[DRE-commits] [ruby-passenger] 03/07: Drop CVE-2014-1832.patch, fixed upstream.
Felix Geyer
fgeyer at moszumanska.debian.org
Sun Aug 24 20:57:20 UTC 2014
This is an automated email from the git hooks/post-receive script.
fgeyer pushed a commit to branch master
in repository ruby-passenger.
commit 4d02f67efca7e3499f79258f83bc427b2fcbd777
Author: Felix Geyer <fgeyer at debian.org>
Date: Sun Aug 24 13:16:51 2014 +0200
Drop CVE-2014-1832.patch, fixed upstream.
---
debian/changelog | 1 +
debian/patches/CVE-2014-1832.patch | 154 -------------------------------------
debian/patches/series | 1 -
3 files changed, 1 insertion(+), 155 deletions(-)
diff --git a/debian/changelog b/debian/changelog
index b135fef..f21e630 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,6 +1,7 @@
ruby-passenger (4.0.49-1) UNRELEASED; urgency=medium
* New upstream release.
+ * Drop CVE-2014-1832.patch, fixed upstream.
-- Felix Geyer <fgeyer at debian.org> Sun, 24 Aug 2014 12:17:21 +0200
diff --git a/debian/patches/CVE-2014-1832.patch b/debian/patches/CVE-2014-1832.patch
deleted file mode 100644
index 444a675..0000000
--- a/debian/patches/CVE-2014-1832.patch
+++ /dev/null
@@ -1,154 +0,0 @@
-From 94428057c602da3d6d34ef75c78091066ecac5c0 Mon Sep 17 00:00:00 2001
-From: "Hongli Lai (Phusion)" <hongli at phusion.nl>
-Date: Wed, 29 Jan 2014 14:19:25 +0100
-Subject: [PATCH] Fix a symlink-related security vulnerability.
-
-The fix in commit 34b10878 and contained a small attack time window in
-between two filesystem operations. This has been fixed.
----
- ext/common/ServerInstanceDir.h | 38 ++++++++++++++++++++++----------------
- ext/common/Utils.cpp | 29 -----------------------------
- ext/common/Utils.h | 6 ------
- 4 files changed, 40 insertions(+), 51 deletions(-)
-
-diff --git a/ext/common/ServerInstanceDir.h b/ext/common/ServerInstanceDir.h
-index 8da3cf3..1315de5 100644
---- a/ext/common/ServerInstanceDir.h
-+++ b/ext/common/ServerInstanceDir.h
-@@ -1,6 +1,6 @@
- /*
- * Phusion Passenger - https://www.phusionpassenger.com/
-- * Copyright (c) 2010-2013 Phusion
-+ * Copyright (c) 2010-2014 Phusion
- *
- * "Phusion Passenger" is a trademark of Hongli Lai & Ninh Bui.
- *
-@@ -193,6 +193,9 @@ class ServerInstanceDir: public noncopyable {
-
- void initialize(const string &path, bool owner) {
- TRACE_POINT();
-+ struct stat buf;
-+ int ret;
-+
- this->path = path;
- this->owner = owner;
-
-@@ -212,18 +215,25 @@ class ServerInstanceDir: public noncopyable {
- * rights though, because we want admin tools to be able to list the available
- * generations no matter what user they're running as.
- */
-+
-+ do {
-+ ret = lstat(path.c_str(), &buf);
-+ } while (ret == -1 && errno == EAGAIN);
- if (owner) {
-- switch (getFileTypeNoFollowSymlinks(path)) {
-- case FT_NONEXISTANT:
-+ if (ret == 0) {
-+ if (S_ISDIR(buf.st_mode)) {
-+ verifyDirectoryPermissions(path, buf);
-+ } else {
-+ throw RuntimeException("'" + path + "' already exists, and is not a directory");
-+ }
-+ } else if (errno == ENOENT) {
- createDirectory(path);
-- break;
-- case FT_DIRECTORY:
-- verifyDirectoryPermissions(path);
-- break;
-- default:
-- throw RuntimeException("'" + path + "' already exists, and is not a directory");
-+ } else {
-+ int e = errno;
-+ throw FileSystemException("Cannot lstat '" + path + "'",
-+ e, path);
- }
-- } else if (getFileType(path) != FT_DIRECTORY) {
-+ } else if (!S_ISDIR(buf.st_mode)) {
- throw RuntimeException("Server instance directory '" + path +
- "' does not exist");
- }
-@@ -259,14 +269,10 @@ class ServerInstanceDir: public noncopyable {
- * so that an attacker cannot pre-create a directory with too liberal
- * permissions.
- */
-- void verifyDirectoryPermissions(const string &path) {
-+ void verifyDirectoryPermissions(const string &path, struct stat &buf) {
- TRACE_POINT();
-- struct stat buf;
-
-- if (stat(path.c_str(), &buf) == -1) {
-- int e = errno;
-- throw FileSystemException("Cannot stat() " + path, e, path);
-- } else if (buf.st_mode != (S_IFDIR | parseModeString("u=rwx,g=rx,o=rx"))) {
-+ if (buf.st_mode != (S_IFDIR | parseModeString("u=rwx,g=rx,o=rx"))) {
- throw RuntimeException("Tried to reuse existing server instance directory " +
- path + ", but it has wrong permissions");
- } else if (buf.st_uid != geteuid() || buf.st_gid != getegid()) {
-diff --git a/ext/common/Utils.cpp b/ext/common/Utils.cpp
-index d1db8d6..1f3dec5 100644
---- a/ext/common/Utils.cpp
-+++ b/ext/common/Utils.cpp
-@@ -143,35 +143,6 @@
- }
- }
-
--FileType
--getFileTypeNoFollowSymlinks(const StaticString &filename) {
-- struct stat buf;
-- int ret;
--
-- ret = lstat(filename.c_str(), &buf);
-- if (ret == 0) {
-- if (S_ISREG(buf.st_mode)) {
-- return FT_REGULAR;
-- } else if (S_ISDIR(buf.st_mode)) {
-- return FT_DIRECTORY;
-- } else if (S_ISLNK(buf.st_mode)) {
-- return FT_SYMLINK;
-- } else {
-- return FT_OTHER;
-- }
-- } else {
-- if (errno == ENOENT) {
-- return FT_NONEXISTANT;
-- } else {
-- int e = errno;
-- string message("Cannot lstat '");
-- message.append(filename);
-- message.append("'");
-- throw FileSystemException(message, e, filename);
-- }
-- }
--}
--
- void
- createFile(const string &filename, const StaticString &contents, mode_t permissions, uid_t owner,
- gid_t group, bool overwrite)
-diff --git a/ext/common/Utils.h b/ext/common/Utils.h
-index 5cfaf92..a04e507 100644
---- a/ext/common/Utils.h
-+++ b/ext/common/Utils.h
-@@ -65,8 +65,6 @@
- FT_REGULAR,
- /** A directory. */
- FT_DIRECTORY,
-- /** A symlink. Only returned by getFileTypeNoFollowSymlinks(), not by getFileType(). */
-- FT_SYMLINK,
- /** Something else, e.g. a pipe or a socket. */
- FT_OTHER
- } FileType;
-@@ -123,10 +121,6 @@ bool fileExists(const StaticString &filename, CachedFileStat *cstat = 0,
- */
- FileType getFileType(const StaticString &filename, CachedFileStat *cstat = 0,
- unsigned int throttleRate = 0);
--/**
-- * Like getFileType(), but does not follow symlinks.
-- */
--FileType getFileTypeNoFollowSymlinks(const StaticString &filename);
-
- /**
- * Create the given file with the given contents, permissions and ownership.
---
-1.8.5.5
-
diff --git a/debian/patches/series b/debian/patches/series
index bd20fef..d4cadda 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,4 +1,3 @@
fix_install_path.patch
no_jsoncpp.patch
bin_load_path.patch
-CVE-2014-1832.patch
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-ruby-extras/ruby-passenger.git
More information about the Pkg-ruby-extras-commits
mailing list