tojeline pushed to pcs (f22). "Fixed errors when connecting to pcsd"
notifications at fedoraproject.org
notifications at fedoraproject.org
Mon Jun 8 12:11:21 UTC 2015
From 67f537442a140b47b8375e55916ba4f9deceb85d Mon Sep 17 00:00:00 2001
From: Tomas Jelinek <tojeline at redhat.com>
Date: Mon, 8 Jun 2015 13:29:25 +0200
Subject: Fixed errors when connecting to pcsd
diff --git a/binding.patch b/binding.patch
new file mode 100644
index 0000000..a75f1f8
--- /dev/null
+++ b/binding.patch
@@ -0,0 +1,53 @@
+From fde93f74f2b7b251e9d21da1875926ad305f51f7 Mon Sep 17 00:00:00 2001
+From: Tomas Jelinek <tojeline at redhat.com>
+Date: Mon, 8 Jun 2015 11:27:15 +0200
+Subject: [PATCH 1/2] fix binding to localhost only
+
+---
+ pcsd/pcsd.conf | 1 +
+ pcsd/pcsd.rb | 20 +++++++++++---------
+ 2 files changed, 12 insertions(+), 9 deletions(-)
+
+diff --git a/pcsd/pcsd.conf b/pcsd/pcsd.conf
+index 69c4022..f596d59 100644
+--- a/pcsd/pcsd.conf
++++ b/pcsd/pcsd.conf
+@@ -1,3 +1,4 @@
+ # pcsd configuration file
+ # Set PCSD_DEBUG to true for advanced pcsd debugging information
+ PCSD_DEBUG=false
++RACK_ENV=production
+diff --git a/pcsd/pcsd.rb b/pcsd/pcsd.rb
+index 238dc50..8974b65 100644
+--- a/pcsd/pcsd.rb
++++ b/pcsd/pcsd.rb
+@@ -37,15 +37,17 @@ use Rack::Session::Cookie,
+
+ #use Rack::SSL
+
+-Dir["wizards/*.rb"].each {|file| also_reload file}
+-also_reload 'resource.rb'
+-also_reload 'remote.rb'
+-also_reload 'fenceagent.rb'
+-also_reload 'cluster.rb'
+-also_reload 'config.rb'
+-also_reload 'pcs.rb'
+-also_reload 'auth.rb'
+-also_reload 'wizard.rb'
++if development?
++ Dir["wizards/*.rb"].each {|file| also_reload file}
++ also_reload 'resource.rb'
++ also_reload 'remote.rb'
++ also_reload 'fenceagent.rb'
++ also_reload 'cluster.rb'
++ also_reload 'config.rb'
++ also_reload 'pcs.rb'
++ also_reload 'auth.rb'
++ also_reload 'wizard.rb'
++end
+
+ before do
+ $session = session
+--
+1.9.1
+
diff --git a/pcs.spec b/pcs.spec
index 8491a00..7ca13f1 100644
--- a/pcs.spec
+++ b/pcs.spec
@@ -1,6 +1,6 @@
Name: pcs
Version: 0.9.139
-Release: 4%{?dist}
+Release: 5%{?dist}
License: GPLv2
URL: http://github.com/feist/pcs
Group: System Environment/Base
@@ -10,9 +10,11 @@ BuildRequires: rubygem-eventmachine rubygem-rack-test rubygem-multi_json rubygem
# for post, preun and postun macros
BuildRequires: systemd
Summary: Pacemaker Configuration System
-Source0: http://people.redhat.com/cfeist/pcs/pcs-withgems-%{version}.tar.gz
+Source0: https://tojeline.fedorapeople.org/pkgs/pcs/pcs-withgems-%{version}.tar.gz
Patch0: fedfix.patch
Patch1: secure-cookie.patch
+Patch2: binding.patch
+Patch3: ssl-python.patch
Requires: pacemaker ruby python
Requires: python-clufter
Requires: rubygem-sinatra rubygem-highline rubygem-rack rubygem-rack-protection rubygem-tilt
@@ -25,8 +27,10 @@ easily view, modify and created pacemaker based clusters.
%prep
%setup -q
-%patch0 -p1 -b .fedfix
-%patch1 -p1 -b .fedfix
+%patch0 -p1
+%patch1 -p1
+%patch2 -p1
+%patch3 -p1
cd pcsd ; bundle install --local ; cd ..
%build
@@ -57,7 +61,7 @@ chmod 755 $RPM_BUILD_ROOT/%{python_sitelib}/pcs/pcs.py
/usr/sbin/pcs
/usr/lib/pcsd/*
/usr/lib/pcsd/.bundle/config
-/usr/lib/pcsd/.gitignore
+%exclude /usr/lib/pcsd/.gitignore
/usr/lib/systemd/system/pcsd.service
/var/lib/pcsd
/etc/pam.d/pcsd
@@ -70,6 +74,11 @@ chmod 755 $RPM_BUILD_ROOT/%{python_sitelib}/pcs/pcs.py
%doc COPYING README
%changelog
+* Mon Jun 08 2015 Tomas Jelinek <tojeline at redhat.com> - 0.9.139-5
+- Fixed pcsd bound to localhost only
+- Fixed SSL errors when connecting to pcsd (rhbz#1207223)
+- Fixed Source and Files in spec file (rhbz#1221609)
+
* Fri May 22 2015 Tomas Jelinek <tojeline at redhat.com> - 0.9.139-4
- Fix for CVE-2015-1848, CVE-2015-3983 (sessions not signed)
diff --git a/ssl-python.patch b/ssl-python.patch
new file mode 100644
index 0000000..66a47f3
--- /dev/null
+++ b/ssl-python.patch
@@ -0,0 +1,47 @@
+From 3e30725e1ab6cbcd3bdbbcb3a8422322151bdee1 Mon Sep 17 00:00:00 2001
+From: Tomas Jelinek <tojeline at redhat.com>
+Date: Tue, 26 May 2015 14:59:22 +0200
+Subject: [PATCH 2/2] revert certificate verification changes in python
+
+---
+ pcs/utils.py | 17 ++++++++++++++++-
+ 1 file changed, 16 insertions(+), 1 deletion(-)
+
+diff --git a/pcs/utils.py b/pcs/utils.py
+index 653d31e..db4548c 100644
+--- a/pcs/utils.py
++++ b/pcs/utils.py
+@@ -2,6 +2,8 @@ import os, subprocess
+ import sys
+ import pcs
+ import xml.dom.minidom
++import ssl
++import inspect
+ import urllib,urllib2
+ from xml.dom.minidom import parseString,parse
+ import xml.etree.ElementTree as ET
+@@ -310,7 +312,20 @@ def removeLocalNode(node, node_to_remove, pacemaker_remove=False):
+ # 3 = Auth Error
+ def sendHTTPRequest(host, request, data = None, printResult = True, printSuccess = True):
+ url = 'https://' + host + ':2224/' + request
+- opener = urllib2.build_opener(urllib2.HTTPCookieProcessor())
++ # enable self-signed certificates
++ # https://www.python.org/dev/peps/pep-0476/
++ # http://bugs.python.org/issue21308
++ if (
++ hasattr(ssl, "_create_unverified_context")
++ and
++ "context" in inspect.getargspec(urllib2.HTTPSHandler.__init__).args
++ ):
++ opener = urllib2.build_opener(
++ urllib2.HTTPSHandler(context=ssl._create_unverified_context()),
++ urllib2.HTTPCookieProcessor()
++ )
++ else:
++ opener = urllib2.build_opener(urllib2.HTTPCookieProcessor())
+ tokens = readTokens()
+ if "--debug" in pcs_options:
+ print "Sending HTTP Request to: " + url
+--
+1.9.1
+
--
cgit v0.10.2
http://pkgs.fedoraproject.org/cgit/pcs.git/commit/?h=f22&id=67f537442a140b47b8375e55916ba4f9deceb85d
More information about the scm-commits
mailing list