BZ#920845
Fixes for CVE-2013-1640 CVE-2013-1652 CVE-2013-1653 CVE-2013-1654
CVE-2013-1655 CVE-2013-2274 CVE-2013-2275
see puppetlabs.com/security for more information.
This commit also rebases the webrick compatibility patch to be a cherry-pick
from upstream rather than a Fedora-specific patch.
Signed-off-by: Michael Stahnke <stahnma@puppetlabs.com>
This is the update to 3.1.0 which is a working Puppet on Ruby 1.9.3.
This update differs from rawhide slightly in that we are keeping systemV
init scripts rather than using Systemd since this is an update within
F18.
Note that 2.7.x on F18 with F18's ruby did not work and was an
unsupported combination from upstream. This resolves that issue and
rebases Puppet. This is not backward compatible, but since 2.7.x of
Puppet didn't work, I thought it was probably ok.
Merge branch 'master' into f18
Conflicts:
puppet.spec
puppetmaster-old-client-compat.patch
Signed-off-by: Michael Stahnke <stahnma@puppetlabs.com>
This patch updates the puppet spec for upstream version 3.0.2. Puppet
3.0.2 includes service management files for systemd, which ships with
F17, so this updates the spec to include systemd conditionals where
applicable. Several deprecated manpages and executables, including
everything Puppet shipped in %{_sbindir}, are removed in Puppet 3.0.x as
well; This commit updates the spec as such. The patch for commit a71208b
is removed as its in the 3.0.2 source. Per existing comments, the
deprecated puppetstoredconfigclean.rb script is removed. Additionally,
the patch for preserving timestamps in install.rb is removed, as this
has been merged into upstream. Puppet 3.0.2 requires ruby >= 1.8.7 and
facter >= 1.6.6, so updated BuildRequires and Requires are added for
these. A new requires of hiera >= 1.0.0 is added as well. Puppet >=
3.0.0 also entirely absorbed the source of the package hiera-puppet, so
this is obsoleted and provided here. Finally, the built-in mongrel
support is removed in puppet 3.x, so the reference to it is removed in
the spec.
Signed-off-by: Moses Mendoza <moses@puppetlabs.com>
Signed-off-by: Michael Stahnke <stahnma@puppetlabs.com>
Note that the license has changed from GPLv2 to ASL 2.0.
With 2.7, the puppetstoredconfigclean script has been dropped from ext/
because 'puppet node clean' performs this task. Unfortunately, it does
more than just cleaning up the storeconfig db (removing signed
certificates and reports), so we can't just call 'puppet node clean'.
Instead, restore the script and add a note that it is deprecated,
pointing to 'puppet node clean' as the supported method of cleaning
storedconfig and other node data.
No supported Fedora releases ever had 0.25.5, so they could never
require the ugly upgrade code in %post. If/when we move EL to 2.7.x,
these can be dropped entirely.
Ruby 1.8.1 was only supported on a best-effort basis for agent use only,
mostly for EL-4 support. With EL-4 going EOL in a few weeks, we can
forget about 1.8.1
After discussion in bugzilla, it's clear that a more minimal backport of
changes to resolve issues with augeas >= 0.10 is the better approach.
(That and I missed the patch which Dominic had helpfully attached to the
bug when he initially filed it.)
When augeas reached 0.10.0, various version tests failed. This is fixed
in the 2.7.x branch of puppet, but a few other changes were also made
since then, making a very minimal cherry-pick fix difficult. The other
changes are reasonably small and are also worth of backporting to our
2.6.x packages.
The patches are from 2.6.7rc1.
(#4922) Don't truncate remotely-sourced files on 404
(#5073) Download plugins even if you're filtering on tags
(#5428) More fully "stub" Puppet::Resource::Reference for use with
storedconfigs
Some of the selinux types/providers call binaries from libselinux-utils
directly. Ideally, these would be converted to use the ruby bindings,
but it is not clear if that is feasible at this time.
Upstream is exploring the possibility of moving to a more liberal
license like the Apache Software License and the advice of their legal
team was that it would be easier to move from GPLv2 than GPLv2 or later.
- Adjust selinux conditional for EL-6
- Apply rundir-perms patch from tarball rather than including it separately
- Update URL's to reflect the new puppetlabs.com domain
Fri Aug 07 2009 Todd Zullinger <tmz@pobox.com> - 0.24.8-4
- Fix status -p handling on older RHEL (#501577)
- Fix condrestart when daemon's aren't running (#480600)
- Fix timeout reading /proc/mounts (upstream #1963)
- Fix permissions on /var/log/puppet (#495096)
- Fix rails test for activerecord-2.3 (#515728)
Wed Jun 24 2009 Jeroen van Meeuwen <kanarip@kanarip.com>
- Fix permissions on /var/run/puppet/ (#495096)
- Support initializing supplementary groups (#1806, #475201, Till Maas)
- Own the correct vim directory
- Move ext/ outside of doc datadir (rpmlint)
- Require ruby(selinux) rather then libselinux-ruby (#507848)
- Require ruby-shadow on Fedora and RHEL >= 5
- Simplify Fedora/RHEL version checks for ruby(abi) and BuildArch
- Require chkconfig and initstripts for preun, post, and postun scripts
- Conditionally restart puppet in %postun
- Ensure %preun, %post, and %postun scripts exit cleanly
- Create puppet user/group according to Fedora packaging guidelines
- Quiet a few rpmlint complaints
- Remove useless %pbuild macro
- Make specfile more like the Fedora/EPEL template
Sam Kottler
Lukas Zapletal
Sam Kottler
Orion Poplawski
Vít Ondruch
Michael Stahnke
Daniel Drake
Moses Mendoza
Todd Zullinger
Dennis Gilmore
Todd Zullinger
Jeroen van Meeuwen
Jesse Keating
David Lutterkort