Метка: httpd

Apache httpd 2.4.62 with brotli support, TLS 1.3, OpenSSL 3.0.14 with http2, mod_http2 2.0.29 and ALPN for Red Hat Enterprise Linux, CentOS 7/8/9, Alma Linux, Rocky Linux 8/9

Apache httpd 2.4.62-1 with brotli compression library from Google, TLS 1.3, http2 (HTTP/2) support for Red Hat Enterprise Linux and CentOS (including CentOS 7), Alma Linux, Rocky Linux 8/9 added to repository. mod_http2 2.0.29 and mod_ssl are built dynamically against OpenSSL 3.0.14.

Important security fixes: CVE-2024-40725: Apache HTTP Server: source code disclosure with handlers configured via AddType; CVE-2024-40898: Apache HTTP Server: SSRF with mod_rewrite in server/vhost context on Windows.

Brotli conf loading file is now separated to align with new fedora builds.

We build OpenSSL+QUIC separately since v2.4.56-2, installing it separately to /lib64 with .so.81.3 suffix to ensure it won’t interfere with your system libraries. You can safely delete openssl111* packages. On EL8 and EL9 please enable httpd module:

dnf module enable httpd:codeit

Since 2.4.33 we added brotli compression library. Since 2.4.35 release we start building Apache httpd against OpenSSL 1.1.1*. Since 2.4.37 release TLS 1.3 final version (not to be confused with any draft versions) is supported and enabled by default. Please note that TLS 1.3 final version is supported in Chrome 70+ and Mozilla Firefox 63+. brotli support is already included in base RPM file. All you need is to add filters like

AddOutputFilterByType BROTLI_COMPRESS text/html text/plain text/xml text/css text/javascript application/javascript

mod_http2 v2.0.29 rpms released

mod_http2 v2.0.29 rpms released and added to all supported platforms.

Changes:

  • When HTTP/2 flow controls blocks further writes, return processing to an
  • async mpm to free a worker thread. The connection needs window updates from
  • the client in such a case and can leave monitoring the socket to the mpm.
  • So far, only effective on Apache httpd 2.5.0 (trunk).
  • [ylavic, icing]
  • Backport fix of CVE-2024-36387 from Apache 2.4.60
  • fixed a compiler warning about an unused static var when AP_MPMQ_CAN_WAITIO is not defined.

Apache httpd 2.4.61 with brotli support, TLS 1.3, OpenSSL 3.0.14 with http2, mod_http2 2.0.27 and ALPN for Red Hat Enterprise Linux, CentOS 7/8/9, Alma Linux, Rocky Linux 8/9

Apache httpd 2.4.61-1 with brotli compression library from Google, TLS 1.3, http2 (HTTP/2) support for Red Hat Enterprise Linux and CentOS (including CentOS 7), Alma Linux, Rocky Linux 8/9 added to repository. mod_http2 2.0.27 and mod_ssl are built dynamically against OpenSSL 3.0.14.

Important security fixes: CVE-2024-39884: Apache HTTP Server: source code
disclosure with handlers configured via AddType.

We build OpenSSL+QUIC separately since v2.4.56-2, installing it separately to /lib64 with .so.81.3 suffix to ensure it won’t interfere with your system libraries. You can safely delete openssl111* packages. On EL8 and EL9 please enable httpd module:

dnf module enable httpd:codeit

Since 2.4.33 we added brotli compression library. Since 2.4.35 release we start building Apache httpd against OpenSSL 1.1.1*. Since 2.4.37 release TLS 1.3 final version (not to be confused with any draft versions) is supported and enabled by default. Please note that TLS 1.3 final version is supported in Chrome 70+ and Mozilla Firefox 63+. brotli support is already included in base RPM file. All you need is to add filters like

AddOutputFilterByType BROTLI_COMPRESS text/html text/plain text/xml text/css text/javascript application/javascript

Apache httpd 2.4.60 with brotli support, TLS 1.3, OpenSSL 3.0.14 with http2, mod_http2 2.0.27 and ALPN for Red Hat Enterprise Linux, CentOS, Alma Linux, Rocky Linux 8/9

Apache httpd 2.4.60-1 with brotli compression library from Google, TLS 1.3, http2 (HTTP/2) support for Red Hat Enterprise Linux and CentOS, Alma Linux, Rocky Linux 8/9 added to repository. mod_http2 2.0.27 and mod_ssl are built dynamically against OpenSSL 3.0.14.

Important security fixes: CVE-2024-39573, CVE-2024-38477, CVE-2024-38476, CVE-2024-38475, CVE-2024-38474, CVE-2024-38473, CVE-2024-38472, CVE-2024-36387.

We build OpenSSL+QUIC separately since v2.4.56-2, installing it separately to /lib64 with .so.81.3 suffix to ensure it won’t interfere with your system libraries. You can safely delete openssl111* packages. On EL8 and EL9 please enable httpd module:

dnf module enable httpd:codeit

Since 2.4.33 we added brotli compression library. Since 2.4.35 release we start building Apache httpd against OpenSSL 1.1.1*. Since 2.4.37 release TLS 1.3 final version (not to be confused with any draft versions) is supported and enabled by default. Please note that TLS 1.3 final version is supported in Chrome 70+ and Mozilla Firefox 63+. brotli support is already included in base RPM file. All you need is to add filters like

AddOutputFilterByType BROTLI_COMPRESS text/html text/plain text/xml text/css text/javascript application/javascript

Apache httpd 2.4.59 with brotli support, TLS 1.3, OpenSSL 3.0.13 with http2, mod_http2 2.0.27 and ALPN for Red Hat Enterprise Linux 7/8/9, CentOS 7, Alma Linux 8/9, Rocky Linux 8/9

Apache httpd 2.4.59-1 with brotli compression library from Google, TLS 1.3, http2 (HTTP/2) support for Red Hat Enterprise Linux and CentOS 7/8, Alma Linux 8/9, Rocky Linux 8/9 added to repository. mod_http2 2.0.13 and mod_ssl are built dynamically against OpenSSL 3.0.11. Important fix: CVE-2024-27316 We build OpenSSL+QUIC 3.0.11 separately since v2.4.56-2, installing it separately to /lib64 with .so.81.3 suffix to ensure it won’t interfere with your system libraries. You can safely delete openssl111* packages. On EL8 and EL9 please enable httpd module:

dnf module enable httpd:codeit

Since 2.4.33 we added brotli compression library. Since 2.4.35 release we start building Apache httpd against OpenSSL 1.1.1*. Since 2.4.37 release TLS 1.3 final version (not to be confused with any draft versions) is supported and enabled by default. Please note that TLS 1.3 final version is supported in Chrome 70+ and Mozilla Firefox 63+. brotli support is already included in base RPM file. All you need is to add filters like

AddOutputFilterByType BROTLI_COMPRESS text/html text/plain text/xml text/css text/javascript application/javascript

Apache httpd 2.4.58 with brotli support, TLS 1.3, OpenSSL 3.0.11 with http2, mod_http2 2.0.24 and ALPN for Red Hat Enterprise Linux 7/8/9, CentOS 7, Alma Linux 8/9, Rocky Linux 8/9

Apache httpd 2.4.58-1 with brotli compression library from Google, TLS 1.3, http2 (HTTP/2) support for Red Hat Enterprise Linux and CentOS 7/8, Alma Linux 8/9, Rocky Linux 8/9 added to repository. mod_http2 2.0.13 and mod_ssl are built dynamically against OpenSSL 3.0.11.

We build OpenSSL+QUIC 3.0.11 separately since v2.4.56-2, installing it separately to /lib64 with .so.81.3 suffix to ensure it won’t interfere with your system libraries. You can safely delete openssl111* packages. On EL8 and EL9 please enable httpd module:

dnf module enable httpd:codeit

Since 2.4.33 we added brotli compression library. Since 2.4.35 release we start building Apache httpd against OpenSSL 1.1.1*. Since 2.4.37 release TLS 1.3 final version (not to be confused with any draft versions) is supported and enabled by default. Please note that TLS 1.3 final version is supported in Chrome 70+ and Mozilla Firefox 63+. brotli support is already included in base RPM file. All you need is to add filters like 

AddOutputFilterByType BROTLI_COMPRESS text/html text/plain text/xml text/css text/javascript application/javascript

Apache httpd 2.4.57 with brotli support, TLS 1.3, OpenSSL 3.0.8 with http2, mod_http2 2.0.13 and ALPN for Red Hat Enterprise Linux 7/8/9, CentOS 7, Alma Linux 8/9, Rocky Linux 8/9

Apache httpd 2.4.57-1 with brotli compression library from Google, TLS 1.3, http2 (HTTP/2) support for Red Hat Enterprise Linux and CentOS 7/8, Alma Linux 8/9, Rocky Linux 8/9 added to repository. mod_http2 2.0.13 and mod_ssl are built dynamically against OpenSSL 3.0.8.

We build OpenSSL+QUIC 3.0.8 separately since v2.4.56-2, installing it separately to /lib64 with .so.81.3 suffix to ensure it won’t interfere with your system libraries. You can safely delete openssl111* packages. On EL8 and EL9 please enable httpd module:

dnf module enable httpd:codeit

Since 2.4.33 we added brotli compression library. Since 2.4.35 release we start building Apache httpd against OpenSSL 1.1.1*. Since 2.4.37 release TLS 1.3 final version (not to be confused with any draft versions) is supported and enabled by default. Please note that TLS 1.3 final version is supported in Chrome 70+ and Mozilla Firefox 63+. brotli support is already included in base RPM file. All you need is to add filters like 

AddOutputFilterByType BROTLI_COMPRESS text/html text/plain text/xml text/css text/javascript application/javascript

Apache httpd 2.4.56, собранный с Brotli, TLS 1.3 final (RFC 8446), OpenSSL 1.1.1t, ALPN и поддержкой http2 для Rocky Linux, Red Hat Enterprise Linux, Alma Linux и CentOS

В репозиторий добавлен Apache httpd 2.4.56-1 с поддержкой сжатия brotli от Google, mod_http2 2.0.13 для Red Hat Enterprise Linux, Rocky Linux, Alma Linux и CentOS. Mod_ssl собран динамически с OpenSSL 1.1.1t.

Исправлены уязвимости:

  • CVE-2023-27522: HTTP response smuggling bug
  • CVE-2023-25690: HTTP request smuggling vulnerability

Заметим, что httpd 2.4.54 поддерживает TLS 1.3 при сборке с OpenSSL 1.1.1. Все новые шифры включены и работают.
C версии 2.4.54-2 мы собираем OpenSSL+QUIC 1.1.1 отдельно, он устанавливается в /lib64 отдельно с суффиксом .so.81.1.1 и никак не затрагивает системные библиотеки.

Для установки в EL8 нужно включить соответствующий Module stream:

dnf module enable -y httpd:codeit

TLS 1.3 final на сегодня работает в Google Chrome 70+ и Mozilla Firefox 63+.

Для работы с SELinux в rpm включена соответствующая минимальная политика.

Модуль brotli уже включён в базовый RPM. Всё, что нужно — настроить фильтр

AddOutputFilterByType BROTLI_COMPRESS text/html text/plain text/xml text/css text/javascript application/javascript