diff options
| author | Lennart Weller <lhw@ring0.de> | 2016-05-25 17:08:43 +0000 |
|---|---|---|
| committer | Lennart Weller <lhw@ring0.de> | 2016-05-25 17:10:43 +0000 |
| commit | 037dcead95659aa0ffda49a87079557e3ee0a2b6 (patch) | |
| tree | 8c700e3318db80337eea1258e8e96bd205563e57 | |
| parent | Merge branch 'master' of ssh://git.debian.org/srv/git.debian.org/git/collab-m... (diff) | |
| download | netdata-037dcead95659aa0ffda49a87079557e3ee0a2b6.tar.xz netdata-037dcead95659aa0ffda49a87079557e3ee0a2b6.zip | |
require versions from testing or newer.
update patch to use stat instead of lstat
| -rw-r--r-- | debian/control | 10 | ||||
| -rw-r--r-- | debian/patches/0002-remove-file-serve-ownership-restrictions-for-root.patch | 54 |
2 files changed, 49 insertions, 15 deletions
diff --git a/debian/control b/debian/control index e9bffbdf7..c8908178e 100644 --- a/debian/control +++ b/debian/control @@ -20,12 +20,12 @@ Package: netdata Architecture: any Multi-Arch: no Depends: adduser, - fonts-font-awesome, + fonts-font-awesome (>= 4.6), libcap2-bin (>= 1:2.0), - libjs-bootstrap, - libjs-d3, - libjs-jquery, - libjs-raphael, + libjs-bootstrap (>= 3.3.6), + libjs-d3 (>= 3.5.17), + libjs-jquery (>= 1.12), + libjs-raphael (>= 2.1.0), lsb-base (>= 3.1-23.2), netdata-data, ${misc:Depends}, diff --git a/debian/patches/0002-remove-file-serve-ownership-restrictions-for-root.patch b/debian/patches/0002-remove-file-serve-ownership-restrictions-for-root.patch index 41ecfb07f..1bcb6978e 100644 --- a/debian/patches/0002-remove-file-serve-ownership-restrictions-for-root.patch +++ b/debian/patches/0002-remove-file-serve-ownership-restrictions-for-root.patch @@ -3,36 +3,70 @@ Date: Wed, 25 May 2016 13:43:32 +0200 Subject: remove file serve ownership restrictions for root --- - src/web_client.c | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) + src/web_client.c | 22 +++++++++++----------- + 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/src/web_client.c b/src/web_client.c -index 601dda0..1b631bc 100644 +index 601dda0..3582c33 100644 --- a/src/web_client.c +++ b/src/web_client.c -@@ -339,14 +339,14 @@ int mysendfile(struct web_client *w, char *filename) +@@ -331,33 +331,33 @@ int mysendfile(struct web_client *w, char *filename) + snprintfz(webfilename, FILENAME_MAX, "%s/%s", web_dir, filename); + + // check if the file exists +- struct stat stat; +- if(lstat(webfilename, &stat) != 0) { ++ struct stat wstat; ++ if(stat(webfilename, &wstat) != 0) { + debug(D_WEB_CLIENT_ACCESS, "%llu: File '%s' is not found.", w->id, webfilename); + buffer_sprintf(w->response.data, "File '%s' does not exist, or is not accessible.", webfilename); + return 404; } // check if the file is owned by expected user - if(stat.st_uid != web_files_uid()) { -+ if(stat.st_uid != web_files_uid() && stat.st_uid != 0) { - error("%llu: File '%s' is owned by user %d (expected user %d). Access Denied.", w->id, webfilename, stat.st_uid, web_files_uid()); +- error("%llu: File '%s' is owned by user %d (expected user %d). Access Denied.", w->id, webfilename, stat.st_uid, web_files_uid()); ++ if(wstat.st_uid != web_files_uid() && wstat.st_uid != 0) { ++ error("%llu: File '%s' is owned by user %d (expected user %d). Access Denied.", w->id, webfilename, wstat.st_uid, web_files_uid()); buffer_sprintf(w->response.data, "Access to file '%s' is not permitted.", webfilename); return 403; } // check if the file is owned by expected group - if(stat.st_gid != web_files_gid()) { -+ if(stat.st_gid != web_files_gid() && stat.st_gid != 0) { - error("%llu: File '%s' is owned by group %d (expected group %d). Access Denied.", w->id, webfilename, stat.st_gid, web_files_gid()); +- error("%llu: File '%s' is owned by group %d (expected group %d). Access Denied.", w->id, webfilename, stat.st_gid, web_files_gid()); ++ if(wstat.st_gid != web_files_gid() && wstat.st_gid != 0) { ++ error("%llu: File '%s' is owned by group %d (expected group %d). Access Denied.", w->id, webfilename, wstat.st_gid, web_files_gid()); buffer_sprintf(w->response.data, "Access to file '%s' is not permitted.", webfilename); return 403; -@@ -357,7 +357,7 @@ int mysendfile(struct web_client *w, char *filename) + } + +- if((stat.st_mode & S_IFMT) == S_IFDIR) { ++ if((wstat.st_mode & S_IFMT) == S_IFDIR) { + snprintfz(webfilename, FILENAME_MAX, "%s/index.html", filename); return mysendfile(w, webfilename); } - if((stat.st_mode & S_IFMT) != S_IFREG) { -+ if((stat.st_mode & S_IFMT) != S_IFREG && (stat.st_mode & S_IFMT) != S_IFLNK) { ++ if(!((wstat.st_mode & S_IFMT) & (S_IFREG | S_IFLNK))) { error("%llu: File '%s' is not a regular file. Access Denied.", w->id, webfilename); buffer_sprintf(w->response.data, "Access to file '%s' is not permitted.", webfilename); return 403; +@@ -403,14 +403,14 @@ int mysendfile(struct web_client *w, char *filename) + else if(strstr(filename, ".icns") != NULL) w->response.data->contenttype = CT_IMAGE_ICNS; + else w->response.data->contenttype = CT_APPLICATION_OCTET_STREAM; + +- debug(D_WEB_CLIENT_ACCESS, "%llu: Sending file '%s' (%ld bytes, ifd %d, ofd %d).", w->id, webfilename, stat.st_size, w->ifd, w->ofd); ++ debug(D_WEB_CLIENT_ACCESS, "%llu: Sending file '%s' (%ld bytes, ifd %d, ofd %d).", w->id, webfilename, wstat.st_size, w->ifd, w->ofd); + + w->mode = WEB_CLIENT_MODE_FILECOPY; + w->wait_receive = 1; + w->wait_send = 0; + buffer_flush(w->response.data); +- w->response.rlen = stat.st_size; +- w->response.data->date = stat.st_mtim.tv_sec; ++ w->response.rlen = wstat.st_size; ++ w->response.data->date = wstat.st_mtim.tv_sec; + + return 200; + } |