Hello community, here is the log from the commit of package puppet.1506 for openSUSE:12.2:Update checked in at 2013-04-03 16:15:21 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:12.2:Update/puppet.1506 (Old) and /work/SRC/openSUSE:12.2:Update/.puppet.1506.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "puppet.1506", Maintainer is "" Changes: -------- New Changes file: --- /dev/null 2013-02-26 18:15:11.936010755 +0100 +++ /work/SRC/openSUSE:12.2:Update/.puppet.1506.new/puppet.changes 2013-04-03 16:15:22.000000000 +0200 @@ -0,0 +1,179 @@ +------------------------------------------------------------------- +Tue Mar 26 15:55:27 UTC 2013 - vdziewiecki@suse.com + +-Fix numerous CVEs, see bnc#809839 puppet-2.7.11-CVEs.diff + +------------------------------------------------------------------- +Wed Jun 13 09:12:06 UTC 2012 - coolo@suse.com + +- no need for vendor-specific + +------------------------------------------------------------------- +Tue Oct 25 13:56:49 UTC 2011 - vcizek@suse.com + +- update to 2.7.6 + Security Fixes + CVE-2011-3872 (AltNames vulnerability) + Features and Enhancements + User/group management on Windows + Better file support on Windows + Support plaintext password in Windows + Bug Fixes + Recognize more duplicate resources + Allow multi-line exec resources + Remove unnecessary deprecation warning in puppet resource + Update pluginsync to only load ruby files. + +------------------------------------------------------------------- +Thu Sep 29 11:32:59 UTC 2011 - vcizek@suse.com + +- update to 2.7.4 + - enhancement + security release: + fixed CVE-2011-3848 + (Resist directory traversal attacks through indirections) + GigabitEthernet/TenGigabitEthernet are uncorrectly parsed + Don’t rely on error message to detect UAC capable platform + Allow cron vars to have leading whitespace + +------------------------------------------------------------------- +Thu Jun 23 08:26:59 UTC 2011 - vcizek@novell.com + +- update to 2.7.1 + - a major feature release: + Ruby 1.9 Support + Deterministic Catalog Application + Puppet Faces - a new API for creating new Puppet subcommands + Manage Network Devices + Dependency cycle reporting produces graph of the cycle +- license changed to Apache-2.0 + - see http://docs.puppetlabs.com/guides/faq#change-to-apache-license + +------------------------------------------------------------------- +Thu May 19 09:35:38 UTC 2011 - vcizek@novell.com + +- using correct port for puppet in the firewall rules (bnc#694825) + +------------------------------------------------------------------- +Tue Apr 5 13:38:04 UTC 2011 - vcizek@novell.com + +- fix logging setting (bnc#683441) + +------------------------------------------------------------------- +Mon Mar 14 09:39:35 UTC 2011 - vcizek@novell.com + +- update to 2.6.6 + * fixed many bugs + * licence has changed to GPLv2 (was GPLv2+) + * some of the new features: + - Manifests can now specify arbitrary data for file contents + - Managed resource attributes can now be audited + - Parameterised class support in external node classifiers + - New puppet inspect application + +------------------------------------------------------------------- +Fri Jan 28 11:55:57 UTC 2011 - vcizek@novell.com + +- update to 2.6.4 + * bugfixes: bnc#667867 + Ship auth.conf as part of installing from source + +------------------------------------------------------------------- +Tue Oct 5 16:26:21 CEST 2010 - anicka@suse.cz + +- update to 2.6.1 + * bugfixes, manpage fixes + +------------------------------------------------------------------- +Thu Aug 19 15:16:13 CEST 2010 - anicka@suse.cz + +- update to 2.6.0 + * major release with many new configuration options and new + language features + +------------------------------------------------------------------- +Mon Aug 16 16:46:36 CEST 2010 - anicka@suse.cz + +- respect sysconfig settings (bnc#620808) + +------------------------------------------------------------------- +Tue Jul 20 17:44:46 CEST 2010 - anicka@suse.cz + +- create puppet user not only for server package (bnc#623884) + +------------------------------------------------------------------- +Tue Mar 2 17:30:47 CET 2010 - anicka@suse.cz + +- update to 0.25.4 + * bugfixes +- create user puppet (fixes bnc#576453) + +------------------------------------------------------------------- +Wed Apr 15 15:42:41 CEST 2009 - mantel@suse.de + +- update to 0.24.8 + +------------------------------------------------------------------- +Mon Apr 6 15:32:43 CEST 2009 - mantel@suse.de + +- add zypper.rb plugin by Leo Eraly + +------------------------------------------------------------------- +Mon Feb 9 16:49:36 CET 2009 - anicka@suse.cz + +- update to 2.4.7 + * Deprecate the NetInfo nameservice provider. Use directoryservice + instead + * Add macauthorization type + * Refactoring the thread-safety in Puppet::Util + * Removing the included testing gems; you must now install them + yourself + * Refactoring of SELinux functions to use native Ruby SELinux + interface + * Removing all mention of EPM, RPM, or Sun packages. + * Replaced SELInux calls to binaries with Ruby SELinux bindings + * Adding support to the user type for: profiles, auths, project, + key/value pairs (extension to Solaris RBAC support added in + 0.24.6) + * Added a number of confines to package providers + * lots of bugfixes +- add sysconfig, firewall definitions, package + init scripts (bnc#465778) + +------------------------------------------------------------------- +Tue Sep 9 17:42:21 CEST 2008 - anicka@suse.cz + +- update to 0.24.5 + * You can now select the encoding format when transferring + the catalog, with 'yaml' still being the default but 'marshal' + being an option. + * Removed support for the 'node_name' setting in LDAP and external + node lookups. + * Also removed support for 'default' nodes in external nodes. + * Exporting or collecting resources no longer raises an exception + when no storeconfigs is enabled, it just produces a warning. + * Always using the cert name to store yaml files + * Added support for the --all option to puppetca --clean. If + puppetca --clean --all is issued then all client certificates + are removed. + * Resources now return the 'should' value for properties from + the [] accessor method (they previously threw an exception when + this method was used with properties). + * Modified the 'master' handler to use the Catalog class to + compile node configurations, rather than using the Configuration + handler, which was never used directly. + * Modified the 'master' handler (responsible for sending + configurations to clients) to always return Time.now as its + compile date, so configurations will always get recompiled. + * Saving new facts now expires any cached node information. + * Switching how caching is handled, so that objects now all + have an expiration date associated with them. This makes it + much easier to know whether a given cached object should be used + or if it should be regenerated. + * Changing the default environment to production. +- fix installation script (man8 permissions) + +------------------------------------------------------------------- +Mon Sep 1 14:06:07 CEST 2008 - anicka@suse.cz + +- package created (version 0.24.4) + New: ---- puppet-2.6.6-init.diff puppet-2.6.6-yumconf.diff puppet-2.7.11-CVEs.diff puppet-2.7.6.tar.gz puppet.changes puppet.fw puppet.spec puppet.sysconfig puppetmaster.fw puppetmasterd.sysconfig ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ puppet.spec ++++++ # # spec file for package puppet # # Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via http://bugs.opensuse.org/ # %define _fwdefdir /etc/sysconfig/SuSEfirewall2.d/services Name: puppet Version: 2.7.6 Release: 0 Url: http://reductivelabs.com/projects/puppet/ Source: %{name}-%{version}.tar.gz Source1: puppetmaster.fw Source2: puppet.fw Source3: puppet.sysconfig Source4: puppetmasterd.sysconfig Patch: %{name}-2.6.6-yumconf.diff Patch1: %{name}-2.6.6-init.diff # PATCH-FIX-UPSTREAM-bnc#809839 Patch2: puppet-2.7.11-CVEs.diff Requires: facter >= 1.5.1 Requires: ruby >= 1.8.1 PreReq: pwdutils %insserv_prereq %fillup_prereq BuildRequires: facter >= 1.5.1 BuildRequires: ruby >= 1.8.1 BuildRoot: %{_tmppath}/%{name}-%{version}-build Summary: A network tool for managing many disparate systems License: Apache-2.0 Group: Productivity/Networking/System %description Puppet lets you centrally manage every important aspect of your system using a cross-platform specification language that manages all the separate elements normally aggregated in different files, like users, cron jobs, and hosts, along with obviously discrete elements like packages, services, and files. %package server PreReq: puppet = %{version}-%{release} %insserv_prereq %fillup_prereq Summary: A network tool for managing many disparate systems License: GPL-2.0 Group: Productivity/Networking/System %description server Puppet lets you centrally manage every important aspect of your system using a cross-platform specification language that manages all the separate elements normally aggregated in different files, like users, cron jobs, and hosts, along with obviously discrete elements like packages, services, and files. %prep %setup -q %patch %patch1 %patch2 -p1 #sed -i 's#/usr/local/bin/ruby#/usr/bin/ruby#' lib/puppet/external/nagios.rb %build %install ruby install.rb install --destdir=%{buildroot} --sitelibdir=%{_libdir}/ruby/vendor_ruby/%{rb_ver} #install -d -m 755 $RPM_BUILD_ROOT/var/lib/puppet mkdir -p $RPM_BUILD_ROOT/etc/puppet mkdir -p $RPM_BUILD_ROOT/etc/init.d mkdir -p $RPM_BUILD_ROOT/sbin mkdir -p $RPM_BUILD_ROOT/var/lib/puppet #mkdir -p $RPM_BUILD_ROOT/var/run/puppet mkdir -p $RPM_BUILD_ROOT/var/log/puppet mkdir -p $RPM_BUILD_ROOT/%{_fwdefdir} install -m0644 conf/redhat/puppet.conf $RPM_BUILD_ROOT/etc/puppet/puppet.conf install -m0644 conf/auth.conf $RPM_BUILD_ROOT/etc/puppet/auth.conf install -m0755 conf/suse/client.init $RPM_BUILD_ROOT/etc/init.d/puppet install -m0755 conf/suse/server.init $RPM_BUILD_ROOT/etc/init.d/puppetmasterd ln -sf ../../etc/init.d/puppet $RPM_BUILD_ROOT/%{_sbindir}/rcpuppet ln -sf ../../etc/init.d/puppetmasterd $RPM_BUILD_ROOT/%{_sbindir}/rcpuppetmasterd install -m 644 %SOURCE1 $RPM_BUILD_ROOT/%{_fwdefdir}/puppetmasterd install -m 644 %SOURCE2 $RPM_BUILD_ROOT/%{_fwdefdir}/puppet mkdir -p $RPM_BUILD_ROOT/var/adm/fillup-templates cp %{S:3} $RPM_BUILD_ROOT/var/adm/fillup-templates/sysconfig.puppet cp %{S:4} $RPM_BUILD_ROOT/var/adm/fillup-templates/sysconfig.puppetmasterd %pre getent group puppet >/dev/null || /usr/sbin/groupadd -o -r puppet getent passwd puppet >/dev/null || /usr/sbin/useradd -r -g puppet -d /var/lib/puppet -s /bin/false -c "Puppet daemon" puppet %preun %stop_on_removal puppet %postun %restart_on_update puppet %insserv_cleanup %post %fillup_and_insserv %preun server %stop_on_removal puppetmasterd %post server %fillup_and_insserv -f %postun server %restart_on_update puppetmasterd %insserv_cleanup %files %defattr(-,root,root,-) %doc CHANGELOG LICENSE README.* %{_bindir}/filebucket %{_bindir}/puppet %{_bindir}/ralsh %{_bindir}/pi %{_bindir}/puppetdoc %{_sbindir}/puppetca %dir %{_libdir}/ruby/vendor_ruby/%{rb_ver}/puppet %{_libdir}/ruby/vendor_ruby/%{rb_ver}/puppet/* %{_libdir}/ruby/vendor_ruby/%{rb_ver}/puppet.rb %{_libdir}/ruby/vendor_ruby/%{rb_ver}/semver.rb %dir /etc/puppet %dir /var/lib/puppet %dir /var/log/puppet #%dir /var/run/puppet %config /etc/puppet/puppet.conf %config /etc/puppet/auth.conf %{_mandir}/man?/* /etc/init.d/puppet %{_sbindir}/rcpuppet %{_sbindir}/puppetd %config %{_fwdefdir}/puppet /var/adm/fillup-templates/sysconfig.puppet %files server %defattr(-, root, root, 0755) %dir %attr(755,root,root) /var/lib/puppet %{_sbindir}/puppetmasterd %{_sbindir}/puppetrun %{_sbindir}/puppetqd %{_sbindir}/rcpuppetmasterd /etc/init.d/puppetmasterd %config %{_fwdefdir}/puppetmasterd /var/adm/fillup-templates/sysconfig.puppetmasterd %changelog ++++++ puppet-2.6.6-init.diff ++++++ Index: conf/suse/client.init =================================================================== --- conf/suse/client.init.orig +++ conf/suse/client.init @@ -17,7 +17,7 @@ # Should-Start: puppet # Required-Stop: $local_fs $remote_fs $network $syslog # Should-Stop: puppet -# Default-Start: 3 4 5 +# Default-Start: 3 5 # Default-Stop: 0 1 2 6 # Short-Description: puppet # Description: Enables periodic system configuration checks through puppet. @@ -33,14 +33,19 @@ # rc_exit exit appropriate to overall rc status [ -f /etc/rc.status ] && . /etc/rc.status [ -f /etc/sysconfig/puppet ] && . /etc/sysconfig/puppet -lockfile=${LOCKFILE-/var/lock/subsys/puppet} -pidfile=${PIDFILE-/var/run/puppet.pid} -puppetd=${PUPPETD-/usr/sbin/puppetd} - -PUPPET_OPTS="" -[ -n "${PUPPET_SERVER}" ] && PUPPET_OPTS="--server=${PUPPET_SERVER}" -[ -n "$PUPPET_LOG" ] && PUPPET_OPTS="${PUPPET_OPTS} --logdest=${PUPPET_LOG}" -[ -n "$PUPPET_PORT" ] && PUPPET_OPTS="${PUPPET_OPTS} --port=${PUPPET_PORT}" +lockfile=/var/lock/subsys/puppet +pidfile=/var/run/puppet.pid +puppetd=/usr/sbin/puppetd + +[ -z "$PUPPET_LOG" ] && PUPPET_LOG="/var/log/puppet/puppet.log" +[ -z "$PUPPET_SERVER" ] && PUPPET_SERVER="puppet" +[ -z "$PUPPET_PORT" ] && PUPPET_PORT="8140" + +PUPPET_OPTS=" + --logdest=$PUPPET_LOG \ + --masterport=$PUPPET_PORT \ + --server=$PUPPET_SERVER \ + $PUPPET_EXTRA_OPTS" # First reset status of this service rc_reset @@ -76,7 +81,7 @@ case "$1" in ## Stop daemon with killproc(8) and if this fails ## set echo the echo return value. - killproc -QUIT $puppetd && rm -f ${lockfile} ${pidfile} + killproc $puppetd && rm -f ${lockfile} ${pidfile} # Remember status and be verbose rc_status -v Index: conf/suse/server.init =================================================================== --- conf/suse/server.init.orig +++ conf/suse/server.init @@ -15,7 +15,7 @@ # Should-Start: puppetmaster # Required-Stop: $local_fs $remote_fs $network $syslog # Should-Stop: puppetmaster -# Default-Start: 3 4 5 +# Default-Start: 3 5 # Default-Stop: 0 1 2 6 # Short-Description: puppetmaster # Description: Server for the puppet system management tool. @@ -30,14 +30,14 @@ # rc_reset clear local rc status (overall remains) # rc_exit exit appropriate to overall rc status -lockfile=/var/lock/subsys/puppetmaster +lockfile=/var/lock/subsys/puppetmasterd pidfile=/var/run/puppet/puppetmasterd.pid # Source function library. [ -f /etc/rc.status ] && . /etc/rc.status -if [ -f /etc/sysconfig/puppetmaster ]; then - . /etc/sysconfig/puppetmaster +if [ -f /etc/sysconfig/puppetmasterd ]; then + . /etc/sysconfig/puppetmasterd fi PUPPETMASTER_OPTS="" @@ -100,7 +100,7 @@ case "$1" in ## Stop daemon with killproc(8) and if this fails ## set echo the echo return value. - killproc -QUIT $PUPPETMASTER && rm -f ${lockfile} ${pidfile} + killproc $PUPPETMASTER && rm -f ${lockfile} ${pidfile} # Remember status and be verbose rc_status -v ++++++ puppet-2.6.6-yumconf.diff ++++++ Index: lib/puppet/type/yumrepo.rb =================================================================== --- lib/puppet/type/yumrepo.rb.orig +++ lib/puppet/type/yumrepo.rb @@ -75,7 +75,7 @@ module Puppet @inifile = nil - @yumconf = "/etc/yum.conf" + @yumconf = "/etc/yum/yum.conf" # Where to put files for brand new sections @defaultrepodir = nil ++++++ puppet-2.7.11-CVEs.diff ++++++ ++++ 2529 lines (skipped) ++++++ puppet.fw ++++++ ## Name: Puppet ## Description: Retrieve the client configuration from the central puppet server and apply it to the local host. # space separated list of allowed TCP ports TCP="8139" ++++++ puppet.sysconfig ++++++ ## Path: System/Management ## Description: A network tool for managing many disparate systems ## ServiceReload: puppet ## Type: string ## Default: puppet # # The puppetmaster server # PUPPET_SERVER=puppet ## Type: integer ## Default: 8140 # # If you wish to specify the port to connect to do so here # PUPPET_PORT=8140 ## Type: string ## Default: "/var/log/puppet/puppet.log" # # Where to log to. Specify syslog to send log messages to the system log. # PUPPET_LOG=/var/log/puppet/puppet.log ## Type: string ## Default: # # You may specify other parameters to the puppet client here # PUPPET_EXTRA_OPTS="" ++++++ puppetmaster.fw ++++++ ## Name: Puppet ## Description: The central puppet server. Functions as a certificate authority by default. # space separated list of allowed TCP ports TCP="8140" ++++++ puppetmasterd.sysconfig ++++++ ## Path: System/Management ## Description: A network tool for managing many disparate systems ## ServiceReload: puppetmasterd ## Type: string ## Default: "/var/log/puppet/puppetmaster.log" # # Path to logfile # PUPPETMASTER_LOG="/var/log/puppet/puppetmaster.log" ## Type: string ## Default: "/etc/puppet/manifests/site.pp" # # Path to manifest # PUPPETMASTER_MANIFEST="/etc/puppet/manifests/site.pp" ## Type: string ## Default: # # Extra options for puppetmaster # PUPPETMASTER_EXTRA_OPTS="" ## Type: string ## Default: 8140 # # Puppetmaster ports PUPPETMASTER_PORTS=8140 -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org