From 3756679b30f315bf3bbddefb2871834bc544d4cf Mon Sep 17 00:00:00 2001 From: Nick Muerdter Date: Wed, 13 Apr 2016 22:40:43 -0600 Subject: [PATCH 1/7] Update to Rails 3.2.22.2 for security updates. --- src/api-umbrella/web-app/Gemfile | 2 +- src/api-umbrella/web-app/Gemfile.lock | 58 +++++++++++++-------------- 2 files changed, 30 insertions(+), 30 deletions(-) diff --git a/src/api-umbrella/web-app/Gemfile b/src/api-umbrella/web-app/Gemfile index 8157bbfd0..e18c5d29a 100644 --- a/src/api-umbrella/web-app/Gemfile +++ b/src/api-umbrella/web-app/Gemfile @@ -1,7 +1,7 @@ source "https://rubygems.org" source "https://rails-assets.org" -gem "rails", "~> 3.2.22" +gem "rails", "~> 3.2.22.2" # Rails app server gem "puma", "~> 2.11.3" diff --git a/src/api-umbrella/web-app/Gemfile.lock b/src/api-umbrella/web-app/Gemfile.lock index 646b8e073..2a9a4cf42 100644 --- a/src/api-umbrella/web-app/Gemfile.lock +++ b/src/api-umbrella/web-app/Gemfile.lock @@ -55,12 +55,12 @@ GEM remote: https://rubygems.org/ remote: https://rails-assets.org/ specs: - actionmailer (3.2.22) - actionpack (= 3.2.22) + actionmailer (3.2.22.2) + actionpack (= 3.2.22.2) mail (~> 2.5.4) - actionpack (3.2.22) - activemodel (= 3.2.22) - activesupport (= 3.2.22) + actionpack (3.2.22.2) + activemodel (= 3.2.22.2) + activesupport (= 3.2.22.2) builder (~> 3.0.0) erubis (~> 2.7.0) journey (~> 1.0.4) @@ -70,18 +70,18 @@ GEM sprockets (~> 2.2.1) active_model_serializers (0.9.0) activemodel (>= 3.2) - activemodel (3.2.22) - activesupport (= 3.2.22) + activemodel (3.2.22.2) + activesupport (= 3.2.22.2) builder (~> 3.0.0) - activerecord (3.2.22) - activemodel (= 3.2.22) - activesupport (= 3.2.22) + activerecord (3.2.22.2) + activemodel (= 3.2.22.2) + activesupport (= 3.2.22.2) arel (~> 3.0.2) tzinfo (~> 0.3.29) - activeresource (3.2.22) - activemodel (= 3.2.22) - activesupport (= 3.2.22) - activesupport (3.2.22) + activeresource (3.2.22.2) + activemodel (= 3.2.22.2) + activesupport (= 3.2.22.2) + activesupport (3.2.22.2) i18n (~> 0.6, >= 0.6.4) multi_json (~> 1.0) addressable (2.3.8) @@ -339,7 +339,7 @@ GEM rabl (0.11.6) activesupport (>= 2.3.14) rack (1.4.7) - rack-cache (1.5.1) + rack-cache (1.6.1) rack (>= 0.4) rack-proxy (0.5.17) rack @@ -348,14 +348,14 @@ GEM rack-test (0.6.3) rack (>= 1.0) rack-timeout (0.0.4) - rails (3.2.22) - actionmailer (= 3.2.22) - actionpack (= 3.2.22) - activerecord (= 3.2.22) - activeresource (= 3.2.22) - activesupport (= 3.2.22) + rails (3.2.22.2) + actionmailer (= 3.2.22.2) + actionpack (= 3.2.22.2) + activerecord (= 3.2.22.2) + activeresource (= 3.2.22.2) + activesupport (= 3.2.22.2) bundler (~> 1.0) - railties (= 3.2.22) + railties (= 3.2.22.2) rails-assets-ace-builds (1.1.9) rails-assets-bootbox (3.3.0) rails-assets-bootstrap-daterangepicker (1.3.17) @@ -404,15 +404,15 @@ GEM rails_config (0.4.2) activesupport (>= 3.0) rails_stdout_logging (0.0.3) - railties (3.2.22) - actionpack (= 3.2.22) - activesupport (= 3.2.22) + railties (3.2.22.2) + actionpack (= 3.2.22.2) + activesupport (= 3.2.22.2) rack-ssl (~> 1.3.2) rake (>= 0.8.7) rdoc (~> 3.4) thor (>= 0.14.6, < 2.0) rainbow (2.0.0) - rake (10.5.0) + rake (11.1.2) rdoc (3.12.2) json (~> 1.4) ref (2.0.0) @@ -497,7 +497,7 @@ GEM turbo-sprockets-rails3 (0.3.13) railties (> 3.2.8, < 4.0.0) sprockets (>= 2.2.0) - tzinfo (0.3.44) + tzinfo (0.3.48) uglifier (2.7.2) execjs (>= 0.3.0) json (>= 1.8.0) @@ -584,7 +584,7 @@ DEPENDENCIES rabl (~> 0.11.5) rack-proxy (~> 0.5.17) rack-timeout (~> 0.0.4) - rails (~> 3.2.22) + rails (~> 3.2.22.2) rails-assets-ace-builds (~> 1.1.7) rails-assets-bootbox (~> 3.3.0) rails-assets-bootstrap-daterangepicker (~> 1.3.12) @@ -631,4 +631,4 @@ DEPENDENCIES webmock (~> 1.21.0) BUNDLED WITH - 1.10.6 + 1.11.2 From e1731c78399bd739099c45be3148d66874efa42a Mon Sep 17 00:00:00 2001 From: Nick Muerdter Date: Wed, 13 Apr 2016 22:41:32 -0600 Subject: [PATCH 2/7] Address mail OSVDB-131677 security issue. We can't upgrade our mail gem due to Rails 3.2 compatibility, but this is easy enough to handle on our own. --- .../web-app/app/mailers/api_user_mailer.rb | 6 +- .../web-app/app/mailers/contact_mailer.rb | 6 +- .../web-app/lib/mail_sanitizer.rb | 32 +++++++ .../spec/mailers/api_user_mailer_spec.rb | 88 +++++++++++++++++++ .../spec/mailers/contact_mailer_spec.rb | 56 ++++++++++++ 5 files changed, 184 insertions(+), 4 deletions(-) create mode 100644 src/api-umbrella/web-app/lib/mail_sanitizer.rb create mode 100644 src/api-umbrella/web-app/spec/mailers/api_user_mailer_spec.rb create mode 100644 src/api-umbrella/web-app/spec/mailers/contact_mailer_spec.rb diff --git a/src/api-umbrella/web-app/app/mailers/api_user_mailer.rb b/src/api-umbrella/web-app/app/mailers/api_user_mailer.rb index e75481b95..469b6cfeb 100644 --- a/src/api-umbrella/web-app/app/mailers/api_user_mailer.rb +++ b/src/api-umbrella/web-app/app/mailers/api_user_mailer.rb @@ -1,3 +1,5 @@ +require "mail_sanitizer" + class ApiUserMailer < ActionMailer::Base default :from => "noreply@#{ApiUmbrellaConfig[:default_host]}" @@ -18,7 +20,7 @@ def signup_email(user, options) end mail :subject => "Your #{site_name} API key", - :from => from, - :to => user.email + :from => MailSanitizer.sanitize_address(from), + :to => MailSanitizer.sanitize_address(user.email) end end diff --git a/src/api-umbrella/web-app/app/mailers/contact_mailer.rb b/src/api-umbrella/web-app/app/mailers/contact_mailer.rb index 904a37b92..d6a4554b2 100644 --- a/src/api-umbrella/web-app/app/mailers/contact_mailer.rb +++ b/src/api-umbrella/web-app/app/mailers/contact_mailer.rb @@ -1,11 +1,13 @@ +require "mail_sanitizer" + class ContactMailer < ActionMailer::Base default :from => "noreply@#{ApiUmbrellaConfig[:default_host]}" def contact_email(contact) @contact = contact - mail :reply_to => contact.email, + mail :reply_to => MailSanitizer.sanitize_address(contact.email), :subject => "#{ApiUmbrellaConfig[:site_name]} Contact Message from #{contact.email}", - :to => ApiUmbrellaConfig[:web][:contact_form_email] + :to => MailSanitizer.sanitize_address(ApiUmbrellaConfig[:web][:contact_form_email]) end end diff --git a/src/api-umbrella/web-app/lib/mail_sanitizer.rb b/src/api-umbrella/web-app/lib/mail_sanitizer.rb new file mode 100644 index 000000000..41baaad39 --- /dev/null +++ b/src/api-umbrella/web-app/lib/mail_sanitizer.rb @@ -0,0 +1,32 @@ +class MailSanitizer + class InvalidAddress < StandardError + end + + # A workaround to address OSVDB-131677 that is patched in the mail 2.6 gem, + # but since we're still on Rails 3.2, we can't upgrade yet. + # + # If the fixes get backported (https://github.com/mikel/mail/issues/944), + # then we could get rid of this, but in the meantime, this is a quick fix to + # address the underlying issues related to newlines and lengths. + # + # See: + # http://rubysec.com/advisories/OSVDB-131677/ + # http://www.mbsd.jp/Whitepaper/smtpi.pdf + def self.sanitize_address(address) + if(address) + # Ensure no linebreaks are in the address. + if(address =~ /[\r\n]/) + raise InvalidAddress, "E-mail address cannot contain newlines" + end + + # Ensure the address doesn't exceed 500 chars to prevent some servers + # from wrapping the content, introducing line breaks (technically, longer + # should work, but 500 seems like enough for our simple purposes). + if(address.length > 500) + raise InvalidAddress, "E-mail address cannot exceed 500 characters" + end + end + + address + end +end diff --git a/src/api-umbrella/web-app/spec/mailers/api_user_mailer_spec.rb b/src/api-umbrella/web-app/spec/mailers/api_user_mailer_spec.rb new file mode 100644 index 000000000..c4280e873 --- /dev/null +++ b/src/api-umbrella/web-app/spec/mailers/api_user_mailer_spec.rb @@ -0,0 +1,88 @@ +require "spec_helper" + +describe ApiUserMailer do + describe "OSVDB-131677 security" do + it "accepts recipients without newlines" do + expect do + api_user = FactoryGirl.create(:api_user, :email => "foo@example.com") + ApiUserMailer.signup_email(api_user, {}).deliver + end.to change { ActionMailer::Base.deliveries.count }.by(1) + end + + it "rejects recipients with newlines" do + expect do + expect do + api_user = FactoryGirl.create(:api_user, :email => "foo@example.com\nfoo") + ApiUserMailer.signup_email(api_user, {}).deliver + end.to raise_error(MailSanitizer::InvalidAddress) + end.to change { ActionMailer::Base.deliveries.count }.by(0) + end + + it "rejects recipients with carriage returns" do + expect do + expect do + api_user = FactoryGirl.create(:api_user, :email => "foo@example.com\rfoo") + ApiUserMailer.signup_email(api_user, {}).deliver + end.to raise_error(MailSanitizer::InvalidAddress) + end.to change { ActionMailer::Base.deliveries.count }.by(0) + end + + it "accepts recipients 500 chars or less" do + expect do + api_user = FactoryGirl.create(:api_user, :email => "#{"o" * 488}@example.com") + ApiUserMailer.signup_email(api_user, {}).deliver + end.to change { ActionMailer::Base.deliveries.count }.by(1) + end + + it "rejects recipients greater than 500 chars" do + expect do + expect do + api_user = FactoryGirl.create(:api_user, :email => "#{"o" * 489}@example.com") + ApiUserMailer.signup_email(api_user, {}).deliver + end.to raise_error(MailSanitizer::InvalidAddress) + end.to change { ActionMailer::Base.deliveries.count }.by(0) + end + + it "accepts from addresses without newlines" do + expect do + api_user = FactoryGirl.create(:api_user) + ApiUserMailer.signup_email(api_user, { :email_from_address => "foo@example.com" }).deliver + end.to change { ActionMailer::Base.deliveries.count }.by(1) + end + + it "rejects from addresses with newlines" do + expect do + expect do + api_user = FactoryGirl.create(:api_user) + ApiUserMailer.signup_email(api_user, { :email_from_address => "foo@example.com\nfoo" }).deliver + end.to raise_error(MailSanitizer::InvalidAddress) + end.to change { ActionMailer::Base.deliveries.count }.by(0) + end + + it "rejects from addresses with carriage returns" do + expect do + expect do + api_user = FactoryGirl.create(:api_user) + ApiUserMailer.signup_email(api_user, { :email_from_address => "foo@example.com\rfoo" }).deliver + end.to raise_error(MailSanitizer::InvalidAddress) + end.to change { ActionMailer::Base.deliveries.count }.by(0) + end + + it "accepts from addresses 500 chars or less" do + expect do + api_user = FactoryGirl.create(:api_user) + ApiUserMailer.signup_email(api_user, { :email_from_address => "#{"o" * 488}@example.com" }).deliver + end.to change { ActionMailer::Base.deliveries.count }.by(1) + end + + it "rejects from addresses greater than 500 chars" do + expect do + expect do + api_user = FactoryGirl.create(:api_user) + ApiUserMailer.signup_email(api_user, { :email_from_address => "#{"o" * 489}@example.com" }).deliver + end.to raise_error(MailSanitizer::InvalidAddress) + end.to change { ActionMailer::Base.deliveries.count }.by(0) + end + + end +end diff --git a/src/api-umbrella/web-app/spec/mailers/contact_mailer_spec.rb b/src/api-umbrella/web-app/spec/mailers/contact_mailer_spec.rb new file mode 100644 index 000000000..9cf741222 --- /dev/null +++ b/src/api-umbrella/web-app/spec/mailers/contact_mailer_spec.rb @@ -0,0 +1,56 @@ +require "spec_helper" + +describe ContactMailer do + describe "OSVDB-131677 security" do + before(:each) do + ApiUmbrellaConfig[:web][:contact_form_email] = "test@example.com" + @contact = Contact.new({ + :name => "John Doe", + :api => "Foo", + :subject => "Bar", + :message => "Hello, World", + }) + end + + it "accepts addresses without newlines" do + expect do + @contact.email = "foo@example.com" + ContactMailer.contact_email(@contact).deliver + end.to change { ActionMailer::Base.deliveries.count }.by(1) + end + + it "rejects addresses with newlines" do + expect do + expect do + @contact.email = "foo@example.com\nfoo" + ContactMailer.contact_email(@contact).deliver + end.to raise_error(MailSanitizer::InvalidAddress) + end.to change { ActionMailer::Base.deliveries.count }.by(0) + end + + it "rejects addresses with carriage returns" do + expect do + expect do + @contact.email = "foo@example.com\rfoo" + ContactMailer.contact_email(@contact).deliver + end.to raise_error(MailSanitizer::InvalidAddress) + end.to change { ActionMailer::Base.deliveries.count }.by(0) + end + + it "accepts addresses 500 chars or less" do + expect do + @contact.email = "#{"o" * 488}@example.com" + ContactMailer.contact_email(@contact).deliver + end.to change { ActionMailer::Base.deliveries.count }.by(1) + end + + it "rejects addresses greater than 500 chars" do + expect do + expect do + @contact.email = "#{"o" * 489}@example.com" + ContactMailer.contact_email(@contact).deliver + end.to raise_error(MailSanitizer::InvalidAddress) + end.to change { ActionMailer::Base.deliveries.count }.by(0) + end + end +end From bef0516ae2c717687e5ef933057db827563908b5 Mon Sep 17 00:00:00 2001 From: Nick Muerdter Date: Wed, 13 Apr 2016 22:42:25 -0600 Subject: [PATCH 3/7] Add explanation for security-related gems we haven't updated. --- src/api-umbrella/web-app/.bundlerauditignore | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) create mode 100644 src/api-umbrella/web-app/.bundlerauditignore diff --git a/src/api-umbrella/web-app/.bundlerauditignore b/src/api-umbrella/web-app/.bundlerauditignore new file mode 100644 index 000000000..f9ad0a4fa --- /dev/null +++ b/src/api-umbrella/web-app/.bundlerauditignore @@ -0,0 +1,18 @@ +# Documenting gem security issues reported by bundler-audit that are tricky to +# upgrade, but we've manually verified we're not vulnerable to. +# +# Support for this .bundlerauditignore when using bundle-audit currently +# requires this patch: https://github.com/rubysec/bundler-audit/pull/122 + +# devise: Not relevant since we're not using Remember Me cookies. +CVE-2015-8314 + +# handlebars: We're not vulnerable since we don't have any unquoted variables +# (eg, attr={{val}} instead of attr="{{value}}"). But it would still be good to +# address, which we'll do whenever we upgrade to a newer version of Ember +# (https://github.com/NREL/api-umbrella/tree/admin-upgrade). +OSVDB-131671 + +# mail: Can't upgrade due to Rails 3.2, but our lib/mail_sanitizer.rb addresses +# the underlying issue by raising errors for problematic addresses. +OSVDB-131677 From 6ebdfc07c9fec72451905b61bfc2edf0ace3ceb5 Mon Sep 17 00:00:00 2001 From: Nick Muerdter Date: Wed, 13 Apr 2016 22:49:28 -0600 Subject: [PATCH 4/7] Update nginx/openresty and golang for security updates. --- Makefile | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/Makefile b/Makefile index 3099cfc20..27bd3db18 100644 --- a/Makefile +++ b/Makefile @@ -71,11 +71,11 @@ GLIDE_CHECKSUM:=7ba5bc7407dab2d463d12659450cdea8 GLIDE_URL:=https://github.com/Masterminds/glide/archive/$(GLIDE_VERSION).tar.gz GLIDE_INSTALL_MARKER:=$(GLIDE_NAME)$(VERSION_SEP)$(GLIDE_VERSION) -GOLANG_VERSION:=1.5.3 +GOLANG_VERSION:=1.5.4 GOLANG_NAME:=golang GOLANG:=$(GOLANG_NAME)-$(GOLANG_VERSION) GOLANG_DIGEST:=sha256 -GOLANG_CHECKSUM:=43afe0c5017e502630b1aea4d44b8a7f059bf60d7f29dfd58db454d4e4e0ae53 +GOLANG_CHECKSUM:=a3358721210787dc1e06f5ea1460ae0564f22a0fbd91be9dcd947fb1d19b9560 GOLANG_URL:=https://storage.googleapis.com/golang/go$(GOLANG_VERSION).linux-amd64.tar.gz GOLANG_INSTALL_MARKER:=$(GOLANG_NAME)$(VERSION_SEP)$(GOLANG_VERSION) @@ -193,12 +193,12 @@ NGX_DYUPS_CHECKSUM:=3e5580abad9cc45f52c2e2ccc3c35e48 NGX_DYUPS_URL:=https://github.com/yzprofile/ngx_http_dyups_module/archive/$(NGX_DYUPS_VERSION).tar.gz NGX_DYUPS_INSTALL_MARKER:=$(NGX_DYUPS_NAME)$(VERSION_SEP)$(NGX_DYUPS_VERSION) -OPENRESTY_VERSION:=1.9.7.1 +OPENRESTY_VERSION:=1.9.7.4 OPENRESTY_BUILD_REVISION:=1 OPENRESTY_NAME:=openresty OPENRESTY:=$(OPENRESTY_NAME)-$(OPENRESTY_VERSION)-$(OPENRESTY_BUILD_REVISION) OPENRESTY_DIGEST:=md5 -OPENRESTY_CHECKSUM:=7bc29aa81af962c610f0d07656df85d9 +OPENRESTY_CHECKSUM:=6e2d4a39c530524111ea50e3de67043a OPENRESTY_URL:=http://openresty.org/download/ngx_openresty-$(OPENRESTY_VERSION).tar.gz OPENRESTY_INSTALL_MARKER:=$(OPENRESTY_NAME)$(VERSION_SEP)$(OPENRESTY_VERSION) From 48289d1b09e74c4fee92d7fe327731905583936f Mon Sep 17 00:00:00 2001 From: Nick Muerdter Date: Wed, 13 Apr 2016 23:41:22 -0600 Subject: [PATCH 5/7] Preparing v0.11.1 release. --- CHANGELOG.md | 23 +++++++++++++++++++++++ docs/conf.py | 4 ++-- docs/developer/compiling-from-source.md | 6 +++--- src/api-umbrella/version.sh | 2 +- website/source/index.html.erb | 2 +- website/source/install.html.erb | 6 +++--- 6 files changed, 33 insertions(+), 10 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 253c89f90..44ac1ec5b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,28 @@ # API Umbrella Change Log +## 0.11.1 (2016-04-14) + +This is a small update that fixes a couple bugs (one important one if you use the HTTP cache), makes a couple small tweaks, and updates some dependencies for security purposes. Upgrading is recommended. + +### Upgrade Instructions + +If you're upgrading a previous API Umbrella version, you may upgrade the `api-umbrella` package using your package manager. + +### Changed + +* **Upgrade bundled software dependencies:** + * OpenResty 1.9.7.1 -> 1.9.7.4 (Security updates: CVE-2016-0742, CVE-2016-0746, and CVE-2016-0747) + * Rails 3.2.22 -> 3.2.22.2 (Security updates: CVE-2015-7576, CVE-2016-0751, CVE-2015-7577, CVE-2016-0752, CVE-2016-0753, CVE-2015-7581, CVE-2016-2097, and CVE-2016-2098) + * Rebuild Mora and Heka with Go 1.5.4 (Security update: CVE-2016-3959) +* **Remove empty "Dashboard" link from the admin:** The "Dashboard" link has never had any content, so we've removed it from the admin navigation. ([api.data.gov#323](https://github.com/18F/api.data.gov/issues/323)) +* **Make the optional public metrics API more configurable:** If enabled, the public metrics API's filters are now more easily configurable. ([api.data.gov#313](https://github.com/18F/api.data.gov/issues/313)) + +### Fixed + +* **Resolve possible HTTP cache conflicts:** If API Umbrella is configured with multiple API backends that utilize the same frontend host and same backend URL path prefix, then if either API backend returned cacheable responses, then it's possible the responses would get mixed up. Upgrading is highly recommended if you utilize the HTTP cache and have multiple API backends utilizing the same URL path prefix. ([api.data.gov#322](https://github.com/18F/api.data.gov/issues/322)) +* **Don't require API key roles for accessing admin APIs if admin token is used:** If accessing the administrative APIs using an admin authentication token, then the API key no longer needs any special roles assigned. This was a regression that ocurred in API Umbrella v0.9.0. ([#217](https://github.com/NREL/api-umbrella/issues/217)) +* **Fix potential mail security issue:** OSVDB-131677. + ## 0.11.0 (2016-01-20) This is a small update that fixes a few bugs, adds a couple small new features, and updates some dependencies for security purposes. Upgrading is recommended. diff --git a/docs/conf.py b/docs/conf.py index 610643e9e..b8b5fac45 100644 --- a/docs/conf.py +++ b/docs/conf.py @@ -57,9 +57,9 @@ # built documents. # # The short X.Y version. -version = '0.11.0' +version = '0.11.1' # The full version, including alpha/beta/rc tags. -release = '0.11.0' +release = '0.11.1' # The language for content autogenerated by Sphinx. Refer to documentation # for a list of supported languages. diff --git a/docs/developer/compiling-from-source.md b/docs/developer/compiling-from-source.md index 1130b1863..5de01e9d6 100644 --- a/docs/developer/compiling-from-source.md +++ b/docs/developer/compiling-from-source.md @@ -79,9 +79,9 @@ Installing from a [binary package](../getting-started.html#installation) is reco ## Compiling & Installing ```sh -$ curl -OLJ https://github.com/NREL/api-umbrella/archive/v0.11.0.tar.gz -$ tar -xvf api-umbrella-0.11.0.tar.gz -$ cd api-umbrella-0.11.0 +$ curl -OLJ https://github.com/NREL/api-umbrella/archive/v0.11.1.tar.gz +$ tar -xvf api-umbrella-0.11.1.tar.gz +$ cd api-umbrella-0.11.1 $ make $ sudo make install ``` diff --git a/src/api-umbrella/version.sh b/src/api-umbrella/version.sh index 2378edc2f..15c8889bb 100644 --- a/src/api-umbrella/version.sh +++ b/src/api-umbrella/version.sh @@ -1,4 +1,4 @@ -API_UMBRELLA_VERSION_BASE="0.11.0" +API_UMBRELLA_VERSION_BASE="0.11.1" API_UMBRELLA_VERSION_PRE="" # pre1, pre2, etc. API_UMBRELLA_VERSION_PACKAGE_ITERATION="1" diff --git a/website/source/index.html.erb b/website/source/index.html.erb index 026cbe8ca..b9405eaff 100644 --- a/website/source/index.html.erb +++ b/website/source/index.html.erb @@ -19,7 +19,7 @@ title: API Umbrella - Open Source API Management <%= link_to(%(), "/docs/architecture.html", :relative => true) %>
- Version 0.11.0    ⋅    GitHub Project + Version 0.11.1    ⋅    GitHub Project
diff --git a/website/source/install.html.erb b/website/source/install.html.erb index 480c30c64..969e294cd 100644 --- a/website/source/install.html.erb +++ b/website/source/install.html.erb @@ -55,9 +55,9 @@ sudo yum install api-umbrella From 418fcceadaff1d50bf8efca7beb75a27f38de06e Mon Sep 17 00:00:00 2001 From: Nick Muerdter Date: Wed, 13 Apr 2016 23:47:53 -0600 Subject: [PATCH 6/7] Fix openresty 1.9.7.4 download link. --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 27bd3db18..80b3b0364 100644 --- a/Makefile +++ b/Makefile @@ -199,7 +199,7 @@ OPENRESTY_NAME:=openresty OPENRESTY:=$(OPENRESTY_NAME)-$(OPENRESTY_VERSION)-$(OPENRESTY_BUILD_REVISION) OPENRESTY_DIGEST:=md5 OPENRESTY_CHECKSUM:=6e2d4a39c530524111ea50e3de67043a -OPENRESTY_URL:=http://openresty.org/download/ngx_openresty-$(OPENRESTY_VERSION).tar.gz +OPENRESTY_URL:=http://openresty.org/download/openresty-$(OPENRESTY_VERSION).tar.gz OPENRESTY_INSTALL_MARKER:=$(OPENRESTY_NAME)$(VERSION_SEP)$(OPENRESTY_VERSION) PCRE_VERSION:=8.38 From dc634c9adf18085bc3023580b7d90c4345ad30e8 Mon Sep 17 00:00:00 2001 From: Nick Muerdter Date: Thu, 14 Apr 2016 16:16:54 -0600 Subject: [PATCH 7/7] Fix corrupt geoip data for current week. --- Makefile | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 80b3b0364..4cb94206c 100644 --- a/Makefile +++ b/Makefile @@ -486,7 +486,14 @@ $(STAGE_MARKERS_DIR)/$(ELASTICSEARCH_INSTALL_MARKER): $(DEPS_DIR)/$(ELASTICSEARC # GeoLiteCityv6.dat $(DEPS_DIR)/GeoLiteCityv6.dat.gz: | $(DEPS_DIR) - curl -L -o $@ https://geolite.maxmind.com/download/geoip/database/GeoLiteCityv6-beta/GeoLiteCityv6.dat.gz + # FIXME: The 20160412 version of the GeoLiteCityv6.dat file is corrupt. This + # replaces it with the 20160405 version that we happened to still have a copy + # of. See https://github.com/18F/api.data.gov/issues/327 + # + # This isn't ideal, and this doesn't fix the auto-updater, but this at least + # lets us build packages that won't be broken on initial run. We've contacted + # MaxMind, so hopefully the next release will be fixed. + curl -L -o $@ https://www.dropbox.com/s/h23d5ef9chulgxf/GeoLiteCityv6.dat.gz?dl=0 touch $@ $(DEPS_DIR)/GeoLiteCityv6.dat: $(DEPS_DIR)/GeoLiteCityv6.dat.gz