Lighttpd

2015-10-27

20:55 Bug #2679 (Fixed): mod_secdownload md5 comparison vulnerable to timing attacks

Applied in changeset r3048. stbuehler

18:33 Bug #2679: mod_secdownload md5 comparison vulnerable to timing attacks

Given that we use md5 to generate the hash I'm not quite sure how secure the hash comparison has to be, but good catc... stbuehler

20:53 Revision 93e17ea7: use libmemcached instead of deprecated libmemcache

Differential Revision: https://review.lighttpd.net/D5 stbuehler

20:52 Revision 75a518bd: add handling for lua 5.2 and 5.3 (fixes #2674)

Reviewers: stbuehler
Differential Revision: https://review.lighttpd.net/D4 stbuehler

20:50 Revision 39add447: [mod_secdownload] use a hopefully constant time comparison to check hash (fixes #2679)

From: Stefan Bühler <stbuehler@web.de>
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3048 152a... stbuehler

2015-10-26

18:13 Bug #2680: regression: uploading large file when disk space is tight

We don't preallocate disk space, so I don't think it will require "file size + size of one chunk". stbuehler

16:04 Bug #2680 (Fixed): regression: uploading large file when disk space is tight

since this commit :
Revision 3010
increase upload temporary chunk file size from 1MB to 16MB
From: Stefan Bühler... rgenoud

2015-10-25

22:50 Bug #2679 (Fixed): mod_secdownload md5 comparison vulnerable to timing attacks

In _mod_secure_download.c_ line 267, the following code is used for comparing the user-supplied MD5:
@
if (0 != ... ikki