From e22a5fac51f63e109cb9088c56160577c65bb7a9 Mon Sep 17 00:00:00 2001 From: Michael Stahnke Date: Wed, 13 Mar 2013 17:28:46 -0700 Subject: [PATCH] Update Puppet to 2.6.18 for various security fixes BZ#920845 Fixes for CVE-2013-1640 CVE-2013-1652 CVE-2013-1653 CVE-2013-1654 CVE-2013-1655 CVE-2013-2274 CVE-2013-2275 see puppetlabs.com/security for more information. This commit also rebases the webrick compatibility patch to be a cherry-pick from upstream rather than a Fedora-specific patch. Signed-off-by: Michael Stahnke --- ...lerant-of-old-clients-in-WEBrick-ser.patch | 21 +++++++++++-------- puppet.spec | 11 +++++++--- sources | 4 ++-- 3 files changed, 22 insertions(+), 14 deletions(-) rename puppetmaster-old-client-compat.patch => 0001-18781-Be-more-tolerant-of-old-clients-in-WEBrick-ser.patch (72%) diff --git a/puppetmaster-old-client-compat.patch b/0001-18781-Be-more-tolerant-of-old-clients-in-WEBrick-ser.patch similarity index 72% rename from puppetmaster-old-client-compat.patch rename to 0001-18781-Be-more-tolerant-of-old-clients-in-WEBrick-ser.patch index 3787cde..f7b210c 100644 --- a/puppetmaster-old-client-compat.patch +++ b/0001-18781-Be-more-tolerant-of-old-clients-in-WEBrick-ser.patch @@ -1,4 +1,4 @@ -From ec462b7b974fc34110437010f862780fb2ee39a3 Mon Sep 17 00:00:00 2001 +From 7bb4a6efee2f6f0c775df5f53b868e7c2e86919f Mon Sep 17 00:00:00 2001 From: Daniel Drake Date: Thu, 14 Feb 2013 15:05:10 -0600 Subject: [PATCH] (#18781) Be more tolerant of old clients in WEBrick server @@ -16,15 +16,15 @@ Here we patch the WEBrick constant which specifies the maximum size of a HTTP GET request, increasing it to a value that should work for common setups. --- - lib/puppet/util/monkey_patches.rb | 9 +++++++++ - 1 file changed, 9 insertions(+) + lib/puppet/util/monkey_patches.rb | 10 ++++++++++ + 1 file changed, 10 insertions(+) -Index: puppet-3.1.0/lib/puppet/util/monkey_patches.rb -=================================================================== ---- puppet-3.1.0.orig/lib/puppet/util/monkey_patches.rb -+++ puppet-3.1.0/lib/puppet/util/monkey_patches.rb -@@ -356,3 +356,13 @@ unless Dir.respond_to?(:mktmpdir) - end +diff --git a/lib/puppet/util/monkey_patches.rb b/lib/puppet/util/monkey_patches.rb +index ca19fa4..f7b13a5 100644 +--- a/lib/puppet/util/monkey_patches.rb ++++ b/lib/puppet/util/monkey_patches.rb +@@ -394,3 +394,13 @@ class OpenSSL::SSL::SSLContext + set_params(params) end end + @@ -37,3 +37,6 @@ Index: puppet-3.1.0/lib/puppet/util/monkey_patches.rb + WEBrick::HTTPRequest.const_set("MAX_URI_LENGTH", 8192) + $VERBOSE = v +end +-- +1.7.12.4 (Apple Git-37) + diff --git a/puppet.spec b/puppet.spec index b53af53..a6d4cc4 100644 --- a/puppet.spec +++ b/puppet.spec @@ -22,8 +22,8 @@ %global ruby_version %(ruby -rrbconfig -e 'puts RbConfig::CONFIG["ruby_version"]') Name: puppet -Version: 3.1.0 -Release: 4%{?dist} +Version: 3.1.1 +Release: 1%{?dist} Summary: A network tool for managing many disparate systems License: ASL 2.0 URL: http://puppetlabs.com @@ -31,7 +31,8 @@ Source0: http://downloads.puppetlabs.com/%{name}/%{name}-%{version}.tar.g Source1: http://downloads.puppetlabs.com/%{name}/%{name}-%{version}.tar.gz.asc Source2: puppet-nm-dispatcher -Patch0: puppetmaster-old-client-compat.patch +# Pulled from upstream, will be released the next time they cut a release from master +Patch0: 0001-18781-Be-more-tolerant-of-old-clients-in-WEBrick-ser.patch Group: System Environment/Base @@ -351,6 +352,10 @@ fi rm -rf %{buildroot} %changelog +* Wed Mar 13 2013 Michael Stahnke - 3.1.1-1 +- Fixes for CVE-2013-1640 CVE-2013-1652 CVE-2013-1653 CVE-2013-1654 +- CVE-2013-1655 CVE-2013-2274 CVE-2013-2275 + * Thu Mar 07 2013 Michael Stahnke - 3.1.0-4 - Disable systemd in F18 as per bz#873853 - Update Patch0 to work with 3.1 diff --git a/sources b/sources index 1290ba0..80391e5 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -4cbdcc9dfcda677c820175375a500651 puppet-3.1.0.tar.gz -d2e905ef5ae97b8b196f508082fb4680 puppet-3.1.0.tar.gz.asc +e942079612703a460a9fdb52e6bcae4a puppet-3.1.1.tar.gz +456e385fb52cccfcd2a809e899267fa8 puppet-3.1.1.tar.gz.asc