diff options
author | Hans de Graaff <graaff@gentoo.org> | 2013-10-05 14:17:38 +0000 |
---|---|---|
committer | Hans de Graaff <graaff@gentoo.org> | 2013-10-05 14:17:38 +0000 |
commit | 5a9aaace41c40ec13bed0bbfc8d1caee74606bd7 (patch) | |
tree | a4d7ed6f96bd1ecea959367a51cc0701ecdf73fd /www-apache/passenger | |
parent | Version bump. (diff) | |
download | gentoo-2-5a9aaace41c40ec13bed0bbfc8d1caee74606bd7.tar.gz gentoo-2-5a9aaace41c40ec13bed0bbfc8d1caee74606bd7.tar.bz2 gentoo-2-5a9aaace41c40ec13bed0bbfc8d1caee74606bd7.zip |
Fix security bug 477462 with a fix backported in redhat bug 985633.
(Portage version: 2.2.1/cvs/Linux x86_64, signed Manifest commit with key 0x8883FA56A308A8D7!)
Diffstat (limited to 'www-apache/passenger')
-rw-r--r-- | www-apache/passenger/ChangeLog | 8 | ||||
-rw-r--r-- | www-apache/passenger/files/passenger-3.0.21-temp-file-usage.patch | 140 | ||||
-rw-r--r-- | www-apache/passenger/passenger-3.0.21-r1.ebuild | 100 |
3 files changed, 247 insertions, 1 deletions
diff --git a/www-apache/passenger/ChangeLog b/www-apache/passenger/ChangeLog index 3748e1f5cef4..1f9c72eb0a1e 100644 --- a/www-apache/passenger/ChangeLog +++ b/www-apache/passenger/ChangeLog @@ -1,6 +1,12 @@ # ChangeLog for www-apache/passenger # Copyright 1999-2013 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/www-apache/passenger/ChangeLog,v 1.70 2013/10/05 13:29:23 graaff Exp $ +# $Header: /var/cvsroot/gentoo-x86/www-apache/passenger/ChangeLog,v 1.71 2013/10/05 14:17:38 graaff Exp $ + +*passenger-3.0.21-r1 (05 Oct 2013) + + 05 Oct 2013; Hans de Graaff <graaff@gentoo.org> +passenger-3.0.21-r1.ebuild, + +files/passenger-3.0.21-temp-file-usage.patch: + Fix security bug 477462 with a fix backported in redhat bug 985633. *passenger-4.0.18 (05 Oct 2013) diff --git a/www-apache/passenger/files/passenger-3.0.21-temp-file-usage.patch b/www-apache/passenger/files/passenger-3.0.21-temp-file-usage.patch new file mode 100644 index 000000000000..54f227f78c6b --- /dev/null +++ b/www-apache/passenger/files/passenger-3.0.21-temp-file-usage.patch @@ -0,0 +1,140 @@ +--- passenger-release-3.0.21.orig/ext/common/LoggingAgent/Main.cpp 2013-05-29 07:09:31.000000000 -0500 ++++ passenger-release-3.0.21.orig/ext/common/LoggingAgent/Main.cpp 2013-07-18 09:35:47.514433743 -0500 +@@ -265,11 +265,6 @@ main(int argc, char *argv[]) { + ev::sig sigtermWatcher(eventLoop); + ev::sig sigquitWatcher(eventLoop); + +- if (feedbackFdAvailable()) { +- feedbackFdWatcher.set<&feedbackFdBecameReadable>(); +- feedbackFdWatcher.start(FEEDBACK_FD, ev::READ); +- writeArrayMessage(FEEDBACK_FD, "initialized", NULL); +- } + sigintWatcher.set<&caughtExitSignal>(); + sigintWatcher.start(SIGINT); + sigtermWatcher.set<&caughtExitSignal>(); +@@ -281,6 +276,11 @@ main(int argc, char *argv[]) { + /********** Initialized! Enter main loop... **********/ + + P_DEBUG("Logging agent online, listening at " << socketAddress); ++ if (feedbackFdAvailable()) { ++ feedbackFdWatcher.set<&feedbackFdBecameReadable>(); ++ feedbackFdWatcher.start(FEEDBACK_FD, ev::READ); ++ writeArrayMessage(FEEDBACK_FD, "initialized", NULL); ++ } + ev_loop(eventLoop, 0); + return exitCode; + } catch (const tracable_exception &e) { +--- passenger-release-3.0.21.orig/ext/common/ServerInstanceDir.h 2013-05-29 07:09:31.000000000 -0500 ++++ passenger-release-3.0.21.orig/ext/common/ServerInstanceDir.h 2013-07-18 09:38:54.431808622 -0500 +@@ -30,6 +30,7 @@ + #include <oxt/backtrace.hpp> + + #include <sys/types.h> ++#include <sys/stat.h> + #include <dirent.h> + #include <unistd.h> + #include <pwd.h> +@@ -38,6 +39,7 @@ + #include <cstring> + #include <string> + ++#include <Logging.h> + #include "Exceptions.h" + #include "Utils.h" + #include "Utils/StrIntUtils.h" +@@ -217,7 +219,69 @@ private: + * rights though, because we want admin tools to be able to list the available + * generations no matter what user they're running as. + */ +- makeDirTree(path, "u=rwxs,g=rx,o=rx"); ++ if (owner) { ++ switch (getFileType(path)) { ++ case FT_NONEXISTANT: ++ createDirectory(path); ++ break; ++ case FT_DIRECTORY: ++ verifyDirectoryPermissions(path); ++ break; ++ default: ++ throw RuntimeException("'" + path + "' already exists, and is not a directory"); ++ } ++ } else if (getFileType(path) != FT_DIRECTORY) { ++ throw RuntimeException("Server instance directory '" + path + ++ "' does not exist"); ++ } ++ } ++ ++ void createDirectory(const string &path) const { ++ // We do not use makeDirTree() here. If an attacker creates a directory ++ // just before we do, then we want to abort because we want the directory ++ // to have specific permissions. ++ if (mkdir(path.c_str(), parseModeString("u=rwx,g=rx,o=rx")) == -1) { ++ int e = errno; ++ throw FileSystemException("Cannot create server instance directory '" + ++ path + "'", e, path); ++ } ++ // verifyDirectoryPermissions() checks for the owner/group so we must make ++ // sure the server instance directory has that owner/group, even when the ++ // parent directory has setgid on. ++ if (chown(path.c_str(), geteuid(), getegid()) == -1) { ++ int e = errno; ++ throw FileSystemException("Cannot change the permissions of the server " ++ "instance directory '" + path + "'", e, path); ++ } ++ } ++ ++ /** ++ * When reusing an existing server instance directory, check permissions ++ * so that an attacker cannot pre-create a directory with too liberal ++ * permissions. ++ */ ++ void verifyDirectoryPermissions(const string &path) { ++ TRACE_POINT(); ++ struct stat buf; ++ ++ if (stat(path.c_str(), &buf) == -1) { ++ int e = errno; ++ throw FileSystemException("Cannot stat() " + path, e, path); ++ } else if (buf.st_mode != (S_IFDIR | parseModeString("u=rwx,g=rx,o=rx"))) { ++ throw RuntimeException("Tried to reuse existing server instance directory " + ++ path + ", but it has wrong permissions"); ++ } else if (buf.st_uid != geteuid() || buf.st_gid != getegid()) { ++ /* The server instance directory is always created by the Watchdog. Its UID/GID never ++ * changes because: ++ * 1. Disabling user switching only lowers the privilege of the HelperAgent. ++ * 2. For the UID/GID to change, the web server must be completely restarted ++ * (not just graceful reload) so that the control process can change its UID/GID. ++ * This causes the PID to change, so that an entirely new server instance ++ * directory is created. ++ */ ++ throw RuntimeException("Tried to reuse existing server instance directory " + ++ path + ", but it has wrong owner and group"); ++ } + } + + bool isDirectory(const string &dir, struct dirent *entry) const { +--- passenger-release-3.0.21.orig/NEWS 2013-05-29 07:09:31.000000000 -0500 ++++ passenger-release-3.0.21.orig/NEWS 2013-07-18 08:58:30.943558375 -0500 +@@ -8,6 +8,7 @@ Release 3.0.21 + * Catch exceptions raised by Rack application objects. + * Fix for CVE-2013-2119. Details can be found in the announcement for version 4.0.5. + * Version 3.0.20 was pulled because its fixes were incomplete. ++ * Fix for CVE-2013-4136. Details can be found in the announcement for version 4.0.8. + + + Release 3.0.19 +--- passenger-release-3.0.21.orig/test/cxx/ServerInstanceDirTest.cpp 2013-05-29 07:09:31.000000000 -0500 ++++ passenger-release-3.0.21.orig/test/cxx/ServerInstanceDirTest.cpp 2013-07-18 09:09:50.898433782 -0500 +@@ -73,9 +73,11 @@ namespace tut { + } + + TEST_METHOD(5) { +- // The destructor doesnn't remove the server instance directory if it ++ // The destructor doesn't remove the server instance directory if it + // wasn't created with the ownership flag or if it's been detached. + string path, path2; ++ makeDirTree(parentDir + "/passenger-test.1234"); ++ makeDirTree(parentDir + "/passenger-test.5678"); + { + ServerInstanceDir dir(1234, parentDir, false); + ServerInstanceDir dir2(5678, parentDir); diff --git a/www-apache/passenger/passenger-3.0.21-r1.ebuild b/www-apache/passenger/passenger-3.0.21-r1.ebuild new file mode 100644 index 000000000000..95872631a5a2 --- /dev/null +++ b/www-apache/passenger/passenger-3.0.21-r1.ebuild @@ -0,0 +1,100 @@ +# Copyright 1999-2013 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/www-apache/passenger/passenger-3.0.21-r1.ebuild,v 1.1 2013/10/05 14:17:38 graaff Exp $ + +EAPI=5 +USE_RUBY="ruby18 ruby19" + +inherit apache-module flag-o-matic ruby-ng toolchain-funcs + +DESCRIPTION="Passenger (a.k.a. mod_rails) makes deployment of Ruby on Rails applications a breeze" +HOMEPAGE="http://modrails.com/" +SRC_URI="mirror://rubyforge/${PN}/${P}.tar.gz" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~amd64 ~x86" +IUSE="debug doc" + +ruby_add_bdepend "dev-ruby/rake" + +ruby_add_rdepend " + >=dev-ruby/daemon_controller-1.0.0 + >=dev-ruby/rack-1.0.0" + +USE_RUBY="ruby18" ruby_add_rdepend ">=dev-ruby/fastthread-1.0.1" + +CDEPEND=">=dev-libs/libev-3.90 net-misc/curl[ssl]" + +RDEPEND="${RDEPEND} ${CDEPEND}" +DEPEND="${DEPEND} ${CDEPEND} + doc? ( >=app-text/asciidoc-8.6.5[highlight] )" + +APACHE2_MOD_CONF="30_mod_${PN}-2.0.1 30_mod_${PN}" +APACHE2_MOD_DEFINE="PASSENGER" + +REQUIRED_USE+=" ruby_targets_ruby18? ( !ruby_targets_ruby19 ) + ruby_targets_ruby19? ( !ruby_targets_ruby18 )" + +need_apache2 + +pkg_setup() { + use debug && append-flags -DPASSENGER_DEBUG +} + +all_ruby_prepare() { + epatch "${FILESDIR}"/${PN}-3.0.8-gentoo.patch + epatch "${FILESDIR}"/${PN}-3.0.12-ldflags.patch + epatch "${FILESDIR}"/${P}-temp-file-usage.patch + + # Change these with sed instead of a patch so that we can easily use + # the toolchain-funcs methods. + sed -i -e "s/gcc/$(tc-getCC)/" -e "s/g++/$(tc-getCXX)/" build/config.rb || die + + # Use sed here so that we can dynamically set the documentation directory. + sed -i -e "s:/usr/share/doc/phusion-passenger:/usr/share/doc/${P}:" \ + -e "s:/usr/lib/apache2/modules/mod_passenger.so:${APACHE_MODULESDIR}/mod_passenger.so:" \ + -e "s:/usr/lib/phusion-passenger/agents:/usr/libexec/phusion-passenger/agents:" \ + lib/phusion_passenger.rb || die + sed -i -e "s:/usr/lib/phusion-passenger/agents:/usr/libexec/phusion-passenger/agents:" ext/common/ResourceLocator.h || die + + # Don't install a tool that won't work in our setup. + sed -i -e '/passenger-install-apache2-module/d' lib/phusion_passenger/packaging.rb || die + rm -f bin/passenger-install-apache2-module || die "Unable to remove unneeded install script." + + # Make sure we use the system-provided version. + rm -rf ext/libev || die "Unable to remove vendored libev." + + # fix automagic use of asciidoc, bug 413469 + sed -i -e '/fakeroot/ s/+ Packaging::ASCII_DOCS//' build/packaging.rb || die + + # The gempackagetask does not work with rubygems 2.0, but we don't + # need it the changed builder component. + sed -i -e '/rubygems\/builder/ s:^:#:' build/gempackagetask.rb || die +} + +each_ruby_compile() { + append-flags -fno-strict-aliasing + + APXS2="${APXS}" \ + HTTPD="${APACHE_BIN}" \ + USE_VENDORED_LIBEV="no" LIBEV_LIBS="-lev" \ + rake apache2 native_support || die "rake failed" + + if use doc; then + rake doc || die "rake doc failed" + fi +} + +each_ruby_install() { + DISTDIR="${D}" \ + APXS2="${APXS}" \ + HTTPD="${APACHE_BIN}" \ + USE_VENDORED_LIBEV="no" LIBEV_LIBS="-lev" \ + rake fakeroot || die "rake failed" + + # TODO: this will create a mess when multiple RUBY_TARGETS have been + # selected. + APACHE2_MOD_FILE="${S}/ext/apache2/mod_${PN}.so" + apache-module_src_install +} |