EVOLUTION-MANAGER

Edit File: version-3.5.html

<!DOCTYPE html> <!--[if IE 8]><html class="no-js lt-ie9" lang="en" > <![endif]--> <!--[if gt IE 8]><!--> <html class="no-js" lang="en" > <!--<![endif]--> <head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>Version 3.5 &mdash; mod_wsgi 4.7.1 documentation</title> <link rel="stylesheet" href="../_static/css/theme.css" type="text/css" /> <link rel="top" title="mod_wsgi 4.7.1 documentation" href="../index.html"/> <link rel="up" title="Release Notes" href="../release-notes.html"/> <link rel="next" title="Version 3.4" href="version-3.4.html"/> <link rel="prev" title="Version 4.0" href="version-4.0.html"/> <script src="../_static/js/modernizr.min.js"></script> </head> <body class="wy-body-for-nav" role="document"> <div class="wy-grid-for-nav"> <nav data-toggle="wy-nav-shift" class="wy-nav-side"> <div class="wy-side-scroll"> <div class="wy-side-nav-search"> <a href="../index.html" class="icon icon-home"> mod_wsgi </a> <div class="version"> 4.7 </div> <div role="search"> <form id="rtd-search-form" class="wy-form" action="../search.html" method="get"> <input type="text" name="q" placeholder="Search docs" /> <input type="hidden" name="check_keywords" value="yes" /> <input type="hidden" name="area" value="default" /> </form> </div> </div> <div class="wy-menu wy-menu-vertical" data-spy="affix" role="navigation" aria-label="main navigation"> <ul class="current"> <li class="toctree-l1"><a class="reference internal" href="../project-status.html">Project Status</a></li> <li class="toctree-l1"><a class="reference internal" href="../security-issues.html">Security Issues</a></li> <li class="toctree-l1"><a class="reference internal" href="../getting-started.html">Getting Started</a></li> <li class="toctree-l1"><a class="reference internal" href="../requirements.html">Requirements</a></li> <li class="toctree-l1"><a class="reference internal" href="../installation.html">Installation</a></li> <li class="toctree-l1"><a class="reference internal" href="../troubleshooting.html">Troubleshooting</a></li> <li class="toctree-l1"><a class="reference internal" href="../user-guides.html">User Guides</a></li> <li class="toctree-l1"><a class="reference internal" href="../configuration.html">Configuration</a></li> <li class="toctree-l1"><a class="reference internal" href="../finding-help.html">Finding Help</a></li> <li class="toctree-l1"><a class="reference internal" href="../reporting-bugs.html">Reporting Bugs</a></li> <li class="toctree-l1"><a class="reference internal" href="../contributing.html">Contributing</a></li> <li class="toctree-l1"><a class="reference internal" href="../source-code.html">Source Code</a></li> <li class="toctree-l1 current"><a class="reference internal" href="../release-notes.html">Release Notes</a><ul class="current"> <li class="toctree-l2"><a class="reference internal" href="version-4.7.0.html">Version 4.7.0</a></li> <li class="toctree-l2"><a class="reference internal" href="version-4.7.1.html">Version 4.7.1</a></li> <li class="toctree-l2"><a class="reference internal" href="version-4.6.8.html">Version 4.6.8</a></li> <li class="toctree-l2"><a class="reference internal" href="version-4.6.7.html">Version 4.6.7</a></li> <li class="toctree-l2"><a class="reference internal" href="version-4.6.6.html">Version 4.6.6</a></li> <li class="toctree-l2"><a class="reference internal" href="version-4.6.5.html">Version 4.6.5</a></li> <li class="toctree-l2"><a class="reference internal" href="version-4.6.4.html">Version 4.6.4</a></li> <li class="toctree-l2"><a class="reference internal" href="version-4.6.3.html">Version 4.6.3</a></li> <li class="toctree-l2"><a class="reference internal" href="version-4.6.2.html">Version 4.6.2</a></li> <li class="toctree-l2"><a class="reference internal" href="version-4.6.1.html">Version 4.6.1</a></li> <li class="toctree-l2"><a class="reference internal" href="version-4.6.0.html">Version 4.6.0</a></li> <li class="toctree-l2"><a class="reference internal" href="version-4.5.24.html">Version 4.5.24</a></li> <li class="toctree-l2"><a class="reference internal" href="version-4.5.23.html">Version 4.5.23</a></li> <li class="toctree-l2"><a class="reference internal" href="version-4.5.22.html">Version 4.5.22</a></li> <li class="toctree-l2"><a class="reference internal" href="version-4.5.21.html">Version 4.5.21</a></li> <li class="toctree-l2"><a class="reference internal" href="version-4.5.20.html">Version 4.5.20</a></li> <li class="toctree-l2"><a class="reference internal" href="version-4.5.19.html">Version 4.5.19</a></li> <li class="toctree-l2"><a class="reference internal" href="version-4.5.18.html">Version 4.5.18</a></li> <li class="toctree-l2"><a class="reference internal" href="version-4.5.17.html">Version 4.5.17</a></li> <li class="toctree-l2"><a class="reference internal" href="version-4.5.16.html">Version 4.5.16</a></li> <li class="toctree-l2"><a class="reference internal" href="version-4.5.15.html">Version 4.5.15</a></li> <li class="toctree-l2"><a class="reference internal" href="version-4.5.14.html">Version 4.5.14</a></li> <li class="toctree-l2"><a class="reference internal" href="version-4.5.13.html">Version 4.5.13</a></li> <li class="toctree-l2"><a class="reference internal" href="version-4.5.12.html">Version 4.5.12</a></li> <li class="toctree-l2"><a class="reference internal" href="version-4.5.11.html">Version 4.5.11</a></li> <li class="toctree-l2"><a class="reference internal" href="version-4.5.10.html">Version 4.5.10</a></li> <li class="toctree-l2"><a class="reference internal" href="version-4.5.9.html">Version 4.5.9</a></li> <li class="toctree-l2"><a class="reference internal" href="version-4.5.8.html">Version 4.5.8</a></li> <li class="toctree-l2"><a class="reference internal" href="version-4.5.7.html">Version 4.5.7</a></li> <li class="toctree-l2"><a class="reference internal" href="version-4.5.6.html">Version 4.5.6</a></li> <li class="toctree-l2"><a class="reference internal" href="version-4.5.5.html">Version 4.5.5</a></li> <li class="toctree-l2"><a class="reference internal" href="version-4.5.4.html">Version 4.5.4</a></li> <li class="toctree-l2"><a class="reference internal" href="version-4.5.3.html">Version 4.5.3</a></li> <li class="toctree-l2"><a class="reference internal" href="version-4.5.2.html">Version 4.5.2</a></li> <li class="toctree-l2"><a class="reference internal" href="version-4.5.1.html">Version 4.5.1</a></li> <li class="toctree-l2"><a class="reference internal" href="version-4.5.0.html">Version 4.5.0</a></li> <li class="toctree-l2"><a class="reference internal" href="version-4.4.23.html">Version 4.4.23</a></li> <li class="toctree-l2"><a class="reference internal" href="version-4.4.22.html">Version 4.4.22</a></li> <li class="toctree-l2"><a class="reference internal" href="version-4.4.21.html">Version 4.4.21</a></li> <li class="toctree-l2"><a class="reference internal" href="version-4.4.20.html">Version 4.4.20</a></li> <li class="toctree-l2"><a class="reference internal" href="version-4.4.19.html">Version 4.4.19</a></li> <li class="toctree-l2"><a class="reference internal" href="version-4.4.18.html">Version 4.4.18</a></li> <li class="toctree-l2"><a class="reference internal" href="version-4.4.17.html">Version 4.4.17</a></li> <li class="toctree-l2"><a class="reference internal" href="version-4.4.16.html">Version 4.4.16</a></li> <li class="toctree-l2"><a class="reference internal" href="version-4.4.15.html">Version 4.4.15</a></li> <li class="toctree-l2"><a class="reference internal" href="version-4.4.14.html">Version 4.4.14</a></li> <li class="toctree-l2"><a class="reference internal" href="version-4.4.13.html">Version 4.4.13</a></li> <li class="toctree-l2"><a class="reference internal" href="version-4.4.12.html">Version 4.4.12</a></li> <li class="toctree-l2"><a class="reference internal" href="version-4.4.11.html">Version 4.4.11</a></li> <li class="toctree-l2"><a class="reference internal" href="version-4.4.10.html">Version 4.4.10</a></li> <li class="toctree-l2"><a class="reference internal" href="version-4.4.9.html">Version 4.4.9</a></li> <li class="toctree-l2"><a class="reference internal" href="version-4.4.8.html">Version 4.4.8</a></li> <li class="toctree-l2"><a class="reference internal" href="version-4.4.7.html">Version 4.4.7</a></li> <li class="toctree-l2"><a class="reference internal" href="version-4.4.6.html">Version 4.4.6</a></li> <li class="toctree-l2"><a class="reference internal" href="version-4.4.5.html">Version 4.4.5</a></li> <li class="toctree-l2"><a class="reference internal" href="version-4.4.4.html">Version 4.4.4</a></li> <li class="toctree-l2"><a class="reference internal" href="version-4.4.3.html">Version 4.4.3</a></li> <li class="toctree-l2"><a class="reference internal" href="version-4.4.2.html">Version 4.4.2</a></li> <li class="toctree-l2"><a class="reference internal" href="version-4.4.1.html">Version 4.4.1</a></li> <li class="toctree-l2"><a class="reference internal" href="version-4.4.0.html">Version 4.4.0</a></li> <li class="toctree-l2"><a class="reference internal" href="version-4.3.2.html">Version 4.3.2</a></li> <li class="toctree-l2"><a class="reference internal" href="version-4.3.1.html">Version 4.3.1</a></li> <li class="toctree-l2"><a class="reference internal" href="version-4.3.0.html">Version 4.3.0</a></li> <li class="toctree-l2"><a class="reference internal" href="version-4.2.8.html">Version 4.2.8</a></li> <li class="toctree-l2"><a class="reference internal" href="version-4.2.7.html">Version 4.2.7</a></li> <li class="toctree-l2"><a class="reference internal" href="version-4.2.6.html">Version 4.2.6</a></li> <li class="toctree-l2"><a class="reference internal" href="version-4.2.5.html">Version 4.2.5</a></li> <li class="toctree-l2"><a class="reference internal" href="version-4.2.4.html">Version 4.2.4</a></li> <li class="toctree-l2"><a class="reference internal" href="version-4.2.3.html">Version 4.2.3</a></li> <li class="toctree-l2"><a class="reference internal" href="version-4.2.2.html">Version 4.2.2</a></li> <li class="toctree-l2"><a class="reference internal" href="version-4.2.1.html">Version 4.2.1</a></li> <li class="toctree-l2"><a class="reference internal" href="version-4.2.0.html">Version 4.2.0</a></li> <li class="toctree-l2"><a class="reference internal" href="version-4.1.3.html">Version 4.1.3</a></li> <li class="toctree-l2"><a class="reference internal" href="version-4.1.2.html">Version 4.1.2</a></li> <li class="toctree-l2"><a class="reference internal" href="version-4.1.1.html">Version 4.1.1</a></li> <li class="toctree-l2"><a class="reference internal" href="version-4.1.0.html">Version 4.1.0</a></li> <li class="toctree-l2"><a class="reference internal" href="version-4.0.html">Version 4.0</a></li> <li class="toctree-l2 current"><a class="current reference internal" href="">Version 3.5</a><ul> <li class="toctree-l3"><a class="reference internal" href="#security-issues">Security Issues</a></li> <li class="toctree-l3"><a class="reference internal" href="#bugs-fixed">Bugs Fixed</a></li> <li class="toctree-l3"><a class="reference internal" href="#new-features">New Features</a></li> </ul> </li> <li class="toctree-l2"><a class="reference internal" href="version-3.4.html">Version 3.4</a></li> <li class="toctree-l2"><a class="reference internal" href="version-3.3.html">Version 3.3</a></li> <li class="toctree-l2"><a class="reference internal" href="version-3.2.html">Version 3.2</a></li> <li class="toctree-l2"><a class="reference internal" href="version-3.1.html">Version 3.1</a></li> <li class="toctree-l2"><a class="reference internal" href="version-3.0.html">Version 3.0</a></li> <li class="toctree-l2"><a class="reference internal" href="version-2.8.html">Version 2.8</a></li> <li class="toctree-l2"><a class="reference internal" href="version-2.7.html">Version 2.7</a></li> <li class="toctree-l2"><a class="reference internal" href="version-2.6.html">Version 2.6</a></li> <li class="toctree-l2"><a class="reference internal" href="version-2.5.html">Version 2.5</a></li> <li class="toctree-l2"><a class="reference internal" href="version-2.4.html">Version 2.4</a></li> <li class="toctree-l2"><a class="reference internal" href="version-2.3.html">Version 2.3</a></li> <li class="toctree-l2"><a class="reference internal" href="version-2.2.html">Version 2.2</a></li> <li class="toctree-l2"><a class="reference internal" href="version-2.1.html">Version 2.1</a></li> <li class="toctree-l2"><a class="reference internal" href="version-2.0.html">Version 2.0</a></li> <li class="toctree-l2"><a class="reference internal" href="version-1.6.html">Version 1.6</a></li> <li class="toctree-l2"><a class="reference internal" href="version-1.5.html">Version 1.5</a></li> <li class="toctree-l2"><a class="reference internal" href="version-1.4.html">Version 1.4</a></li> <li class="toctree-l2"><a class="reference internal" href="version-1.3.html">Version 1.3</a></li> <li class="toctree-l2"><a class="reference internal" href="version-1.2.html">Version 1.2</a></li> <li class="toctree-l2"><a class="reference internal" href="version-1.1.html">Version 1.1</a></li> <li class="toctree-l2"><a class="reference internal" href="version-1.0.html">Version 1.0</a></li> </ul> </li> </ul> </div> </div> </nav> <section data-toggle="wy-nav-shift" class="wy-nav-content-wrap"> <nav class="wy-nav-top" role="navigation" aria-label="top navigation"> <i data-toggle="wy-nav-top" class="fa fa-bars"></i> <a href="../index.html">mod_wsgi</a> </nav> <div class="wy-nav-content"> <div class="rst-content"> <div role="navigation" aria-label="breadcrumbs navigation"> <ul class="wy-breadcrumbs"> <li><a href="../index.html">Docs</a> &raquo;</li> <li><a href="../release-notes.html">Release Notes</a> &raquo;</li> <li>Version 3.5</li> <li class="wy-breadcrumbs-aside"> <a href="../_sources/release-notes/version-3.5.txt" rel="nofollow"> View page source</a> </li> </ul> <hr/> </div> <div role="main" class="document" itemscope="itemscope" itemtype="http://schema.org/Article"> <div itemprop="articleBody"> <div class="section" id="version-3-5"> <h1>Version 3.5<a class="headerlink" href="#version-3-5" title="Permalink to this headline">¶</a></h1> <p>Version 3.5 of mod_wsgi can be obtained from:</p> <blockquote> <div><a class="reference external" href="https://github.com/GrahamDumpleton/mod_wsgi/archive/3.5.tar.gz">https://github.com/GrahamDumpleton/mod_wsgi/archive/3.5.tar.gz</a></div></blockquote> <div class="section" id="security-issues"> <h2>Security Issues<a class="headerlink" href="#security-issues" title="Permalink to this headline">¶</a></h2> <ol class="arabic simple"> <li>Local privilege escalation when using daemon mode. (CVE-2014-0240)</li> </ol> <p>The issue is believed to affect Linux systems running kernel versions &gt;= 2.6.0 and &lt; 3.1.0.</p> <p>The issue affects all versions of mod_wsgi up to and including version 3.4.</p> <p>The source of the issue derives from mod_wsgi not correctly handling Linux specific error codes from setuid(), which differ to what would be expected to be returned by UNIX systems conforming to the Open Group UNIX specification for setuid().</p> <blockquote> <div><ul class="simple"> <li><a class="reference external" href="http://man7.org/linux/man-pages/man2/setuid.2.html">http://man7.org/linux/man-pages/man2/setuid.2.html</a></li> <li><a class="reference external" href="http://pubs.opengroup.org/onlinepubs/009695399/functions/setuid.html">http://pubs.opengroup.org/onlinepubs/009695399/functions/setuid.html</a></li> </ul> </div></blockquote> <p>This difference in behaviour between Linux and the UNIX specification was believed to have been removed in version 3.1.0 of the Linux kernel.</p> <blockquote> <div><ul class="simple"> <li><a class="reference external" href="https://groups.google.com/forum/?fromgroups=#!topic/linux.kernel/u6cKf4D1D-k">https://groups.google.com/forum/?fromgroups=#!topic/linux.kernel/u6cKf4D1D-k</a></li> </ul> </div></blockquote> <p>The issue would allow a user, where Apache is initially being started as the root user and where running code under mod_wsgi daemon mode as an unprivileged user, to manipulate the number of processes run by that user to affect the outcome of setuid() when daemon mode processes are forked and so gain escalated privileges for the users code.</p> <p>Due to the nature of the issue, if you provide a service or allow untrusted users to run Python web applications you do not control the code for, and do so using daemon mode of mod_wsgi, you should update mod_wsgi as soon as possible.</p> </div> <div class="section" id="bugs-fixed"> <h2>Bugs Fixed<a class="headerlink" href="#bugs-fixed" title="Permalink to this headline">¶</a></h2> <p>1. Python 3 installations can add a suffix to the Python library. So instead of <tt class="docutils literal"><span class="pre">libpythonX.Y.so</span></tt> it can be <tt class="docutils literal"><span class="pre">libpythonX.Ym.so</span></tt>.</p> <p>2. When using daemon mode, if an uncaught exception occurred when handling a request, when response was proxied back via the Apache child process, an internal value for the HTTP status line was not cleared correctly. This was resulting in a HTTP status in response to client of &#8216;200 Error&#8217; rather than &#8216;500 Internal Server Error&#8217;.</p> <p>Note that this only affected the status line and not the actual HTTP status. The status would still be 500 and the client would still interpret it as a failed request.</p> <p>3. Null out Apache scoreboard handle in daemon processes for Apache 2.4 to avoid process crash when lingering close cleanup occurs.</p> <p>4. Workaround broken MacOS X XCode Toolchain references in Apache apxs build configuration tool and operating system libtool script. This means it is no longer necessary to manually go into:</p> <div class="highlight-python"><div class="highlight"><pre><span></span><span class="n">Applications</span><span class="o">/</span><span class="n">Xcode</span><span class="o">.</span><span class="n">app</span><span class="o">/</span><span class="n">Contents</span><span class="o">/</span><span class="n">Developer</span><span class="o">/</span><span class="n">Toolchains</span> </pre></div> </div> <p>and manually add symlinks to define the true location of the compiler tools.</p> <ol class="arabic simple" start="5"> <li>Restore ability to compile mod_wsgi source code under Apache 1.3.</li> </ol> <p>6. Fix checks for whether the ITK MPM is used and whether ITK MPM specific actions should be taken around the ownership of the mod_wsgi daemon process listener socket.</p> <p>7. Fix issue where when using Python 3.4, mod_wsgi daemon processes would actually crash when the processes were being shutdown.</p> <p>8. Made traditional library linking the default on MacOS X. If needing framework style linking for the Python framework, then use the <tt class="docutils literal"><span class="pre">--enable-framework</span></tt> option. The existing <tt class="docutils literal"><span class="pre">--disable-framework</span></tt> has now been removed given that the default action has been swapped around.</p> </div> <div class="section" id="new-features"> <h2>New Features<a class="headerlink" href="#new-features" title="Permalink to this headline">¶</a></h2> <p>1. For Linux 2.4 and later, enable ability of daemon processes to dump core files when Apache <tt class="docutils literal"><span class="pre">CoreDumpDirectory</span></tt> directive used.</p> <p>2. Attempt to log whether daemon process exited normally or was killed off by an unexpected signal.</p> </div> </div> </div> <div class="articleComments"> </div> </div> <footer> <div class="rst-footer-buttons" role="navigation" aria-label="footer navigation"> <a href="version-3.4.html" class="btn btn-neutral float-right" title="Version 3.4" accesskey="n" rel="next">Next <span class="fa fa-arrow-circle-right"></span></a> <a href="version-4.0.html" class="btn btn-neutral" title="Version 4.0" accesskey="p" rel="prev"><span class="fa fa-arrow-circle-left"></span> Previous</a> </div> <hr/> <div role="contentinfo"> <p> &copy; Copyright 2007-2020, Graham Dumpleton. </p> </div> Built with <a href="http://sphinx-doc.org/">Sphinx</a> using a <a href="https://github.com/snide/sphinx_rtd_theme">theme</a> provided by <a href="https://readthedocs.org">Read the Docs</a>. </footer> </div> </div> </section> </div> <script type="text/javascript"> var DOCUMENTATION_OPTIONS = { URL_ROOT:'../', VERSION:'4.7.1', COLLAPSE_INDEX:false, FILE_SUFFIX:'.html', HAS_SOURCE: true, SOURCELINK_SUFFIX: '' }; </script> <script type="text/javascript" src="../_static/jquery.js"></script> <script type="text/javascript" src="../_static/underscore.js"></script> <script type="text/javascript" src="../_static/doctools.js"></script> <script type="text/javascript" src="../_static/js/theme.js"></script> <script type="text/javascript"> jQuery(function () { SphinxRtdTheme.StickyNav.enable(); }); </script> </body> </html>