redadmin/pcs
1
0
Fork 0
forked from rpms/pcs
Code Pull Requests Activity

Import from CS git

Browse Source
This commit is contained in:
eabdullin 2025-05-28 12:26:27 +00:00
parent e63fae68be
commit 54b1d828ea
4 changed files with 61 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
.gitignore vendored
View File

@ -12,11 +12,11 @@ SOURCES/pcs-0.10.18.tar.gz
SOURCES/puma-6.4.0.gem
SOURCES/pyagentx-0.4.pcs.2.tar.gz
SOURCES/python-dateutil-2.8.2.tar.gz
SOURCES/rack-2.2.8.1.gem
SOURCES/rack-2.2.16.gem
SOURCES/rack-protection-2.2.4.gem
SOURCES/rack-test-2.1.0.gem
SOURCES/rexml-3.3.6.gem
SOURCES/ruby2_keywords-0.0.5.gem
SOURCES/sinatra-2.2.4.gem
SOURCES/tilt-2.3.0.gem
SOURCES/tornado-6.1.0.pcs.1.tar.gz
SOURCES/tornado-6.1.0.pcs.2.tar.gz

4
.pcs.metadata
View File

@ -12,11 +12,11 @@ b3cd873042b17021355b68f1f7aa313f0c1f3fee SOURCES/pcs-0.10.18.tar.gz
d6049c4555f3c9d198e6eb1d7e53ce9b68e175ff SOURCES/puma-6.4.0.gem
3176b2f2b332c2b6bf79fe882e83feecf3d3f011 SOURCES/pyagentx-0.4.pcs.2.tar.gz
c2ba10c775b7a52a4b57cac4d4110a0c0f812a82 SOURCES/python-dateutil-2.8.2.tar.gz
fcdee79d1b0bb7e3666bad96321fc124bc8215e9 SOURCES/rack-2.2.8.1.gem
807c69f4ebada58686cee22884623063745007c2 SOURCES/rack-2.2.16.gem
5347315a7283f0b04443e924ed4eaa17807432c8 SOURCES/rack-protection-2.2.4.gem
ae09ea83748b55875edc3708fffba90db180cb8e SOURCES/rack-test-2.1.0.gem
89f8446e89976f3677767d426a4edc6ccba574be SOURCES/rexml-3.3.6.gem
d017b9e4d1978e0b3ccc3e2a31493809e4693cd3 SOURCES/ruby2_keywords-0.0.5.gem
fa6a6c98f885e93f54c23dd0454cae906e82c31b SOURCES/sinatra-2.2.4.gem
4a38a9a55887b2882182a2c5771e592efe514e5e SOURCES/tilt-2.3.0.gem
c65f61a0f55a342f142f2a6be2d5fcc7f4cab0c9 SOURCES/tornado-6.1.0.pcs.1.tar.gz
3e0fc1e17c45a8e25bdd6ade8dbbc522f64f2ae1 SOURCES/tornado-6.1.0.pcs.2.tar.gz

45
SOURCES/RHEL-90147-support-for-query-limits-in-rack.patch Normal file
View File

@ -0,0 +1,45 @@
From 0ad47ec40b7a9a2cb6bdbdf11e1e5b3c59f49b8b Mon Sep 17 00:00:00 2001
From: Miroslav Lisik <mlisik@redhat.com>
Date: Tue, 20 May 2025 16:34:18 +0200
Subject: [PATCH] support for query limits in rack
---
pcsd/conf/pcsd | 6 ++++++
pcsd/pcsd.rb | 5 +++++
2 files changed, 11 insertions(+)
diff --git a/pcsd/conf/pcsd b/pcsd/conf/pcsd
index 98df4744..65a9c9a9 100644
--- a/pcsd/conf/pcsd
+++ b/pcsd/conf/pcsd
@@ -45,5 +45,11 @@ PCSD_SESSION_LIFETIME=3600
# is 50 (even if set lower).
PCSD_RESTART_AFTER_REQUESTS=200
+# These environment variables set the maximum query string bytesize and the
+# maximum number of query parameters that pcsd will attempt to parse.
+# See CVE-2025-46727 for details.
+#RACK_QUERY_PARSER_BYTESIZE_LIMIT=4194304
+#RACK_QUERY_PARSER_PARAMS_LIMIT=4096
+
# Do not change
RACK_ENV=production
diff --git a/pcsd/pcsd.rb b/pcsd/pcsd.rb
index 11698f54..a2634e4e 100644
--- a/pcsd/pcsd.rb
+++ b/pcsd/pcsd.rb
@@ -90,6 +90,11 @@ configure do
CAPABILITIES_PCSD = capabilities_pcsd.freeze
end
+error Rack::QueryParser::QueryLimitError do
+ $logger.warn(env['sinatra.error'].message)
+ return 400, env['sinatra.error'].message
+end
+
def run_cfgsync
node_connected = true
if Cfgsync::ConfigSyncControl.sync_thread_allowed?()
--
2.49.0

16
SPECS/pcs.spec
View File

@ -1,6 +1,6 @@
Name: pcs
Version: 0.10.18
Release: 2%{?dist}.4
Release: 2%{?dist}.5
# https://docs.fedoraproject.org/en-US/packaging-guidelines/LicensingGuidelines/
# https://fedoraproject.org/wiki/Licensing:Main?rd=Licensing#Good_Licenses
# GPL-2.0-only: pcs
@ -39,7 +39,7 @@ ExclusiveArch: i686 x86_64 s390x ppc64le aarch64
%global version_rubygem_nio4r 2.5.9
%global version_rubygem_open4 1.3.4
%global version_rubygem_puma 6.4.0
%global version_rubygem_rack 2.2.8.1
%global version_rubygem_rack 2.2.16
%global version_rubygem_rack_protection 2.2.4
%global version_rubygem_rack_test 2.1.0
%global version_rubygem_rexml 3.3.6
@ -55,7 +55,7 @@ ExclusiveArch: i686 x86_64 s390x ppc64le aarch64
# DO NOT UPDATE
# Tornado 6.2 requires Python 3.7+
%global tornado_version 6.1.0.pcs.1
%global tornado_version 6.1.0.pcs.2
%global pcs_bundled_dir pcs_bundled
%global pcsd_public_dir pcsd/public
@ -116,6 +116,7 @@ Source95: https://rubygems.org/downloads/ruby2_keywords-%{version_rubygem_ruby2_
Patch1: do-not-support-cluster-setup-with-udp-u-transport.patch
Patch2: RHEL-17280-01-disable-new-webui-routes.patch
Patch3: RHEL-65595-stop-sending-http-headers-to-ruby-part-of-pcsd.patch
Patch4: RHEL-90147-support-for-query-limits-in-rack.patch
# git for patches
BuildRequires: git-core
@ -306,6 +307,7 @@ update_times_patch(){
update_times_patch %{PATCH1}
update_times_patch %{PATCH2}
update_times_patch %{PATCH3}
update_times_patch %{PATCH4}
# generate .tarball-version if building from an untagged commit, not a released version
# autogen uses git-version-gen which uses .tarball-version for generating version number
@ -562,7 +564,13 @@ remove_all_tests
%license pyagentx_LICENSE.txt
%changelog
* Tue Mar 4 2025 Michal Pospisil <mpospisi@redhat.com> - 0.10.18-2%dist.3
* Thu May 22 2025 Michal Pospisil <mpospisi@redhat.com> - 0.10.18-2%dist.5
- Fixed CVE-2024-52804 by patching bundled Tornado
Resolves: RHEL-93167
- Fixed CVE-2025-46727 by updating bundled rubygem rack
Resolves: RHEL-90147
* Tue Mar 4 2025 Michal Pospisil <mpospisi@redhat.com> - 0.10.18-2%dist.4
- Fixed CVE-2024-52804 by patching bundled Tornado
Resolves: RHEL-81924