File puppet.changes of Package puppet.14603

Overview Repositories Revisions Requests Users Attributes Meta

File puppet.changes of Package puppet.14603

-------------------------------------------------------------------
Mon Mar 30 16:20:38 UTC 2020 - Kristyna Streitova <kstreitova@suse.com>

- add puppet-3.8.5-CVE-2020-7942.patch that adds a deprecation
  warning for 'strict_hostname_checking = false' variable. While
  set to false it causes arbitrary catalog retrieval so users
  should change it to true and adjust their environment accordingly.
  [bsc#1167645], [CVE-2020-7942]

-------------------------------------------------------------------
Tue Feb 13 14:01:40 UTC 2018 - kstreitova@suse.com

- add puppet-3.8.5-CVE-2017-10689.patch to reset permissions when 
  unpacking tar in PMT. When using minitar, files are unpacked with
  whatever permissions are in the tarball. This is potentially
  unsafe, as tarballs can be easily created with weird permissions
  [bsc#1080288], [CVE-2017-10689]

-------------------------------------------------------------------
Fri Sep  8 12:36:08 UTC 2017 - kstreitova@suse.com

- add puppet-3.8.5-require-hiera-1.2.1.patch to force puppet to use
  hiera 1.2.1 when more hiera versions are installed in parallel
  [bsc#1046263]

-------------------------------------------------------------------
Thu Jul 13 15:14:08 UTC 2017 - kstreitova@suse.com

- add puppet-3.8.5-CVE-2017-2295.patch to fix a security
  vulnerability where an attacker could force YAML deserialization
  in an unsafe manner, which would lead to remote code execution.
  In default, this update breaks a backwards compatibility with 
  Puppet agents older than 3.2.2 as the SLE12 master doesn't support
  other fact formats than pson in default anymore.
  In order to allow users to continue using their SLE12 master/SLE11
  agents setup and fix CVE-2017-2295 for the others, a new puppet
  master boolean option "dangerous_fact_formats" was added.
  When it's set to true it enables using dangerous fact formats
  (e.g. YAML). When it's set to false, only PSON fact format is
  accepted. [bsc#1040151], [CVE-2017-2295]

-------------------------------------------------------------------
Tue May 16 13:09:19 UTC 2017 - kstreitova@suse.com

- add puppet-3.8.5-non_ASCII_user_comment.patch to fix non-ASCII
  user comment with ruby >= 2.1 [bnc#971223]
- replace the greps with %fillup-only macros to update the
  sysconfig files properly [bsc#995975]

-------------------------------------------------------------------
Sun Jan 15 21:07:38 UTC 2017 - kstreitova@suse.com

- puppet 3 buildrequires and requires rubygem-hiera-1 now [fate#321116]

-------------------------------------------------------------------
Tue Feb  2 13:46:17 UTC 2016 - kstreitova@suse.com

- update to 3.8.5:
  * release notes:
    http://docs.puppetlabs.com/puppet/3.8/reference/release_notes.html
    http://docs.puppetlabs.com/puppet/3.7/reference/release_notes.html
  * [bsc#964437], [fate#319493]
  * bug [bsc#951553] is already fixed in puppet 3.7.3
- add 3.8.5-systemd_default_service_provider.patch to make systemd 
  the default service provider for SLES 12 [bsc#927946]

-------------------------------------------------------------------
Thu Jun 26 09:22:11 UTC 2014 - mrueckert@suse.de

- dont require package names. require rubygem() symbols instead.
  (bnc#884509)

-------------------------------------------------------------------
Tue Jun 24 15:05:42 UTC 2014 - mrueckert@suse.de

- also have puppetmasterd.sysconfig in the sources list

-------------------------------------------------------------------
Thu Jun 19 23:35:29 UTC 2014 - mrueckert@suse.de

- use rb_ variables instead of building the paths manually.

-------------------------------------------------------------------
Wed Jun 11 13:06:50 UTC 2014 - darin@darins.net

- Update to 3.6.2
  Security Fixes
  * CVE-2014-3248
    (Arbitrary Code Execution with Required Social Engineering)
  * CVE-2014-3253
    (Apache 2.4+ does not enforce CRL checks by default)
  * [PUP-2635] - user purge_ssh_keys not purged
  * [PUP-2639] - Increase environment_timeout default.
  * [PUP-2650] - 3.6.1 issues "warning" message for deprecation
  * [PUP-2659] - Puppet stops working with error 'Attempted to pop,
     but already at root of the context stack.'
  * [PUP-2660] - purging ssh_authorized_key fails because of missing user value
  * [PUP-2689] - A node can't always collect its own exported resources
  * [PUP-2692] - Puppet master passenger processes keep growing
  * [PUP-2705] - Regression with external facts pluginsync not preserving
     executable bit

-------------------------------------------------------------------
Tue May 27 12:03:10 UTC 2014 - boris@steki.net

- Puppet 3.6.1 is a bug fix release in the Puppet 3.6 series.
  It also makes the transaction_uuid more reliably available to extensions.

-------------------------------------------------------------------
Wed May 21 20:30:00 UTC 2014 - darin@darins.net

- Update to 3.6.0
  Bug Fixes
  * [PUP-530] - Installer for Puppet 3 does not check for hiera
  * [PUP-748] - PR (2067): Zypper provider install options - darix
  * [PUP-1041] - PR (2385) naginator not parsing blank parameters
  * [PUP-1114] - Deprecate environment configuration in puppet.conf
  * [PUP-1332] - "puppet resource service" fails on Ubuntu
  * [PUP-1547] - PR (2311) Undefined method `groups' for nil:NilClass
  * [PUP-1552] - V2.0 API reports Not Authorized as a "RUNTIME_ERROR"
  * [PUP-1585] - PR (2342) cron resources with target specified generate
    duplicate entries
  * [PUP-1586] - PR (2331) Cron Type sanity check for the command parameter
     is broken
  * [PUP-1624] - PR (2342) Cron handles crontab's equality of target
    and user strangely
  * [PUP-1749] - Puppet module tool does not work on Solaris
  * [PUP-1751] - PR (2383): Suse chkconfig --check boot.<service> always
    returns 1 whether the service is enabled/disabled. - m4ce

Improvement
  * [PUP-485] - Add assert_type functions for type checks
  * [PUP-620] - (PR 2429) Add install_options to gem provider
  * [PUP-740] - Validator
  * [PUP-1174] - PR (2247) Ability to purge .ssh/authorized_keys
  * [PUP-1596] - Make modulepath, manifest, and config_version configurable
    per-environment
  * [PUP-1699] - Cache environments
  * [PUP-1769] - PR (2414) yum provider to support install_options
  * [PUP-1799] - New Function API

For a full list of fixes and improvemtnts see:
  https://tickets.puppetlabs.com/secure/ReleaseNote.jspa?projectId=10102&version=11200
- removed puppet-3.3.1-systemd-units.patch

-------------------------------------------------------------------
Wed May 21 19:06:40 UTC 2014 - darin@darins.net

- Set proper ownership permission on /var/{lib,log}/puppet
  directories.

-------------------------------------------------------------------
Fri Apr 25 12:45:03 UTC 2014 - vdziewiecki@suse.com

-Version update: 3.5.1 is a backward-compatible features and fixes release in the Puppet 3 series. It fixes the problems that 3.5.0 caused with dynamic environments and the yumrepo provider, as well as a couple of smaller bugs.

-------------------------------------------------------------------
Thu Apr 10 07:33:04 CEST 2014 - mhrusecky@suse.cz

- display update message about systemd service rename only when relevant

-------------------------------------------------------------------
Wed Apr  9 15:01:54 CEST 2014 - mhrusecky@suse.cz

- update to puppet 3.5.0, see
  * http://docs.puppetlabs.com/puppet/3/reference/release_notes.html
  * http://docs.puppetlabs.com/puppet/latest/reference/release_notes.html
- replaced puppet-3.3.1-systemd-units.patch with puppet-3.5.0-systemd-units.patch
  * adopted to the latest version
- drooped puppet-2.6.6-yumconf.diff
  * doesn't apply anymore and upstream reworked yum module quite extensively
  * AFAIK we don't use yum anywhere
- require facter > 1.6.0 as upstream does

-------------------------------------------------------------------
Mon Apr  7 10:57:44 CEST 2014 - mhrusecky@suse.cz

- finish migration to systemd
- drop puppet-3.0.2-client-init-masterport.patch as there is no init
  script anymore
- drop useless sysconfig files and provide compatibility %post scripts
- puppet user is needed only for server
- use upstream service names (and warn users)
- little bit polished upstream unit files
  * added puppet-3.3.1-systemd-units.patch
  * https://github.com/puppetlabs/puppet/pull/2510

-------------------------------------------------------------------
Thu Jan  2 23:46:34 UTC 2014 - ben.kevan@gmail.com

- removed patch puppet-3.0.2-init.patch, and replaced with 
  puppet-3.0.2-client-init-masterport.patch because the original
  caused shutdown of puppet client on a puppetmaster to shutdown
  the puppet master.

-------------------------------------------------------------------
Thu Oct 24 14:10:44 UTC 2013 - mrueckert@suse.de

- refreshed puppet-2.6.6-yumconf.diff to make it apply cleanly

-------------------------------------------------------------------
Thu Oct 24 13:54:14 UTC 2013 - mrueckert@suse.de

- add puppetx to filelist

-------------------------------------------------------------------
Thu Oct 24 13:49:00 UTC 2013 - mrueckert@suse.de

- update to 3.3.1
  for details see /usr/share/doc/packages/puppet/ChangeLog

-------------------------------------------------------------------
Tue Sep 10 17:31:19 UTC 2013 - darin@darins.net

- more specificity in packaging the extensions

-------------------------------------------------------------------
Fri Sep  6 18:42:39 UTC 2013 - darin@darins.net

- Install puppet extension data from ext/
  - vim syntax and emacs-mode
  - openldap schema
  - rack config.ru and apache2.conf examples

-------------------------------------------------------------------
Mon Sep  2 12:19:32 UTC 2013 - boris@steki.net

- update to upstream version 3.2.4
- Security update to 3.2.x series
  - CVE-2013-4761 (resource_type Remote Code Execution Vulnerability)
  - CVE-2013-4956 (Puppet Module Permissions Vulnerability)

-------------------------------------------------------------------
Sun Aug  4 10:33:11 UTC 2013 - boris@steki.net

- update to upstream version 3.2.3
- Bugfix and performance release for Puppet 3.2 series
  - Bring back helpful error messages like prior to Puppet 3
  - tagmail triggers in –onetime mode without changes after
    upgrade from 3.1.1 to 3.2.1
  - Logging behaviour issues in 3.2.1
    This was a regression in 3.2.0/3.2.1

-------------------------------------------------------------------
Thu Jun 20 08:20:47 UTC 2013 - boris@steki.net

- update to upstream version 3.2.2
- Fix for CVE-2013-3567, see bnc#825878
- 3.2.2 is a security fix release of the Puppet 3.2 series. 
  It has no other bug fixes or new features.
- 3.2.0 (Not released version)
  - Experimental "Future" Parser With Iteration
  - Ruby 2.0 Support
  - OpenWRT OS Support
  - External CA Support
  - Better Profiling and Debugging of Slow Catalog Compilations
  - Splay Fixes for Puppet Agent
  - Cron Fixes
  - Module Tool Improvements
  - Hiera-Related Fixes
  - puppet:/// URIs Pointing to Symlinks Work Now
  - Puppet Apply Writes Data Files Now

-------------------------------------------------------------------
Wed Mar 20 13:12:31 UTC 2013 - vdziewiecki@suse.com

-Update to 3.1.1
-This fixes a lot of CVEs, see bnc#809839

-------------------------------------------------------------------
Thu Mar 14 11:40:46 UTC 2013 - schuetzm@gmx.net

- The puppet agent unit file needs to take into account the settings
  from /etc/sysconfig/puppet.

-------------------------------------------------------------------
Mon Feb 25 07:37:45 UTC 2013 - mlin@suse.com

- Install puppet*.service accordingly (/usr/lib/systemd for 12.3
  and up or /lib/systemd for older versions).

-------------------------------------------------------------------
Sat Feb 16 15:59:56 UTC 2013 - aboe76@gmail.com

- Updated to Puppet 3.1.0 which is a feature release for the 3.x series of Puppet:
* Improvements When Loading Ruby Code 
* YARD API Documentation 
* YAML Node Cache Restored on Master
Other bugfixes and improvements:
* The Solaris package manager now supports the `holdable` feature (aka
"freezing") (#16120)
* `managehome => true` now works on Oracle Enterprise Linux 6 (#18298)
* `create_resources` can now create virtual and exported resources (#15081)
* SRV record improvements for fileserving and certificate service
(#18161, #18162)

-------------------------------------------------------------------
Fri Jan 18 14:34:23 UTC 2013 - vdziewiecki@suse.com

- Modify puppet-3.0.2-init.patch: Don't use lock file and pid file
at all - bnc#714649
- Do not use puppet-3.0.1-arg-err.patch and puppet-3.0.1-init.diff,
since they have been upstreamed already. 
-------------------------------------------------------------------
Fri Jan 11 17:07:50 UTC 2013 - aeszter@gwdg.de

- Add puppet-3.0.2-init.patch: fix lock file and pid file names

-------------------------------------------------------------------
Sat Jan  5 03:13:28 UTC 2013 - boris@steki.net

- Updated to latest upstream version 3.0.2
- Bugfix release
* Full list of bugs can be found at:
  https://projects.puppetlabs.com/versions/337
Notable bugs:
- Bug #15513: Resource type 'cron' fails with 'target' parameter
- Bug #16178: Boolean false in a variable causes the puppet backend lookup to fail
- Bug #17445: Race condition in logrotate config makes puppet agent crash.
- Bug #17447: Puppet sysv init script faulty
- Bug #17488: Puppet needlessly crashes when run unptivileged even with --noop

-------------------------------------------------------------------
Fri Dec  7 16:05:04 UTC 2012 - aeszter@gwdg.de

- Add puppet-3.0.1-arg-err.patch: fix
  http://projects.puppetlabs.com/issues/10963

-------------------------------------------------------------------
Wed Nov 21 15:21:02 UTC 2012 - aeszter@gwdg.de

- do not use /var/lock/subsys for puppetmaster

-------------------------------------------------------------------
Mon Nov 12 13:37:33 UTC 2012 - boris@steki.net

- revert back from ruby-shadow to rubygem-ruby-shadow as required
  by openSUSE ruby packaging policies

-------------------------------------------------------------------
Wed Oct 31 20:23:56 UTC 2012 - boris@steki.net

- changed requirement of package back from rubygem-ruby-shadow to
  more common named ruby-shadow

-------------------------------------------------------------------
Wed Oct 24 18:03:28 UTC 2012 - aboe76@gmail.com

- Updated requirements for package puppet to include rubygem-ruby-shadow
  This is needed to make puppet modules to change passwd file

-------------------------------------------------------------------
Tue Oct 23 21:01:38 UTC 2012 - aboe76@gmail.com

- Updated to 3.0.1
- Updated puppet-3.0.1-init.diff so it functions with client.init from ext/suse/client.init
- Fixed puppet.conf not in /ext/suse/ so got puppet.conf from
  ext/redhat/puppet.conf

http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#3.0.1
  - Bug #15717: puppet kick returns "Error: Could not find indirection 'run' / testip.example.com finished with exit code 2"
  - Bug #16585: Remove dead "ldapnodes" setting
  - Bug #16698: external node classifier script is not being called when storedconfigs is on
  - bug #16757: user cannot control loading of rubygems
  - Bug #16769: Apache "SSLOptions +ExportCertData" causes "header too long" error
  - Bug #16801: Puppet 3 debian init script has code using removed --servertype=mongrel option
  - Bug #16922: Could not intern from b64_zlib_yaml when fact value ends with a colon
  - Bug #17000: Puppet acceptance suite will get caught in a loop if agent fails to terminate for kick test
  - Refactor #16643: sample-module has hyphen in name which is only unofficially supported

-------------------------------------------------------------------
Wed Aug 29 09:56:40 UTC 2012 - jatan@suse.de

- Update to 2.7.19

http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.7.19

-------------------------------------------------------------------
Wed Jul 11 13:24:28 UTC 2012 - vdziewiecki@suse.com

-Update to 2.7.18
CVEs fixed:
-bnc#770828 - VUL-0: CVE-2012-3864: puppet: authenticated clients can read arbitrary files via a flaw in puppet master
-bnc#770829 - VUL-0: CVE-2012-3865: puppet: arbitrary file delete / Denial of Service on Puppet Master by authenticated clients
-bnc#770827 - VUL-1: CVE-2012-3866: puppet: last_run_report.yaml left world-readable
-bnc#770833 - VUL-1: CVE-2012-3867: puppet: insufficient input validation for agent certificate names

-------------------------------------------------------------------
Tue Jul  3 19:53:18 UTC 2012 - jatan@suse.de

- update to 2.7.17
  * (maint) Add symlink stub to gentoo service provider spec
  * Add comment to upstart provider explaining exclusion of
    'wait-for-state'
  * Upstart code cleanup, init provider improvement
  * Add spec test for network-interface-security
  * Add basic service resource test to upstart acceptance
  * Handle network-interface-security in upstart
  * Add exclude list to upstart provider
  * (#15027, #15028, #15029) Fix upstart version parsing
  * (maint) Add --test to puppet run

-------------------------------------------------------------------
Tue Jul  3 19:02:48 UTC 2012 - jatan@suse.de

- Copy from devel:openSUSE:Factory

-------------------------------------------------------------------
Tue Jun 19 13:28:37 UTC 2012 - boris@steki.net

- update to upstream 2.7.16 version
  * Significantly improve compilation performance when using modules
  * Add Puppet::Util::Platform to abstract platform checks
  * Default autoflushing of log files to true
  * Add Module Tool
  * bugfix releases for all bugs please read
    /usr/share/doc/packages/puppet/CHANGELOG

-------------------------------------------------------------------
Thu Jun 14 22:41:53 UTC 2012 - boris@steki.net

- updated to new upstream 2.7.11 version
  * for bugfixes informations please look in
  /usr/share/doc/packages/puppet/CHANGELOG

-------------------------------------------------------------------
Wed Jun 13 09:12:06 UTC 2012 - coolo@suse.com

- no need for vendor-specific

-------------------------------------------------------------------
Tue Oct 25 13:56:49 UTC 2011 - vcizek@suse.com

- update to 2.7.6
  Security Fixes
    CVE-2011-3872 (AltNames vulnerability)
  Features and Enhancements
    User/group management on Windows
    Better file support on Windows
    Support plaintext password in Windows
  Bug Fixes
    Recognize more duplicate resources
    Allow multi-line exec resources
    Remove unnecessary deprecation warning in puppet resource
    Update pluginsync to only load ruby files.

-------------------------------------------------------------------
Thu Sep 29 11:32:59 UTC 2011 - vcizek@suse.com

- update to 2.7.4
  - enhancement + security release:
    fixed CVE-2011-3848
    (Resist directory traversal attacks through indirections)
    GigabitEthernet/TenGigabitEthernet are uncorrectly parsed
    Don’t rely on error message to detect UAC capable platform
    Allow cron vars to have leading whitespace

-------------------------------------------------------------------
Thu Jun 23 08:26:59 UTC 2011 - vcizek@novell.com

- update to 2.7.1 
  - a major feature release:
    Ruby 1.9 Support
    Deterministic Catalog Application
    Puppet Faces - a new API for creating new Puppet subcommands
    Manage Network Devices
    Dependency cycle reporting produces graph of the cycle
- license changed to Apache-2.0
  - see http://docs.puppetlabs.com/guides/faq#change-to-apache-license

-------------------------------------------------------------------
Thu May 19 09:35:38 UTC 2011 - vcizek@novell.com

- using correct port for puppet in the firewall rules (bnc#694825)

-------------------------------------------------------------------
Tue Apr  5 13:38:04 UTC 2011 - vcizek@novell.com

- fix logging setting (bnc#683441)

-------------------------------------------------------------------
Mon Mar 14 09:39:35 UTC 2011 - vcizek@novell.com

- update to 2.6.6
  * fixed many bugs
  * licence has changed to GPLv2 (was GPLv2+)
  * some of the new features:
    - Manifests can now specify arbitrary data for file contents
    - Managed resource attributes can now be audited
    - Parameterised class support in external node classifiers
    - New puppet inspect application

-------------------------------------------------------------------
Fri Jan 28 11:55:57 UTC 2011 - vcizek@novell.com

- update to 2.6.4
 * bugfixes: bnc#667867
   Ship auth.conf as part of installing from source

-------------------------------------------------------------------
Tue Oct  5 16:26:21 CEST 2010 - anicka@suse.cz

- update to 2.6.1
 * bugfixes, manpage fixes

-------------------------------------------------------------------
Thu Aug 19 15:16:13 CEST 2010 - anicka@suse.cz

- update to 2.6.0
 * major release with many new configuration options and new
   language features

-------------------------------------------------------------------
Mon Aug 16 16:46:36 CEST 2010 - anicka@suse.cz

- respect sysconfig settings (bnc#620808)

-------------------------------------------------------------------
Tue Jul 20 17:44:46 CEST 2010 - anicka@suse.cz

- create puppet user not only for server package (bnc#623884)

-------------------------------------------------------------------
Tue Mar  2 17:30:47 CET 2010 - anicka@suse.cz

- update to 0.25.4
 * bugfixes
- create user puppet (fixes bnc#576453)

-------------------------------------------------------------------
Wed Apr 15 15:42:41 CEST 2009 - mantel@suse.de

- update to 0.24.8

-------------------------------------------------------------------
Mon Apr  6 15:32:43 CEST 2009 - mantel@suse.de

- add zypper.rb plugin by Leo Eraly

-------------------------------------------------------------------
Mon Feb  9 16:49:36 CET 2009 - anicka@suse.cz

- update to 2.4.7
 * Deprecate the NetInfo nameservice provider. Use directoryservice
   instead
 * Add macauthorization type
 * Refactoring the thread-safety in Puppet::Util
 * Removing the included testing gems; you must now install them 
   yourself
 * Refactoring of SELinux functions to use native Ruby SELinux
   interface
 * Removing all mention of EPM, RPM, or Sun packages.
 * Replaced SELInux calls to binaries with Ruby SELinux bindings
 * Adding support to the user type for: profiles, auths, project, 
   key/value pairs (extension to Solaris RBAC support added in
   0.24.6)
 * Added a number of confines to package providers
 * lots of bugfixes
- add sysconfig, firewall definitions, package 
  init scripts (bnc#465778)

-------------------------------------------------------------------
Tue Sep  9 17:42:21 CEST 2008 - anicka@suse.cz

- update to 0.24.5 
 * You can now select the encoding format when transferring 
   the catalog, with 'yaml' still being the default but 'marshal'
   being an option.
 * Removed support for the 'node_name' setting in LDAP and external
    node lookups.
 * Also removed support for 'default' nodes in external nodes.
 * Exporting or collecting resources no longer raises an exception
   when no storeconfigs is enabled, it just produces a warning.
 * Always using the cert name to store yaml files
 * Added support for the --all option to puppetca --clean.  If
   puppetca --clean --all is issued then all client certificates
   are removed.
 * Resources now return the 'should' value for properties from
   the [] accessor method (they previously threw an exception when
   this method was used with properties).
 * Modified the 'master' handler to use the Catalog class to
   compile node configurations, rather than using the Configuration
   handler, which was never used directly.
 * Modified the 'master' handler (responsible for sending 
   configurations to clients) to always return Time.now as its
   compile date, so configurations will always get recompiled.
 * Saving new facts now expires any cached node information.
 * Switching how caching is handled, so that objects now all
   have an expiration date associated with them.  This makes it
   much easier to know whether a given cached object should be used
   or if it should be regenerated.
 * Changing the default environment to production.
- fix installation script (man8 permissions)

-------------------------------------------------------------------
Mon Sep  1 14:06:07 CEST 2008 - anicka@suse.cz

- package created (version 0.24.4)

Places

File puppet.changes of Package puppet.14603

Places