From c7f00c0890bbbe5941a43c91c281fa99f2bdfa56 Mon Sep 17 00:00:00 2001
From: Dominic Cleal <dominic@cleal.org>
Date: Wed, 31 May 2017 15:04:17 +0100
Subject: [PATCH] Update to 4.10.1

---
 ...-Reject-all-fact-formats-except-PSON.patch | 99 -------------------
 ...lease-restrictions-from-DNF-provider.patch |  2 +-
 puppet.spec                                   |  9 +-
 sources                                       |  4 +-
 4 files changed, 8 insertions(+), 106 deletions(-)
 delete mode 100644 0005-PUP-7483-Reject-all-fact-formats-except-PSON.patch

diff --git a/0005-PUP-7483-Reject-all-fact-formats-except-PSON.patch b/0005-PUP-7483-Reject-all-fact-formats-except-PSON.patch
deleted file mode 100644
index b365b1a..0000000
--- a/0005-PUP-7483-Reject-all-fact-formats-except-PSON.patch
+++ /dev/null
@@ -1,99 +0,0 @@
-From 06d8c51367ca932b9da5d9b01958cfc0adf0f2ea Mon Sep 17 00:00:00 2001
-From: Josh Cooper <josh@puppet.com>
-Date: Fri, 28 Apr 2017 12:09:11 -0700
-Subject: [PATCH] (PUP-7483) Reject all fact formats except PSON
-
-Previously, an authenticated user could cause the master to execute
-YAML.load on user-specified input, as well as MessagePack.unpack if the
-msgpack gem was installed.
-
-Since 3.2.2, agents have always sent facts as PSON. There is no reason
-to support other formats, so reject all fact formats except PSON.
----
- lib/puppet/indirector/catalog/compiler.rb     |  6 +++--
- spec/unit/indirector/catalog/compiler_spec.rb | 36 ++++++++++++++++++++++++---
- 2 files changed, 36 insertions(+), 6 deletions(-)
-
-diff --git a/lib/puppet/indirector/catalog/compiler.rb b/lib/puppet/indirector/catalog/compiler.rb
-index e4e60ce..16c8353 100644
---- a/lib/puppet/indirector/catalog/compiler.rb
-+++ b/lib/puppet/indirector/catalog/compiler.rb
-@@ -25,9 +25,11 @@ class Puppet::Resource::Catalog::Compiler < Puppet::Indirector::Code
-       # in Network::HTTP::Handler will automagically deserialize the value.
-       if text_facts.is_a?(Puppet::Node::Facts)
-         facts = text_facts
--      else
-+      elsif format == 'pson'
-         # We unescape here because the corresponding code in Puppet::Configurer::FactHandler escapes
--        facts = Puppet::Node::Facts.convert_from(format, CGI.unescape(text_facts))
-+        facts = Puppet::Node::Facts.convert_from('pson', CGI.unescape(text_facts))
-+      else
-+        raise ArgumentError, "Unsupported facts format"
-       end
- 
-       unless facts.name == request.key
-diff --git a/spec/unit/indirector/catalog/compiler_spec.rb b/spec/unit/indirector/catalog/compiler_spec.rb
-index b134c90..d31eaee 100644
---- a/spec/unit/indirector/catalog/compiler_spec.rb
-+++ b/spec/unit/indirector/catalog/compiler_spec.rb
-@@ -255,10 +255,10 @@ describe Puppet::Resource::Catalog::Compiler do
-       @facts = Puppet::Node::Facts.new('hostname', "fact" => "value", "architecture" => "i386")
-     end
- 
--    def a_request_that_contains(facts)
-+    def a_request_that_contains(facts, format = :pson)
-       request = Puppet::Indirector::Request.new(:catalog, :find, "hostname", nil)
--      request.options[:facts_format] = "pson"
--      request.options[:facts] = CGI.escape(facts.render(:pson))
-+      request.options[:facts_format] = format.to_s
-+      request.options[:facts] = CGI.escape(facts.render(format))
-       request
-     end
- 
-@@ -277,7 +277,7 @@ describe Puppet::Resource::Catalog::Compiler do
-       expect(facts.timestamp).to eq(time)
-     end
- 
--    it "should convert the facts into a fact instance and save it" do
-+    it "accepts PSON facts" do
-       request = a_request_that_contains(@facts)
- 
-       options = {
-@@ -289,6 +289,34 @@ describe Puppet::Resource::Catalog::Compiler do
- 
-       @compiler.extract_facts_from_request(request)
-     end
-+
-+    it "rejects YAML facts" do
-+      request = a_request_that_contains(@facts, :yaml)
-+
-+      options = {
-+        :environment => request.environment,
-+        :transaction_uuid => request.options[:transaction_uuid],
-+      }
-+
-+      expect {
-+        @compiler.extract_facts_from_request(request)
-+      }.to raise_error(ArgumentError, /Unsupported facts format/)
-+    end
-+
-+    it "rejects unknown fact formats" do
-+      request = a_request_that_contains(@facts)
-+      request.options[:facts_format] = 'unknown-format'
-+
-+      options = {
-+        :environment => request.environment,
-+        :transaction_uuid => request.options[:transaction_uuid],
-+      }
-+
-+      expect {
-+        @compiler.extract_facts_from_request(request)
-+      }.to raise_error(ArgumentError, /Unsupported facts format/)
-+    end
-+
-   end
- 
-   describe "when finding nodes" do
--- 
-2.7.4
-
diff --git a/0006-Remove-Fedora-release-restrictions-from-DNF-provider.patch b/0006-Remove-Fedora-release-restrictions-from-DNF-provider.patch
index ae82d25..5673c02 100644
--- a/0006-Remove-Fedora-release-restrictions-from-DNF-provider.patch
+++ b/0006-Remove-Fedora-release-restrictions-from-DNF-provider.patch
@@ -17,7 +17,7 @@ index e144a1a..c0ed877 100644
        end
    end
  
--  defaultfor :operatingsystem => :fedora, :operatingsystemmajrelease => ['22', '23', '24']
+-  defaultfor :operatingsystem => :fedora, :operatingsystemmajrelease => ['22', '23', '24', '25']
 +  defaultfor :operatingsystem => :fedora
  
    def self.update_command
diff --git a/puppet.spec b/puppet.spec
index fed90ac..307c00c 100644
--- a/puppet.spec
+++ b/puppet.spec
@@ -18,8 +18,8 @@
 %global pending_upgrade_file %{pending_upgrade_path}/upgrade_pending
 
 Name:           puppet
-Version:        4.8.2
-Release:        2%{?dist}
+Version:        4.10.1
+Release:        1%{?dist}
 Summary:        A network tool for managing many disparate systems
 License:        ASL 2.0
 URL:            http://puppetlabs.com
@@ -33,7 +33,6 @@ Source4:        start-puppet-wrapper
 Patch01:        0001-Fix-puppet-paths.patch
 Patch02:        0002-Revert-maint-Remove-puppetmaster.service.patch
 Patch04:        0004-PUP-7383-Skip-cipher-monkey-patch-on-ruby-2.4.patch
-Patch05:        0005-PUP-7483-Reject-all-fact-formats-except-PSON.patch
 Patch06:        0006-Remove-Fedora-release-restrictions-from-DNF-provider.patch
 Group:          System Environment/Base
 
@@ -128,7 +127,6 @@ The server can also function as a certificate authority and file server.
 %patch01 -p1 -b .paths
 %patch02 -p1 -b .server
 %patch04 -p1
-%patch05 -p1
 %patch06 -p1
 # Unbundle
 rm -r lib/puppet/vendor/*{pathspec,rgen}*
@@ -398,6 +396,9 @@ exit 0
 rm -rf %{buildroot}
 
 %changelog
+* Wed May 31 2017 Dominic Cleal <dominic@cleal.org> - 4.10.1-1
+- Update to 4.10.1
+
 * Wed May 31 2017 Dominic Cleal <dominic@cleal.org> - 4.8.2-2
 - Remove Fedora release restrictions from DNF package provider
 
diff --git a/sources b/sources
index 19d0dc5..069b38a 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
-SHA512 (puppet-4.8.2.tar.gz.asc) = 3526e4787e5894a6d62af6c06a10fc20e8726759209b6d461dd7688882d7a646ff23a4efdb28ac7358bb2ac0002a1486b6f746f6a1e15c1e1cef33565d9433be
-SHA512 (puppet-4.8.2.tar.gz) = d9c3d7949d88c12df49f6e9b170004087bf4eb3a598764f34ca4cc074013ecb0ab585e836c1cf12c7be4e61af0c18845dd0d65f3446fa744f949d8f2c7a8d2a1
+SHA512 (puppet-4.10.1.tar.gz) = d232f062b93485f7eea8abb9c5420462e313e6050e7335159f051f7c7af86338c006ae4edc09e0e1370784ee7b076911ca563a4cfc6a1f2afc7179bed08d2032
+SHA512 (puppet-4.10.1.tar.gz.asc) = a2a168ca2f48f2db7d8998f0c81895274a2a1c26476a240bd67f0a8c23c54d1ab4fd581d2ac69141cc0de8ed4139107ff2df0ef9b4c31dd76a9592ebd6f453cd