RubyGems - passenger - Versions diffs - 5.3.1 → 5.3.2 - Mend

passenger 5.3.1 → 5.3.2

Files changed (65) hide show

checksums.yaml +4 -4
data/CHANGELOG +19 -0
data/build/cxx_tests.rb +3 -1
data/build/support/cxx_dependency_map.rb +120 -27
data/dev/configkit-schemas/index.json +15 -3
data/src/agent/Core/AdminPanelConnector.h +5 -2
data/src/agent/Core/ApplicationPool/Group/StateInspection.cpp +2 -0
data/src/agent/Core/Config.h +2 -1
data/src/agent/Core/Controller/Config.h +6 -1
data/src/agent/Core/Controller/InitRequest.cpp +6 -1
data/src/agent/Core/CoreMain.cpp +26 -60
data/src/agent/Core/SpawningKit/DirectSpawner.h +18 -6
data/src/agent/Core/SpawningKit/ErrorRenderer.h +8 -8
data/src/agent/Core/SpawningKit/Handshake/Perform.h +217 -61
data/src/agent/Core/SpawningKit/Handshake/Prepare.h +57 -8
data/src/agent/Core/SpawningKit/Handshake/Session.h +34 -1
data/src/agent/Core/SpawningKit/Handshake/WorkDir.h +20 -4
data/src/agent/Core/SpawningKit/SmartSpawner.h +90 -27
data/src/agent/ExecHelper/ExecHelperMain.cpp +3 -0
data/src/agent/Shared/ApiAccountUtils.h +2 -2
data/src/agent/SpawnEnvSetupper/SpawnEnvSetupperMain.cpp +14 -4
data/src/agent/Watchdog/Config.h +2 -1
data/src/agent/Watchdog/WatchdogMain.cpp +38 -0
data/src/apache2_module/Hooks.cpp +1 -0
data/src/cxx_supportlib/ConfigKit/IN_PRACTICE.md +1 -1
data/src/cxx_supportlib/ConfigKit/README.md +1 -1
data/src/cxx_supportlib/Constants.h +6 -1
data/src/cxx_supportlib/FileTools/FileManip.cpp +34 -2
data/src/cxx_supportlib/FileTools/FileManip.h +58 -1
data/src/cxx_supportlib/FileTools/PathManip.cpp +3 -2
data/src/cxx_supportlib/FileTools/PathSecurityCheck.cpp +99 -0
data/src/cxx_supportlib/FileTools/PathSecurityCheck.h +69 -0
data/src/cxx_supportlib/Utils.cpp +37 -6
data/src/cxx_supportlib/Utils.h +6 -0
data/src/cxx_supportlib/Utils/AsyncSignalSafeUtils.h +14 -0
data/src/cxx_supportlib/Utils/IOUtils.cpp +10 -18
data/src/cxx_supportlib/Utils/IOUtils.h +10 -9
data/src/cxx_supportlib/Utils/JsonUtils.h +12 -8
data/src/cxx_supportlib/Utils/SystemMetricsCollector.h +4 -4
data/src/cxx_supportlib/Utils/SystemTime.h +1 -1
data/src/cxx_supportlib/WebSocketCommandReverseServer.h +3 -3
data/src/cxx_supportlib/oxt/system_calls.cpp +25 -1
data/src/cxx_supportlib/oxt/system_calls.hpp +3 -1
data/src/helper-scripts/meteor-loader.rb +115 -28
data/src/helper-scripts/rack-preloader.rb +1 -1
data/src/nginx_module/ConfigGeneral/AutoGeneratedDefinitions.c +4 -4
data/src/nginx_module/ConfigGeneral/AutoGeneratedSetterFuncs.c +4 -4
data/src/nginx_module/LocationConfig/AutoGeneratedCreateFunction.c +0 -10
data/src/nginx_module/LocationConfig/AutoGeneratedHeaderSerialization.c +0 -42
data/src/nginx_module/LocationConfig/AutoGeneratedMergeFunction.c +0 -6
data/src/nginx_module/LocationConfig/AutoGeneratedStruct.h +0 -8
data/src/nginx_module/MainConfig/AutoGeneratedCreateFunction.c +10 -0
data/src/nginx_module/MainConfig/AutoGeneratedManifestGeneration.c +22 -0
data/src/nginx_module/MainConfig/AutoGeneratedStruct.h +8 -0
data/src/nginx_module/ngx_http_passenger_module.c +6 -5
data/src/ruby_supportlib/phusion_passenger.rb +1 -1
data/src/ruby_supportlib/phusion_passenger/apache2/config_options.rb +0 -1
data/src/ruby_supportlib/phusion_passenger/common_library.rb +3 -0
data/src/ruby_supportlib/phusion_passenger/config/installation_utils.rb +3 -3
data/src/ruby_supportlib/phusion_passenger/constants.rb +5 -0
data/src/ruby_supportlib/phusion_passenger/nginx/config_options.rb +4 -2
data/src/ruby_supportlib/phusion_passenger/platform_info.rb +3 -3
data/src/ruby_supportlib/phusion_passenger/request_handler.rb +1 -1
data/src/ruby_supportlib/phusion_passenger/vendor/daemon_controller.rb +1 -1
metadata +4 -2

data/src/nginx_module/MainConfig/AutoGeneratedStruct.h CHANGED

@@ -40,10 +40,12 @@
 typedef struct {
     ngx_flag_t abort_on_startup_error;
+    ngx_uint_t app_file_descriptor_ulimit;
     ngx_uint_t core_file_descriptor_ulimit;
     ngx_array_t *ctl;
     ngx_flag_t disable_security_update_check;
     ngx_uint_t log_level;
+    ngx_uint_t max_instances_per_app;
     ngx_uint_t max_pool_size;
     ngx_uint_t pool_idle_time;
     ngx_array_t *prestart_uris;
@@ -72,6 +74,7 @@ typedef struct {
     ngx_str_t admin_panel_password_source_file;
     ngx_str_t admin_panel_url_source_file;
     ngx_str_t admin_panel_username_source_file;
+    ngx_str_t app_file_descriptor_ulimit_source_file;
     ngx_str_t core_file_descriptor_ulimit_source_file;
     ngx_str_t ctl_source_file;
     ngx_str_t data_buffer_dir_source_file;
@@ -83,6 +86,7 @@ typedef struct {
     ngx_str_t instance_registry_dir_source_file;
     ngx_str_t log_file_source_file;
     ngx_str_t log_level_source_file;
+    ngx_str_t max_instances_per_app_source_file;
     ngx_str_t max_pool_size_source_file;
     ngx_str_t pool_idle_time_source_file;
     ngx_str_t prestart_uris_source_file;
@@ -100,6 +104,7 @@ typedef struct {
     ngx_uint_t admin_panel_password_source_line;
     ngx_uint_t admin_panel_url_source_line;
     ngx_uint_t admin_panel_username_source_line;
+    ngx_uint_t app_file_descriptor_ulimit_source_line;
     ngx_uint_t core_file_descriptor_ulimit_source_line;
     ngx_uint_t ctl_source_line;
     ngx_uint_t data_buffer_dir_source_line;
@@ -111,6 +116,7 @@ typedef struct {
     ngx_uint_t instance_registry_dir_source_line;
     ngx_uint_t log_file_source_line;
     ngx_uint_t log_level_source_line;
+    ngx_uint_t max_instances_per_app_source_line;
     ngx_uint_t max_pool_size_source_line;
     ngx_uint_t pool_idle_time_source_line;
     ngx_uint_t prestart_uris_source_line;
@@ -128,6 +134,7 @@ typedef struct {
     ngx_int_t admin_panel_password_explicitly_set;
     ngx_int_t admin_panel_url_explicitly_set;
     ngx_int_t admin_panel_username_explicitly_set;
+    ngx_int_t app_file_descriptor_ulimit_explicitly_set;
     ngx_int_t core_file_descriptor_ulimit_explicitly_set;
     ngx_int_t ctl_explicitly_set;
     ngx_int_t data_buffer_dir_explicitly_set;
@@ -139,6 +146,7 @@ typedef struct {
     ngx_int_t instance_registry_dir_explicitly_set;
     ngx_int_t log_file_explicitly_set;
     ngx_int_t log_level_explicitly_set;
+    ngx_int_t max_instances_per_app_explicitly_set;
     ngx_int_t max_pool_size_explicitly_set;
     ngx_int_t pool_idle_time_explicitly_set;
     ngx_int_t prestart_uris_explicitly_set;

data/src/nginx_module/ngx_http_passenger_module.c CHANGED

@@ -283,7 +283,7 @@ open_log_file_for_after_forking(AfterForkData *data, PsgJsonValue *log_target) {
 }
 static ngx_int_t
-create_file(ngx_cycle_t *cycle, const u_char *filename, const u_char *contents, size_t len) {
+create_file(ngx_cycle_t *cycle, const u_char *filename, const u_char *contents, size_t len, uid_t uid, gid_t gid) {
     FILE  *f;
     int    ret;
     size_t total_written = 0, written;
@@ -297,6 +297,9 @@ create_file(ngx_cycle_t *cycle, const u_char *filename, const u_char *contents,
         do {
             ret = fchmod(fileno(f), S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH);
         } while (ret == -1 && errno == EINTR);
+        do {
+            ret = fchown(fileno(f), uid, gid);
+        } while (ret == -1 && errno == EINTR);
         do {
             written = fwrite(contents + total_written, 1,
                 len - total_written, f);
@@ -372,6 +375,7 @@ start_watchdog(ngx_cycle_t *cycle) {
     psg_json_value_set_ngx_str_ne(w_config, "default_ruby", &passenger_main_conf.default_ruby);
     psg_json_value_set_ngx_uint  (w_config, "max_pool_size", autogenerated_main_conf->max_pool_size);
     psg_json_value_set_ngx_uint  (w_config, "pool_idle_time", autogenerated_main_conf->pool_idle_time);
+    psg_json_value_set_ngx_uint  (w_config, "max_instances_per_app", autogenerated_main_conf->max_instances_per_app);
     psg_json_value_set_ngx_uint  (w_config, "response_buffer_high_watermark", autogenerated_main_conf->response_buffer_high_watermark);
     psg_json_value_set_ngx_uint  (w_config, "stat_throttle_rate", autogenerated_main_conf->stat_throttle_rate);
     psg_json_value_set_ngx_str_ne(w_config, "admin_panel_url", &autogenerated_main_conf->admin_panel_url);
@@ -446,13 +450,10 @@ start_watchdog(ngx_cycle_t *cycle) {
                         "%s/web_server_info/control_process.pid",
                         psg_watchdog_launcher_get_instance_dir(psg_watchdog_launcher, NULL));
     *last = (u_char) '\0';
-    if (create_file(cycle, filename, (const u_char *) "", 0) != NGX_OK) {
+    if (create_file(cycle, filename, (const u_char *) "", 0, (uid_t) core_conf->user, (gid_t) -1) != NGX_OK) {
         result = NGX_ERROR;
         goto cleanup;
     }
-    do {
-        ret = chown((const char *) filename, (uid_t) core_conf->user, (gid_t) -1);
-    } while (ret == -1 && errno == EINTR);
     if (ret == -1) {
         result = NGX_ERROR;
         goto cleanup;

data/src/ruby_supportlib/phusion_passenger.rb CHANGED

@@ -31,7 +31,7 @@ module PhusionPassenger
   PACKAGE_NAME = 'passenger'
   # Run 'rake src/cxx_supportlib/Constants.h configkit_schemas_inline_comments' after changing this number.
-  VERSION_STRING = '5.3.1'
+  VERSION_STRING = '5.3.2'
   PREFERRED_NGINX_VERSION = '1.14.0'
   NGINX_SHA256_CHECKSUM = '5d15becbf69aba1fe33f8d416d97edd95ea8919ea9ac519eff9bafebb6022cb5'

data/src/ruby_supportlib/phusion_passenger/apache2/config_options.rb CHANGED

@@ -263,7 +263,6 @@ APACHE2_CONFIGURATION_OPTIONS = [
     :context   => :global,
     :min_value => 0,
     :default   => 0,
-    :header    => 'PASSENGER_MAX_PROCESSES',
     :desc      => 'The maximum number of simultaneously alive application instances a single application may occupy.'
   },
   {

data/src/ruby_supportlib/phusion_passenger/common_library.rb CHANGED

@@ -280,6 +280,9 @@ COMMON_LIBRARY = CommonLibraryBuilder.new do
   define_component 'FileTools/FileManip.o',
     :source   => 'FileTools/FileManip.cpp',
     :category => :base
+  define_component 'FileTools/PathSecurityCheck.o',
+    :source   => 'FileTools/PathSecurityCheck.cpp',
+    :category => :base
   define_component 'ProcessManagement/Spawn.o',
     :source   => 'ProcessManagement/Spawn.cpp',
     :category => :base

data/src/ruby_supportlib/phusion_passenger/config/installation_utils.rb CHANGED

@@ -1,7 +1,7 @@
 # encoding: utf-8
 #
 #  Phusion Passenger - https://www.phusionpassenger.com/
-#  Copyright (c) 2014-2017 Phusion Holding B.V.
+#  Copyright (c) 2014-2018 Phusion Holding B.V.
 #
 #  "Passenger", "Phusion Passenger" and "Union Station" are registered
 #  trademarks of Phusion Holding B.V.
@@ -227,7 +227,7 @@ module PhusionPassenger
       # When creating PhusionPassenger.support_binaries_dir, preserve the
       # parent directory's UID and GID. This way, running `passenger-config compile-agent`
-      # with sudo privileged, even though Phusion Passenger isn't installed as root,
+      # with sudo privilege, even though Phusion Passenger isn't installed as root,
       # won't mess up permissions.
       def mkdir_p_preserve_parent_owner(path)
         Pathname.new(path).descend do |subpath|
@@ -235,7 +235,7 @@ module PhusionPassenger
             stat = subpath.parent.stat
             Dir.mkdir(subpath.to_s)
             if Process.euid == 0
-              File.chown(stat.uid, stat.gid, subpath.to_s)
+              File.lchown(stat.uid, stat.gid, subpath.to_s)
             end
           end
         end

data/src/ruby_supportlib/phusion_passenger/constants.rb CHANGED

@@ -76,6 +76,11 @@ module PhusionPassenger
     MESSAGE_SERVER_MAX_USERNAME_SIZE = 100
     MESSAGE_SERVER_MAX_PASSWORD_SIZE = 100
     POOL_HELPER_THREAD_STACK_SIZE = 1024 * 256
+    SPAWNINGKIT_MAX_SUBPROCESS_ERROR_MESSAGE_SIZE = 1024 * 128
+    SPAWNINGKIT_MAX_SUBPROCESS_ENVDUMP_SIZE = 1024 * 128
+    SPAWNINGKIT_MAX_PROPERTIES_JSON_SIZE = 1024 * 32
+    SPAWNINGKIT_MAX_ERROR_CATEGORY_SIZE = 32
+    SPAWNINGKIT_MAX_JOURNEY_STEP_FILE_SIZE = 32
     # Small mbuf sizes avoid memory overhead (up to 1 blocksize per request), but
     # also introduce context switching and smaller transfer writes. The size is picked
     # to balance this out.

data/src/ruby_supportlib/phusion_passenger/nginx/config_options.rb CHANGED

@@ -292,15 +292,17 @@ NGINX_CONFIGURATION_OPTIONS = [
     :name     => 'passenger_app_file_descriptor_ulimit',
     :scope    => :global,
     :type     => :uinteger,
-    :dynamic_default => 'passenger_core_file_descriptor_ulimit'
+    :dynamic_default => 'passenger_core_file_descriptor_ulimit',
+    :struct   => 'NGX_HTTP_MAIN_CONF_OFFSET'
   },
   {
     :name     => 'passenger_max_instances_per_app',
     :scope    => :global,
     :context  => [:main],
     :type     => :uinteger,
+    :header   => nil,
     :default  => 0,
-    :header   => 'PASSENGER_MAX_PROCESSES'
+    :struct   => 'NGX_HTTP_MAIN_CONF_OFFSET'
   },
   {
     :name     => 'passenger_admin_panel_url',

data/src/ruby_supportlib/phusion_passenger/platform_info.rb CHANGED

@@ -1,6 +1,6 @@
 # encoding: binary
 #  Phusion Passenger - https://www.phusionpassenger.com/
-#  Copyright (c) 2010-2017 Phusion Holding B.V.
+#  Copyright (c) 2010-2018 Phusion Holding B.V.
 #
 #  "Passenger", "Phusion Passenger" and "Union Station" are registered
 #  trademarks of Phusion Holding B.V.
@@ -260,9 +260,9 @@ module PhusionPassenger
       filename = "#{dir}/#{basename}"
       begin
         File.open(filename, 'w') do |f|
+          f.chmod(0700)
           f.puts("#!/bin/sh")
         end
-        File.chmod(0700, filename)
         if system(filename)
           return dir
         else
@@ -283,9 +283,9 @@ module PhusionPassenger
       filename = "#{dir}/#{basename}"
       begin
         File.open(filename, 'w') do |f|
+          f.chmod(0700, filename)
           f.puts("#!/bin/sh")
         end
-        File.chmod(0700, filename)
         if system(filename)
           return dir
         else

data/src/ruby_supportlib/phusion_passenger/request_handler.rb CHANGED

@@ -1,6 +1,6 @@
 # encoding: binary
 #  Phusion Passenger - https://www.phusionpassenger.com/
-#  Copyright (c) 2010-2017 Phusion Holding B.V.
+#  Copyright (c) 2010-2018 Phusion Holding B.V.
 #
 #  "Passenger", "Phusion Passenger" and "Union Station" are registered
 #  trademarks of Phusion Holding B.V.

data/src/ruby_supportlib/phusion_passenger/vendor/daemon_controller.rb CHANGED

@@ -648,8 +648,8 @@ private
   def run_command_while_capturing_output(command)
     # Create tempfile for storing the command's output.
     tempfile = Tempfile.new('daemon-output')
+    tempfile.chmod(0666)
     tempfile_path = tempfile.path
-    File.chmod(0666, tempfile_path)
     tempfile.close
     if self.class.fork_supported? || self.class.spawn_supported?

metadata CHANGED

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: passenger
 version: !ruby/object:Gem::Version
-  version: 5.3.1
+  version: 5.3.2
 platform: ruby
 authors:
 - Phusion - http://www.phusion.nl/
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2018-05-14 00:00:00.000000000 Z
+date: 2018-06-11 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rake
@@ -450,6 +450,8 @@ files:
 - src/cxx_supportlib/FileTools/PathManip.h
 - src/cxx_supportlib/FileTools/PathManipCBindings.cpp
 - src/cxx_supportlib/FileTools/PathManipCBindings.h
+- src/cxx_supportlib/FileTools/PathSecurityCheck.cpp
+- src/cxx_supportlib/FileTools/PathSecurityCheck.h
 - src/cxx_supportlib/Hooks.h
 - src/cxx_supportlib/InstanceDirectory.h
 - src/cxx_supportlib/Integrations/LibevJsonUtils.h