passenger 5.0.30 → 5.1.0

data/src/nginx_module/LocationConfig.h.cxxcodebuilder

@@ -23,13 +23,13 @@
 #  THE SOFTWARE.
 
 # This file uses the cxxcodebuilder API. Learn more at:
-# https://github.com/phusion/passenger/cxxcodebuilder
+# https://github.com/phusion/cxxcodebuilder
 
 require 'phusion_passenger/nginx/config_options'
 
 def main
   set_indent_string '    '
-  comment copyright_header_for(__FILE__)
+  comment copyright_header_for(__FILE__), 1
 
   separator
 

data/src/nginx_module/MergeLocationConfig.c

@@ -1,27 +1,27 @@
 /*
- * Phusion Passenger - https://www.phusionpassenger.com/
- * Copyright (c) 2010-2016 Phusion Holding B.V.
+ *  Phusion Passenger - https://www.phusionpassenger.com/
+ *  Copyright (c) 2010-2016 Phusion Holding B.V.
  *
- * "Passenger", "Phusion Passenger" and "Union Station" are registered
- * trademarks of Phusion Holding B.V.
+ *  "Passenger", "Phusion Passenger" and "Union Station" are registered
+ *  trademarks of Phusion Holding B.V.
  *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
+ *  Permission is hereby granted, free of charge, to any person obtaining a copy
+ *  of this software and associated documentation files (the "Software"), to deal
+ *  in the Software without restriction, including without limitation the rights
+ *  to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ *  copies of the Software, and to permit persons to whom the Software is
+ *  furnished to do so, subject to the following conditions:
  *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
+ *  The above copyright notice and this permission notice shall be included in
+ *  all copies or substantial portions of the Software.
  *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
- * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
+ *  THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ *  IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ *  FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ *  AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ *  LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ *  OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ *  THE SOFTWARE.
  */
 
 /*
@@ -48,6 +48,12 @@ generated_merge_part(passenger_loc_conf_t *conf, passenger_loc_conf_t *prev, ngx
     ngx_conf_merge_uint_value(conf->core_file_descriptor_ulimit,
         prev->core_file_descriptor_ulimit,
         NGX_CONF_UNSET_UINT);
+    ngx_conf_merge_value(conf->disable_security_update_check,
+        prev->disable_security_update_check,
+        NGX_CONF_UNSET);
+    ngx_conf_merge_str_value(conf->security_update_check_proxy,
+        prev->security_update_check_proxy,
+        NULL);
     ngx_conf_merge_uint_value(conf->app_file_descriptor_ulimit,
         prev->app_file_descriptor_ulimit,
         NGX_CONF_UNSET_UINT);

data/src/nginx_module/MergeLocationConfig.c.cxxcodebuilder

@@ -23,13 +23,13 @@
 #  THE SOFTWARE.
 
 # This file uses the cxxcodebuilder API. Learn more at:
-# https://github.com/phusion/passenger/cxxcodebuilder
+# https://github.com/phusion/cxxcodebuilder
 
 require 'phusion_passenger/nginx/config_options'
 
 def main
   set_indent_string '    '
-  comment copyright_header_for(__FILE__)
+  comment copyright_header_for(__FILE__), 1
 
   separator
 

data/src/nginx_module/ngx_http_passenger_module.c

@@ -52,6 +52,7 @@
 #include "ContentHandler.h"
 #include "cxx_supportlib/Constants.h"
 #include "cxx_supportlib/vendor-modified/modp_b64.cpp" /* File is C compatible. */
+#include "cxx_supportlib/vendor-modified/modp_b64_strict_aliasing.cpp" /* File is C compatible. */
 
 
 static int                first_start = 1;
@@ -93,7 +94,7 @@ psg_variant_map_set_ngx_str(PsgVariantMap *m,
 
 /**
  * Save the Nginx master process's PID into a file in the instance directory.
- * This PID file isn't currently used, but it might be useful for future tooling.
+ * This PID file is used in the `passenger-config reopen-logs` command.
  *
  * The master process's PID is already passed to the Watchdog through the
  * "web_server_control_process_pid" property, but that isn't enough. The Watchdog
@@ -107,7 +108,7 @@ save_master_process_pid(ngx_cycle_t *cycle) {
     u_char *last;
     FILE *f;
 
-    last = ngx_snprintf(filename, sizeof(filename) - 1, "%s/web_server_control_process.pid",
+    last = ngx_snprintf(filename, sizeof(filename) - 1, "%s/web_server_info/control_process.pid",
                         psg_watchdog_launcher_get_instance_dir(psg_watchdog_launcher, NULL));
     *last = (u_char) '\0';
 
@@ -255,6 +256,7 @@ start_watchdog(ngx_cycle_t *cycle) {
 
     psg_variant_map_set_int    (params, "web_server_control_process_pid", getpid());
     psg_variant_map_set        (params, "server_software", NGINX_VER, strlen(NGINX_VER));
+    psg_variant_map_set        (params, "server_version", NGINX_VERSION, strlen(NGINX_VERSION));
     psg_variant_map_set_bool   (params, "multi_app", 1);
     psg_variant_map_set_bool   (params, "load_shell_envvars", 1);
     psg_variant_map_set_int    (params, "log_level", passenger_main_conf.log_level);
@@ -262,6 +264,8 @@ start_watchdog(ngx_cycle_t *cycle) {
     psg_variant_map_set_int    (params, "socket_backlog", passenger_main_conf.socket_backlog);
     psg_variant_map_set_ngx_str(params, "data_buffer_dir", &passenger_main_conf.data_buffer_dir);
     psg_variant_map_set_ngx_str(params, "instance_registry_dir", &passenger_main_conf.instance_registry_dir);
+    psg_variant_map_set_bool   (params, "disable_security_update_check", passenger_main_conf.disable_security_update_check);
+    psg_variant_map_set_ngx_str(params, "security_update_check_proxy", &passenger_main_conf.security_update_check_proxy);
     psg_variant_map_set_bool   (params, "user_switching", passenger_main_conf.user_switching);
     psg_variant_map_set_bool   (params, "show_version_in_header", passenger_main_conf.show_version_in_header);
     psg_variant_map_set_bool   (params, "turbocaching", passenger_main_conf.turbocaching);
@@ -319,12 +323,12 @@ start_watchdog(ngx_cycle_t *cycle) {
         goto cleanup;
     }
 
-    /* Create the file instance_dir + "/web_server_control_process.pid"
+    /* Create the file instance_dir + "/web_server_info/control_process.pid"
      * and make it writable by the worker processes. This is because
      * save_master_process_pid is run after Nginx has lowered privileges.
      */
     last = ngx_snprintf(filename, sizeof(filename) - 1,
-                        "%s/web_server_control_process.pid",
+                        "%s/web_server_info/control_process.pid",
                         psg_watchdog_launcher_get_instance_dir(psg_watchdog_launcher, NULL));
     *last = (u_char) '\0';
     if (create_file(cycle, filename, (const u_char *) "", 0) != NGX_OK) {

data/src/ruby_supportlib/phusion_passenger.rb

@@ -31,10 +31,10 @@ module PhusionPassenger
 
   PACKAGE_NAME = 'passenger'
   # Run 'rake src/cxx_supportlib/Constants.h' after changing this number.
-  VERSION_STRING = '5.0.30'
+  VERSION_STRING = '5.1.0'
 
-  PREFERRED_NGINX_VERSION = '1.10.1'
-  NGINX_SHA256_CHECKSUM = '1fd35846566485e03c0e318989561c135c598323ff349c503a6c14826487a801'
+  PREFERRED_NGINX_VERSION = '1.10.2'
+  NGINX_SHA256_CHECKSUM = '1045ac4987a396e2fa5d0011daf8987b612dd2f05181b67507da68cbe7d765c2'
 
   PREFERRED_PCRE_VERSION  = '8.39'
   PCRE_SHA256_CHECKSUM = 'ccdf7e788769838f8285b3ee672ed573358202305ee361cfec7a4a4fb005bbc7'
@@ -320,7 +320,12 @@ private
     end
     if home.nil? || home.empty?
       require 'etc' if !defined?(Etc)
-      home = Etc.getpwuid(Process.uid).dir
+      begin
+        home = Etc.getpwuid(Process.uid).dir
+      rescue ArgumentError
+        # Unknown user.
+        home = ENV['HOME']
+      end
     end
     return home
   end

data/src/ruby_supportlib/phusion_passenger/admin_tools/instance.rb

@@ -1,6 +1,6 @@
 # encoding: utf-8
 #  Phusion Passenger - https://www.phusionpassenger.com/
-#  Copyright (c) 2014-2015 Phusion Holding B.V.
+#  Copyright (c) 2014-2016 Phusion Holding B.V.
 #
 #  "Passenger", "Phusion Passenger" and "Union Station" are registered
 #  trademarks of Phusion Holding B.V.
@@ -120,7 +120,7 @@ module PhusionPassenger
       end
 
       def web_server_control_process_pid
-        File.read("#{@path}/web_server_control_process.pid").to_i
+        File.read("#{@path}/web_server_info/control_process.pid").to_i
       end
 
       def full_admin_password

data/src/ruby_supportlib/phusion_passenger/admin_tools/instance_registry.rb

@@ -31,7 +31,7 @@ module PhusionPassenger
 
     class InstanceRegistry
       def initialize(paths = nil)
-        @paths = [paths || default_paths].flatten
+        @paths = [paths || default_paths].flatten.uniq
       end
 
       def list(options = {})

data/src/ruby_supportlib/phusion_passenger/common_library.rb

@@ -27,6 +27,8 @@
 # executables. It's used by the build system (build/*.rb) and by
 # src/ruby_supportlib/phusion_passenger/config/nginx_engine_compiler.rb
 
+PhusionPassenger.require_passenger_lib 'platform_info/crypto'
+
 class CommonLibraryBuilder
   include Rake::DSL if defined?(Rake::DSL)
 
@@ -147,6 +149,8 @@ private
       optimize.sub!(/-flto/, "")
     end
 
+    extra_compiler_flags = "#{extra_compiler_flags} #{options[:cflags]}".strip
+
     define_c_or_cxx_object_compilation_task(
       object_file,
       source_file,
@@ -290,6 +294,10 @@ COMMON_LIBRARY = CommonLibraryBuilder.new do
   define_component 'Utils.o',
     :source   => 'Utils.cpp',
     :category => :base
+  define_component 'Crypto.o',
+    :source   => 'Crypto.cpp',
+    :category => :other,
+    :cflags   => PhusionPassenger::PlatformInfo.crypto_extra_cflags
   define_component 'Utils/CachedFileStat.o',
     :source   => 'Utils/CachedFileStat.cpp',
     :category => :other
@@ -334,6 +342,11 @@ COMMON_LIBRARY = CommonLibraryBuilder.new do
   define_component 'vendor-modified/modp_b64.o',
     :source   => 'vendor-modified/modp_b64.cpp',
     :category => :bas64,
+    :optimize => true,
+    :strict_aliasing => false
+  define_component 'vendor-modified/modp_b64_strict_aliasing.o',
+    :source   => 'vendor-modified/modp_b64_strict_aliasing.cpp',
+    :category => :bas64,
     :optimize => true
   define_component 'UnionStationFilterSupport.o',
     :source   => 'UnionStationFilterSupport.cpp',

data/src/ruby_supportlib/phusion_passenger/config/nginx_engine_compiler.rb

@@ -55,10 +55,13 @@ module PhusionPassenger
         result << "--without-http_fastcgi_module " \
           "--without-http_scgi_module " \
           "--without-http_uwsgi_module " \
+          "--with-ipv6 " \
+          "--with-http_ssl_module " \
+          "--with-http_v2_module " \
+          "--with-http_realip_module " \
           "--with-http_gzip_static_module " \
           "--with-http_stub_status_module " \
-          "--with-http_ssl_module " \
-          "--with-http_realip_module"
+          "--with-http_addition_module"
 
         result
       end

data/src/ruby_supportlib/phusion_passenger/constants.rb

@@ -96,7 +96,7 @@ module PhusionPassenger
     PASSENGER_API_VERSION_MAJOR = 0
     PASSENGER_API_VERSION_MINOR = 3
     PASSENGER_API_VERSION = "#{PASSENGER_API_VERSION_MAJOR}.#{PASSENGER_API_VERSION_MINOR}"
-    SERVER_INSTANCE_DIR_STRUCTURE_MAJOR_VERSION = 3
+    SERVER_INSTANCE_DIR_STRUCTURE_MAJOR_VERSION = 4
     SERVER_INSTANCE_DIR_STRUCTURE_MINOR_VERSION = 0
     SERVER_INSTANCE_DIR_STRUCTURE_MIN_SUPPORTED_MINOR_VERSION = 0
 

data/src/ruby_supportlib/phusion_passenger/nginx/config_options.rb

@@ -87,9 +87,9 @@
 
 LOCATION_CONFIGURATION_OPTIONS = [
   {
-    :name      => 'passenger_socket_backlog',
-    :type      => :integer,
-    :context   => [:main],
+    :name     => 'passenger_socket_backlog',
+    :type     => :integer,
+    :context  => [:main],
     :struct   => "NGX_HTTP_MAIN_CONF_OFFSET"
   },
   {
@@ -98,6 +98,18 @@ LOCATION_CONFIGURATION_OPTIONS = [
     :context  => [:main],
     :struct   => 'NGX_HTTP_MAIN_CONF_OFFSET'
   },
+  {
+    :name     => 'disable_security_update_check',
+    :type     => :flag,
+    :context  => [:main],
+    :struct   => "NGX_HTTP_MAIN_CONF_OFFSET"
+  },
+  {
+    :name     => 'security_update_check_proxy',
+    :type     => :string,
+    :context  => [:main],
+    :struct   => "NGX_HTTP_MAIN_CONF_OFFSET"
+  },
   {
     :name     => 'passenger_app_file_descriptor_ulimit',
     :type     => :uinteger

data/src/ruby_supportlib/phusion_passenger/platform_info/crypto.rb

@@ -0,0 +1,51 @@
+#  Phusion Passenger - https://www.phusionpassenger.com/
+#  Copyright (c) 2010-2016 Phusion Holding B.V.
+#
+#  "Passenger", "Phusion Passenger" and "Union Station" are registered
+#  trademarks of Phusion Holding B.V.
+#
+#  Permission is hereby granted, free of charge, to any person obtaining a copy
+#  of this software and associated documentation files (the "Software"), to deal
+#  in the Software without restriction, including without limitation the rights
+#  to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+#  copies of the Software, and to permit persons to whom the Software is
+#  furnished to do so, subject to the following conditions:
+#
+#  The above copyright notice and this permission notice shall be included in
+#  all copies or substantial portions of the Software.
+#
+#  THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+#  IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+#  FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+#  AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+#  LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+#  OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+#  THE SOFTWARE.
+
+PhusionPassenger.require_passenger_lib 'platform_info'
+PhusionPassenger.require_passenger_lib 'platform_info/operating_system'
+
+module PhusionPassenger
+
+  module PlatformInfo
+    def self.crypto_libs
+      if os_name_simple == "macosx"
+        return ' -framework CoreFoundation -framework Security'
+      else
+        return ' -lcrypto'
+      end
+    end
+    memoize :crypto_libs
+
+    def self.crypto_extra_cflags
+      if os_name_simple == "macosx"
+        return ' -Wno-deprecated-declarations'
+      else
+        return ''
+      end
+    end
+    memoize :crypto_extra_cflags
+
+  end
+
+end # module PhusionPassenger

data/src/ruby_supportlib/phusion_passenger/platform_info/depcheck_specs/apache2.rb

@@ -43,6 +43,13 @@ define 'apache2-dev' do
     end
   end
 
+  on :ubuntu do
+    if `#{PlatformInfo::uname_command} -a`.include? 'precise'
+      apt_get_install "apache2-threaded-dev"
+    else
+      apt_get_install "apache2-dev"
+    end
+  end
   on :debian do
     apt_get_install "apache2-threaded-dev"
   end

data/src/ruby_supportlib/phusion_passenger/standalone/config_options_list.rb

@@ -386,6 +386,13 @@ module PhusionPassenger
 
     # Request handling configuration options
     REQUEST_HANDLING_CONFIG_SPECS = [
+      {
+        :name      => :max_requests,
+        :type      => :integer,
+        :min       => 0,
+        :desc      => "Restart application processes that have handled\n" \
+                      "the specified maximum number of requests"
+      },
       {
         :name      => :max_request_time,
         :type      => :integer,
@@ -552,6 +559,16 @@ module PhusionPassenger
 
     # Advanced configuration options
     ADVANCED_CONFIG_SPECS = [
+      {
+        :name      => :disable_security_update_check,
+        :type      => :boolean,
+        :desc      => "Disable check for security updates"
+      },
+      {
+        :name      => :security_update_check_proxy,
+        :type_desc => 'NAME',
+        :desc      => "Use http/SOCKS proxy for the security update check"
+      },
       {
         :name      => :engine,
         :type_desc => 'NAME',

data/src/ruby_supportlib/phusion_passenger/standalone/start_command.rb

@@ -401,13 +401,15 @@ module PhusionPassenger
       end
 
       def touch_temp_dir_in_background
-        result = system(@agent_exe,
+        command = [@agent_exe,
           "temp-dir-toucher",
           @working_dir,
           "--cleanup",
           "--daemonize",
           "--pid-file", "#{@working_dir}/temp_dir_toucher.pid",
-          "--log-file", @options[:log_file])
+          "--log-file", @options[:log_file]]
+        command << "--user" << @options[:user] unless @options[:user].nil?
+        result = system(*command)
         if !result
           abort "Cannot start #{@agent_exe} temp-dir-toucher"
         end

data/src/ruby_supportlib/phusion_passenger/standalone/start_command/builtin_engine.rb

@@ -125,6 +125,7 @@ module PhusionPassenger
             command << " --default-user #{Shellwords.escape user}"
           end
 
+          # Arguments for supervised agent are between --BC/--EC and --BU/--EU
           command << " --BC"
           # The builtin engine cannot be used in combination with Mass Deployment,
           # so we know @apps always has 1 app.
@@ -158,6 +159,7 @@ module PhusionPassenger
           add_param(command, :max_request_queue_size, "--max-request-queue-size")
           add_enterprise_param(command, :concurrency_model, "--concurrency-model")
           add_enterprise_param(command, :thread_count, "--app-thread-count")
+          add_param(command, :max_requests, "--max-requests")
           add_enterprise_param(command, :max_request_time, "--max-request-time")
           add_enterprise_param(command, :memory_limit, "--memory-limit")
           add_enterprise_flag_param(command, :rolling_restarts, "--rolling-restarts")
@@ -175,6 +177,8 @@ module PhusionPassenger
           add_param(command, :meteor_app_settings, "--meteor-app-settings")
           add_param(command, :core_file_descriptor_ulimit, "--core-file-descriptor-ulimit")
           add_param(command, :app_file_descriptor_ulimit, "--app-file-descriptor-ulimit")
+          add_param(command, :disable_security_update_check, "--disable-security-update-check")
+          add_param(command, :security_update_check_proxy, "--security-update-check-proxy")
 
           command << " #{Shellwords.escape(@apps[0][:root])}"
 

data/src/ruby_supportlib/phusion_passenger/standalone/start_command/nginx_engine.rb

@@ -30,6 +30,7 @@ PhusionPassenger.require_passenger_lib 'platform_info/ruby'
 PhusionPassenger.require_passenger_lib 'standalone/control_utils'
 PhusionPassenger.require_passenger_lib 'utils/tmpio'
 PhusionPassenger.require_passenger_lib 'utils/shellwords'
+PhusionPassenger.require_passenger_lib 'utils/json'
 
 module PhusionPassenger
   module Standalone
@@ -263,6 +264,10 @@ module PhusionPassenger
           val ? "on" : "off"
         end
 
+        def json_config_value(value)
+          value.is_a?(Hash) || value.is_a?(Array) ? Utils::JSON.generate(value) : value
+        end
+
         def include_passenger_internal_template(name, indent = 0, fix_existing_indenting = true, the_binding = get_binding)
           path = "#{PhusionPassenger.resources_dir}/templates/standalone/#{name}"
           erb = ERB.new(File.read(path), nil, "-", next_eoutvar)