RubyGems - passenger - Versions diffs - 5.3.1 → 5.3.2 - Mend

passenger 5.3.1 → 5.3.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (65) hide show

checksums.yaml +4 -4
data/CHANGELOG +19 -0
data/build/cxx_tests.rb +3 -1
data/build/support/cxx_dependency_map.rb +120 -27
data/dev/configkit-schemas/index.json +15 -3
data/src/agent/Core/AdminPanelConnector.h +5 -2
data/src/agent/Core/ApplicationPool/Group/StateInspection.cpp +2 -0
data/src/agent/Core/Config.h +2 -1
data/src/agent/Core/Controller/Config.h +6 -1
data/src/agent/Core/Controller/InitRequest.cpp +6 -1
data/src/agent/Core/CoreMain.cpp +26 -60
data/src/agent/Core/SpawningKit/DirectSpawner.h +18 -6
data/src/agent/Core/SpawningKit/ErrorRenderer.h +8 -8
data/src/agent/Core/SpawningKit/Handshake/Perform.h +217 -61
data/src/agent/Core/SpawningKit/Handshake/Prepare.h +57 -8
data/src/agent/Core/SpawningKit/Handshake/Session.h +34 -1
data/src/agent/Core/SpawningKit/Handshake/WorkDir.h +20 -4
data/src/agent/Core/SpawningKit/SmartSpawner.h +90 -27
data/src/agent/ExecHelper/ExecHelperMain.cpp +3 -0
data/src/agent/Shared/ApiAccountUtils.h +2 -2
data/src/agent/SpawnEnvSetupper/SpawnEnvSetupperMain.cpp +14 -4
data/src/agent/Watchdog/Config.h +2 -1
data/src/agent/Watchdog/WatchdogMain.cpp +38 -0
data/src/apache2_module/Hooks.cpp +1 -0
data/src/cxx_supportlib/ConfigKit/IN_PRACTICE.md +1 -1
data/src/cxx_supportlib/ConfigKit/README.md +1 -1
data/src/cxx_supportlib/Constants.h +6 -1
data/src/cxx_supportlib/FileTools/FileManip.cpp +34 -2
data/src/cxx_supportlib/FileTools/FileManip.h +58 -1
data/src/cxx_supportlib/FileTools/PathManip.cpp +3 -2
data/src/cxx_supportlib/FileTools/PathSecurityCheck.cpp +99 -0
data/src/cxx_supportlib/FileTools/PathSecurityCheck.h +69 -0
data/src/cxx_supportlib/Utils.cpp +37 -6
data/src/cxx_supportlib/Utils.h +6 -0
data/src/cxx_supportlib/Utils/AsyncSignalSafeUtils.h +14 -0
data/src/cxx_supportlib/Utils/IOUtils.cpp +10 -18
data/src/cxx_supportlib/Utils/IOUtils.h +10 -9
data/src/cxx_supportlib/Utils/JsonUtils.h +12 -8
data/src/cxx_supportlib/Utils/SystemMetricsCollector.h +4 -4
data/src/cxx_supportlib/Utils/SystemTime.h +1 -1
data/src/cxx_supportlib/WebSocketCommandReverseServer.h +3 -3
data/src/cxx_supportlib/oxt/system_calls.cpp +25 -1
data/src/cxx_supportlib/oxt/system_calls.hpp +3 -1
data/src/helper-scripts/meteor-loader.rb +115 -28
data/src/helper-scripts/rack-preloader.rb +1 -1
data/src/nginx_module/ConfigGeneral/AutoGeneratedDefinitions.c +4 -4
data/src/nginx_module/ConfigGeneral/AutoGeneratedSetterFuncs.c +4 -4
data/src/nginx_module/LocationConfig/AutoGeneratedCreateFunction.c +0 -10
data/src/nginx_module/LocationConfig/AutoGeneratedHeaderSerialization.c +0 -42
data/src/nginx_module/LocationConfig/AutoGeneratedMergeFunction.c +0 -6
data/src/nginx_module/LocationConfig/AutoGeneratedStruct.h +0 -8
data/src/nginx_module/MainConfig/AutoGeneratedCreateFunction.c +10 -0
data/src/nginx_module/MainConfig/AutoGeneratedManifestGeneration.c +22 -0
data/src/nginx_module/MainConfig/AutoGeneratedStruct.h +8 -0
data/src/nginx_module/ngx_http_passenger_module.c +6 -5
data/src/ruby_supportlib/phusion_passenger.rb +1 -1
data/src/ruby_supportlib/phusion_passenger/apache2/config_options.rb +0 -1
data/src/ruby_supportlib/phusion_passenger/common_library.rb +3 -0
data/src/ruby_supportlib/phusion_passenger/config/installation_utils.rb +3 -3
data/src/ruby_supportlib/phusion_passenger/constants.rb +5 -0
data/src/ruby_supportlib/phusion_passenger/nginx/config_options.rb +4 -2
data/src/ruby_supportlib/phusion_passenger/platform_info.rb +3 -3
data/src/ruby_supportlib/phusion_passenger/request_handler.rb +1 -1
data/src/ruby_supportlib/phusion_passenger/vendor/daemon_controller.rb +1 -1
metadata +4 -2

data/src/nginx_module/MainConfig/AutoGeneratedStruct.h CHANGED

@@ -40,10 +40,12 @@
 typedef struct {
     ngx_flag_t abort_on_startup_error;
+    ngx_uint_t app_file_descriptor_ulimit;
     ngx_uint_t core_file_descriptor_ulimit;
     ngx_array_t *ctl;
     ngx_flag_t disable_security_update_check;
     ngx_uint_t log_level;
+    ngx_uint_t max_instances_per_app;
     ngx_uint_t max_pool_size;
     ngx_uint_t pool_idle_time;
     ngx_array_t *prestart_uris;
@@ -72,6 +74,7 @@ typedef struct {
     ngx_str_t admin_panel_password_source_file;
     ngx_str_t admin_panel_url_source_file;
     ngx_str_t admin_panel_username_source_file;
+    ngx_str_t app_file_descriptor_ulimit_source_file;
     ngx_str_t core_file_descriptor_ulimit_source_file;
     ngx_str_t ctl_source_file;
     ngx_str_t data_buffer_dir_source_file;
@@ -83,6 +86,7 @@ typedef struct {
     ngx_str_t instance_registry_dir_source_file;
     ngx_str_t log_file_source_file;
     ngx_str_t log_level_source_file;
+    ngx_str_t max_instances_per_app_source_file;
     ngx_str_t max_pool_size_source_file;
     ngx_str_t pool_idle_time_source_file;
     ngx_str_t prestart_uris_source_file;
@@ -100,6 +104,7 @@ typedef struct {
     ngx_uint_t admin_panel_password_source_line;
     ngx_uint_t admin_panel_url_source_line;
     ngx_uint_t admin_panel_username_source_line;
+    ngx_uint_t app_file_descriptor_ulimit_source_line;
     ngx_uint_t core_file_descriptor_ulimit_source_line;
     ngx_uint_t ctl_source_line;
     ngx_uint_t data_buffer_dir_source_line;
@@ -111,6 +116,7 @@ typedef struct {
     ngx_uint_t instance_registry_dir_source_line;
     ngx_uint_t log_file_source_line;
     ngx_uint_t log_level_source_line;
+    ngx_uint_t max_instances_per_app_source_line;
     ngx_uint_t max_pool_size_source_line;
     ngx_uint_t pool_idle_time_source_line;
     ngx_uint_t prestart_uris_source_line;
@@ -128,6 +134,7 @@ typedef struct {
     ngx_int_t admin_panel_password_explicitly_set;
     ngx_int_t admin_panel_url_explicitly_set;
     ngx_int_t admin_panel_username_explicitly_set;
+    ngx_int_t app_file_descriptor_ulimit_explicitly_set;
     ngx_int_t core_file_descriptor_ulimit_explicitly_set;
     ngx_int_t ctl_explicitly_set;
     ngx_int_t data_buffer_dir_explicitly_set;
@@ -139,6 +146,7 @@ typedef struct {
     ngx_int_t instance_registry_dir_explicitly_set;
     ngx_int_t log_file_explicitly_set;
     ngx_int_t log_level_explicitly_set;
+    ngx_int_t max_instances_per_app_explicitly_set;
     ngx_int_t max_pool_size_explicitly_set;
     ngx_int_t pool_idle_time_explicitly_set;
     ngx_int_t prestart_uris_explicitly_set;

data/src/nginx_module/ngx_http_passenger_module.c CHANGED

@@ -283,7 +283,7 @@ open_log_file_for_after_forking(AfterForkData *data, PsgJsonValue *log_target) {
 }
 static ngx_int_t
-create_file(ngx_cycle_t *cycle, const u_char *filename, const u_char *contents, size_t len) {
+create_file(ngx_cycle_t *cycle, const u_char *filename, const u_char *contents, size_t len, uid_t uid, gid_t gid) {
     FILE  *f;
     int    ret;
     size_t total_written = 0, written;
@@ -297,6 +297,9 @@ create_file(ngx_cycle_t *cycle, const u_char *filename, const u_char *contents,
         do {
             ret = fchmod(fileno(f), S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH);
         } while (ret == -1 && errno == EINTR);
+        do {
+            ret = fchown(fileno(f), uid, gid);
+        } while (ret == -1 && errno == EINTR);
         do {
             written = fwrite(contents + total_written, 1,
                 len - total_written, f);
@@ -372,6 +375,7 @@ start_watchdog(ngx_cycle_t *cycle) {
     psg_json_value_set_ngx_str_ne(w_config, "default_ruby", &passenger_main_conf.default_ruby);
     psg_json_value_set_ngx_uint  (w_config, "max_pool_size", autogenerated_main_conf->max_pool_size);
     psg_json_value_set_ngx_uint  (w_config, "pool_idle_time", autogenerated_main_conf->pool_idle_time);
+    psg_json_value_set_ngx_uint  (w_config, "max_instances_per_app", autogenerated_main_conf->max_instances_per_app);
     psg_json_value_set_ngx_uint  (w_config, "response_buffer_high_watermark", autogenerated_main_conf->response_buffer_high_watermark);
     psg_json_value_set_ngx_uint  (w_config, "stat_throttle_rate", autogenerated_main_conf->stat_throttle_rate);
     psg_json_value_set_ngx_str_ne(w_config, "admin_panel_url", &autogenerated_main_conf->admin_panel_url);
@@ -446,13 +450,10 @@ start_watchdog(ngx_cycle_t *cycle) {
                         "%s/web_server_info/control_process.pid",
                         psg_watchdog_launcher_get_instance_dir(psg_watchdog_launcher, NULL));
     *last = (u_char) '\0';
-    if (create_file(cycle, filename, (const u_char *) "", 0) != NGX_OK) {
+    if (create_file(cycle, filename, (const u_char *) "", 0, (uid_t) core_conf->user, (gid_t) -1) != NGX_OK) {
         result = NGX_ERROR;
         goto cleanup;
     }
-    do {
-        ret = chown((const char *) filename, (uid_t) core_conf->user, (gid_t) -1);
-    } while (ret == -1 && errno == EINTR);
     if (ret == -1) {
         result = NGX_ERROR;
         goto cleanup;

data/src/ruby_supportlib/phusion_passenger.rb CHANGED

@@ -31,7 +31,7 @@ module PhusionPassenger
   PACKAGE_NAME = 'passenger'
   # Run 'rake src/cxx_supportlib/Constants.h configkit_schemas_inline_comments' after changing this number.
-  VERSION_STRING = '5.3.1'
+  VERSION_STRING = '5.3.2'
   PREFERRED_NGINX_VERSION = '1.14.0'
   NGINX_SHA256_CHECKSUM = '5d15becbf69aba1fe33f8d416d97edd95ea8919ea9ac519eff9bafebb6022cb5'

data/src/ruby_supportlib/phusion_passenger/apache2/config_options.rb CHANGED

@@ -263,7 +263,6 @@ APACHE2_CONFIGURATION_OPTIONS = [
     :context   => :global,
     :min_value => 0,
     :default   => 0,
-    :header    => 'PASSENGER_MAX_PROCESSES',
     :desc      => 'The maximum number of simultaneously alive application instances a single application may occupy.'
   },
   {

data/src/ruby_supportlib/phusion_passenger/common_library.rb CHANGED

@@ -280,6 +280,9 @@ COMMON_LIBRARY = CommonLibraryBuilder.new do
   define_component 'FileTools/FileManip.o',
     :source   => 'FileTools/FileManip.cpp',
     :category => :base
+  define_component 'FileTools/PathSecurityCheck.o',
+    :source   => 'FileTools/PathSecurityCheck.cpp',
+    :category => :base
   define_component 'ProcessManagement/Spawn.o',
     :source   => 'ProcessManagement/Spawn.cpp',
     :category => :base

data/src/ruby_supportlib/phusion_passenger/config/installation_utils.rb CHANGED

@@ -1,7 +1,7 @@
 # encoding: utf-8
 #
 #  Phusion Passenger - https://www.phusionpassenger.com/
-#  Copyright (c) 2014-2017 Phusion Holding B.V.
+#  Copyright (c) 2014-2018 Phusion Holding B.V.
 #
 #  "Passenger", "Phusion Passenger" and "Union Station" are registered
 #  trademarks of Phusion Holding B.V.
@@ -227,7 +227,7 @@ module PhusionPassenger
       # When creating PhusionPassenger.support_binaries_dir, preserve the
       # parent directory's UID and GID. This way, running `passenger-config compile-agent`
-      # with sudo privileged, even though Phusion Passenger isn't installed as root,
+      # with sudo privilege, even though Phusion Passenger isn't installed as root,
       # won't mess up permissions.
       def mkdir_p_preserve_parent_owner(path)
         Pathname.new(path).descend do |subpath|
@@ -235,7 +235,7 @@ module PhusionPassenger
             stat = subpath.parent.stat
             Dir.mkdir(subpath.to_s)
             if Process.euid == 0
-              File.chown(stat.uid, stat.gid, subpath.to_s)
+              File.lchown(stat.uid, stat.gid, subpath.to_s)
             end
           end
         end

data/src/ruby_supportlib/phusion_passenger/constants.rb CHANGED

@@ -76,6 +76,11 @@ module PhusionPassenger
     MESSAGE_SERVER_MAX_USERNAME_SIZE = 100
     MESSAGE_SERVER_MAX_PASSWORD_SIZE = 100
     POOL_HELPER_THREAD_STACK_SIZE = 1024 * 256
+    SPAWNINGKIT_MAX_SUBPROCESS_ERROR_MESSAGE_SIZE = 1024 * 128
+    SPAWNINGKIT_MAX_SUBPROCESS_ENVDUMP_SIZE = 1024 * 128
+    SPAWNINGKIT_MAX_PROPERTIES_JSON_SIZE = 1024 * 32
+    SPAWNINGKIT_MAX_ERROR_CATEGORY_SIZE = 32
+    SPAWNINGKIT_MAX_JOURNEY_STEP_FILE_SIZE = 32
     # Small mbuf sizes avoid memory overhead (up to 1 blocksize per request), but
     # also introduce context switching and smaller transfer writes. The size is picked
     # to balance this out.

data/src/ruby_supportlib/phusion_passenger/nginx/config_options.rb CHANGED

@@ -292,15 +292,17 @@ NGINX_CONFIGURATION_OPTIONS = [
     :name     => 'passenger_app_file_descriptor_ulimit',
     :scope    => :global,
     :type     => :uinteger,
-    :dynamic_default => 'passenger_core_file_descriptor_ulimit'
+    :dynamic_default => 'passenger_core_file_descriptor_ulimit',
+    :struct   => 'NGX_HTTP_MAIN_CONF_OFFSET'
   },
   {
     :name     => 'passenger_max_instances_per_app',
     :scope    => :global,
     :context  => [:main],
     :type     => :uinteger,
+    :header   => nil,
     :default  => 0,
-    :header   => 'PASSENGER_MAX_PROCESSES'
+    :struct   => 'NGX_HTTP_MAIN_CONF_OFFSET'
   },
   {
     :name     => 'passenger_admin_panel_url',

data/src/ruby_supportlib/phusion_passenger/platform_info.rb CHANGED

@@ -1,6 +1,6 @@
 # encoding: binary
 #  Phusion Passenger - https://www.phusionpassenger.com/
-#  Copyright (c) 2010-2017 Phusion Holding B.V.
+#  Copyright (c) 2010-2018 Phusion Holding B.V.
 #
 #  "Passenger", "Phusion Passenger" and "Union Station" are registered
 #  trademarks of Phusion Holding B.V.
@@ -260,9 +260,9 @@ module PhusionPassenger
       filename = "#{dir}/#{basename}"
       begin
         File.open(filename, 'w') do |f|
+          f.chmod(0700)
           f.puts("#!/bin/sh")
         end
-        File.chmod(0700, filename)
         if system(filename)
           return dir
         else
@@ -283,9 +283,9 @@ module PhusionPassenger
       filename = "#{dir}/#{basename}"
       begin
         File.open(filename, 'w') do |f|
+          f.chmod(0700, filename)
           f.puts("#!/bin/sh")
         end
-        File.chmod(0700, filename)
         if system(filename)
           return dir
         else

data/src/ruby_supportlib/phusion_passenger/request_handler.rb CHANGED

@@ -1,6 +1,6 @@
 # encoding: binary
 #  Phusion Passenger - https://www.phusionpassenger.com/
-#  Copyright (c) 2010-2017 Phusion Holding B.V.
+#  Copyright (c) 2010-2018 Phusion Holding B.V.
 #
 #  "Passenger", "Phusion Passenger" and "Union Station" are registered
 #  trademarks of Phusion Holding B.V.

data/src/ruby_supportlib/phusion_passenger/vendor/daemon_controller.rb CHANGED

@@ -648,8 +648,8 @@ private
   def run_command_while_capturing_output(command)
     # Create tempfile for storing the command's output.
     tempfile = Tempfile.new('daemon-output')
+    tempfile.chmod(0666)
     tempfile_path = tempfile.path
-    File.chmod(0666, tempfile_path)
     tempfile.close
     if self.class.fork_supported? || self.class.spawn_supported?

metadata CHANGED

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: passenger
 version: !ruby/object:Gem::Version
-  version: 5.3.1
+  version: 5.3.2
 platform: ruby
 authors:
 - Phusion - http://www.phusion.nl/
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2018-05-14 00:00:00.000000000 Z
+date: 2018-06-11 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rake
@@ -450,6 +450,8 @@ files:
 - src/cxx_supportlib/FileTools/PathManip.h
 - src/cxx_supportlib/FileTools/PathManipCBindings.cpp
 - src/cxx_supportlib/FileTools/PathManipCBindings.h
+- src/cxx_supportlib/FileTools/PathSecurityCheck.cpp
+- src/cxx_supportlib/FileTools/PathSecurityCheck.h
 - src/cxx_supportlib/Hooks.h
 - src/cxx_supportlib/InstanceDirectory.h
 - src/cxx_supportlib/Integrations/LibevJsonUtils.h