diff --git a/.gitignore b/.gitignore index 890746c..6a2c7c6 100644 --- a/.gitignore +++ b/.gitignore @@ -42,3 +42,4 @@ /pcs-0.10.18.tar.gz /rexml-3.3.2.gem /rexml-3.3.6.gem +/tornado-6.1.0.pcs.1.tar.gz diff --git a/pcs.spec b/pcs.spec index d872c2a..2dc8705 100644 --- a/pcs.spec +++ b/pcs.spec @@ -1,6 +1,6 @@ Name: pcs Version: 0.10.18 -Release: 2%{?dist}.3 +Release: 2%{?dist}.4 # https://docs.fedoraproject.org/en-US/packaging-guidelines/LicensingGuidelines/ # https://fedoraproject.org/wiki/Licensing:Main?rd=Licensing#Good_Licenses # GPL-2.0-only: pcs @@ -55,7 +55,7 @@ ExclusiveArch: i686 x86_64 s390x ppc64le aarch64 # DO NOT UPDATE # Tornado 6.2 requires Python 3.7+ -%global tornado_version 6.1.0 +%global tornado_version 6.1.0.pcs.1 %global pcs_bundled_dir pcs_bundled %global pcsd_public_dir pcsd/public @@ -87,7 +87,7 @@ Source0: %{url}/archive/%{?v_prefix}%{version_or_commit}/%{pcs_source_name}.tar. Source1: HAM-logo.png Source41: https://github.com/ondrejmular/pyagentx/archive/v%{pyagentx_version}/pyagentx-%{pyagentx_version}.tar.gz -Source42: https://github.com/tornadoweb/tornado/archive/v%{tornado_version}/tornado-%{tornado_version}.tar.gz +Source42: https://github.com/CtrlZmaster/tornado/archive/v%{tornado_version}/tornado-%{tornado_version}.tar.gz Source43: https://github.com/ericvsmith/dataclasses/archive/%{dataclasses_version}/dataclasses-%{dataclasses_version}.tar.gz Source44: https://github.com/konradhalas/dacite/archive/v%{dacite_version}/dacite-%{dacite_version}.tar.gz Source45: https://pypi.python.org/packages/source/p/python-dateutil/python-dateutil-%{dateutil_version}.tar.gz @@ -562,6 +562,10 @@ remove_all_tests %license pyagentx_LICENSE.txt %changelog +* Tue Mar 4 2025 Michal Pospisil - 0.10.18-2%dist.3 +- Fixed CVE-2024-52804 by patching bundled Tornado + Resolves: RHEL-81924 + * Wed Dec 4 2024 Michal Pospisil - 0.10.18-2.el8_10.3 - Prevented any future HTTP header-based attacks on puma/sinatra by removing any headers not recognized by pcsd Resolves: RHEL-65595 diff --git a/sources b/sources index 7197b1f..14553a3 100644 --- a/sources +++ b/sources @@ -8,7 +8,6 @@ SHA512 (python-dateutil-2.8.2.tar.gz) = 6538858e4a3e2d1de1bf25b6d8b25e3a8d20bf60 SHA512 (rack-protection-2.2.4.gem) = 0b965f651f9bc9e6daeec86cce8cdc87a503e8b14afb84bdb2c6dd130cf82ce6d3f5d23c1ed8b85afb76858ade992b60340130923c14b4a2b1bf1aeabaec9267 SHA512 (ruby2_keywords-0.0.5.gem) = f6b9078b111e68c0017e0025ecdccb976c7a32f35c1a8adf9fd879db0c91f89eb9bd799f9527a846e28056f2a5fbf0f3610cda9538570288c493613c35c83a6f SHA512 (sinatra-2.2.4.gem) = 629d39c8dc333a0b9e2c56775d7d447437d98afaf28cef44d217de8b2328493861657c9658ec6cb3875fc33ce8ff25d9973bbcaf682ceaadb266320b4441b44b -SHA512 (tornado-6.1.0.tar.gz) = bd161a1c30f40f983d608297bca113735cb4baad255de71302a5b4d35be8c02afbc9820728efa912e62e1cbbfad8f92360261a69e0c8759f9e6cb477fbca31c7 SHA512 (backports-3.24.1.gem) = b2eeb76ebf8ddfc7e349e125c6b9cffcabe3d184533579dbf2abb5f663ce85f4a6f8b01b67be4030c98f4782c63511046a1a1efa4d573a9aeb700dcbb9f9f566 SHA512 (nio4r-2.5.9.gem) = d1c52896f186d19eb089a94d74ccadb427e64c204af149aa83a5a4dda3f0edd1bd2bae94afd21fcd58e3c2b9e2c17278a18717c0905de80e45540d13eeefd9e5 SHA512 (rack-test-2.1.0.gem) = e349ce61c3d787e0a772980db697e92212d4d9592ce33f55516d1f85fba55cbe666496c76392679b057786d6dab603d74b83e7bb773ab54940343e36dbf05d6f @@ -19,3 +18,4 @@ SHA512 (tilt-2.3.0.gem) = 78a3de34e3d096e40cb245807bad07cc3ebfa192986addbd228c25 SHA512 (pcs-0.10.18.tar.gz) = 5cadb8158bd97e6f20fdf5fc492e85febf596e813b2e64a6dfb13da803ef3d2a3c1fe63d8e26d9b18279f23bfab9a8ff40fab10c9a87fa84b1da302648533ba0 SHA512 (rack-2.2.8.1.gem) = 98a92950a4ca81c51313bca88cdb2a299aa570c3818e8372014b521ef0f6d2347594d456a7ad30eaa972b0bae864d3eb324263870cdcb8f2ffdc5ba08594aada SHA512 (rexml-3.3.6.gem) = 0e7f34771f56519b4aa8770b05821a4620a54db1d8f6f547c925de5adf255b717911e197e364d1c270400f7996f583c769a835719b55af475979efdc05ca579b +SHA512 (tornado-6.1.0.pcs.1.tar.gz) = e9fb1825f45dab3e96479e5104b9ee3cb0b41cfae9facfa9f9f92e35a15792d91665f1f3817d4227a4a8dc46894d65d74c122e4c97fbe4f82f381b226e680cbf