From 5b189b3075eef566c19a1096f04b6f394d46fd98 Mon Sep 17 00:00:00 2001 From: Prabuddha Chakraborty Date: Tue, 20 Oct 2015 14:31:46 +0530 Subject: [PATCH 01/12] Updated mysql with new repository --- ee/cli/plugins/stack.py | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/ee/cli/plugins/stack.py b/ee/cli/plugins/stack.py index 64da1941..887b4185 100644 --- a/ee/cli/plugins/stack.py +++ b/ee/cli/plugins/stack.py @@ -117,12 +117,12 @@ class EEStackController(CementBaseController): keyserver="keyserver.ubuntu.com") chars = ''.join(random.sample(string.ascii_letters, 8)) Log.debug(self, "Pre-seeding MySQL") - Log.debug(self, "echo \"mariadb-server-10.0 " + Log.debug(self, "echo \"mariadb-server-10.1 " "mysql-server/root_password " "password \" | " "debconf-set-selections") try: - EEShellExec.cmd_exec(self, "echo \"mariadb-server-10.0 " + EEShellExec.cmd_exec(self, "echo \"mariadb-server-10.1 " "mysql-server/root_password " "password {chars}\" | " "debconf-set-selections" @@ -131,12 +131,12 @@ class EEStackController(CementBaseController): except CommandExecutionError as e: Log.error("Failed to initialize MySQL package") - Log.debug(self, "echo \"mariadb-server-10.0 " + Log.debug(self, "echo \"mariadb-server-10.1 " "mysql-server/root_password_again " "password \" | " "debconf-set-selections") try: - EEShellExec.cmd_exec(self, "echo \"mariadb-server-10.0 " + EEShellExec.cmd_exec(self, "echo \"mariadb-server-10.1 " "mysql-server/root_password_again " "password {chars}\" | " "debconf-set-selections" From efda446a3abff33fd5929cef60117928673d96eb Mon Sep 17 00:00:00 2001 From: Prabuddha Chakraborty Date: Tue, 20 Oct 2015 14:32:36 +0530 Subject: [PATCH 02/12] Updated mysql with new repository and version --- ee/core/variables.py | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/ee/core/variables.py b/ee/core/variables.py index 14957ee2..bead213e 100644 --- a/ee/core/variables.py +++ b/ee/core/variables.py @@ -120,12 +120,12 @@ class EEVariables(): # MySQL repo and packages if ee_platform_distro == 'ubuntu': - ee_mysql_repo = ("deb http://mirror.aarnet.edu.au/pub/MariaDB/repo/" - "10.0/ubuntu {codename} main" + ee_mysql_repo = ("deb http://sfo1.mirrors.digitalocean.com/mariadb/repo/" + "10.1/ubuntu {codename} main" .format(codename=ee_platform_codename)) elif ee_platform_distro == 'debian': - ee_mysql_repo = ("deb http://mirror.aarnet.edu.au/pub/MariaDB/repo/" - "10.0/debian {codename} main" + ee_mysql_repo = ("deb http://sfo1.mirrors.digitalocean.com/mariadb/repo/" + "10.1/debian {codename} main" .format(codename=ee_platform_codename)) ee_mysql = ["mariadb-server", "percona-toolkit"] From daa6dc249ac7931d38240275c3b738f23ccc50e5 Mon Sep 17 00:00:00 2001 From: Prabuddha Chakraborty Date: Tue, 20 Oct 2015 15:41:42 +0530 Subject: [PATCH 03/12] removed add repo restriction for jessie --- ee/cli/plugins/stack.py | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/ee/cli/plugins/stack.py b/ee/cli/plugins/stack.py index 887b4185..2aa66263 100644 --- a/ee/cli/plugins/stack.py +++ b/ee/cli/plugins/stack.py @@ -109,11 +109,11 @@ class EEStackController(CementBaseController): with open('/etc/apt/preferences.d/' 'MariaDB.pref', 'w') as mysql_pref_file: mysql_pref_file.write(mysql_pref) - if EEVariables.ee_platform_codename != 'jessie': - EERepo.add(self, repo_url=EEVariables.ee_mysql_repo) - Log.debug(self, 'Adding key for {0}' - .format(EEVariables.ee_mysql_repo)) - EERepo.add_key(self, '0xcbcb082a1bb943db', + # if EEVariables.ee_platform_codename != 'jessie': + EERepo.add(self, repo_url=EEVariables.ee_mysql_repo) + Log.debug(self, 'Adding key for {0}' + .format(EEVariables.ee_mysql_repo)) + EERepo.add_key(self, '0xcbcb082a1bb943db', keyserver="keyserver.ubuntu.com") chars = ''.join(random.sample(string.ascii_letters, 8)) Log.debug(self, "Pre-seeding MySQL") From 395c783a91927639fdae500785e09864ab7ec3d7 Mon Sep 17 00:00:00 2001 From: Prabuddha Chakraborty Date: Tue, 20 Oct 2015 15:45:41 +0530 Subject: [PATCH 04/12] Updated Pin: origin --- ee/cli/plugins/stack.py | 2 +- ee/cli/plugins/stack_migrate.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/ee/cli/plugins/stack.py b/ee/cli/plugins/stack.py index 2aa66263..fe648ade 100644 --- a/ee/cli/plugins/stack.py +++ b/ee/cli/plugins/stack.py @@ -104,7 +104,7 @@ class EEStackController(CementBaseController): if set(EEVariables.ee_mysql).issubset(set(apt_packages)): Log.info(self, "Adding repository for MySQL, please wait...") - mysql_pref = ("Package: *\nPin: origin mirror.aarnet.edu.au" + mysql_pref = ("Package: *\nPin: origin sfo1.mirrors.digitalocean.com" "\nPin-Priority: 1000\n") with open('/etc/apt/preferences.d/' 'MariaDB.pref', 'w') as mysql_pref_file: diff --git a/ee/cli/plugins/stack_migrate.py b/ee/cli/plugins/stack_migrate.py index 17a15123..e57e7941 100644 --- a/ee/cli/plugins/stack_migrate.py +++ b/ee/cli/plugins/stack_migrate.py @@ -33,7 +33,7 @@ class EEStackMigrateController(CementBaseController): # Add MariaDB repo Log.info(self, "Adding repository for MariaDB, please wait...") - mysql_pref = ("Package: *\nPin: origin mirror.aarnet.edu.au" + mysql_pref = ("Package: *\nPin: origin sfo1.mirrors.digitalocean.com" "\nPin-Priority: 1000\n") with open('/etc/apt/preferences.d/' 'MariaDB.pref', 'w') as mysql_pref_file: From 2674d093bda2ce6fb21d21e4d64c46bbe4350dad Mon Sep 17 00:00:00 2001 From: Prabuddha Chakraborty Date: Wed, 21 Oct 2015 17:41:16 +0530 Subject: [PATCH 05/12] Fix redis installation in debian jessie --- ee/cli/plugins/stack.py | 20 ++++++++------------ 1 file changed, 8 insertions(+), 12 deletions(-) diff --git a/ee/cli/plugins/stack.py b/ee/cli/plugins/stack.py index fe648ade..946cf343 100644 --- a/ee/cli/plugins/stack.py +++ b/ee/cli/plugins/stack.py @@ -1817,24 +1817,20 @@ class EEStackController(CementBaseController): if EEVariables.ee_ram < 512: Log.debug(self, "Setting maxmemory variable to {0} in redis.conf" .format(int(EEVariables.ee_ram*1024*1024*0.1))) - EEFileUtils.searchreplace(self, "/etc/redis/redis.conf", - "# maxmemory ", - "maxmemory {0}".format(int(EEVariables.ee_ram*1024*1024*0.1))) + EEShellExec.cmd_exec(self, "sed -i 's/# maxmemory /maxmemory {0}/' /etc/redis/redis.conf" + .format(int(EEVariables.ee_ram*1024*1024*0.1))) Log.debug(self, "Setting maxmemory-policy variable to volatile-lru in redis.conf") - EEFileUtils.searchreplace(self, "/etc/redis/redis.conf", - "# maxmemory-policy volatile-lru", - "maxmemory-policy volatile-lru") + EEShellExec.cmd_exec(self, "sed -i 's/# maxmemory-policy.*/maxmemory-policy volatile-lru/' " + "/etc/redis/redis.conf") EEService.restart_service(self, 'redis-server') else: Log.debug(self, "Setting maxmemory variable to {0} in redis.conf" .format(int(EEVariables.ee_ram*1024*1024*0.2))) - EEFileUtils.searchreplace(self, "/etc/redis/redis.conf", - "# maxmemory ", - "maxmemory {0}".format(int(EEVariables.ee_ram*1024*1024*0.2))) + EEShellExec.cmd_exec(self, "sed -i 's/# maxmemory /maxmemory {0}/' /etc/redis/redis.conf" + .format(int(EEVariables.ee_ram*1024*1024*0.2))) Log.debug(self, "Setting maxmemory-policy variable to volatile-lru in redis.conf") - EEFileUtils.searchreplace(self, "/etc/redis/redis.conf", - "# maxmemory-policy volatile-lru", - "maxmemory-policy volatile-lru") + EEShellExec.cmd_exec(self, "sed -i 's/# maxmemory-policy.*/maxmemory-policy volatile-lru/' " + "/etc/redis/redis.conf") EEService.restart_service(self, 'redis-server') if disp_msg: if len(self.msg): From b37dfbb70aace2c3967154ef58f8e68fecd04449 Mon Sep 17 00:00:00 2001 From: Prabuddha Chakraborty Date: Fri, 23 Oct 2015 14:41:14 +0530 Subject: [PATCH 06/12] Update version --- ee/core/variables.py | 2 +- install | 2 +- setup.py | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/ee/core/variables.py b/ee/core/variables.py index bead213e..8ffa4c41 100644 --- a/ee/core/variables.py +++ b/ee/core/variables.py @@ -12,7 +12,7 @@ class EEVariables(): """Intialization of core variables""" # EasyEngine version - ee_version = "3.3.10" + ee_version = "3.3.11" # EasyEngine packages versions diff --git a/install b/install index beb6e436..1cc1d32a 100644 --- a/install +++ b/install @@ -48,7 +48,7 @@ fi # Define variables for later use ee_branch=$1 readonly ee_version_old="2.2.3" -readonly ee_version_new="3.3.10" +readonly ee_version_new="3.3.11" readonly ee_log_dir=/var/log/ee/ readonly ee_install_log=/var/log/ee/install.log readonly ee_linux_distro=$(lsb_release -i | awk '{print $3}') diff --git a/setup.py b/setup.py index 82950194..932a94b7 100644 --- a/setup.py +++ b/setup.py @@ -54,7 +54,7 @@ except Exception as e: os.system("git config --global user.email {0}".format(ee_email)) setup(name='ee', - version='3.3.10', + version='3.3.11', description=long_description, long_description=long_description, classifiers=[], From 5ecdf067da47c6f2e953854a87a4fa610212342c Mon Sep 17 00:00:00 2001 From: Prabuddha Chakraborty Date: Fri, 23 Oct 2015 14:45:30 +0530 Subject: [PATCH 07/12] Update CHANGELOG.txt --- CHANGELOG.txt | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/CHANGELOG.txt b/CHANGELOG.txt index 0e6a3721..3dda996e 100644 --- a/CHANGELOG.txt +++ b/CHANGELOG.txt @@ -1,3 +1,8 @@ +v 3.3.11 - Oct 23, 2015 +- Updated MySql version +- Added new repository for MySql +- Minor fix for redis cache in debian jessie + v 3.3.10 - Oct 19, 2015 - Fix #630 - Fix #631 From 4c38fceb2286bb6df7835e4219bbdd3fc8dfa14b Mon Sep 17 00:00:00 2001 From: Prabuddha Chakraborty Date: Mon, 26 Oct 2015 12:53:53 +0530 Subject: [PATCH 08/12] Fix anemometer issue with mysql 10.1 --- ee/cli/plugins/stack.py | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/ee/cli/plugins/stack.py b/ee/cli/plugins/stack.py index 946cf343..58062f45 100644 --- a/ee/cli/plugins/stack.py +++ b/ee/cli/plugins/stack.py @@ -1226,8 +1226,9 @@ class EEStackController(CementBaseController): raise SiteError("Unable to import Anemometer database") EEMysql.execute(self, 'grant select on *.* to \'anemometer\'' - '@\'{0}\''.format(self.app.config.get('mysql', - 'grant-host'))) + '@\'{0}\' IDENTIFIED' + ' BY \'{1}\''.format(self.app.config.get('mysql', + 'grant-host'),chars)) Log.debug(self, "grant all on slow-query-log.*" " to anemometer@root_user IDENTIFIED BY password ") EEMysql.execute(self, 'grant all on slow_query_log.* to' From 4b6f0c2fe5eb4bff5171c0e23725842f696cc2e2 Mon Sep 17 00:00:00 2001 From: Prabuddha Chakraborty Date: Mon, 26 Oct 2015 13:02:53 +0530 Subject: [PATCH 09/12] Fix typo errors --- ee/cli/plugins/stack.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ee/cli/plugins/stack.py b/ee/cli/plugins/stack.py index 58062f45..d99fbf18 100644 --- a/ee/cli/plugins/stack.py +++ b/ee/cli/plugins/stack.py @@ -1236,7 +1236,7 @@ class EEStackController(CementBaseController): ' BY \'{1}\''.format(self.app.config.get( 'mysql', 'grant-host'), chars), - errormsg="cannot grant privillages", log=False) + errormsg="cannot grant priviledges", log=False) # Custom Anemometer configuration Log.debug(self, "configration Anemometer") From c64f28eaf5e9a63c45660309d53ab1229092393e Mon Sep 17 00:00:00 2001 From: Prabuddha Chakraborty Date: Mon, 26 Oct 2015 14:05:48 +0530 Subject: [PATCH 10/12] Fix security issue --- ee/cli/templates/locations.mustache | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ee/cli/templates/locations.mustache b/ee/cli/templates/locations.mustache index 21e18f82..b9d9fc63 100644 --- a/ee/cli/templates/locations.mustache +++ b/ee/cli/templates/locations.mustache @@ -34,7 +34,7 @@ location ~* ^.+\.(bak|log|old|orig|original|php#|php~|php_bak|save|swo|swp|sql)$ log_not_found off; } # Return 403 forbidden for readme.(txt|html) or license.(txt|html) or example.(txt|html) -if ($request_uri ~* "^.+(readme|license|example)\.(txt|html)$") { +if ($uri ~* "^.+(readme|license|example)\.(txt|html)$") { return 403; } # Status pages From 806e3aae22252777000dca3f78eb12810956e701 Mon Sep 17 00:00:00 2001 From: Prabuddha Chakraborty Date: Mon, 26 Oct 2015 14:58:02 +0530 Subject: [PATCH 11/12] Update INSTALL script with security fix --- install | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/install b/install index 1cc1d32a..9ea5aa54 100644 --- a/install +++ b/install @@ -454,6 +454,14 @@ function ee_update_latest() fi fi + #Fix Security Issue. commit #c64f28e + if [ -f /etc/nginx/common/locations.conf ]; then + grep -0 '$request_uri ~\* \"^.+(readme|license|example)\\.(txt|html)$\"' /etc/nginx/common/locations.conf &>> /dev/null + if [ $? -eq 0 ]; then + sed -i 's/$request_uri ~\* \"^.+(readme|license|example)\\.(txt|html)$\"/$uri ~\* \"^.+(readme|license|example)\\.(txt|html)$\"/g' /etc/nginx/common/locations.conf &>> /dev/null + fi + fi + # Fix for 3.3.2 renamed nginx.conf nginx -V 2>&1 &>>/dev/null if [[ $? -eq 0 ]]; then From 2dd8ebecde6e5388c9535a32e24d691ac349c472 Mon Sep 17 00:00:00 2001 From: Prabuddha Chakraborty Date: Mon, 26 Oct 2015 18:56:20 +0530 Subject: [PATCH 12/12] Update CHANGELOG.TXT --- CHANGELOG.txt | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.txt b/CHANGELOG.txt index 3dda996e..f7d03a31 100644 --- a/CHANGELOG.txt +++ b/CHANGELOG.txt @@ -1,7 +1,8 @@ -v 3.3.11 - Oct 23, 2015 +v 3.3.11 - Oct 26, 2015 - Updated MySql version - Added new repository for MySql - Minor fix for redis cache in debian jessie +- Security Fix in location.conf v 3.3.10 - Oct 19, 2015 - Fix #630