https://bz.apache.org/bugzilla/show_bug.cgi?id=63212
William A. Rowe Jr. <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |NEEDINFO --- Comment #1 from William A. Rowe Jr. <[email protected]> --- The httpd release 2.4.37 has a significant vulnerability and should not be used in combination with OpenSSL 1.1.1 or later. Previous versions did not correctly interoperate with OpenSSL 1.1.1 and later in the first place. I've just run a build against the following components; apr-1.6.5 brotli-1.0.7 httpd-2.4.38 openssl-1.1.1b apr-util-1.6.1 curl-7.64.0 nghttp2-1.36.0 and encountered no problems on Fedora 29. Please confirm you are building a shared OpenSSL 1.1.1b library, repeat using the appropriate version of httpd 2.4.38, and if you encounter issues, you may wish to raise these on [email protected] (see http://httpd.apache.org/lists.html#http-users for info.) This bug tracker is only for tracking issues with httpd server sources themselves. It may be that this is a defect of the OpenSSL 1.1.1 AIX build (I no longer have a reproduction environment.) If you can reproduce and confirm this is not an openssl defect, please include the ./configure results of both the OpenSSL and httpd packages you attempted to combine. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
