Update to upstream release 310.4

sosreport: Fix command injection with crafted report names [CVE-2024-2947] Resolves: jira#RHEL-30452
2024-04-02 04:41:49 +02:00 · 2024-04-02 04:41:49 +02:00 · 8792d55527
commit 8792d55527
parent 18013fc9e1
3 changed files with 7 additions and 3 deletions
--- a/cockpit.spec
+++ b/cockpit.spec
@ -49,7 +49,7 @@ Summary:        Web Console for Linux servers
 License:        LGPL-2.1-or-later
 URL:            https://cockpit-project.org/

-Version:        310.3
+Version:        310.4
 Release:        1%{?dist}
 Source0:        https://github.com/cockpit-project/cockpit/releases/download/%{version}/cockpit-%{version}.tar.xz
 Source1:        cockpit.css.gz
@ -786,6 +786,10 @@ via PackageKit.

 # The changelog is automatically generated and merged
 %changelog
+* Tue Apr 02 2024 Martin Pitt <mpitt@redhat.com> - 310.4-1
+- sosreport: Fix command injection with crafted report names [CVE-2024-2947]
+  (jira#RHEL-30452)
+
 * Thu Feb 15 2024 Martin Pitt <mpitt@redhat.com> - 310.3-1
 - Translation updates (jira#RHEL-16681)
  Lots of bug fixes
--- a/plans/all.fmf
+++ b/plans/all.fmf
@ -1,7 +1,7 @@
 discover:
    how: fmf
    url: https://github.com/cockpit-project/cockpit
-    ref: "310.3"
+    ref: "310.4"
 execute:
    how: tmt

--- a/2
+++ b/2
@ -1,2 +1,2 @@
-SHA512 (cockpit-310.3.tar.xz) = 876f707eb9d9d49503f15b567d6579c144430b6825718e7492a1b3218ffa88e0d1058172d6b27729a7a8024210d78b03e23862069bc025df9904468929fcf57a
+SHA512 (cockpit-310.4.tar.xz) = 4a3df12d72d2ba27cf8dd848c2104bb8de1129bcffaff8fd2b5cc82224ec935cbdfab011de90850408c72631a4d44630ee0290e805984acbcb7d9efa103e1c7f
 SHA512 (cockpit.css.gz) = 1851e890e49141c17e498f1472c3bc307439cefaa0f1dccecbfc87b04087af03ca42199c86116c1fcf8890b58ca98f8aecfb01cc8b3c03a76e2685f7bd610568