summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorHans de Graaff <graaff@gentoo.org>2013-10-05 14:17:38 +0000
committerHans de Graaff <graaff@gentoo.org>2013-10-05 14:17:38 +0000
commit5a9aaace41c40ec13bed0bbfc8d1caee74606bd7 (patch)
treea4d7ed6f96bd1ecea959367a51cc0701ecdf73fd /www-apache/passenger
parentVersion bump. (diff)
downloadgentoo-2-5a9aaace41c40ec13bed0bbfc8d1caee74606bd7.tar.gz
gentoo-2-5a9aaace41c40ec13bed0bbfc8d1caee74606bd7.tar.bz2
gentoo-2-5a9aaace41c40ec13bed0bbfc8d1caee74606bd7.zip
Fix security bug 477462 with a fix backported in redhat bug 985633.
(Portage version: 2.2.1/cvs/Linux x86_64, signed Manifest commit with key 0x8883FA56A308A8D7!)
Diffstat (limited to 'www-apache/passenger')
-rw-r--r--www-apache/passenger/ChangeLog8
-rw-r--r--www-apache/passenger/files/passenger-3.0.21-temp-file-usage.patch140
-rw-r--r--www-apache/passenger/passenger-3.0.21-r1.ebuild100
3 files changed, 247 insertions, 1 deletions
diff --git a/www-apache/passenger/ChangeLog b/www-apache/passenger/ChangeLog
index 3748e1f5cef4..1f9c72eb0a1e 100644
--- a/www-apache/passenger/ChangeLog
+++ b/www-apache/passenger/ChangeLog
@@ -1,6 +1,12 @@
# ChangeLog for www-apache/passenger
# Copyright 1999-2013 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/www-apache/passenger/ChangeLog,v 1.70 2013/10/05 13:29:23 graaff Exp $
+# $Header: /var/cvsroot/gentoo-x86/www-apache/passenger/ChangeLog,v 1.71 2013/10/05 14:17:38 graaff Exp $
+
+*passenger-3.0.21-r1 (05 Oct 2013)
+
+ 05 Oct 2013; Hans de Graaff <graaff@gentoo.org> +passenger-3.0.21-r1.ebuild,
+ +files/passenger-3.0.21-temp-file-usage.patch:
+ Fix security bug 477462 with a fix backported in redhat bug 985633.
*passenger-4.0.18 (05 Oct 2013)
diff --git a/www-apache/passenger/files/passenger-3.0.21-temp-file-usage.patch b/www-apache/passenger/files/passenger-3.0.21-temp-file-usage.patch
new file mode 100644
index 000000000000..54f227f78c6b
--- /dev/null
+++ b/www-apache/passenger/files/passenger-3.0.21-temp-file-usage.patch
@@ -0,0 +1,140 @@
+--- passenger-release-3.0.21.orig/ext/common/LoggingAgent/Main.cpp 2013-05-29 07:09:31.000000000 -0500
++++ passenger-release-3.0.21.orig/ext/common/LoggingAgent/Main.cpp 2013-07-18 09:35:47.514433743 -0500
+@@ -265,11 +265,6 @@ main(int argc, char *argv[]) {
+ ev::sig sigtermWatcher(eventLoop);
+ ev::sig sigquitWatcher(eventLoop);
+
+- if (feedbackFdAvailable()) {
+- feedbackFdWatcher.set<&feedbackFdBecameReadable>();
+- feedbackFdWatcher.start(FEEDBACK_FD, ev::READ);
+- writeArrayMessage(FEEDBACK_FD, "initialized", NULL);
+- }
+ sigintWatcher.set<&caughtExitSignal>();
+ sigintWatcher.start(SIGINT);
+ sigtermWatcher.set<&caughtExitSignal>();
+@@ -281,6 +276,11 @@ main(int argc, char *argv[]) {
+ /********** Initialized! Enter main loop... **********/
+
+ P_DEBUG("Logging agent online, listening at " << socketAddress);
++ if (feedbackFdAvailable()) {
++ feedbackFdWatcher.set<&feedbackFdBecameReadable>();
++ feedbackFdWatcher.start(FEEDBACK_FD, ev::READ);
++ writeArrayMessage(FEEDBACK_FD, "initialized", NULL);
++ }
+ ev_loop(eventLoop, 0);
+ return exitCode;
+ } catch (const tracable_exception &e) {
+--- passenger-release-3.0.21.orig/ext/common/ServerInstanceDir.h 2013-05-29 07:09:31.000000000 -0500
++++ passenger-release-3.0.21.orig/ext/common/ServerInstanceDir.h 2013-07-18 09:38:54.431808622 -0500
+@@ -30,6 +30,7 @@
+ #include <oxt/backtrace.hpp>
+
+ #include <sys/types.h>
++#include <sys/stat.h>
+ #include <dirent.h>
+ #include <unistd.h>
+ #include <pwd.h>
+@@ -38,6 +39,7 @@
+ #include <cstring>
+ #include <string>
+
++#include <Logging.h>
+ #include "Exceptions.h"
+ #include "Utils.h"
+ #include "Utils/StrIntUtils.h"
+@@ -217,7 +219,69 @@ private:
+ * rights though, because we want admin tools to be able to list the available
+ * generations no matter what user they're running as.
+ */
+- makeDirTree(path, "u=rwxs,g=rx,o=rx");
++ if (owner) {
++ switch (getFileType(path)) {
++ case FT_NONEXISTANT:
++ createDirectory(path);
++ break;
++ case FT_DIRECTORY:
++ verifyDirectoryPermissions(path);
++ break;
++ default:
++ throw RuntimeException("'" + path + "' already exists, and is not a directory");
++ }
++ } else if (getFileType(path) != FT_DIRECTORY) {
++ throw RuntimeException("Server instance directory '" + path +
++ "' does not exist");
++ }
++ }
++
++ void createDirectory(const string &path) const {
++ // We do not use makeDirTree() here. If an attacker creates a directory
++ // just before we do, then we want to abort because we want the directory
++ // to have specific permissions.
++ if (mkdir(path.c_str(), parseModeString("u=rwx,g=rx,o=rx")) == -1) {
++ int e = errno;
++ throw FileSystemException("Cannot create server instance directory '" +
++ path + "'", e, path);
++ }
++ // verifyDirectoryPermissions() checks for the owner/group so we must make
++ // sure the server instance directory has that owner/group, even when the
++ // parent directory has setgid on.
++ if (chown(path.c_str(), geteuid(), getegid()) == -1) {
++ int e = errno;
++ throw FileSystemException("Cannot change the permissions of the server "
++ "instance directory '" + path + "'", e, path);
++ }
++ }
++
++ /**
++ * When reusing an existing server instance directory, check permissions
++ * so that an attacker cannot pre-create a directory with too liberal
++ * permissions.
++ */
++ void verifyDirectoryPermissions(const string &path) {
++ TRACE_POINT();
++ struct stat buf;
++
++ if (stat(path.c_str(), &buf) == -1) {
++ int e = errno;
++ throw FileSystemException("Cannot stat() " + path, e, path);
++ } else if (buf.st_mode != (S_IFDIR | parseModeString("u=rwx,g=rx,o=rx"))) {
++ throw RuntimeException("Tried to reuse existing server instance directory " +
++ path + ", but it has wrong permissions");
++ } else if (buf.st_uid != geteuid() || buf.st_gid != getegid()) {
++ /* The server instance directory is always created by the Watchdog. Its UID/GID never
++ * changes because:
++ * 1. Disabling user switching only lowers the privilege of the HelperAgent.
++ * 2. For the UID/GID to change, the web server must be completely restarted
++ * (not just graceful reload) so that the control process can change its UID/GID.
++ * This causes the PID to change, so that an entirely new server instance
++ * directory is created.
++ */
++ throw RuntimeException("Tried to reuse existing server instance directory " +
++ path + ", but it has wrong owner and group");
++ }
+ }
+
+ bool isDirectory(const string &dir, struct dirent *entry) const {
+--- passenger-release-3.0.21.orig/NEWS 2013-05-29 07:09:31.000000000 -0500
++++ passenger-release-3.0.21.orig/NEWS 2013-07-18 08:58:30.943558375 -0500
+@@ -8,6 +8,7 @@ Release 3.0.21
+ * Catch exceptions raised by Rack application objects.
+ * Fix for CVE-2013-2119. Details can be found in the announcement for version 4.0.5.
+ * Version 3.0.20 was pulled because its fixes were incomplete.
++ * Fix for CVE-2013-4136. Details can be found in the announcement for version 4.0.8.
+
+
+ Release 3.0.19
+--- passenger-release-3.0.21.orig/test/cxx/ServerInstanceDirTest.cpp 2013-05-29 07:09:31.000000000 -0500
++++ passenger-release-3.0.21.orig/test/cxx/ServerInstanceDirTest.cpp 2013-07-18 09:09:50.898433782 -0500
+@@ -73,9 +73,11 @@ namespace tut {
+ }
+
+ TEST_METHOD(5) {
+- // The destructor doesnn't remove the server instance directory if it
++ // The destructor doesn't remove the server instance directory if it
+ // wasn't created with the ownership flag or if it's been detached.
+ string path, path2;
++ makeDirTree(parentDir + "/passenger-test.1234");
++ makeDirTree(parentDir + "/passenger-test.5678");
+ {
+ ServerInstanceDir dir(1234, parentDir, false);
+ ServerInstanceDir dir2(5678, parentDir);
diff --git a/www-apache/passenger/passenger-3.0.21-r1.ebuild b/www-apache/passenger/passenger-3.0.21-r1.ebuild
new file mode 100644
index 000000000000..95872631a5a2
--- /dev/null
+++ b/www-apache/passenger/passenger-3.0.21-r1.ebuild
@@ -0,0 +1,100 @@
+# Copyright 1999-2013 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/www-apache/passenger/passenger-3.0.21-r1.ebuild,v 1.1 2013/10/05 14:17:38 graaff Exp $
+
+EAPI=5
+USE_RUBY="ruby18 ruby19"
+
+inherit apache-module flag-o-matic ruby-ng toolchain-funcs
+
+DESCRIPTION="Passenger (a.k.a. mod_rails) makes deployment of Ruby on Rails applications a breeze"
+HOMEPAGE="http://modrails.com/"
+SRC_URI="mirror://rubyforge/${PN}/${P}.tar.gz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~amd64 ~x86"
+IUSE="debug doc"
+
+ruby_add_bdepend "dev-ruby/rake"
+
+ruby_add_rdepend "
+ >=dev-ruby/daemon_controller-1.0.0
+ >=dev-ruby/rack-1.0.0"
+
+USE_RUBY="ruby18" ruby_add_rdepend ">=dev-ruby/fastthread-1.0.1"
+
+CDEPEND=">=dev-libs/libev-3.90 net-misc/curl[ssl]"
+
+RDEPEND="${RDEPEND} ${CDEPEND}"
+DEPEND="${DEPEND} ${CDEPEND}
+ doc? ( >=app-text/asciidoc-8.6.5[highlight] )"
+
+APACHE2_MOD_CONF="30_mod_${PN}-2.0.1 30_mod_${PN}"
+APACHE2_MOD_DEFINE="PASSENGER"
+
+REQUIRED_USE+=" ruby_targets_ruby18? ( !ruby_targets_ruby19 )
+ ruby_targets_ruby19? ( !ruby_targets_ruby18 )"
+
+need_apache2
+
+pkg_setup() {
+ use debug && append-flags -DPASSENGER_DEBUG
+}
+
+all_ruby_prepare() {
+ epatch "${FILESDIR}"/${PN}-3.0.8-gentoo.patch
+ epatch "${FILESDIR}"/${PN}-3.0.12-ldflags.patch
+ epatch "${FILESDIR}"/${P}-temp-file-usage.patch
+
+ # Change these with sed instead of a patch so that we can easily use
+ # the toolchain-funcs methods.
+ sed -i -e "s/gcc/$(tc-getCC)/" -e "s/g++/$(tc-getCXX)/" build/config.rb || die
+
+ # Use sed here so that we can dynamically set the documentation directory.
+ sed -i -e "s:/usr/share/doc/phusion-passenger:/usr/share/doc/${P}:" \
+ -e "s:/usr/lib/apache2/modules/mod_passenger.so:${APACHE_MODULESDIR}/mod_passenger.so:" \
+ -e "s:/usr/lib/phusion-passenger/agents:/usr/libexec/phusion-passenger/agents:" \
+ lib/phusion_passenger.rb || die
+ sed -i -e "s:/usr/lib/phusion-passenger/agents:/usr/libexec/phusion-passenger/agents:" ext/common/ResourceLocator.h || die
+
+ # Don't install a tool that won't work in our setup.
+ sed -i -e '/passenger-install-apache2-module/d' lib/phusion_passenger/packaging.rb || die
+ rm -f bin/passenger-install-apache2-module || die "Unable to remove unneeded install script."
+
+ # Make sure we use the system-provided version.
+ rm -rf ext/libev || die "Unable to remove vendored libev."
+
+ # fix automagic use of asciidoc, bug 413469
+ sed -i -e '/fakeroot/ s/+ Packaging::ASCII_DOCS//' build/packaging.rb || die
+
+ # The gempackagetask does not work with rubygems 2.0, but we don't
+ # need it the changed builder component.
+ sed -i -e '/rubygems\/builder/ s:^:#:' build/gempackagetask.rb || die
+}
+
+each_ruby_compile() {
+ append-flags -fno-strict-aliasing
+
+ APXS2="${APXS}" \
+ HTTPD="${APACHE_BIN}" \
+ USE_VENDORED_LIBEV="no" LIBEV_LIBS="-lev" \
+ rake apache2 native_support || die "rake failed"
+
+ if use doc; then
+ rake doc || die "rake doc failed"
+ fi
+}
+
+each_ruby_install() {
+ DISTDIR="${D}" \
+ APXS2="${APXS}" \
+ HTTPD="${APACHE_BIN}" \
+ USE_VENDORED_LIBEV="no" LIBEV_LIBS="-lev" \
+ rake fakeroot || die "rake failed"
+
+ # TODO: this will create a mess when multiple RUBY_TARGETS have been
+ # selected.
+ APACHE2_MOD_FILE="${S}/ext/apache2/mod_${PN}.so"
+ apache-module_src_install
+}