Ubuntu
puppet package

[FFe] Update to puppet-2.7.3

Bug #854899 reported by Marc Cluet
14
This bug affects 2 people
Affects Status Importance Assigned to Milestone
puppet (Ubuntu)
Invalid
Medium
Dave Walker

Bug Description

We need to update puppet to 2.7.3 version, there's several critical bugs that has been solved between versions.

REASONS FOR FFE

1. This package has been in Debian Unstable for over 2 months
2. This package has been in Debian testing for over 3 weeks (2011-08-26)
   [2011-08-26] puppet 2.7.3-1 MIGRATED to testing (Britney)
3. I'm right now at Puppetconf, upstream puppet developers have stressed the urgency for 2.7.3 to be in Oneiric
4. This package solves several critical bugs that can affect the user experience in Ubuntu
   The release notes are here https://projects.puppetlabs.com/projects/puppet/wiki/Release_Notes#2.7.3
   Most critical bugs are:
   (#8596) Detect resource alias conflicts when titles do not match
   1d4acb5 maint: Suggest where to start troubleshooting SSL error message
   c830ab0 (#6789) Port SSL::CertificateAuthority::Interface to a Face
   cc311ad maint: SSL::Inventory.serial should report missing names.
   (#4142) Fix module check not to fail when empty metadata.json
   (#6857) Password disclosure when changing a user's password ***security***

   These were all fixes from the 2.6.9 branch merged into 2.7.3 (and did
   not get into 2.7.1 due to a code freeze on the 2.7.x branch)
   90eb937 (#7139) Accept '/' as a valid path in filesets
   99330fa (#7224) Reword 'hostname was not match' error message
   1d867b0 (#7224) Add a helper to Puppet::SSL::Certificate to retrieve
   alternate names
   98ba407 (#7127) Stop puppet if a prerun command fails
   caca469 (#4416) Ensure types are providified after reloading
   413b136 (#4416) Always remove old provider before recreating it
   3f0dbb5 (#650) Allow symlinks for configuration directories
   1c70f0c (#2128) Add support for setting node name based on a fact
   c629958 (#2128) Get facts before retrieving catalog

- Package added to PPA branch https://launchpad.net/~lynxman/+archive/ppa/+packages

Related branches

lp:~lynxman/ubuntu/oneiric/puppet/lp_854899
Marc Deslauriers: Disapprove
Ubuntu branches: Pending requested
Diff: 108 lines (+37/-18)
4 files modified
debian/changelog (+18/-0)
debian/patches/debian-changes (+8/-18)
debian/patches/fix_logcheck (+10/-0)
debian/patches/series (+1/-0)
Revision history for this message
Marc Cluet (lynxman) wrote :

bzr branch at lp:~lynxman/ubuntu/oneiric/puppet/lp_854899
merge request at https://code.launchpad.net/~lynxman/ubuntu/oneiric/puppet/lp_854899/+merge/76267

Revision history for this message
Dave Walker (davewalker) wrote :

Main package, bumping from 2.7.1 to 2.7.3. The upstream changelog is pretty vast, and it's not clear to me that they are all bug fixes. Please could you provide some further analysis and expand on the reasoning for upstream wanting this included?

This also requires some testing before it can be approved.

Thanks.

Revision history for this message
Marc Cluet (lynxman) wrote :

Upstream reasoning for this update:

2.7.1 is the first bug fix iteration from the 2.7.x branch, this doesn't include all the security fixes that happened in 2.6.x after the branch freeze for 2.7.x. They strongly believe that 2.7.3 is a stable release whereas 2.7.1 is an early release in the branch and hence not desired for long term production environments, which would happen if it was included in Oneiric.

Revision history for this message
Marc Cluet (lynxman) wrote :

About tests:

I've ran all the unit tests on a clean up to date Oneric install, they all pass satisfactory and the ones that don't have been verified by upstream as "need to upgrade our rake spec" so they don't deem those failures or errors as important.

Full test at http://paste.ubuntu.com/693958/

Revision history for this message
Marc Cluet (lynxman) wrote :

Further justification from upstream for upgrade to 2.7.3:

Upstream considers 2.7.1 as an _early_ release and as such it is buggy, there's two very important bugs (#6789 and #6857) that is CRITICAL and as such upstream wouldn't want it to be in any stable release.

Also as further kudos for 2.7.3 upstream is strongly considering this version for the next release of Puppet Enterprise.

Dave Walker (davewalker)
Changed in puppet (Ubuntu):
assignee: nobody → Dave Walker (davewalker)
summary: - Update to puppet-2.7.3
+ [FFe] Update to puppet-2.7.3
Changed in puppet (Ubuntu):
importance: Undecided → Medium
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

This should be updated to 2.7.4 or to include the patch in http://www.ubuntu.com/usn/usn-1217-1/.

Revision history for this message
Jamie Strandboge (jdstrand) wrote :

This should be updated to 2.7.5 or to include the patches in http://www.ubuntu.com/usn/usn-1223-1/.

Revision history for this message
Scott Kitterman (kitterman) wrote : Re: [Bug 854899] Re: [FFe] Update to puppet-2.7.3

There's a puppet in queue for accept before final freeze. Can the security
fixes be added to it? How invasive are the non-security parts of the new
upstream release?

Revision history for this message
Marc Cluet (lynxman) wrote :

Pushed new updated 2.7.3 version to the branch with all CVE patches applied.

Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in puppet (Ubuntu):
status: New → Confirmed
Revision history for this message
Chuck Short (zulcss) wrote :

This wont happen in Oneiric, puppet will probably have 2.7.5 in oneiric.

Changed in puppet (Ubuntu):
status: Confirmed → Invalid
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.