summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLennart Weller <lhw@ring0.de>2016-05-25 17:08:43 +0000
committerLennart Weller <lhw@ring0.de>2016-05-25 17:10:43 +0000
commit037dcead95659aa0ffda49a87079557e3ee0a2b6 (patch)
tree8c700e3318db80337eea1258e8e96bd205563e57
parentMerge branch 'master' of ssh://git.debian.org/srv/git.debian.org/git/collab-m... (diff)
downloadnetdata-037dcead95659aa0ffda49a87079557e3ee0a2b6.tar.xz
netdata-037dcead95659aa0ffda49a87079557e3ee0a2b6.zip
require versions from testing or newer.
update patch to use stat instead of lstat
-rw-r--r--debian/control10
-rw-r--r--debian/patches/0002-remove-file-serve-ownership-restrictions-for-root.patch54
2 files changed, 49 insertions, 15 deletions
diff --git a/debian/control b/debian/control
index e9bffbdf7..c8908178e 100644
--- a/debian/control
+++ b/debian/control
@@ -20,12 +20,12 @@ Package: netdata
Architecture: any
Multi-Arch: no
Depends: adduser,
- fonts-font-awesome,
+ fonts-font-awesome (>= 4.6),
libcap2-bin (>= 1:2.0),
- libjs-bootstrap,
- libjs-d3,
- libjs-jquery,
- libjs-raphael,
+ libjs-bootstrap (>= 3.3.6),
+ libjs-d3 (>= 3.5.17),
+ libjs-jquery (>= 1.12),
+ libjs-raphael (>= 2.1.0),
lsb-base (>= 3.1-23.2),
netdata-data,
${misc:Depends},
diff --git a/debian/patches/0002-remove-file-serve-ownership-restrictions-for-root.patch b/debian/patches/0002-remove-file-serve-ownership-restrictions-for-root.patch
index 41ecfb07f..1bcb6978e 100644
--- a/debian/patches/0002-remove-file-serve-ownership-restrictions-for-root.patch
+++ b/debian/patches/0002-remove-file-serve-ownership-restrictions-for-root.patch
@@ -3,36 +3,70 @@ Date: Wed, 25 May 2016 13:43:32 +0200
Subject: remove file serve ownership restrictions for root
---
- src/web_client.c | 6 +++---
- 1 file changed, 3 insertions(+), 3 deletions(-)
+ src/web_client.c | 22 +++++++++++-----------
+ 1 file changed, 11 insertions(+), 11 deletions(-)
diff --git a/src/web_client.c b/src/web_client.c
-index 601dda0..1b631bc 100644
+index 601dda0..3582c33 100644
--- a/src/web_client.c
+++ b/src/web_client.c
-@@ -339,14 +339,14 @@ int mysendfile(struct web_client *w, char *filename)
+@@ -331,33 +331,33 @@ int mysendfile(struct web_client *w, char *filename)
+ snprintfz(webfilename, FILENAME_MAX, "%s/%s", web_dir, filename);
+
+ // check if the file exists
+- struct stat stat;
+- if(lstat(webfilename, &stat) != 0) {
++ struct stat wstat;
++ if(stat(webfilename, &wstat) != 0) {
+ debug(D_WEB_CLIENT_ACCESS, "%llu: File '%s' is not found.", w->id, webfilename);
+ buffer_sprintf(w->response.data, "File '%s' does not exist, or is not accessible.", webfilename);
+ return 404;
}
// check if the file is owned by expected user
- if(stat.st_uid != web_files_uid()) {
-+ if(stat.st_uid != web_files_uid() && stat.st_uid != 0) {
- error("%llu: File '%s' is owned by user %d (expected user %d). Access Denied.", w->id, webfilename, stat.st_uid, web_files_uid());
+- error("%llu: File '%s' is owned by user %d (expected user %d). Access Denied.", w->id, webfilename, stat.st_uid, web_files_uid());
++ if(wstat.st_uid != web_files_uid() && wstat.st_uid != 0) {
++ error("%llu: File '%s' is owned by user %d (expected user %d). Access Denied.", w->id, webfilename, wstat.st_uid, web_files_uid());
buffer_sprintf(w->response.data, "Access to file '%s' is not permitted.", webfilename);
return 403;
}
// check if the file is owned by expected group
- if(stat.st_gid != web_files_gid()) {
-+ if(stat.st_gid != web_files_gid() && stat.st_gid != 0) {
- error("%llu: File '%s' is owned by group %d (expected group %d). Access Denied.", w->id, webfilename, stat.st_gid, web_files_gid());
+- error("%llu: File '%s' is owned by group %d (expected group %d). Access Denied.", w->id, webfilename, stat.st_gid, web_files_gid());
++ if(wstat.st_gid != web_files_gid() && wstat.st_gid != 0) {
++ error("%llu: File '%s' is owned by group %d (expected group %d). Access Denied.", w->id, webfilename, wstat.st_gid, web_files_gid());
buffer_sprintf(w->response.data, "Access to file '%s' is not permitted.", webfilename);
return 403;
-@@ -357,7 +357,7 @@ int mysendfile(struct web_client *w, char *filename)
+ }
+
+- if((stat.st_mode & S_IFMT) == S_IFDIR) {
++ if((wstat.st_mode & S_IFMT) == S_IFDIR) {
+ snprintfz(webfilename, FILENAME_MAX, "%s/index.html", filename);
return mysendfile(w, webfilename);
}
- if((stat.st_mode & S_IFMT) != S_IFREG) {
-+ if((stat.st_mode & S_IFMT) != S_IFREG && (stat.st_mode & S_IFMT) != S_IFLNK) {
++ if(!((wstat.st_mode & S_IFMT) & (S_IFREG | S_IFLNK))) {
error("%llu: File '%s' is not a regular file. Access Denied.", w->id, webfilename);
buffer_sprintf(w->response.data, "Access to file '%s' is not permitted.", webfilename);
return 403;
+@@ -403,14 +403,14 @@ int mysendfile(struct web_client *w, char *filename)
+ else if(strstr(filename, ".icns") != NULL) w->response.data->contenttype = CT_IMAGE_ICNS;
+ else w->response.data->contenttype = CT_APPLICATION_OCTET_STREAM;
+
+- debug(D_WEB_CLIENT_ACCESS, "%llu: Sending file '%s' (%ld bytes, ifd %d, ofd %d).", w->id, webfilename, stat.st_size, w->ifd, w->ofd);
++ debug(D_WEB_CLIENT_ACCESS, "%llu: Sending file '%s' (%ld bytes, ifd %d, ofd %d).", w->id, webfilename, wstat.st_size, w->ifd, w->ofd);
+
+ w->mode = WEB_CLIENT_MODE_FILECOPY;
+ w->wait_receive = 1;
+ w->wait_send = 0;
+ buffer_flush(w->response.data);
+- w->response.rlen = stat.st_size;
+- w->response.data->date = stat.st_mtim.tv_sec;
++ w->response.rlen = wstat.st_size;
++ w->response.data->date = wstat.st_mtim.tv_sec;
+
+ return 200;
+ }