Hello community, here is the log from the commit of package puppet.1506 for openSUSE:12.3:Update checked in at 2013-04-03 16:15:24 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:12.3:Update/puppet.1506 (Old) and /work/SRC/openSUSE:12.3:Update/.puppet.1506.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "puppet.1506", Maintainer is "" Changes: -------- New Changes file: --- /dev/null 2013-02-26 18:15:11.936010755 +0100 +++ /work/SRC/openSUSE:12.3:Update/.puppet.1506.new/puppet.changes 2013-04-03 16:15:26.000000000 +0200 @@ -0,0 +1,318 @@ +------------------------------------------------------------------- +Tue Mar 26 14:50:04 UTC 2013 - vdziewie...@suse.com + +-Fix numerous CVEs, see bnc#809839 puppet-3.1.1-CVEs.diff + +------------------------------------------------------------------- +Mon Feb 25 07:37:45 UTC 2013 - m...@suse.com + +- Install puppet*.service accordingly (/usr/lib/systemd for 12.3 + and up or /lib/systemd for older versions). + +------------------------------------------------------------------- +Fri Jan 18 14:34:23 UTC 2013 - vdziewie...@suse.com + +- Modify puppet-3.0.2-init.patch: Don't use lock file and pid file +at all - bnc#714649 +- Do not use puppet-3.0.1-arg-err.patch and puppet-3.0.1-init.diff, +since they have been upstreamed already. +------------------------------------------------------------------- +Fri Jan 11 17:07:50 UTC 2013 - aesz...@gwdg.de + +- Add puppet-3.0.2-init.patch: fix lock file and pid file names + +------------------------------------------------------------------- +Sat Jan 5 03:13:28 UTC 2013 - bo...@steki.net + +- Updated to latest upstream version 3.0.2 +- Bugfix release +* Full list of bugs can be found at: + https://projects.puppetlabs.com/versions/337 +Notable bugs: +- Bug #15513: Resource type 'cron' fails with 'target' parameter +- Bug #16178: Boolean false in a variable causes the puppet backend lookup to fail +- Bug #17445: Race condition in logrotate config makes puppet agent crash. +- Bug #17447: Puppet sysv init script faulty +- Bug #17488: Puppet needlessly crashes when run unptivileged even with --noop + +------------------------------------------------------------------- +Fri Dec 7 16:05:04 UTC 2012 - aesz...@gwdg.de + +- Add puppet-3.0.1-arg-err.patch: fix + http://projects.puppetlabs.com/issues/10963 + +------------------------------------------------------------------- +Wed Nov 21 15:21:02 UTC 2012 - aesz...@gwdg.de + +- do not use /var/lock/subsys for puppetmaster + +------------------------------------------------------------------- +Mon Nov 12 13:37:33 UTC 2012 - bo...@steki.net + +- revert back from ruby-shadow to rubygem-ruby-shadow as required + by openSUSE ruby packaging policies + +------------------------------------------------------------------- +Wed Oct 31 20:23:56 UTC 2012 - bo...@steki.net + +- changed requirement of package back from rubygem-ruby-shadow to + more common named ruby-shadow + +------------------------------------------------------------------- +Wed Oct 24 18:03:28 UTC 2012 - abo...@gmail.com + +- Updated requirements for package puppet to include rubygem-ruby-shadow + This is needed to make puppet modules to change passwd file + +------------------------------------------------------------------- +Tue Oct 23 21:01:38 UTC 2012 - abo...@gmail.com + +- Updated to 3.0.1 +- Updated puppet-3.0.1-init.diff so it functions with client.init from ext/suse/client.init +- Fixed puppet.conf not in /ext/suse/ so got puppet.conf from + ext/redhat/puppet.conf + + http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#3.0.1 + - Bug #15717: puppet kick returns "Error: Could not find indirection 'run' / testip.example.com finished with exit code 2" + - Bug #16585: Remove dead "ldapnodes" setting + - Bug #16698: external node classifier script is not being called when storedconfigs is on + - bug #16757: user cannot control loading of rubygems + - Bug #16769: Apache "SSLOptions +ExportCertData" causes "header too long" error + - Bug #16801: Puppet 3 debian init script has code using removed --servertype=mongrel option + - Bug #16922: Could not intern from b64_zlib_yaml when fact value ends with a colon + - Bug #17000: Puppet acceptance suite will get caught in a loop if agent fails to terminate for kick test + - Refactor #16643: sample-module has hyphen in name which is only unofficially supported + + +------------------------------------------------------------------- +Wed Aug 29 09:56:40 UTC 2012 - ja...@suse.de + +- Update to 2.7.19 + + http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.7.19 + +------------------------------------------------------------------- +Wed Jul 11 13:24:28 UTC 2012 - vdziewie...@suse.com + +-Update to 2.7.18 +CVEs fixed: +-bnc#770828 - VUL-0: CVE-2012-3864: puppet: authenticated clients can read arbitrary files via a flaw in puppet master +-bnc#770829 - VUL-0: CVE-2012-3865: puppet: arbitrary file delete / Denial of Service on Puppet Master by authenticated clients +-bnc#770827 - VUL-1: CVE-2012-3866: puppet: last_run_report.yaml left world-readable +-bnc#770833 - VUL-1: CVE-2012-3867: puppet: insufficient input validation for agent certificate names + + + +------------------------------------------------------------------- +Tue Jul 3 19:53:18 UTC 2012 - ja...@suse.de + +- update to 2.7.17 + * (maint) Add symlink stub to gentoo service provider spec + * Add comment to upstart provider explaining exclusion of + 'wait-for-state' + * Upstart code cleanup, init provider improvement + * Add spec test for network-interface-security + * Add basic service resource test to upstart acceptance + * Handle network-interface-security in upstart + * Add exclude list to upstart provider + * (#15027, #15028, #15029) Fix upstart version parsing + * (maint) Add --test to puppet run + +------------------------------------------------------------------- +Tue Jul 3 19:02:48 UTC 2012 - ja...@suse.de + +- Copy from devel:openSUSE:Factory + +------------------------------------------------------------------- +Tue Jun 19 13:28:37 UTC 2012 - bo...@steki.net + +- update to upstream 2.7.16 version + * Significantly improve compilation performance when using modules + * Add Puppet::Util::Platform to abstract platform checks + * Default autoflushing of log files to true + * Add Module Tool + * bugfix releases for all bugs please read + /usr/share/doc/packages/puppet/CHANGELOG + +------------------------------------------------------------------- +Thu Jun 14 22:41:53 UTC 2012 - bo...@steki.net + +- updated to new upstream 2.7.11 version + * for bugfixes informations please look in + /usr/share/doc/packages/puppet/CHANGELOG + + +------------------------------------------------------------------- +Wed Jun 13 09:12:06 UTC 2012 - co...@suse.com + +- no need for vendor-specific + +------------------------------------------------------------------- +Tue Oct 25 13:56:49 UTC 2011 - vci...@suse.com + +- update to 2.7.6 + Security Fixes + CVE-2011-3872 (AltNames vulnerability) + Features and Enhancements + User/group management on Windows + Better file support on Windows + Support plaintext password in Windows + Bug Fixes + Recognize more duplicate resources + Allow multi-line exec resources + Remove unnecessary deprecation warning in puppet resource + Update pluginsync to only load ruby files. + +------------------------------------------------------------------- +Thu Sep 29 11:32:59 UTC 2011 - vci...@suse.com + +- update to 2.7.4 + - enhancement + security release: + fixed CVE-2011-3848 + (Resist directory traversal attacks through indirections) + GigabitEthernet/TenGigabitEthernet are uncorrectly parsed + Don’t rely on error message to detect UAC capable platform + Allow cron vars to have leading whitespace + +------------------------------------------------------------------- +Thu Jun 23 08:26:59 UTC 2011 - vci...@novell.com + +- update to 2.7.1 + - a major feature release: + Ruby 1.9 Support + Deterministic Catalog Application + Puppet Faces - a new API for creating new Puppet subcommands + Manage Network Devices + Dependency cycle reporting produces graph of the cycle +- license changed to Apache-2.0 + - see http://docs.puppetlabs.com/guides/faq#change-to-apache-license + +------------------------------------------------------------------- +Thu May 19 09:35:38 UTC 2011 - vci...@novell.com + +- using correct port for puppet in the firewall rules (bnc#694825) + +------------------------------------------------------------------- +Tue Apr 5 13:38:04 UTC 2011 - vci...@novell.com + ++++ 121 more lines (skipped) ++++ between /dev/null ++++ and /work/SRC/openSUSE:12.3:Update/.puppet.1506.new/puppet.changes New: ---- puppet-2.6.6-yumconf.diff puppet-3.0.2-init.patch puppet-3.0.2.tar.gz puppet-3.1.1-CVEs.diff puppet.changes puppet.fw puppet.spec puppet.sysconfig puppetmaster.fw puppetmasterd.sysconfig ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ puppet.spec ++++++ # # spec file for package puppet # # Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via http://bugs.opensuse.org/ # # backward compatible requirement SLE... %{?!_initddir:%define _initddir %_initrddir} %define _fwdefdir /etc/sysconfig/SuSEfirewall2.d/services Name: puppet Version: 3.0.2 Release: 0 Summary: A network tool for managing many disparate systems License: Apache-2.0 Group: Productivity/Networking/System Url: http://puppetlabs.com/puppet/what-is-puppet/ Source: http://downloads.puppetlabs.com/puppet/%{name}-%{version}.tar.gz Source1: puppetmaster.fw Source2: puppet.fw Source3: puppet.sysconfig Source4: puppetmasterd.sysconfig # PATCH-MISSING-TAG -- See http://wiki.opensuse.org/openSUSE:Packaging_Patches_guidelines Patch0: puppet-2.6.6-yumconf.diff # PATCH-FIX-OPENSUSE puppet-3.0.2-init.diff aesz...@gwdg.de Patch1: puppet-3.0.2-init.patch # PATCH-FIX-UPSTREAM-bnc#809839 Patch2: puppet-3.1.1-CVEs.diff Obsoletes: hiera-puppet < 1.0.0 Provides: hiera-puppet >= 1.0.0 Requires: facter >= 1.6.4 Requires: ruby >= 1.8.7 Requires: rubygem-hiera >= 1.0.0 Requires: rubygem-ruby-shadow >= 2.1.4 BuildRequires: facter >= 1.6.11 BuildRequires: fdupes BuildRequires: ruby >= 1.8.7 BuildRequires: rubygem-hiera >= 1.0.0 BuildRoot: %{_tmppath}/%{name}-%{version}-build Requires(pre): %fillup_prereq Requires(pre): %insserv_prereq Requires(pre): /usr/sbin/groupadd Requires(pre): /usr/sbin/useradd %if 0%{?suse_version} >= 1210 BuildRequires: systemd %endif %if %suse_version > 1220 %define _unitdir /usr/lib/systemd %else %define _unitdir /lib/systemd %endif %description Puppet lets you centrally manage every important aspect of your system using a cross-platform specification language that manages all the separate elements normally aggregated in different files, like users, cron jobs, and hosts, along with obviously discrete elements like packages, services, and files. %package server Summary: A network tool for managing many disparate systems Group: Productivity/Networking/System Requires(pre): %fillup_prereq Requires(pre): %insserv_prereq Requires(pre): puppet = %{version} %description server Puppet lets you centrally manage every important aspect of your system using a cross-platform specification language that manages all the separate elements normally aggregated in different files, like users, cron jobs, and hosts, along with obviously discrete elements like packages, services, and files. %prep %setup -q %patch0 %patch1 %patch2 -p1 %build %install ruby install.rb install --destdir=%{buildroot} --sitelibdir=%{_libdir}/ruby/vendor_ruby/%{rb_ver} mkdir -p %{buildroot}%{_sysconfdir}/puppet mkdir -p %{buildroot}%{_sysconfdir}/init.d mkdir -p %{buildroot}/%{_sbindir} mkdir -p %{buildroot}%{_localstatedir}/lib/puppet mkdir -p %{buildroot}%{_localstatedir}/log/puppet mkdir -p %{buildroot}/%{_fwdefdir} %if 0%{?suse_version} >= 1210 mkdir -p %{buildroot}%{_unitdir}/system %endif install -m0644 ext/redhat/puppet.conf %{buildroot}%{_sysconfdir}/puppet/puppet.conf install -m0644 conf/auth.conf %{buildroot}%{_sysconfdir}/puppet/auth.conf install -m0755 ext/suse/client.init %{buildroot}%{_initddir}/puppet install -m0755 ext/suse/server.init %{buildroot}%{_initddir}/puppetmasterd ln -sf ../../etc/init.d/puppet %{buildroot}/%{_sbindir}/rcpuppet ln -sf ../../etc/init.d/puppetmasterd %{buildroot}/%{_sbindir}/rcpuppetmasterd install -m 644 %{SOURCE1} %{buildroot}/%{_fwdefdir}/puppetmasterd install -m 644 %{SOURCE2} %{buildroot}/%{_fwdefdir}/puppet %if 0%{?suse_version} >= 1210 install -m 644 ext/systemd/puppetagent.service %{buildroot}%{_unitdir}/system/puppetagent.service install -m 644 ext/systemd/puppetmaster.service %{buildroot}%{_unitdir}/system/puppetmaster.service %endif mkdir -p %{buildroot}%{_localstatedir}/adm/fillup-templates cp %{SOURCE3} %{buildroot}%{_localstatedir}/adm/fillup-templates/sysconfig.puppet cp %{SOURCE4} %{buildroot}%{_localstatedir}/adm/fillup-templates/sysconfig.puppetmasterd %fdupes -s %{buildroot}/%{_mandir} %pre getent group puppet >/dev/null || /usr/sbin/groupadd -r puppet getent passwd puppet >/dev/null || /usr/sbin/useradd -r -g puppet -d /var/lib/puppet -s /bin/false -c "Puppet daemon" puppet %preun %stop_on_removal puppet %postun %restart_on_update puppet %insserv_cleanup %post %fillup_and_insserv %preun server %stop_on_removal puppetmasterd %post server %fillup_and_insserv -f %postun server %restart_on_update puppetmasterd %insserv_cleanup %files %defattr(-,root,root,-) %doc LICENSE README.* %{_bindir}/puppet %{_bindir}/extlookup2hiera %{_libdir}/ruby/vendor_ruby/%{rb_ver}/puppet/ %{_libdir}/ruby/vendor_ruby/%{rb_ver}/hiera/ %{_libdir}/ruby/vendor_ruby/%{rb_ver}/hiera_puppet.rb %{_libdir}/ruby/vendor_ruby/%{rb_ver}/puppet.rb %{_libdir}/ruby/vendor_ruby/%{rb_ver}/semver.rb %dir %{_sysconfdir}/puppet %dir %{_localstatedir}/lib/puppet %dir %{_localstatedir}/log/puppet %config %{_sysconfdir}/puppet/puppet.conf %config %{_sysconfdir}/puppet/auth.conf %{_mandir}/man?/* %{_sysconfdir}/init.d/puppet %{_sbindir}/rcpuppet %config %{_fwdefdir}/puppet %{_localstatedir}/adm/fillup-templates/sysconfig.puppet %if 0%{?suse_version} >= 1210 %{_unitdir}/system/puppetagent.service %endif %files server %defattr(-, root, root, 0755) %dir %attr(755,root,root) %{_sbindir}/rcpuppetmasterd %{_sysconfdir}/init.d/puppetmasterd %config %{_fwdefdir}/puppetmasterd %{_localstatedir}/adm/fillup-templates/sysconfig.puppetmasterd %if 0%{?suse_version} >= 1210 %{_unitdir}/system/puppetmaster.service %endif %changelog ++++++ puppet-2.6.6-yumconf.diff ++++++ Index: lib/puppet/type/yumrepo.rb =================================================================== --- lib/puppet/type/yumrepo.rb.orig +++ lib/puppet/type/yumrepo.rb @@ -75,7 +75,7 @@ module Puppet @inifile = nil - @yumconf = "/etc/yum.conf" + @yumconf = "/etc/yum/yum.conf" # Where to put files for brand new sections @defaultrepodir = nil ++++++ puppet-3.0.2-init.patch ++++++ Index: ext/suse/client.init =================================================================== --- ext/suse/client.init.orig +++ ext/suse/client.init @@ -33,13 +33,11 @@ # rc_exit exit appropriate to overall rc status [ -f /etc/rc.status ] && . /etc/rc.status [ -f /etc/sysconfig/puppet ] && . /etc/sysconfig/puppet -lockfile=${LOCKFILE-/var/lock/subsys/puppet} -pidfile=${PIDFILE-/var/run/puppet/agent.pid} puppetd=${PUPPETD-/usr/bin/puppet} RETVAL=0 PUPPET_OPTS="agent" -[ -n "${PUPPET_SERVER}" ] && PUPPET_OPTS="--server=${PUPPET_SERVER}" +[ -n "${PUPPET_SERVER}" ] && PUPPET_OPTS="${PUPPET_OPTS} --server=${PUPPET_SERVER}" [ -n "$PUPPET_LOG" ] && PUPPET_OPTS="${PUPPET_OPTS} --logdest=${PUPPET_LOG}" [ -n "$PUPPET_PORT" ] && PUPPET_OPTS="${PUPPET_OPTS} --port=${PUPPET_PORT}" @@ -68,7 +66,7 @@ case "$1" in # startproc should return 0, even if service is # already running to match LSB spec. - startproc -p ${pidfile} $puppetd ${PUPPET_OPTS} ${PUPPET_EXTRA_OPTS} && touch ${lockfile} + startproc $puppetd ${PUPPET_OPTS} ${PUPPET_EXTRA_OPTS} # Remember status and be verbose rc_status -v ;; @@ -77,7 +75,7 @@ case "$1" in ## Stop daemon with killproc(8) and if this fails ## set echo the echo return value. - killproc -QUIT -p ${pidfile} $puppetd && rm -f ${lockfile} ${pidfile} + killproc -QUIT $puppetd # Remember status and be verbose rc_status -v @@ -106,7 +104,7 @@ case "$1" in echo -n "Reload service puppet" ## if it supports it: - killproc -HUP -p ${pidfile} $puppetd + killproc -HUP $puppetd rc_status -v ;; reload) @@ -115,7 +113,7 @@ case "$1" in # If it supports signalling: echo -n "Reload puppet services." - killproc -HUP -p ${pidfile} $puppetd + killproc -HUP $puppetd rc_status -v ;; status) @@ -130,7 +128,7 @@ case "$1" in # 3 - service not running # NOTE: checkproc returns LSB compliant status values. - checkproc -p ${pidfile} $puppetd + checkproc $puppetd rc_status -v ;; once) Index: ext/suse/server.init =================================================================== --- ext/suse/server.init.orig +++ ext/suse/server.init @@ -30,9 +30,6 @@ # rc_reset clear local rc status (overall remains) # rc_exit exit appropriate to overall rc status -lockfile=/var/lock/subsys/puppetmaster -pidfile=/var/run/puppet/master.pid - # Source function library. [ -f /etc/rc.status ] && . /etc/rc.status @@ -97,7 +94,7 @@ case "$1" in # already running to match LSB spec. # Confirm the manifest exists if [ -r $PUPPETMASTER_MANIFEST ]; then - startproc -p ${pidfile} $PUPPETMASTER $PUPPETMASTER_OPTS && touch "$lockfile" + startproc $PUPPETMASTER $PUPPETMASTER_OPTS else rc_failed echo "Manifest does not exist: $PUPPETMASTER_MANIFEST" @@ -110,7 +107,7 @@ case "$1" in ## Stop daemon with killproc(8) and if this fails ## set echo the echo return value. - killproc -QUIT -p ${pidfile} $PUPPETMASTER && rm -f ${lockfile} ${pidfile} + killproc -QUIT $PUPPETMASTER # Remember status and be verbose rc_status -v @@ -139,7 +136,7 @@ case "$1" in echo -n "Reload service puppet" ## if it supports it: - killproc -HUP -p ${pidfile} $PUPPETMASTER + killproc -HUP $PUPPETMASTER rc_status -v ;; reload) @@ -148,7 +145,7 @@ case "$1" in # If it supports signalling: echo -n "Reload puppet services." - killproc -HUP -p ${pidfile} $PUPPETMASTER + killproc -HUP $PUPPETMASTER rc_status -v ;; status) @@ -163,7 +160,7 @@ case "$1" in # 3 - service not running # NOTE: checkproc returns LSB compliant status values. - checkproc -p ${pidfile} $PUPPETMASTER + checkproc $PUPPETMASTER rc_status -v ;; *) ++++++ puppet-3.1.1-CVEs.diff ++++++ ++++ 1908 lines (skipped) ++++++ puppet.fw ++++++ ## Name: Puppet ## Description: Retrieve the client configuration from the central puppet server and apply it to the local host. # space separated list of allowed TCP ports TCP="8139" ++++++ puppet.sysconfig ++++++ ## Path: System/Management ## Description: A network tool for managing many disparate systems ## ServiceReload: puppet ## Type: string ## Default: puppet # # The puppetmaster server # PUPPET_SERVER=puppet ## Type: integer ## Default: 8140 # # If you wish to specify the port to connect to do so here # PUPPET_PORT=8140 ## Type: string ## Default: "/var/log/puppet/puppet.log" # # Where to log to. Specify syslog to send log messages to the system log. # PUPPET_LOG=/var/log/puppet/puppet.log ## Type: string ## Default: # # You may specify other parameters to the puppet client here # PUPPET_EXTRA_OPTS="" ++++++ puppetmaster.fw ++++++ ## Name: Puppet ## Description: The central puppet server. Functions as a certificate authority by default. # space separated list of allowed TCP ports TCP="8140" ++++++ puppetmasterd.sysconfig ++++++ ## Path: System/Management ## Description: A network tool for managing many disparate systems ## ServiceReload: puppetmasterd ## Type: string ## Default: "/var/log/puppet/puppetmaster.log" # # Path to logfile # PUPPETMASTER_LOG="/var/log/puppet/puppetmaster.log" ## Type: string ## Default: "/etc/puppet/manifests/site.pp" # # Path to manifest # PUPPETMASTER_MANIFEST="/etc/puppet/manifests/site.pp" ## Type: string ## Default: # # Extra options for puppetmaster # PUPPETMASTER_EXTRA_OPTS="" ## Type: string ## Default: 8140 # # Puppetmaster ports PUPPETMASTER_PORTS=8140 -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org