pcs-0.10.18-2.el8_10.4

- Fixed CVE-2024-52804 by patching bundled Tornado
  Resolves: RHEL-81924

.gitignore

@@ -42,3 +42,4 @@
 /pcs-0.10.18.tar.gz
 /rexml-3.3.2.gem
 /rexml-3.3.6.gem
+/tornado-6.1.0.pcs.1.tar.gz

pcs.spec

@@ -1,6 +1,6 @@
 Name: pcs
 Version: 0.10.18
-Release: 2%{?dist}.3
+Release: 2%{?dist}.4
 # https://docs.fedoraproject.org/en-US/packaging-guidelines/LicensingGuidelines/
 # https://fedoraproject.org/wiki/Licensing:Main?rd=Licensing#Good_Licenses
 # GPL-2.0-only: pcs
@@ -55,7 +55,7 @@ ExclusiveArch: i686 x86_64 s390x ppc64le aarch64
 
 # DO NOT UPDATE
 # Tornado 6.2 requires Python 3.7+
-%global tornado_version    6.1.0
+%global tornado_version    6.1.0.pcs.1
 
 %global pcs_bundled_dir pcs_bundled
 %global pcsd_public_dir pcsd/public
@@ -87,7 +87,7 @@ Source0: %{url}/archive/%{?v_prefix}%{version_or_commit}/%{pcs_source_name}.tar.
 Source1: HAM-logo.png
 
 Source41: https://github.com/ondrejmular/pyagentx/archive/v%{pyagentx_version}/pyagentx-%{pyagentx_version}.tar.gz
-Source42: https://github.com/tornadoweb/tornado/archive/v%{tornado_version}/tornado-%{tornado_version}.tar.gz
+Source42: https://github.com/CtrlZmaster/tornado/archive/v%{tornado_version}/tornado-%{tornado_version}.tar.gz
 Source43: https://github.com/ericvsmith/dataclasses/archive/%{dataclasses_version}/dataclasses-%{dataclasses_version}.tar.gz
 Source44: https://github.com/konradhalas/dacite/archive/v%{dacite_version}/dacite-%{dacite_version}.tar.gz
 Source45: https://pypi.python.org/packages/source/p/python-dateutil/python-dateutil-%{dateutil_version}.tar.gz
@@ -562,6 +562,10 @@ remove_all_tests
 %license pyagentx_LICENSE.txt
 
 %changelog
+* Tue Mar 4 2025 Michal Pospisil <mpospisi@redhat.com> - 0.10.18-2%dist.3
+- Fixed CVE-2024-52804 by patching bundled Tornado
+  Resolves: RHEL-81924
+
 * Wed Dec 4 2024 Michal Pospisil <mpospisi@redhat.com> - 0.10.18-2.el8_10.3
 - Prevented any future HTTP header-based attacks on puma/sinatra by removing any headers not recognized by pcsd
   Resolves: RHEL-65595

sources

@@ -8,7 +8,6 @@ SHA512 (python-dateutil-2.8.2.tar.gz) = 6538858e4a3e2d1de1bf25b6d8b25e3a8d20bf60
 SHA512 (rack-protection-2.2.4.gem) = 0b965f651f9bc9e6daeec86cce8cdc87a503e8b14afb84bdb2c6dd130cf82ce6d3f5d23c1ed8b85afb76858ade992b60340130923c14b4a2b1bf1aeabaec9267
 SHA512 (ruby2_keywords-0.0.5.gem) = f6b9078b111e68c0017e0025ecdccb976c7a32f35c1a8adf9fd879db0c91f89eb9bd799f9527a846e28056f2a5fbf0f3610cda9538570288c493613c35c83a6f
 SHA512 (sinatra-2.2.4.gem) = 629d39c8dc333a0b9e2c56775d7d447437d98afaf28cef44d217de8b2328493861657c9658ec6cb3875fc33ce8ff25d9973bbcaf682ceaadb266320b4441b44b
-SHA512 (tornado-6.1.0.tar.gz) = bd161a1c30f40f983d608297bca113735cb4baad255de71302a5b4d35be8c02afbc9820728efa912e62e1cbbfad8f92360261a69e0c8759f9e6cb477fbca31c7
 SHA512 (backports-3.24.1.gem) = b2eeb76ebf8ddfc7e349e125c6b9cffcabe3d184533579dbf2abb5f663ce85f4a6f8b01b67be4030c98f4782c63511046a1a1efa4d573a9aeb700dcbb9f9f566
 SHA512 (nio4r-2.5.9.gem) = d1c52896f186d19eb089a94d74ccadb427e64c204af149aa83a5a4dda3f0edd1bd2bae94afd21fcd58e3c2b9e2c17278a18717c0905de80e45540d13eeefd9e5
 SHA512 (rack-test-2.1.0.gem) = e349ce61c3d787e0a772980db697e92212d4d9592ce33f55516d1f85fba55cbe666496c76392679b057786d6dab603d74b83e7bb773ab54940343e36dbf05d6f
@@ -19,3 +18,4 @@ SHA512 (tilt-2.3.0.gem) = 78a3de34e3d096e40cb245807bad07cc3ebfa192986addbd228c25
 SHA512 (pcs-0.10.18.tar.gz) = 5cadb8158bd97e6f20fdf5fc492e85febf596e813b2e64a6dfb13da803ef3d2a3c1fe63d8e26d9b18279f23bfab9a8ff40fab10c9a87fa84b1da302648533ba0
 SHA512 (rack-2.2.8.1.gem) = 98a92950a4ca81c51313bca88cdb2a299aa570c3818e8372014b521ef0f6d2347594d456a7ad30eaa972b0bae864d3eb324263870cdcb8f2ffdc5ba08594aada
 SHA512 (rexml-3.3.6.gem) = 0e7f34771f56519b4aa8770b05821a4620a54db1d8f6f547c925de5adf255b717911e197e364d1c270400f7996f583c769a835719b55af475979efdc05ca579b
+SHA512 (tornado-6.1.0.pcs.1.tar.gz) = e9fb1825f45dab3e96479e5104b9ee3cb0b41cfae9facfa9f9f92e35a15792d91665f1f3817d4227a4a8dc46894d65d74c122e4c97fbe4f82f381b226e680cbf