diff --git a/.cvsignore b/.cvsignore index 58fb452..728a193 100644 --- a/.cvsignore +++ b/.cvsignore @@ -1 +1 @@ -puppet-0.25.1.tar.gz +puppet-0.25.2.tar.gz diff --git a/puppet-0.25.1-0001-Initialize-supplementary-groups-ported-patch-from-0..patch b/puppet-0.25.1-0001-Initialize-supplementary-groups-ported-patch-from-0..patch deleted file mode 100644 index 3cc8c09..0000000 --- a/puppet-0.25.1-0001-Initialize-supplementary-groups-ported-patch-from-0..patch +++ /dev/null @@ -1,75 +0,0 @@ -From 50952a627a9c96a147c7bcac91f6e2380e483310 Mon Sep 17 00:00:00 2001 -From: Jeroen van Meeuwen (Fedora Unity) -Date: Wed, 25 Nov 2009 13:38:52 +0100 -Subject: [PATCH] Initialize supplementary groups (ported patch from 0.24.8 originally from Till Maas) - ---- - lib/puppet/util.rb | 5 +++-- - lib/puppet/util/suidmanager.rb | 12 +++++++++++- - 2 files changed, 14 insertions(+), 3 deletions(-) - -diff --git a/lib/puppet/util.rb b/lib/puppet/util.rb -index 6f83c7a..8e2e8a3 100644 ---- a/lib/puppet/util.rb -+++ b/lib/puppet/util.rb -@@ -55,10 +55,11 @@ module Util - end - unless Puppet::Util::SUIDManager.uid == user - begin -+ Puppet::Util::SUIDManager.initgroups(user) - Puppet::Util::SUIDManager.uid = user - Puppet::Util::SUIDManager.euid = user -- rescue -- $stderr.puts "could not change to user %s" % user -+ rescue => detail -+ $stderr.puts "could not change to user %s: %s" % [user, detail] - exit(74) - end - end -diff --git a/lib/puppet/util/suidmanager.rb b/lib/puppet/util/suidmanager.rb -index c5df0d1..7896945 100644 ---- a/lib/puppet/util/suidmanager.rb -+++ b/lib/puppet/util/suidmanager.rb -@@ -7,7 +7,7 @@ module Puppet::Util::SUIDManager - extend Forwardable - - to_delegate_to_process = [ :euid=, :euid, :egid=, :egid, -- :uid=, :uid, :gid=, :gid ] -+ :uid=, :uid, :gid=, :gid, :groups=, :groups ] - - to_delegate_to_process.each do |method| - def_delegator Process, method -@@ -26,13 +26,16 @@ module Puppet::Util::SUIDManager - # We set both because some programs like to drop privs, i.e. bash. - old_uid, old_gid = self.uid, self.gid - old_euid, old_egid = self.euid, self.egid -+ old_groups = self.groups - begin - self.egid = convert_xid :gid, new_gid if new_gid -+ self.initgroups(convert_xid(:uid, new_uid)) if new_uid - self.euid = convert_xid :uid, new_uid if new_uid - - yield - ensure - self.euid, self.egid = old_euid, old_egid -+ self.groups = old_groups - end - end - module_function :asuser -@@ -49,6 +52,13 @@ module Puppet::Util::SUIDManager - end - module_function :convert_xid - -+ # Initialize supplementary groups -+ def initgroups(user) -+ require 'etc' -+ Process.initgroups(Etc.getpwuid(user).name, Process.gid) -+ end -+ module_function :initgroups -+ - - def run_and_capture(command, new_uid=nil, new_gid=nil) - output = Puppet::Util.execute(command, :failonfail => false, :uid => new_uid, :gid => new_gid) --- -1.6.5.2 - diff --git a/puppet-0.25.1-server-initscript.patch b/puppet-0.25.1-server-initscript.patch deleted file mode 100644 index 69bbfac..0000000 --- a/puppet-0.25.1-server-initscript.patch +++ /dev/null @@ -1,27 +0,0 @@ -From 8894aae81d26a9564305ae89ac159320c53dca83 Mon Sep 17 00:00:00 2001 -From: Todd Zullinger -Date: Tue, 27 Oct 2009 10:30:08 -0400 -Subject: [PATCH/puppet] conf/redhat: Prevent killproc from removing /usr/sbin/puppetmasterd - -Mattias Saou ran into a serious bug cause by 9dff71 (Use -p option to -killproc). The puppetmaster init script lacked a pidfile variable, -which ended up with /usr/sbin/puppetmasterd being removed. ---- - conf/redhat/server.init | 1 + - 1 files changed, 1 insertions(+), 0 deletions(-) - -diff --git a/conf/redhat/server.init b/conf/redhat/server.init -index 5505058..4f44206 100644 ---- a/conf/redhat/server.init -+++ b/conf/redhat/server.init -@@ -13,6 +13,7 @@ PATH=/usr/bin:/sbin:/bin:/usr/sbin - export PATH - - lockfile=/var/lock/subsys/puppetmaster -+pidfile=/var/run/puppet/puppetmasterd.pid - - # Source function library. - . /etc/rc.d/init.d/functions --- -1.6.5.2 - diff --git a/puppet.spec b/puppet.spec index 0e8a7a0..ef5d2fc 100644 --- a/puppet.spec +++ b/puppet.spec @@ -1,22 +1,18 @@ # Augeas and SELinux requirements may be disabled at build time by passing # --without augeas and/or --without selinux to rpmbuild or mock -%{!?ruby_sitelibdir: %define ruby_sitelibdir %(ruby -rrbconfig -e 'puts Config::CONFIG["sitelibdir"]')} -%define confdir conf/redhat +%{!?ruby_sitelibdir: %global ruby_sitelibdir %(ruby -rrbconfig -e 'puts Config::CONFIG["sitelibdir"]')} +%global confdir conf/redhat Name: puppet -Version: 0.25.1 -Release: 1%{?dist} +Version: 0.25.2 +Release: 1%{?dist}.1 Summary: A network tool for managing many disparate systems License: GPLv2+ URL: http://puppet.reductivelabs.com/ Source0: http://reductivelabs.com/downloads/puppet/%{name}-%{version}.tar.gz -# Brown paper bag fix for my killproc blunder (tmz) -Patch0: puppet-0.25.1-server-initscript.patch -# https://bugzilla.redhat.com/475201 -Patch1: puppet-0.25.1-0001-Initialize-supplementary-groups-ported-patch-from-0..patch # https://bugzilla.redhat.com/495096 -Patch2: puppet-0.25.1-0002-Correct-rundir-permissions.patch +Patch0: puppet-0.25.1-0002-Correct-rundir-permissions.patch Group: System Environment/Base @@ -72,8 +68,6 @@ The server can also function as a certificate authority and file server. %prep %setup -q %patch0 -p1 -%patch1 -p1 -%patch2 -p1 %build # Fix some rpmlint complaints @@ -90,6 +84,9 @@ chmod +x ext/puppetstoredconfigclean.rb find examples/ -type f -empty | xargs rm find examples/ -type f | xargs chmod a-x +# puppet-queue.conf is more of an example, used for stompserver +mv conf/puppet-queue.conf examples/etc/puppet/ + %install rm -rf %{buildroot} ruby install.rb --destdir=%{buildroot} --quick --no-rdoc @@ -104,6 +101,7 @@ install -Dp -m0644 %{confdir}/server.sysconfig %{buildroot}%{_sysconfdir}/syscon install -Dp -m0755 %{confdir}/server.init %{buildroot}%{_initrddir}/puppetmaster install -Dp -m0644 %{confdir}/fileserver.conf %{buildroot}%{_sysconfdir}/puppet/fileserver.conf install -Dp -m0644 %{confdir}/puppet.conf %{buildroot}%{_sysconfdir}/puppet/puppet.conf +install -Dp -m0644 conf/auth.conf %{buildroot}%{_sysconfdir}/puppet/auth.conf install -Dp -m0644 %{confdir}/logrotate %{buildroot}%{_sysconfdir}/logrotate.d/puppet # We need something for these ghosted files, otherwise rpmbuild @@ -131,7 +129,7 @@ install -Dp -m0644 ext/vim/syntax/puppet.vim $vimdir/syntax/puppet.vim %files %defattr(-, root, root, 0755) -%doc CHANGELOG COPYING LICENSE README examples +%doc CHANGELOG COPYING LICENSE README README.queueing examples %{_bindir}/pi %{_bindir}/puppet %{_bindir}/ralsh @@ -144,6 +142,7 @@ install -Dp -m0644 ext/vim/syntax/puppet.vim $vimdir/syntax/puppet.vim %dir %{_sysconfdir}/puppet %config(noreplace) %{_sysconfdir}/sysconfig/puppet %config(noreplace) %{_sysconfdir}/puppet/puppet.conf +%config(noreplace) %{_sysconfdir}/puppet/auth.conf %ghost %config(noreplace,missingok) %{_sysconfdir}/puppet/puppetca.conf %ghost %config(noreplace,missingok) %{_sysconfdir}/puppet/puppetd.conf %config(noreplace) %{_sysconfdir}/logrotate.d/puppet @@ -177,6 +176,7 @@ install -Dp -m0644 ext/vim/syntax/puppet.vim $vimdir/syntax/puppet.vim %{_mandir}/man8/filebucket.8.gz %{_mandir}/man8/puppetmasterd.8.gz %{_mandir}/man8/puppetrun.8.gz +%{_mandir}/man8/puppetqd.8.gz # Fixed uid/gid were assigned in bz 472073 (Fedora), 471918 (RHEL-5), # and 471919 (RHEL-4) @@ -222,6 +222,14 @@ fi rm -rf %{buildroot} %changelog +* Tue Jan 05 2010 Todd Zullinger - 0.25.2-1.1 +- Replace %%define with %%global for macros + +* Tue Jan 05 2010 Todd Zullinger - 0.25.2-1 +- Update to 0.25.2 +- Fixes CVE-2010-0156, tmpfile security issue (#502881) +- Install auth.conf, puppetqd manpage, and queuing examples/docs + * Wed Nov 25 2009 Jeroen van Meeuwen - 0.25.1-1 - New upstream version diff --git a/sources b/sources index a00c1fb..a914bda 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -55ced6102fe6ad8b2ecb2b1384008167 puppet-0.25.1.tar.gz +d96be601ca6f936ec7c35a7206b2fa85 puppet-0.25.2.tar.gz