pkgsrc-WIP-cvs archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

CVS commit: wip/ruby-passenger

Module name:    wip
Committed by:   fhajny
Date:           Tue May  6 13:40:30 UTC 2014

Modified Files:
        wip/ruby-passenger: Makefile Makefile.common PLIST distinfo
        wip/ruby-passenger/patches: patch-build__agents.rb
            patch-build__packaging.rb patch-build_common__library.rb
Removed Files:

Log Message:
Release 4.0.42

 * [Nginx] Upgraded the preferred Nginx version to 1.6.0.
 * [Nginx] Fixed compatibility with Nginx 1.7.0.
 * There are now APT packages for Ubuntu 14.04. At the same time, packages
   for Ubuntu 13.10 have been abandoned.
 * Introduced a new command, `passenger-config build-native-support`, for
   ensuring that the native_support library for the current Ruby interpreter
   is built. This is useful in system provisioning scripts.
 * For security reasons, friendly error pages (those black/purple pages that 
   the error message, backtrace and environment variable dump when an 
   fails to start) are now disabled by default when the application environment 
   set to 'staging' or 'production'. Fixes issue #1063.
 * Fixed some compilation warnings on Ubuntu 14.04.
 * Fixed some compatibility problems with Rake 10.2.0 and later.
   See [Rake issue 274](
 * Improved error handling in [Union Station](
 * Data is now sent to Union Station on a more frequent basis, in order to make 
   data show up more quickly.
 * Information about the code revision is now sent to Union Station, which will 
   used in the upcoming deployment tracking feature in Union Station 2.

Release 4.0.41

 * Fixed some issues with printing UTF-8 log files on Heroku.
 * Added a new flag `--ignore-app-not-running` to `passenger-config 
   When this flag is given, `passenger-config restart-app` will exit 
   when the specified application is not running, instead of exiting with
   an error.
 * Our precompiled Passenger Standalone binaries have been upgraded to use
   OpenSSL 1.0.1g, which fixes the OpenSSL Heartbleed vulnerability.
   Users who are using Passenger Standalone with SSL enabled are vulnerable,
   and should upgrade immediately. Users who do not use Passenger Standalone,
   users who use Passenger Standalone without SSL, or users who use Passenger
   Standalone with SSL behind another SSL-enabled reverse proxy, are not

Release 4.0.40

 * Upgraded preferred Nginx version to 1.4.7. This Nginx version fixes
   a buffer overflow. Users are strongly urged to upgrade Nginx as soon
   as possible.

Release 4.0.39

 * Fixed a crash that could happen if the client disconnects while a chunked
   response is being sent. Fixes issue #1062.
 * In Phusion Passenger Standalone, it is now possible to customize the Nginx
   configuration file on Heroku. It is now also possible to permanently apply
   changes to the Nginx configuration file, surviving upgrades. Please refer
   to the "Advanced configuration" section of the Phusion Passenger Standalone
   manual for more information.
 * The programming language selection menu in passenger-install-apache2-module
   and passenger-install-nginx-module only works on terminals that support
   UTF-8 and that have a UTF-8 capable font. To cater to users who cannot meet
   these requirements (e.g. PuTTY users using any of the default Windows fonts),
   it is now possible to switch the menu to a plain text mode by pressing '!'.
   Fixes issue #1066.
 * Fixed printing UTF-8 characters in log files in Phusion Passenger Standalone.
 * It is now possible to dump live backtraces of Python apps through the
   'SIGABRT' signal.
 * Fixed closing of file descriptors on OS X 10.9.
 * Fixed compilation problems with Apple Clang 503.0.38 on OS X.
 * Fixed compilation of native_support on Rubinius.

Release 4.0.38

 * Added support for the new Ruby 2.1.0 out-of-band garbage collector.
   This can much improve garbage collection performance, and drastically
   reduce request times.
 * Fixed a symlink-related security vulnerability.

   Urgency: low
   Scope: local exploit
   Summary: writing files to arbitrary directory by hijacking temp directories
   Affected versions: 4.0.37
   Fixed versions: 4.0.38

   This issue is related to CVE-2014-1831 (the security issue as mentioned in
   the 4.0.37 release notes). The previous fix was incomplete, and still has a
   (albeit smaller) small attack time window in between two filesystem
   checks. This attack window is now gone.
 * Passenger Standalone is now compatible with IPv6.
 * Fixed some compilation problems on Solaris. See issue #1047.
 * passenger-install-apache2-module and passenger-install-nginx-module
   now automatically run in `--auto` mode if stdin is not a TTY. Fixes
   issue #1030.
 * Fixed an issue with non-bundled Meteor apps not correctly running in
   production mode.
 * The `PassengerPreStart` option is now compatible with IPv6 server sockets.
 * When running Python WSGI apps, `wsgi.run_once` is now set to False.
   This should improve the performance of certain apps and frameworks.
 * When handling HTTP requests with chunked transfer encoding, the
   'Transfer-Encoding' header is no longer passed to the application.
   This is because the web server already buffers and dechunks the
   request body.
 * Fixed a possible hang in Phusion Passenger for Nginx when Nginx
   is instructed to reload or reopen log files. Thanks to Feng Gu,
   [pull request #97](
 * The preferred Nginx version has been upgraded to 1.4.6.
 * Fixed a problem with running passenger-install-apache2-module and
   passenger-install-nginx-module on JRuby. They were not able to accept
   any terminal input after displaying the programming language menu.

Release 4.0.37

 * Improved Node.js compatibility. Calling on() on the request object
   now returns the request object itself. This fixes some issues with
   Express, Connect and Formidable. Furthermore, some WebSocket-related
   issues have been fixed.
 * Improved Meteor support. Meteor application processes are now shut down
   quicker. Previously, they linger around for 5 seconds while waiting for
   all connections to terminate, but that didn't work well because WebSocket
   connections were kept open indefinitely. Also, some WebSocket-related
   issues have been fixed.
 * Introduced a new tool `passenger-config detach-process` for gracefully
   detaching an application process from the process pool. Has a similar
   effect to killing the application process directly with `kill <PID>`,
   but killing directly may cause the HTTP client to see an error, while
   using this command guarantees that clients see no errors.
 * Fixed a crash that occurs when an application fails to spawn, but the HTTP
   client disconnects before the error page is generated. Fixes issue #1028.
 * Fixed a symlink-related security vulnerability.

   Urgency: low
   Scope: local exploit
   Summary: writing files to arbitrary directory by hijacking temp directories
   Affected versions: 4.0.5 and later
   Fixed versions: 4.0.37

   Phusion Passenger creates a "server instance directory" in /tmp during 
   which is a temporary directory that Phusion Passenger uses to store working 
   This directory is deleted after Phusion Passenger exits. For various 
   reasons, this directory must have a semi-predictable filename. If a local 
   can predict this filename, and precreates a symlink with the same filename 
   points to an arbitrary directory with mode 755, owner root and group root, 
   the attacker will succeed in making Phusion Passenger write files and create
   subdirectories inside that target directory. The following 
   are created:

    * generation-X, where X is a number.

   If you happen to have a file inside the target directory called 
   then that file's contents are overwritten.

   These files and directories are deleted during Phusion Passenger exit. The 
   directory itself is not deleted, nor are any other contents inside the target
   directory, although the symlink is.

   Thanks go to Jakub Wilk for discovering this issue.

Release 4.0.36

 * [Enterprise] Fixed some Mass Deployment bugs.
 * [Enterprise] Fixed a bug that causes an application group to be put into
   Deployment Error Resistance Mode if rolling restarting fails while
   deployment error resistance is off. Deployment Error Resistance Mode is
   now only activated if it's explicitly turned on.
 * Passenger Standalone now gzips JSON responses.
 * Fixed some cases in which Passenger Standalone does not to properly cleanup
   its temporary files.

Release 4.0.35

 * Fixed some unit tests.

Release 4.0.34

 * The Node.js loader code now sets the `isApplicationLoader` attribute on the
   bootstrapping module. This provides a way for apps and frameworks that check
   for `module.parent` to check whether the current file is loaded by Phusion
   Passenger, or by other software that work in a similar way.

   This change has been introduced to solve a compatibility issue with 
   CompoundJS users should modify their server.js, and change the following:

       if (!module.parent) {


       if (!module.parent || module.parent.isApplicationLoader) {

 * Improved support for Meteor in development mode. Terminating Phusion 
   now leaves less garbage Meteor processes behind.
 * It is now possible to disable the usage of the Ruby native extension by 
   the environment variable `PASSENGER_USE_RUBY_NATIVE_SUPPORT=0`.
 * Fixed incorrect detection of the Apache MPM on Ubuntu 13.10.
 * When using RVM, if you set PassengerRuby/passenger_ruby to the raw Ruby 
   instead of the wrapper script, Phusion Passenger will now print an error.
 * Added support for RVM >= 1.25 wrapper scripts.
 * Fixed loading passenger_native_support on Ruby 1.9.2.
 * The Union Station analytics code now works even without native_support.
 * Fixed `passenger-install-apache2-module` and 
`passenger-install-nginx-module` in
 * Binaries are now downloaded from an Amazon S3 mirror if the main binary 
   is unavailable.
 * And finally, although this isn't really a change in 4.0.34, it should be 
   In version 4.0.33 we changed the way Phusion Passenger's own Ruby source 
   are loaded, in order to fix some Debian and RPM packaging issues. The 
   doesn't work anymore:

       require 'phusion_passenger/foo'

   Instead, it should become:

       PhusionPassenger.require_passenger_lib 'foo'

   However, we overlooked the fact that this change breaks Ruby apps which use
   our Out-of-Band GC feature, because such apps had to call
   `require 'phusion_passenger/rack/out_of_band_gc'`. Unfortunately we're not 
   to maintain compatibility without reintroducing the Debian and RPM packaging
   issues. Users should modify the following:

       require 'phusion_passenger/rack/out_of_band_gc'


       if PhusionPassenger.respond_to?(:require_passenger_lib)
         # Phusion Passenger >= 4.0.33
         PhusionPassenger.require_passenger_lib 'rack/out_of_band_gc'
         # Phusion Passenger < 4.0.33
         require 'phusion_passenger/rack/out_of_band_gc'

Release 4.0.33

 * Fixed a compatibility problem in passenger-install-apache2-module with Ruby 
   The language selection menu didn't work properly.

Release 4.0.32

 * Fixed compatibility problems with old Ruby versions that didn't include 

Release 4.0.31

 * Introduced a new tool: `passenger-config restart-app`. With this command you
   can initiate an application restart without touching restart.txt.
   Unlike touching restart.txt, this tool initiates the restart immediately
   instead of on the next request.
 * Fixed some problems in process spawning and request handling.
 * Fixed some problems with the handling of HTTP chunked transfer encoding
   bodies. These problems only occurred in Ruby.
 * Fixed the HelperAgent, upon shutdown, not correctly waiting 5 seconds until
   all clients have disconnected. Fixes issue #884.
 * Fixed compilation problems on FreeBSD.
 * Fixed some C++ strict aliasing problems.
 * Fixed some problems with spawning applications that print messages without
   newline during startup. Fixes issue #1039.
 * Fixed potential hangs on JRuby when Ctrl-C is used to shutdown the server.
   Fixes issue #1035.
 * When Phusion Passenger is installed through the Debian package,
   passenger-install-apache2-module now checks whether the Apache
   module package (libapache2-mod-passenger) is properly installed,
   and installs it using apt-get if it's not installed. Fixes
   issue #1031.
 * The `passenger-status --show=xml` command no longer prints the non-XML
   preamble, such as the version number and the time. Fixes issue #1037.
 * The Ruby native extension check whether it's loaded against the right Ruby
   version, to prevent problems when people upgrade Ruby without recompiling
   their native extensions.
 * Various other minor Debian packaging improvements.

Release 4.0.30

 * Fixed wrong autogeneration of HTTP Date header. If the web app does
   not supply a Date header, then Passenger will add one. Unfortunately
   due to the use of the wrong format string, December 30 2013 is
   formatted as December 30 2014. As a result, cookies that expire before
   2014 would expire on December 30 2013 and December 31 2013. Details can
   be found at [Github pull request 

   This issue only affects Phusion Passenger for Nginx and Phusion Passenger
   Standalone, and does not affect Phusion Passenger for Apache.

   You can work around this problem in your application by setting a
   Date header. For example, in Rails you can do:

       before_filter { = }

   Many thanks to Jeff Michael Dean (zilkey) and many others for bringing this 
to our attention and for providing workarounds and feedback.

Release 4.0.29

 * Fixed a compilation problem on OS X Mavericks.

Release 4.0.28

 * Introduced a workaround for a GCC 4.6 bug. This bug could cause Phusion
   Passsenger to crash during startup. Affected operating systems include
   Ubuntu 12.04 and Amazon Linux 2013.09.01, though not every machine with
   this OS installed exhibits the problem. See issue #902.
 * Improved Node.js support: the Sails framework is now supported.
 * Improved Node.js support: the streams2 API is now supported.
 * Introduced support for hooks, allowing users to easily extend Phusion
   Passenger's behavior.
 * Fixed a bug in the `passenger start -R` option. It was broken because of a
   change introduced in 4.0.25.
 * Fixed a bug in PassengerMaxInstancesPerApp. Fixes issue #1016.
 * Fixed compilation problems on Solaris.
 * Fixed an encoding problem in the Apache autodetection code. Fixes
   issue #1026.
 * The Debian packages no longer depend on libruby.
 * Application stdout and stderr are now printed without normal
   Phusion Passenger debugging information, making them easier to read.

Release 4.0.27

 * [Apache] Fixed a bug in the Apache module which could lock up the Apache
   process or thread. This is a regression introduced in version 4.0.24.
 * Node.js application processes now have friendly process titles.

Release 4.0.26

 * Introduced the `PassengerBufferUpload` option for Apache. This option allows 
   to disable upload buffering, e.g. in order to be able to track upload 
 * [Nginx] The `HTTPS` variable is now set correctly for HTTPS connections, even
   without setting `ssl on`. Fixes issue #401.
 * [Standalone] It is now possible to listen on both a normal HTTP and an HTTPS 
 * [Enterprise] The `passenger-status` tool now displays rolling restart status.

Release 4.0.25

 * The `PassengerAppEnv`/`passenger_app_env`/`--environment` option now also 
sets NODE_ENV,
   so that Node.js frameworks like Connect can properly respond to the 
 * Fixed a bug in our Debian/Ubuntu packages causing 
   not to be able to compile Nginx.
 * Arbitrary Node.js application structures are now supported.
 * [Nginx] Introduced the `passenger_restart_dir` option.
 * [Nginx] Upgraded preferred Nginx version to 1.4.4 because of CVE-2013-4547.

Release 4.0.24

 * Introduced the `PassengerNodejs` (Apache) and `passenger_nodejs` (Nginx)
   configuration options.
 * [Apache] Introduced the `PassengerErrorOverride` option, so that HTTP error
   responses generated by applications can be intercepted by Apache and 
   using the `ErrorDocument` directive.
 * [Standalone] It is now possible to specify some configuration options in
   a configuration file `passenger-standalone.json`. When Passenger Standalone
   is used in Mass Deployment mode, this configuration file can be used to 
   settings on a per-application basis.
 * [Enterprise] Fixed a potential crash when a rolling restart is triggered
   while a process is already shutting down.
 * [Enterprise] Fixed Mass Deployment support for Node.js and Meteor.

Release 4.0.23

 * Fixed compilation problems on GCC 4.8.2 (e.g. Arch Linux 2013-10-27).
 * Fixed a compatibility problem with Solaris /usr/ccs/bin/make: issue #999.
 * Support for the Meteor Javascript framework has been open sourced.

Release 4.0.22

 * [Enterprised] Fixed compilation problems on OS X Mavericks.

Release 4.0.21

 * [Nginx] Upgraded the preferred Nginx version to 1.4.3.
 * Node.js support has been open sourced.
 * Prelimenary OS X Mavericks support.
 * Work around an Apache packaging bug in CentOS 5.
 * Various user friendliness improvements in the documentation and the
 * Fixed a bug in the always_restart.txt support. Phusion Passenger was
   looking for it in the wrong directory.
 * Many Solaris and Sun Studio compatibility fixes. Special thanks to
   "mark" for his extensive assistance.
 * [Standalone] The --temp-dir command line option has been introduced.

Release 4.0.20

 * Fixed a bug in Phusion Passenger Standalone's daemon mode. When in daemon
   mode, the Nginx temporary directory was deleted prematurely, causing some
   POST requests to fail. This was a regression that was introduced in 4.0.15
   as part of an optimization.
 * Fixed compilation problems on Solaris 10 with Sun Studio 12.3.
 * Improved detection of RVM problems.
 * It is now possible to log the request method to Union Station.
 * Introduced a new option, `PassengerLoadShellEnvvars` (Apache) and
   `passenger_load_shell_envvars` (Nginx). This allows enabling or disabling
   the loading of bashrc before spawning the application.
 * [Enterprise] Fixed a packaging problem which caused the flying-passenger
   executable not to be properly included in the bin path.
 * [Enterprise] Fixed a race condition which sometimes causes the Flying
   Passenger socket to be deleted after a restart. Fixes issue #939.
 * [Enterprise] The `byebug` gem is now supported for debugging on Ruby 2.0.
   The byebug gem requires a patch before this works:

Release 4.0.19

 * Fixed a problem with response buffering. Application processes are now
   properly marked available for request processing immediately after they're
   done sending the response, instead of after having sent the entire response
   to the client.
 * The "processed" counter in `passenger-status` is now bumped after the process
   has handled a request, not at the beginning.
 * [Enterprise] Fixed an off-by-one bug in the `passenger_max_processes` 

Release 4.0.18

 * The Enterprise variant of Phusion Passenger Standalone now supports
   customizing the concurrency model and thread count from the command line.
 * On Nginx, the Enterprise license is now only checked if Phusion Passenger
   is enabled in Nginx. This allows you to deploy Nginx binaries, that have
   Phusion Passenger Enterprise compiled in, to servers that are not
   actually running Phusion Passenger Enterprise.
 * Fixed a performance bug in the Union Station support code. In certain cases
   where a lot of data must be sent to Union Station, the code is now over
   100 times faster.
 * `passenger-status --show=union_station` now displays all clients that
   are connected to the LoggingAgent.
 * Added a workaround for Heroku so that exited processes are properly detected
   as such.
 * When using Phusion Passenger Standalone with Foreman, pressing Ctrl-C
   in Foreman no longer results in runaway Nginx processes.
 * Fixed backtraces in the Apache module.

Release 4.0.17

 * Fixed compilation problems on GCC 4.8 systems, such as Arch Linux 2013.04.
   Fixes issue #941.
 * Fixed some deprecation warnings when compiling the Ruby native extension
   on Ruby 2.0.0.
 * Fixed some Union Station-related stability issues.

Release 4.0.16

 * Allow Phusion Passenger to work properly on systems where the user's GID
   does not have a proper entry in /etc/group, such as Heroku.

Release 4.0.15

 * Out-of-band work has been much improved. The number of processes which
   may perform out-of-band work concurrently has been limited to 1.
   Furthermore, processes which are performing out-of-band work are now
   included in the max pool size constraint calculation. However, this
   means that in order to use out-of-band work, you need to have at least
   2 application processes running. Out-of-band work will never be triggered
   if you just have 1 process. Partially fixes issue #892.
 * Phusion Passenger now displays an error message to clients if too many
   requests are queued up. By default, "too many" is 100. You may customize
   this with `PassengerMaxRequestQueueSize` (Apache) or
   `passenger_max_request_queue_size` (Nginx).
 * A new configuration option, `PassengerStartTimeout` (Apache) and
   `passenger_start_timeout` (Nginx), has been added. This option allows you
   to specify a timeout for application startup. The startup timeout has exited
   since version 4.0.0, but before version 4.0.15 it was hardcoded at a value
   of 90 seconds. Now it is customizable. Fixes issue #936.
 * [Enterprise] The `PassengerMaxRequestTime`/`passenger_max_request_time`
   feature is now available for Python and Node.js as well, and is no longer
   limited to just Ruby. Fixes issue #938.
 * [Nginx] Introduced a configuration option `passenger_intercept_errors`,
   which decides if Nginx will intercept responses with HTTP status codes of
   400 and higher. Its effect is similar to `proxy_intercept_errors`.
 * [Standalone] Memory usage optimization: when `passenger start` is run with
   `--daemonize`, the frontend exits after starting the Nginx core. This saves
   ~20 MB of memory per `passenger start` instance.
 * [Standalone] Phusion Passenger Standalone is now also packaged in the
   Debian packages.
 * [Standalone] Fix a problem with the `passenger stop` command on Ruby 1.8.7.
   The 'thread' library was not properly required, causing a crash.
 * [Standalone] There is now builtin support for SSL.
 * Fix a crash when multiple `passenger_pass_header` directives are set.
   Fixes issue #934.
 * Permissions on the server instance directory are now explicitly set
   with chmod, so that permissions are correct on systems with a non-default
   umask. Fixes issue #928.
 * Fix permission problems when running `passenger start` with `--user`.
 * `passenger-config --detect-apache2` now correctly detects the eror log
   filename on Amazon Linux. Fixes issue #933.
 * An environment variable `PASSENGER_THREAD_LOCAL_STORAGE` has been added
   to the build system for forcefully disabling the use of thread-local
   storage within the Phusion Passenger codebase. This flag useful on systems
   that have broken support for thread-local storage, despite passing our build
   system's check for proper thread-local storage support. At the time of
   writing, one user has reported that Ubuntu 12.04 32-bit has broken
   thread-local storage report although neither the reporter nor us were able
   to reproduce the problem on any other systems running Ubuntu 12.04 32-bit.
   Note that this flag has no effect on non-Phusion Passenger code. Fixes
   issue #937.
 * It is now possible to preprocess events before they are sent to Union
   Station. This is useful for removing confidential data as demonstrated in
   this example `config/initializers/passenger.rb` file:

       if defined?(PhusionPassenger)
           event_preprocessor = lambda do |e|
               e.payload[:sql].gsub!("secret","PASSWORD") if e.payload[:sql]
=> event_preprocessor)

To generate a diff of this commit:
cvs -z3 rdiff -u -r1.1 -r0 \
cvs -z3 rdiff -u -r1.1 -r1.2 \
    wip/ruby-passenger/patches/patch-build_common__library.rb \
cvs -z3 rdiff -u -r1.2 -r1.3 \
    wip/ruby-passenger/patches/patch-build__agents.rb \
    wip/ruby-passenger/patches/patch-build__packaging.rb \
cvs -z3 rdiff -u -r1.5 -r1.6 wip/ruby-passenger/Makefile \
cvs -z3 rdiff -u -r1.6 -r1.7 wip/ruby-passenger/PLIST
cvs -z3 rdiff -u -r1.8 -r1.9 wip/ruby-passenger/Makefile.common

To view a diff of this commit:

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Is your legacy SCM system holding you back? Join Perforce May 7 to find out:
&#149; 3 signs your SCM is hindering your productivity
&#149; Requirements for releasing software faster
&#149; Expert tips and advice for migrating your SCM now
pkgsrc-wip-cvs mailing list

Home | Main Index | Thread Index | Old Index