lighttpd.spec - branch up...

glen Thu, 08 Dec 2011 09:44:47 -0800

Author: glen                         Date: Thu Dec  8 17:44:39 2011 GMT
Module: packages                      Tag: HEAD
---- Log message:
- branch update:
  [ssl] fix ssl connection aborts if files are larger than the MAX_WRITE_LIMIT 
(256kb)


---- Files affected:
packages/lighttpd:
   lighttpd-branch.diff (1.70 -> 1.71) , lighttpd.spec (1.350 -> 1.351) 

---- Diffs:

================================================================
Index: packages/lighttpd/lighttpd-branch.diff
diff -u packages/lighttpd/lighttpd-branch.diff:1.70 
packages/lighttpd/lighttpd-branch.diff:1.71
--- packages/lighttpd/lighttpd-branch.diff:1.70 Thu Dec  1 12:11:19 2011
+++ packages/lighttpd/lighttpd-branch.diff      Thu Dec  8 18:44:33 2011
@@ -1,4 +1,4 @@
-# Revision 2812
+# Revision 2815
 Index: src/http_auth_digest.c
 ===================================================================
 --- src/http_auth_digest.c     (.../tags/lighttpd-1.4.29)
@@ -562,7 +562,7 @@
                cv[62].destination = &(s->ssl_use_sslv3);
                cv[63].destination = s->ssl_dh_file;
                cv[64].destination = s->ssl_ec_curve;
-+              cv[65].destination = &(s->ssl_honor_cipher_order);
++              cv[66].destination = &(s->ssl_honor_cipher_order);
 +
                cv[49].destination = &(s->etag_use_inode);
                cv[50].destination = &(s->etag_use_mtime);
@@ -1092,7 +1092,7 @@
                                        unsigned long err;
  
                                        switch ((ssl_r = SSL_get_error(ssl, 
r))) {
-@@ -243,6 +259,7 @@
+@@ -243,12 +259,13 @@
                                } else {
                                        c->offset += r;
                                        cq->bytes_out += r;
@@ -1100,6 +1100,13 @@
                                }
  
                                if (c->offset == c->file.length) {
+                                       chunk_finished = 1;
+                               }
+-                      } while(!chunk_finished && !write_wait);
++                      } while (!chunk_finished && !write_wait && max_bytes > 
0);
+ 
+                       break;
+               }
 @@ -263,11 +280,9 @@
  
                        break;
@@ -1892,12 +1899,29 @@
 ===================================================================
 --- doc/config/lighttpd.conf   (.../tags/lighttpd-1.4.29)
 +++ doc/config/lighttpd.conf   (.../branches/lighttpd-1.4.x)
-@@ -394,6 +394,8 @@
+@@ -394,6 +394,25 @@
  ##   $SERVER["socket"] == "10.0.0.1:443" {
  ##     ssl.engine                  = "enable"
  ##     ssl.pemfile                 = "/etc/ssl/private/www.example.com.pem"
++##     #
++##     # Mitigate BEAST attack:
++##     #
++##     # A stricter base cipher suite. For details see:
 +##     # 
http://blog.ivanristic.com/2011/10/mitigating-the-beast-attack-on-tls.html
-+##     ssl.ciphers                 = 
"ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM"
++##     #
++##     ssl.ciphers                 = 
"ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4-SHA:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM"
++##     #
++##     # Make the server prefer the order of the server side cipher suite 
instead of the client suite.
++##     # This is necessary to mitigate the BEAST attack (unless you disable 
all non RC4 algorithms).
++##     # This option is enabled by default, but only used if ssl.ciphers is 
set.
++##     #
++##     # ssl.honor-cipher-order = "enable"
++##     #
++##     # Mitigate CVE-2009-3555 by disabling client triggered renegotation
++##     # This is enabled by default.
++##     #
++##     # ssl.disable-client-renegotiation = "enable"
++##     #
  ##     server.name                 = "www.example.com"
  ##
  ##     server.document-root        = "/srv/www/vhosts/example.com/www/"
@@ -1907,7 +1931,7 @@
 ===================================================================
 --- NEWS       (.../tags/lighttpd-1.4.29)
 +++ NEWS       (.../branches/lighttpd-1.4.x)
-@@ -3,7 +3,19 @@
+@@ -3,7 +3,20 @@
  NEWS
  ====
  
@@ -1923,6 +1947,7 @@
 +  * [ssl] count renegotiations to prevent client renegotiations
 +  * [ssl] add option to honor server cipher order (fixes #2364, BEAST attack)
 +  * [core] accept dots in ipv6 addresses in host header (fixes #2359)
++  * [ssl] fix ssl connection aborts if files are larger than the 
MAX_WRITE_LIMIT (256kb)
 +
 +- 1.4.29 - 2011-07-03
    * Fix mod_proxy waiting for response even if content-length is 0 (fixes 
#2259)

================================================================
Index: packages/lighttpd/lighttpd.spec
diff -u packages/lighttpd/lighttpd.spec:1.350 
packages/lighttpd/lighttpd.spec:1.351
--- packages/lighttpd/lighttpd.spec:1.350       Thu Dec  1 12:11:19 2011
+++ packages/lighttpd/lighttpd.spec     Thu Dec  8 18:44:33 2011
@@ -30,7 +30,7 @@
 Summary(pl.UTF-8):     Szybki i lekki serwer HTTP
 Name:          lighttpd
 Version:       1.4.29
-Release:       4
+Release:       5
 License:       BSD
 Group:         Networking/Daemons/HTTP
 Source0:       
http://download.lighttpd.net/lighttpd/releases-1.4.x/%{name}-%{version}.tar.bz2
@@ -1319,6 +1319,10 @@
 All persons listed below can be reached at <cvs_login>@pld-linux.org
 
 $Log$
+Revision 1.351  2011/12/08 17:44:33  glen
+- branch update:
+  [ssl] fix ssl connection aborts if files are larger than the MAX_WRITE_LIMIT 
(256kb)
+
 Revision 1.350  2011/12/01 11:11:19  glen
 - update branch diff:
   [mod_auth] Fix signedness error in http_auth (fixes #2370, CVE-2011-4362)
================================================================

---- CVS-web:
    
http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/lighttpd/lighttpd-branch.diff?r1=1.70&r2=1.71&f=u
    
http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/lighttpd/lighttpd.spec?r1=1.350&r2=1.351&f=u

_______________________________________________
pld-cvs-commit mailing list
[email protected]
http://lists.pld-linux.org/mailman/listinfo/pld-cvs-commit

packages: lighttpd/lighttpd-branch.diff, lighttpd/lighttpd.spec - branch up...

Reply via email to