[DRE-commits] [SCM] ruby-passenger.git branch, master, updated. debian/3.0.13debian-1-2-gf1d7cfe
Laurent Bigonville
bigon at bigon.be
Fri May 31 09:32:19 UTC 2013
The following commit has been merged in the master branch:
commit 1f9cead0b4b63e351a0fd543d22cdbdd032fad66
Author: Felix Geyer <fgeyer at debian.org>
Date: Thu May 30 09:27:46 2013 +0200
Imported Debian patch 3.0.13debian-1.1
diff --git a/debian/changelog b/debian/changelog
index 9a6b684..9f8254d 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,18 @@
+ruby-passenger (3.0.13debian-1.1) unstable; urgency=low
+
+ * Non-maintainer upload.
+ * Transition towards Apache 2.4. (Closes: #707063)
+ - Build-depend on apache2-dev and apache2.
+ - Use apache2 dh helper.
+ - Drop libapache2-mod-passenger maintainer scripts, now handled by
+ dh_apache2.
+ * Fix buiding against glibc 2.17.
+ - Add fix_ftbfs_glibc217.patch, cherry-picked from upstream.
+ * Fix CVE-2013-2119: insecure temporary file usage. (Closes: #710351)
+ - Add CVE-2013-2119.patch, cherry-picked from upstream.
+
+ -- Felix Geyer <fgeyer at debian.org> Thu, 30 May 2013 09:27:46 +0200
+
ruby-passenger (3.0.13debian-1) unstable; urgency=low
* Team upload.
diff --git a/debian/control b/debian/control
index 45365c2..8f7a2d7 100644
--- a/debian/control
+++ b/debian/control
@@ -3,8 +3,8 @@ Section: ruby
Priority: optional
Maintainer: Debian Ruby Extras Maintainers <pkg-ruby-extras-maintainers at lists.alioth.debian.org>
Uploaders: Filipe Lautert <filipe at debian.org>, Micah Anderson <micah at debian.org>, David Moreno <damog at debian.org>
-Build-Depends: debhelper (>= 7.0.50~), gem2deb (>= 0.2.12~), apache2-mpm-worker | apache2-mpm,
- apache2-threaded-dev, libapr1-dev, doxygen, asciidoc (>= 8.2), graphviz, rake,
+Build-Depends: debhelper (>= 7.0.50~), gem2deb (>= 0.2.12~), apache2 (>= 2.4),
+ apache2-dev (>= 2.4), libapr1-dev, doxygen, asciidoc (>= 8.2), graphviz, rake,
source-highlight, libjs-scriptaculous, libcurl4-openssl-dev, libev-dev
Standards-Version: 3.9.3
Homepage: http://www.modrails.com/
@@ -27,9 +27,7 @@ Description: Rails and Rack support for Apache2 and Nginx
Package: libapache2-mod-passenger
Architecture: any
Section: web
-Depends: ${shlibs:Depends}, ${misc:Depends}, apache2-mpm-worker (>= 2.2.9-9) |
- apache2-mpm-prefork (>= 2.2.9-9) | apache2-mpm-itk (>= 2.2.9-9) | apache2-mpm-event (>= 2.2.9-9),
- ruby-passenger (= ${binary:Version})
+Depends: ${shlibs:Depends}, ${misc:Depends}, ruby-passenger (= ${binary:Version})
Description: Rails and Rack support for Apache2
Phusion Passenger — a.k.a. mod_rails or mod_rack — makes
deployment of Ruby web applications, such as those built on the
diff --git a/debian/libapache2-mod-passenger.apache2 b/debian/libapache2-mod-passenger.apache2
new file mode 100644
index 0000000..7165fc7
--- /dev/null
+++ b/debian/libapache2-mod-passenger.apache2
@@ -0,0 +1,2 @@
+mod debian/passenger.load
+mod debian/passenger.conf
diff --git a/debian/libapache2-mod-passenger.install b/debian/libapache2-mod-passenger.install
index 772b93c..010fce2 100644
--- a/debian/libapache2-mod-passenger.install
+++ b/debian/libapache2-mod-passenger.install
@@ -1,3 +1 @@
usr/lib/apache2/modules/
-../passenger.conf etc/apache2/mods-available
-../passenger.load etc/apache2/mods-available
diff --git a/debian/libapache2-mod-passenger.postinst b/debian/libapache2-mod-passenger.postinst
deleted file mode 100644
index db51673..0000000
--- a/debian/libapache2-mod-passenger.postinst
+++ /dev/null
@@ -1,36 +0,0 @@
-#!/bin/sh
-
-set -e
-
-if [ "$1" != "configure" ]; then
- exit 0
-fi
-
-reload_apache()
-{
- if apache2ctl configtest 2>/dev/null; then
- invoke-rc.d apache2 force-reload || true
- else
- echo "Your apache2 configuration is broken, so we're not restarting it for you."
- fi
-}
-
-if [ -n "$2" ]; then
-# we're upgrading. test if we're enabled, and if so, restart to reload the module.
- if [ -e /etc/apache2/mods-enabled/passenger.load ]; then
- reload_apache
- fi
- exit 0
-fi
-
-if [ -e /etc/apache2/apache2.conf ]; then
-# Enable the module, but hide a2enmod's misleading message about apachectl
-# and force-reload the thing ourselves.
- a2enmod passenger >/dev/null || true
- reload_apache
-fi
-
-#DEBHELPER#
-
-exit 0
-
diff --git a/debian/libapache2-mod-passenger.prerm b/debian/libapache2-mod-passenger.prerm
deleted file mode 100644
index e8242d4..0000000
--- a/debian/libapache2-mod-passenger.prerm
+++ /dev/null
@@ -1,16 +0,0 @@
-#!/bin/sh
-
-set -e
-
-if [ "$1" != "remove" -a "$1" != "purge" ]; then
- exit 0
-fi;
-
-if [ -e /etc/apache2/apache2.conf ]; then
- a2dismod passenger || true
-fi
-
-#DEBHELPER#
-
-exit 0
-
diff --git a/debian/patches/CVE-2013-2119.patch b/debian/patches/CVE-2013-2119.patch
new file mode 100644
index 0000000..2118aaf
--- /dev/null
+++ b/debian/patches/CVE-2013-2119.patch
@@ -0,0 +1,199 @@
+From 0eaebb00f6b7327374069a7998064c68cc54e9f1 Mon Sep 17 00:00:00 2001
+From: "Hongli Lai (Phusion)" <hongli at phusion.nl>
+Date: Tue, 28 May 2013 22:30:53 +0200
+Subject: [PATCH] Ensure that temporary files and directories didn't already
+ exist.
+
+---
+ bin/passenger-install-nginx-module | 7 ++---
+ lib/phusion_passenger/dependencies.rb | 32 ++++++++--------------
+ lib/phusion_passenger/standalone/command.rb | 9 +++---
+ .../standalone/runtime_installer.rb | 7 ++---
+ 4 files changed, 23 insertions(+), 32 deletions(-)
+
+diff --git a/bin/passenger-install-nginx-module b/bin/passenger-install-nginx-module
+index 629240c..450252c 100755
+--- a/bin/passenger-install-nginx-module
++++ b/bin/passenger-install-nginx-module
+@@ -27,6 +27,7 @@ $LOAD_PATH.unshift("#{passenger_root}/lib")
+ require 'phusion_passenger'
+ require 'optparse'
+ require 'fileutils'
++require 'tmpdir'
+ require 'phusion_passenger/platform_info/ruby'
+ require 'phusion_passenger/dependencies'
+ require 'phusion_passenger/abstract_installer'
+@@ -108,14 +109,12 @@ class Installer < PhusionPassenger::AbstractInstaller
+ def before_install
+ super
+ myself = `whoami`.strip
+- @working_dir = "/tmp/#{myself}-passenger-#{Process.pid}"
+- FileUtils.rm_rf(@working_dir)
+- FileUtils.mkdir_p(@working_dir)
++ @working_dir = Dir.mktmpdir("passenger.")
+ end
+
+ def after_install
+ super
+- FileUtils.rm_rf(@working_dir)
++ FileUtils.remove_entry_secure(@working_dir) if @working_dir
+ end
+
+ private
+diff --git a/lib/phusion_passenger/dependencies.rb b/lib/phusion_passenger/dependencies.rb
+index e37a212..685b37d 100644
+--- a/lib/phusion_passenger/dependencies.rb
++++ b/lib/phusion_passenger/dependencies.rb
+@@ -22,6 +22,7 @@
+ # THE SOFTWARE.
+
+ require 'rbconfig'
++require 'tmpdir'
+ require 'phusion_passenger'
+ require 'phusion_passenger/packaging'
+ require 'phusion_passenger/platform_info'
+@@ -117,6 +118,12 @@ def self.mizuho_required?
+ end
+ end
+
++ def self.create_temp_files(name1, name2, dir = PlatformInfo.tmpexedir)
++ Dir.mktmpdir("passenger.", dir) do |subdir|
++ yield "#{subdir}/#{name1}", "#{subdir}/#{name2}"
++ end
++ end
++
+ GCC = Dependency.new do |dep|
+ dep.name = "GNU C++ compiler"
+ dep.define_checker do |result|
+@@ -456,9 +463,7 @@ def self.mizuho_required?
+ Curl_Dev = Dependency.new do |dep|
+ dep.name = "Curl development headers with SSL support"
+ dep.define_checker do |result|
+- source_file = "#{PlatformInfo.tmpexedir}/passenger-curl-check.c"
+- output_file = "#{PlatformInfo.tmpexedir}/passenger-curl-check"
+- begin
++ Dependencies.create_temp_files("check.c", "check") do |source_file, output_file|
+ found = true
+ File.open(source_file, 'w') do |f|
+ f.puts("#include <curl/curl.h>")
+@@ -482,9 +487,6 @@ def self.mizuho_required?
+ found = false
+ end
+ result.found(found)
+- ensure
+- File.unlink(source_file) rescue nil
+- File.unlink(output_file) rescue nil
+ end
+ end
+ dep.install_instructions = "Please download Curl from <b>http://curl.haxx.se/libcurl</b> " +
+@@ -514,22 +516,17 @@ def self.mizuho_required?
+ OpenSSL_Dev = Dependency.new do |dep|
+ dep.name = "OpenSSL development headers"
+ dep.define_checker do |result|
+- source_file = "#{PlatformInfo.tmpexedir}/passenger-openssl-check.c"
+- object_file = "#{PlatformInfo.tmpexedir}/passenger-openssl-check.o"
+- begin
++ Dependencies.create_temp_files("check.c", "check.o") do |source_file, output_file|
+ File.open(source_file, 'w') do |f|
+ f.write("#include <openssl/ssl.h>")
+ end
+ Dir.chdir(File.dirname(source_file)) do
+- if system("(gcc #{ENV['CFLAGS']} -c '#{source_file}') >/dev/null 2>/dev/null")
++ if system("(gcc #{ENV['CFLAGS']} -c '#{source_file}' -o '#{output_file}') >/dev/null 2>/dev/null")
+ result.found
+ else
+ result.not_found
+ end
+ end
+- ensure
+- File.unlink(source_file) rescue nil
+- File.unlink(object_file) rescue nil
+ end
+ end
+ if RUBY_PLATFORM =~ /linux/
+@@ -546,22 +543,17 @@ def self.mizuho_required?
+ Zlib_Dev = Dependency.new do |dep|
+ dep.name = "Zlib development headers"
+ dep.define_checker do |result|
+- source_file = "#{PlatformInfo.tmpexedir}/zlib-check.c"
+- object_file = "#{PlatformInfo.tmpexedir}/zlib-check.o"
+- begin
++ Dependencies.create_temp_files("check.c", "check.o") do |source_file, output_file|
+ File.open(source_file, 'w') do |f|
+ f.write("#include <zlib.h>")
+ end
+ Dir.chdir(File.dirname(source_file)) do
+- if system("(g++ -c zlib-check.c) >/dev/null 2>/dev/null")
++ if system("(g++ -c '#{source_file}' -o '#{output_file}') >/dev/null 2>/dev/null")
+ result.found
+ else
+ result.not_found
+ end
+ end
+- ensure
+- File.unlink(source_file) rescue nil
+- File.unlink(object_file) rescue nil
+ end
+ end
+ if RUBY_PLATFORM =~ /linux/
+diff --git a/lib/phusion_passenger/standalone/command.rb b/lib/phusion_passenger/standalone/command.rb
+index 8810427..b84909f 100644
+--- a/lib/phusion_passenger/standalone/command.rb
++++ b/lib/phusion_passenger/standalone/command.rb
+@@ -172,8 +172,11 @@ def determine_various_resource_locations(create_subdirs = true)
+
+ def write_nginx_config_file
+ require 'phusion_passenger/platform_info/ruby'
+- ensure_directory_exists(@temp_dir)
+-
++ require 'tmpdir'
++ @temp_dir = Dir.mktmpdir("passenger.", "/tmp")
++ @config_filename = "#{@temp_dir}/config"
++ File.chmod(0755, @temp_dir)
++
+ File.open(@config_filename, 'w') do |f|
+ f.chmod(0644)
+ template_filename = File.join(TEMPLATES_DIR, "standalone", "config.erb")
+@@ -213,8 +216,6 @@ def nginx_ping_port
+ def create_nginx_controller(extra_options = {})
+ require_daemon_controller
+ require 'socket' unless defined?(UNIXSocket)
+- @temp_dir = "/tmp/passenger-standalone.#{$$}"
+- @config_filename = "#{@temp_dir}/config"
+ if @options[:socket_file]
+ ping_spec = [:unix, @options[:socket_file]]
+ else
+diff --git a/lib/phusion_passenger/standalone/runtime_installer.rb b/lib/phusion_passenger/standalone/runtime_installer.rb
+index 730f776..31b6fd8 100644
+--- a/lib/phusion_passenger/standalone/runtime_installer.rb
++++ b/lib/phusion_passenger/standalone/runtime_installer.rb
+@@ -23,6 +23,7 @@
+ # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ # THE SOFTWARE.
+ require 'fileutils'
++require 'tmpdir'
+ require 'phusion_passenger'
+ require 'phusion_passenger/abstract_installer'
+ require 'phusion_passenger/packaging'
+@@ -164,16 +165,14 @@ def install!
+ def before_install
+ super
+ @plugin.call_hook(:runtime_installer_start, self) if @plugin
+- @working_dir = "/tmp/#{myself}-passenger-standalone-#{Process.pid}"
+- FileUtils.rm_rf(@working_dir)
+- FileUtils.mkdir_p(@working_dir)
++ @working_dir = Dir.mktmpdir("passenger.")
+ @download_binaries = true if !defined?(@download_binaries)
+ @binaries_url_root ||= STANDALONE_BINARIES_URL_ROOT
+ end
+
+ def after_install
+ super
+- FileUtils.rm_rf(@working_dir)
++ FileUtils.remove_entry_secure(@working_dir) if @working_dir
+ @plugin.call_hook(:runtime_installer_cleanup) if @plugin
+ end
+
+--
+1.8.1.6
+
diff --git a/debian/patches/fix_ftbfs_glibc217.patch b/debian/patches/fix_ftbfs_glibc217.patch
new file mode 100644
index 0000000..3de37e2
--- /dev/null
+++ b/debian/patches/fix_ftbfs_glibc217.patch
@@ -0,0 +1,164 @@
+From 27894da4c7a5da30ef7ab4b03f914d1dec8531ac Mon Sep 17 00:00:00 2001
+From: "Hongli Lai (Phusion)" <hongli at phusion.nl>
+Date: Sun, 26 Aug 2012 14:27:39 +0200
+Subject: [PATCH] Backport fix from
+ https://svn.boost.org/trac/boost/ticket/6940 This allows passenger to build
+ on Fedora 18/19.
+
+---
+ ext/boost/config/suffix.hpp | 12 ++++++++++++
+ ext/boost/src/pthread/thread.cpp | 4 ++--
+ ext/boost/src/pthread/timeconv.inl | 16 ++++++++--------
+ ext/boost/thread/locks.hpp | 6 +++---
+ ext/boost/thread/xtime.hpp | 4 ++--
+ ext/common/ApplicationPool/Pool.h | 2 +-
+ 7 files changed, 30 insertions(+), 16 deletions(-)
+
+diff --git a/ext/boost/config/suffix.hpp b/ext/boost/config/suffix.hpp
+index 3408d22..6464f33 100644
+--- a/ext/boost/config/suffix.hpp
++++ b/ext/boost/config/suffix.hpp
+@@ -103,6 +103,18 @@
+ #endif
+
+ //
++// constexpr workarounds
++//
++#if defined(BOOST_NO_CONSTEXPR)
++#define BOOST_CONSTEXPR
++#define BOOST_CONSTEXPR_OR_CONST const
++#else
++#define BOOST_CONSTEXPR constexpr
++#define BOOST_CONSTEXPR_OR_CONST constexpr
++#endif
++#define BOOST_STATIC_CONSTEXPR static BOOST_CONSTEXPR_OR_CONST
++
++//
+ // if there is no __int64 then there is no specialisation
+ // for numeric_limits<__int64> either:
+ //
+diff --git a/ext/boost/src/pthread/thread.cpp b/ext/boost/src/pthread/thread.cpp
+index b5a0572..f90cfcd 100644
+--- a/ext/boost/src/pthread/thread.cpp
++++ b/ext/boost/src/pthread/thread.cpp
+@@ -365,7 +365,7 @@
+ cond.timed_wait(lock, xt);
+ # endif
+ xtime cur;
+- xtime_get(&cur, TIME_UTC);
++ xtime_get(&cur, TIME_UTC_);
+ if (xtime_cmp(xt, cur) <= 0)
+ return;
+ }
+@@ -380,7 +380,7 @@
+ BOOST_VERIFY(!pthread_yield());
+ # else
+ xtime xt;
+- xtime_get(&xt, TIME_UTC);
++ xtime_get(&xt, TIME_UTC_);
+ sleep(xt);
+ # endif
+ }
+diff --git a/ext/boost/src/pthread/timeconv.inl b/ext/boost/src/pthread/timeconv.inl
+index b75a135..7c07802 100644
+--- a/ext/boost/src/pthread/timeconv.inl
++++ b/ext/boost/src/pthread/timeconv.inl
+@@ -20,8 +20,8 @@ const int NANOSECONDS_PER_MICROSECOND = 1000;
+ inline void to_time(int milliseconds, boost::xtime& xt)
+ {
+ int res = 0;
+- res = boost::xtime_get(&xt, boost::TIME_UTC);
+- BOOST_ASSERT(res == boost::TIME_UTC);
++ res = boost::xtime_get(&xt, boost::TIME_UTC_);
++ BOOST_ASSERT(res == boost::TIME_UTC_);
+
+ xt.sec += (milliseconds / MILLISECONDS_PER_SECOND);
+ xt.nsec += ((milliseconds % MILLISECONDS_PER_SECOND) *
+@@ -57,8 +57,8 @@ inline void to_timespec_duration(const boost::xtime& xt, timespec& ts)
+ {
+ boost::xtime cur;
+ int res = 0;
+- res = boost::xtime_get(&cur, boost::TIME_UTC);
+- BOOST_ASSERT(res == boost::TIME_UTC);
++ res = boost::xtime_get(&cur, boost::TIME_UTC_);
++ BOOST_ASSERT(res == boost::TIME_UTC_);
+
+ if (boost::xtime_cmp(xt, cur) <= 0)
+ {
+@@ -88,8 +88,8 @@ inline void to_duration(boost::xtime xt, int& milliseconds)
+ {
+ boost::xtime cur;
+ int res = 0;
+- res = boost::xtime_get(&cur, boost::TIME_UTC);
+- BOOST_ASSERT(res == boost::TIME_UTC);
++ res = boost::xtime_get(&cur, boost::TIME_UTC_);
++ BOOST_ASSERT(res == boost::TIME_UTC_);
+
+ if (boost::xtime_cmp(xt, cur) <= 0)
+ milliseconds = 0;
+@@ -110,8 +110,8 @@ inline void to_microduration(boost::xtime xt, int& microseconds)
+ {
+ boost::xtime cur;
+ int res = 0;
+- res = boost::xtime_get(&cur, boost::TIME_UTC);
+- BOOST_ASSERT(res == boost::TIME_UTC);
++ res = boost::xtime_get(&cur, boost::TIME_UTC_);
++ BOOST_ASSERT(res == boost::TIME_UTC_);
+
+ if (boost::xtime_cmp(xt, cur) <= 0)
+ microseconds = 0;
+diff --git a/ext/boost/thread/locks.hpp b/ext/boost/thread/locks.hpp
+index dd66a67..d77b145 100644
+--- a/ext/boost/thread/locks.hpp
++++ b/ext/boost/thread/locks.hpp
+@@ -164,9 +164,9 @@
+ struct adopt_lock_t
+ {};
+
+- const defer_lock_t defer_lock={};
+- const try_to_lock_t try_to_lock={};
+- const adopt_lock_t adopt_lock={};
++ BOOST_CONSTEXPR_OR_CONST defer_lock_t defer_lock={};
++ BOOST_CONSTEXPR_OR_CONST try_to_lock_t try_to_lock={};
++ BOOST_CONSTEXPR_OR_CONST adopt_lock_t adopt_lock={};
+
+ template<typename Mutex>
+ class shared_lock;
+diff --git a/ext/boost/thread/xtime.hpp b/ext/boost/thread/xtime.hpp
+index 7cc6272..f908298 100644
+--- a/ext/boost/thread/xtime.hpp
++++ b/ext/boost/thread/xtime.hpp
+@@ -20,7 +20,7 @@
+
+ enum xtime_clock_types
+ {
+- TIME_UTC=1
++ TIME_UTC_=1
+ // TIME_TAI,
+ // TIME_MONOTONIC,
+ // TIME_PROCESS,
+@@ -68,7 +68,7 @@ inline xtime get_xtime(boost::system_time const& abs_time)
+
+ inline int xtime_get(struct xtime* xtp, int clock_type)
+ {
+- if (clock_type == TIME_UTC)
++ if (clock_type == TIME_UTC_)
+ {
+ *xtp=get_xtime(get_system_time());
+ return clock_type;
+diff --git a/ext/common/ApplicationPool/Pool.h b/ext/common/ApplicationPool/Pool.h
+index 8c87ad5..d26529d 100644
+--- a/ext/common/ApplicationPool/Pool.h
++++ b/ext/common/ApplicationPool/Pool.h
+@@ -718,7 +718,7 @@ class Pool: public ApplicationPool::Interface {
+ }
+ } else {
+ xtime xt;
+- xtime_get(&xt, TIME_UTC);
++ xtime_get(&xt, TIME_UTC_);
+ xt.sec += maxIdleTime + 1;
+ if (cleanerThreadSleeper.timed_wait(l, xt)) {
+ // Condition was woken up.
+--
+1.8.1.6
+
diff --git a/debian/patches/series b/debian/patches/series
index 7a4b3dc..06ce617 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1 +1,3 @@
fix_install_path.patch
+fix_ftbfs_glibc217.patch
+CVE-2013-2119.patch
diff --git a/debian/rules b/debian/rules
index 664f397..70d0e08 100755
--- a/debian/rules
+++ b/debian/rules
@@ -4,7 +4,7 @@
export USE_VENDORED_LIBEV=false
%:
- dh $@ --buildsystem=ruby --with ruby
+ dh $@ --buildsystem=ruby --with ruby,apache2
override_dh_auto_build:
/usr/bin/ruby1.8 /usr/bin/rake fakeroot
--
ruby-passenger.git
More information about the Pkg-ruby-extras-commits
mailing list