zbatery 0.2.0 → 0.2.1

Sign up to get free protection for your applications and to get access to all the features.
data/ChangeLog CHANGED
@@ -1,5 +1,44 @@
1
- ChangeLog from git://git.bogomips.org/zbatery.git (v0.1.1..v0.2.0)
1
+ ChangeLog from git://git.bogomips.org/zbatery.git (v0.1.1..v0.2.1)
2
2
 
3
+ commit 5764336aa3785af8a08be7ec7b40846ec139eb6c
4
+ Author: Eric Wong <normalperson@yhbt.net>
5
+ Date: Mon Apr 19 14:14:46 2010 -0700
6
+
7
+ Zbatery 0.2.1 - use a less-broken parser from Unicorn
8
+
9
+ This release fixes a denial-of-service vector for deployments
10
+ exposed directly to untrusted clients.
11
+
12
+ The HTTP parser in Unicorn <= 0.97.0 would trip an assertion
13
+ (killing the associated worker process) on invalid
14
+ Content-Length headers instead of raising an exception. Since
15
+ Rainbows! and Zbatery supports multiple clients per worker
16
+ process, all clients connected to the worker process that hit
17
+ the assertion would be aborted.
18
+
19
+ Deployments behind nginx are _not_ affected by this bug, as
20
+ nginx will reject clients that send invalid Content-Length
21
+ headers.
22
+
23
+ The status of deployments behind other HTTP-aware proxies is
24
+ unknown. Deployments behind a non-HTTP-aware proxy (or no proxy
25
+ at all) are certainly affected by this DoS.
26
+
27
+ Users are strongly encouraged to upgrade as soon as possible,
28
+ there are no other changes besides this bug fix from Rainbows!
29
+ 0.91.0 nor Unicorn 0.97.0
30
+
31
+ This bug affects all previously released versions of Rainbows!
32
+ and Zbatery.
33
+
34
+ commit bf277616bf1a13385150260c8bccb1d97b830bec
35
+ Author: Eric Wong <normalperson@yhbt.net>
36
+ Date: Mon Mar 1 18:22:14 2010 +0000
37
+
38
+ t0003: fix error log check
39
+
40
+ We don't have "worker" processes in here.
41
+
3
42
  commit 816d4e840fca8606215a328beda90dd92153bcd7
4
43
  Author: Eric Wong <normalperson@yhbt.net>
5
44
  Date: Mon Mar 1 10:40:51 2010 +0000
data/GIT-VERSION-FILE CHANGED
@@ -1 +1 @@
1
- GIT_VERSION = 0.2.0
1
+ GIT_VERSION = 0.2.1
data/GIT-VERSION-GEN CHANGED
@@ -1,7 +1,7 @@
1
1
  #!/bin/sh
2
2
 
3
3
  GVF=GIT-VERSION-FILE
4
- DEF_VER=v0.2.0.GIT
4
+ DEF_VER=v0.2.1.GIT
5
5
 
6
6
  LF='
7
7
  '
data/NEWS CHANGED
@@ -1,3 +1,30 @@
1
+ === 0.2.1 / 2010-04-19 21:16 UTC
2
+
3
+ This release fixes a denial-of-service vector for deployments
4
+ exposed directly to untrusted clients.
5
+
6
+ The HTTP parser in Unicorn <= 0.97.0 would trip an assertion
7
+ (killing the associated worker process) on invalid
8
+ Content-Length headers instead of raising an exception. Since
9
+ Rainbows! and Zbatery supports multiple clients per worker
10
+ process, all clients connected to the worker process that hit
11
+ the assertion would be aborted.
12
+
13
+ Deployments behind nginx are _not_ affected by this bug, as
14
+ nginx will reject clients that send invalid Content-Length
15
+ headers.
16
+
17
+ The status of deployments behind other HTTP-aware proxies is
18
+ unknown. Deployments behind a non-HTTP-aware proxy (or no proxy
19
+ at all) are certainly affected by this DoS.
20
+
21
+ Users are strongly encouraged to upgrade as soon as possible,
22
+ there are no other changes besides this bug fix from Rainbows!
23
+ 0.91.0 nor Unicorn 0.97.0
24
+
25
+ This bug affects all previously released versions of Rainbows!
26
+ and Zbatery.
27
+
1
28
  === 0.2.0 / 2010-03-01 10:42 UTC
2
29
 
3
30
  This release resyncs against the latest features/cleanups
data/lib/zbatery.rb CHANGED
@@ -4,7 +4,7 @@ require 'rainbows'
4
4
  module Zbatery
5
5
 
6
6
  # current version of Zbatery
7
- VERSION = "0.2.0"
7
+ VERSION = "0.2.1"
8
8
 
9
9
  class << self
10
10
 
@@ -44,9 +44,9 @@ t_begin "wait for rotated log to reappear" && {
44
44
  done
45
45
  }
46
46
 
47
- t_begin "wait for worker to reopen logs" && {
47
+ t_begin "wait to reopen logs" && {
48
48
  nr=60
49
- re="worker=.* done reopening logs"
49
+ re="done reopening logs"
50
50
  while ! grep "$re" < $r_err >/dev/null && test $nr -ge 0
51
51
  do
52
52
  sleep 1
data/zbatery.gemspec CHANGED
@@ -50,11 +50,11 @@ Gem::Specification.new do |s|
50
50
  # espace-neverblock + eventmachine
51
51
  # async_sinatra + sinatra + eventmachine
52
52
  #
53
- # rainbows 0.90.2 depends on unicorn 0.96.1,
54
- # unicorn 0.96.0 and before had a memory leak
55
- # that was only triggered in Rainbows!/Zbatery
56
- s.add_dependency(%q<unicorn>, ["~> 0.97.0"])
57
- s.add_dependency(%q<rainbows>, [">= 0.91.0", "<= 1.0.0"])
53
+ # rainbows 0.91.1 depends on unicorn ~> 0.97.1, previous versions of
54
+ # Unicorn were vulnerable to a remote DoS when exposed directly to
55
+ # untrusted clients (a configuration only supported by Zbatery and Rainbows!,
56
+ # Unicorn has never and will never be supported without trusted LAN clients.
57
+ s.add_dependency(%q<rainbows>, [">= 0.91.1", "<= 1.0.0"])
58
58
 
59
59
  # s.licenses = %w(GPLv2 Ruby) # accessor not compatible with older RubyGems
60
60
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: zbatery
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.2.0
4
+ version: 0.2.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Zbatery hackers
@@ -9,19 +9,9 @@ autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
11
 
12
- date: 2010-03-01 00:00:00 +00:00
12
+ date: 2010-04-19 00:00:00 +00:00
13
13
  default_executable:
14
14
  dependencies:
15
- - !ruby/object:Gem::Dependency
16
- name: unicorn
17
- type: :runtime
18
- version_requirement:
19
- version_requirements: !ruby/object:Gem::Requirement
20
- requirements:
21
- - - ~>
22
- - !ruby/object:Gem::Version
23
- version: 0.97.0
24
- version:
25
15
  - !ruby/object:Gem::Dependency
26
16
  name: rainbows
27
17
  type: :runtime
@@ -30,7 +20,7 @@ dependencies:
30
20
  requirements:
31
21
  - - ">="
32
22
  - !ruby/object:Gem::Version
33
- version: 0.91.0
23
+ version: 0.91.1
34
24
  - - <=
35
25
  - !ruby/object:Gem::Version
36
26
  version: 1.0.0