{"payload":{"feedbackUrl":"https://github.com/orgs/community/discussions/53140","repo":{"id":121000407,"defaultBranch":"master","name":"ryshttpd","ownerLogin":"strlcat","currentUserCanPush":false,"isFork":false,"isEmpty":false,"createdAt":"2018-02-10T09:00:07.000Z","ownerAvatar":"https://avatars.githubusercontent.com/u/26036609?v=4","public":true,"private":false,"isOrgOwned":false},"refInfo":{"name":"","listCacheKey":"v0:1705836520.0","currentOid":""},"activityList":{"items":[{"before":"7d95eb1ad01f1372b5e16cdb4ad4b8544c3db761","after":"cf6c274d3843a479746e2aee15c81f1fc3ce37a7","ref":"refs/heads/master","pushedAt":"2024-01-21T14:19:00.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"strlcat","name":"Andrey Rys","path":"/strlcat","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/26036609?s=80&v=4"},"commit":{"message":"Disallow unaligned continued transfers when encrypting","shortMessageHtmlLink":"Disallow unaligned continued transfers when encrypting"}},{"before":"db2274bb4acabed822acbf88599135998f0419bc","after":"7d95eb1ad01f1372b5e16cdb4ad4b8544c3db761","ref":"refs/heads/master","pushedAt":"2024-01-21T12:53:08.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"strlcat","name":"Andrey Rys","path":"/strlcat","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/26036609?s=80&v=4"},"commit":{"message":"Move to XTS mode of operation. CTR is too problematic to be implemented in this context.","shortMessageHtmlLink":"Move to XTS mode of operation. CTR is too problematic to be implement…"}},{"before":null,"after":"b4f7f88dcde7be5d8b356fe2aaa2d4895f6083f5","ref":"refs/heads/oldstable","pushedAt":"2024-01-21T11:28:40.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"strlcat","name":"Andrey Rys","path":"/strlcat","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/26036609?s=80&v=4"},"commit":{"message":"httpd: fix automatic socket file creation mode by mangling umask","shortMessageHtmlLink":"httpd: fix automatic socket file creation mode by mangling umask"}},{"before":"d33f279ecc2f4274189e0785fa672d2ff95a9429","after":"db2274bb4acabed822acbf88599135998f0419bc","ref":"refs/heads/master","pushedAt":"2024-01-20T22:58:38.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"strlcat","name":"Andrey Rys","path":"/strlcat","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/26036609?s=80&v=4"},"commit":{"message":"When partial encrypted transfers, send correct size and ascii offset indicator\n\nClient can then reconstruct full file content just by finding ascii only 16 byte\noffset indicators, use their values and decrypt in chunks. This protocol is only\nused when client transfers chunks of file with download resuming.\n\nCounter mode cannot permit counter reuse for several files because rogue client\ncan then try to download several files with known counter (supplied by them),\nthen xor two received files and deduce the differences (because both key and counter\nvalues are likely to be same for them). Hence, without server side caching by something\nVERY unique (example: file hash is good for unique hash but client's IP address\nis VERY bad in the same time), it is VERY hard to ensure CTR mode security without\nmaking counter value random and forcing it to client. But generating file hash\nfor each transfer is likely to cause server's DoS and rogue clients can use this\nas an advantage to bring down the service to knees.\n\nAt the time of implementing this, htcrypt can only partially decrypt such\nfiles (better say, scattered around chunks). It, as of now, cannot handle\nwhole file with chunks around. This is subject for future improvement of htcrypt.\n\nThe protocol of chunked transfer is:\n\n* 16 bytes hex encoded number - the offset from which encryption was started, 64 bit.\n  These digits are always ASCII. Because everything around is random, they're easy to find.\n  Possess no any useful information which may help decrypting payload at all.\n* 32 bytes IV/CTR value, just like in regular file transfer\n* payload, by 48 bytes less than expected because of header above.","shortMessageHtmlLink":"When partial encrypted transfers, send correct size and ascii offset …"}},{"before":"8581a50ee0977c1e3b2e9b7f8fdc455f558d2c4d","after":"d33f279ecc2f4274189e0785fa672d2ff95a9429","ref":"refs/heads/master","pushedAt":"2024-01-19T22:41:15.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"strlcat","name":"Andrey Rys","path":"/strlcat","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/26036609?s=80&v=4"},"commit":{"message":"return to pseudorandom counter, and don't care about client download continuation\n\nClient must know how to do partial downloads in case of symmetric encryption\nHint: use ?range=start-end and write to separate files.\n\nAnyway, it's not quite optimal: if you'll use \"wget -c\", then there will\nbe always messed up files with random counters prepended. But I don't care for now.","shortMessageHtmlLink":"return to pseudorandom counter, and don't care about client download …"}},{"before":"a445247b00ceb8cd8f95ba40e6d27635d6f034bd","after":"8581a50ee0977c1e3b2e9b7f8fdc455f558d2c4d","ref":"refs/heads/master","pushedAt":"2024-01-19T22:11:29.000Z","pushType":"push","commitsCount":2,"pusher":{"login":"strlcat","name":"Andrey Rys","path":"/strlcat","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/26036609?s=80&v=4"},"commit":{"message":"htcrypt: move password asking after input file open but before output file creat","shortMessageHtmlLink":"htcrypt: move password asking after input file open but before output…"}},{"before":"7795064bb1c610cf62e4ee13cbe0f38f8b03ca1d","after":"a445247b00ceb8cd8f95ba40e6d27635d6f034bd","ref":"refs/heads/master","pushedAt":"2024-01-19T22:03:45.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"strlcat","name":"Andrey Rys","path":"/strlcat","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/26036609?s=80&v=4"},"commit":{"message":"htcrypt: add Range (seeking) handling","shortMessageHtmlLink":"htcrypt: add Range (seeking) handling"}},{"before":"b158c415a05b0c072c664cf81ff9c662ea108855","after":"7795064bb1c610cf62e4ee13cbe0f38f8b03ca1d","ref":"refs/heads/master","pushedAt":"2024-01-19T21:50:02.000Z","pushType":"push","commitsCount":2,"pusher":{"login":"strlcat","name":"Andrey Rys","path":"/strlcat","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/26036609?s=80&v=4"},"commit":{"message":"Add htcrypt: tool to decrypt ryshttpd symmetrically encrypted files","shortMessageHtmlLink":"Add htcrypt: tool to decrypt ryshttpd symmetrically encrypted files"}},{"before":"93b4c09cf831be7e650c1bf472474c8d9c7b5776","after":"b158c415a05b0c072c664cf81ff9c662ea108855","ref":"refs/heads/master","pushedAt":"2024-01-19T21:19:27.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"strlcat","name":"Andrey Rys","path":"/strlcat","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/26036609?s=80&v=4"},"commit":{"message":"remove unused sources","shortMessageHtmlLink":"remove unused sources"}},{"before":"db72098c8c41d4285fc0216ff11b59cf86ed06b8","after":"93b4c09cf831be7e650c1bf472474c8d9c7b5776","ref":"refs/heads/master","pushedAt":"2024-01-19T19:58:45.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"strlcat","name":"Andrey Rys","path":"/strlcat","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/26036609?s=80&v=4"},"commit":{"message":"Reject idea about variable or client supplied counter, derive it from key directly instead.","shortMessageHtmlLink":"Reject idea about variable or client supplied counter, derive it from…"}},{"before":"c5f1d352850f6580e0f78cbe0ac55d39ce9c2257","after":"db72098c8c41d4285fc0216ff11b59cf86ed06b8","ref":"refs/heads/master","pushedAt":"2024-01-19T18:54:29.000Z","pushType":"push","commitsCount":2,"pusher":{"login":"strlcat","name":"Andrey Rys","path":"/strlcat","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/26036609?s=80&v=4"},"commit":{"message":"Require X-Encryption-Salt on partial symmetric encryption transfer","shortMessageHtmlLink":"Require X-Encryption-Salt on partial symmetric encryption transfer"}},{"before":"b72fe9f692073aca5f2c89819855133b2d578afe","after":"c5f1d352850f6580e0f78cbe0ac55d39ce9c2257","ref":"refs/heads/master","pushedAt":"2024-01-17T21:06:24.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"strlcat","name":"Andrey Rys","path":"/strlcat","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/26036609?s=80&v=4"},"commit":{"message":"Introduce transparent file encryption when htaccess or -O cryptpw says so.","shortMessageHtmlLink":"Introduce transparent file encryption when htaccess or -O cryptpw say…"}},{"before":"63af76065e97f26e0b6639a3a5751161dee899cf","after":"b72fe9f692073aca5f2c89819855133b2d578afe","ref":"refs/heads/master","pushedAt":"2023-12-06T19:08:43.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"strlcat","name":"Andrey Rys","path":"/strlcat","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/26036609?s=80&v=4"},"commit":{"message":"httpd: implement self-reexec inside chroot with leaked exefd","shortMessageHtmlLink":"httpd: implement self-reexec inside chroot with leaked exefd"}},{"before":"2c1d04c56b71a0b6e971d4ccb86cfb64bb308720","after":"63af76065e97f26e0b6639a3a5751161dee899cf","ref":"refs/heads/master","pushedAt":"2023-10-22T11:10:41.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"strlcat","name":"Andrey Rys","path":"/strlcat","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/26036609?s=80&v=4"},"commit":{"message":"find_index_file: include absolute pathname to matched as well","shortMessageHtmlLink":"find_index_file: include absolute pathname to matched as well"}},{"before":"b4f7f88dcde7be5d8b356fe2aaa2d4895f6083f5","after":"2c1d04c56b71a0b6e971d4ccb86cfb64bb308720","ref":"refs/heads/master","pushedAt":"2023-10-07T11:38:35.000Z","pushType":"push","commitsCount":2,"pusher":{"login":"strlcat","name":"Andrey Rys","path":"/strlcat","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/26036609?s=80&v=4"},"commit":{"message":"find_index_file: fix bug when it can return directory as index file\n\nThis bug still leads to \"403 Forbidden\" message when trying to\nexploit it, because read() will return EISDIR, but it is better\nto get this logic fixed and consistent.","shortMessageHtmlLink":"find_index_file: fix bug when it can return directory as index file"}},{"before":"2305993f95edb27ab64359195e2550770b570cfb","after":"b4f7f88dcde7be5d8b356fe2aaa2d4895f6083f5","ref":"refs/heads/master","pushedAt":"2023-04-12T15:58:59.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"strlcat","name":"Andrey Rys","path":"/strlcat","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/26036609?s=80&v=4"},"commit":{"message":"httpd: fix automatic socket file creation mode by mangling umask","shortMessageHtmlLink":"httpd: fix automatic socket file creation mode by mangling umask"}}],"hasNextPage":false,"hasPreviousPage":false,"activityType":"all","actor":null,"timePeriod":"all","sort":"DESC","perPage":30,"cursor":"djE6ks8AAAAD5SQHTwA","startCursor":null,"endCursor":null}},"title":"Activity · strlcat/ryshttpd"}