lp:ubuntu/maverick-updates/puppet
- Get this branch:
- bzr branch lp:ubuntu/maverick-updates/puppet
Branch merges
Branch information
Recent revisions
- 47. By Jamie Strandboge
-
* SECURITY UPDATE: correctly drop group privileges
- debian/patches/ CVE-2012- 1053_CVE- 2012-1054. patch
- CVE-2012-1053
* SECURITY UPDATE: properly handle symlinks with Klogin
- debian/patches/ CVE-2012- 1053_CVE- 2012-1054. patch
- CVE-2012-1054 - 46. By Jamie Strandboge
-
* SECURITY UPDATE: fix access to remote resource when auth.conf is
missing
- debian/patches/ CVE-2011- 0528.patch: Disable remote ralsh by default
- CVE-2011-0528 - 45. By Marc Deslauriers
-
* SECURITY UPDATE: puppet master impersonation via incorrect certificates
- debian/patches/ CVE-2011- 3872.patch: refactor certificate handling.
- Thanks to upstream for providing the patch.
- CVE-2011-3872 - 44. By Jamie Strandboge
-
* SECURITY UPDATE: k5login can overwrite arbitrary files as root
- debian/patches/ CVE-2011- 3869.patch: adjust type/k5login.rb to securely
open the file before writing to it as root
- CVE-2011-3869
* SECURITY UPDATE: didn't drop privileges before creating and changing
permissions on SSH keys
- debian/patches/ CVE-2011- 3870.patch: adjust ssh_authorized_ key/parsed. rb
to drop privileges before creating the ssh directory and setting
permissions
- CVE-2011-3870
* SECURITY UPDATE: fix predictable temporary filename in ralsh
- debian/patches/ CVE-2011- 3871.patch: adjust application/ resource. rb to
use an unpredictable filename
- CVE-2011-3871
* SECURITY UPDATE: file indirector injection, similar to CVE-2011-3848
- secure-indirector- file-backed- terminus- base-cla. patch: Since the
indirector file backed terminus base class is only used by the test
suite, remove it and update test cases to use a continuing class. - 43. By Jamie Strandboge
-
* SECURITY UPDATE: unauthenticated directory traversal allows writing of
arbitrary files as puppet master
- debian/patches/ CVE-2011- 3848.patch: update lib/puppet/ indirector. rb,
lib/puppet/ indirector/ ssl_file. rb, lib/puppet/ indirector/ yaml.rb,
spec/unit/indirector /ssl_file. rb and spec/unit/ indirector/ yaml.rb to
perform proper input validation.
- CVE-2011-3848
- LP: #861182 - 42. By Mathias Gug
-
debian/
puppetmaster- passenger. postinst: Use cacrl instead of hostcrl to
set the location of the CRL in apache2 configuration. Fix apache2
configuration on upgrade as well (LP: #641001). - 41. By Mathias Gug
-
[ Stig Sandbeck Mathisen ]
* Add dependency on "facter" for "puppet-common"
* Make sure the "puppet-common" package can be purged even when not fully
installed (Closes: #596163)[ Mathias Gug ]
* New upstream version. - 40. By Mathias Gug
-
[ Mathias Gug ]
* New upstream version:
- Fix "Puppet standalone broken" (Closes: #594575)
* test/lib/puppettest/ fakes.rb: Fix puppettest to use puppet system
library.[ Stig Sandbeck Mathisen ]
* Fix "require" path for puppet queue. - 39. By Stig Sandbeck Mathisen
-
[ Mathias Gug ]
* New upstream version:
- fix config.ru file to run puppetmaster as a rack application.
(Closes: #593557)
* Fix test suite to run from a package install rather then from the source
directory:
+ Rakefile: use system puppet.rb file to detect version.
+ spec/unit/application/ apply_spec. rb: Fix test suite to use puppet
system library.
+ spec/spec_helper. rb: disable gem.
* Fix init service provider to correctly check the status of services
using upstart jobs (Closes: #584481, LP: #551544).
* etckeeper integration (Closes: #571127)
[server-lucid-puppet- etckeeper- integration] :
+ debian/etckeeper- commit- post, debian/ etckeeper- commit- pre:
Call "etckeeper commit" before and after catalog runs.
Silently bail out if etckeeper is not available.
+ debian/puppet.conf: Call out to the etckeeper hooks using
the prerun_command and postrun_command hooks.
+ debian/rules: Install the etckeeper hook scripts in /etc/puppet.
+ debian/README. Debian: add note about etckeeper integration.
+ debian/control: the puppet package suggests etckeeper.
* Create puppetmaster-passenger package to automatically setup the
puppetmaster to be run under mod passenger and apache2:
- create new puppetmaster-common package to share files between
puppetmaster (ie webrick) and puppetmaster-passenger.
- move puppetqd to puppetmaster-common.
- debian/puppet.conf: enable ssl options so that the default configuration
works out of the box under passenger.
* debian/puppet- common. postinst: set permissions and ownership of puppet log
directory.
* Move puppetmaster's Recommends to Suggests.[ Stig Sandbeck Mathisen ]
* Recommend lsb-release (Closes: #593606)
* Recommend debconf-utils (Closes: #593780)
* ext/puppetlast: removed from upstream
* Cherry-pick updated man pages from upstream - 38. By Mathias Gug
-
[ Mathias Gug ]
* New upstream version:
- fix config.ru file to run puppetmaster as a rack application.
(Closes: #593557)
* debian/puppet- common. postinst: set permissions and ownership of puppet log
directory.
* debian/control:
+ Don't suggest passenger and rack for puppetmaster since
puppetmaster-passenger is available now.
* debian/puppetmaster- passenger. postinst:
+ only generate puppet CA files if there isn't any ssl file already in
place.
+ use local ssl options rather than ca ssl options to generate apache2
configuration.
+ restart rather than reload apache2 during postinst as reload breaks ssl.
* debian/rules:
+ don't install rack helper directories since they're already listed in
the dirs file.
* Merge from Debian git repository. Remaining changes:
- debian/control: Move puppetmaster's Recommends to Suggests.[ Stig Sandbeck Mathisen ]
* Recommend lsb-release (Closes: #593606)
* Recommend debconf-utils (Closes: #593780)
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:ubuntu/oneiric/puppet