diff --git a/0001-10244-Restore-Mongrel-XMLRPC-functionality.patch b/0001-10244-Restore-Mongrel-XMLRPC-functionality.patch deleted file mode 100644 index d1ba7d4..0000000 --- a/0001-10244-Restore-Mongrel-XMLRPC-functionality.patch +++ /dev/null @@ -1,161 +0,0 @@ -From 908aef3579534f7718dfbdeb24fad94591186a3f Mon Sep 17 00:00:00 2001 -From: Nick Lewis -Date: Mon, 24 Oct 2011 10:13:33 -0700 -Subject: [PATCH] (#10244) Restore Mongrel XMLRPC functionality - -This code was over-eagerly removed, when it turns out to actually -still be necessary for backward compatibility with XMLRPC clients. ---- - lib/puppet/network/http_server.rb | 3 + - lib/puppet/network/http_server/mongrel.rb | 130 +++++++++++++++++++++++++++++ - 2 files changed, 133 insertions(+), 0 deletions(-) - create mode 100644 lib/puppet/network/http_server.rb - create mode 100644 lib/puppet/network/http_server/mongrel.rb - -diff --git a/lib/puppet/network/http_server.rb b/lib/puppet/network/http_server.rb -new file mode 100644 -index 0000000..e3826a6 ---- /dev/null -+++ b/lib/puppet/network/http_server.rb -@@ -0,0 +1,3 @@ -+# Just a stub, so we can correctly scope other classes. -+module Puppet::Network::HTTPServer # :nodoc: -+end -diff --git a/lib/puppet/network/http_server/mongrel.rb b/lib/puppet/network/http_server/mongrel.rb -new file mode 100644 -index 0000000..ce0401a ---- /dev/null -+++ b/lib/puppet/network/http_server/mongrel.rb -@@ -0,0 +1,129 @@ -+#!/usr/bin/env ruby -+# File: 06-11-14-mongrel_xmlrpc.rb -+# Author: Manuel Holtgrewe -+# -+# Copyright (c) 2006 Manuel Holtgrewe, 2007 Luke Kanies -+# -+# This file is based heavily on a file retrieved from -+# http://ttt.ggnore.net/2006/11/15/xmlrpc-with-mongrel-and-ruby-off-rails/ -+ -+require 'rubygems' -+require 'mongrel' -+require 'xmlrpc/server' -+require 'puppet/network/xmlrpc/server' -+require 'puppet/network/http_server' -+require 'puppet/network/client_request' -+require 'puppet/network/handler' -+ -+require 'resolv' -+ -+# This handler can be hooked into Mongrel to accept HTTP requests. After -+# checking whether the request itself is sane, the handler forwards it -+# to an internal instance of XMLRPC::BasicServer to process it. -+# -+# You can access the server by calling the Handler's "xmlrpc_server" -+# attribute accessor method and add XMLRPC handlers there. For example: -+# -+# 
-+# handler = XmlRpcHandler.new
-+# handler.xmlrpc_server.add_handler("my.add") { |a, b| a.to_i + b.to_i }
-+#
-+module Puppet::Network -+ class HTTPServer::Mongrel < ::Mongrel::HttpHandler -+ attr_reader :xmlrpc_server -+ -+ def initialize(handlers) -+ if Puppet[:debug] -+ $mongrel_debug_client = true -+ Puppet.debug 'Mongrel client debugging enabled. [$mongrel_debug_client = true].' -+ end -+ # Create a new instance of BasicServer. We are supposed to subclass it -+ # but that does not make sense since we would not introduce any new -+ # behaviour and we have to subclass Mongrel::HttpHandler so our handler -+ # works for Mongrel. -+ @xmlrpc_server = Puppet::Network::XMLRPCServer.new -+ handlers.each do |name| -+ unless handler = Puppet::Network::Handler.handler(name) -+ raise ArgumentError, "Invalid handler #{name}" -+ end -+ @xmlrpc_server.add_handler(handler.interface, handler.new({})) -+ end -+ end -+ -+ # This method produces the same results as XMLRPC::CGIServer.serve -+ # from Ruby's stdlib XMLRPC implementation. -+ def process(request, response) -+ # Make sure this has been a POST as required for XMLRPC. -+ request_method = request.params[Mongrel::Const::REQUEST_METHOD] || Mongrel::Const::GET -+ if request_method != "POST" -+ response.start(405) { |head, out| out.write("Method Not Allowed") } -+ return -+ end -+ -+ # Make sure the user has sent text/xml data. -+ request_mime = request.params["CONTENT_TYPE"] || "text/plain" -+ if parse_content_type(request_mime).first != "text/xml" -+ response.start(400) { |head, out| out.write("Bad Request") } -+ return -+ end -+ -+ # Make sure there is data in the body at all. -+ length = request.params[Mongrel::Const::CONTENT_LENGTH].to_i -+ if length <= 0 -+ response.start(411) { |head, out| out.write("Length Required") } -+ return -+ end -+ -+ # Check the body to be valid. -+ if request.body.nil? or request.body.size != length -+ response.start(400) { |head, out| out.write("Bad Request") } -+ return -+ end -+ -+ info = client_info(request) -+ -+ # All checks above passed through -+ response.start(200) do |head, out| -+ head["Content-Type"] = "text/xml; charset=utf-8" -+ begin -+ out.write(@xmlrpc_server.process(request.body, info)) -+ rescue => detail -+ puts detail.backtrace -+ raise -+ end -+ end -+ end -+ -+ private -+ -+ def client_info(request) -+ params = request.params -+ ip = params["HTTP_X_FORWARDED_FOR"] ? params["HTTP_X_FORWARDED_FOR"].split(',').last.strip : params["REMOTE_ADDR"] -+ # JJM #906 The following dn.match regular expression is forgiving -+ # enough to match the two Distinguished Name string contents -+ # coming from Apache, Pound or other reverse SSL proxies. -+ if dn = params[Puppet[:ssl_client_header]] and dn_matchdata = dn.match(/^.*?CN\s*=\s*(.*)/) -+ client = dn_matchdata[1].to_str -+ valid = (params[Puppet[:ssl_client_verify_header]] == 'SUCCESS') -+ else -+ begin -+ client = Resolv.getname(ip) -+ rescue => detail -+ Puppet.err "Could not resolve #{ip}: #{detail}" -+ client = "unknown" -+ end -+ valid = false -+ end -+ -+ info = Puppet::Network::ClientRequest.new(client, ip, valid) -+ -+ info -+ end -+ -+ # Taken from XMLRPC::ParseContentType -+ def parse_content_type(str) -+ a, *b = str.split(";") -+ return a.strip, *b -+ end -+ end -+end --- -1.7.7 - diff --git a/puppet-2.6.12.tar.gz.asc b/puppet-2.6.12.tar.gz.asc deleted file mode 100644 index 6aae796..0000000 --- a/puppet-2.6.12.tar.gz.asc +++ /dev/null @@ -1,17 +0,0 @@ ------BEGIN PGP SIGNATURE----- -Version: GnuPG v1.4.11 (GNU/Linux) - -iQIcBAABAgAGBQJOomPfAAoJEBBUt6JL1uww6QYP/0xT7OQnK5TZ0Q94KWHRHmje -UZxqhNKt3+xlH74wNM0W81HWJNvRkhVHu0ez8S3ERnExAdFfXG4lkr1kLmmQhKeN -xLW9xN5A31GU+SnjDhRtzzCujFEeexw4ZlWTKdrWtwvli7P/katInxXlNKqpZujl -IDq4+WhjrJ9/4sE0VqjrlOwfOjJPbFMg5M1MNDkS3P5VffHLhp2wdbeFmQH1TpHi -qhEh+vmJw9WO1+z0v/kgL2S8YQH4kCJ82vGG9xfxF5fIwgrL7xVxU4a1FS4Oypy6 -2Vff9tP9iBKGErTUwOSbxeJDkHRuQ3oc2hGTUfR8cmAZ5YUavbbIqbWPvOd142rF -+vDyxpcUO+tSZn4o12Wj+sZww+KuviHyexk3BmxNAPOW2UPMPfU9CcaZdkuKV7d3 -CyJ4dWg9YX7wY42C+rh7ztQ9LW4hWGcmdvroknfMMJdrR8ARAby0fbApeB5V42Rk -fuh45I7GRlQMKcMhJR/nJM5/OL1Bjn5nyAkL6JoddJZO0LVBswTmcbgmhJaRlF6M -YL92nFrGmKiltlEoAAslSKgDMkZJCdaTv2PQxrtpMEp6wBYSfNF0h0u92gKEltkJ -/6eXIcyGIQAVWwuLPqgvZXtqMx9irB1xJTr41MVwkqZzy6kct/dAXXrosi+xg9eM -FpTONL84pFqy0qkbbM/Q -=ipk9 ------END PGP SIGNATURE----- diff --git a/puppet-2.6.13.tar.gz.asc b/puppet-2.6.13.tar.gz.asc new file mode 100644 index 0000000..a08605c --- /dev/null +++ b/puppet-2.6.13.tar.gz.asc @@ -0,0 +1,18 @@ +-----BEGIN PGP SIGNATURE----- +Version: GnuPG/MacGPG2 v2.0.17 (Darwin) +Comment: GPGTools - http://gpgtools.org + +iQIcBAABAgAGBQJO5oXOAAoJEBBUt6JL1uwwpXcQAKOsWL+65lJh2lUExw7fuMsq +injUsJ+Xh5VufrKqFIiJBqJ9jj7OCeB02I8mEn+vJPmdHg9w6EgAzrmV9QBZIisQ +GpJWDo/o7AyPzFyEiNY2Z3zu2NALdo6sINya7BpIOqPrhHyEn4zVH5i8kSrD7c9U +RG6j2PMNjOWVZb1S69aFeIkFoSpX4ri6uve8zC2VBa2pLA3jbedUHJku9EI4R52d +OeEB71P4wi9OaoaebOCXDrgcmUH1BG6+YT6YhAJwGclpLVtd6bGkjnVKE7l5wuCW +6F94ZZWOo5OSx56LB+gVjOcV3GQ7SQkpOrIrS3AjEm+y8ZTzHXpHOyNmeNIqYj3l +CUWcU1ip9gK4fYU7JxNchzeQJFVPe794EIeiKW2mXRajStwnaI4SXYCVmXnTxJrL +29bzbBBiwl4xQu38MZdyrQ+a8d6EOVcTgG46dWe1COX6cKT67azx0zsdulpzPaTM +0ix9kchR0U7wVISubgyRmccZfrQ1zhoOS8EAexqDzWbAsL0046RTP5yQcIG5NGCh +MDJQFTaP/9CW075sXqe31vKjy91zOqf49Uy4PuMOuZ6mLyg3/CabLkpew7Q2L7PJ +dV3Bek2ia5tEBiYIHxuVeAVqboyBgeRvRvWooEn4Ie3MFmikXSvnddhhrk7wrTqK +6iokskdLK8l59X3bc9bz +=aeT+ +-----END PGP SIGNATURE----- diff --git a/puppet.spec b/puppet.spec index 9a752d7..b540357 100644 --- a/puppet.spec +++ b/puppet.spec @@ -5,17 +5,15 @@ %global confdir conf/redhat Name: puppet -Version: 2.6.12 +Version: 2.6.13 Release: 1%{?dist} Summary: A network tool for managing many disparate systems License: GPLv2 URL: http://puppetlabs.com Source0: http://downloads.puppetlabs.com/%{name}/%{name}-%{version}.tar.gz Source1: http://downloads.puppetlabs.com/%{name}/%{name}-%{version}.tar.gz.asc -# https://projects.puppetlabs.com/issues/10244 -Patch0: 0001-10244-Restore-Mongrel-XMLRPC-functionality.patch # https://projects.puppetlabs.com/issues/9167 -Patch1: 0001-9167-Do-not-sent-tagmail-reports-if-no-changes.patch +Patch0: 0001-9167-Do-not-sent-tagmail-reports-if-no-changes.patch Group: System Environment/Base @@ -71,7 +69,6 @@ The server can also function as a certificate authority and file server. %prep %setup -q %patch0 -p1 -%patch1 -p1 patch -s -p1 < conf/redhat/rundir-perms.patch %build @@ -258,6 +255,9 @@ fi rm -rf %{buildroot} %changelog +* Wed Dec 14 2011 Todd Zullinger - 2.6.13-1 +- Update to 2.6.13 + * Sun Oct 23 2011 Todd Zullinger - 2.6.12-1 - Update to 2.6.12, fixes CVE-2011-3872 - Add upstream patch to restore Mongrel XMLRPC functionality (upstream #10244) diff --git a/sources b/sources index 6288f93..16f8fec 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -3851b1a33cde9d697d5c5c21ef795438 puppet-2.6.12.tar.gz +e7d684c4d0b0f130aa54de4bb6759824 puppet-2.6.13.tar.gz