Labs gives the site an A+ security grade!
February 28th, 2019
Now running PHP 7.3.2 and OpenSSL 1.1.1b
Posted at
09:49:28 PM by
froems
PHP 7.3.2 was compiled from source, OpenSSL 1.1.1b was installed as a package from slackware-current. I tested everything after installation and everything seems to be working fine.
January 23rd, 2019
Now running PHP 7.3.1
Posted at
04:51:37 PM by
froems
I read that PHP 7.3 has quite a few performance enhancements compared to PHP 7.2. Although it's a little more bleeding-edge than what I would typically go with, I went ahead and compiled and installed PHP 7.3.1, and the site seems to be working just fine on the new software.
January 23rd, 2019
Now running Apache 2.4.38
Posted at
03:26:32 PM by
froems
Another new version of Apache came out, and it has some security updates. so I have compiled and installed it, and everything is working.
January 20th, 2019
Now running PHP 7.2.14 and openssl 1.1.1a
Posted at
01:13:43 AM by
froems
A new version of PHP was available, so I compiled and installed it and it seems to be working.
I also saw that the newer versions of Apache should be compatible with the openssl 1.1.1 line, so I installed the packages for the binaries and libraries for 1.1.1a and sure enough, Apache was able to start up with no errors this time.
January 10th, 2019
Now running Perl 5.28.1
Posted at
02:24:42 AM by
froems
I successfully upgraded Perl, which is always kind of a pain because it usually involves upgrading all of the CPAN modules, and it did this time. But it's all done and it seems to be working.
January 2nd, 2019
Now running PHP 7.2.13
Posted at
07:19:25 PM by
froems
I compiled and upgraded to the newest version of the PHP 7.2 family just before Christmas, and it seems to be running just fine.
November 28th, 2018
Now running PHP 7.2.12
Posted at
08:35:02 PM by
froems
I upgraded to the latest PHP recently, and everything appears to be working.
October 25th, 2018
Now running Apache 2.4.37 and PHP 7.2.11
Posted at
06:49:18 PM by
froems
Another version, another compile, another installation. Everything seems to be working.