Apple Event: May 7th at 7 am PT

Learn more

Add to your calendar 

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: BenenGL
BenenGL Author
User level: Level 1
0 points

How to manually patch OS X Server bundled outdated components?

Referring to OS X Server (v3.1.2), it is bundled with Apache (v2.2.26), and mod_ssl (v2.2.26).

In the latest stable version of Apache and mod_ssl, they have lots of security patches.

Due to security concerns, I need to update these components.


Since there is no OS X Server updates for now...

How do I manually update Apache and mod_ssl, on my current server which is running Profile Manager?

(without affecting the current server configurations and files)


Thanks.

OS X Mavericks (10.9.3)

Posted on Jun 11, 2014 11:19 PM

Reply
Question marked as Best reply
User profile for user: John Lockwood
John Lockwood
User level: Level 6
13,685 points

Posted on Jun 12, 2014 5:52 AM

If you manually replace components used by the server software you are going to almost certainly break things especially Server.app (for administration) and in this case you would also almost certainly break Profile Manager and the Wiki server.


If you want to use Apple's server software then you have no real choice but like the rest of us to wait for Apple to include any upgrades.


As examples the bootpd and racoon software and even the ntp client included by Apple are not merely different versions compared to the latest stable releases but are actually heavily customised by Apple and behave significantly differently. As far as I am aware the Apache used by Apple is pretty standard and the main difference is the name and locations of files Appe uses, i.e. not only do Apple not use the standard httpd.conf file and location but the process of installing SSL certificates is very different to a standard Apache system.


It is possible to upgrade some components e.g. perl with minimal risk of break Apple services, it is also possible to install separate copies of items like Apache and run them separately to Apple's. However such a separate install of Apache would not serve Profile Manager up for you.

View in context
1 reply
Question marked as Best reply
User profile for user: John Lockwood
John Lockwood
User level: Level 6
13,685 points

Jun 12, 2014 5:52 AM in response to BenenGL

If you manually replace components used by the server software you are going to almost certainly break things especially Server.app (for administration) and in this case you would also almost certainly break Profile Manager and the Wiki server.


If you want to use Apple's server software then you have no real choice but like the rest of us to wait for Apple to include any upgrades.


As examples the bootpd and racoon software and even the ntp client included by Apple are not merely different versions compared to the latest stable releases but are actually heavily customised by Apple and behave significantly differently. As far as I am aware the Apache used by Apple is pretty standard and the main difference is the name and locations of files Appe uses, i.e. not only do Apple not use the standard httpd.conf file and location but the process of installing SSL certificates is very different to a standard Apache system.


It is possible to upgrade some components e.g. perl with minimal risk of break Apple services, it is also possible to install separate copies of items like Apache and run them separately to Apple's. However such a separate install of Apache would not serve Profile Manager up for you.

Reply

How to manually patch OS X Server bundled outdated components?

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.
Learn more Sign up