Package: passenger / 5.0.30-1.2+deb11u1

Metadata

Package Version Patches format
passenger 5.0.30-1.2+deb11u1 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
fix_install_path.patch | (download)

build/packaging.rb | 4 2 + 2 - 0 !
1 file changed, 2 insertions(+), 2 deletions(-)

 
 install in vendor_ruby directory and install common files in non-versioned path
bin_load_path.patch | (download)

bin/passenger | 6 0 + 6 - 0 !
bin/passenger-config | 6 0 + 6 - 0 !
bin/passenger-install-apache2-module | 6 0 + 6 - 0 !
bin/passenger-install-nginx-module | 6 0 + 6 - 0 !
bin/passenger-memory-stats | 6 0 + 6 - 0 !
bin/passenger-status | 6 0 + 6 - 0 !
6 files changed, 36 deletions(-)

 
 do not mess with load_path in bin/* files
nodejs_bin_name.patch | (download)

src/cxx_supportlib/Constants.h | 2 1 + 1 - 0 !
src/ruby_supportlib/phusion_passenger/constants.rb | 2 1 + 1 - 0 !
2 files changed, 2 insertions(+), 2 deletions(-)

 
 the node.js binary is called nodejs in debian.
CVE 2017 16355.patch | (download)

src/agent/Core/SpawningKit/Spawner.h | 44 0 + 44 - 0 !
1 file changed, 44 deletions(-)

 
 arbitrary file read via revision symlink
Fix privilege escalation in the Nginx module.patch | (download)

src/nginx_module/ngx_http_passenger_module.c | 10 5 + 5 - 0 !
1 file changed, 5 insertions(+), 5 deletions(-)

 
 fix privilege escalation in the nginx module
fix arm cmsg.patch | (download)

src/cxx_supportlib/Utils/IOUtils.cpp | 18 12 + 6 - 0 !
1 file changed, 12 insertions(+), 6 deletions(-)

 
 fix the cmsg related ftbfs on debian arm* and raspbian
 The CMSG code has two codepaths, the "workaround" code path which upstream
 currently uses on OS X, Solaris and all arm systems and the "main" codepath
 used everywhere else.
 .
 Unfortunately the "workaround" codepath no longer builds on Debian, presumbally
 due to changes in glibc. 
 .
 I do not know for sure, but I belive that the problem that the developers were
 trying to solve when they made arm systems use the "workaround" codepath was an
 alignment issue. The "main" codepath used a char array as a buffer which is not
 alignment safe.
 .
 This patch changes the "main" codepath to use a union for the buffer as
 used in the example in current versions of the cmsg manpage and changes the
 conditional defines so that arm Linux systems no longer use the "workaround"
 codepath.
python3.diff | (download)

src/cxx_supportlib/Constants.h | 2 1 + 1 - 0 !
src/ruby_supportlib/phusion_passenger/constants.rb | 2 1 + 1 - 0 !
2 files changed, 2 insertions(+), 2 deletions(-)

 
---
0008 node loader.js drop usage of deprecated GLOBAL varia.patch | (download)

src/helper-scripts/node-loader.js | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 
 node-loader.js: drop usage of deprecated global variable

This enables running NodeJS apps in passenger using a newer NodeJS than
the one in Debian bullseye. Even in the NodeJS version in stable,
`GLOBAL` is already deprecated in favor or `global`, and using the
former gets you a warning. Newer NodeJS versions drop `GLOBAL`
completely, so passenger doesn't work at all with those.

Bug-Vendor: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1025220