rpms
/
puppet
20
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update to 4.10.1

Browse Source
epel9
Dominic Cleal 8 years ago
parent e98f95dcba
commit c7f00c0890
No known key found for this signature in database
GPG Key ID: 7C7D326F2C2B72CC
4 changed files with 8 additions and 106 deletions
Show Stats Download Patch File Download Diff File

99
0005-PUP-7483-Reject-all-fact-formats-except-PSON.patch
Unescape View File

@ -1,99 +0,0 @@
From 06d8c51367ca932b9da5d9b01958cfc0adf0f2ea Mon Sep 17 00:00:00 2001
From: Josh Cooper <josh@puppet.com>
Date: Fri, 28 Apr 2017 12:09:11 -0700
Subject: [PATCH] (PUP-7483) Reject all fact formats except PSON
Previously, an authenticated user could cause the master to execute
YAML.load on user-specified input, as well as MessagePack.unpack if the
msgpack gem was installed.
Since 3.2.2, agents have always sent facts as PSON. There is no reason
to support other formats, so reject all fact formats except PSON.
---
lib/puppet/indirector/catalog/compiler.rb | 6 +++--
spec/unit/indirector/catalog/compiler_spec.rb | 36 ++++++++++++++++++++++++---
2 files changed, 36 insertions(+), 6 deletions(-)
diff --git a/lib/puppet/indirector/catalog/compiler.rb b/lib/puppet/indirector/catalog/compiler.rb
index e4e60ce..16c8353 100644
--- a/lib/puppet/indirector/catalog/compiler.rb
+++ b/lib/puppet/indirector/catalog/compiler.rb
@@ -25,9 +25,11 @@ class Puppet::Resource::Catalog::Compiler < Puppet::Indirector::Code
# in Network::HTTP::Handler will automagically deserialize the value.
if text_facts.is_a?(Puppet::Node::Facts)
facts = text_facts
- else
+ elsif format == 'pson'
# We unescape here because the corresponding code in Puppet::Configurer::FactHandler escapes
- facts = Puppet::Node::Facts.convert_from(format, CGI.unescape(text_facts))
+ facts = Puppet::Node::Facts.convert_from('pson', CGI.unescape(text_facts))
+ else
+ raise ArgumentError, "Unsupported facts format"
end
unless facts.name == request.key
diff --git a/spec/unit/indirector/catalog/compiler_spec.rb b/spec/unit/indirector/catalog/compiler_spec.rb
index b134c90..d31eaee 100644
--- a/spec/unit/indirector/catalog/compiler_spec.rb
+++ b/spec/unit/indirector/catalog/compiler_spec.rb
@@ -255,10 +255,10 @@ describe Puppet::Resource::Catalog::Compiler do
@facts = Puppet::Node::Facts.new('hostname', "fact" => "value", "architecture" => "i386")
end
- def a_request_that_contains(facts)
+ def a_request_that_contains(facts, format = :pson)
request = Puppet::Indirector::Request.new(:catalog, :find, "hostname", nil)
- request.options[:facts_format] = "pson"
- request.options[:facts] = CGI.escape(facts.render(:pson))
+ request.options[:facts_format] = format.to_s
+ request.options[:facts] = CGI.escape(facts.render(format))
request
end
@@ -277,7 +277,7 @@ describe Puppet::Resource::Catalog::Compiler do
expect(facts.timestamp).to eq(time)
end
- it "should convert the facts into a fact instance and save it" do
+ it "accepts PSON facts" do
request = a_request_that_contains(@facts)
options = {
@@ -289,6 +289,34 @@ describe Puppet::Resource::Catalog::Compiler do
@compiler.extract_facts_from_request(request)
end
+
+ it "rejects YAML facts" do
+ request = a_request_that_contains(@facts, :yaml)
+
+ options = {
+ :environment => request.environment,
+ :transaction_uuid => request.options[:transaction_uuid],
+ }
+
+ expect {
+ @compiler.extract_facts_from_request(request)
+ }.to raise_error(ArgumentError, /Unsupported facts format/)
+ end
+
+ it "rejects unknown fact formats" do
+ request = a_request_that_contains(@facts)
+ request.options[:facts_format] = 'unknown-format'
+
+ options = {
+ :environment => request.environment,
+ :transaction_uuid => request.options[:transaction_uuid],
+ }
+
+ expect {
+ @compiler.extract_facts_from_request(request)
+ }.to raise_error(ArgumentError, /Unsupported facts format/)
+ end
+
end
describe "when finding nodes" do
--
2.7.4

2
0006-Remove-Fedora-release-restrictions-from-DNF-provider.patch
Unescape View File

@ -17,7 +17,7 @@ index e144a1a..c0ed877 100644
end
end
- defaultfor :operatingsystem => :fedora, :operatingsystemmajrelease => ['22', '23', '24']
- defaultfor :operatingsystem => :fedora, :operatingsystemmajrelease => ['22', '23', '24', '25']
+ defaultfor :operatingsystem => :fedora
def self.update_command

9
puppet.spec
Unescape View File

@ -18,8 +18,8 @@
%global pending_upgrade_file %{pending_upgrade_path}/upgrade_pending
Name: puppet
Version: 4.8.2
Release: 2%{?dist}
Version: 4.10.1
Release: 1%{?dist}
Summary: A network tool for managing many disparate systems
License: ASL 2.0
URL: http://puppetlabs.com
@ -33,7 +33,6 @@ Source4: start-puppet-wrapper
Patch01: 0001-Fix-puppet-paths.patch
Patch02: 0002-Revert-maint-Remove-puppetmaster.service.patch
Patch04: 0004-PUP-7383-Skip-cipher-monkey-patch-on-ruby-2.4.patch
Patch05: 0005-PUP-7483-Reject-all-fact-formats-except-PSON.patch
Patch06: 0006-Remove-Fedora-release-restrictions-from-DNF-provider.patch
Group: System Environment/Base
@ -128,7 +127,6 @@ The server can also function as a certificate authority and file server.
%patch01 -p1 -b .paths
%patch02 -p1 -b .server
%patch04 -p1
%patch05 -p1
%patch06 -p1
# Unbundle
rm -r lib/puppet/vendor/*{pathspec,rgen}*
@ -398,6 +396,9 @@ exit 0
rm -rf %{buildroot}
%changelog
* Wed May 31 2017 Dominic Cleal <dominic@cleal.org> - 4.10.1-1
- Update to 4.10.1
* Wed May 31 2017 Dominic Cleal <dominic@cleal.org> - 4.8.2-2
- Remove Fedora release restrictions from DNF package provider

4
sources
Unescape View File

@ -1,2 +1,2 @@
SHA512 (puppet-4.8.2.tar.gz.asc) = 3526e4787e5894a6d62af6c06a10fc20e8726759209b6d461dd7688882d7a646ff23a4efdb28ac7358bb2ac0002a1486b6f746f6a1e15c1e1cef33565d9433be
SHA512 (puppet-4.8.2.tar.gz) = d9c3d7949d88c12df49f6e9b170004087bf4eb3a598764f34ca4cc074013ecb0ab585e836c1cf12c7be4e61af0c18845dd0d65f3446fa744f949d8f2c7a8d2a1
SHA512 (puppet-4.10.1.tar.gz) = d232f062b93485f7eea8abb9c5420462e313e6050e7335159f051f7c7af86338c006ae4edc09e0e1370784ee7b076911ca563a4cfc6a1f2afc7179bed08d2032
SHA512 (puppet-4.10.1.tar.gz.asc) = a2a168ca2f48f2db7d8998f0c81895274a2a1c26476a240bd67f0a8c23c54d1ab4fd581d2ac69141cc0de8ed4139107ff2df0ef9b4c31dd76a9592ebd6f453cd

Write Preview
Loading…
Cancel
Save