File rubygem-passenger.changes of Package rubygem-passenger

Wed Jul 15 19:20:19 UTC 2020 - Manuel Schnitzer <>

- updated to version 6.0.6

  Release 6.0.6
   * Update gemspec with up to date metadata.
   * Reverts the addition of the 'etc' gem to the Passenger gemspec, because it broke on normal ruby installs. Closes GH-2283.
   * Builds Ubuntu focal Nginx dynamic module package against Nginx 1.18.0. Closes GH-2291.
   * No longer providing prebuilt Ruby 2.1 or 2.2 binaries, they have been EOL for years and rubygems no longer supports them.
   * Updated various library versions used in precompiled binaries (used for e.g. gem installs):

      - ccache 3.7.10 (was 3.7.9)
      - Curl 7.71.1 (was 7.69.1)
      - Git 2.27.0 (was 2.26.2)
      - GnuPG 2.2.21 (was 2.2.20)
      - libgpg_error 1.38 (was 1.37)
      - libgcrypt 1.8.6 (was 1.8.5)
      - RubyGems 3.1.4 (was 3.0.8)

Thu Jun 25 09:57:14 UTC 2020 - Manuel Schnitzer <>

- updated to version 6.0.5

  Release 6.0.5

   * [Enterprise] Fixed a regression (introduced in 5.0.0) where Flying Passenger could not update the Passenger configuration. Closes GH-1554.
   * Adds Ubuntu 20.04 "Focal" packages, and removes Ubuntu 19.04 "Disco" packages.
   * Adds RHEL / CentOS 8 packages.
   * [Nginx] Converts CentOS 7 packages to provide a dynamic module instead of a full Nginx install.
   * Fixes the encoding name for xml output from the `passenger-status --show=xml` command. Closes GH-2248.
   * Adds the 'etc' gem as an explicit dependency. Closes GH-2124.
   * Adds a user agent to the passenger pre-spawn script. Closes GH-1534.
   * Fixes a compilation issue on FreeBSD. Closes GH-2240.
   * Fixes an issue where rack bodies may not be processed correctly.
   * Improves the database reconnection speed in forked processes. closes GH-2253.
   * [Nginx] Adds a config option `passenger_temp_path` to set the path used for the disk backed response cache. Re-Closes GH-2075.
   * [Apache] Protects the path info and script name passed to the app from modifications done by mod_security. Closes GH-2198.
   * Ensures baseuri is set per request, even if config is loaded from cache. Closes GH-2117.
   * Make temp dir toucher cleanup code more resilient to permissions issues.
   * [Nginx] Bumps the preferred Nginx version to 1.18.0 (previously 1.17.3).
   * [Nginx] The preferred PCRE version is now 8.44 (previously 8.43).
   * Removed deprecated rubyforge gemspec property. Contributed by @olleolleolle.
   * Adds an option for specifying the attributes on the sticky session cookie:
    - Apache:     PassengerStickySessionsCookieAttributes     "SameSite=Lax; Secure;"
    - Nginx:      passenger_sticky_sessions_cookie_attributes "SameSite=Lax; Secure;"
    - Standalone: --sticky-sessions-cookie-attributes         "SameSite=Lax; Secure;"
   * Updated various library versions used in precompiled binaries (used for e.g. gem installs):

      - ccache 3.7.9 (was 3.7.3)
      - Curl 7.69.1 (was 7.66.0)
      - Git 2.26.2 (was 2.23.0)
      - GnuPG 2.2.20 (was 2.2.17)
      - libgpg_error 1.37 (was 1.36)
      - OpenSSL 1.0.2u (was 1.0.2t)
      - PCRE 8.44 (was 8.43)
      - s3cmd 2.1.0 (was 2.0.2)
      - RubyGems 3.0.8 (was 3.0.6)
      - Rubies:
        - 2.4.6 -> 2.4.10
        - 2.5.5 -> 2.5.8
        - 2.6.3 -> 2.6.6
        + 2.7.1

Tue Sep 17 06:01:08 UTC 2019 - Manuel Schnitzer <>

- updated to version 6.0.4

  Release 6.0.4

   * Adds Debian 10 "Buster" packages.

  Release 6.0.3

   * Add and option to specify the spawn dir during startup, which is specifically useful for CageFS users. Contributed by @plmnikulin. Closes GH-2145.

      - Apache: `PassengerSpawnDir`
      - Nginx: `passenger_spawn_dir`

   * [Nginx] Bumps the preferred Nginx version to 1.17.3 (previously 1.15.8).
   * [Nginx] The preferred PCRE version is now 8.43 (previously 8.42).
   * Adds Ubuntu 19.04 "Disco" packages, and removes Ubuntu 18.10 "Cosmic" and Ubuntu 14.04 "Trusty" packages.
   * Changes minimum supported macOS version to 10.12 Sierra.
   * Improves container detection and fixes a compilation warning in GCC 8+. Closes GH-2186.
   * Allowed externally specifying an app instance to send a request to. Contributed by Mark R. James (@mrj).
   * Fixed an incompatibility with sending requests to specific app instances, when using the rails web-console gem. Contributed by Mark R. James (@mrj).
   * Fixed a regression (introduced in 5.1.9) where some hooks were not called. Closes GH-2103. Contributed by Mark R. James (@mrj).
   * Fixes compilation with clang 8 (latest macOS update) by updating vendored boost library from 1.67 to 1.69.
   * Reverts a regression intruduced in 6.0.2 where Passenger would crash if it had to use the disk backed response cache. Closes GH-2189.
   * [Nginx] Adds an option `passenger_buffer_upload` to allow buffering uploaded data in Passenger before forwarding it to the app. As a workaround for apps that cannot handle chunked data.
   * [Enterprise] When using deferred port binding, no longer binds port if all apps do not start up.
   * Updated various library versions used in precompiled binaries (used for e.g. gem installs):

      - PCRE 8.43 (was 8.42)
      - Curl 7.65.1 (was 7.64.0)
      - ccache 3.7.3 (was 3.6)
      - Git 2.22.0 (was 2.20.1)
      - OpenSSL 1.0.2s (was 1.0.2q)
      - RubyGems 3.0.6 (was 3.0.2)
      - GnuPG 2.2.16 (was 2.2.13)
      - libgcrypt 1.8.5 (was 1.8.4)
      - libgpg_error 1.36 (was 1.35)
      - libiconv 1.16 (was 1.15)
      - Ruby:
        - 2.4.5 -> 2.4.6
        - 2.5.3 -> 2.5.5
        - 2.6.1 -> 2.6.3  

Sat Mar  2 15:30:14 UTC 2019 - Stephan Kulow <>

- updated to version 6.0.2
 see installed CHANGELOG

  Release 6.0.2
   * Allow compilation to work when Apple messed up their system ruby headers.
   * Only try to read pid 1's /proc files as root, in container detection. Closes GH-2168.
   * Add an option to disable prefixing application logs with "App PID stdout": `PassengerDisableLogPrefix` (Apache) / `passenger_disable_log_prefix` (Nginx). Closes GH-1915.
   * Add support for identifying the Passenger instance by PID. Closes GH-2146. Contributed by Saverio Miroddi (@saveriomiroddi).
   * [Ruby] Made Passenger more resiliant to Rack bugs. Closes GH-2150.
   * [Nginx] Do not touch Nginx's proxy_temp_path var in Passenger's nginx modules. Closes GH-2075. Contributed by Roman Berestnikov-Sivolov (@ROMB).
   * Updated Ruby versions used in precompiled binaries (used for e.g. gem installs) to include 2.6.1.
   * Updated various library versions used in precompiled binaries (used for e.g. gem installs):
      - Curl: 7.64.0 (was: 7.63.0)
      - Ruby: 2.6.1 (was: 2.6.0)
      - RubyGems 3.0.2 (was: 3.0.1)
      - ccache 3.6 (was: 3.5)
      - GnuPG 2.2.13 (was: 2.2.12)
      - libassuan 2.5.3 (was: 2.5.2)
      - libgpg_error 1.35 (was: 1.33)

Mon Jan 14 06:09:34 UTC 2019 -

- updated to version 6.0.1 (boo#1121748)

  * Adds Ubuntu 18.10 "Cosmic" packages.
  * Skips trying to set oom score in LXC container environments.
    Closes GH-2143.
  * Fixes an issue during the GLS startup handshake where ephemeral
    ports could be exhausted. Closes GH-2144.
  * Updated Ruby versions used in precompiled binaries (used for
    e.g. gem installs) to include 2.5.3, and 2.4.5 (removed: 2.4.4).
  * Bumps the preferred Nginx version to 1.15.8.
  * Updated various library versions used in precompiled binaries
    (used for e.g. gem installs):

     - Curl: 7.62.0 -> 7.63.0
     - Git: 2.19.2 -> 2.20.1
     - Gnupg: 2.2.11 -> 2.2.12
     - libassuan: 2.5.1 -> 2.5.2
     - libgpg_error: 1.32 -> 1.33
     - Ruby: 2.4.4 -> 2.4.5, + 2.5.3
     - RubyGems: 2.7.6 -> 3.0.1

Fri Nov 30 09:55:16 UTC 2018 -

- updated to version 6.0.0 (boo#1117900)

 * Introduces support for *all* programming languages. Yes that's
   right... Java, Elixir, Go — Passenger now supports them all!
   This effort is called "generic language support".
 * Bumps the preferred Nginx version to 1.15.7.
 * Introduces anonymous usage telemetry, which helps us improve
   Passenger. Please read the docs on what data is collected and
   how to disable this.
 * [Nginx] Introduces a new option "passenger_request_buffering on|off",
   to allow disabling request body buffering. This is only supported
   in Nginx >= 1.15.3. Closes GH-2121.
 * Updated various library versions used in precompiled binaries
   (used for e.g. gem installs):

    - OpenSSL: 1.0.2q (was: 1.0.2p)
    - libcurl: 7.62.0 (was: 7.61.1)
    - Ruby: 2.3.8 (was: 2.3.7)

Sun Nov 11 09:47:38 UTC 2018 -

- updated to version 5.3.7 (boo#1115545)

 * Fixes package installation issues on Ubuntu 18.04. These issues
   were caused by an update released by Ubuntu on the nginx-common
   package. Closes GH-2122, GH-2140.
 * Fixes compilation problems and warnings with GCC 8.2. Tested on
   Alpine Linux edge 2018-11-05. Closes GH-2139.
 * Fixes compatibility with libcurl 7.62.0. Contributed by
   Po-Chuan Hsieh (@sunpoet).
 * Changes minimum supported macOS version to 10.11 El Capitan.
 * Removes packages for Ubuntu 17.10 Artful.

Mon Nov  5 16:32:17 UTC 2018 -

- updated to version 5.3.6 (boo#1114735)

  * Fixes smart spawning. A regression in 5.3.5 (due to a refactoring) made it so that Passenger only used the direct spawning method. This issue was mostly noticeable in the form of increased process spawning times between 5.3.4 and 5.3.5.
  * Fixes Passenger Core and application processes staying on the Watchdog's OOM score (unkillable). Closes GH-2105.
  * Fixes "mach_vm_map failed" warnings on macOS >= High Sierra. These warnings were harmless, but annoying. Closes GH-2101.
  * Fixes `passenger-config compile-agent` compilation with optimizations. The optimization flags were not properly passed to the compiler.
  * Fixes a crash that could occur when HTTP clients send a chunked transfer-encoding body containing a chunk larger than 429496729 bytes.
  * Improves detection of the system Apache's include headers on macOS High Sierra and later.
  * Fixes RVM gemset detection on RVM 1.29.
  * No longer supplies precompiled Ruby extensions for Ruby 1.9.3 and 2.0.0. When running Ruby 1.9.3 and 2.0.0, Passenger will attempt to compile from source instead.

- changed suse.patch to apply again
- changed fix_shebangs.patch to apply again

Tue Sep 25 05:13:07 UTC 2018 -

- updated to version 5.3.5

  * Fixes Ubuntu 18.04 package installation problems due to Nginx
    version mismatch. Closes GH-2122.
  * Improves usability of crash reports. Crash reports are no
    longer dumped in one big chunk to stderr. Instead, they are
    now dumped into multiple files, making it easy to inspect
    relevant reports.
  * Fixes some crashes that only occur with log level 7.
  * Downloads binaries from the newly-introduced Github mirror.
    This improves the reliability of binary downloads.
  * Updated various library versions used in precompiled binaries
    (used for e.g. gem installs):

     - OpenSSL: 1.0.2p (was: 1.0.2o)
     - libcurl: 7.61.1 (was: 7.60.0)

Thu Aug  2 11:52:36 UTC 2018 -

- updated to version 5.3.4

  * Fixes a crash during startup on FreeBSD 11.2 and recent OpenBSD versions due to C++11 compatibility issues in the code. Closes GH-2097.
  * Updates Boost to version 1.67.0.
  * [Apache] Fixes the handling of HTTP requests with chunked bodies in combination with `PassengerBufferUploads off`. Closes GH-2102

Thu Jun 28 06:33:05 UTC 2018 -

- updated to version 5.3.3

  * [Apache, Nginx] Fixes the passenger-install-*-module scripts. (Regression in 5.3.2) Closes GH-2093.
  * [Nginx] Fixed nginx module building on CentOS 6. Closes GH-2081. Thanks to defanator for contributing this.

Wed Jun 13 11:09:13 UTC 2018 -

- updated to version 5.3.2

	Release 5.3.2

	This release contains many security updates. Users are advised to upgrade as soon as possible. See our blog for more information on the vulnerabilities.

	 * [Nginx] Fixes CVE-2018-12029, a local privilege escalation vulnerability in the Nginx module that occurs when `passenger_instance_registry_dir` is configured to a directory with insufficiently strict permissions.
	 * Fixes CVE-2018-12026, 12027, and 12028. These are local denial of service, local information disclosure and local privilege escalation vulnerabilities that could be exploited by malicious applications or malicious users on the system.
	 * Updated various library versions used in precompiled binaries (used for e.g. gem installs):

			- OpenSSL (Linux only): 1.0.2o (was: 1.0.2k; on macOS it was already 1.0.2o)
			- GeoIP: 1.6.12 (was: 1.6.11)
			- libcurl: 7.60.0 (was: 7.56.1)
	 * Fixes Meteor support in non-bundled mode (regression from 5.3.0). Closes GH-2082.
	 * Fixes the fact that the error page (which is shown when an app fails to spawn) sometimes contains unsufficient analysis details about the app.
	 * [Apache] Fixes PassengerMaxInstancesPerApp not being respected (regression from config refactor in 5.2.0). Closes GH-2059.
	 * [Enterprise, Apache] Fixes PassengerMaxInstances not being respected (regression from config refactor in 5.2.0).
	 * [Enterprise] Fixes passenger-irb being unable to connect to an app process (regression from 5.3.0). Closes GH-2087.

- Change suse.patch to apply again

Tue May 15 07:25:18 UTC 2018 -

- updated to version 5.3.1

  Release 5.3.1

   * Fixes a regression from 5.3.0: a crash that occurs if the user that an application should run under, does not have a shell configured. Closes GH-2078.
   * Fixes a regression from 5.3.0: setting supplementary group IDs during user switching. Closes GH-2077.

Fri May 11 17:41:12 UTC 2018 -

- updated to version 5.3.0

  Release 5.3.0

   * Adds Ubuntu 18.04 "Bionic" packages.
   * Removes packages for Debian 7 "Wheezy" (EOL May 2018).
   * Vastly improves spawning error page: quick overview of where the problem is, and the option to drill down in extensive troubleshooting information.
   * Fuse Panel support: fixes a crash that occurs when you shut down Passenger right after it fails to connect to Fuse Panel.
   * [Nginx] Updates the preferred Nginx version to 1.14.0 (from 1.12.2).
   * [Apache] Updates the recommended package for apache dev headers on debian >= 9.4. Closes GH-2048.
   * [Enterprise] Fix licensing proxy warning to refer to licensing_proxy_url instead of licensing_proxy.
   * [Enterprise] Add new `PassengerAppLogFile` (Apache) / `passenger_app_log_file` (Nginx) config option to specify a file for app-specific logs. Closes GH-1279.

  - Change suse.patch to apply again

Tue Apr 10 19:16:15 UTC 2018 -

- mention `series` in spec file
- mention `rubygem-passenger-rpmlintrc` in spec file

Wed Apr  4 18:54:57 UTC 2018 -

- updated to version 5.2.3

  Release 5.2.3

   * Fuse Panel support: fixes a few bugs with handling small log files and with apps that don't output any messages.
   * Python app support: fixes a Python 3 compatibility issue w.r.t. writing data over the socket.
   * macOS support: fixes a crash in the `passenger-config compile-nginx-engine` command which only occurs on macOS >= 10.13. This crash was caused by a missing `require` call in our code, and affects users who compile Passenger from source, e.g. users of the Passenger Enterprise Homebrew formula.
   * Fixes a small memory corruption issue (dangling pointer) in the ApplicationPool subsystem.
   * Improves support for the $TMPDIR environment variable by removing leftover hardcoded references to /tmp. Closes GH-2052.
   * Updated PCRE version to 8.42 (was: 8.41) across the board.

  Release 5.2.2

   * Adds an option for dumping the web server config manifest to a given file: `PassengerDumpConfigManifest` (Apache) / `passenger_dump_config_manifest` (Nginx). This option is mostly useful for Passenger developers.
   * [Nginx] Fixes support for configurations that have two `passenger_base_uri` options in a single virtual host, without corresponding `passenger_app_group_name` and `passenger_app_root` directives. Closes GH-2043.
   * [Enterprise] Improved support for RAM-based pricing on Heroku (now using officially recommended memory limit reporting via CGROUP).

  Release 5.2.1

   * Fixes a regression from 5.1.11 that prevented Passenger from compiling on FreeBSD in some cases. Closes GH-2031.
   * Fixes a bounds issue in printing an error message that could occur in some cases when spawning a child process fails. Issue was present from 5.1.11.
   * Fixes a regression from 5.2.0 which prevented setting the max pool idle time to 0. Closes GH-2020.
   * Warns if using an incompatible compiler on macOS < 10.13. Closes GH-2017.
   * No longer uses Security Framework on macOS 10.13+. This will prevent further keychain warnings from appropriately compiled Passengers.
   * Fixes warning on macOS about /proc/self access (excluded some code that was intended only for Linux).
   * `passenger-install-nginx-module` now downloads the preferred Nginx version via https. Thanks to smiba for pointing this out.
   * [Apache] Fixes a regression from 5.2.0 that caused a crash on startup when no top-level ServerName is set. Closes GH-2029.
   * [Enterprise] Adds support for using RAM-based pricing on Heroku.

  Release 5.2.0

   * [Apache] Breaking change: to avoid configuration ambiguity, options that act on a per-process level (rather than per-request level) can no longer be used in .htaccess. See the Passenger Library -> configuration -> intro for more info (
   * [Apache] Breaking change: the option PassengerResolveSymlinksInDocumentRoot has been removed (old Passenger 2 compatibility option, see PassengerAppRoot for new method).
   * [Apache] Option handling has been refactored to avoid silent conflicts and errors: warnings are now generated for global config options in <VirtualHost> (they conflict between VHosts) and per-application options in <Files>, <FilesMatch> and <If> (silently failed before).
   * [Apache] Fixes compilation issues on some systems with macOS 10.13 High Sierra (in addition to the fixes from 5.1.11).
   * [Enterprise] Fixes two unnecessary warnings about failure to contact the licensing server, one occurring since version 5.1.8 ("3 days out of contact"), the other since 5.1.11 + Apache ("failure to contact").
   * [Nginx] Fixes the default for the `passenger_app_group_name` to start with the `passenger_app_root` rather than the document root (the end remains the same: `passenger_app_env`).
   * [Standalone] Adds command line support for `start_timeout` in Passenger Standalone (also removes unnecessary warning when using it in `Passengerfile.json`).
   * [Standalone, Nginx] Waits for Nginx to exit before cleaning up temp dir (started happening more since the switch to Nginx graceful shutdown in 5.1.6). Closes GH-1970.
   * Deprecated options for Union Station.
   * Ruby 2.5 compatibility: handle case where an exception's backtrace may be nil. Closes GH-2011.
   * Adds JSON mime type for static file serving. Closes GH-2018.
   * Removes packages for Ubuntu 17.04 "Zesty" (EOL 13-jan-2018).

- Add fix_shebangs.patch:
  * Required to fix the package building because we don't allow /usr/bin/env shebangs.
- Change suse.patch to apply again

Thu Nov 23 14:47:39 UTC 2017 -

- updated to version 5.1.12

  * Changes the Debian/Ubuntu install script to completely restart Apache upon upgrade. This prevents issues due to a "half upgraded" state (old Passenger Apache module + new Passenger core). Closes GH-2000.
  * Adds Ubuntu 17.10 "Artful" packages.
  * Fixes a case in which -- when Passenger is configured with user switching turned off -- it is unable to open the web server log file and aborts during startup. This regression was introduced in 5.1.8. Closes GH-1990.
  * [Nginx] The preferred Nginx version is now 1.12.2
  * [Nginx] The preferred PCRE version is now 8.41 (previously 8.39).
  * [Standalone] Adds support for using `start_timeout` in Passengerfile.json.
  * [Enterprise] Uses libuv to detect total system RAM, allows for compilation on pre-10.11 macOS.
  * [Enterprise] Added a max request queue time option, to limit time requests spend in the request queue. Closes GH-1688.
  * Updated libcurl version used in precompiled binaries (used for e.g. gem installs) to 7.56.1 (was: 7.54.1).
  * Updated OpenSSL version used in precompiled binaries (used for e.g. gem installs) to 1.0.2m (was: 1.0.2l).
  * Updated PCRE version used in precompiled binaries (used for e.g. gem installs) to 8.41 (was: 8.40).
  * Updated Ruby versions used in precompiled binaries (used for e.g. gem installs) to include 2.1.10, 2.2.8, 2.3.5, and 2.4.2 (removed: 2.1.9, 2.2.7, 2.3.4, and 2.4.1). 

Thu Nov 23 09:06:41 UTC 2017 -

- drop upstream merged patch fix-undeclared-isnan.patch to fix build
- add openssl build dependency

Thu Oct 26 10:06:59 UTC 2017 -

- updated to version 5.1.11
 see installed CHANGELOG

  Release 5.1.11
   * [Apache] Fixes a race condition (segfault) on startup, which primarily affected macOS hosts (regression in 5.1.8 due to the logging improvements). Closes GH-1973.
   * [Apache] Fixes compilation on macOS 10.13 High Sierra.
   * [Nginx] It is now allowed to specify `passenger_enabled` in the `http` context as well.
   * [Nginx] Namespaced Jsoncpp under the Passenger namespace to avoid collisions with Google Pagespeed's copy when linked into Nginx.
   * [Standalone] Enables HTTP/2 support in the Nginx template. Support is only active if SSL is used, to avoid potential issues with HTTP/2 on HTTP ports. Closes GH-1945.
   * [Enterprise, Standalone] Adds a new feature that is especially useful on Heroku: deferred port binding. When `--defer-port-binding` is set, Passenger does not listen on the given port until the application has finished spawning. If the application starts slowly then this mechanism can prevent the Heroku request timeout from killing the dyno (the boot timeout still applies).
   * [Enterprise, Standalone] Fixes duplicate warnings when Passengerfile.json contains errors.
   * [Standalone] `passenger start` now accepts the `--start-timeout` configuration option.
   * Adds support for Bundler 2.0's new `gems.rb` and `gems.locked`. Learn more about these in [Gemfile's new clothes]( Closes GH-1982.
   * Removes Debian packages for Ubuntu 12.04 Precise.
   * Fixes compilation warnings on macOS + Clang 9.0.
   * Introduces a new check that logs a vulnerability warning if Passenger is run with root permissions while the directory permissions of (parts of) its root dir allow modifications by non-root users.
   * Fixes an arbitrary file read vulnerability (if Passenger is running as root and the attacker has access to a user account that hosts an application).
  Release 5.1.10
   * This was an Enterprise-only hotfix release (no changes in Passenger Open Source).
  Release 5.1.9
   * This was an Enterprise-only hotfix release (no changes in Passenger Open Source).
  Release 5.1.8
   * Introduces a shorter and more informative log format. The new format significantly shortens the thread ID, and includes the message's log level (critical, error, warning, notice, etc) so that users can more easily filter out uninteresting messages.
   * [Nginx] The Phusion Nginx APT package is upgraded to Nginx version 1.12.1 (previously pinned at 1.10.3 while waiting for a compatible lua module release).
   * [Standalone] Automatically uses Nginx to serves static asset URLs that conform to the [webpacker]( gem's format. Closes GH-1966.
   * [Standalone] If configured to listen on a Unix domain socket, properly cleans up this socket on Nginx shutdown. Fixes a regression from 5.1.6. Closes GH-1969.
   * [Standalone] Fixes the `--max-requests` option when using the builtin engine. Fixes a regression from 5.1.4.
   * [Enterprise] Fixes a potential use-after-free bug when reporting usage data to the Phusion licensing server. This bug only occurs when Passenger Enterprise is running inside a container.
  Release 5.1.7
   * Fixes compilation problems on some systems.
   * Upgrades the JSON parser (json-cpp) to version 1.8.1. This makes parsing slightly faster, adds various security checks and fixes some JSON generation issues.
   * [Enterprise] Fixes an SSL certificate issue in the license usage data reporter, which only occurs when Passenger Enterprise installed from gem or tarball. The license usage data reporter now searches for the correct system CA path.
   * [Enterprise] Fixes a potential use-after-free bug when reporting usage data to the Phusion licensing server, and improves reliability of usage data recording.
  Release 5.1.6
   * Fixes a typo that causes a looping crash when long security update information is sent by the server. In practice we will keep the messages shorter to avoid triggering this until there has been ample time to upgrade.
   * Fixes unnecessary process respawn if it was detached and min_instances is set to 0. Closes GH-1735.
   * Introduces APT packages for Debian 9 "Stretch", with Passenger built as dynamic module. Closes GH-1960.
   * Changes APT packages for Ubuntu 17.04 "Zesty" from static to dynamic module.
   * [Standalone] Now uses graceful shutdown for the Nginx engine under the hood (requested as part of GH-1598). Thanks to PikachuEXE for contributing this.
   * [Standalone] Fixes a memory corruption issue in the builtin engine. The issue was introduced in 5.1.5 (settings handling refactoring).
   * [Standalone] Cleanup the temp dir before aborting when startup cannot continue, e.g. when Passenger is already running. Closes GH-1953.
   * Fixes WSGI crash with Python 3 and non-ASCII characters in headers or the URL. Closes GH-1935. Thanks to n4nn31355 for the assistance.
   * [Nginx] The preferred Nginx version is now 1.12.1 (previously 1.10.3), except for the Phusion Nginx APT package, which is pinned at 1.10.3 until an 1.12.x compatible lua module becomes available.
   * [Nginx] Fixes CVE-2017-7529, an integer overflow vulnerability in the Nginx range filter module. This is accomplished by upgrading to Nginx 1.12.1, or applying the patch (Phusion Nginx APT package).
   * Updated libcurl version used in precompiled binaries (used for e.g. gem installs) to 7.54.1 (was: 7.54.0).
   * Updated OpenSSL version used in precompiled binaries (used for e.g. gem installs) to 1.0.2l (was: 1.0.2k).
   * Updated GeoIP version used in precompiled binaries (used for e.g. gem installs) to 1.6.11 (was: 1.6.9).
   * Updated PCRE version used in precompiled binaries (used for e.g. gem installs) to 8.40 (was: 8.39).
   * Adds support for building with MacPorts' OpenSSL. Closes GH-1959.
  Release 5.1.5
   * Updated Boost to version 1.64.0, which fixed a compilation issue on certain Gentoo based setups. Closes GH-1942.
   * Improved the error message shown when an app fails to start in time.
   * [Apache] Remove option to configure PassengerAppGroupName from .htaccess because, assuming AllowOverride Options is set, malicious users (having an account on the same server) can sometimes collide app group names of other users and capture their traffic.
   * Major internal refactoring of settings handling, to prepare for supporting settings changes without restart.

Tue May 23 10:09:44 UTC 2017 -

- updated to version 5.1.4
 see installed CHANGELOG

  Release 5.1.4
   * Updated zlib version used in building precompiled binaries (used for e.g. gem installs) to 1.2.11 (was: 1.2.8).
   * Updated openssl version used in building precompiled binaries (used for e.g. gem installs) to 1.0.2k (was: 1.0.2j).
   * Updated curl version used in building precompiled binaries (used for e.g. gem installs) to 7.54.0 (was: 7.51.0).
   * Added support for rbenv when building precompiled binaries (passenger_binary_build_automation submodule).
   * Fixes issue when building precompiled binaries (used for e.g. gem installs) found in release 5.1.3.
   * Added Ruby 2.4.1 precompiled native extension.
  Release 5.1.3
   * [Standalone] Fixes `install-standalone-runtime` command after regression in 5.1.2.
   * Removes unnecessary logging of "No Error" from macOS Security Update Checker.
   * Adds support for compiling against the built-in Apache installation supplied with macOS 10.12 Sierra. Previous versions of Passenger failed because macOS Sierra's Apache installation is incomplete and does not supply the apr-config tool. We now work around this by using hardcoded default values for macOS.
   * Don't output colorized text during dependency check when output isn't a TTY, unless forced. Closes GH-1902.
   * [Nginx] The preferred Nginx version is now 1.10.3 (previously 1.10.2).
   * Adds Ubuntu 17.04 "Zesty" packages.
   * [Enterprise] Fixes `send-cloud-usage` command when Passenger is installed from gem.
   * [Enterprise] Improves robustness of machine properties reporting for pay-as-you-go cloud-license holders.
   * [Enterprise] Adds support for reporting available RAM, and CONTAINER_HOST_IDENTIFIER envvar, to support RAM-based pricing model.
   * Added additional debug level logging for troubleshooting issues with bash scripts. Closes GH-1928.
   * Revert private keychain use in the Security Update Checker when run as root on macOS, in order to avoid changing the default System Keychain. Closes GH-1922. Remove Cert and Key from keychain separately, to avoid errors when clearing the client certificate.
   * Fix missing openssl check in `passenger-install-apache2-module` dependency checker. Closes GH-1934.

Tue Feb 14 05:39:30 UTC 2017 -

- updated to version 5.1.2
 see installed CHANGELOG

  Release 5.1.2
   * Improve curl check for passenger-install- scripts to catch (very old) curl versions that won't compile against 5.1+.
   * Fixes remaining false positives (logging) from the new Meteor cluster warning system. Closes GH-1905.
   * Create a private keychain on macOS when the system keychain is defaulted to, this avoids a permissions issue with the system keychain when performing the Security Update Check. This is necessary because the system keychain is the default keychain of daemon users and root on macOS.
   * Improve `passenger-memory-stats` to include JRuby processes that fail to rename as expected. Closes GH-1878.
   * [Standalone] Don't download or compile Nginx when using the builtin engine. Closes GH-1910.
   * [Standalone] Fixes `--nginx-tarball` option of `passenger start` and `passenger-config install-standalone-runtime` (wasn't working). Also verifies that `--nginx-version` is explicitly specified as it should be.
  Release 5.1.1
   * The precompiled version of the PassengerAgent binary (used for e.g. gem installs) now configures (statically linked) libcurl with system keystore, so that the new security update check can successfully validate certs.
   * Fixes some false positives (logging) from the new Node and Meteor cluster warning system. Logging is less repetitive and has extra debug info. Closes GH-1905.
   * Updates the upload-progress module in the Nginx Debian package. The module version that we linked against in 5.1.0 was 0.9.2, but due to a bug in that version the module didn't work.
   * The security update check now reports whether libcurl + SSL backend are statically linked to Passenger, in which case the check also needs to warn about relevant OpenSSL vulnerabilities in the linked library.
   * Increases the allowed line lengths emmited by apps at startup.
   * Adds support for the unary 'not' operator in the Union Station filter language.
   * [Enterprise] Add missing flying-passenger integration mode to security update check. 
   * Fixes support for Rails 5.0.1 Action Cable. Specifically, we now support the `options` argument in the `write_nonblock` method in hijacked Rack IO sockets.
   * [Apache] Introduces a small delay to prevent running the Security Update Checker twice at startup.
  Release 5.1.0
   * Upgrades union_station_hooks_core to version 2.1.2.
   * [Enterprise] When running a Rails app in multithreaded mode, Passenger Enterprise automatically tags Rails logs with the current thread number. This makes it possible to distinguish logs generated by different threads.
   * Fixes permissions issue on Linux when setting OOM score after lowering privileges. Closes GH-1858.
   * [Standalone] Allows raw json envvars in Passengerfile.json. Closes GH-1837.
   * [Standalone] Make the `max_requests` option available on the command line as well. 
   * Fixes unaligned memory access in base64 decoder on platforms that have strict aliasing requirements (non x86/x86_64). Closes GH-1646.
   * Introduces daily Passenger security update check to warn (error log) if there are newer Passenger versions with important security fixes (describing what was discovered, what is affected, which version has the fix).
   * Fixes compilation on Linux when a non-glibc C library is in use. Closes GH-1870.
   * `passenger-install-nginx-module` and the standalone compiler now add the http v2, realip and addition module flags for Nginx (just like the APT/RPM/autobuilder already had). Closes GH-1788. 
   * [Apache] Fixes PassengerShowVersionInHeader option. Thanks to Sebastian Welther for contributing this.
   * Passenger now reports when you try to use Node.js or Meteor clustering, and tries to continue with just a nonfunctional shim in place, so that if your code uses the clustering APIs your app may still work.
   * Updates libev config.sub and config.guess to support newer platforms such as the IBM power 8.
   * Fixes an issue where passenger-config couldn't restart an app if the TMPDIR variable was set to /tmp
   * `passenger-install-apache-module` now suggests the correct apache package on Ubuntu Xenial. Closes GH-1884.
   * [Standalone] The TempDirToucher will now spend most of its time with reduced privileges, except when it's actively touching files. This allows it to be killed when Passenger is quit in most circumstances. Closes GH-1678.
   * Fixes a file overwrite vulnerability caused by a predictable temporary file being written by `passenger-install-nginx-module`. Thanks to Jeremy Evans for reporting this.
   * [Standalone] Fixes starting Passenger as a non-extant user. Closes GH-1849.
   * Improved look of the error pages for failing to spawn an application (development & production mode), and Error ID is now also shown in production mode.
   * [Standalone] Enable ipv6 support by default in builtin nginx. Closes GH-1873.
   * [Nginx] Updates to APT package builder (Debian & Ubuntu) with fix for www-data to root privilege escalation via log file handling (CVE-2016-1247/USN-3114-1).
   * [Nginx] Updates to RPM package builder (CentOS & RHEL) with fix for 1.10.x system nginx package overriding the nginx from the Passenger repo. Closes GH-1895.
   * [Nginx] The preferred Nginx version is now 1.10.2 (previously 1.10.1).
   * RPM pkg builder fix for breaking SELinux change in RHEL 7.3.
   * RPM pkg builder fix for RHEL6/CentOS6 incompatibility and replacement in Passenger.
   * Adds Ubuntu 16.10 "Yakkety" packages.

Tue Jul 26 04:32:34 UTC 2016 -

- updated to version 5.0.30
 see installed CHANGELOG

  Release 5.0.30
   * Changes mbuf block size from 512 to 4096 bytes to better fit modern requests and significantly speed up disk buffering.
   * [Nginx] Fixes PCRE checksum after the preferred version update in 5.0.29 (contributed by: clemensg).
   * [Apache] Fixes buffer limit crash on large file upload (when core disk buffer can't keep up with client for some time), and limits per-client buffer memory usage to 130 KB. Closes GH-1620.
   * Fixes potential hang when an UnseekableSocket gets serialized to json. Closes GH-1838.

Thu Jun 23 04:39:05 UTC 2016 -

- updated to version 5.0.29
 see installed CHANGELOG

  Release 5.0.29
   * Fixes the FreeBSD build breaking due to the `-ldl` flag introduced by the LVE integration patch (5.0.28). Closes GH-1805.
   * Fixes per-application interpreter override (ruby, node, python) being ignored in mass deployment mode. Closes GH-1818.
   * Fixes incomplete refactor from 5.0.27 that could, under specific conditions, lead to a Passenger crash. Closes GH-1794.
   * [Apache] Remove unused code that caused a crash in configurations with thousands of VirtualHost entries. Closes GH-1676.
   * [Nginx] Fixes use of invalid logfile name (memory already released) in backup log redirection code. Possibly related to GH-1774.
   * [Nginx] The preferred Nginx version is now 1.10.1 (previously 1.10.0).
   * [Nginx] The preferred PCRE version is now 8.39 (previously 8.34).
   * [Standalone] Passenger Standalone now supports /dev/stdout and /dev/stderr as log file path (via `--log-file` or Passengerfile.json). This is especially useful in Docker containers. In previous versions logging to those paths did not work, resulting in nothing getting logged at all.

Thu May 12 14:11:34 UTC 2016 -

- add fix-undeclared-isnan.patch (from

Tue May 10 12:51:14 UTC 2016 -

- update to version 5.0.28
  * Finalizes the fix (5.0.26) for the `rails server` command integration to prevent "missing on_event" errors. Closes GH-1768.
   * Fixes missing -fPIC in Nginx dynamic module compilation (5.0.26) on Linux (rewrite of a patch by Andrei Belov). Closes GH-1793.
   * Fixes memory leak that could occur whenever more than 1024 concurrent requests are handled (more likely since the higher concurrency support options from 5.0.24). Closes GH-1797.
   * Integrates with CloudLinux LVE and CageFS (security checks and a new option PassengerLveMinUid). Thanks to Oleksiy Shchukin from CloudLinux Inc. for contributing this.
   * Fixes the Nginx build when the PCRE library is not available (such as when compiling with `--without-http_rewrite_module`). Closes GH-1796.
   * Extends `passenger-memory-stats` filter to show the instance dir toucher too (as well as the core in valgrind debug runs).
   * Changes the default for friendly error pages to "off" unless the environment is set to "development", rather than "on" unless "staging" or "production". Closes GH-1782.
   * [Nginx] The preferred Nginx version is now 1.10.0 (previously 1.8.1).

- changes in release 5.0.27
  * Fixes encoding issue for Ruby apps that resulted in a 0-byte response body. This occurred when the Ruby native support lib was not used and the app outputted an encoding that doesn't mix with UTF-8 (like UTF-16). Closes GH-1763.
  * Fixes Passenger Core and application processes staying on the Watchdogs OOM score (unkillable) when user switching is set to off. Closes GH-1631.
  * Supports Debian GNU/kFreeBSD build. Based on contribution by stevenc99.
  * Switches a number of places in the Passenger Core over to using the monotonic clock instead of the wallclock for robustness against clock time-stepping.
  * Slightly improves out-of-memory detection in some subroutines.
  * Fixes incomplete libuv upgrade: some build files were not autoregenerated during the upgrade from 1.5.0 to 1.8.0 in the previous release.
  * Warnings about 502 responses that are caused by applications aborting their output while the client is no longer connected (e.g. due to half-close event, reported since 5.0.26) are now reduced to debug level.
  * Fixes automatic compilation of Ruby's native_support library in case Passenger was installed through Debian or RPM packages. Closes GH-1778.
  * Fixes memory leak when buffering large request/response bodies to disk (which happens as soon as the 100 KB memory buffer is full).
  * Fixes crash if an application spawn fails and a non-UTF8 character appears in the spawn output. Closes GH-1601.
  * Updates the `rails server` command integration (from 5.0.25) to prevent "missing on_event" errors. Closes GH-1768. Update: not all required code made it to the release, the final fix is delivered in 5.0.28.
  * [Union Station] Fixes a crash that occurs if all of the following conditions are met: 1) Union Station support is enabled, 2) the client sent at least one header containing the empty string, 3) the application responds with a 4xx or 5xx status. Closes GH-1776.

Wed Mar 23 12:07:48 UTC 2016 -

- Force fixed timestamps for patched gems (bsc#916047)

Thu Mar  3 10:58:38 UTC 2016 -

- refresh suse patch to apply cleanly again

Wed Mar  2 05:35:03 UTC 2016 -

- updated to version 5.0.26
 see installed CHANGELOG

  Release 5.0.26
   * `passenger-status --show=server` now reports the speed at which new requests are accepted.
   * `passenger-status --show=server` now reports `last_data_send_time` and `last_data_receive_time` which can be used to troubleshoot long-running requests (for example, to see if a websocket heartbeat is stuck).
   * Passenger now reports TCP half-closing events to Node.js and Meteor applications, which allows them to detect request body and WebSocket closes without having to send data to the client.
   * Fixes outputting Content-Length and Transfer-Encoding headers on HEAD requests for Ruby apps. These headers were omitted in previous versions on HEAD requests.
   * Bumps the default socket backlog size from 1024 to 2048.
   * Upgrades libuv to version 1.8.0.
   * When using our RPM packages, system SELinux policy upgrades no longer break the Passenger SELinux policy. Closes GH-1663.
   * [Apache] Fixes compilation against Apache installations which include `-pie` in CFLAGS. Closes GH-1756.
   * [Nginx, Standalone] Bumps default Nginx worker_connections from 1024 to 4096 (effectively 2048 because of internal reverse proxy)
   * [Nginx, Standalone] Introduces the option `core_file_descriptor_ulimit` and `app_file_descriptor_ulimit`, for setting the file descriptor ulimits of the Passenger core and the application, respectively.
   * [Nginx] Passenger can now be [compiled as an Nginx dynamic module]( Thanks to Ruslan Ermilov from NGINX Inc for contributing this.
   * [Standalone] Prints a warning when an unsupported configuration option in Passengerfile.json is set.
   * [Standalone] Fixes "address already in use" errors when using the builtin engine.
   * [Enterprise] The rolling restart feature now waits until the old process is completely gone (drained its request queue, process exited) before proceeding with rolling restarting the next process. This results in friendlier resource usage during rolling restart.
   * [Union Station] Fixes custom logging time arguments getting overwritten by current time for Ruby apps (so some sub-blocks like "framework request processing" appeared shorter than they were). This could happen since the switch to monotonic clock in 5.0.22.

Fri Feb 19 05:35:48 UTC 2016 -

- updated to version 5.0.25
 see installed CHANGELOG

  Release 5.0.25
   * Integrates into the `rails server` command. Please learn more at [the Passenger + Rails integration documentation](
   * Adds explicit support for Action Cable. Please learn more at the [Passenger Library](
   * Removes packages for Ubuntu 15.04 Vivid and Debian 6. Ubuntu 15.04 and Debian 6 are still supported, we just don't supply packages for them anymore. If you are an Ubuntu 15.04 or Debian 6 user and you want to use Passenger >= 5.0.25, then please upgrade your distribution, or install Passenger from RubyGems/tarball.
   * Fixes a potential crash due to memory corruption in code for `passenger-config reopen-logs`.
   * Fixes a potential crash in the large (inbound/outbound) file buffering code.
   * Fixes a crash that occurs when using Nginx + HTTPS + Sub-requests. Closes GH-1724.
   * Fixes a crash that occurs when using Nginx + syslog and a logfile for Passenger. Also fixes edge cases where the Nginx logpath would override the Passenger logpath. Closes GH-1514 (again).
   * [Union Station] Fixes a potential crash due to a wrong limit on snprintf (introduced in 5.0.24 by GH-1633). Closes GH-1744.
   * [Union Station] Fixes Union Station Node.js request introspection to allow for application.use method chaining. Closes GH-1745.
   * [Union Station] Fixes information about sinks sometimes missing from `passenger-status --show=union_station`.
   * [Union Station] When one or more Union Station gateways are suffering from technical difficulties, the Union Station support code now tries more quickly to reestablish the connection.
   * [Standalone] Don't reject the value 0 (meaning no limit) for `--max-request-queue-size`. Closes GH-1743.
   * [Standalone] Makes the `--address` option work more reliably if the passed hostname may resolve to multiple addresses. For example, if you pass `--address localhost` then previous versions could fail because Passenger thinks it's an IPv6 address (::1) while Nginx thinks it's an IPv4 address ( Hostname resolution is now done in a consistent manner.
   * [Standalone] Adds the `--unlimited-concurrency-path` configuration option.
   * [Standalone] Adds IPv6 support to the builtin engine.

Tue Feb  2 05:36:26 UTC 2016 -

- updated to version 5.0.24
 see installed CHANGELOG

  Release 5.0.24
   * Fixes a crash when the new `force_max_concurrent_requests_per_process` option (5.0.22) was used for non-Node.js apps (e.g. Ruby). Closes GH-1720.
   * Fixes Solaris compilation. This was a regression due to the patch for GH-1643 in 5.0.22. Closes GH-1694, GH-1701.
   * Logs for [Union Station]( provide more information about request queueing. Closes GH-1633.
   * Also log HTTP headers to Union Station for HTTP 4xx responses (extends the header logging for HTTP 5xx that was added in 5.0.22)
   * Fixes cases where compilation failure of (optional) native utils was not reported.
   * On Ruby, no longer traps SIGEXIT. This fixes erroneously setting `$ERROR_INFO` in `at_exit` callbacks. Closes GH-1730.
   * Fixes a wrong loop exit condition that could cause a deadlock with 100% CPU usage by Passenger core. Closes GH-1709, GH-1732.
   * Adds `socket_backlog` option to configure the Passenger Core socket backlog. For use with e.g. "Resource temporarily unavailable while connecting to upstream" errors. Closes GH-1726.
   * [Nginx] The preferred Nginx version is now 1.8.1 (previously 1.8.0).
   * [Standalone] Fixes the default value of the `load_shell_envvars` option. It's supposed to be disabled by default, but due to a typo it was enabled by default.

Tue Dec 22 05:36:45 UTC 2015 -

- updated to version 5.0.23
 see installed CHANGELOG

  Release 5.0.23
   * Fixes the request acceptor error handling timeout. When an error occurs while Passenger is accepting a request (for example, when Passenger has run out of file descriptors), Passenger is supposed to wait for 3 seconds before trying again. Because of a typo, Passenger actually waited 3 milliseconds.
   * [Enterprise] Fixed a regression in the Passenger Standalone Nginx config template that breaks the Mass Deployment feature.
   * The mime type for serving static XHTML files is updated. We no longer use the mobile profile, so it is recognized by desktop browsers. Closes GH-1695.
   * Improves error messages about Ruby native support to indicate the optional nature. Passenger is able to operate even without the native support extension, but that wasn't clear enough to some users, causing them to think of the old messages as errors.
   * [Standalone, Nginx] When using the new `abort_websockets_on_process_shutdown` configuration option, Passenger waited for the app to close without signaling it that shutdown was in progress. Node.js apps now get a SIGINT. Closes GH-1702.
   * With friendly error pages off Passenger would still show a trace (referencing only Passenger code) for unusual spawn errors. This has been changed to a generic error message. Closes GH-1704.

Wed Dec  9 14:52:38 UTC 2015 -

- update to version 5.0.22 (boo#956281)
  - Fixes a header collision vulnerability (CVE-2015-7519, medium
    severity). Please see our blog for detailed vulnerability
    description and advisory. Thanks to the SUSE security team for
    reporting this issue.
  - [Apache] Fixes compatibility with Apache 2.4.17's
    mod_autoindex. Fix contributed by Eric Covener. Closes GH-1642.
  - [Standalone] Passenger Standalone now [accepts configuration
    options from environment
    This makes using Passenger Standalone significantly easier on
    Heroku or on systems that follow the 12-factor principle.
    Closes GH-1661.
  - [Standalone] The Nginx configuration template has been cleaned
    up. It is now significantly easier to edit the Nginx
    configuration template without breaking compatibility with
    future versions.
  - [Standalone] The `passenger start` command now performs a
    sanity check on the internally generated Nginx configuration
    file and advises you accordingly when there is a problem.
  - [Standalone] The `passenger status` and `passenger stop`
    commands now respect Passengerfile.json. Closes GH-1593.
  - [Standalone] Passenger Standalone on Solaris now properly tails
    the application log file.
  - [Standalone] Fixes a problem with Passenger Standalone's
    builtin engine exiting at startup when run on Solaris.
  - [Standalone] `passenger start` now accepts the `--envvar`
    command line option for passing environment variables to the
  - [Standalone] `passenger start` now accepts the `--memory-limit`
    configuration option.
  - [Standalone] `passenger start` now accepts the
    `--max-request-queue-size` configuration option.
  - [Standalone] `passenger start` now accepts the
    `--debug-nginx-config` configuration option. This option allows
    you to view the Nginx configuration file that Passenger
    Standalone generates internally.
  - [Standalone, Nginx] Introduces a new configuration option:
    `abort_websockets_on_process_shutdown`. By default, when
    Passenger shuts down or restarts an application process, it
    will abort associated Websocket connections. This option allows
    you to disable that behavior. Closes GH-1686.
  - Introduces a new configuration option:
    `force_max_concurrent_requests_per_process`. This option is
    mostly useful for making dynamic process scaling work in
    Node.js and Meteor apps.
  - Various administration tools, such as `passenger-status`, no
    longer raise an flock EBADF error on Solaris. Closes GH-1643.
  - The `passenger-config reopen-logs` command, when used in
    combination with Passenger Standalone and the Nginx engine, now
    also instructs Nginx to reopen its log files. Closes GH-1674.
  - Fixes Passenger erroneously adding a `Content-Length` or
    `Transfer-Encoding` header to Ruby HTTP 204 No Content
    responses. Closes GH-1595.
  - Fixes Union Station logging of Rack response body actions.
  - The `passenger-config restart-app` command, when given
    `--ignore-app-not-running`, now properly exits with a zero
    status when one or more applications are running, but none of
    them belonging to the invoking user. Closes GH-1655.
  - The `passenger-config validate-install` command no longer
    prints false warnings about duplicate Passenger installs on
    systems that use RBenv. Closes GH-1627.
  - Fixes race conditions in the automatic building of the Ruby
    native support extension. Closes GH-1570.
  - [Enterprise] Fixes compatibility with byebug 7.0. Closes
  - Support Union Station logging for Node.js applications, with
    Express/MongoDB automatically supported. 
  - The Ruby Union Station hooks no longer abort with a fatal error
    when the application does not call the Union Station
    initializer method during startup. The error is now only
  - In case of an error response (HTTP 5xx), Union Station logging
    will also contain request headers.
  - The Union Station hooks are now more resilient against
    environment variable problems.
- rebase suse.patch to apply cleanly again

Mon Oct 26 10:45:13 UTC 2015 -

- update to version 5.0.21
  - Properly handles Ruby applications that output the
    `Content-Length` and `Transfer-Encoding` headers in
    non-standard casing, e.g. `Content-length`. Closes GH-1517.
  - Fixes Ruby application loading incompatibilities caused by the
    use of absolute paths. Closes GH-1596.
  - Fixes OpenSSL detection problems on OS X 10.11 El Capitan. OS X
    10.11 no longer includes OpenSSL headers, so Passenger will
    suggest and use OpenSSL from Homebrew. Closes GH-1630.
  - Introduces the [secure HTTP
    feature for Node.js and Meteor apps. This mechanism allows
    Passenger to send per-request information to the application,
    while guaranteeing that this information is not spoofed by the
  - Per-request Apache environment variables are now passed to
    Node.js and Meteor apps through the
    secure header.
  - Fixes some unintentional caching of request-specific
    environment variables. Closes GH-1479.
  - For Node.js applications, Passenger now calls
    `process.emit('message', 'shutdown')` whenever Passenger shuts
    down an application process. This is the same hook as used by
    PM2, allowing applications which use the PM2 graceful shutdown
    mechanism to be run on Passenger without changes.
  - [Enterprise] Fixes a bug in passenger-irb where printing
    strings larger than 64 KB would cause it to crash.
  - [Enterprise] Fixes the `passenger-config restart-app` command
    so that it performs a non-rolling-restart unless
    `--rolling-restart` is given as command line option, as per the
    documentation. Previously, `passenger-config restart-app`
    without `--rolling-restart` would perform a rolling restart if
    rolling restarts are configured in the configuration file, but
    this contradicted documented behavior. Closes GH-1634.
- rebase suse.patch to apply cleanly again

Thu Oct  8 11:56:04 UTC 2015 -

- fix requires and supplements of apache2 subpackage

Wed Oct  7 12:19:23 UTC 2015 -

- fix path for native support library

Tue Oct  6 18:29:11 UTC 2015 -

- squashed all patches into suse.patch and added
- dropped patches
  - 0001-fix-shebang.patch
  - 0002-load-system-passenger-libs.patch
  - 0003-use-shared-path-for-shared-resources.patch
  - 0004-fix-default-temp-dir.patch

Wed Sep 30 16:08:09 UTC 2015 -

- update to version 5.0.20
  - Fixes memory management bugs in Union Station support.
  - Improves the error handling in Union Station support.
  - `passenger-config validate-install` now properly handles CR
    characters in Apache configuration files.
- changes from  5.0.19
  - Fixes an encoding crash in `passenger-memory-stats` on OS X in
    case one or more processes are running on the system with names
    containing UTF-8 characters. Closes GH-1603.
  - [Ruby] Fixes handling of HTTP 205 responses, which would cause
    client connections to freeze.
  - Improves Union Station data collection: more Rack I/O events
    are now logged. The time taken to write out and to close the
    Rack response body are now logged.
  - Improves Union Station data sending: errors are now logged more
    clearly, and DNS errors are now handled more robustly.
  - Improves Union Station troubleshooting: errors can now be
    diagnosed by running `passenger-status --show=union_station`.
  - Refactors the Union Station Ruby hook code. They have been
    extracted to external gems. However, they are still bundled
    with Passenger for ease of use.
- drop all patches and replaced with a git-format-patch series:
  - added patches
    - 0001-fix-shebang.patch
    - 0002-load-system-passenger-libs.patch
    - 0003-use-shared-path-for-shared-resources.patch
    - 0004-fix-default-temp-dir.patch
  - removed patches:
    - passenger-4.0.14_missing_includes.patch
    - passenger-4.0.50_fix_shebang.patch
    - passenger-4.0.50_load_system_passenger_libs.patch
    - passenger-4.0.50_paths.patch
    - passenger-4.0.53_fix-default-temp-dir.patch

Thu Sep 10 04:30:00 UTC 2015 -

- updated to version 5.0.18
 see installed CHANGELOG

  Release 5.0.18
   * Fixes more memory corruption issues in the palloc subsystem.
   * Fixes memory corruption issues in the Passenger core that may occur if the application sets many response headers. The issue was caused by an off-by-one bug.

Tue Sep  8 04:31:17 UTC 2015 -

- updated to version 5.0.17
 see installed CHANGELOG

  Release 5.0.17
   * Adds packages for Ubuntu 15.10 "Wily", even though Ubuntu 15.10 hasn't been released yet.
   * Fixes some memory corruption issues in the palloc subsystem. Closes GH-1587.
   * Fixes the Node.js `PhusionPassenger.on('exit')` event. This event worked if you restart the app or detach an application process, but not if you stop Passenger.
   * Fixes support for `passenger_pre_start` URLs that contain very long authentication strings. This was caused by the fact that our Base64 encoder generated unexpected newlines.
   * [Standalone] Improves application prestarting. Application prestarting is now available in combination with the 'builtin' engine, and now works when SSL is used.

Tue Aug 25 04:34:26 UTC 2015 -

- updated to version 5.0.16
 see installed CHANGELOG

  Release 5.0.16
   * Allows independent configuration of Union Station gateway address, port and certificate. Closes GH-1543.
   * Supports seek() such that body.rewind works when using Rack middleware that uses Zlib::GzipReader (e.g. for compressed requests). Closes GH-1553.
   * [Apache] Improves detection of Apache configuration file problems. Closes GH-1577.
   * [Enterprise] Fixes installation of the Passenger Enterprise Apache module on Debian Testing.
   * Fixes logging of HTTP response code for Union Station. This regression was introduced by Passenger 5. Closes GH-1581. 
   * Adds a new subcommand `passenger-config about support-binaries-dir`.
   * Fixes a regression in the Node.js loader with regard to custom startup files. This bug was introduced in 5.0.14. Closes GH-1557 (again).
   * Fixes a crash when a Ruby application is accessed through a sub-URI and a root virtual host at the same time.

Wed Aug 12 11:47:55 UTC 2015 -

- make sure we set up /{var/,}run/passenger on install

Wed Aug 12 11:37:01 UTC 2015 -

- update to version 5.0.15
  - Support SHA256 digests for the Rails asset pipeline, as used by
    Sprockets 3.x.
  - Support for JRuby Closes GH-1562.
  - Fixes some bugs in Union Station support, which causes some
    data (such as controller information and exceptions) to not be
  - The old Users Guides have been deprecated in favor of the
    [Passenger Library](
    The Users Guides now redirect to appropriate sections in the
    Passenger Library.
- additional changes in 5.0.14
  - [Standalone] Relative path handling has been improved. In
    previous versions, relative paths were not handled in a
    consistent manner. Relative paths are now handled consistently
    according to the following rules:
    - If a relative path is given via a command line option, then
      it is relative to the current working directory.
    - If a relative path is given via Passengerfile.json, then it
      is relative to Passengerfile.json.  Closes GH-1557.
  - [Standalone] The `--disable-turbocaching` now works with the
    Nginx engine.
- additional changes in 5.0.13
  - The `passenger-config restart-app` command now supports the
    option `--ignore-passenger-not-running`. If this option is
    given, the command will exit normally instead of exiting with
    an error, if Passenger is not running. This option is useful in
    deployments involving Passenger Standalone. In an initial
    deployment, Passenger Standalone may not yet be running.
    Passing this option allows you to ignore that issue.
  - SELinux policy issues in the RPMs have been fixed.
  - [Apache] `passenger-config reopen-logs` didn't work on Apache
    unless you explicitly set `PassengerLogFile`. This has now been
  - [Standalone] Due to some internal refactorings, the Passenger
    Standalone Nginx configuration template has changed. If you
    used a custom Nginx configuration template, please merge our
    latest changes into it.
- additional changes in 5.0.12
  - [Enterprise] Fixed passenger-irb. It was broken in 5.0.10
    because of the change that made using admin commands without
    sudo possible.
- additional changes in 5.0.11
  - In 5.0.10, admin tools such as `passenger-status` and
    `passenger-config restart-app` display an authorization error
    if they are run without sudo, while at the same time Passenger
      isn't serving any applications. Since this is confusing, they
      have now been modified to display a more appropriate error
  - Fixes a bug in the RPMs that prevent admin tools such as
    `passenger-status` and `passenger-config restart-app` from
    working when they are invoked without root privileges.
  - Fixes a bug on OS X that prevent admin tools such as
    `passenger-status` and `passenger-config restart-app` from
    detecting Passenger instance directories when they are invoked
    without root privileges. Closes GH-1535.
  - Fixes a bug that causes Passenger not to work if the HOME
    environment variable is not set.
  - Fixes compatibility with non-Rails Ruby apps that require the
    actionview gem. Closes GH-1547.
  - Fixes some non-fatal "permission denied" error that may
    occasionally occur if user switching is turned off. Closes
  - Relative values for the `pid_file` and `log_file` options in
    Passengerfile.json are now supported.
  - If Passengerfile.json contains a syntax error, Passenger
    Standalone now correctly prints an error message instead of
  - Sending a SIGABRT signal to a Ruby process now properly makes
    it terminate.
  - The `passenger-config restart-app` command now accepts `.` as
    parameter, which it will interpreter as "restart the app in the
    current working directory". Closes GH-1386.
  - [Apache] Setting `PassengerLogLevel` no longer redirects
    Apache's own stderr to that log file. Closes GH-1373.
  - [Standalone] Passenger Standalone's Nginx engine now includes
    the RealIP module. Closes GH-1389.
  - [Standalone] The `--max-preloader-idle-time` option has been
- additional changes in 5.0.10
  - It is now possible to run `passenger-status`, `passenger-config
    restart-app` and other admin commands without using sudo. When
    run without sudo, these admin commands will allow you to
    operate on apps and processes that are owned by the user that
    invoked the admin command. Closes GH-1392.
  - Fixes a crash introduces in 5.0.9 due to not properly
    initializing a variable. Closes GH-1530.
  - The `passenger-config reopen-logs` command now works by
    instructing the Watchdog process to reopen the log file, while
    instructing the other Passenger processes to re-inerhit the log
    file from the Watchdog instead of trying to reopen the log file
    on their own. This makes log file reopening more robust. Closes
  - `passenger-config restart-app` no longer leaves the terminal in
    a state with black background. Closes GH-1526.
  - `passenger-config admin-command` has been renamed to
    `passenger-config api-call` in order to avoid confusion with
    any potential admin interfaces that we will introduce in the
  - If Union Station support is enabled, process and system metrics
    weren't being sent correctly to Union Station. This has been
  - [Enterprise] Fixes the fact that the Passenger Enterprise RPM
    didn't correctly set SELinux permissions on its own files.
  - [Apache] passenger-install-apache2-module no longer aborts with
    an error if the Apache configuration file contains errors.
    Closes GH-1525.
  - [Apache] Fixes a typo that would cause
    passenger-install-apache2-module to crash on Red Hat and CentOS
    systems on which the SELinux command line tools are not
    installed. Closes GH-1527.
- additional changes in 5.0.9
  - The casing of original headers as generated by the application
    are now preserved, instead of being downcased. This fixes
    compatibility issues with broken HTTP clients. Closes GH-1436.
  - Internal refactoring: we've replaced libeio with libuv. This
    makes some of our code simpler. Closes GH-1428.
  - When the passenger-status tool tries to cleanup a stale
    instance directory, it will no longer abort with an error when
    it fails to do that. It will now merely print a warning. Fixes
    [StackOverflow question
  - Fixes compilation problems on Solaris.
  - The Ruby handler has been made more robust. Previously, it was
    possible for applications to corrupt connections by returning
    incorrect Rack responses. This may cause connections to get
    stuck. The Rack handler has been hardened to ensure that
    connections will never get corrupted or stuck. Closes GH-1512.
  - The Ruby handler now closes the Rack response body even when
    the socket connection is hijacked by the application. The Rack
    specification is unclear about what to do in this case, and
    different Ruby app servers do different things. We have found
    that by closing the body object anyway, we maximize
    compatibility with existing Rack middlewares and apps, such as
    Rack::Lock. Background information about this issue can be
    found at
  - Fixes a crash that could occur if some HTTP request headers are
    present, but have the empty value. Closes GH-1524.
  - Fixes a permission problem that prevents the web server from
    communicating with Passenger when user switching is off. Closes
  - Fixes a few small one-time memory leaks in the Passenger agent.
    This wraps up the workitems discovered in valgrind runs on
    earlier versions.
  - Fixes use of uninitialized metrics. This could happen for a
    brief moment after spawning.
  - [Apache] If you pass the `--apxs2-path` parameter to
    `passenger-install-apache2-module`, and the apxs2 path that you
    specified is not in PATH, then the installer would think that
    Apache installation is broken. This has been fixed.
  - [Apache] A `Connection: close` header that was used for
    internal communication between Passenger processes was being
    leaked to the client, which breaks HTTP keep-alive connections.
    This has been fixed. Closes GH-1516.
  - [Nginx] The preferred Nginx version is now 1.8.0. It was
    previously 1.6.3.
  - [Nginx] Passenger now passes to the application the raw URI as
    sent by the client, as long as Nginx didn't modify the URI
    (e.g. as part of rewrite rules). This means that escaped
    slashes (%2F) in the URI now work correctly and out-of-the-box
    as long as there are no applicable rewrite rules.
  - [Nginx] Fixes that crash that would occur if Nginx is
    configured to log to syslog. And to prevent log messages from
    disappearing into a black hole, Passenger will now ask you to
    set `passenger_log_file` if Nginx is configured to log to
    syslog. Closes GH-1514.
  - [Standalone] Prevents an existing instance from being shut down
    if starting a new instance fails.
- additional changes in 5.0.8
  - We now supply Debian 8 and Ubuntu 15.04 packages. Closes
    GH-1494 and GH-1400.
  - We now supply Red Hat 6, Red Hat 7, CentOS 6 and CentOS 7
  - We no longer supply Ubuntu 10.04 packages because Ubuntu 10.04
    is no longer supported by Canonical.
  - Fixes a Passenger crash (SIGSEGV) that occurs occasionally when
    out-of-band garbage collection is enabled. Closes GH-1469.
  - Fixes a Passenger crash (SIGSEGV) that occurs occasionally with
    redirects to relative URLs. Closes GH-1513.
  - Fixes cases when Passenger shuts down more processes than is
    allowed by the `min_instances` limit. Closes GH-1500.
  - Fixes "Bad Gateway" errors that would occur when an application
    sets the X-Sendfile or X-Accel-Redirect header, together with a
    non-empty response body. Closes GH-1498.
  - Fixes the fact that Passenger agent processes don't lower their
    privilege when user switching is turned off.
  - Fixes autodetection of Apache on Gentoo. Closes GH-1510.
  - Fixes compilation problems on Solaris. Closes GH-1508.
  - [Standalone] Adds the `--pool-idle-time` command line
  - [Standalone] Adds the `--auto` command line parameter for
    running non-interactively. This supresses prompts. Closes

Mon May 18 09:29:57 UTC 2015 -

- update to version 5.0.7
  - Supports changed way of specifying settings for (non-bundled)
    Meteor apps. Closes GH-1403.
  - Fixes an integer-to-string conversion bug in the code
    responsible for buffering chunked request bodies. This bug
    could cause the PassengerAgent to crash due to an exception.
    Thanks to Marcus Rückert of SUSE for reporting this.
  - Request-specific environment variables are no longer cached.
    This fixes a number of issues, such as Shibboleth not working
    properly and conflicts between HTTPS and non-HTTPS virtual
    hosts. Closes GH-1472.
  - Fixes a memory corruption bug that would be triggered when
    using `passenger_base_uri`. The memory corruption bug resided
    in the code for resolving symlinks. Closes GH-1388.
  - Re-introduced signal catchers during shutdown, to allow clean
    shutdown in Foreman. Closes GH-1454.
  - `passenger-status --show=xml` no longer outputs the non-XML
    header by default. This fixes a regression as reported in a
    comment in GH-1136.
  - Passenger now prefers to load Rack and Bundler from RubyGems
    instead of from `vendor_ruby`. This solves some issues with
    Rack and Bundler on Debian systems. Closes GH-1480 and GH-1478.
  - The turbocache no longer caches responses that contain the
    `X-Sendfile` or the `X-Accel-Redirect` header.
  - The preferred Nginx version has been upgraded to 1.6.3.
  - The logging agent no longer aborts with an error if one of the
    Passenger root directory's parent directories is not
    world-executable. Closes GH-1487.
  - [Standalone] It is now possible to configure the Ruby, Node.js
    and Python executable to use in Passenger Standalone through
    the command line options --ruby, --nodejs and --python. Closes
  - [Standalone] Running `passenger start --engine=builtin
    --daemonize` would fail with a timeout error. This has been
  - [Standalone] Running `passenger start --nginx-version=XXX`
    would crash. This has been fixed. Closes GH-1490.
  - [Apache] Fixed some issues with X-Sendfile. Closes GH-1376.
  - [Apache] If the installer fails to autodetect Apache while the
    installer is running as a normal user, it will now ask you to
    give it root privileges. Closes GH-1289.
  - [Apache] The installer now validates your Apache configuration
    file to check for common problems. The validator can also be
    accessed separately by running `passenger-config
    validate-install --validate-apache2`.
  - [Nginx] Introduces the `passenger_read_timeout` option for rare
    cases when server needs more than the default 10 minute
    timeout. Contributed by pkmiec. Closes
  - [Nginx] The Nginx module now looks for index.html if the path
    ends in / so that it works intuitively, without needing to use
  - Fixes wrong memory address display in crash dumps. Thanks to
    thoughtpolice for pointing it out.
  - Fixes an ugly backtrace that would be shown if an invalid
    request is made to an application process using the private
    HTTP interface. Contributed by jbergler. Closes GH-1311.
  - Various documentation improvements. Closes
- drop 3cd918c27e7015d5e60106f4574ea439fc4a16da.patch: included in

Thu Apr 16 14:21:07 UTC 2015 -

- update to passenger-4.0.50_load_system_passenger_libs.patch:
  we still had 2 places that tried to load the libraries from the
  relative path instead of the installed library.
- pull 3cd918c27e7015d5e60106f4574ea439fc4a16da.patch until 5.0.7
  is released

Thu Apr  2 10:03:14 UTC 2015 -

- use intree libebio as well. our system copy seems to be broken.

Thu Apr  2 09:51:40 UTC 2015 -

- Fix temp directory path in mod_passenger.conf

Tue Mar 31 20:19:14 UTC 2015 -

- use intree libev again. according to passenger upstream it is
  patched with things they need which are not in upstream libev.

Tue Mar 31 16:22:03 UTC 2015 -

- update to version 5.0.6
  - The turbocache no longer caches responses for which the
    Cache-Control header contains "no-cache". Please note that
    "no-cache" does not mean "do not cache this response". Instead,
    it means "any caching servers may only serve the cached
    response after validating it". Since the turbocache does not
    support validation, we've chosen to skip caching instead.
    Coincidentally, this change "fixes" problems with applications
    that erroneously use "no-cache" as a flag for "do not cache
    this response". What these applications should actually use is
    "no-store". We recommend the developers of such applications to
    change their caching headers in this manner, because even if
    Passenger doesn't unintentionally cache the response, any
    intermediate proxies that visitors are behind may still cache
    the response.
  - Fixes a number of memory leaks. Memory was leaked upon
    processing a request with multiple headers, upon processing a
    response with multiple headers, and upon processing a response
    with Set-Cookie headers. Every time such a request or response
    was processed, 512 bytes of memory was leaked due to improperly
    dereferencing relevant memory buffers. Closes GH-1455.
  - Fixes various bugs related to Union Station data collection.
    Union Station is our upcoming application analytics and
    performance monitoring SaaS platform. It is opt-in: no data is
    collected unless you turn the feature on.
  - Fixes a Union Station-related file descriptor leak. Closes
  - Fixes some bugs w.r.t. use of uninitialized memory.
  - More informative error message if a support binary is not
    found, including a resolution hint. Closes GH-1395.
  - [Apache] `SetEnv` variables are now passed as Rack/CGI/request
    variables. This was also the case in Passenger 4, but not in
    Passenger 5.0.0-5.0.5. We've restored the old behavior because
    the behavior in 5.0.0-5.0.5 breaks certain Apache modules such
    as Shibboleth. Closes GH-1446.
  - [Standalone] PID and log files now correctly created if user
    specifies relative path.

Wed Mar 25 16:11:50 UTC 2015 -

- updated to version 5.0.5
  - Fixes various crashes due to use of uninitialized memory. One
    such crash is documented in GH-1431.
  - Fixes a connection stall in the Apache module. Closes GH-1425.
  - Fixes a potential read-past-buffer bug in string-to-integer
    conversion routines. Thanks to dcb314 for spotting this. Closes
  - Fixes a compilation problem on Solaris. This problem was caused
    by the fact that `tm_gmtoff` is not supported on that platform.
    Closes GH-1435.
  - There is now an API endpoint for force disconnecting a client:
    `passenger-config admin-command DELETE /server/<client
    name>.json`. Closes GH-1246.
  - Fixes some file descriptor leaks. These leaks were caused by
    the fact that keep-alive connections with application processes
    were not being closed properly. Closes GH-1439.
  - In order to more easily debug future file descriptor leaks,
    we've introduced the `PassengerFileDescriptorLogFile` (Apache)
    and `passenger_file_descriptor_log_file` (Nginx) config
    options. This allows Passenger to log all file descriptor
    open/close activity to a specific log file.
  - The `PassengerDebugLogFile` (Apache) and
    `passenger_debug_log_file` (Nginx) configuration options have
    been renamed to `PassengerLogFile` and `passenger_log_file`,
    respectively. The old name is support supported for backward
    compatibility reasons.
  - [Enterprise] Fixes a bug in Flying Passenger's
    `--instance-registry-dir` command line parameter. This command
    line parameter didn't do anything.
  - [Enterprise] The Flying Passenger daemon no longer supports the
    `--max-preloader-idle-time` config option. This is because the
    config option never worked. The correct way to set the max
    preloader idle time is through the Nginx config option, but
    this was wrongly documented, so the documentation has been
- adapted several patches

Tue Mar 17 21:38:00 UTC 2015 -

- use new ruby-find-versioned script and make it build on 1.8

Tue Mar 17 05:30:21 UTC 2015 -

- updated to version 5.0.4
  * Fixes a compilation problem introduced in 5.0.3.

Tue Feb 10 18:14:09 UTC 2015 -

- updated to version 4.0.59

Wed Nov 26 11:30:51 UTC 2014 -

- fix default tmp dir in code, matching our default configs

Tue Nov 25 17:16:06 UTC 2014 -

- make it easier to run apps not under wwwrun:www by setting
  /run/passenger to root:root and 1777.

Tue Nov 25 16:12:54 UTC 2014 -

- update to 4.0.53
  - Upgraded the preferred Nginx version to 1.6.2.
  - Improved RVM gemset autodetection.
  - Fixed some Ruby 2.2 compatibility issues.
- changes in 4.0.52
  - Fixed a null termination bug when autodetecting application
  - Node.js apps can now also trigger the inverse port binding
    mechanism by passing `'/passenger'` as argument. This was
    introduced in order to be able to support the Hapi.js
    framework. Please read
    for more information regarding Hapi.js support.
  - It is now possible to abort Node.js WebSocket connections upon
    application restart. Please refer to
    for more information. Closes GH-1200.
  - Passenger Standalone no longer automatically resolves symlinks
    in its paths.
  - `passenger-config system-metrics` no longer crashes when the
    system clock is set to a time in the past. Closes GH-1276.
  - `passenger-status`, `passenger-memory-stats`,
    `passenger-install-apache2-module` and
    `passenger-install-nginx-module` no longer output ANSI color
    codes by default when STDOUT is not a TTY. Closes GH-487.
  - `passenger-install-nginx-module --auto` is now all that's
    necessary to make it fully non-interactive. It is no longer
    necessary to provide all the answers through command line
    parameters. Closes GH-852.
  - Minor contribution by Alessandro Lenzen.

Thu Nov 20 12:29:17 UTC 2014 -

- remove .o files

Thu Nov 20 12:15:54 UTC 2014 -

- it seems we need the buildout part for the agents

Thu Nov 20 11:14:23 UTC 2014 -

- fixed paths to some scripts:
  - added passenger-4.0.50_paths.patch:
    - patch paths to match our configs
  - no longer copy the bin dir to the
  - copy the agents directory directly without the buildout part in
    the target directory

Fri Sep 26 12:16:06 UTC 2014 -

- set is not sed

Wed Sep 24 15:12:45 UTC 2014 -

- no more agents sub package, dont require it anymore.

Wed Sep 24 13:49:55 UTC 2014 -

- use rake$rubysuffix instead of calling /usr/bin/rake with each
  ruby. not all ruby versions might use the same rake version.
  This fixes the 2.1 build on 13.1.

Tue Sep 23 11:05:21 UTC 2014 -

- buildrequire rake: while it ships with newer ruby releases on 1.8
  we still need to require it explicitely

Fri Sep 19 14:18:34 UTC 2014 -

- big big package clean up round
  - use normal patch application method instead of the old manual
  - use libeio from the system and not from the gem file
  - as we still have the dir from the patching step in %prep
    we dont need to move things around
  - build native support for all ruby interpreters found in the
    build env.
- drop mod_passenger.conf.systemd
  we just set the proper tmpdir in the passenger config now via sed.
  (for both apache and nginx)
- drop patches:
- added patches:
  - passenger-4.0.14_missing_includes.patch
    renamed from rubygem-passenger-4.0.14_missing_includes.patch
  - passenger-4.0.50_fix_shebang.patch
    - remove illegal shebang lines and a few shebang lines that
      would cause undesired shebang based requires.
  - passenger-4.0.50_load_system_passenger_libs.patch
    dont try to load the passenger libs relatively but use the
    normal searching via the gem directories.

Tue Sep  9 01:10:07 UTC 2014 -

- update to 4.0.50

Fri Jul 25 19:03:29 UTC 2014 -

- we also need the agents still in the gem dir -.-

Fri Jul 25 14:21:25 UTC 2014 -

- we also need resources and helper-scripts in the new passenger
- patch the helper-scripts after copying to load passenger files
  via normal require and not using a full path.

Fri Jul 25 13:09:43 UTC 2014 -

- also install the bin stuff into the new passengerroot

Tue Jul 15 14:32:12 UTC 2014 -

- move buildrequires for ruby/ruby-devel to the macro version

Thu Jul 10 23:04:11 UTC 2014 -

- switched to gem2rpm.yml still untested but builds!

Thu Jun 26 12:19:42 UTC 2014 -

- synced with an automatically generated spec file
  - most notable change from this is that we no longe require other
    gems during building

Mon Jun 23 16:01:07 UTC 2014 -

- move to new packaging style

Mon Jun 16 13:25:01 UTC 2014 -

- update to version 4.0.45
  * Major improvements in Node.js and Meteor compatibility. Older Phusion Passenger
    versions implemented Node.js support by emulating Node.js' HTTP library.
    This approach was found to be unsustainable, so we've abandoned that approach
    and replaced it with a much simpler approach that does not involve emulating
    the HTTP library.
  * Introduced support for sticky sessions. Sticky sessions are useful -- or even
    required -- for apps that store state inside process memory. Prominent examples
    include SockJS,, faye-websocket and Meteor. Sticky sessions are
    required to make the aforementioned examples work in multi-process scenarios.
    By introducing sticky sessions support, we've much improved WebSocket support
    and support for the aforementioned libraries and frameworks.
  * Due to user demand, GET requests with request bodies are once again supported.
    Support for these kinds of requests was removed in 4.0.42 in an attempt to
    increase the strictness and robustness of our request handling code. It has
    been determined that GET requests with request bodies can be adequately
    supported without degrading robustness in Phusion Passenger. However, GET
    requests with both request bodies and WebSocket upgrade headers are
    unsupported. Fixes issue #1092.
  * [Enterprise] The [Flying Passenger](
    feature is now also available on Apache.
  * Fixed some issues with RVM mixed mode support, issue #1121.
  * Fixed Passenger Standalone complaining about not finding PassengerHelperAgent
    during startup.
  * Fixed various minor issues such as #1190 and #1197.
  * The download timeout for passenger-install-nginx-module has been increased.
    Patch by 亀田 義裕.
- additional changes in 4.0.44
 * The issue tracker has now been moved from Google Code to Github.
   Before version 4.0.44 (May 29 2014, commit 3dd0964c9f4), all
   issue numbers referred to Google Code. From now on, all issue
   numbers will refer to Github Issues.
 * Fixed compilation problems on OS X Lion and OS X Mountain Lion.
 * On Ruby, fixed `nil` being frozen on accident in some cases.
   See issue #1192.
- additional changes in 4.0.44
 * Introduced a new command `passenger-config list-instances`, which prints all
   running Phusion Passenger instances.
 * Introduced a new command `passenger-config system-metrics, which displays
   metrics about the system such as the total CPU and memory usage.
 * Fixed some compilation problems caused by the compiler capability autodetector.
 * System metrics such as total CPU usage and memory usage, are now sent to
   [Union Station]( in preparation for future

Sun May 18 09:04:45 UTC 2014 -

- updated to version 4.0.42
  * [Nginx] Upgraded the preferred Nginx version to 1.6.0.
  * [Nginx] Fixed compatibility with Nginx 1.7.0.
  * [Standalone] The MIME type for .woff files has been changed to application/font-woff.
    Fixes issue #1071.
  * There are now APT packages for Ubuntu 14.04. At the same time, packages for
    Ubuntu 13.10 have been abandoned.
  * Introduced a new command, `passenger-config build-native-support`, for ensuring
    that the native_support library for the current Ruby interpreter is built. This
    is useful in system provisioning scripts.
  * For security reasons, friendly error pages (those black/purple pages that shows
    the error message, backtrace and environment variable dump when an application
    fails to start) are now disabled by default when the application environment is
    set to 'staging' or 'production'. Fixes issue #1063.
  * Fixed some compilation warnings on Ubuntu 14.04.
  * Fixed some compatibility problems with Rake 10.2.0 and later.
    See [Rake issue 274](
  * Improved error handling in [Union Station]( support.
  * Data is now sent to Union Station on a more frequent basis, in order to make new
    data show up more quickly.
  * Information about the code revision is now sent to Union Station, which will be
    used in the upcoming deployment tracking feature in Union Station 2.
 Release 4.0.41
  * Fixed some issues with printing UTF-8 log files on Heroku.
  * Added a new flag `--ignore-app-not-running` to `passenger-config restart-app`.
    When this flag is given, `passenger-config restart-app` will exit successfully
    when the specified application is not running, instead of exiting with
    an error.
  * Our precompiled Passenger Standalone binaries have been upgraded to use
    OpenSSL 1.0.1g, which fixes [the OpenSSL Heartbleed vulnerability](
    Users who are using Passenger Standalone with SSL enabled are vulnerable,
    and should upgrade immediately. Users who do not use Passenger Standalone,
    users who use Passenger Standalone without SSL, or users who use Passenger
    Standalone with SSL behind another SSL-enabled reverse proxy, are not

Tue Apr  8 11:49:54 UTC 2014 -

- fix passenger usage together with systemd (bnc#858460)
  * move passenger files to /run/passenger/passenger* 

Fri Mar 21 12:54:12 UTC 2014 -

- updated to version 4.0.40
  * Upgraded preferred Nginx version to 1.4.7. This Nginx version fixes
    a buffer overflow. Users are strongly urged to upgrade Nginx as soon
    as possible.
 Release 4.0.39
  * Fixed a crash that could happen if the client disconnects while a chunked
    response is being sent. Fixes issue #1062.
  * In Phusion Passenger Standalone, it is now possible to customize the Nginx
    configuration file on Heroku. It is now also possible to permanently apply
    changes to the Nginx configuration file, surviving upgrades. Please refer
    to the "Advanced configuration" section of the Phusion Passenger Standalone
    manual for more information.
  * The programming language selection menu in passenger-install-apache2-module
    and passenger-install-nginx-module only works on terminals that support
    UTF-8 and that have a UTF-8 capable font. To cater to users who cannot meet
    these requirements (e.g. PuTTY users using any of the default Windows fonts),
    it is now possible to switch the menu to a plain text mode by pressing '!'.
    Fixes issue #1066.
  * Fixed printing UTF-8 characters in log files in Phusion Passenger Standalone.
  * It is now possible to dump live backtraces of Python apps through the
    'SIGABRT' signal.
  * Fixed closing of file descriptors on OS X 10.9.
  * Fixed compilation problems with Apple Clang 503.0.38 on OS X.
  * Fixed compilation of native_support on Rubinius.

Fri Feb 28 10:20:27 UTC 2014 -

-  Release 4.0.38

   * Added support for the new Ruby 2.1.0 out-of-band garbage collector.
     This can much improve garbage collection performance, and drastically
     reduce request times.
   * Fixed a symlink-related security vulnerability.

     Urgency: low
     Scope: local exploit
     Summary: writing files to arbitrary directory by hijacking temp directories
     Affected versions: 4.0.37
     Fixed versions: 4.0.38

     This issue is related to CVE-2014-1831 (the security issue as mentioned in
     the 4.0.37 release notes). The previous fix was incomplete, and still has a
     (albeit smaller) small attack time window in between two filesystem
     checks. This attack window is now gone.
   * Fixed some compilation problems on Solaris. See issue #1047.
   * passenger-install-apache2-module and passenger-install-nginx-module
     now automatically run in `--auto` mode if stdin is not a TTY. Fixes
     issue #1030.
   * Fixed an issue with non-bundled Meteor apps not correctly running in
     production mode.

Sat Feb 22 06:25:41 UTC 2014 -

- updated to version 4.0.37, see

Fri Feb  7 13:31:54 UTC 2014 -

- use new macros

Fri Feb  7 09:26:24 UTC 2014 -

- avoid rubygem-rake, but buildrequire rubygem(rake)

Sun Jan  5 14:39:50 UTC 2014 -

- updated to version 4.0.33, a lot of bugfixes, see

Mon Dec  9 12:25:18 UTC 2013 -

- Update config.guess and config.sub of the gem automatically.

Mon Dec  9 11:39:36 UTC 2013 -

- updated to version 4.0.27
  * [Apache] Fixed a bug in the Apache module which could lock up the Apache
    process or thread. This is a regression introduced in version 4.0.24.
  * Node.js application processes now have friendly process titles.

Fri Nov 29 11:05:07 UTC 2013 -

- updated to version 4.0.26
  * Introduced the `PassengerBufferUpload` option for Apache. This option allows one
    to disable upload buffering, e.g. in order to be able to track upload progress.
  * [Nginx] The `HTTPS` variable is now set correctly for HTTPS connections, even
    without setting `ssl on`. Fixes issue #401.
  * [Standalone] It is now possible to listen on both a normal HTTP and an HTTPS port.
  * [Enterprise] The `passenger-status` tool now displays rolling restart status.

Fri Nov 22 08:40:38 UTC 2013 -

- updated to version 4.0.25
  * The `PassengerEnv`/`passenger_env`/`--environment` option now also sets NODE_ENV,
    so that Node.js frameworks like Connect can properly respond to the environment.
  * Fixed a bug in our Debian/Ubuntu packages causing `passenger-install-nginx-module`
    not to be able to compile Nginx.
  * Arbitrary Node.js application structures are now supported.
  * [Nginx] Introduced the `passenger_restart_dir` option.
  * [Nginx] Upgraded preferred Nginx version to 1.4.4 because of CVE-2013-4547.
 Release 4.0.24
  * Introduced the `PassengerNodejs` (Apache) and `passenger_nodejs` (Nginx)
    configuration options.
  * [Apache] Introduced the `PassengerErrorOverride` option, so that HTTP error
    responses generated by applications can be intercepted by Apache and customized
    using the `ErrorDocument` directive.
  * [Standalone] It is now possible to specify some configuration options in
    a configuration file `passenger-standalone.json`. When Passenger Standalone
    is used in Mass Deployment mode, this configuration file can be used to customize
    settings on a per-application basis.
  * [Enterprise] Fixed a potential crash when a rolling restart is triggered
    while a process is already shutting down.
  * [Enterprise] Fixed Mass Deployment support for Node.js and Meteor.

Wed Nov  6 12:22:09 UTC 2013 -

- updated to version 4.0.23
 * Fixed compilation problems on GCC 4.8.2 (e.g. Arch Linux 2013-10-27).
 * Fixed a compatibility problem with Solaris /usr/ccs/bin/make: issue #999.
 * Support for the Meteor Javascript framework has been open sourced.

Thu Oct 31 05:54:44 UTC 2013 -

- updated to version 4.0.21
 * Supports JRuby 1.7.6.
 * Open sourced Node.js support.
 * [Nginx] Upgraded the preferred Nginx version to 1.4.3.
 * Work around an Apache packaging bug in CentOS 5.
 * Various user friendliness improvements in the documentation and the installers.
 * Fixed a bug in the always_restart.txt support. Phusion Passenger was looking for it in the wrong directory.
 * [Standalone] The –temp-dir command line option has been introduced.

Thu Oct 10 14:20:49 UTC 2013 -

- updated to version 4.0.20
  * Fixed a bug in Phusion Passenger Standalone's daemon mode. When in daemon
    mode, the Nginx temporary directory was deleted prematurely, causing some
    POST requests to fail. This was a regression that was introduced in 4.0.15
    as part of an optimization.
  * Fixed compilation problems on Solaris 10 with Sun Studio 12.3.
  * Improved detection of RVM problems.
  * It is now possible to log the request method to Union Station.
  * Introduced a new option, `PassengerLoadShellEnvvars` (Apache) and
    `passenger_load_shell_envvars` (Nginx). This allows enabling or disabling
    the loading of bashrc before spawning the application.
  * [Enterprise] Fixed a packaging problem which caused the flying-passenger
    executable not to be properly included in the bin path.
  * [Enterprise] Fixed a race condition which sometimes causes the Flying
    Passenger socket to be deleted after a restart. Fixes issue #939.
  * [Enterprise] The `byebug` gem is now supported for debugging on Ruby 2.0.
    The byebug gem requires a patch before this works:

Fri Oct  4 07:18:00 UTC 2013 -

- updated to version 4.0.19
  * Fixed a problem with response buffering. Application processes are now
    properly marked available for request processing immediately after they're
    done sending the response, instead of after having sent the entire response
    to the client.
  * The "processed" counter in `passenger-status` is now bumped after the process
    has handled a request, not at the beginning.
  * [Enterprise] Fixed an off-by-one bug in the `passenger_max_processes` setting.

Tue Oct  1 07:21:16 UTC 2013 -

- fix permissions to fix nginx build

Wed Sep 25 05:35:33 UTC 2013 -

- update to version 4.0.18
  * The Enterprise variant of Phusion Passenger Standalone now supports
    customizing the concurrency model and thread count from the command line.
  * On Nginx, the Enterprise license is now only checked if Phusion Passenger
    is enabled in Nginx. This allows you to deploy Nginx binaries, that have
    Phusion Passenger Enterprise compiled in, to servers that are not
    actually running Phusion Passenger Enterprise.
  * Fixed a performance bug in the Union Station support code. In certain cases
    where a lot of data must be sent to Union Station, the code is now over
    100 times faster.
  * `passenger-status --show=union_station` now displays all clients that
    are connected to the LoggingAgent.
  * Added a workaround for Heroku so that exited processes are properly detected
    as such.
  * When using Phusion Passenger Standalone with Foreman, pressing Ctrl-C
    in Foreman no longer results in runaway Nginx processes.
  * Fixed backtraces in the Apache module.

Tue Sep 17 08:28:05 UTC 2013 -

- restore build of apache2 and ngnix modules

Fri Sep 13 11:06:24 UTC 2013 -

- updated to version 4.0.17
 * Fixed compilation problems on GCC 4.8 systems, such as Arch Linux 2013.04.
   Fixes issue #941.
 * Fixed some deprecation warnings when compiling the Ruby native extension
   on Ruby 2.0.0.
 * Fixed some Union Station-related stability issues.

Sat Sep  7 05:20:03 UTC 2013 -

- updated to version 4.0.16, see

Tue Aug 27 11:33:24 UTC 2013 -

- add rubygem-passenger-4.0.14_missing_includes.patch to fix

Mon Aug 26 05:05:51 UTC 2013 -

- updated to version 4.0.14, see

Sat Jul 20 11:07:59 UTC 2013 -

- updated to version 4.0.10, see
- obsoletes rubygem-passenger-aarch64-support.patch and

Sun Jun 16 19:49:46 UTC 2013 -

- add config-guess-sub-update.diff
- add rubygem-passenger-aarch64-support.patch
- add zlib-devel buildrequires

Fri May 31 07:23:25 UTC 2013 -

- update to version 4.0.5
   Fixed security vulnerability CVE-2013-2119 and many other things

Mon May 27 09:23:40 UTC 2013 -

- avoid leaking %buildroot into binaries

Mon May 27 08:59:07 UTC 2013 -

- update to version 4.0.3, see

Fri May 17 08:20:01 UTC 2013 -

- update to version 4.0.2 - new branch, see

Thu Jan 10 15:24:55 UTC 2013 -

- update to version 3.0.19
 * Nginx security fix: do not display Nginx version when
   server_tokens are off.
 * Fixed compilation problems on some systems.
 * Fixed some Union Station-related bugs.

Wed Oct 31 08:16:11 UTC 2012 -

- updated to version 3.0.18
  * Fixed compilation problems on Fedora 17.
  * Fixed Union Station compatibility with Rails 3.2.
  * Phusion Passenger Enterprise Standalone now supports rolling
    restarts and deployment error resistance.

Thu Aug 30 05:50:18 UTC 2012 -

- update to 3.0.17
   * Fixed a Ruby 1.9 encoding-related bug in the memory measurer.
     (Phusion Passenger Enterprise)
   * Fixed OOM adjustment bugs on Linux.
   * Fixed compilation problems on Fedora 18 and 19.
   * Fixed compilation problems on SunOS.
   * Fixed compilation problems on AIX. Contribution by Perry Smith.
   * Fixed various compilation warnings.
   * Upgraded preferred Nginx version to 1.2.3.
   * Updated documentation.
   * Updated website links.

Tue Aug 28 12:23:11 UTC 2012 -

- apply boost changes for new glibc to copy

Fri Aug  3 18:28:47 UTC 2012 -

- updated to version 3.0.15
  * updated docu

Sun Jul 22 15:29:35 UTC 2012 -

- update to 3.0.14
  * [Apache] Fixed a long-standing mod_rewrite-related problem.
    Some mod_rewrite rules would not work, but it depends on the exact
    mod_rewrite configuration so it would work for some people but not
    for others. Issue #563. Thanks a lot to cedricmaion for providing
    information on the nature of the bug and to peter.nash55 for
    providing a VM that allowed us to reproduce the problem.
  * [Nginx] Preferred Nginx version to 1.2.2.
    The previously preferred version was 1.2.1.
  * Cleared some confusing terminology in the documentation.
  * Fixed some Ruby 1.9 encoding problems.

Sun Jul 15 06:43:12 UTC 2012 -

- update to 3.0.13
 * [Nginx] Preferred Nginx version upgraded to 1.2.1.
 * Fixed compilation problems on FreeBSD 6.4. Fixes issue #766.
 * Fixed compilation problems on GCC >= 4.6.
 * Fixed compilation problems on OpenIndiana and Solaris 11. Fixes issue #742.
 * Union Station-related bug fixes.
 * Sending the soft termination signal twice to application processes no longer makes them crash. Patch contributed by Ian Ehlert.

Fri Jun 29 12:13:51 UTC 2012 -

- do not require package names but generic provides for easier update
  of those

Sat May 12 09:40:55 UTC 2012 -

- fix compilation with gcc 4.7

Sat May 12 08:14:18 UTC 2012 -

- update to 3.0.12
  * [Apache] Support Apache 2.4. The event MPM is now also supported.
  * [Nginx] Preferred Nginx version upgraded to 1.0.15.
  * [Nginx] Preferred PCRE version upgraded to 8.30.
  * [Nginx] Fixed compatibility with Nginx < 1.0.10.
  * [Nginx] Nginx is now installed with http_gzip_static_module by default.
  * [Nginx] Fixed a memory disclosure security problem.
    The issue is documented at
    and affects more modules than just Phusion Passenger. Users are advised
    to upgrade as soon as possible. Patch submitted by Gregory Potamianos.
  * [Nginx] passenger_show_version_in_header now hides the Phusion Passenger version number from the 'Server:' header too.
    Patch submitted by Gregory Potamianos.
  * Fixed a /proc deprecation warning on Linux kernel >= 3.0.

  * Fixed a compilation problem on platforms without alloca.h, such as FreeBSD 7.
  * Improved performance and solved some warnings on Xen systems by compiling
    with `-mno-tls-direct-seg-refs`. Patch contributed by Michał Pokrywka.

  * [Nginx] Dropped support for Nginx versions older than 1.0.0
  * [Nginx] Fixed support for Nginx 1.1.4+
  * [Nginx, Standalone] Upgraded default Nginx version to 1.0.10
    The previously default version was 1.0.5.
  * [Nginx] New option passenger_max_requests
    This is equivalent to the PassengerMaxRequests option in the Apache
    version: Phusion Passenger will automatically shutdown a worker process
    once it has processed the specified number of requests.
    Contributed by Paul Kmiec.
  * [Apache] New option PassengerBufferResponse
    The Apache version did not buffer responses. This could block the Ruby
    worker process in case of slow clients. We now enable response buffering
    by default. It can be turned off through this option. Feature contributed
    by Ryo Onodera.
  * Fixed remaining Ruby 1.9.3 compatibility problems
    We already supported Ruby 1.9.3 since 3.0.8, but due to bugs in Ruby
    1.9.3's build system Phusion Passenger would fail to detect Ruby 1.9.3
    features on some systems. Fixes issue #714.
  * Fixed a bug in PassengerPreStart
    A regression was introduced in 3.0.8, causing the prespawn script to
    connect to the host name instead of to Fix contributed by
    Andy Allan.
  * Fixed compatibility with GCC 4.6
    Affected systems include Ubuntu 11.10.
  * Fixed various compilation problems.
  * Fixed some Ruby 1.9 encoding problems.
  * Fixed some Ruby 1.9.3 deprecation warnings.

Tue Feb 21 12:24:54 UTC 2012 -

- add ruby-devel build requirements. Ensuring proper build for
  older distribution. 

Thu Jan 12 11:31:11 UTC 2012 -

- change license to be in format

Sat Dec  3 11:34:40 CET 2011 -

- fix build on arm

Mon Oct 24 11:50:21 UTC 2011 -

- Reducing requirement of rubygem-rack to 1_1 cause 1_3 produces
  problems with rails. 

Wed Oct 19 13:45:32 UTC 2011 -

- Update to 3.0.9:
  * [Nginx] Fixed a NULL pointer crash that occurs on HTTP/1.0 requests
    when the Host header isn't given.
  * Fixed deprecation warnings on RubyGems >= 1.6.
  * Improved Union Station support stability.

Tue Oct 18 14:06:18 UTC 2011 -

- added rubygem-rack-1_3 in order to avoid choice error while 

Wed Oct 12 20:17:03 UTC 2011 -

- [Nginx] Fixed line without semicolon 

Fri Sep 23 13:43:18 UTC 2011 -

- [Nginx] Fixed include path

Mon Aug 22 13:03:16 UTC 2011 -

- update to version 3.0.8
  * [Nginx] Upgraded preferred Nginx version to 1.0.5.
  * [Nginx] Fixed various compilation problems on various platforms.
  * [Nginx] We now ensure that SERVER_NAME is equal to HTTP_HOST
    without the port part.  This is needed for Rack compliance. By
    default Nginx sets SERVER_NAME to whatever is specified in the
    server_name directive, but that's not necessarily the correct
    value. This fixes, for example, the use of the 'map' statement
  * [Nginx] Added the options passenger_buffer_size,
    passenger_buffers and passenger_busy_buffers_size.  These
    options are similar to proxy_module's similarly named options.
    You can use these to e.g. increase the maximum header size
  * [Nginx] passenger_pre_start now supports virtual hosts that
    listen on Unix domain sockets.
  * [Apache] Fixed the pcre.h compilation problem.
  * [Standalone] Fixed 'passenger stop'.
    It didn't work properly because it kept waiting for 'tail' to
    exit.  We now properly terminate 'tail' as well.
  * Fixed compatibility with Rake 0.9.
  * Fixed various Ruby 1.9 compatibility issues.
  * Various documentation improvements.
  * New Union Station filter language features.
    It now supports status codes and response times.  Please refer
    to for more

Mon Aug 22 12:59:04 UTC 2011 -

- make sure the passenger root variable always points to the
  passenger version in the package. To achieve that we introduce a
  (mod_)passenger_root.include file which will be included from the
  old (mod_)passenger.conf. the new file is not marked as
  config(noreplace) and will be overwritten by the package.

Tue Aug 16 12:15:01 UTC 2011 -

- buildrequire rubygem-rack-1_3 to fix the have choice problem
- use the mod_full_name macro

Wed Jun  8 14:32:23 UTC 2011 -

- add config template to -nginx subpackage

Mon May  2 18:47:56 UTC 2011 -

- require nginx in the -nginx subpackage

Sun Apr 24 01:01:36 UTC 2011 -

- fix build on devel_languages_ruby_SLE_10
  use curl-devel for anything older than sle11/11.1

Thu Apr 14 19:01:57 UTC 2011 -

- switch to use system libev

Thu Apr 14 18:31:21 UTC 2011 -

- update to version 3.0.7
 * Upgraded preferred Nginx version to 1.0.0.
 * Phusion Passenger Standalone now pre-starts application processes
   at startup instead of doing that at the first request.
 * When sending data to Union Station, the HTTP status code is now
   also logged.
 * Various Union Station-related stability improvements.
 * The Linux OOM killer was previously erroneously disabled for all
   Phusion Passenger processes, including application processes. The
   intention was to only disable it for the Watchdog. This has been
   fixed, and the Watchdog is now the only process for which the OOM
   killer is disabled.
 * Due to a typo, the dependency on file-tail was not entirely
   removed in 3.0.6. This has now been fixed.
- fixed cleaning up the ext tree

Tue Apr 12 18:32:04 UTC 2011 -

- split out a devel-static package containing the 2 static
  libraries that you need to compile nginx with passenger support
  that saves us recompiling them in the nginx build.
- clean up file lists

Tue Apr 12 13:56:32 UTC 2011 -

- update to version 3.0.6
 * Fixed various Union Station-related stability issues.
 * Fixed an issue with host name detection on certain platforms.
 * Improved error logging in various parts.
 * The dependency on the file-tail library has been removed.
 * During installation, check whether /tmp is mounted with 'noexec'.
   Phusion Passenger's installer relies on /tmp *not* being mounted
   with 'noexec'. If it is then the installer will now show a
   helpful error message instead of bailing out in a confusing
   manner. Users can now tell the installer to use a different
   directory for storing temporary files by customizing the $TMPDIR
   environment variable.
 * Phusion Passenger Standalone can now run Rackup files that are
   not named ''.  The filename can be passed through the
   command line using the -R option.
- additional changes from 3.0.5
 * [Apache] Fixed Union Station process statistics collection
   Union Station users that are using Apache may notice that no
   process information show up in Union Station. This is because of
   a bug in Phusion Passenger's Apache version, which has now been
 * [Apache] PassengerAnalytics has been renamed to
   UnionStationSupport This option has been renamed for consistency
 * [Nginx] passenger_analytics has been renamed to
   union_station_support This option has been renamed for
   consistency reasons.
 * Fixed Union Station data sending on older libcurl versions
   Some Union Station users have reported that their data don't
   show up.  Upon investigation this turned out to be a
   compatibility with older libcurl versions. Affected systems
   include all RHEL 5 based systems, such as RHEL 5.5 and CentOS
   5.5. We've now fixed compatibility with older libcurl versions.
 * Added support for the Union Station filter language
   This language can be used to limit the kind of data that's sent
   to Union Station. Please read for details.
 * Fixed a PassengerMaxPoolSize/passenger_max_pool_size violation
   bug People who host a lot of different applications on Phusion
   Passenger may notice that it sometimes spawns more processes
   than is allowed by PassengerMaxPoolSize/passenger_max_pool_size.
   This has been fixed.
- additional changes from 3.0.4
 * [Apache] Changed mod_dir workaround hook priority
   Phusion Passenger temporarily disables mod_dir on all Phusion
   Passenger-handled requests in order to avoid conflicts. In order
   to do this it registers some Apache hooks with the
   APR_HOOK_MIDDLE priority, but it turned out that this breaks
   some other modules like mod_python. The hook priority has been
   changed to APR_HOOK_LAST to match mod_dir's hook priorities.
   Issue reported by Jay Freeman.
 * Added support for Union Station:
 * Some error messages have been improved.

Fri Feb 25 11:40:24 UTC 2011 -

- update to version 3.0.3
  * [Nginx] Preferred Nginx version upgraded to 0.8.54
    The previous preferred version was 0.8.53.
  * PATH_INFO and REQUEST_URI now contain the original escaped URI
    Phusion Passenger passes the URI, as reported by Apache/Nginx,
    to application processes through the PATH_INFO and REQUEST_URI
    variables.  These variables are supposed to contain the
    original, unescaped URI, e.g.  /clubs/%C3%BC. Both Apache and
    Nginx thought that it would be a good idea to unescape the URI
    before passing it to modules like Phusion Passenger, thereby
    causing PATH_INFO and REQUEST_URI to contain the unescaped URI,
    e.g. /clubs/ü. This causes all sorts of encoding problems. We
    now manually re-escape the URI when setting PATH_INFO and
    REQUEST_URI. Issue #404.
  * The installer no longer detects directories as potential
    commands Previously the installer would look in $PATH for
    everything that's executable, including directories. If one has
    /usr/lib in $PATH and a directory /usr/lib/gcc exists then the
    installer would recognize /usr/lib/gcc as the compiler. We now
    explicitly check whether the item is also a file.
  * PseudoIO now responds to #to_io
    Phusion Passenger sets STDERR to a PseudoIO object in order to
    capture anything written to STDERR during application startup.
    This breaks some libraries which expect STDERR to respond to
    #to_io. This has now been fixed. Issue #607.
  * Fixed various other minor bugs
    See the git commit log for details.
- splitted out testsuite and documentation

Thu Jan 20 15:00:39 UTC 2011 -

- moved apache2 requires to the apache2 subpackage

Thu Jan 13 19:17:57 UTC 2011 -

- fix spec
  o Group field must be present in package: rubygem-passenger-nginx

Thu Jan 13 10:36:11 UTC 2011 -

- Spit packages into
  -- rubygem-passenger
  -- rubygem-passenger-nginx
  -- rubygem-passenger-apache2 

Tue Dec 21 14:14:50 UTC 2010 -

- update to version 3.0.2
  * [Nginx] Fix crash if passenger_root refers to a nonexistant
  * Fixed file descriptor closing issues on FreeBSD: issue #597.
  * Fix the fakeroot task. Issue #592
  * Update NEWS.
  * Fix Nginx configure script: it didn't correctly change back the
    orginal working directory after compilation.
  * NetBSD doesn't support llroundl() so work around it by using
    llround(). Issue #593.
  * Fix compilation warning on NetBSD: issue #593.
  * Fix use of fcntl(.., F_CLOSEM)
  * Merge branch 'master' into debian
  * Add support to EventedClient for only closing the writer half
    of the connection. 
  * Add StaticString.find(substring)
  ... and lot more

Tue Dec  7 21:47:19 UTC 2010 -

- update to version 3.0.1
 * Fixed malfunction after web server restart
   On Linux systems that have a non-standard filesystem on /tmp, Phusion
   Passenger could malfunction after restarting the web server because of
   a bug that's only triggered on certain filesystems. Issue #569.
 * Boost upgraded to version 1.44.0.
   We were on 1.42.0.
 * Much improved startup error messages
   Phusion Passenger performs many extensive checks during startup to ensure
   integrity. However the error message in some situation could be vague.
   These startup error messages have now been improved dramatically, so that
   if something goes wrong during startup you will now more likely know why.
 * Curl < 7.12.1 is now supported
   The previous version fails to compile with Curl versions earlier than
   7.12.1. Issue #556.
 * passenger-make-enterprisey fixed
   This is the command that people can run after donating. It allows people
   to slightly modify Phusion Passenger's display name as a joke. In 3.0.0 it
   was broken because of a typo. This has been fixed.
 * Removed passenger-stress-test
   This tool was used during the early life of Phusion Passenger for stress
   testing websites. Its performance has never been very good and there are
   much better tools for stress testing, so this tool has now been removed.
 * [Apache] RailsEnv and RackEnv configuration options are now equivalent
   In previous versions, RailsEnv only had effect on Rails 1 and Rails 2 apps
   while RackEnv only had effect on Rack apps. Because Rails 3 apps are
   considered Rack apps, setting RailsEnv had no effect on Rails 3 apps.
   Because this is confusing to users, we've now made RailsEnv and RackEnv
   equivalent. Issue #579.
 * [Nginx] Fixed compilation problems on systems with unpowerful shells
   Most notably Solaris. Its default shell does not support some basic
   constructs that we used in the Nginx configure script.
 * [Nginx] Upgraded default Nginx version to to 0.8.53
   The previous default was 0.8.52.
 * [Nginx] passenger_enabled now only accepts 'on' or 'off' values
   Previously it would recognize any value not equal to 'on' as meaning
   'off'. This caused confusion among users who thought they could also
   specify 'true', so we now throw a proper error if the value is
   unrecognized. Fixes issue #583.
- cleaned up spec file
- move passenger_native_support from ext to lib dir (bnc#657964)

Thu Oct 28 10:31:57 UTC 2010 -

- update to version 3.0.0
  This is a major release with many changes. Please read our blog
  for details.
- new dependencies:

Fri Jul  9 12:51:42 UTC 2010 -

- mark mod_passenger.conf config(noreplace)

Fri Jun 25 12:59:25 UTC 2010 -

- update to version 2.2.15
  - [Apache] Fixed incorrect temp dir cleanup by passenger-status
    On some systems, running passenger-status could print the
    following message: "*** Cleaning stale folder
    /tmp/passenger.1234" ...after which Phusion Passenger breaks
    because that directory is necessary for it to function
    properly. The cause of this problem has been found and has been
  - [Apache] Fixed some upload handling problems Previous versions
    of Phusion Passenger check whether the size of the received
    upload data matches the contents of the Content-Length header
    as received by the client. It turns out that there could be a
    mismatch e.g. because of mod_deflate input compression, so we
    can't trust Content-Length anyway and we're being too strict.
    The check has now been removed.
  - [Nginx] Fixed compilation issues with Nginx >= 0.7.66 Thanks to
    Potamianos Gregory for reporting this issue. Issue #500.
  - [Nginx] Default Nginx version changed to 0.7.67 The previous
    default version was 0.7.65.
  - Fixed more Bundler problems Previous versions of Phusion
    Passenger would preload some popular libraries such as mysql
    and sqlite3 in order to utilize copy-on-write optimizations
    better.  However this behavior conflicts with Bundler so we've
    removed it.

Mon Jun 14 14:36:33 UTC 2010 -

- update to version 2.2.14
  * Added support for Rubinius
    Patch contributed by Evan Phoenix.
  * Fixed a mistake in the SIGQUIT backtrace message.
    Patch contributed by Christoffer Sawicki.
  * [Nginx] Fix a localtime() crash on FreeBSD
    This was caused by insufficient stack space for threads.
    Issue #499.
- additional changes from version 2.2.13
  * Fixed some Rails 3 compatibility issues that were recently
  * Fixed a typo that causes config/setup_load_paths.rb not to be
    loaded correctly.
- additional changes from version 2.2.12
  * Improved Bundler support.
    Previous versions might not be able to correctly load gems
    bundled by Bundler. We've also documented how our Bundler
    support works and how to override our support if you need
    special behavior.  Please refer to the Phusion Passenger Users
    Guide, section "Bundler support".
  * Worked around some user account handling bugs in Ruby.
    Issue #192.
  * Fixed some Ruby 1.9 tempfile.rb compatibility problems.
  * Fixed some compilation problems on some ARM Linux platforms.
  * [Apache] Suppress bogus mod_xsendfile-related error messages.
    When mod_xsendfile is being used, Phusion Passenger might print
    bogus error messages like "EPIPE" or "Apache stopped forwarding
    the backend's response" to the log file. These messages are
    normal, are harmless and can be safely ignored, but they
    pollute the log file. So in this release we've added code to
    suppress these messages when mod_xsendfile is being used.
    Issue #474.
  * [Nginx] Fixed "passenger_user_switching off" permission
    problems If Nginx is running as root and
    passenger_user_switching is turned off, then Phusion Passenger
    would fail to initialize because of a permission problem. This
    has been fixed. Issue #458.
  * [Nginx] Nginx >= 0.8.38 is now supported.
    Thanks to Sergey A. Osokin for reporting the problem.
  * [Nginx] passenger-install-nginx-module upgraded
     It now defaults to installing Nginx 0.7.65 instead of 0.7.64.

Fri Jun 11 10:00:01 UTC 2010 -

- use rubygems_requires macro

Tue Mar 16 14:36:55 UTC 2010 -

- update to version 2.2.11
 * This release fixes a regression that appeared in 2.2.10 which only
   affects Apache. When under high load, Apache might freeze and stop
   responding to requests. It is caused by a race conditions which is
   why it escaped our last release testing.
- fix initializer problem
  o do not install ApplicationPoolServerExecutable to
    leave at origin place and set correct @PassengerRoot@ in

Thu Feb 25 12:14:30 UTC 2010 -

- update to version 2.2.10
 * Fixed some Bundler compatibility problems.
 * Fixed some file descriptor passing problems, which previously
   could lead to mysterious crashes.
 * Fixed some compilation problems on newer GCC versions. Issue #430.
 * Support #size method in rack.input.
- for changes from 2.2.8 and 2.2.9 see

Wed Dec  2 15:40:25 UTC 2009 -

- update to version 2.2.7
 * Removed forgotten debugging code in passenger-install-apache2-module,
   which caused it not to compile anything.
- additional changes from 2.2.6
 * Some /tmp cleaner programs such as tmpwatch try to remove
   subdirectories in /tmp/ after a while because they
   think those subdirectories are unused. This could cause Phusion
   Passenger to malfunction, requiring a web server restart.
   Measures have now been taken to prevent those tmp cleaner
   programs from removing anything in /tmp/ Issue #365.
 * When autodetecting the application type, Rack is now given more
   priority than Rails. This allows one to drop a file in
   a Rails directory and have it detected as a Rack application
   instead of a Rails application.  Patch contributed by Sam
   Pohlenz: issue #338.
 * The default socket backlog has been increased from 'SOMAXCONN'
   (which is 128 on most platforms) to 1024. This should fix most
   'helper_server.sock failed: Resource temporarily unavailable'
 * Fixed compilation problems on Solaris. Issue #369 and issue #379.
 * Fixed crashes on PowerPC.
 * Some Ruby 1.9 compatibility fixes. Issue #398.
 * The installer now displays correct dependency installation
   instructions for Mandriva Linux.
 * [Apache] The location of the 'apxs' and 'apr-config' commands
   can now also be passed to the installer through the --apxs-path
   and --apr-config-path parameters, in addition to the $APXS2 and
   $APR_CONFIG environment variables. Issue #3.
 * [Nginx] Various problems that only occur on 64-bit platforms
   have been fixed.
 * [Nginx] The installer now installs Nginx 0.7.64 by default.
- fix Passenger could not be initialized
  o '/usr/lib/phusion_passenger/ApplicationPoolServerExecutable'

Fri Oct 16 15:54:59 CEST 2009 -

- update to version 2.2.5
  see /usr/lib*/ruby/gems/1.8/gems/passenger-2.2.5/NEWS

Thu Mar 26 16:36:36 CET 2009 -

- update to version 2.1.2
  - Support for Rails 2.3
  - Improved compatibility with other Apache modules, such as
  - Ruby 1.9 support
  - Support for NFS setups
  - Various I/O handling and scaling improvements and fixes
  - Ability to disable Phusion Passenger for arbitrary URLs
    (PassengerEnabled option)
  - Improved application compatibility
  - Improved command-line admin tools
  - Ability to display backtraces for all threads
  - Improved security
  - More customization options for exotic systems/setups
  - Various usability improvements
  - In particular, many error messages have been improved so that
    end users don’t have to stare at the screen for minutes
    wondering what the computer is trying to tell them. There are
    also many small usability improvements here and there.
  - Various other minor improvements and bug fixes
    - PassengerPoolIdleTime can now be set to 0, which means that
      the backend application must never idle timeout. This feature
      has been contributed by redmar.
    - The passenger-status tool will now display Phusion
      Passenger’s own backtraces for C++ code, in order to make it
      possible to detect potential freezes in C++ code.
    - Phusion Passenger error pages now return HTTP 500 errors, as
      they should.
    - The ApplicationSpawner server and FrameworkSpawner server
      idle times can now be customized.
    - In the 2.0.x series, sometimes more backend processes might
      be spawned than is allowed by the ‘PassengerMaxPoolSize’
      option. This has been fixed.

Tue Jan 13 18:33:42 CET 2009 -

- fix path for apache config

Fri Dec 19 23:47:06 CET 2008 -

- add basic apache config
- fix path to native_support

Fri Dec 19 20:15:46 CET 2008 -

- fix requires

Wed Dec 17 16:54:12 CET 2008 -

- update to version 2.0.6
  Fixed Ruby 1.8.5 compatibility
    In the previous release, we fixed Ruby 1.8.7 compatibility,
    but this broke 1.8.5. We’ve fixed this.
  Removed unintentional dependency on MySQL and SQLite
    Phusion Passenger 2.0.5 preloads the mysql and sqlite3
    libraries when running in Ruby Enterprise Edition, for better
    copy-on-write efficiency. But it didn’t take into account that
    these libraries may not be installed. This has been fixed.

Fri Dec  5 23:05:33 CET 2008 -

- use boost copy from gem when building on older distros.
  split rubygem-passenger-2.0.5_system_boost.patch into:
- added rubygem-passenger-2.0.5_missing_includes.patch

Fri Dec  5 15:26:34 CET 2008 -

- initial package of version 2.0.5