diff --git a/.gitignore b/.gitignore index cb49f50..c395426 100644 --- a/.gitignore +++ b/.gitignore @@ -12,7 +12,7 @@ SOURCES/pcs-0.10.18.tar.gz SOURCES/puma-6.4.0.gem SOURCES/pyagentx-0.4.pcs.2.tar.gz SOURCES/python-dateutil-2.8.2.tar.gz -SOURCES/rack-2.2.16.gem +SOURCES/rack-2.2.20.gem SOURCES/rack-protection-2.2.4.gem SOURCES/rack-test-2.1.0.gem SOURCES/rexml-3.4.1.gem diff --git a/.pcs.metadata b/.pcs.metadata index 4aaaa15..22e161e 100644 --- a/.pcs.metadata +++ b/.pcs.metadata @@ -1,4 +1,4 @@ -679a4ce22a33ffd4d704261a17c00cff98d9499a SOURCES/HAM-logo.png +b15d48d01ccd5a2a481e3a0c66928eed4bd98b8f SOURCES/HAM-logo.png 0ef72a288913e220695ad62718aeb75171924028 SOURCES/backports-3.24.1.gem 07b26abbf7ff0dcba5c7f9e814ff7eebafefb058 SOURCES/dacite-1.8.1.tar.gz 8b7598273d2ae6dad2b88466aefac55071a41926 SOURCES/dataclasses-0.8.tar.gz @@ -12,7 +12,7 @@ b3cd873042b17021355b68f1f7aa313f0c1f3fee SOURCES/pcs-0.10.18.tar.gz d6049c4555f3c9d198e6eb1d7e53ce9b68e175ff SOURCES/puma-6.4.0.gem 3176b2f2b332c2b6bf79fe882e83feecf3d3f011 SOURCES/pyagentx-0.4.pcs.2.tar.gz c2ba10c775b7a52a4b57cac4d4110a0c0f812a82 SOURCES/python-dateutil-2.8.2.tar.gz -807c69f4ebada58686cee22884623063745007c2 SOURCES/rack-2.2.16.gem +4c52ad6f798e78d4a1800257ef0d7fc5ac254712 SOURCES/rack-2.2.20.gem 5347315a7283f0b04443e924ed4eaa17807432c8 SOURCES/rack-protection-2.2.4.gem ae09ea83748b55875edc3708fffba90db180cb8e SOURCES/rack-test-2.1.0.gem 966b1564a77719483eb61068ed1dfb638e5e8eb0 SOURCES/rexml-3.4.1.gem diff --git a/SPECS/pcs.spec b/SPECS/pcs.spec index 6f86ad1..69ff0ae 100644 --- a/SPECS/pcs.spec +++ b/SPECS/pcs.spec @@ -1,6 +1,6 @@ -Name: pcs -Version: 0.10.18 -Release: 2%{?dist}.6 +Name: pcs +Version: 0.10.18 +Release: 2.0.1%{?dist}.7 # https://docs.fedoraproject.org/en-US/packaging-guidelines/LicensingGuidelines/ # https://fedoraproject.org/wiki/Licensing:Main?rd=Licensing#Good_Licenses # GPL-2.0-only: pcs @@ -13,12 +13,12 @@ Release: 2%{?dist}.6 # BSD-2-Clause or Ruby: open4, ruby2_keywords # BSD-3-Clause: puma # BSD-3-Clause and MIT: ffi -License: GPL-2.0-only AND Apache-2.0 AND MIT AND BSD-3-Clause AND (Apache-2.0 OR BSD-3-Clause) AND (BSD-2-Clause OR Ruby) AND (BSD-2-Clause OR GPL-2.0-or-later) AND (GPL-2.0-only or Ruby) -URL: https://github.com/ClusterLabs/pcs -Group: System Environment/Base -Summary: Pacemaker/Corosync Configuration System +License: GPL-2.0-only AND Apache-2.0 AND MIT AND BSD-3-Clause AND (Apache-2.0 OR BSD-3-Clause) AND (BSD-2-Clause OR Ruby) AND (BSD-2-Clause OR GPL-2.0-or-later) AND (GPL-2.0-only or Ruby) +URL: https://github.com/ClusterLabs/pcs +Group: System Environment/Base +Summary: Pacemaker/Corosync Configuration System #building only for architectures with pacemaker and corosync available -ExclusiveArch: i686 x86_64 s390x ppc64le aarch64 +ExclusiveArch: i686 x86_64 s390x ppc64le aarch64 # When specifying a commit, use its long hash %global version_or_commit %{version} @@ -39,7 +39,7 @@ ExclusiveArch: i686 x86_64 s390x ppc64le aarch64 %global version_rubygem_nio4r 2.5.9 %global version_rubygem_open4 1.3.4 %global version_rubygem_puma 6.4.0 -%global version_rubygem_rack 2.2.16 +%global version_rubygem_rack 2.2.20 %global version_rubygem_rack_protection 2.2.4 %global version_rubygem_rack_test 2.1.0 %global version_rubygem_rexml 3.4.1 @@ -83,153 +83,154 @@ ExclusiveArch: i686 x86_64 s390x ppc64le aarch64 %endif # part after the last slash is recognized as filename in look-aside cache -Source0: %{url}/archive/%{?v_prefix}%{version_or_commit}/%{pcs_source_name}.tar.gz -Source1: HAM-logo.png +Source0: %{url}/archive/%{?v_prefix}%{version_or_commit}/%{pcs_source_name}.tar.gz +Source1: HAM-logo.png -Source41: https://github.com/ondrejmular/pyagentx/archive/v%{pyagentx_version}/pyagentx-%{pyagentx_version}.tar.gz -Source42: https://github.com/CtrlZmaster/tornado/archive/v%{tornado_version}/tornado-%{tornado_version}.tar.gz -Source43: https://github.com/ericvsmith/dataclasses/archive/%{dataclasses_version}/dataclasses-%{dataclasses_version}.tar.gz -Source44: https://github.com/konradhalas/dacite/archive/v%{dacite_version}/dacite-%{dacite_version}.tar.gz -Source45: https://pypi.python.org/packages/source/p/python-dateutil/python-dateutil-%{dateutil_version}.tar.gz +Source41: https://github.com/ondrejmular/pyagentx/archive/v%{pyagentx_version}/pyagentx-%{pyagentx_version}.tar.gz +Source42: https://github.com/CtrlZmaster/tornado/archive/v%{tornado_version}/tornado-%{tornado_version}.tar.gz +Source43: https://github.com/ericvsmith/dataclasses/archive/%{dataclasses_version}/dataclasses-%{dataclasses_version}.tar.gz +Source44: https://github.com/konradhalas/dacite/archive/v%{dacite_version}/dacite-%{dacite_version}.tar.gz +Source45: https://pypi.python.org/packages/source/p/python-dateutil/python-dateutil-%{dateutil_version}.tar.gz -Source81: https://rubygems.org/downloads/backports-%{version_rubygem_backports}.gem -Source82: https://rubygems.org/downloads/ethon-%{version_rubygem_ethon}.gem -Source83: https://rubygems.org/downloads/ffi-%{version_rubygem_ffi}.gem -Source84: https://rubygems.org/downloads/json-%{version_rubygem_json}.gem -Source85: https://rubygems.org/downloads/rexml-%{version_rubygem_rexml}.gem -Source86: https://rubygems.org/downloads/mustermann-%{version_rubygem_mustermann}.gem +Source81: https://rubygems.org/downloads/backports-%{version_rubygem_backports}.gem +Source82: https://rubygems.org/downloads/ethon-%{version_rubygem_ethon}.gem +Source83: https://rubygems.org/downloads/ffi-%{version_rubygem_ffi}.gem +Source84: https://rubygems.org/downloads/json-%{version_rubygem_json}.gem +Source85: https://rubygems.org/downloads/rexml-%{version_rubygem_rexml}.gem +Source86: https://rubygems.org/downloads/mustermann-%{version_rubygem_mustermann}.gem # We needed to re-upload open4 rubygem because of issues with sources in gating. # Unfortunately, there was no newer version available, therefore we had to # change its 'version' ourselves. -Source87: https://rubygems.org/downloads/open4-%{version_rubygem_open4}.gem#/open4-%{version_rubygem_open4}-1.gem -Source88: https://rubygems.org/downloads/rack-%{version_rubygem_rack}.gem -Source89: https://rubygems.org/downloads/rack-protection-%{version_rubygem_rack_protection}.gem -Source90: https://rubygems.org/downloads/rack-test-%{version_rubygem_rack_test}.gem -Source91: https://rubygems.org/downloads/sinatra-%{version_rubygem_sinatra}.gem -Source92: https://rubygems.org/downloads/tilt-%{version_rubygem_tilt}.gem -Source93: https://rubygems.org/downloads/nio4r-%{version_rubygem_nio4r}.gem -Source94: https://rubygems.org/downloads/puma-%{version_rubygem_puma}.gem -Source95: https://rubygems.org/downloads/ruby2_keywords-%{version_rubygem_ruby2_keywords}.gem +Source87: https://rubygems.org/downloads/open4-%{version_rubygem_open4}.gem#/open4-%{version_rubygem_open4}-1.gem +Source88: https://rubygems.org/downloads/rack-%{version_rubygem_rack}.gem +Source89: https://rubygems.org/downloads/rack-protection-%{version_rubygem_rack_protection}.gem +Source90: https://rubygems.org/downloads/rack-test-%{version_rubygem_rack_test}.gem +Source91: https://rubygems.org/downloads/sinatra-%{version_rubygem_sinatra}.gem +Source92: https://rubygems.org/downloads/tilt-%{version_rubygem_tilt}.gem +Source93: https://rubygems.org/downloads/nio4r-%{version_rubygem_nio4r}.gem +Source94: https://rubygems.org/downloads/puma-%{version_rubygem_puma}.gem +Source95: https://rubygems.org/downloads/ruby2_keywords-%{version_rubygem_ruby2_keywords}.gem # pcs patches: <= 200 # Patch1: bzNUMBER-01-name.patch -Patch1: do-not-support-cluster-setup-with-udp-u-transport.patch -Patch2: RHEL-17280-01-disable-new-webui-routes.patch -Patch3: RHEL-65595-stop-sending-http-headers-to-ruby-part-of-pcsd.patch -Patch4: RHEL-90147-support-for-query-limits-in-rack.patch +Patch1: do-not-support-cluster-setup-with-udp-u-transport.patch +Patch2: RHEL-17280-01-disable-new-webui-routes.patch +Patch3: RHEL-65595-stop-sending-http-headers-to-ruby-part-of-pcsd.patch +Patch4: RHEL-90147-support-for-query-limits-in-rack.patch # git for patches -BuildRequires: git-core +BuildRequires: git-core # printf from coreutils is used in makefile, head is used in spec -BuildRequires: coreutils +BuildRequires: coreutils # python for pcs -BuildRequires: platform-python -BuildRequires: python3-devel -BuildRequires: platform-python-setuptools -BuildRequires: python3-pycurl -BuildRequires: python3-pip -BuildRequires: python3-pyparsing -BuildRequires: python3-cryptography -BuildRequires: python3-lxml +BuildRequires: platform-python +BuildRequires: python3-devel +BuildRequires: platform-python-setuptools +BuildRequires: python3-pycurl +BuildRequires: python3-pip +BuildRequires: python3-pyparsing +BuildRequires: python3-cryptography +BuildRequires: python3-lxml # for building bundled python packages -BuildRequires: python3-wheel +BuildRequires: python3-wheel # for bundled python dateutil -BuildRequires: python3-setuptools_scm +BuildRequires: python3-setuptools_scm # gcc for compiling custom rubygems -BuildRequires: gcc -BuildRequires: gcc-c++ +BuildRequires: gcc +BuildRequires: gcc-c++ # ruby and gems for pcsd -BuildRequires: ruby >= 2.2.0 -BuildRequires: ruby-devel -BuildRequires: rubygems -BuildRequires: rubygem-bundler +BuildRequires: ruby >= 2.2.0 +BuildRequires: ruby-devel +BuildRequires: rubygems +BuildRequires: rubygem-bundler # ruby libraries for tests -BuildRequires: rubygem-test-unit +BuildRequires: rubygem-test-unit # for touching patch files (sanitization function) -BuildRequires: diffstat +BuildRequires: diffstat # for post, preun and postun macros -BuildRequires: systemd +BuildRequires: systemd # pam is used for authentication inside daemon (python ctypes) # needed for tier0 tests during build -BuildRequires: pam +BuildRequires: pam # pcsd fonts and font management tools for creating symlinks to fonts -BuildRequires: fontconfig -BuildRequires: liberation-sans-fonts -BuildRequires: make -BuildRequires: overpass-fonts +BuildRequires: fontconfig +BuildRequires: liberation-sans-fonts +BuildRequires: make +BuildRequires: overpass-fonts # Red Hat logo for creating symlink of favicon -BuildRequires: redhat-logos +BuildRequires: redhat-logos # cluster stack packages for pkg-config -BuildRequires: booth -BuildRequires: corosync-qdevice-devel -BuildRequires: corosynclib-devel >= 3.0 -BuildRequires: fence-agents-common -BuildRequires: pacemaker-libs-devel >= 2.0.0 -BuildRequires: resource-agents -BuildRequires: sbd +BuildRequires: booth +BuildRequires: corosync-qdevice-devel +BuildRequires: corosynclib-devel >= 3.0 +BuildRequires: fence-agents-common +BuildRequires: pacemaker-libs-devel >= 2.0.0 +BuildRequires: resource-agents +BuildRequires: sbd # python and libraries for pcs, setuptools for pcs entrypoint -Requires: platform-python -Requires: python3-lxml -Requires: platform-python-setuptools -Requires: python3-clufter => 0.70.0 -Requires: python3-pycurl -Requires: python3-pyparsing -Requires: python3-cryptography +Requires: platform-python +Requires: python3-lxml +Requires: platform-python-setuptools +Requires: python3-clufter => 0.70.0 +Requires: python3-pycurl +Requires: python3-pyparsing +Requires: python3-cryptography # ruby and gems for pcsd -Requires: ruby >= 2.2.0 -Requires: rubygems +Requires: ruby >= 2.2.0 +Requires: rubygems # for killall -Requires: psmisc +Requires: psmisc # cluster stack and related packages -Requires: pcmk-cluster-manager >= 2.0.0 -Suggests: pacemaker -Requires: (corosync >= 2.99 if pacemaker) +Requires: pcmk-cluster-manager >= 2.0.0 +Suggests: pacemaker +Requires: (corosync >= 2.99 if pacemaker) # pcs enables corosync encryption by default so we require libknet1-plugins-all -Requires: (libknet1-plugins-all if corosync) -Requires: pacemaker-cli >= 2.0.0 +Requires: (libknet1-plugins-all if corosync) +Requires: pacemaker-cli >= 2.0.0 # for post, preun and postun macros Requires(post): systemd Requires(preun): systemd Requires(postun): systemd # pam is used for authentication inside daemon (python ctypes) # more details: https://bugzilla.redhat.com/show_bug.cgi?id=1717113 -Requires: pam +Requires: pam # pcsd fonts -Requires: liberation-sans-fonts -Requires: overpass-fonts +Requires: liberation-sans-fonts +Requires: overpass-fonts # favicon Red Hat logo -Requires: redhat-logos +Requires: redhat-logos # needs logrotate for /etc/logrotate.d/pcsd -Requires: logrotate +Requires: logrotate -Provides: bundled(tornado) = %{tornado_version} -Provides: bundled(dataclasses) = %{dataclasses_version} -Provides: bundled(dacite) = %{dacite_version} -Provides: bundled(dateutil) = %{dateutil_version} -Provides: bundled(backports) = %{version_rubygem_backports} -Provides: bundled(ethon) = %{version_rubygem_ethon} -Provides: bundled(ffi) = %{version_rubygem_ffi} -Provides: bundled(json) = %{version_rubygem_json} -Provides: bundled(mustermann) = %{version_rubygem_mustermann} -Provides: bundled(nio4r) = %{version_rubygem_nio4r} -Provides: bundled(open4) = %{version_rubygem_open4} -Provides: bundled(puma) = %{version_rubygem_puma} -Provides: bundled(rack) = %{version_rubygem_rack} -Provides: bundled(rack_protection) = %{version_rubygem_rack_protection} -Provides: bundled(rack_test) = %{version_rubygem_rack_test} -Provides: bundled(rexml) = %{version_rubygem_rexml} -Provides: bundled(ruby2_keywords) = %{version_rubygem_ruby2_keywords} -Provides: bundled(sinatra) = %{version_rubygem_sinatra} -Provides: bundled(tilt) = %{version_rubygem_tilt} +Provides: bundled(python3-tornado) = %{tornado_version} +Provides: bundled(python3-dataclasses) = %{dataclasses_version} +Provides: bundled(python3-dacite) = %{dacite_version} +Provides: bundled(python3-dateutil) = %{dateutil_version} + +Provides: bundled(rubygem-backports) = %{version_rubygem_backports} +Provides: bundled(rubygem-ethon) = %{version_rubygem_ethon} +Provides: bundled(rubygem-ffi) = %{version_rubygem_ffi} +Provides: bundled(rubygem-json) = %{version_rubygem_json} +Provides: bundled(rubygem-mustermann) = %{version_rubygem_mustermann} +Provides: bundled(rubygem-nio4r) = %{version_rubygem_nio4r} +Provides: bundled(rubygem-open4) = %{version_rubygem_open4} +Provides: bundled(rubygem-puma) = %{version_rubygem_puma} +Provides: bundled(rubygem-rack) = %{version_rubygem_rack} +Provides: bundled(rubygem-rack-protection) = %{version_rubygem_rack_protection} +Provides: bundled(rubygem-rack-test) = %{version_rubygem_rack_test} +Provides: bundled(rubygem-rexml) = %{version_rubygem_rexml} +Provides: bundled(rubygem-ruby2_keywords) = %{version_rubygem_ruby2_keywords} +Provides: bundled(rubygem-sinatra) = %{version_rubygem_sinatra} +Provides: bundled(rubygem-tilt) = %{version_rubygem_tilt} # javascript bundled libraries for old web-ui -Provides: bundled(ember) = %{ember_version} -Provides: bundled(handlebars) = %{handlebars_version} -Provides: bundled(jquery) = %{jquery_version} -Provides: bundled(jquery-ui) = %{jquery_ui_version} +Provides: bundled(js-ember) = %{ember_version} +Provides: bundled(js-handlebars) = %{handlebars_version} +Provides: bundled(js-jquery) = %{jquery_version} +Provides: bundled(js-jquery-ui) = %{jquery_ui_version} %description pcs is a corosync and pacemaker configuration tool. It permits users to @@ -237,22 +238,22 @@ easily view, modify and create pacemaker based clusters. # pcs-snmp package definition %package -n %{pcs_snmp_pkg_name} -Group: System Environment/Base -Summary: Pacemaker cluster SNMP agent +Group: System Environment/Base +Summary: Pacemaker cluster SNMP agent # https://fedoraproject.org/wiki/Licensing:Main?rd=Licensing#Good_Licenses # GPL-2.0-only: pcs # BSD-2-Clause: pyagentx -License: GPL-2.0-only AND BSD-2-Clause -URL: https://github.com/ClusterLabs/pcs +License: GPL-2.0-only AND BSD-2-Clause +URL: https://github.com/ClusterLabs/pcs # tar for unpacking pyagentx source tarball -BuildRequires: tar +BuildRequires: tar -Requires: pcs = %{version}-%{release} -Requires: pacemaker -Requires: net-snmp +Requires: pcs = %{version}-%{release} +Requires: pacemaker +Requires: net-snmp -Provides: bundled(pyagentx) = %{pyagentx_version} +Provides: bundled(python3-pyagentx) = %{pyagentx_version} %description -n %{pcs_snmp_pkg_name} SNMP agent that provides information about pacemaker cluster to the master agent (snmpd) @@ -564,6 +565,13 @@ remove_all_tests %license pyagentx_LICENSE.txt %changelog +* Wed Nov 05 2025 Craig Guiller - 0.10.18-2.0.1.7 +- Replaced HAM-logo + +* Wed Oct 22 2025 Michal Pospíšil - 0.10.18-2%{?dist}.7 +- Fixed CVE-2025-59830, CVE-2025-61770, CVE-2025-61771, CVE-2025-61772, CVE-2025-61919 by updating bundled rubygem rack + Resolves: RHEL-120432, RHEL-120939, RHEL-121033, RHEL-123639, RHEL-124936 + * Mon Jun 23 2025 Michal Pospisil - 0.10.18-2%{?dist}.6 - Fixed CVE-2024-49761 by updating rubygem rexml Resolves: RHEL-98708