Hello community,
here is the log from the commit of package rubygem-serverengine for
openSUSE:Factory checked in at 2018-12-04 20:57:15
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/rubygem-serverengine (Old)
and /work/SRC/openSUSE:Factory/.rubygem-serverengine.new.19453 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "rubygem-serverengine"
Tue Dec 4 20:57:15 2018 rev:5 rq:653712 version:2.1.0
Changes:
--------
---
/work/SRC/openSUSE:Factory/rubygem-serverengine/rubygem-serverengine.changes
2018-07-12 09:21:23.310605119 +0200
+++
/work/SRC/openSUSE:Factory/.rubygem-serverengine.new.19453/rubygem-serverengine.changes
2018-12-04 20:57:15.832657486 +0100
@@ -1,0 +2,10 @@
+Thu Nov 22 05:36:46 UTC 2018 - Stephan Kulow <[email protected]>
+
+- updated to version 2.1.0
+ see installed Changelog
+
+ 2018-11-14 version 2.1.0:
+
+ * Improve socket manager security
+
+-------------------------------------------------------------------
Old:
----
serverengine-2.0.7.gem
New:
----
serverengine-2.1.0.gem
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ rubygem-serverengine.spec ++++++
--- /var/tmp/diff_new_pack.2K5d4X/_old 2018-12-04 20:57:16.364656900 +0100
+++ /var/tmp/diff_new_pack.2K5d4X/_new 2018-12-04 20:57:16.364656900 +0100
@@ -12,7 +12,7 @@
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
-# Please submit bugfixes or comments via http://bugs.opensuse.org/
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
@@ -24,7 +24,7 @@
#
Name: rubygem-serverengine
-Version: 2.0.7
+Version: 2.1.0
Release: 0
%define mod_name serverengine
%define mod_full_name %{mod_name}-%{version}
++++++ serverengine-2.0.7.gem -> serverengine-2.1.0.gem ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/.travis.yml new/.travis.yml
--- old/.travis.yml 2018-07-10 16:50:05.000000000 +0200
+++ new/.travis.yml 2018-11-15 08:26:15.000000000 +0100
@@ -2,9 +2,10 @@
rvm:
- 2.1.10
- - 2.2.6
- - 2.3.3
- - 2.4.0
+ - 2.2.9
+ - 2.3.8
+ - 2.4.5
+ - 2.5.3
- ruby-head
branches:
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Changelog new/Changelog
--- old/Changelog 2018-07-10 16:50:05.000000000 +0200
+++ new/Changelog 2018-11-15 08:26:15.000000000 +0100
@@ -1,3 +1,7 @@
+2018-11-14 version 2.1.0:
+
+* Improve socket manager security
+
2018-07-09 version 2.0.7:
* Add disable_sigdump option
Binary files old/checksums.yaml.gz and new/checksums.yaml.gz differ
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/lib/serverengine/process_manager.rb
new/lib/serverengine/process_manager.rb
--- old/lib/serverengine/process_manager.rb 2018-07-10 16:50:05.000000000
+0200
+++ new/lib/serverengine/process_manager.rb 2018-11-15 08:26:15.000000000
+0100
@@ -16,6 +16,7 @@
# limitations under the License.
#
require 'fcntl'
+require 'serverengine/socket_manager'
module ServerEngine
@@ -185,6 +186,7 @@
@command_sender_pipe.binmode
options[:in] = inpipe
end
+ env['SERVERENGINE_SOCKETMANAGER_INTERNAL_TOKEN'] =
SocketManager::INTERNAL_TOKEN
pid = Process.spawn(env, *args, options)
if @command_sender == "pipe"
inpipe.close
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/lib/serverengine/socket_manager.rb
new/lib/serverengine/socket_manager.rb
--- old/lib/serverengine/socket_manager.rb 2018-07-10 16:50:05.000000000
+0200
+++ new/lib/serverengine/socket_manager.rb 2018-11-15 08:26:15.000000000
+0100
@@ -18,9 +18,18 @@
require 'socket'
require 'ipaddr'
require 'time'
+require 'securerandom'
+require 'json'
+require 'base64'
module ServerEngine
module SocketManager
+ # This token is used for communication between peers. If token is
mismatched, messages will be discarded
+ INTERNAL_TOKEN = if
ENV.has_key?('SERVERENGINE_SOCKETMANAGER_INTERNAL_TOKEN')
+ ENV['SERVERENGINE_SOCKETMANAGER_INTERNAL_TOKEN']
+ else
+ SecureRandom.hex
+ end
class Client
def initialize(path)
@@ -154,7 +163,8 @@
end
def self.send_peer(peer, obj)
- data = Marshal.dump(obj)
+ data = [SocketManager::INTERNAL_TOKEN,
Base64.strict_encode64(Marshal.dump(obj))]
+ data = JSON.generate(data)
peer.write [data.bytesize].pack('N')
peer.write data
end
@@ -165,7 +175,10 @@
len = res.unpack('N').first
data = peer.read(len)
- Marshal.load(data)
+ data = JSON.parse(data)
+ return nil if SocketManager::INTERNAL_TOKEN != data.first
+
+ Marshal.load(Base64.strict_decode64(data.last))
end
if ServerEngine.windows?
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/lib/serverengine/socket_manager_unix.rb
new/lib/serverengine/socket_manager_unix.rb
--- old/lib/serverengine/socket_manager_unix.rb 2018-07-10 16:50:05.000000000
+0200
+++ new/lib/serverengine/socket_manager_unix.rb 2018-11-15 08:26:15.000000000
+0100
@@ -70,7 +70,12 @@
# when client changed working directory
path = File.expand_path(path)
- @server = UNIXServer.new(path)
+ begin
+ old_umask = File.umask(0077) # Protect unix socket from other users
+ @server = UNIXServer.new(path)
+ ensure
+ File.umask(old_umask)
+ end
@thread = Thread.new do
begin
@@ -96,7 +101,14 @@
end
def send_socket(peer, pid, method, bind, port)
- sock = send(method, bind, port) # calls listen_tcp or listen_udp
+ sock = case method
+ when :listen_tcp
+ listen_tcp(bind, port)
+ when :listen_udp
+ listen_udp(bind, port)
+ else
+ raise ArgumentError, "Unknown method: #{method.inspect}"
+ end
SocketManager.send_peer(peer, nil)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/lib/serverengine/version.rb
new/lib/serverengine/version.rb
--- old/lib/serverengine/version.rb 2018-07-10 16:50:05.000000000 +0200
+++ new/lib/serverengine/version.rb 2018-11-15 08:26:15.000000000 +0100
@@ -1,3 +1,3 @@
module ServerEngine
- VERSION = "2.0.7"
+ VERSION = "2.1.0"
end
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/metadata new/metadata
--- old/metadata 2018-07-10 16:50:05.000000000 +0200
+++ new/metadata 2018-11-15 08:26:15.000000000 +0100
@@ -1,14 +1,14 @@
--- !ruby/object:Gem::Specification
name: serverengine
version: !ruby/object:Gem::Version
- version: 2.0.7
+ version: 2.1.0
platform: ruby
authors:
- Sadayuki Furuhashi
autorequire:
bindir: bin
cert_chain: []
-date: 2018-07-10 00:00:00.000000000 Z
+date: 2018-11-15 00:00:00.000000000 Z
dependencies:
- !ruby/object:Gem::Dependency
name: sigdump
@@ -154,7 +154,7 @@
version: '0'
requirements: []
rubyforge_project:
-rubygems_version: 2.7.6
+rubygems_version: 2.6.14.1
signing_key:
specification_version: 4
summary: ServerEngine - multiprocess server framework
