Update to 2.6.13

13 years ago · e080a6a4c0
parent 47fcf33655
commit e080a6a4c0
5 changed files with 24 additions and 184 deletions
--- a/0001-10244-Restore-Mongrel-XMLRPC-functionality.patch
+++ b/0001-10244-Restore-Mongrel-XMLRPC-functionality.patch
@ -1,161 +0,0 @@
 From 908aef3579534f7718dfbdeb24fad94591186a3f Mon Sep 17 00:00:00 2001
 From: Nick Lewis <nick@puppetlabs.com>
 Date: Mon, 24 Oct 2011 10:13:33 -0700
 Subject: [PATCH] (#10244) Restore Mongrel XMLRPC functionality
 This code was over-eagerly removed, when it turns out to actually
 still be necessary for backward compatibility with XMLRPC clients.
 ---
 lib/puppet/network/http_server.rb         |    3 +
 lib/puppet/network/http_server/mongrel.rb |  130 +++++++++++++++++++++++++++++
 2 files changed, 133 insertions(+), 0 deletions(-)
 create mode 100644 lib/puppet/network/http_server.rb
 create mode 100644 lib/puppet/network/http_server/mongrel.rb
 diff --git a/lib/puppet/network/http_server.rb b/lib/puppet/network/http_server.rb
 new file mode 100644
 index 0000000..e3826a6
 --- /dev/null
 +++ b/lib/puppet/network/http_server.rb
@@ -0,0 +1,3 @@
 +# Just a stub, so we can correctly scope other classes.
 +module Puppet::Network::HTTPServer # :nodoc:
 +end
 diff --git a/lib/puppet/network/http_server/mongrel.rb b/lib/puppet/network/http_server/mongrel.rb
 new file mode 100644
 index 0000000..ce0401a
 --- /dev/null
 +++ b/lib/puppet/network/http_server/mongrel.rb
@@ -0,0 +1,129 @@
 +#!/usr/bin/env ruby
 +# File:       06-11-14-mongrel_xmlrpc.rb
 +# Author:     Manuel Holtgrewe <purestorm at ggnore.net>
 +#
 +# Copyright (c) 2006 Manuel Holtgrewe, 2007 Luke Kanies
 +#
 +# This file is based heavily on a file retrieved from
 +# http://ttt.ggnore.net/2006/11/15/xmlrpc-with-mongrel-and-ruby-off-rails/
 +
 +require 'rubygems'
 +require 'mongrel'
 +require 'xmlrpc/server'
 +require 'puppet/network/xmlrpc/server'
 +require 'puppet/network/http_server'
 +require 'puppet/network/client_request'
 +require 'puppet/network/handler'
 +
 +require 'resolv'
 +
 +# This handler can be hooked into Mongrel to accept HTTP requests. After
 +# checking whether the request itself is sane, the handler forwards it
 +# to an internal instance of XMLRPC::BasicServer to process it.
 +#
 +# You can access the server by calling the Handler's "xmlrpc_server"
 +# attribute accessor method and add XMLRPC handlers there. For example:
 +#
 +# <pre>
 +# handler = XmlRpcHandler.new
 +# handler.xmlrpc_server.add_handler("my.add") { |a, b| a.to_i + b.to_i }
 +# </pre>
 +module Puppet::Network
 +  class HTTPServer::Mongrel < ::Mongrel::HttpHandler
 +    attr_reader :xmlrpc_server
 +
 +    def initialize(handlers)
 +      if Puppet[:debug]
 +        $mongrel_debug_client = true
 +        Puppet.debug 'Mongrel client debugging enabled. [$mongrel_debug_client = true].'
 +      end
 +      # Create a new instance of BasicServer. We are supposed to subclass it
 +      # but that does not make sense since we would not introduce any new
 +      # behaviour and we have to subclass Mongrel::HttpHandler so our handler
 +      # works for Mongrel.
 +      @xmlrpc_server = Puppet::Network::XMLRPCServer.new
 +      handlers.each do |name|
 +        unless handler = Puppet::Network::Handler.handler(name)
 +          raise ArgumentError, "Invalid handler #{name}"
 +        end
 +        @xmlrpc_server.add_handler(handler.interface, handler.new({}))
 +      end
 +    end
 +
 +    # This method produces the same results as XMLRPC::CGIServer.serve
 +    # from Ruby's stdlib XMLRPC implementation.
 +    def process(request, response)
 +      # Make sure this has been a POST as required for XMLRPC.
 +      request_method = request.params[Mongrel::Const::REQUEST_METHOD] || Mongrel::Const::GET
 +      if request_method != "POST"
 +        response.start(405) { |head, out| out.write("Method Not Allowed") }
 +        return
 +      end
 +
 +      # Make sure the user has sent text/xml data.
 +      request_mime = request.params["CONTENT_TYPE"] || "text/plain"
 +      if parse_content_type(request_mime).first != "text/xml"
 +        response.start(400) { |head, out| out.write("Bad Request") }
 +        return
 +      end
 +
 +      # Make sure there is data in the body at all.
 +      length = request.params[Mongrel::Const::CONTENT_LENGTH].to_i
 +      if length <= 0
 +        response.start(411) { |head, out| out.write("Length Required") }
 +        return
 +      end
 +
 +      # Check the body to be valid.
 +      if request.body.nil? or request.body.size != length
 +        response.start(400) { |head, out| out.write("Bad Request") }
 +        return
 +      end
 +
 +      info = client_info(request)
 +
 +      # All checks above passed through
 +      response.start(200) do |head, out|
 +        head["Content-Type"] = "text/xml; charset=utf-8"
 +        begin
 +          out.write(@xmlrpc_server.process(request.body, info))
 +        rescue => detail
 +          puts detail.backtrace
 +          raise
 +        end
 +      end
 +    end
 +
 +    private
 +
 +    def client_info(request)
 +      params = request.params
 +      ip = params["HTTP_X_FORWARDED_FOR"] ? params["HTTP_X_FORWARDED_FOR"].split(',').last.strip : params["REMOTE_ADDR"]
 +      # JJM #906 The following dn.match regular expression is forgiving
 +      # enough to match the two Distinguished Name string contents
 +      # coming from Apache, Pound or other reverse SSL proxies.
 +      if dn = params[Puppet[:ssl_client_header]] and dn_matchdata = dn.match(/^.*?CN\s*=\s*(.*)/)
 +        client = dn_matchdata[1].to_str
 +        valid = (params[Puppet[:ssl_client_verify_header]] == 'SUCCESS')
 +      else
 +        begin
 +          client = Resolv.getname(ip)
 +        rescue => detail
 +          Puppet.err "Could not resolve #{ip}: #{detail}"
 +          client = "unknown"
 +        end
 +        valid = false
 +      end
 +
 +      info = Puppet::Network::ClientRequest.new(client, ip, valid)
 +
 +      info
 +    end
 +
 +    # Taken from XMLRPC::ParseContentType
 +    def parse_content_type(str)
 +      a, *b = str.split(";")
 +      return a.strip, *b
 +    end
 +  end
 +end
 -- 
 1.7.7
--- a/puppet-2.6.12.tar.gz.asc
+++ b/puppet-2.6.12.tar.gz.asc
@ -1,17 +0,0 @@
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.11 (GNU/Linux)
 iQIcBAABAgAGBQJOomPfAAoJEBBUt6JL1uww6QYP/0xT7OQnK5TZ0Q94KWHRHmje
 UZxqhNKt3+xlH74wNM0W81HWJNvRkhVHu0ez8S3ERnExAdFfXG4lkr1kLmmQhKeN
 xLW9xN5A31GU+SnjDhRtzzCujFEeexw4ZlWTKdrWtwvli7P/katInxXlNKqpZujl
 IDq4+WhjrJ9/4sE0VqjrlOwfOjJPbFMg5M1MNDkS3P5VffHLhp2wdbeFmQH1TpHi
 qhEh+vmJw9WO1+z0v/kgL2S8YQH4kCJ82vGG9xfxF5fIwgrL7xVxU4a1FS4Oypy6
 2Vff9tP9iBKGErTUwOSbxeJDkHRuQ3oc2hGTUfR8cmAZ5YUavbbIqbWPvOd142rF
 +vDyxpcUO+tSZn4o12Wj+sZww+KuviHyexk3BmxNAPOW2UPMPfU9CcaZdkuKV7d3
 CyJ4dWg9YX7wY42C+rh7ztQ9LW4hWGcmdvroknfMMJdrR8ARAby0fbApeB5V42Rk
 fuh45I7GRlQMKcMhJR/nJM5/OL1Bjn5nyAkL6JoddJZO0LVBswTmcbgmhJaRlF6M
 YL92nFrGmKiltlEoAAslSKgDMkZJCdaTv2PQxrtpMEp6wBYSfNF0h0u92gKEltkJ
 /6eXIcyGIQAVWwuLPqgvZXtqMx9irB1xJTr41MVwkqZzy6kct/dAXXrosi+xg9eM
 FpTONL84pFqy0qkbbM/Q
 =ipk9
 -----END PGP SIGNATURE-----
--- a/puppet-2.6.13.tar.gz.asc
+++ b/puppet-2.6.13.tar.gz.asc
@ -0,0 +1,18 @@
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
 Comment: GPGTools - http://gpgtools.org
 iQIcBAABAgAGBQJO5oXOAAoJEBBUt6JL1uwwpXcQAKOsWL+65lJh2lUExw7fuMsq
 injUsJ+Xh5VufrKqFIiJBqJ9jj7OCeB02I8mEn+vJPmdHg9w6EgAzrmV9QBZIisQ
 GpJWDo/o7AyPzFyEiNY2Z3zu2NALdo6sINya7BpIOqPrhHyEn4zVH5i8kSrD7c9U
 RG6j2PMNjOWVZb1S69aFeIkFoSpX4ri6uve8zC2VBa2pLA3jbedUHJku9EI4R52d
 OeEB71P4wi9OaoaebOCXDrgcmUH1BG6+YT6YhAJwGclpLVtd6bGkjnVKE7l5wuCW
 6F94ZZWOo5OSx56LB+gVjOcV3GQ7SQkpOrIrS3AjEm+y8ZTzHXpHOyNmeNIqYj3l
 CUWcU1ip9gK4fYU7JxNchzeQJFVPe794EIeiKW2mXRajStwnaI4SXYCVmXnTxJrL
 29bzbBBiwl4xQu38MZdyrQ+a8d6EOVcTgG46dWe1COX6cKT67azx0zsdulpzPaTM
 0ix9kchR0U7wVISubgyRmccZfrQ1zhoOS8EAexqDzWbAsL0046RTP5yQcIG5NGCh
 MDJQFTaP/9CW075sXqe31vKjy91zOqf49Uy4PuMOuZ6mLyg3/CabLkpew7Q2L7PJ
 dV3Bek2ia5tEBiYIHxuVeAVqboyBgeRvRvWooEn4Ie3MFmikXSvnddhhrk7wrTqK
 6iokskdLK8l59X3bc9bz
 =aeT+
 -----END PGP SIGNATURE-----
--- a/puppet.spec
+++ b/puppet.spec
@ -5,17 +5,15 @@
 %global confdir conf/redhat
 Name:           puppet
-Version:        2.6.12
+Version:        2.6.13
 Release:        1%{?dist}
 Summary:        A network tool for managing many disparate systems
 License:        GPLv2
 URL:            http://puppetlabs.com
 Source0:        http://downloads.puppetlabs.com/%{name}/%{name}-%{version}.tar.gz
 Source1:        http://downloads.puppetlabs.com/%{name}/%{name}-%{version}.tar.gz.asc
 # https://projects.puppetlabs.com/issues/10244
 Patch0:         0001-10244-Restore-Mongrel-XMLRPC-functionality.patch
 # https://projects.puppetlabs.com/issues/9167
-Patch1:         0001-9167-Do-not-sent-tagmail-reports-if-no-changes.patch
+Patch0:         0001-9167-Do-not-sent-tagmail-reports-if-no-changes.patch
 Group:          System Environment/Base
@ -71,7 +69,6 @@ The server can also function as a certificate authority and file server.
 %prep
 %setup -q
 %patch0 -p1
 %patch1 -p1
 patch -s -p1 < conf/redhat/rundir-perms.patch
 %build
@ -258,6 +255,9 @@ fi
 rm -rf %{buildroot}
 %changelog
 * Wed Dec 14 2011 Todd Zullinger <tmz@pobox.com> - 2.6.13-1
 - Update to 2.6.13
 * Sun Oct 23 2011 Todd Zullinger <tmz@pobox.com> - 2.6.12-1
 - Update to 2.6.12, fixes CVE-2011-3872
 - Add upstream patch to restore Mongrel XMLRPC functionality (upstream #10244)
--- a/2
+++ b/2
@ -1 +1 @@
-3851b1a33cde9d697d5c5c21ef795438  puppet-2.6.12.tar.gz
+e7d684c4d0b0f130aa54de4bb6759824  puppet-2.6.13.tar.gz
`@ -1 +1 @@`
	`3851b1a33cde9d697d5c5c21ef795438 puppet-2.6.12.tar.gz`	`e7d684c4d0b0f130aa54de4bb6759824 puppet-2.6.13.tar.gz`