Hello community, here is the log from the commit of package puppet for openSUSE:11.4 checked in at Thu Nov 10 16:13:07 CET 2011. -------- --- old-versions/11.4/UPDATES/all/puppet/puppet.changes 2011-11-01 11:08:37.000000000 +0100 +++ 11.4/puppet/puppet.changes 2011-11-08 17:38:45.000000000 +0100 @@ -1,0 +2,5 @@ +Tue Nov 8 15:56:02 UTC 2011 - vcizek@suse.com + +- added remediation toolkit for CVE-2011-3872 (bnc#72637) + +------------------------------------------------------------------- @@ -11,0 +17 @@ + calling whatdependson for 11.4-i586 New: ---- CVE-2011-3872.msg puppetlabs-cve20113872-0.0.5.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ puppet.spec ++++++ --- /var/tmp/diff_new_pack.yw7oFr/_old 2011-11-10 16:12:04.000000000 +0100 +++ /var/tmp/diff_new_pack.yw7oFr/_new 2011-11-10 16:12:04.000000000 +0100 @@ -21,7 +21,7 @@ Name: puppet Version: 2.6.4 -Release: 4.<RELEASE9> +Release: 4.<RELEASE11> License: GPLv2+ Group: Productivity/Networking/System Url: http://reductivelabs.com/projects/puppet/ @@ -30,6 +30,8 @@ Source2: puppet.fw Source3: puppet.sysconfig Source4: puppetmasterd.sysconfig +Source5: puppetlabs-cve20113872-0.0.5.tar.gz +Source6: CVE-2011-3872.msg Patch: %{name}-%{version}-yumconf.diff Patch1: %{name}-%{version}-init.diff # PATCH-FIX-UPSTREAM bnc#721139 CVE-2011-3848 @@ -87,6 +89,7 @@ %patch5 -p1 %patch6 -p1 %patch7 -p1 +tar xf %{S:5} sed -i 's#/usr/local/bin/ruby#/usr/bin/ruby#' lib/puppet/external/nagios.rb %build @@ -115,6 +118,11 @@ chmod a+x $RPM_BUILD_ROOT/%{_libdir}/ruby/vendor_ruby/%{rb_ver}/puppet/external/nagios.rb chmod a+x $RPM_BUILD_ROOT/%{_libdir}/ruby/vendor_ruby/%{rb_ver}/puppet/network/http_server/mongrel.rb chmod a+x $RPM_BUILD_ROOT/%{_libdir}/ruby/vendor_ruby/%{rb_ver}/puppet/relationship.rb +mkdir -p $RPM_BUILD_ROOT/%{_docdir}/%{name} +# avoid rpm warnings +find puppetlabs-cve20113872-0.0.5 -name webrick -prune -o -type f -exec chmod -x \{\} \; +cp -R puppetlabs-cve20113872-0.0.5 $RPM_BUILD_ROOT/%{_docdir}/%{name} +%suse_install_update_message %{S:6} %clean rm -rf $RPM_BUILD_ROOT @@ -146,6 +154,7 @@ %files %defattr(-,root,root,-) %doc CHANGELOG COPYING LICENSE README +%doc puppetlabs-cve20113872-0.0.5 %{_bindir}/pi %{_bindir}/filebucket %{_bindir}/puppet @@ -167,6 +176,7 @@ %{_sbindir}/puppetd %config %{_fwdefdir}/puppet /var/adm/fillup-templates/sysconfig.puppet +/var/adm/update-messages/%{name}-%{version}-%{release}-CVE-2011-3872.msg.txt %files server %defattr(-, root, root, 0755) ++++++ CVE-2011-3872.msg ++++++ Note: If you've set the 'certdnsnames' option in your master's puppet.conf file, merely installing the updated packages is not sufficient to fix this problem. You need to either pick a new DNS name for the master and reconfigure all agents to use it or re-new certificates on all agents. Please refer to the documentation in /usr/share/doc/packages/puppet/puppetlabs-cve20113872-0.0.5 for detailed instructions and scripts. Puppetlabs' site also provides more information: http://puppetlabs.com/security/cve/cve-2011-3872/faq/ http://puppetlabs.com/blog/important-security-announcement-altnames-vulnerab... continue with "q"... Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org