This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "FusionForge".
The branch, 6.0 has been updated
via a485f3ea1b4b3b19938843ba38c0440929d23ca2 (commit)
from 6dd2efba3941a5d7f0ec05d37a20bd0abd76ba5b (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit a485f3ea1b4b3b19938843ba38c0440929d23ca2
Author: Sylvain Beucler <[email protected]>
Date: Tue Jun 16 10:34:17 2015 +0200
Disable forceful compression, mitigates BREACK attacks [#779]
- delegates compression to Apache mod_deflate, if configured so
- avoids double-compression when the output is already compressed (PHP
ignores Content-encoding)
- beware: some vendor libs (simplepie) and modules (wiki) may contionally
re-enable it
diff --git a/src/CHANGES b/src/CHANGES
index eb056d9..62153e9 100644
--- a/src/CHANGES
+++ b/src/CHANGES
@@ -16,6 +16,7 @@ FusionForge 6.0.1:
* SCM SVN: fix permissions in migration script (Inria)
* Plugin scmhook: git commitemail: fix subject, handle special chars (Roland
Mas, for Inria)
* Plugin scmhook: fix hook deactivation (Inria)
+* Disable forceful gzip compression, mitigates BREACH attacks [#779] (tarent
solutions GmbH, Inria)
* Doc clean-up (Inria)
FusionForge 6.0:
diff --git a/src/common/include/env.inc.php b/src/common/include/env.inc.php
index 1e99f76..6139048 100644
--- a/src/common/include/env.inc.php
+++ b/src/common/include/env.inc.php
@@ -32,8 +32,6 @@ if (!getenv('SERVER_SOFTWARE')) {
/* enable maximum error reporting */
error_reporting(-1);
- /* disable output buffering */
- $no_gz_buffer = true;
/* allow it to eat all memory */
ini_set("memory_limit", -1);
}
diff --git a/src/common/include/pre.php b/src/common/include/pre.php
index 5dfa29d..b89ccd7 100644
--- a/src/common/include/pre.php
+++ b/src/common/include/pre.php
@@ -46,10 +46,6 @@ if (getStringFromServer('HTTP_X_moz') === 'prefetch'){
exit;
}
-if (!isset($no_gz_buffer) || !$no_gz_buffer) {
- ob_start("ob_gzhandler");
-}
-
// Database access and other passwords when on the web
function setconfigfromenv ($sec, $var, $serv, $env) {
if (getenv ('SERVER_SOFTWARE')) {
diff --git a/src/www/docman/view.php b/src/www/docman/view.php
index 6acfd03..87157ac 100644
--- a/src/www/docman/view.php
+++ b/src/www/docman/view.php
@@ -25,8 +25,6 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
-$no_gz_buffer = true;
-
require_once '../env.inc.php';
require_once $gfcommon.'include/pre.php';
require_once $gfcommon.'docman/Document.class.php';
diff --git a/src/www/frs/download.php b/src/www/frs/download.php
index f32f659..a1d194b 100644
--- a/src/www/frs/download.php
+++ b/src/www/frs/download.php
@@ -24,8 +24,6 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
-$no_gz_buffer = true;
-
require_once '../env.inc.php';
require_once $gfcommon.'include/pre.php';
require_once $gfcommon.'frs/include/frs_utils.php';
diff --git a/src/www/scm/viewvc.php b/src/www/scm/viewvc.php
index 931c936..1bc320c 100644
--- a/src/www/scm/viewvc.php
+++ b/src/www/scm/viewvc.php
@@ -29,11 +29,6 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
-// make sure we're not compressing output if we are making a tarball
-if (isset($_GET['view']) && $_GET['view'] == 'tar') {
- $no_gz_buffer = true;
-}
-
require_once '../env.inc.php';
require_once $gfcommon.'include/pre.php';
require_once $gfwww.'scm/include/scm_utils.php';
diff --git a/src/www/search/index.php b/src/www/search/index.php
index bd82223..cdec69f 100644
--- a/src/www/search/index.php
+++ b/src/www/search/index.php
@@ -22,8 +22,6 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
-$no_gz_buffer = true;
-
require_once '../env.inc.php';
require_once $gfcommon.'include/pre.php';
require_once $gfcommon.'tracker/include/ArtifactTypeHtml.class.php';
diff --git a/src/www/snapshots.php b/src/www/snapshots.php
index 8d64396..4efeb0e 100644
--- a/src/www/snapshots.php
+++ b/src/www/snapshots.php
@@ -24,8 +24,6 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
-$no_gz_buffer=true;
-
require_once 'env.inc.php';
require_once $gfcommon.'include/pre.php';
diff --git a/src/www/snippet/download.php b/src/www/snippet/download.php
index e3a1eec..154754a 100644
--- a/src/www/snippet/download.php
+++ b/src/www/snippet/download.php
@@ -22,8 +22,6 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
-$no_gz_buffer=true;
-
require_once '../env.inc.php';
require_once $gfcommon.'include/pre.php';
require $gfwww.'snippet/snippet_utils.php';
diff --git a/src/www/soap/index.php b/src/www/soap/index.php
index d7b9b10..8ffe50d 100644
--- a/src/www/soap/index.php
+++ b/src/www/soap/index.php
@@ -1,6 +1,5 @@
<?php
-$no_gz_buffer = true;
$no_debug = true;
// 0. Include GForge files for access to GForge system
diff --git a/src/www/tarballs.php b/src/www/tarballs.php
index 421992c..54b974b 100644
--- a/src/www/tarballs.php
+++ b/src/www/tarballs.php
@@ -25,8 +25,6 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
-$no_gz_buffer=true;
-
require_once 'env.inc.php';
require_once $gfcommon.'include/pre.php';
diff --git a/src/www/tracker/download.php b/src/www/tracker/download.php
index 4aaa04c..ed5327d 100644
--- a/src/www/tracker/download.php
+++ b/src/www/tracker/download.php
@@ -9,8 +9,6 @@
*
*/
-$no_gz_buffer=true;
-
require_once '../env.inc.php';
require_once $gfcommon.'include/pre.php';
require_once $gfcommon.'tracker/Artifact.class.php';
-----------------------------------------------------------------------
Summary of changes:
src/CHANGES | 1 +
src/common/include/env.inc.php | 2 --
src/common/include/pre.php | 4 ----
src/www/docman/view.php | 2 --
src/www/frs/download.php | 2 --
src/www/scm/viewvc.php | 5 -----
src/www/search/index.php | 2 --
src/www/snapshots.php | 2 --
src/www/snippet/download.php | 2 --
src/www/soap/index.php | 1 -
src/www/tarballs.php | 2 --
src/www/tracker/download.php | 2 --
12 files changed, 1 insertion(+), 26 deletions(-)
diff --git a/src/CHANGES b/src/CHANGES
index eb056d9..62153e9 100644
--- a/src/CHANGES
+++ b/src/CHANGES
@@ -16,6 +16,7 @@ FusionForge 6.0.1:
* SCM SVN: fix permissions in migration script (Inria)
* Plugin scmhook: git commitemail: fix subject, handle special chars (Roland
Mas, for Inria)
* Plugin scmhook: fix hook deactivation (Inria)
+* Disable forceful gzip compression, mitigates BREACH attacks [#779] (tarent
solutions GmbH, Inria)
* Doc clean-up (Inria)
FusionForge 6.0:
diff --git a/src/common/include/env.inc.php b/src/common/include/env.inc.php
index 1e99f76..6139048 100644
--- a/src/common/include/env.inc.php
+++ b/src/common/include/env.inc.php
@@ -32,8 +32,6 @@ if (!getenv('SERVER_SOFTWARE')) {
/* enable maximum error reporting */
error_reporting(-1);
- /* disable output buffering */
- $no_gz_buffer = true;
/* allow it to eat all memory */
ini_set("memory_limit", -1);
}
diff --git a/src/common/include/pre.php b/src/common/include/pre.php
index 5dfa29d..b89ccd7 100644
--- a/src/common/include/pre.php
+++ b/src/common/include/pre.php
@@ -46,10 +46,6 @@ if (getStringFromServer('HTTP_X_moz') === 'prefetch'){
exit;
}
-if (!isset($no_gz_buffer) || !$no_gz_buffer) {
- ob_start("ob_gzhandler");
-}
-
// Database access and other passwords when on the web
function setconfigfromenv ($sec, $var, $serv, $env) {
if (getenv ('SERVER_SOFTWARE')) {
diff --git a/src/www/docman/view.php b/src/www/docman/view.php
index 6acfd03..87157ac 100644
--- a/src/www/docman/view.php
+++ b/src/www/docman/view.php
@@ -25,8 +25,6 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
-$no_gz_buffer = true;
-
require_once '../env.inc.php';
require_once $gfcommon.'include/pre.php';
require_once $gfcommon.'docman/Document.class.php';
diff --git a/src/www/frs/download.php b/src/www/frs/download.php
index f32f659..a1d194b 100644
--- a/src/www/frs/download.php
+++ b/src/www/frs/download.php
@@ -24,8 +24,6 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
-$no_gz_buffer = true;
-
require_once '../env.inc.php';
require_once $gfcommon.'include/pre.php';
require_once $gfcommon.'frs/include/frs_utils.php';
diff --git a/src/www/scm/viewvc.php b/src/www/scm/viewvc.php
index 931c936..1bc320c 100644
--- a/src/www/scm/viewvc.php
+++ b/src/www/scm/viewvc.php
@@ -29,11 +29,6 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
-// make sure we're not compressing output if we are making a tarball
-if (isset($_GET['view']) && $_GET['view'] == 'tar') {
- $no_gz_buffer = true;
-}
-
require_once '../env.inc.php';
require_once $gfcommon.'include/pre.php';
require_once $gfwww.'scm/include/scm_utils.php';
diff --git a/src/www/search/index.php b/src/www/search/index.php
index bd82223..cdec69f 100644
--- a/src/www/search/index.php
+++ b/src/www/search/index.php
@@ -22,8 +22,6 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
-$no_gz_buffer = true;
-
require_once '../env.inc.php';
require_once $gfcommon.'include/pre.php';
require_once $gfcommon.'tracker/include/ArtifactTypeHtml.class.php';
diff --git a/src/www/snapshots.php b/src/www/snapshots.php
index 8d64396..4efeb0e 100644
--- a/src/www/snapshots.php
+++ b/src/www/snapshots.php
@@ -24,8 +24,6 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
-$no_gz_buffer=true;
-
require_once 'env.inc.php';
require_once $gfcommon.'include/pre.php';
diff --git a/src/www/snippet/download.php b/src/www/snippet/download.php
index e3a1eec..154754a 100644
--- a/src/www/snippet/download.php
+++ b/src/www/snippet/download.php
@@ -22,8 +22,6 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
-$no_gz_buffer=true;
-
require_once '../env.inc.php';
require_once $gfcommon.'include/pre.php';
require $gfwww.'snippet/snippet_utils.php';
diff --git a/src/www/soap/index.php b/src/www/soap/index.php
index d7b9b10..8ffe50d 100644
--- a/src/www/soap/index.php
+++ b/src/www/soap/index.php
@@ -1,6 +1,5 @@
<?php
-$no_gz_buffer = true;
$no_debug = true;
// 0. Include GForge files for access to GForge system
diff --git a/src/www/tarballs.php b/src/www/tarballs.php
index 421992c..54b974b 100644
--- a/src/www/tarballs.php
+++ b/src/www/tarballs.php
@@ -25,8 +25,6 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
-$no_gz_buffer=true;
-
require_once 'env.inc.php';
require_once $gfcommon.'include/pre.php';
diff --git a/src/www/tracker/download.php b/src/www/tracker/download.php
index 4aaa04c..ed5327d 100644
--- a/src/www/tracker/download.php
+++ b/src/www/tracker/download.php
@@ -9,8 +9,6 @@
*
*/
-$no_gz_buffer=true;
-
require_once '../env.inc.php';
require_once $gfcommon.'include/pre.php';
require_once $gfcommon.'tracker/Artifact.class.php';
hooks/post-receive
--
FusionForge
_______________________________________________
Fusionforge-commits mailing list
[email protected]
http://lists.fusionforge.org/cgi-bin/mailman/listinfo/fusionforge-commits
