File puppet.changes of Package puppet.579

-------------------------------------------------------------------
Wed Jun 20 10:43:53 UTC 2012 - vdziewiecki@suse.com

-Fixed bnc#747657 VUL-0: puppet: CVE-2012-1053, CVE-2012-1054:
improper privilege dropping, file handling flaws
-This was done by updating to the new version in stable branch.
-The stable branch receives only security fixes and this update
does not provide any new features.

-------------------------------------------------------------------
Tue Jun 19 11:25:27 UTC 2012 - vdziewiecki@suse.com

-Fixed bnc#755869 VUL-0: CVE-2012-1988: puppet: Filebucket arbitrary code execution
-Fixed bnc#755872 CVE-2012-1986 – Arbitrary File Read
-Fixed bnc#755870 CVE-2012-1987 – Denial of Service
-Fixed bnc#755871 CVE-2012-1989 – Arbitrary File Write

-------------------------------------------------------------------
Wed Jan 11 13:35:57 UTC 2012 - vcizek@suse.com

- correct ownership of dirs in /var (bnc#739361)

-------------------------------------------------------------------
Tue Nov  8 15:56:02 UTC 2011 - vcizek@suse.com

- added remediation toolkit for CVE-2011-3872 (bnc#72637)

-------------------------------------------------------------------
Tue Nov  1 10:04:55 UTC 2011 - vcizek@suse.com

- fix for CVE-2011-3872 (bnc#726372)

-------------------------------------------------------------------
Mon Oct 31 10:00:39 UTC 2011 - vcizek@suse.com

- fixes for several security bugs:
  CVE-2011-3869, CVE-2011-3870, CVE-2011-3871
  (bnc#727024, bnc#727025)

-------------------------------------------------------------------
Tue Oct  4 15:25:27 UTC 2011 - vcizek@suse.com

- Resist directory traversal attacks through indirections
  CVE-2011-3848 (bnc#721139)

-------------------------------------------------------------------
Fri May 20 07:52:18 UTC 2011 - vcizek@novell.com

- fix logging setting (bnc#683441) 

-------------------------------------------------------------------
Fri May 20 07:45:46 UTC 2011 - vcizek@novell.com

- using correct port for puppet in the firewall rules (bnc#694825)

-------------------------------------------------------------------
Fri Jan 28 11:55:57 UTC 2011 - vcizek@novell.com

- update to 2.6.4
 * bugfixes: bnc#667867
   Ship auth.conf as part of installing from source

-------------------------------------------------------------------
Tue Oct  5 16:26:21 CEST 2010 - anicka@suse.cz

- update to 2.6.1
 * bugfixes, manpage fixes 

-------------------------------------------------------------------
Thu Aug 19 15:16:13 CEST 2010 - anicka@suse.cz

- update to 2.6.0
 * major release with many new configuration options and new
   language features

-------------------------------------------------------------------
Mon Aug 16 16:46:36 CEST 2010 - anicka@suse.cz

- respect sysconfig settings (bnc#620808) 

-------------------------------------------------------------------
Tue Jul 20 17:44:46 CEST 2010 - anicka@suse.cz

- create puppet user not only for server package (bnc#623884) 

-------------------------------------------------------------------
Tue Mar  2 17:30:47 CET 2010 - anicka@suse.cz

- update to 0.25.4
 * bugfixes
- create user puppet (fixes bnc#576453) 

-------------------------------------------------------------------
Wed Apr 15 15:42:41 CEST 2009 - mantel@suse.de

- update to 0.24.8

-------------------------------------------------------------------
Mon Apr  6 15:32:43 CEST 2009 - mantel@suse.de

- add zypper.rb plugin by Leo Eraly

-------------------------------------------------------------------
Mon Feb  9 16:49:36 CET 2009 - anicka@suse.cz

- update to 2.4.7
 * Deprecate the NetInfo nameservice provider. Use directoryservice
   instead
 * Add macauthorization type
 * Refactoring the thread-safety in Puppet::Util
 * Removing the included testing gems; you must now install them 
   yourself
 * Refactoring of SELinux functions to use native Ruby SELinux
   interface
 * Removing all mention of EPM, RPM, or Sun packages.
 * Replaced SELInux calls to binaries with Ruby SELinux bindings
 * Adding support to the user type for: profiles, auths, project, 
   key/value pairs (extension to Solaris RBAC support added in
   0.24.6)
 * Added a number of confines to package providers
 * lots of bugfixes
- add sysconfig, firewall definitions, package 
  init scripts (bnc#465778) 

-------------------------------------------------------------------
Tue Sep  9 17:42:21 CEST 2008 - anicka@suse.cz

- update to 0.24.5 
 * You can now select the encoding format when transferring 
   the catalog, with 'yaml' still being the default but 'marshal'
   being an option.
 * Removed support for the 'node_name' setting in LDAP and external
    node lookups.
 * Also removed support for 'default' nodes in external nodes.
 * Exporting or collecting resources no longer raises an exception
   when no storeconfigs is enabled, it just produces a warning.
 * Always using the cert name to store yaml files
 * Added support for the --all option to puppetca --clean.  If
   puppetca --clean --all is issued then all client certificates
   are removed.
 * Resources now return the 'should' value for properties from
   the [] accessor method (they previously threw an exception when
   this method was used with properties).
 * Modified the 'master' handler to use the Catalog class to
   compile node configurations, rather than using the Configuration
   handler, which was never used directly.
 * Modified the 'master' handler (responsible for sending 
   configurations to clients) to always return Time.now as its
   compile date, so configurations will always get recompiled.
 * Saving new facts now expires any cached node information.
 * Switching how caching is handled, so that objects now all
   have an expiration date associated with them.  This makes it
   much easier to know whether a given cached object should be used
   or if it should be regenerated.
 * Changing the default environment to production.
- fix installation script (man8 permissions)

-------------------------------------------------------------------
Mon Sep  1 14:06:07 CEST 2008 - anicka@suse.cz

- package created (version 0.24.4)