Update to 2.6.13

epel9
Todd Zullinger 13 years ago
parent 47fcf33655
commit e080a6a4c0

@ -1,161 +0,0 @@
From 908aef3579534f7718dfbdeb24fad94591186a3f Mon Sep 17 00:00:00 2001
From: Nick Lewis <nick@puppetlabs.com>
Date: Mon, 24 Oct 2011 10:13:33 -0700
Subject: [PATCH] (#10244) Restore Mongrel XMLRPC functionality
This code was over-eagerly removed, when it turns out to actually
still be necessary for backward compatibility with XMLRPC clients.
---
lib/puppet/network/http_server.rb | 3 +
lib/puppet/network/http_server/mongrel.rb | 130 +++++++++++++++++++++++++++++
2 files changed, 133 insertions(+), 0 deletions(-)
create mode 100644 lib/puppet/network/http_server.rb
create mode 100644 lib/puppet/network/http_server/mongrel.rb
diff --git a/lib/puppet/network/http_server.rb b/lib/puppet/network/http_server.rb
new file mode 100644
index 0000000..e3826a6
--- /dev/null
+++ b/lib/puppet/network/http_server.rb
@@ -0,0 +1,3 @@
+# Just a stub, so we can correctly scope other classes.
+module Puppet::Network::HTTPServer # :nodoc:
+end
diff --git a/lib/puppet/network/http_server/mongrel.rb b/lib/puppet/network/http_server/mongrel.rb
new file mode 100644
index 0000000..ce0401a
--- /dev/null
+++ b/lib/puppet/network/http_server/mongrel.rb
@@ -0,0 +1,129 @@
+#!/usr/bin/env ruby
+# File: 06-11-14-mongrel_xmlrpc.rb
+# Author: Manuel Holtgrewe <purestorm at ggnore.net>
+#
+# Copyright (c) 2006 Manuel Holtgrewe, 2007 Luke Kanies
+#
+# This file is based heavily on a file retrieved from
+# http://ttt.ggnore.net/2006/11/15/xmlrpc-with-mongrel-and-ruby-off-rails/
+
+require 'rubygems'
+require 'mongrel'
+require 'xmlrpc/server'
+require 'puppet/network/xmlrpc/server'
+require 'puppet/network/http_server'
+require 'puppet/network/client_request'
+require 'puppet/network/handler'
+
+require 'resolv'
+
+# This handler can be hooked into Mongrel to accept HTTP requests. After
+# checking whether the request itself is sane, the handler forwards it
+# to an internal instance of XMLRPC::BasicServer to process it.
+#
+# You can access the server by calling the Handler's "xmlrpc_server"
+# attribute accessor method and add XMLRPC handlers there. For example:
+#
+# <pre>
+# handler = XmlRpcHandler.new
+# handler.xmlrpc_server.add_handler("my.add") { |a, b| a.to_i + b.to_i }
+# </pre>
+module Puppet::Network
+ class HTTPServer::Mongrel < ::Mongrel::HttpHandler
+ attr_reader :xmlrpc_server
+
+ def initialize(handlers)
+ if Puppet[:debug]
+ $mongrel_debug_client = true
+ Puppet.debug 'Mongrel client debugging enabled. [$mongrel_debug_client = true].'
+ end
+ # Create a new instance of BasicServer. We are supposed to subclass it
+ # but that does not make sense since we would not introduce any new
+ # behaviour and we have to subclass Mongrel::HttpHandler so our handler
+ # works for Mongrel.
+ @xmlrpc_server = Puppet::Network::XMLRPCServer.new
+ handlers.each do |name|
+ unless handler = Puppet::Network::Handler.handler(name)
+ raise ArgumentError, "Invalid handler #{name}"
+ end
+ @xmlrpc_server.add_handler(handler.interface, handler.new({}))
+ end
+ end
+
+ # This method produces the same results as XMLRPC::CGIServer.serve
+ # from Ruby's stdlib XMLRPC implementation.
+ def process(request, response)
+ # Make sure this has been a POST as required for XMLRPC.
+ request_method = request.params[Mongrel::Const::REQUEST_METHOD] || Mongrel::Const::GET
+ if request_method != "POST"
+ response.start(405) { |head, out| out.write("Method Not Allowed") }
+ return
+ end
+
+ # Make sure the user has sent text/xml data.
+ request_mime = request.params["CONTENT_TYPE"] || "text/plain"
+ if parse_content_type(request_mime).first != "text/xml"
+ response.start(400) { |head, out| out.write("Bad Request") }
+ return
+ end
+
+ # Make sure there is data in the body at all.
+ length = request.params[Mongrel::Const::CONTENT_LENGTH].to_i
+ if length <= 0
+ response.start(411) { |head, out| out.write("Length Required") }
+ return
+ end
+
+ # Check the body to be valid.
+ if request.body.nil? or request.body.size != length
+ response.start(400) { |head, out| out.write("Bad Request") }
+ return
+ end
+
+ info = client_info(request)
+
+ # All checks above passed through
+ response.start(200) do |head, out|
+ head["Content-Type"] = "text/xml; charset=utf-8"
+ begin
+ out.write(@xmlrpc_server.process(request.body, info))
+ rescue => detail
+ puts detail.backtrace
+ raise
+ end
+ end
+ end
+
+ private
+
+ def client_info(request)
+ params = request.params
+ ip = params["HTTP_X_FORWARDED_FOR"] ? params["HTTP_X_FORWARDED_FOR"].split(',').last.strip : params["REMOTE_ADDR"]
+ # JJM #906 The following dn.match regular expression is forgiving
+ # enough to match the two Distinguished Name string contents
+ # coming from Apache, Pound or other reverse SSL proxies.
+ if dn = params[Puppet[:ssl_client_header]] and dn_matchdata = dn.match(/^.*?CN\s*=\s*(.*)/)
+ client = dn_matchdata[1].to_str
+ valid = (params[Puppet[:ssl_client_verify_header]] == 'SUCCESS')
+ else
+ begin
+ client = Resolv.getname(ip)
+ rescue => detail
+ Puppet.err "Could not resolve #{ip}: #{detail}"
+ client = "unknown"
+ end
+ valid = false
+ end
+
+ info = Puppet::Network::ClientRequest.new(client, ip, valid)
+
+ info
+ end
+
+ # Taken from XMLRPC::ParseContentType
+ def parse_content_type(str)
+ a, *b = str.split(";")
+ return a.strip, *b
+ end
+ end
+end
--
1.7.7

@ -1,17 +0,0 @@
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iQIcBAABAgAGBQJOomPfAAoJEBBUt6JL1uww6QYP/0xT7OQnK5TZ0Q94KWHRHmje
UZxqhNKt3+xlH74wNM0W81HWJNvRkhVHu0ez8S3ERnExAdFfXG4lkr1kLmmQhKeN
xLW9xN5A31GU+SnjDhRtzzCujFEeexw4ZlWTKdrWtwvli7P/katInxXlNKqpZujl
IDq4+WhjrJ9/4sE0VqjrlOwfOjJPbFMg5M1MNDkS3P5VffHLhp2wdbeFmQH1TpHi
qhEh+vmJw9WO1+z0v/kgL2S8YQH4kCJ82vGG9xfxF5fIwgrL7xVxU4a1FS4Oypy6
2Vff9tP9iBKGErTUwOSbxeJDkHRuQ3oc2hGTUfR8cmAZ5YUavbbIqbWPvOd142rF
+vDyxpcUO+tSZn4o12Wj+sZww+KuviHyexk3BmxNAPOW2UPMPfU9CcaZdkuKV7d3
CyJ4dWg9YX7wY42C+rh7ztQ9LW4hWGcmdvroknfMMJdrR8ARAby0fbApeB5V42Rk
fuh45I7GRlQMKcMhJR/nJM5/OL1Bjn5nyAkL6JoddJZO0LVBswTmcbgmhJaRlF6M
YL92nFrGmKiltlEoAAslSKgDMkZJCdaTv2PQxrtpMEp6wBYSfNF0h0u92gKEltkJ
/6eXIcyGIQAVWwuLPqgvZXtqMx9irB1xJTr41MVwkqZzy6kct/dAXXrosi+xg9eM
FpTONL84pFqy0qkbbM/Q
=ipk9
-----END PGP SIGNATURE-----

@ -0,0 +1,18 @@
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
iQIcBAABAgAGBQJO5oXOAAoJEBBUt6JL1uwwpXcQAKOsWL+65lJh2lUExw7fuMsq
injUsJ+Xh5VufrKqFIiJBqJ9jj7OCeB02I8mEn+vJPmdHg9w6EgAzrmV9QBZIisQ
GpJWDo/o7AyPzFyEiNY2Z3zu2NALdo6sINya7BpIOqPrhHyEn4zVH5i8kSrD7c9U
RG6j2PMNjOWVZb1S69aFeIkFoSpX4ri6uve8zC2VBa2pLA3jbedUHJku9EI4R52d
OeEB71P4wi9OaoaebOCXDrgcmUH1BG6+YT6YhAJwGclpLVtd6bGkjnVKE7l5wuCW
6F94ZZWOo5OSx56LB+gVjOcV3GQ7SQkpOrIrS3AjEm+y8ZTzHXpHOyNmeNIqYj3l
CUWcU1ip9gK4fYU7JxNchzeQJFVPe794EIeiKW2mXRajStwnaI4SXYCVmXnTxJrL
29bzbBBiwl4xQu38MZdyrQ+a8d6EOVcTgG46dWe1COX6cKT67azx0zsdulpzPaTM
0ix9kchR0U7wVISubgyRmccZfrQ1zhoOS8EAexqDzWbAsL0046RTP5yQcIG5NGCh
MDJQFTaP/9CW075sXqe31vKjy91zOqf49Uy4PuMOuZ6mLyg3/CabLkpew7Q2L7PJ
dV3Bek2ia5tEBiYIHxuVeAVqboyBgeRvRvWooEn4Ie3MFmikXSvnddhhrk7wrTqK
6iokskdLK8l59X3bc9bz
=aeT+
-----END PGP SIGNATURE-----

@ -5,17 +5,15 @@
%global confdir conf/redhat
Name: puppet
Version: 2.6.12
Version: 2.6.13
Release: 1%{?dist}
Summary: A network tool for managing many disparate systems
License: GPLv2
URL: http://puppetlabs.com
Source0: http://downloads.puppetlabs.com/%{name}/%{name}-%{version}.tar.gz
Source1: http://downloads.puppetlabs.com/%{name}/%{name}-%{version}.tar.gz.asc
# https://projects.puppetlabs.com/issues/10244
Patch0: 0001-10244-Restore-Mongrel-XMLRPC-functionality.patch
# https://projects.puppetlabs.com/issues/9167
Patch1: 0001-9167-Do-not-sent-tagmail-reports-if-no-changes.patch
Patch0: 0001-9167-Do-not-sent-tagmail-reports-if-no-changes.patch
Group: System Environment/Base
@ -71,7 +69,6 @@ The server can also function as a certificate authority and file server.
%prep
%setup -q
%patch0 -p1
%patch1 -p1
patch -s -p1 < conf/redhat/rundir-perms.patch
%build
@ -258,6 +255,9 @@ fi
rm -rf %{buildroot}
%changelog
* Wed Dec 14 2011 Todd Zullinger <tmz@pobox.com> - 2.6.13-1
- Update to 2.6.13
* Sun Oct 23 2011 Todd Zullinger <tmz@pobox.com> - 2.6.12-1
- Update to 2.6.12, fixes CVE-2011-3872
- Add upstream patch to restore Mongrel XMLRPC functionality (upstream #10244)

@ -1 +1 @@
3851b1a33cde9d697d5c5c21ef795438 puppet-2.6.12.tar.gz
e7d684c4d0b0f130aa54de4bb6759824 puppet-2.6.13.tar.gz

Loading…
Cancel
Save