File puppet.changes of Package puppet.14603
-------------------------------------------------------------------
Mon Mar 30 16:20:38 UTC 2020 - Kristyna Streitova <kstreitova@suse.com>
- add puppet-3.8.5-CVE-2020-7942.patch that adds a deprecation
warning for 'strict_hostname_checking = false' variable. While
set to false it causes arbitrary catalog retrieval so users
should change it to true and adjust their environment accordingly.
[bsc#1167645], [CVE-2020-7942]
-------------------------------------------------------------------
Tue Feb 13 14:01:40 UTC 2018 - kstreitova@suse.com
- add puppet-3.8.5-CVE-2017-10689.patch to reset permissions when
unpacking tar in PMT. When using minitar, files are unpacked with
whatever permissions are in the tarball. This is potentially
unsafe, as tarballs can be easily created with weird permissions
[bsc#1080288], [CVE-2017-10689]
-------------------------------------------------------------------
Fri Sep 8 12:36:08 UTC 2017 - kstreitova@suse.com
- add puppet-3.8.5-require-hiera-1.2.1.patch to force puppet to use
hiera 1.2.1 when more hiera versions are installed in parallel
[bsc#1046263]
-------------------------------------------------------------------
Thu Jul 13 15:14:08 UTC 2017 - kstreitova@suse.com
- add puppet-3.8.5-CVE-2017-2295.patch to fix a security
vulnerability where an attacker could force YAML deserialization
in an unsafe manner, which would lead to remote code execution.
In default, this update breaks a backwards compatibility with
Puppet agents older than 3.2.2 as the SLE12 master doesn't support
other fact formats than pson in default anymore.
In order to allow users to continue using their SLE12 master/SLE11
agents setup and fix CVE-2017-2295 for the others, a new puppet
master boolean option "dangerous_fact_formats" was added.
When it's set to true it enables using dangerous fact formats
(e.g. YAML). When it's set to false, only PSON fact format is
accepted. [bsc#1040151], [CVE-2017-2295]
-------------------------------------------------------------------
Tue May 16 13:09:19 UTC 2017 - kstreitova@suse.com
- add puppet-3.8.5-non_ASCII_user_comment.patch to fix non-ASCII
user comment with ruby >= 2.1 [bnc#971223]
- replace the greps with %fillup-only macros to update the
sysconfig files properly [bsc#995975]
-------------------------------------------------------------------
Sun Jan 15 21:07:38 UTC 2017 - kstreitova@suse.com
- puppet 3 buildrequires and requires rubygem-hiera-1 now [fate#321116]
-------------------------------------------------------------------
Tue Feb 2 13:46:17 UTC 2016 - kstreitova@suse.com
- update to 3.8.5:
* release notes:
http://docs.puppetlabs.com/puppet/3.8/reference/release_notes.html
http://docs.puppetlabs.com/puppet/3.7/reference/release_notes.html
* [bsc#964437], [fate#319493]
* bug [bsc#951553] is already fixed in puppet 3.7.3
- add 3.8.5-systemd_default_service_provider.patch to make systemd
the default service provider for SLES 12 [bsc#927946]
-------------------------------------------------------------------
Thu Jun 26 09:22:11 UTC 2014 - mrueckert@suse.de
- dont require package names. require rubygem() symbols instead.
(bnc#884509)
-------------------------------------------------------------------
Tue Jun 24 15:05:42 UTC 2014 - mrueckert@suse.de
- also have puppetmasterd.sysconfig in the sources list
-------------------------------------------------------------------
Thu Jun 19 23:35:29 UTC 2014 - mrueckert@suse.de
- use rb_ variables instead of building the paths manually.
-------------------------------------------------------------------
Wed Jun 11 13:06:50 UTC 2014 - darin@darins.net
- Update to 3.6.2
Security Fixes
* CVE-2014-3248
(Arbitrary Code Execution with Required Social Engineering)
* CVE-2014-3253
(Apache 2.4+ does not enforce CRL checks by default)
* [PUP-2635] - user purge_ssh_keys not purged
* [PUP-2639] - Increase environment_timeout default.
* [PUP-2650] - 3.6.1 issues "warning" message for deprecation
* [PUP-2659] - Puppet stops working with error 'Attempted to pop,
but already at root of the context stack.'
* [PUP-2660] - purging ssh_authorized_key fails because of missing user value
* [PUP-2689] - A node can't always collect its own exported resources
* [PUP-2692] - Puppet master passenger processes keep growing
* [PUP-2705] - Regression with external facts pluginsync not preserving
executable bit
-------------------------------------------------------------------
Tue May 27 12:03:10 UTC 2014 - boris@steki.net
- Puppet 3.6.1 is a bug fix release in the Puppet 3.6 series.
It also makes the transaction_uuid more reliably available to extensions.
-------------------------------------------------------------------
Wed May 21 20:30:00 UTC 2014 - darin@darins.net
- Update to 3.6.0
Bug Fixes
* [PUP-530] - Installer for Puppet 3 does not check for hiera
* [PUP-748] - PR (2067): Zypper provider install options - darix
* [PUP-1041] - PR (2385) naginator not parsing blank parameters
* [PUP-1114] - Deprecate environment configuration in puppet.conf
* [PUP-1332] - "puppet resource service" fails on Ubuntu
* [PUP-1547] - PR (2311) Undefined method `groups' for nil:NilClass
* [PUP-1552] - V2.0 API reports Not Authorized as a "RUNTIME_ERROR"
* [PUP-1585] - PR (2342) cron resources with target specified generate
duplicate entries
* [PUP-1586] - PR (2331) Cron Type sanity check for the command parameter
is broken
* [PUP-1624] - PR (2342) Cron handles crontab's equality of target
and user strangely
* [PUP-1749] - Puppet module tool does not work on Solaris
* [PUP-1751] - PR (2383): Suse chkconfig --check boot.<service> always
returns 1 whether the service is enabled/disabled. - m4ce
Improvement
* [PUP-485] - Add assert_type functions for type checks
* [PUP-620] - (PR 2429) Add install_options to gem provider
* [PUP-740] - Validator
* [PUP-1174] - PR (2247) Ability to purge .ssh/authorized_keys
* [PUP-1596] - Make modulepath, manifest, and config_version configurable
per-environment
* [PUP-1699] - Cache environments
* [PUP-1769] - PR (2414) yum provider to support install_options
* [PUP-1799] - New Function API
For a full list of fixes and improvemtnts see:
https://tickets.puppetlabs.com/secure/ReleaseNote.jspa?projectId=10102&version=11200
- removed puppet-3.3.1-systemd-units.patch
-------------------------------------------------------------------
Wed May 21 19:06:40 UTC 2014 - darin@darins.net
- Set proper ownership permission on /var/{lib,log}/puppet
directories.
-------------------------------------------------------------------
Fri Apr 25 12:45:03 UTC 2014 - vdziewiecki@suse.com
-Version update: 3.5.1 is a backward-compatible features and fixes release in the Puppet 3 series. It fixes the problems that 3.5.0 caused with dynamic environments and the yumrepo provider, as well as a couple of smaller bugs.
-------------------------------------------------------------------
Thu Apr 10 07:33:04 CEST 2014 - mhrusecky@suse.cz
- display update message about systemd service rename only when relevant
-------------------------------------------------------------------
Wed Apr 9 15:01:54 CEST 2014 - mhrusecky@suse.cz
- update to puppet 3.5.0, see
* http://docs.puppetlabs.com/puppet/3/reference/release_notes.html
* http://docs.puppetlabs.com/puppet/latest/reference/release_notes.html
- replaced puppet-3.3.1-systemd-units.patch with puppet-3.5.0-systemd-units.patch
* adopted to the latest version
- drooped puppet-2.6.6-yumconf.diff
* doesn't apply anymore and upstream reworked yum module quite extensively
* AFAIK we don't use yum anywhere
- require facter > 1.6.0 as upstream does
-------------------------------------------------------------------
Mon Apr 7 10:57:44 CEST 2014 - mhrusecky@suse.cz
- finish migration to systemd
- drop puppet-3.0.2-client-init-masterport.patch as there is no init
script anymore
- drop useless sysconfig files and provide compatibility %post scripts
- puppet user is needed only for server
- use upstream service names (and warn users)
- little bit polished upstream unit files
* added puppet-3.3.1-systemd-units.patch
* https://github.com/puppetlabs/puppet/pull/2510
-------------------------------------------------------------------
Thu Jan 2 23:46:34 UTC 2014 - ben.kevan@gmail.com
- removed patch puppet-3.0.2-init.patch, and replaced with
puppet-3.0.2-client-init-masterport.patch because the original
caused shutdown of puppet client on a puppetmaster to shutdown
the puppet master.
-------------------------------------------------------------------
Thu Oct 24 14:10:44 UTC 2013 - mrueckert@suse.de
- refreshed puppet-2.6.6-yumconf.diff to make it apply cleanly
-------------------------------------------------------------------
Thu Oct 24 13:54:14 UTC 2013 - mrueckert@suse.de
- add puppetx to filelist
-------------------------------------------------------------------
Thu Oct 24 13:49:00 UTC 2013 - mrueckert@suse.de
- update to 3.3.1
for details see /usr/share/doc/packages/puppet/ChangeLog
-------------------------------------------------------------------
Tue Sep 10 17:31:19 UTC 2013 - darin@darins.net
- more specificity in packaging the extensions
-------------------------------------------------------------------
Fri Sep 6 18:42:39 UTC 2013 - darin@darins.net
- Install puppet extension data from ext/
- vim syntax and emacs-mode
- openldap schema
- rack config.ru and apache2.conf examples
-------------------------------------------------------------------
Mon Sep 2 12:19:32 UTC 2013 - boris@steki.net
- update to upstream version 3.2.4
- Security update to 3.2.x series
- CVE-2013-4761 (resource_type Remote Code Execution Vulnerability)
- CVE-2013-4956 (Puppet Module Permissions Vulnerability)
-------------------------------------------------------------------
Sun Aug 4 10:33:11 UTC 2013 - boris@steki.net
- update to upstream version 3.2.3
- Bugfix and performance release for Puppet 3.2 series
- Bring back helpful error messages like prior to Puppet 3
- tagmail triggers in –onetime mode without changes after
upgrade from 3.1.1 to 3.2.1
- Logging behaviour issues in 3.2.1
This was a regression in 3.2.0/3.2.1
-------------------------------------------------------------------
Thu Jun 20 08:20:47 UTC 2013 - boris@steki.net
- update to upstream version 3.2.2
- Fix for CVE-2013-3567, see bnc#825878
- 3.2.2 is a security fix release of the Puppet 3.2 series.
It has no other bug fixes or new features.
- 3.2.0 (Not released version)
- Experimental "Future" Parser With Iteration
- Ruby 2.0 Support
- OpenWRT OS Support
- External CA Support
- Better Profiling and Debugging of Slow Catalog Compilations
- Splay Fixes for Puppet Agent
- Cron Fixes
- Module Tool Improvements
- Hiera-Related Fixes
- puppet:/// URIs Pointing to Symlinks Work Now
- Puppet Apply Writes Data Files Now
-------------------------------------------------------------------
Wed Mar 20 13:12:31 UTC 2013 - vdziewiecki@suse.com
-Update to 3.1.1
-This fixes a lot of CVEs, see bnc#809839
-------------------------------------------------------------------
Thu Mar 14 11:40:46 UTC 2013 - schuetzm@gmx.net
- The puppet agent unit file needs to take into account the settings
from /etc/sysconfig/puppet.
-------------------------------------------------------------------
Mon Feb 25 07:37:45 UTC 2013 - mlin@suse.com
- Install puppet*.service accordingly (/usr/lib/systemd for 12.3
and up or /lib/systemd for older versions).
-------------------------------------------------------------------
Sat Feb 16 15:59:56 UTC 2013 - aboe76@gmail.com
- Updated to Puppet 3.1.0 which is a feature release for the 3.x series of Puppet:
* Improvements When Loading Ruby Code
* YARD API Documentation
* YAML Node Cache Restored on Master
Other bugfixes and improvements:
* The Solaris package manager now supports the `holdable` feature (aka
"freezing") (#16120)
* `managehome => true` now works on Oracle Enterprise Linux 6 (#18298)
* `create_resources` can now create virtual and exported resources (#15081)
* SRV record improvements for fileserving and certificate service
(#18161, #18162)
-------------------------------------------------------------------
Fri Jan 18 14:34:23 UTC 2013 - vdziewiecki@suse.com
- Modify puppet-3.0.2-init.patch: Don't use lock file and pid file
at all - bnc#714649
- Do not use puppet-3.0.1-arg-err.patch and puppet-3.0.1-init.diff,
since they have been upstreamed already.
-------------------------------------------------------------------
Fri Jan 11 17:07:50 UTC 2013 - aeszter@gwdg.de
- Add puppet-3.0.2-init.patch: fix lock file and pid file names
-------------------------------------------------------------------
Sat Jan 5 03:13:28 UTC 2013 - boris@steki.net
- Updated to latest upstream version 3.0.2
- Bugfix release
* Full list of bugs can be found at:
https://projects.puppetlabs.com/versions/337
Notable bugs:
- Bug #15513: Resource type 'cron' fails with 'target' parameter
- Bug #16178: Boolean false in a variable causes the puppet backend lookup to fail
- Bug #17445: Race condition in logrotate config makes puppet agent crash.
- Bug #17447: Puppet sysv init script faulty
- Bug #17488: Puppet needlessly crashes when run unptivileged even with --noop
-------------------------------------------------------------------
Fri Dec 7 16:05:04 UTC 2012 - aeszter@gwdg.de
- Add puppet-3.0.1-arg-err.patch: fix
http://projects.puppetlabs.com/issues/10963
-------------------------------------------------------------------
Wed Nov 21 15:21:02 UTC 2012 - aeszter@gwdg.de
- do not use /var/lock/subsys for puppetmaster
-------------------------------------------------------------------
Mon Nov 12 13:37:33 UTC 2012 - boris@steki.net
- revert back from ruby-shadow to rubygem-ruby-shadow as required
by openSUSE ruby packaging policies
-------------------------------------------------------------------
Wed Oct 31 20:23:56 UTC 2012 - boris@steki.net
- changed requirement of package back from rubygem-ruby-shadow to
more common named ruby-shadow
-------------------------------------------------------------------
Wed Oct 24 18:03:28 UTC 2012 - aboe76@gmail.com
- Updated requirements for package puppet to include rubygem-ruby-shadow
This is needed to make puppet modules to change passwd file
-------------------------------------------------------------------
Tue Oct 23 21:01:38 UTC 2012 - aboe76@gmail.com
- Updated to 3.0.1
- Updated puppet-3.0.1-init.diff so it functions with client.init from ext/suse/client.init
- Fixed puppet.conf not in /ext/suse/ so got puppet.conf from
ext/redhat/puppet.conf
http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#3.0.1
- Bug #15717: puppet kick returns "Error: Could not find indirection 'run' / testip.example.com finished with exit code 2"
- Bug #16585: Remove dead "ldapnodes" setting
- Bug #16698: external node classifier script is not being called when storedconfigs is on
- bug #16757: user cannot control loading of rubygems
- Bug #16769: Apache "SSLOptions +ExportCertData" causes "header too long" error
- Bug #16801: Puppet 3 debian init script has code using removed --servertype=mongrel option
- Bug #16922: Could not intern from b64_zlib_yaml when fact value ends with a colon
- Bug #17000: Puppet acceptance suite will get caught in a loop if agent fails to terminate for kick test
- Refactor #16643: sample-module has hyphen in name which is only unofficially supported
-------------------------------------------------------------------
Wed Aug 29 09:56:40 UTC 2012 - jatan@suse.de
- Update to 2.7.19
http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.7.19
-------------------------------------------------------------------
Wed Jul 11 13:24:28 UTC 2012 - vdziewiecki@suse.com
-Update to 2.7.18
CVEs fixed:
-bnc#770828 - VUL-0: CVE-2012-3864: puppet: authenticated clients can read arbitrary files via a flaw in puppet master
-bnc#770829 - VUL-0: CVE-2012-3865: puppet: arbitrary file delete / Denial of Service on Puppet Master by authenticated clients
-bnc#770827 - VUL-1: CVE-2012-3866: puppet: last_run_report.yaml left world-readable
-bnc#770833 - VUL-1: CVE-2012-3867: puppet: insufficient input validation for agent certificate names
-------------------------------------------------------------------
Tue Jul 3 19:53:18 UTC 2012 - jatan@suse.de
- update to 2.7.17
* (maint) Add symlink stub to gentoo service provider spec
* Add comment to upstart provider explaining exclusion of
'wait-for-state'
* Upstart code cleanup, init provider improvement
* Add spec test for network-interface-security
* Add basic service resource test to upstart acceptance
* Handle network-interface-security in upstart
* Add exclude list to upstart provider
* (#15027, #15028, #15029) Fix upstart version parsing
* (maint) Add --test to puppet run
-------------------------------------------------------------------
Tue Jul 3 19:02:48 UTC 2012 - jatan@suse.de
- Copy from devel:openSUSE:Factory
-------------------------------------------------------------------
Tue Jun 19 13:28:37 UTC 2012 - boris@steki.net
- update to upstream 2.7.16 version
* Significantly improve compilation performance when using modules
* Add Puppet::Util::Platform to abstract platform checks
* Default autoflushing of log files to true
* Add Module Tool
* bugfix releases for all bugs please read
/usr/share/doc/packages/puppet/CHANGELOG
-------------------------------------------------------------------
Thu Jun 14 22:41:53 UTC 2012 - boris@steki.net
- updated to new upstream 2.7.11 version
* for bugfixes informations please look in
/usr/share/doc/packages/puppet/CHANGELOG
-------------------------------------------------------------------
Wed Jun 13 09:12:06 UTC 2012 - coolo@suse.com
- no need for vendor-specific
-------------------------------------------------------------------
Tue Oct 25 13:56:49 UTC 2011 - vcizek@suse.com
- update to 2.7.6
Security Fixes
CVE-2011-3872 (AltNames vulnerability)
Features and Enhancements
User/group management on Windows
Better file support on Windows
Support plaintext password in Windows
Bug Fixes
Recognize more duplicate resources
Allow multi-line exec resources
Remove unnecessary deprecation warning in puppet resource
Update pluginsync to only load ruby files.
-------------------------------------------------------------------
Thu Sep 29 11:32:59 UTC 2011 - vcizek@suse.com
- update to 2.7.4
- enhancement + security release:
fixed CVE-2011-3848
(Resist directory traversal attacks through indirections)
GigabitEthernet/TenGigabitEthernet are uncorrectly parsed
Don’t rely on error message to detect UAC capable platform
Allow cron vars to have leading whitespace
-------------------------------------------------------------------
Thu Jun 23 08:26:59 UTC 2011 - vcizek@novell.com
- update to 2.7.1
- a major feature release:
Ruby 1.9 Support
Deterministic Catalog Application
Puppet Faces - a new API for creating new Puppet subcommands
Manage Network Devices
Dependency cycle reporting produces graph of the cycle
- license changed to Apache-2.0
- see http://docs.puppetlabs.com/guides/faq#change-to-apache-license
-------------------------------------------------------------------
Thu May 19 09:35:38 UTC 2011 - vcizek@novell.com
- using correct port for puppet in the firewall rules (bnc#694825)
-------------------------------------------------------------------
Tue Apr 5 13:38:04 UTC 2011 - vcizek@novell.com
- fix logging setting (bnc#683441)
-------------------------------------------------------------------
Mon Mar 14 09:39:35 UTC 2011 - vcizek@novell.com
- update to 2.6.6
* fixed many bugs
* licence has changed to GPLv2 (was GPLv2+)
* some of the new features:
- Manifests can now specify arbitrary data for file contents
- Managed resource attributes can now be audited
- Parameterised class support in external node classifiers
- New puppet inspect application
-------------------------------------------------------------------
Fri Jan 28 11:55:57 UTC 2011 - vcizek@novell.com
- update to 2.6.4
* bugfixes: bnc#667867
Ship auth.conf as part of installing from source
-------------------------------------------------------------------
Tue Oct 5 16:26:21 CEST 2010 - anicka@suse.cz
- update to 2.6.1
* bugfixes, manpage fixes
-------------------------------------------------------------------
Thu Aug 19 15:16:13 CEST 2010 - anicka@suse.cz
- update to 2.6.0
* major release with many new configuration options and new
language features
-------------------------------------------------------------------
Mon Aug 16 16:46:36 CEST 2010 - anicka@suse.cz
- respect sysconfig settings (bnc#620808)
-------------------------------------------------------------------
Tue Jul 20 17:44:46 CEST 2010 - anicka@suse.cz
- create puppet user not only for server package (bnc#623884)
-------------------------------------------------------------------
Tue Mar 2 17:30:47 CET 2010 - anicka@suse.cz
- update to 0.25.4
* bugfixes
- create user puppet (fixes bnc#576453)
-------------------------------------------------------------------
Wed Apr 15 15:42:41 CEST 2009 - mantel@suse.de
- update to 0.24.8
-------------------------------------------------------------------
Mon Apr 6 15:32:43 CEST 2009 - mantel@suse.de
- add zypper.rb plugin by Leo Eraly
-------------------------------------------------------------------
Mon Feb 9 16:49:36 CET 2009 - anicka@suse.cz
- update to 2.4.7
* Deprecate the NetInfo nameservice provider. Use directoryservice
instead
* Add macauthorization type
* Refactoring the thread-safety in Puppet::Util
* Removing the included testing gems; you must now install them
yourself
* Refactoring of SELinux functions to use native Ruby SELinux
interface
* Removing all mention of EPM, RPM, or Sun packages.
* Replaced SELInux calls to binaries with Ruby SELinux bindings
* Adding support to the user type for: profiles, auths, project,
key/value pairs (extension to Solaris RBAC support added in
0.24.6)
* Added a number of confines to package providers
* lots of bugfixes
- add sysconfig, firewall definitions, package
init scripts (bnc#465778)
-------------------------------------------------------------------
Tue Sep 9 17:42:21 CEST 2008 - anicka@suse.cz
- update to 0.24.5
* You can now select the encoding format when transferring
the catalog, with 'yaml' still being the default but 'marshal'
being an option.
* Removed support for the 'node_name' setting in LDAP and external
node lookups.
* Also removed support for 'default' nodes in external nodes.
* Exporting or collecting resources no longer raises an exception
when no storeconfigs is enabled, it just produces a warning.
* Always using the cert name to store yaml files
* Added support for the --all option to puppetca --clean. If
puppetca --clean --all is issued then all client certificates
are removed.
* Resources now return the 'should' value for properties from
the [] accessor method (they previously threw an exception when
this method was used with properties).
* Modified the 'master' handler to use the Catalog class to
compile node configurations, rather than using the Configuration
handler, which was never used directly.
* Modified the 'master' handler (responsible for sending
configurations to clients) to always return Time.now as its
compile date, so configurations will always get recompiled.
* Saving new facts now expires any cached node information.
* Switching how caching is handled, so that objects now all
have an expiration date associated with them. This makes it
much easier to know whether a given cached object should be used
or if it should be regenerated.
* Changing the default environment to production.
- fix installation script (man8 permissions)
-------------------------------------------------------------------
Mon Sep 1 14:06:07 CEST 2008 - anicka@suse.cz
- package created (version 0.24.4)
