passenger 4.0.37 → 4.0.38

checksums.yaml

@@ -1,15 +1,15 @@
 ---
 !binary "U0hBMQ==":
   metadata.gz: !binary |-
-    NzY2YjMwZGFkMjkzNDNlMjgwYWIwZjM0OTk4OTEzZDczYmNhZTUxNw==
+    NWY2M2JhYzAwOWI1NGJiNDQ0YmNhYjFkZjk3ZjUxMGUxZDQxYjM2MQ==
   data.tar.gz: !binary |-
-    NjMwYmQ4ZWM4ZWZkOTc1OWY2NTk0OGFjYTdjYjllZGE0ZWFkMTlhMQ==
+    M2FiN2YwZTg5MDYzZjRkM2ZmYjE4YWIyNTk4MDM5YWY0NmM0NWE1MA==
 SHA512:
   metadata.gz: !binary |-
-    ZWY2OGFiZTMxNTMxMmNkZGFhYTQ4Nzk3OWM4MTNlNjJjZGQ1MDkwZTA0ZTNl
-    MDY2N2FhOWFkNjdkYWYzYTgzNzMxMmE5ZGMzNjU2MmUwYjA4MDRlMDZmZDg2
-    YTk1MTlmMjJmYmI5OWQ0ZjU4YzU5MDI0M2ZkMzU2NGRkNWU5Mzk=
+    Y2E0ZTUwNWQxZTkyZjAyYWI5MTgyMDg5MzYxNzQ2OGEwYjlmYjNiMjMyZjJm
+    YmYyNTVlNmFlYzVlNjRkZDQxYTk2YTFjMzAzZmQyNTY5ZTJmZTg3ZmYzZmMw
+    YmU4OGIyZGI5YjAxZjYwOTI0NmJkNjQxNGIxODI4NWJmMTdjNjc=
   data.tar.gz: !binary |-
-    ODFhMDg0OWU1YmY2MjRiNWZjYjFkY2ZjN2MwMTZhYjA5YmNjM2E3ZDMwNTMx
-    M2ExZDYxZGQyNWQ2ZjFjNzA4MDhjZjIzMzA5YTQyN2E1MjVmOTQyMzU4YzBi
-    OGM2NDliMWNkMjQwYTBhYmFhNzhmZTZkNTUyMTVjMWE2Nzc3NTM=
+    NTUwMTlmOWJjZTFhMzdhMDEwNTRkY2RjY2MxOTllOThiMGUzYjJjNGVkZDRh
+    N2Q4MDY0ODQ4MmRhYzkwZjE4NWI5OGM0YTkzOTYwMmFiZGRlMDEwOTVkN2I2
+    OGQxMjZkN2MzM2RjNzE0NmJmZjM4MjAyYzU1NTgwYmEwZDg4YTg=

checksums.yaml.gz.asc

@@ -2,11 +2,11 @@
 Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
 Comment: GPGTools - http://gpgtools.org
 
-iQEcBAABAgAGBQJS6CPIAAoJECrHRaUKISqMBzMIAJc+WtmkHIzclF/yuMagWa40
-0p9dz6CINEmYQ4gCabMeRhBa/VeQauXhvR3d2cm7TyCyLqfoN6YLHnesVwGGI2vu
-Kt5HbgOYGTT6cyf8QmGjubNC+VslKTZIyoapRigRRtX10tLsvAYyC9WnaOMGikWS
-OKpNucWMA7UnXfsfyNa/u4L0c+pNI15DM5asjMPG46QHiYDfAKIhRzGTRovjBAOW
-WaLu+qtfMJ9ui261i9KBJuPjIbbIeHZQeGDA70tvnm6na5W8A11XilYav4T8Qcv+
-fGoDcJ88M6q3cYspeOJPsEEICFHvhjQ0wMm5qT/YHhLd1dqxapCidmj+nqFwxuQ=
-=6pys
+iQEcBAABAgAGBQJTHZ8EAAoJECrHRaUKISqMsBMH+gK3TAtT8EgtFuBgW/FTpWA+
+GQYAdza0FIpBDcLrXuvzU/SYot8j+/FZdwYEqi1xp/IYyX6wjNsfmB9rnUKCnADK
+UsotDRNQ9QNitAcwy3/HYpq2qMArMrQAVUg9uQ6whL+h9UCKmIt2Behn0QL8YITY
+OcUuoy+0CkCcGiJuni3TEkPOpjrRZk7E2+7igTyEkN1cMseMOo06q+hCneCDJ9Uy
+PSxQ/BZReTBWbVHKJwwAEe3yEfZPKnjawxkvgtTsO4iHZQj2FbeS/Nnl0/WVKxzp
+CysaDlfon1bTDktijbN+ZhsSqavFtIVXIk9Pnba8KViVsHFn2R9/uXh5c7FkkFM=
+=kE6h
 -----END PGP SIGNATURE-----

data.tar.gz.asc

@@ -2,11 +2,11 @@
 Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
 Comment: GPGTools - http://gpgtools.org
 
-iQEcBAABAgAGBQJS6CPIAAoJECrHRaUKISqMvrEIAKw15y9cgHaX26Mh6AYj+Bj1
-jQ2aTpVBoNwhxX6dGEvLhpxxknTmvaryffRxYJX7eE8JJKP526RzJogkbgBMktqY
-vxSRNSzpZpvoEztvpiy+UGVtgaUjTEaIFl9daOQbWxQkiLmvglRPMBFu7j30fU9B
-56vdqzGxqZ9eSHMqd3B+kVSnpoiVOgRCigVocU/hoblLBDankxuzNkj6tAtlX+G3
-zmX0QZ+QBfWDqEvw2mVbXIQFwz9+tMCnybEctz5VJIPHaO8cco129jXYo+hcdu1Q
-EUlt3bcb0/w7a2giU2WuzYdRJqQFdTF24XOOwLozx0Kf8HizpQCU7dJaz3hE79E=
-=0LER
+iQEcBAABAgAGBQJTHZ8EAAoJECrHRaUKISqM5lYH/3XJx9eqN+CwmPt3TuntozWD
+cG+UX9LbGUSol+BGvE5wwuKfa10n0Gt7o8/OjsiWgmeI2RcgTrP8YcLSH/dsqRNB
+DZdzpdq+03fJrgysYriG1e2UKhoG0BvY89Ux9ZncB3iiyteF+TMVdswdgwJiCVLF
+miWYlX7efLoQu9ii7iDYWQq3nCImeefl3ei6lopS7lpAEdWplTQf2dUEGzJyCzd2
+r1F2pN4gIUFDE/hOg8g/bQIs/HeZq3hlcDKJ3nXWpiSlgpT6Ywrs0kuIUE2KGDzJ
+gW9SEsBgnV5RuC0kIYsVBGv+//hxoCvj22eZUz1cfvhZagAHzcL1n+t7+LRHkuY=
+=28wv
 -----END PGP SIGNATURE-----

data/{NEWS → CHANGELOG}

@@ -1,3 +1,46 @@
+Release 4.0.38
+--------------
+
+ * Added support for the new Ruby 2.1.0 out-of-band garbage collector.
+   This can much improve garbage collection performance, and drastically
+   reduce request times.
+ * Fixed a symlink-related security vulnerability.
+
+   Urgency: low
+   Scope: local exploit
+   Summary: writing files to arbitrary directory by hijacking temp directories
+   Affected versions: 4.0.37
+   Fixed versions: 4.0.38
+   CVE-2014-1832
+
+   Description:
+   This issue is related to CVE-2014-1831 (the security issue as mentioned in
+   the 4.0.37 release notes). The previous fix was incomplete, and still has a
+   (albeit smaller) small attack time window in between two filesystem
+   checks. This attack window is now gone.
+ * Passenger Standalone is now compatible with IPv6.
+ * Fixed some compilation problems on Solaris. See issue #1047.
+ * passenger-install-apache2-module and passenger-install-nginx-module
+   now automatically run in `--auto` mode if stdin is not a TTY. Fixes
+   issue #1030.
+ * Fixed an issue with non-bundled Meteor apps not correctly running in
+   production mode.
+ * The `PassengerPreStart` option is now compatible with IPv6 server sockets.
+ * When running Python WSGI apps, `wsgi.run_once` is now set to False.
+   This should improve the performance of certain apps and frameworks.
+ * When handling HTTP requests with chunked transfer encoding, the
+   'Transfer-Encoding' header is no longer passed to the application.
+   This is because the web server already buffers and dechunks the
+   request body.
+ * Fixed a possible hang in Phusion Passenger for Nginx when Nginx
+   is instructed to reload or reopen log files. Thanks to Feng Gu,
+   [pull request #97](https://github.com/phusion/passenger/pull/97).
+ * The preferred Nginx version has been upgraded to 1.4.6.
+ * Fixed a problem with running passenger-install-apache2-module and
+   passenger-install-nginx-module on JRuby. They were not able to accept
+   any terminal input after displaying the programming language menu.
+
+
 Release 4.0.37
 --------------
 
@@ -15,7 +58,7 @@ Release 4.0.37
    effect to killing the application process directly with `kill <PID>`,
    but killing directly may cause the HTTP client to see an error, while
    using this command guarantees that clients see no errors.
- * Fixed a crash occurs when an application fails to spawn, but the HTTP
+ * Fixed a crash that occurs when an application fails to spawn, but the HTTP
    client disconnects before the error page is generated. Fixes issue #1028.
  * Fixed a symlink-related security vulnerability.
 
@@ -24,6 +67,7 @@ Release 4.0.37
    Summary: writing files to arbitrary directory by hijacking temp directories
    Affected versions: 4.0.5 and later
    Fixed versions: 4.0.37
+   CVE-2014-1831
 
    Description:
    Phusion Passenger creates a "server instance directory" in /tmp during startup,

data/build/misc.rb

@@ -64,7 +64,7 @@ def extract_latest_news_contents_and_items
 	#   Release y.y.y
 	#   -------------
 	#   .....
-	contents = File.read("NEWS")
+	contents = File.read("CHANGELOG")
 	
 	# We're only interested in the latest release, so extract the text for that.
 	contents =~ /\A(Release.*?)^(Release|Older releases)/m
@@ -79,8 +79,8 @@ def extract_latest_news_contents_and_items
 	return [contents, items]
 end
 
-desc "Convert the NEWS items for the latest release to HTML"
-task :news_as_html do
+desc "Convert the Changelog items for the latest release to HTML"
+task :changelog_as_html do
 	require 'cgi'
 	contents, items = extract_latest_news_contents_and_items
 	
@@ -112,8 +112,8 @@ task :news_as_html do
 	puts "</ul>"
 end
 
-desc "Convert the NEWS items for the latest release to Markdown"
-task :news_as_markdown do
+desc "Convert the Changelog items for the latest release to Markdown"
+task :changelog_as_markdown do
 	contents, items = extract_latest_news_contents_and_items
 
 	# Auto-link to issue tracker.

data/debian.template/control.template

@@ -30,7 +30,7 @@ Depends: ${shlibs:Depends}, ${misc:Depends},
 #else
      ruby-rack,
 #endif
- ruby-daemon-controller
+ ruby-daemon-controller (>= 1.2.0)
 Recommends: passenger-doc (= ${binary:Version}), passenger-dev (= ${binary:Version}),
  crash-watch
 Suggests: python

data/debian.template/passenger.docs

@@ -1,4 +1,4 @@
 CONTRIBUTING.md
 README.md
-NEWS
+CHANGELOG
 debian/README.Debian

data/doc/users_guide_snippets/installation.txt

@@ -57,7 +57,7 @@ endif::[]
 [[install_on_debian_ubuntu]]
 === Installing or upgrading on Debian or Ubuntu
 
-We provide and official Phusion Passenger APT repository. This APT repository contains Phusion Passenger packages for multiple versions of Debian and Ubuntu. These packages are automatically built by our build server after we push out a source release, and thus are always up to date with the official source releases.
+We provide an official Phusion Passenger APT repository. This APT repository contains Phusion Passenger packages for multiple versions of Debian and Ubuntu. These packages are automatically built by our build server after we push out a source release, and thus are always up to date with the official source releases.
 
 If you use these packages to install Phusion Passenger then you do not need to run `passenger-install-apache2-module` or `passenger-install-nginx-module`. These packages contain all the binaries that you need.
 

data/doc/users_guide_snippets/tips.txt

@@ -460,7 +460,7 @@ Here are some of the environment variables which are passed to all hooks, unless
 
 ==== Blocking and concurrency
 
-All hooks block. That is, Phusion Passenger waits until your hook command is finished. You should therefore be careful when writing hook scripts: if your script never finishes, so Phusion Passenger does not do that either.
+All hooks block in the background. That is, while your hook command is running, Phusion Passenger can still handle web requests, but the background thread which is running your hook will be blocked and won't be able to perform any further operations. For example, if you wrote a hook script for the `attached_process` event, then Phusion Passenger won't be able to attach further processes until your hook script finishes. You should therefore be careful when writing hook scripts.
 
 If you have a bug in your script and it blocks, then you will be able to see that using the command `passenger-status --show=backtraces` which prints the backtraces of all threads in the Phusion Passenger HelperAgent. Look for the `runSingleHookScript` function in the backtrace. The following example shows at line 2 that Phusion Passenger is waiting for the hook script `/home/phusion/badscript.sh`.
 
@@ -471,7 +471,7 @@ Thread 'Group process spawner: /home/phusion/webapp.test#default' (0x1062d4000):
      in 'void Passenger::ApplicationPool2::Group::spawnThreadRealMain(const SpawnerPtr &, const Passenger::ApplicationPool2::Options &, unsigned int)' (Implementation.cpp:878)
 ---------------------------------------------------------------------------------------------------
 
-Hooks may be called concurrently. For example, while the `attached_process` hook is being called, a `detached_process` hook may be called, perhaps even for the same application. It is your responsibility to ensure that your hook scripts are concurrency-safe, e.g. by employing locks and other concurrency control techniques.
+Hooks may be called concurrently, because Phusion Passenger sometimes uses multiple background threads. For example, while the `attached_process` hook is being called, a `detached_process` hook may be called, perhaps even for the same application. It is your responsibility to ensure that your hook scripts are concurrency-safe, e.g. by employing locks and other concurrency control techniques.
 
 ==== Error handling
 
@@ -496,6 +496,7 @@ Because hooks are inherently tied to the implementation of Phusion Passenger, th
  - Phusion Passenger has shut down a process because it's been idle for too long.
  - The administrator configured different resource limits, and Phusion Passenger is starting or shutting down processes in response.
  - Phusion Passenger itself is shutting down.
+
 +
 Extra environment variables: `PASSENGER_PROCESS_PID`, `PASSENGER_APP_ROOT`. Errors in the hook script are ignored.
 

data/ext/apache2/Hooks.cpp

@@ -773,11 +773,21 @@ private:
 		}
 		return 0;
 	}
+
+	/**
+	 * Checks case-insensitively whether the given header is "Transfer-Encoding".
+	 */
+	bool headerIsTransferEncoding(const char *headerName, size_t len) const {
+		return len == sizeof("transfer-encoding") - 1 &&
+			apr_tolower(headerName[0]) == (u_char) 't' &&
+			apr_tolower(headerName[sizeof("transfer-encoding") - 2]) == (u_char) 'g' &&
+			apr_strnatcasecmp(headerName + 1, "ransfer-encoding") == 0;
+	}
 	
 	/**
 	 * Convert an HTTP header name to a CGI environment name.
 	 */
-	char *httpToEnv(apr_pool_t *p, const char *headerName) {
+	char *httpToEnv(apr_pool_t *p, const char *headerName, size_t len) {
 		char *result  = apr_pstrcat(p, "HTTP_", headerName, (char *) NULL);
 		char *current = result + sizeof("HTTP_") - 1;
 		
@@ -931,8 +941,15 @@ private:
 		hdrs_arr = apr_table_elts(r->headers_in);
 		hdrs = (apr_table_entry_t *) hdrs_arr->elts;
 		for (i = 0; i < hdrs_arr->nelts; ++i) {
-			if (hdrs[i].key) {
-				addHeader(output, httpToEnv(r->pool, hdrs[i].key), hdrs[i].val);
+			if (hdrs[i].key == NULL) {
+				continue;
+			}
+			size_t keylen = strlen(hdrs[i].key);
+			// We only pass the Transfer-Encoding header if PassengerBufferUpload is disabled,
+			// so that the HelperAgent and the app knows that there is a request body despite
+			// there not being a Content-Length header.
+			if (!headerIsTransferEncoding(hdrs[i].key, keylen) || config->bufferUpload == DirConfig::DISABLED) {
+				addHeader(output, httpToEnv(r->pool, hdrs[i].key, keylen), hdrs[i].val);
 			}
 		}
 		

data/ext/common/AgentsStarter.h

@@ -406,19 +406,21 @@ public:
 			 * we can kill all of our subprocesses in a single killpg().
 			 */
 			setsid();
-			
+
+			/* We don't know how the web server or the environment affect
+			 * signal handlers and the signal mask, so reset this stuff
+			 * just in case. Also, we reset the signal handlers before
+			 * closing all file descriptors, in order to prevent bugs
+			 * like this: https://github.com/phusion/passenger/pull/97
+			 */
+			resetSignalHandlersAndMask();
+
 			// Make sure the feedback fd is 3 and close all file descriptors
 			// except stdin, stdout, stderr and 3.
 			syscalls::close(fds[0]);
 			installFeedbackFd(fds[1]);
 			closeAllFileDescriptors(FEEDBACK_FD);
-			
-			/* We don't know how the web server or the environment affect
-			 * signal handlers and the signal mask, so reset this stuff
-			 * just in case.
-			 */
-			resetSignalHandlersAndMask();
-			
+
 			if (afterFork) {
 				afterFork();
 			}

data/ext/common/ApplicationPool2/Implementation.cpp

@@ -602,7 +602,7 @@ Group::initiateOobw(const ProcessPtr &process) {
 			// Continue code flow.
 			break;
 		case DR_DEFERRED:
-			// lockAndMaybeInitateOobw() will eventually be called.
+			// lockAndMaybeInitiateOobw() will eventually be called.
 			return;
 		case DR_ERROR:
 		case DR_NOOP:

data/ext/common/Constants.h

@@ -88,7 +88,7 @@
 
 	#define NGINX_DOC_URL "http://www.modrails.com/documentation/Users%20guide%20Nginx.html"
 
-	#define PASSENGER_VERSION "4.0.37"
+	#define PASSENGER_VERSION "4.0.38"
 
 	#define POOL_HELPER_THREAD_STACK_SIZE 262144
 

data/ext/common/Exceptions.cpp

@@ -24,7 +24,7 @@
  */
 
 #include <Exceptions.h>
-#include <cstdlib>
+#include <stdlib.h>
 #include <string.h>
 
 

data/ext/common/ServerInstanceDir.h

@@ -1,6 +1,6 @@
 /*
  *  Phusion Passenger - https://www.phusionpassenger.com/
- *  Copyright (c) 2010-2013 Phusion
+ *  Copyright (c) 2010-2014 Phusion
  *
  *  "Phusion Passenger" is a trademark of Hongli Lai & Ninh Bui.
  *
@@ -193,6 +193,9 @@ private:
 	
 	void initialize(const string &path, bool owner) {
 		TRACE_POINT();
+		struct stat buf;
+		int ret;
+
 		this->path  = path;
 		this->owner = owner;
 		
@@ -212,18 +215,25 @@ private:
 		 * rights though, because we want admin tools to be able to list the available
 		 * generations no matter what user they're running as.
 		 */
+
+		do {
+			ret = lstat(path.c_str(), &buf);
+		} while (ret == -1 && errno == EAGAIN);
 		if (owner) {
-			switch (getFileTypeNoFollowSymlinks(path)) {
-			case FT_NONEXISTANT:
+			if (ret == 0) {
+				if (S_ISDIR(buf.st_mode)) {
+					verifyDirectoryPermissions(path, buf);
+				} else {
+					throw RuntimeException("'" + path + "' already exists, and is not a directory");
+				}
+			} else if (errno == ENOENT) {
 				createDirectory(path);
-				break;
-			case FT_DIRECTORY:
-				verifyDirectoryPermissions(path);
-				break;
-			default:
-				throw RuntimeException("'" + path + "' already exists, and is not a directory");
+			} else {
+				int e = errno;
+				throw FileSystemException("Cannot lstat '" + path + "'",
+					e, path);
 			}
-		} else if (getFileType(path) != FT_DIRECTORY) {
+		} else if (!S_ISDIR(buf.st_mode)) {
 			throw RuntimeException("Server instance directory '" + path +
 				"' does not exist");
 		}
@@ -259,14 +269,10 @@ private:
 	 * so that an attacker cannot pre-create a directory with too liberal
 	 * permissions.
 	 */
-	void verifyDirectoryPermissions(const string &path) {
+	void verifyDirectoryPermissions(const string &path, struct stat &buf) {
 		TRACE_POINT();
-		struct stat buf;
 
-		if (stat(path.c_str(), &buf) == -1) {
-			int e = errno;
-			throw FileSystemException("Cannot stat() " + path, e, path);
-		} else if (buf.st_mode != (S_IFDIR | parseModeString("u=rwx,g=rx,o=rx"))) {
+		if (buf.st_mode != (S_IFDIR | parseModeString("u=rwx,g=rx,o=rx"))) {
 			throw RuntimeException("Tried to reuse existing server instance directory " +
 				path + ", but it has wrong permissions");
 		} else if (buf.st_uid != geteuid() || buf.st_gid != getegid()) {

data/ext/common/Utils.cpp

@@ -143,35 +143,6 @@ getFileType(const StaticString &filename, CachedFileStat *cstat, unsigned int th
 	}
 }
 
-FileType
-getFileTypeNoFollowSymlinks(const StaticString &filename) {
-	struct stat buf;
-	int ret;
-	
-	ret = lstat(filename.c_str(), &buf);
-	if (ret == 0) {
-		if (S_ISREG(buf.st_mode)) {
-			return FT_REGULAR;
-		} else if (S_ISDIR(buf.st_mode)) {
-			return FT_DIRECTORY;
-		} else if (S_ISLNK(buf.st_mode)) {
-			return FT_SYMLINK;
-		} else {
-			return FT_OTHER;
-		}
-	} else {
-		if (errno == ENOENT) {
-			return FT_NONEXISTANT;
-		} else {
-			int e = errno;
-			string message("Cannot lstat '");
-			message.append(filename);
-			message.append("'");
-			throw FileSystemException(message, e, filename);
-		}
-	}
-}
-
 void
 createFile(const string &filename, const StaticString &contents, mode_t permissions, uid_t owner,
 	gid_t group, bool overwrite)
@@ -917,14 +888,6 @@ getSignalName(int sig) {
 
 void
 resetSignalHandlersAndMask() {
-	sigset_t signal_set;
-	int ret;
-	
-	sigemptyset(&signal_set);
-	do {
-		ret = sigprocmask(SIG_SETMASK, &signal_set, NULL);
-	} while (ret == -1 && errno == EINTR);
-	
 	struct sigaction action;
 	action.sa_handler = SIG_DFL;
 	action.sa_flags   = SA_RESTART;
@@ -955,6 +918,21 @@ resetSignalHandlersAndMask() {
 	#endif
 	sigaction(SIGUSR1, &action, NULL);
 	sigaction(SIGUSR2, &action, NULL);
+
+	// We reset the signal mask after resetting the signal handlers,
+	// because prior to calling resetSignalHandlersAndMask(), the
+	// process might be blocked on some signals. We want those signals
+	// to be processed after installing the new signal handlers
+	// so that bugs like https://github.com/phusion/passenger/pull/97
+	// can be prevented.
+
+	sigset_t signal_set;
+	int ret;
+	
+	sigemptyset(&signal_set);
+	do {
+		ret = sigprocmask(SIG_SETMASK, &signal_set, NULL);
+	} while (ret == -1 && errno == EINTR);
 }
 
 void