packages: lighttpd/lighttpd-branch.diff, lighttpd/lighttpd.spec - branch up...
glen
glen at pld-linux.org
Thu Dec 8 18:44:39 CET 2011
Author: glen Date: Thu Dec 8 17:44:39 2011 GMT
Module: packages Tag: HEAD
---- Log message:
- branch update:
[ssl] fix ssl connection aborts if files are larger than the MAX_WRITE_LIMIT (256kb)
---- Files affected:
packages/lighttpd:
lighttpd-branch.diff (1.70 -> 1.71) , lighttpd.spec (1.350 -> 1.351)
---- Diffs:
================================================================
Index: packages/lighttpd/lighttpd-branch.diff
diff -u packages/lighttpd/lighttpd-branch.diff:1.70 packages/lighttpd/lighttpd-branch.diff:1.71
--- packages/lighttpd/lighttpd-branch.diff:1.70 Thu Dec 1 12:11:19 2011
+++ packages/lighttpd/lighttpd-branch.diff Thu Dec 8 18:44:33 2011
@@ -1,4 +1,4 @@
-# Revision 2812
+# Revision 2815
Index: src/http_auth_digest.c
===================================================================
--- src/http_auth_digest.c (.../tags/lighttpd-1.4.29)
@@ -562,7 +562,7 @@
cv[62].destination = &(s->ssl_use_sslv3);
cv[63].destination = s->ssl_dh_file;
cv[64].destination = s->ssl_ec_curve;
-+ cv[65].destination = &(s->ssl_honor_cipher_order);
++ cv[66].destination = &(s->ssl_honor_cipher_order);
+
cv[49].destination = &(s->etag_use_inode);
cv[50].destination = &(s->etag_use_mtime);
@@ -1092,7 +1092,7 @@
unsigned long err;
switch ((ssl_r = SSL_get_error(ssl, r))) {
-@@ -243,6 +259,7 @@
+@@ -243,12 +259,13 @@
} else {
c->offset += r;
cq->bytes_out += r;
@@ -1100,6 +1100,13 @@
}
if (c->offset == c->file.length) {
+ chunk_finished = 1;
+ }
+- } while(!chunk_finished && !write_wait);
++ } while (!chunk_finished && !write_wait && max_bytes > 0);
+
+ break;
+ }
@@ -263,11 +280,9 @@
break;
@@ -1892,12 +1899,29 @@
===================================================================
--- doc/config/lighttpd.conf (.../tags/lighttpd-1.4.29)
+++ doc/config/lighttpd.conf (.../branches/lighttpd-1.4.x)
-@@ -394,6 +394,8 @@
+@@ -394,6 +394,25 @@
## $SERVER["socket"] == "10.0.0.1:443" {
## ssl.engine = "enable"
## ssl.pemfile = "/etc/ssl/private/www.example.com.pem"
++## #
++## # Mitigate BEAST attack:
++## #
++## # A stricter base cipher suite. For details see:
+## # http://blog.ivanristic.com/2011/10/mitigating-the-beast-attack-on-tls.html
-+## ssl.ciphers = "ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM"
++## #
++## ssl.ciphers = "ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4-SHA:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM"
++## #
++## # Make the server prefer the order of the server side cipher suite instead of the client suite.
++## # This is necessary to mitigate the BEAST attack (unless you disable all non RC4 algorithms).
++## # This option is enabled by default, but only used if ssl.ciphers is set.
++## #
++## # ssl.honor-cipher-order = "enable"
++## #
++## # Mitigate CVE-2009-3555 by disabling client triggered renegotation
++## # This is enabled by default.
++## #
++## # ssl.disable-client-renegotiation = "enable"
++## #
## server.name = "www.example.com"
##
## server.document-root = "/srv/www/vhosts/example.com/www/"
@@ -1907,7 +1931,7 @@
===================================================================
--- NEWS (.../tags/lighttpd-1.4.29)
+++ NEWS (.../branches/lighttpd-1.4.x)
-@@ -3,7 +3,19 @@
+@@ -3,7 +3,20 @@
NEWS
====
@@ -1923,6 +1947,7 @@
+ * [ssl] count renegotiations to prevent client renegotiations
+ * [ssl] add option to honor server cipher order (fixes #2364, BEAST attack)
+ * [core] accept dots in ipv6 addresses in host header (fixes #2359)
++ * [ssl] fix ssl connection aborts if files are larger than the MAX_WRITE_LIMIT (256kb)
+
+- 1.4.29 - 2011-07-03
* Fix mod_proxy waiting for response even if content-length is 0 (fixes #2259)
================================================================
Index: packages/lighttpd/lighttpd.spec
diff -u packages/lighttpd/lighttpd.spec:1.350 packages/lighttpd/lighttpd.spec:1.351
--- packages/lighttpd/lighttpd.spec:1.350 Thu Dec 1 12:11:19 2011
+++ packages/lighttpd/lighttpd.spec Thu Dec 8 18:44:33 2011
@@ -30,7 +30,7 @@
Summary(pl.UTF-8): Szybki i lekki serwer HTTP
Name: lighttpd
Version: 1.4.29
-Release: 4
+Release: 5
License: BSD
Group: Networking/Daemons/HTTP
Source0: http://download.lighttpd.net/lighttpd/releases-1.4.x/%{name}-%{version}.tar.bz2
@@ -1319,6 +1319,10 @@
All persons listed below can be reached at <cvs_login>@pld-linux.org
$Log$
+Revision 1.351 2011/12/08 17:44:33 glen
+- branch update:
+ [ssl] fix ssl connection aborts if files are larger than the MAX_WRITE_LIMIT (256kb)
+
Revision 1.350 2011/12/01 11:11:19 glen
- update branch diff:
[mod_auth] Fix signedness error in http_auth (fixes #2370, CVE-2011-4362)
================================================================
---- CVS-web:
http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/lighttpd/lighttpd-branch.diff?r1=1.70&r2=1.71&f=u
http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/lighttpd/lighttpd.spec?r1=1.350&r2=1.351&f=u
More information about the pld-cvs-commit
mailing list