From 037dcead95659aa0ffda49a87079557e3ee0a2b6 Mon Sep 17 00:00:00 2001
From: Lennart Weller <lhw@ring0.de>
Date: Wed, 25 May 2016 19:08:43 +0200
Subject: require versions from testing or newer. update patch to use stat
 instead of lstat

---
 debian/control                                     | 10 ++--
 ...ile-serve-ownership-restrictions-for-root.patch | 54 ++++++++++++++++++----
 2 files changed, 49 insertions(+), 15 deletions(-)

diff --git a/debian/control b/debian/control
index e9bffbdf7..c8908178e 100644
--- a/debian/control
+++ b/debian/control
@@ -20,12 +20,12 @@ Package: netdata
 Architecture: any
 Multi-Arch: no
 Depends: adduser,
-         fonts-font-awesome,
+         fonts-font-awesome (>= 4.6),
          libcap2-bin (>= 1:2.0),
-         libjs-bootstrap,
-         libjs-d3,
-         libjs-jquery,
-         libjs-raphael,
+         libjs-bootstrap (>= 3.3.6),
+         libjs-d3 (>= 3.5.17),
+         libjs-jquery (>= 1.12),
+         libjs-raphael (>= 2.1.0),
          lsb-base (>= 3.1-23.2),
          netdata-data,
          ${misc:Depends},
diff --git a/debian/patches/0002-remove-file-serve-ownership-restrictions-for-root.patch b/debian/patches/0002-remove-file-serve-ownership-restrictions-for-root.patch
index 41ecfb07f..1bcb6978e 100644
--- a/debian/patches/0002-remove-file-serve-ownership-restrictions-for-root.patch
+++ b/debian/patches/0002-remove-file-serve-ownership-restrictions-for-root.patch
@@ -3,36 +3,70 @@ Date: Wed, 25 May 2016 13:43:32 +0200
 Subject: remove file serve ownership restrictions for root
 
 ---
- src/web_client.c | 6 +++---
- 1 file changed, 3 insertions(+), 3 deletions(-)
+ src/web_client.c | 22 +++++++++++-----------
+ 1 file changed, 11 insertions(+), 11 deletions(-)
 
 diff --git a/src/web_client.c b/src/web_client.c
-index 601dda0..1b631bc 100644
+index 601dda0..3582c33 100644
 --- a/src/web_client.c
 +++ b/src/web_client.c
-@@ -339,14 +339,14 @@ int mysendfile(struct web_client *w, char *filename)
+@@ -331,33 +331,33 @@ int mysendfile(struct web_client *w, char *filename)
+ 	snprintfz(webfilename, FILENAME_MAX, "%s/%s", web_dir, filename);
+ 
+ 	// check if the file exists
+-	struct stat stat;
+-	if(lstat(webfilename, &stat) != 0) {
++	struct stat wstat;
++	if(stat(webfilename, &wstat) != 0) {
+ 		debug(D_WEB_CLIENT_ACCESS, "%llu: File '%s' is not found.", w->id, webfilename);
+ 		buffer_sprintf(w->response.data, "File '%s' does not exist, or is not accessible.", webfilename);
+ 		return 404;
  	}
  
  	// check if the file is owned by expected user
 -	if(stat.st_uid != web_files_uid()) {
-+	if(stat.st_uid != web_files_uid() && stat.st_uid != 0) {
- 		error("%llu: File '%s' is owned by user %d (expected user %d). Access Denied.", w->id, webfilename, stat.st_uid, web_files_uid());
+-		error("%llu: File '%s' is owned by user %d (expected user %d). Access Denied.", w->id, webfilename, stat.st_uid, web_files_uid());
++	if(wstat.st_uid != web_files_uid() && wstat.st_uid != 0) {
++		error("%llu: File '%s' is owned by user %d (expected user %d). Access Denied.", w->id, webfilename, wstat.st_uid, web_files_uid());
  		buffer_sprintf(w->response.data, "Access to file '%s' is not permitted.", webfilename);
  		return 403;
  	}
  
  	// check if the file is owned by expected group
 -	if(stat.st_gid != web_files_gid()) {
-+	if(stat.st_gid != web_files_gid() && stat.st_gid != 0) {
- 		error("%llu: File '%s' is owned by group %d (expected group %d). Access Denied.", w->id, webfilename, stat.st_gid, web_files_gid());
+-		error("%llu: File '%s' is owned by group %d (expected group %d). Access Denied.", w->id, webfilename, stat.st_gid, web_files_gid());
++	if(wstat.st_gid != web_files_gid() && wstat.st_gid != 0) {
++		error("%llu: File '%s' is owned by group %d (expected group %d). Access Denied.", w->id, webfilename, wstat.st_gid, web_files_gid());
  		buffer_sprintf(w->response.data, "Access to file '%s' is not permitted.", webfilename);
  		return 403;
-@@ -357,7 +357,7 @@ int mysendfile(struct web_client *w, char *filename)
+ 	}
+ 
+-	if((stat.st_mode & S_IFMT) == S_IFDIR) {
++	if((wstat.st_mode & S_IFMT) == S_IFDIR) {
+ 		snprintfz(webfilename, FILENAME_MAX, "%s/index.html", filename);
  		return mysendfile(w, webfilename);
  	}
  
 -	if((stat.st_mode & S_IFMT) != S_IFREG) {
-+	if((stat.st_mode & S_IFMT) != S_IFREG && (stat.st_mode & S_IFMT) != S_IFLNK) {
++	if(!((wstat.st_mode & S_IFMT) & (S_IFREG | S_IFLNK))) {
  		error("%llu: File '%s' is not a regular file. Access Denied.", w->id, webfilename);
  		buffer_sprintf(w->response.data, "Access to file '%s' is not permitted.", webfilename);
  		return 403;
+@@ -403,14 +403,14 @@ int mysendfile(struct web_client *w, char *filename)
+ 	else if(strstr(filename, ".icns") != NULL)  w->response.data->contenttype = CT_IMAGE_ICNS;
+ 	else w->response.data->contenttype = CT_APPLICATION_OCTET_STREAM;
+ 
+-	debug(D_WEB_CLIENT_ACCESS, "%llu: Sending file '%s' (%ld bytes, ifd %d, ofd %d).", w->id, webfilename, stat.st_size, w->ifd, w->ofd);
++	debug(D_WEB_CLIENT_ACCESS, "%llu: Sending file '%s' (%ld bytes, ifd %d, ofd %d).", w->id, webfilename, wstat.st_size, w->ifd, w->ofd);
+ 
+ 	w->mode = WEB_CLIENT_MODE_FILECOPY;
+ 	w->wait_receive = 1;
+ 	w->wait_send = 0;
+ 	buffer_flush(w->response.data);
+-	w->response.rlen = stat.st_size;
+-	w->response.data->date = stat.st_mtim.tv_sec;
++	w->response.rlen = wstat.st_size;
++	w->response.data->date = wstat.st_mtim.tv_sec;
+ 
+ 	return 200;
+ }
-- 
cgit v1.2.3