Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Evergreen:11.1:Test
puppet
puppet-0.25.4-CVE-2011-3872.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File puppet-0.25.4-CVE-2011-3872.patch of Package puppet
--- puppet-0.25.4.orig/lib/puppet/defaults.rb +++ puppet-0.25.4/lib/puppet/defaults.rb @@ -222,9 +222,21 @@ to the fully qualified domain name.", :call_on_define => true, # Call our hook with the default value, so we're always downcased :hook => proc { |value| raise(ArgumentError, "Certificate names must be lower case; see #1168") unless value == value.downcase }}, - :certdnsnames => ['', "The DNS names on the Server certificate as a colon-separated list. - If it's anything other than an empty string, it will be used as an alias in the created - certificate. By default, only the server gets an alias set up, and only for 'puppet'."], + :certdnsnames => {:default => '', + :desc => "The DNS names on the Server certificate as a + colon-separated list. If it's anything other than an empty string, + it will be used as an alias in the created certificate. By + default, only the server gets an alias set up, and only for + 'puppet'.", + :hook => proc { |value| + msg = <<WARN +The `certdnsnames` setting is no longer functional, after CVE-2011-3872. We +ignore the value completely. See http://puppetlabs.com/security/cve/3872 for +more information" +WARN + puts msg if value and value != '' + } + }, :certdir => { :default => "$ssldir/certs", :owner => "service", --- puppet-0.25.4.orig/lib/puppet/sslcertificates.rb +++ puppet-0.25.4/lib/puppet/sslcertificates.rb @@ -57,16 +57,7 @@ key_usage = %w{cRLSign keyCertSign} when :server basic_constraint = "CA:FALSE" - dnsnames = Puppet[:certdnsnames] name = hash[:name].to_s.sub(%r{/CN=},'') - if dnsnames != "" - dnsnames.split(':').each { |d| subject_alt_name << 'DNS:' + d } - subject_alt_name << 'DNS:' + name # Add the fqdn as an alias - elsif name == Facter.value(:fqdn) # we're a CA server, and thus probably the server - subject_alt_name << 'DNS:' + "puppet" # Add 'puppet' as an alias - subject_alt_name << 'DNS:' + name # Add the fqdn as an alias - subject_alt_name << 'DNS:' + name.sub(/^[^.]+./, "puppet.") # add puppet.domain as an alias - end key_usage = %w{digitalSignature keyEncipherment} ext_key_usage = %w{serverAuth clientAuth emailProtection} when :ocsp
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor