Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 07 May 2018 18:45:16 +0000
From:      bugzilla-noreply@freebsd.org
To:        ports-bugs@FreeBSD.org
Subject:   [Bug 228054] www/rubygem-passenger is missing passenger_native_support.so
Message-ID:  <bug-228054-7788@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D228054

            Bug ID: 228054
           Summary: www/rubygem-passenger is missing
                    passenger_native_support.so
           Product: Ports & Packages
           Version: Latest
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Many People
          Priority: ---
         Component: Individual Port(s)
          Assignee: osa@FreeBSD.org
          Reporter: feld@FreeBSD.org
          Assignee: osa@FreeBSD.org
             Flags: maintainer-feedback?(osa@FreeBSD.org)

Hello,

Seems the www/rubygem-passenger package is missing the inclusion of
passenger_native_support.so. As a result it will try to download it from the
internet(!) which is a grave security concern:

App 94175 stderr:  [passenger_native_support.so] finding downloads for the
current Ruby interpreter...
App 94175 stderr:=20
App 94175 stderr:      (set PASSENGER_DOWNLOAD_NATIVE_SUPPORT_BINARY=3D0 to
disable)
App 94175 stderr:=20
App 94175 stderr:      Could not download
https://oss-binaries.phusionpassenger.com/binaries/passenger/by_release/5.2=
.1/rubyext-ruby-2.4.4-x86_64-freebsd.tar.gz:
no download tool found (curl or wget required)
App 94175 stderr:      Trying next mirror...
App 94175 stderr:      Could not download
https://s3.amazonaws.com/phusion-passenger/binaries/passenger/by_release/5.=
2.1/rubyext-ruby-2.4.4-x86_64-freebsd.tar.gz:
no download tool found (curl or wget required)
App 94175 stderr:  [passenger_native_support.so] will not be used (can't
compile or download)=20
App 94175 stderr:=20
App 94175 stderr:   --> Passenger will still operate normally.

If someone happens to have wget or curl on their system they may not be see=
ing
this issue as the download could be working, but it is unclear how the down=
load
is validated and if it is strict about requiring a trusted certificate
authority.

--=20
You are receiving this mail because:
You are the assignee for the bug.=

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-228054-7788>