--- passenger-2.2.11debian.orig/debian/passenger.conf
+++ passenger-2.2.11debian/debian/passenger.conf
@@ -0,0 +1,4 @@
+
+ PassengerRoot /usr
+ PassengerRuby /usr/bin/ruby
+
--- passenger-2.2.11debian.orig/debian/docs
+++ passenger-2.2.11debian/debian/docs
@@ -0,0 +1,3 @@
+DEVELOPERS.TXT
+README
+debian/README.Debian
--- passenger-2.2.11debian.orig/debian/rules
+++ passenger-2.2.11debian/debian/rules
@@ -0,0 +1,37 @@
+#!/usr/bin/make -f
+
+include /usr/share/cdbs/1/rules/debhelper.mk
+
+DEB_DH_INSTALL_SOURCEDIR := $(DEB_DESTDIR)
+DEB_INSTALL_DOCS_passenger-doc += DEVELOPERS.TXT $(DEB_DESTDIR)/usr/share/doc/phusion_passenger/
+DEB_INSTALL_MANPAGES_libapache2-mod-passenger += man/*
+
+bindir = usr/bin
+sbindir = usr/sbin
+builddir = pkg/fakeroot
+moddir = usr/lib/apache2/modules
+modsavailabledir = etc/apache2/mods-available
+passengermodule = usr/lib/phusion_passenger/mod_passenger.so
+admintools = passenger-memory-stats passenger-make-enterprisey passenger-status passenger-config passenger-stress-test
+
+clean::
+ rake clean
+ rake clobber
+
+build/libapache2-mod-passenger build/passenger-doc::
+ rake fakeroot
+ mv $(builddir) $(DEB_DESTDIR)
+
+binary-install/libapache2-mod-passenger::
+ mkdir -p $(CURDIR)/debian/$(cdbs_curpkg)/$(modsavailabledir)
+ mkdir -p $(CURDIR)/debian/$(cdbs_curpkg)/$(moddir)
+ mkdir -p $(CURDIR)/debian/$(cdbs_curpkg)/$(sbindir)
+ mv $(CURDIR)/debian/$(cdbs_curpkg)/$(passengermodule) $(CURDIR)/debian/$(cdbs_curpkg)/$(moddir)
+ rm $(CURDIR)/debian/$(cdbs_curpkg)/$(bindir)/passenger-install-apache2-module
+ rm $(CURDIR)/debian/$(cdbs_curpkg)/$(bindir)/passenger-install-nginx-module
+ for admintool in $(admintools); do \
+ mv $(CURDIR)/debian/$(cdbs_curpkg)/$(bindir)/$$admintool $(CURDIR)/debian/$(cdbs_curpkg)/$(sbindir); \
+ done;
+
+get-orig-source:
+ uscan --verbose --force-download
--- passenger-2.2.11debian.orig/debian/repack.sh
+++ passenger-2.2.11debian/debian/repack.sh
@@ -0,0 +1,47 @@
+#!/bin/sh
+# Repackage upstream source to exclude non-distributable files
+# should be called as "repack.sh --upstream-source
+# (for example, via uscan)
+
+set -e
+set -u
+
+VER="$2debian"
+FILE="$3"
+PKG=`dpkg-parsechangelog|grep ^Source:|sed 's/^Source: //'`
+
+REPACK_DIR="$PKG-$VER.orig" # DevRef § 6.7.8.2
+
+echo -e "\nRepackaging $FILE\n"
+
+DIR=`mktemp -d ./tmpRepackXXXXXX`
+trap "rm -rf \"$DIR\"" QUIT INT EXIT
+
+# Create an extra directory to cope with rootless tarballs
+UP_BASE="$DIR/unpack"
+mkdir "$UP_BASE"
+tar xzf "$FILE" -C "$UP_BASE"
+
+if [ `ls -1 "$UP_BASE" | wc -l` -eq 1 ]; then
+ # Tarball does contain a root directory
+ UP_BASE="$UP_BASE/`ls -1 "$UP_BASE"`"
+fi
+
+## Remove stuff
+rm -vfr $UP_BASE/test/support/valgrind.h
+rm -vfr $UP_BASE/debian
+
+# remove embedded prototype.js (#555273)
+rm -vfr $UP_BASE/test/stub/rails_apps/mycook/public/javascripts/prototype.js
+ln -s /usr/share/javascript/prototype/prototype.js $UP_BASE/test/stub/rails_apps/mycook/public/javascripts
+## End
+
+mv "$UP_BASE" "$DIR/$REPACK_DIR"
+
+# Using a pipe hides tar errors!
+tar cfC "$DIR/repacked.tar" "$DIR" "$REPACK_DIR"
+gzip -9 < "$DIR/repacked.tar" > "$DIR/repacked.tar.gz"
+FILE="../${PKG}_${VER}.orig.tar.gz"
+mv "$DIR/repacked.tar.gz" "$FILE"
+
+echo "*** $FILE repackaged"
--- passenger-2.2.11debian.orig/debian/copyright
+++ passenger-2.2.11debian/debian/copyright
@@ -0,0 +1,385 @@
+This package was debianized by Leandro Nunes dos Santos on
+Mon, 29 Sep 2008 19:36:41 -0300.
+
+It incorporates packaging work done by Neil Wilson
+
+Some further refined packaging work was done by David Moreno and
+Micah Anderson .
+
+It was downloaded from http://www.modrails.com/install.html
+
+Upstream Authors: Hongli Lai
+ Ninh Bui
+
+Copyright:
+
+ Copyright (C) 2008 Hongli Lai & Ninh Bui
+
+License:
+
+Phusion Passenger is licensed under the GNU General Public License (GPL)
+version 2, and *only* version 2 (i.e. not version 3 or any later versions).
+
+In addition to the GNU General Public License v2 licensing terms, we explicitly
+grand you the permission to run any application on top of Phusion Passenger,
+regardless of the application's own licensing terms. The application will not
+be bound to the terms of the GPL in any way. That is, the GPL only applies to
+Phusion Passenger itself, and not to applications that are run through Phusion
+Passenger.
+
+We also explicitly allow Apache to load the Phusion Passenger Apache module,
+without Apache or any other loaded modules needing to be released under the
+terms of the GPL.
+
+On Debian systems, the full text of the GNU General Public License can be
+found at /usr/share/common-licenses/GPL.
+
+
+This package also contains a modified version of Boost library:
+
+Copyright:
+
+The individual copyright and license statements generally appear in
+library headers, though a few appear in other files. For more detailed
+copyright information, see debian/copyright file from Debian boost package.
+
+License:
+
+Boost Software License - Version 1.0 - August 17th, 2003
+
+Permission is hereby granted, free of charge, to any person or organization
+obtaining a copy of the software and accompanying documentation covered by
+this license (the "Software") to use, reproduce, display, distribute,
+execute, and transmit the Software, and to prepare derivative works of the
+Software, and to permit third-parties to whom the Software is furnished to
+do so, all subject to the following:
+
+The copyright notices in the Software and this entire statement, including
+the above license grant, this restriction and the following disclaimer,
+must be included in all copies of the Software, in whole or in part, and
+all derivative works of the Software, unless such copies or derivative
+works are solely in the form of machine-executable object code generated by
+a source language processor.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NON-INFRINGEMENT. IN NO EVENT
+SHALL THE COPYRIGHT HOLDERS OR ANYONE DISTRIBUTING THE SOFTWARE BE LIABLE
+FOR ANY DAMAGES OR OTHER LIABILITY, WHETHER IN CONTRACT, TORT OR OTHERWISE,
+ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+DEALINGS IN THE SOFTWARE.
+
+The file lib/phusion_passenger/railz/cgi_fixed.rb license is as follows:
+
+# Copyright (c) 2004 Zed A. Shaw
+#
+# Permission is hereby granted, free of charge, to any person obtaining
+# a copy of this software and associated documentation files (the
+# "Software"), to deal in the Software without restriction, including
+# without limitation the rights to use, copy, modify, merge, publish,
+# distribute, sublicense, and/or sell copies of the Software, and to
+# permit persons to whom the Software is furnished to do so, subject to
+# the following conditions:
+#
+# The above copyright notice and this permission notice shall be
+# included in all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+All files under ext/oxt are licensed under the MIT license and are
+Copyright (c) 2008 Phusion:
+
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+
+Rack is also vendored with this version of Passenger under the following terms:
+
+Copyright (c) 2007, 2008, 2009 Christian Neukirchen
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to
+deal in the Software without restriction, including without limitation the
+rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
+sell copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+THE AUTHORS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
+IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+All files located under ext/common hold the same Copyright and license
+as the main Passenger source (Copyright (C) 2008 Hongli Lai & Ninh Bui
+and GPLv2 only), except where noted below:
+
+ext/common/Base65.[cpp,h] is Copyright (C) 2004-2008 René Nyffenegger:
+
+ * Modified by Phusion for inclusion in Phusion Passenger.
+ *
+ * This source code is provided 'as-is', without any express or implied
+ * warranty. In no event will the author be held liable for any damages
+ * arising from the use of this software.
+ *
+ * Permission is granted to anyone to use this software for any purpose,
+ * including commercial applications, and to alter it and redistribute it
+ * freely, subject to the following restrictions:
+ *
+ * 1. The origin of this source code must not be misrepresented; you must not
+ * claim that you wrote the original source code. If you use this source code
+ * in a product, an acknowledgment in the product documentation would be
+ * appreciated but is not required.
+ *
+ * 2. Altered source versions must be plainly marked as such, and must not be
+ * misrepresented as being the original source code.
+ *
+ * 3. This notice may not be removed or altered from any source distribution.
+ *
+ * René Nyffenegger rene.nyffenegger@adp-gmbh.ch
+ *
+ */
+---------------------------------------------------------------------------
+All files located under ext/apache2 hold the same Copyright and license
+as the main Passenger source (Copyright (C) 2008 Hongli Lai & Ninh Bui
+and GPLv2 only), except where noted below:
+
+A few functions in ext/apache2/Hooks.cpp are based on the source code of
+mod_scgi version 1.9. Its license is included in this file.
+Please note that these licensing terms *only* encompass those few
+functions, and not Passenger as a whole.
+
+The functions which are based on mod_scgi's code are as follows:
+- Hooks::prepareRequest(). Although our version looks nothing like the
+ original, the idea of checking for the file's existance from the
+ map_to_storage/fixups hook is inspired by mod_scgi's code.
+- Hooks::handleRequest(). Although our version looks nothing like the original,
+ the idea of passing the backend process's socket file descriptor up to the
+ bucket brigade chain is inspired by mod_scgi's code.
+- Hooks::http2env(), Hooks::lookupName(), Hooks::lookupHeader(),
+ Hooks::lookupEnv(), Hooks::addHeader(): Copied from mod_scgi's functions that
+ are named similarly. Slightly modified to make the coding style consistent
+ with the rest of Phusion Passenger.
+- Hooks::sendHeaders(): Based for the most part on mod_scgi's send_headers()
+ function.
+
+------------------------------------------------------------------------
+CNRI OPEN SOURCE LICENSE AGREEMENT
+
+IMPORTANT: PLEASE READ THE FOLLOWING AGREEMENT CAREFULLY. BY
+COPYING, INSTALLING OR OTHERWISE USING SCGI-1.9 SOFTWARE, YOU ARE
+DEEMED TO HAVE AGREED TO THE TERMS AND CONDITIONS OF THIS LICENSE
+AGREEMENT.
+
+1. This LICENSE AGREEMENT is between Corporation for National
+ Research Initiatives, having an office at 1895 Preston White
+ Drive, Reston, VA 20191 ("CNRI"), and the Individual or
+ Organization ("Licensee") copying, installing or otherwise using
+ scgi-1.9 software in source or binary form and its associated
+ documentation ("scgi-1.9").
+
+2. Subject to the terms and conditions of this License Agreement,
+ CNRI hereby grants Licensee a nonexclusive, royalty-free, world-
+ wide license to reproduce, analyze, test, perform and/or display
+ publicly, prepare derivative works, distribute, and otherwise use
+ scgi-1.9 alone or in any derivative version, provided, however,
+ that CNRI's License Agreement and CNRI's notice of copyright,
+ i.e., "Copyright (c) 2004 Corporation for National Research
+ Initiatives; All Rights Reserved" are retained in scgi-1.9 alone
+ or in any derivative version prepared by Licensee.
+
+3. In the event Licensee prepares a derivative work that is based on
+ or incorporates scgi-1.9 or any part thereof, and wants to make
+ the derivative work available to others as provided herein, then
+ Licensee hereby agrees to include in any such work a brief
+ summary of the changes made to scgi-1.9.
+
+4. CNRI is making scgi-1.9 available to Licensee on an "AS IS"
+ basis. CNRI MAKES NO REPRESENTATIONS OR WARRANTIES, EXPRESS OR
+ IMPLIED. BY WAY OF EXAMPLE, BUT NOT LIMITATION, CNRI MAKES NO
+ AND DISCLAIMS ANY REPRESENTATION OR WARRANTY OF MERCHANTABILITY
+ OR FITNESS FOR ANY PARTICULAR PURPOSE OR THAT THE USE OF SCGI-1.9
+ WILL NOT INFRINGE ANY THIRD PARTY RIGHTS.
+
+5. CNRI SHALL NOT BE LIABLE TO LICENSEE OR ANY OTHER USERS OF SCGI-
+ 1.9 FOR ANY INCIDENTAL, SPECIAL, OR CONSEQUENTIAL DAMAGES OR LOSS
+ AS A RESULT OF MODIFYING, DISTRIBUTING, OR OTHERWISE USING SCGI-
+ 1.9, OR ANY DERIVATIVE THEREOF, EVEN IF ADVISED OF THE
+ POSSIBILITY THEREOF.
+
+6. This License Agreement will automatically terminate upon a
+ material breach of its terms and conditions.
+
+7. This License Agreement shall be governed by and interpreted in
+ all respects by the law of the State of Virginia, excluding
+ Virginia's conflict of law provisions. Nothing in this License
+ Agreement shall be deemed to create any relationship of agency,
+ partnership, or joint venture between CNRI and Licensee. This
+ License Agreement does not grant permission to use CNRI
+ trademarks or trade name in a trademark sense to endorse or
+ promote products or services of Licensee, or any third party.
+
+8. By copying, installing or otherwise using scgi-1.9, Licensee
+ agrees to be bound by the terms and conditions of this License
+ Agreement.
+
+---------------------------------------------------------------------------
+All files located under ext/nginx hold the same Copyright and license
+as the main Passenger source (Copyright (C) 2008 Hongli Lai & Ninh Bui
+and GPLv2 only), except where noted below:
+
+ext/nginx/Configuration.[c,h], ContentHandler.[c,h],
+ngx_http_passenger_module.[c,h] and StaticContentHandler.h is:
+
+/* Copyright (C) Igor Sysoev
+ * Copyright (C) 2007 Manlio Perillo (manlio.perillo@gmail.com)
+ * Copyright (C) 2008, 2009 Phusion
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+ext/nginx/StaticContentHandler.c is:
+/*
+ * Copyright (C) Igor Sysoev
+ * Copyright (C) 2009 Phusion
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+-----------------------------------------------------------------------------
+
+All files located under test hold the same Copyright and license
+as the main Passenger source (Copyright (C) 2008 Hongli Lai & Ninh Bui
+and GPLv2 only), except where noted below:
+
+test/stub/rails_apps/mycookbook/public/javascripts/controls.js is:
+
+// Copyright (c) 2005-2007 Thomas Fuchs (http://script.aculo.us, http://mir.aculo.us)
+// (c) 2005-2007 Ivan Krstic (http://blogs.law.harvard.edu/ivan)
+// (c) 2005-2007 Jon Tirsen (http://www.tirsen.com)
+// Contributors:
+// Richard Livsey
+// Rahul Bhargava
+// Rob Wills
+//
+// script.aculo.us is freely distributable under the terms of an MIT-style license.
+// For details, see the script.aculo.us web site: http://script.aculo.us/
+
+test/stub/rails_apps/mycookbook/public/javascripts/dragdrop.js is:
+
+// Copyright (c) 2005-2007 Thomas Fuchs (http://script.aculo.us, http://mir.aculo.us)
+// (c) 2005-2007 Sammi Williams (http://www.oriontransfer.co.nz, sammi@oriontransfer.co.nz)
+//
+// script.aculo.us is freely distributable under the terms of an MIT-style license.
+// For details, see the script.aculo.us web site: http://script.aculo.us/
+
+test/stub/rails_apps/mycookbook/public/javascripts/effects.js is:
+
+// Copyright (c) 2005-2007 Thomas Fuchs (http://script.aculo.us, http://mir.aculo.us)
+// Contributors:
+// Justin Palmer (http://encytemedia.com/)
+// Mark Pilgrim (http://diveintomark.org/)
+// Martin Bialasinki
+//
+// script.aculo.us is freely distributable under the terms of an MIT-style license.
+// For details, see the script.aculo.us web site: http://script.aculo.us/
+
+test/stub/rails_apps/mycookbook/public/javascripts/prototype.js is:
+
+/* Prototype JavaScript framework, version 1.6.0.1
+ * (c) 2005-2007 Sam Stephenson
+ *
+ * Prototype is freely distributable under the terms of an MIT-style license.
+ * For details, see the Prototype web site: http://www.prototypejs.org/
+*/
+
+test/support/tut.h and tut_reporter.h is Copyright 2002-2006 Vladimir Dyuzhev:
+
+ * http://tut-framework.sourceforge.net/
+ *
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * Redistributions of source code must retain the above copyright notice, this
+ * list of conditions and the following disclaimer.
+ * Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND
+ * FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
+ * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+
--- passenger-2.2.11debian.orig/debian/README.Debian
+++ passenger-2.2.11debian/debian/README.Debian
@@ -0,0 +1,17 @@
+Phusion Passenger module for Apache2
+AKA mod_rails or mod_rack
+
+This is the Phusion Passenger (mod_rails/mod_rack) Apache 2 module
+package offering support for Ruby web applications based on Rails or
+Rack. There is even experimental support for WSGI Python apps.
+
+This package version manages the dependencies for you and will install
+a fully working Apache2 setup with the module in place and activated. No
+need to run any installers or other programs. The package does all that
+for you.
+
+All you need do is add your virtual host to your setup, and reload
+Apache2. See the User Guide (passenger/Users guide.html or
+passenger/Users guide.txt.gz) for more information.
+
+Neil Wilson Fri 29 July 2008
--- passenger-2.2.11debian.orig/debian/libapache2-mod-passenger.postinst
+++ passenger-2.2.11debian/debian/libapache2-mod-passenger.postinst
@@ -0,0 +1,36 @@
+#!/bin/sh
+
+set -e
+
+if [ "$1" != "configure" ]; then
+ exit 0
+fi
+
+reload_apache()
+{
+ if apache2ctl configtest 2>/dev/null; then
+ invoke-rc.d apache2 force-reload || true
+ else
+ echo "Your apache2 configuration is broken, so we're not restarting it for you."
+ fi
+}
+
+if [ -n "$2" ]; then
+# we're upgrading. test if we're enabled, and if so, restart to reload the module.
+ if [ -e /etc/apache2/mods-enabled/passenger.load ]; then
+ reload_apache
+ fi
+ exit 0
+fi
+
+if [ -e /etc/apache2/apache2.conf ]; then
+# Enable the module, but hide a2enmod's misleading message about apachectl
+# and force-reload the thing ourselves.
+ a2enmod passenger >/dev/null || true
+ reload_apache
+fi
+
+#DEBHELPER#
+
+exit 0
+
--- passenger-2.2.11debian.orig/debian/changelog
+++ passenger-2.2.11debian/debian/changelog
@@ -0,0 +1,151 @@
+passenger (2.2.11debian-2+deb6u1ubuntu12.04.2) precise-security; urgency=medium
+
+ * REGRESSION UPDATE: Fix for regression introduced in previous
+ CVE-2015-7519 fix. All HTTP headers were dropped from the
+ request which broke all applications. Backport the upstream
+ fix from commit c04590871ca0878d4d3ac1220c5a554b049056b4 for
+ Apache2 only (LP: #1575220)
+
+ -- Trent Lloyd Tue, 05 Jul 2016 00:42:47 +0800
+
+passenger (2.2.11debian-2+deb6u1ubuntu12.04.1) precise-security; urgency=medium
+
+ * fake sync from Debian
+
+ -- Steve Beattie Mon, 25 Apr 2016 16:38:03 -0700
+
+passenger (2.2.11debian-2+deb6u1) squeeze-lts; urgency=high
+
+ * Non-maintainer upload by the Squeeze LTS Team.
+ * CVE-2015-7519
+ agent/Core/Controller/SendRequest.cpp in Phusion Passenger
+ before 4.0.60 and 5.0.x before 5.0.22, when used in Apache
+ integration mode or in standalone mode without a filtering
+ proxy, allows remote attackers to spoof headers passed to
+ applications by using an _ (underscore) character instead
+ of a - (dash) character in an HTTP header, as demonstrated
+ by an X_User header.
+
+ -- Thorsten Alteholz Mon, 28 Jan 2016 18:03:02 +0100
+
+passenger (2.2.11debian-2) unstable; urgency=low
+
+ [Laurent Arnoud]
+ * Team upload.
+ * Bump Standards version to 3.9.1 (no changes).
+
+ [Evgeni Golov]
+ * Correctly install docs in passenger-doc (Closes: #599024)
+
+ -- Evgeni Golov Wed, 06 Oct 2010 11:49:07 +0200
+
+passenger (2.2.11debian-1) unstable; urgency=low
+
+ [ Paul van Tilburg ]
+ * debian/watch: fixed typo in the dversionmangle regexp.
+
+ [ Micah Anderson ]
+ * New upstream release
+ * Update Standards version, no changes
+ * Remove unused patchsystem in debian/rules
+
+ -- Micah Anderson Wed, 17 Mar 2010 00:27:59 -0400
+
+passenger (2.2.9debian-1) unstable; urgency=low
+
+ * New upstream release (Closes: #555552)
+
+ -- Micah Anderson Sun, 31 Jan 2010 14:19:55 -0500
+
+passenger (2.2.7debian-1) unstable; urgency=low
+
+ * Added possibile dependency on apache2-mpm-itk (Closes: #556230)
+ * New upstream release
+
+ -- Micah Anderson Fri, 20 Nov 2009 13:56:00 -0500
+
+passenger (2.2.5debian1-1) unstable; urgency=low
+
+ * Really sort out the Build-deps this time (Closes: #555155)
+ * Remove embedded prototype.js, Build-dep on libjs-prototype
+ and symlink to that version, requires repack of orig
+ tarball (Closes: #555273)
+
+ -- Micah Anderson Mon, 09 Nov 2009 12:07:15 -0500
+
+passenger (2.2.5debian-5) unstable; urgency=low
+
+ * Build-dep on apache2 to fix FTBS (Closes: #555155)
+
+ -- Micah Anderson Sun, 08 Nov 2009 21:22:47 -0500
+
+passenger (2.2.5debian-3) unstable; urgency=low
+
+ * Really fix apache2-mpm-preform dependencies (Closes: #545872)
+
+ -- Micah Anderson Fri, 06 Nov 2009 17:41:46 -0500
+
+passenger (2.2.5debian-2) unstable; urgency=low
+
+ * Update control to allow for possible installation of
+ apache2-mpm-prefork (Closes: #545872)
+
+ -- Micah Anderson Wed, 23 Sep 2009 14:55:53 -0400
+
+passenger (2.2.5debian-1) unstable; urgency=low
+
+ * New upstream release
+ * Bump standards version one minor number (no changes)
+
+ -- Micah Anderson Thu, 17 Sep 2009 22:55:23 -0400
+
+passenger (2.2.4debian-1) unstable; urgency=low
+
+ * Updated debian/copyright information with information for:
+ . test/support/tut.h and tut_reporter.h
+ . test/stub/rails_apps/mycookbook/public/javascripts/prototype.js
+ . test/stub/rails_apps/mycookbook/public/javascripts/effects.js
+ . test/stub/rails_apps/mycookbook/public/javascripts/dragdrop.js
+ . test/stub/rails_apps/mycookbook/public/javascripts/controls.js
+ . ext/nginx/StaticContentHandler.c
+ . ext/nginx/Configuration.[c,h], ContentHandler.[c,h],
+ . ext/nginx/ngx_http_passenger_module.[c,h] and StaticContentHandler.h
+ . ext/apache2/Hooks.cpp
+ . ext/common/Base65.[cpp,h]
+ * Update Standards-Version to 3.8.2 (no changes)
+ * Also remove passenger-install-nginx-module, same as the apache piece
+ * Add myself and damog to Uploaders
+ * Set Maintainer field to Debian Ruby Extras Maintainers
+ * Make sure the modsavailabledir is properly created
+ * Fix the DEB_INSTALL_DOCS package name
+ * Update the passengermodule and admintools names for the new upstream
+ * Removed etc from libapache2-mod-passenger.install
+ * Updated to new upstream version
+ * Added librack-ruby Depends
+ * Removed tests/support/valgrind.h, incompatible 4-clause BSD license
+ * Added Build-dep on source-highlight
+
+ -- Micah Anderson Sat, 25 Jul 2009 11:46:51 -0400
+
+passenger (2.1.2-1) unstable; urgency=low
+
+ * New upstream version.
+ * Added license and copyright information for Boost library at
+ debian/copyright.
+ * Updated source paths.
+ * Updated Standards-Version to 3.8.1 .
+
+ -- Filipe Lautert Thu, 26 Mar 2009 19:56:22 -0300
+
+passenger (2.0.3-1) unstable; urgency=low
+
+ [Filipe Lautert]
+
+ * Some corrections to changelog file.
+ * Added myself and ruby-extras group to uploaders field.
+
+ [Leandro Nunes dos Santos]
+
+ * Initial release (Closes: #488753).
+
+ -- Filipe Lautert Wed, 15 Oct 2008 23:04:26 -0200
--- passenger-2.2.11debian.orig/debian/control
+++ passenger-2.2.11debian/debian/control
@@ -0,0 +1,35 @@
+Source: passenger
+Section: web
+Priority: optional
+Maintainer: Ubuntu Developers
+XSBC-Original-Maintainer: Debian Ruby Extras Maintainers
+Uploaders: Filipe Lautert , Micah Anderson , David Moreno
+Build-Depends: debhelper (>= 7), apache2-mpm-worker | apache2-mpm, apache2-threaded-dev, libapr1-dev,
+ rubygems (>= 1.2), debhelper (>= 5.0.44), ruby-dev, doxygen, asciidoc (>= 8.2), graphviz, rake,
+ cdbs, source-highlight
+Standards-Version: 3.9.1
+Homepage: http://www.modrails.com/
+Vcs-Browser: http://svn.debian.org/viewsvn/pkg-ruby-extras/trunk/passenger/
+Vcs-Svn: svn://svn.debian.org/svn/pkg-ruby-extras/trunk/passenger/
+
+Package: libapache2-mod-passenger
+Architecture: any
+Depends: ${shlibs:Depends}, apache2-mpm-worker (>= 2.2.9-9) | apache2-mpm-prefork (>= 2.2.9-9) |
+ apache2-mpm-itk (>= 2.2.9-9), ruby, rubygems (>= 1.2), ${misc:Depends}, librack-ruby, libjs-prototype
+Suggests: python, rails, passenger-doc
+Description: Rails and Rack support for Apache2
+ Phusion Passenger — a.k.a. mod_rails or mod_rack — makes
+ deployment of Ruby web applications, such as those built on the
+ revolutionary Ruby on Rails web framework, a breeze.
+
+Package: passenger-doc
+Section: doc
+Architecture: all
+Depends: ${misc:Depends}
+Suggests: www-browse
+Description: Rails and Rac support for Apache2 - Documentation
+ Phusion Passenger — a.k.a. mod_rails or mod_rack — makes
+ deployment of Ruby web applications, such as those built on the
+ revolutionary Ruby on Rails web framework, a breeze.
+ .
+ This package provides the documentation for Phusion Passenger.
--- passenger-2.2.11debian.orig/debian/libapache2-mod-passenger.install
+++ passenger-2.2.11debian/debian/libapache2-mod-passenger.install
@@ -0,0 +1,3 @@
+usr/bin
+usr/lib
+../passenger.{conf,load} etc/apache2/mods-available
--- passenger-2.2.11debian.orig/debian/libapache2-mod-passenger.prerm
+++ passenger-2.2.11debian/debian/libapache2-mod-passenger.prerm
@@ -0,0 +1,16 @@
+#!/bin/sh
+
+set -e
+
+if [ "$1" != "remove" -a "$1" != "purge" ]; then
+ exit 0
+fi;
+
+if [ -e /etc/apache2/apache2.conf ]; then
+ a2dismod passenger || true
+fi
+
+#DEBHELPER#
+
+exit 0
+
--- passenger-2.2.11debian.orig/debian/watch
+++ passenger-2.2.11debian/debian/watch
@@ -0,0 +1,3 @@
+version=3
+options="dversionmangle=s/debian[0-9]*//" \
+http://rubyforge.org/frs/?group_id=5873 .*passenger-([\d.-]*)\.t.* debian debian/repack.sh
--- passenger-2.2.11debian.orig/debian/compat
+++ passenger-2.2.11debian/debian/compat
@@ -0,0 +1 @@
+7
--- passenger-2.2.11debian.orig/debian/dirs
+++ passenger-2.2.11debian/debian/dirs
@@ -0,0 +1,2 @@
+etc/apache2/mods-available
+usr/lib/apache2/modules
--- passenger-2.2.11debian.orig/debian/passenger.load
+++ passenger-2.2.11debian/debian/passenger.load
@@ -0,0 +1 @@
+LoadModule passenger_module /usr/lib/apache2/modules/mod_passenger.so
--- passenger-2.2.11debian.orig/ext/apache2/Hooks.cpp
+++ passenger-2.2.11debian/ext/apache2/Hooks.cpp
@@ -786,6 +786,18 @@
}
}
+ // Renamed upstream function contains_non_alphanumdash from commit c04590871ca0878d4d3ac1220c5a554b049056b4
+ // because the return values were confusingly opposite to what the name suggested. Used for CVE-2015-7519 fix.
+ bool contains_alphanumdash_only(const char *current) {
+ while (*current != '\0') {
+ if (!apr_isalnum(*current) && *current != '-') {
+ return false;
+ }
+ current++;
+ }
+ return true;
+ }
+
apr_status_t sendHeaders(request_rec *r, DirConfig *config, Application::SessionPtr &session, const char *baseURI) {
apr_table_t *headers;
headers = apr_table_make(r->pool, 40);
@@ -847,7 +859,7 @@
hdrs_arr = apr_table_elts(r->headers_in);
hdrs = (apr_table_entry_t *) hdrs_arr->elts;
for (i = 0; i < hdrs_arr->nelts; ++i) {
- if (hdrs[i].key) {
+ if (hdrs[i].key && contains_alphanumdash_only(hdrs[i].key)) {
addHeader(headers, http2env(r->pool, hdrs[i].key), hdrs[i].val);
}
}