pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/trunk]: pkgsrc/www/passenger www/passenger: Update to 5.3.2.



details:   https://anonhg.NetBSD.org/pkgsrc/rev/c761661d3ae7
branches:  trunk
changeset: 381638:c761661d3ae7
user:      fhajny <fhajny%pkgsrc.org@localhost>
date:      Wed Jun 13 12:57:47 2018 +0000

description:
www/passenger: Update to 5.3.2.

- [Nginx] Fixes CVE-2018-12029, a local privilege escalation
  vulnerability in the Nginx module that occurs when
  `passenger_instance_registry_dir` is configured to a directory
  with insufficiently strict permissions.
- Fixes CVE-2018-12026, 12027, and 12028. These are local denial of
  service, local information disclosure and local privilege escalation
  vulnerabilities that could be exploited by malicious applications or
  malicious users on the system.
- Fixes Meteor support in non-bundled mode (regression from 5.3.0).
- Fixes the fact that the error page (which is shown when an app fails
  to spawn) sometimes contains unsufficient analysis details about the
  app.
- [Apache] Fixes PassengerMaxInstancesPerApp not being respected
  (regression from config refactor in 5.2.0).
- [Enterprise, Apache] Fixes PassengerMaxInstances not being respected
  (regression from config refactor in 5.2.0).
- [Enterprise] Fixes passenger-irb being unable to connect to an app
  process (regression from 5.3.0).

diffstat:

 www/passenger/Makefile        |   3 +--
 www/passenger/Makefile.common |   4 ++--
 www/passenger/PLIST           |   4 +++-
 www/passenger/distinfo        |  10 +++++-----
 4 files changed, 11 insertions(+), 10 deletions(-)

diffs (69 lines):

diff -r 47119915ad4e -r c761661d3ae7 www/passenger/Makefile
--- a/www/passenger/Makefile    Wed Jun 13 10:34:18 2018 +0000
+++ b/www/passenger/Makefile    Wed Jun 13 12:57:47 2018 +0000
@@ -1,7 +1,6 @@
-# $NetBSD: Makefile,v 1.2 2018/04/29 21:32:08 adam Exp $
+# $NetBSD: Makefile,v 1.3 2018/06/13 12:57:47 fhajny Exp $
 
 COMMENT=               Web and application server for Ruby, Python and Node.js
-PKGREVISION=           1
 
 .include "Makefile.common"
 
diff -r 47119915ad4e -r c761661d3ae7 www/passenger/Makefile.common
--- a/www/passenger/Makefile.common     Wed Jun 13 10:34:18 2018 +0000
+++ b/www/passenger/Makefile.common     Wed Jun 13 12:57:47 2018 +0000
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile.common,v 1.6 2018/05/15 14:13:57 fhajny Exp $
+# $NetBSD: Makefile.common,v 1.7 2018/06/13 12:57:47 fhajny Exp $
 # used by www/ap2-passenger/Makefile
 # used by www/passenger/Makefile
 
-DISTNAME=              passenger-5.3.1
+DISTNAME=              passenger-5.3.2
 CATEGORIES=            www
 
 MASTER_SITES=          http://s3.amazonaws.com/phusion-passenger/releases/
diff -r 47119915ad4e -r c761661d3ae7 www/passenger/PLIST
--- a/www/passenger/PLIST       Wed Jun 13 10:34:18 2018 +0000
+++ b/www/passenger/PLIST       Wed Jun 13 12:57:47 2018 +0000
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.2 2018/05/15 14:13:57 fhajny Exp $
+@comment $NetBSD: PLIST,v 1.3 2018/06/13 12:57:47 fhajny Exp $
 bin/passenger
 bin/passenger-config
 bin/passenger-install-apache2-module
@@ -11,6 +11,7 @@
 lib/passenger/common/libpassenger_common/FileTools/FileManip.o
 lib/passenger/common/libpassenger_common/FileTools/PathManip.o
 lib/passenger/common/libpassenger_common/FileTools/PathManipCBindings.o
+lib/passenger/common/libpassenger_common/FileTools/PathSecurityCheck.o
 lib/passenger/common/libpassenger_common/JsonTools/CBindings.o
 lib/passenger/common/libpassenger_common/LoggingKit.o
 lib/passenger/common/libpassenger_common/MemoryKit/mbuf.o
@@ -37,6 +38,7 @@
 lib/passenger/nginx_dynamic/module_libpassenger_common/FileTools/FileManip.o
 lib/passenger/nginx_dynamic/module_libpassenger_common/FileTools/PathManip.o
 lib/passenger/nginx_dynamic/module_libpassenger_common/FileTools/PathManipCBindings.o
+lib/passenger/nginx_dynamic/module_libpassenger_common/FileTools/PathSecurityCheck.o
 lib/passenger/nginx_dynamic/module_libpassenger_common/JsonTools/CBindings.o
 lib/passenger/nginx_dynamic/module_libpassenger_common/LoggingKit.o
 lib/passenger/nginx_dynamic/module_libpassenger_common/ProcessManagement/Spawn.o
diff -r 47119915ad4e -r c761661d3ae7 www/passenger/distinfo
--- a/www/passenger/distinfo    Wed Jun 13 10:34:18 2018 +0000
+++ b/www/passenger/distinfo    Wed Jun 13 12:57:47 2018 +0000
@@ -1,9 +1,9 @@
-$NetBSD: distinfo,v 1.7 2018/05/15 14:13:57 fhajny Exp $
+$NetBSD: distinfo,v 1.8 2018/06/13 12:57:47 fhajny Exp $
 
-SHA1 (passenger-5.3.1.tar.gz) = f4b1d7f0c3755b8f34d9dd92b1f9300ee58f7d6c
-RMD160 (passenger-5.3.1.tar.gz) = 0012372c5d48157216eccbfa212fa3ba6eb2f8ef
-SHA512 (passenger-5.3.1.tar.gz) = 973338f934a1fc484058cf15748695129ab7ddb8c0d4d8527100fefd111a0b794d60b2e59f8f494c4ef5703c72c7ebfeef5539ed9b4a6e736114e2077e83ccdd
-Size (passenger-5.3.1.tar.gz) = 7033258 bytes
+SHA1 (passenger-5.3.2.tar.gz) = 18af22f590629e56e325c3b02272a5ff32c176c8
+RMD160 (passenger-5.3.2.tar.gz) = 8c2884ec6a1964822d644838fdd370fab2508b70
+SHA512 (passenger-5.3.2.tar.gz) = 97900a0e0de67cc3c3770c291c85c6fe937fceab5632c9832bc5c461d3b4e586a47c9733a1a50a805834f591e5af90651789ed74bf74e0eed4d6ce8084c51967
+Size (passenger-5.3.2.tar.gz) = 7039759 bytes
 SHA1 (patch-build_common__library.rb) = fc019cb2774245400e74741d34b43b87b4b8b0c8
 SHA1 (patch-build_packaging.rb) = b50c291c8e3989bbd8d128dab98c06f5e6a30e51
 SHA1 (patch-src_cxx__supportlib_LoggingKit_Context.h) = ff8dd506a6f5cd110c8e4317ecceab480a8f90c4



Home | Main Index | Thread Index | Old Index