Package: puppet / 2.7.23-1~deb7u3
Metadata
Package | Version | Patches format |
---|---|---|
puppet | 2.7.23-1~deb7u3 | 3.0 (quilt) |
Patch series
view the series filePatch | File delta | Description |
---|---|---|
fix symlink 1 ee4c6f7c697737aa919b9f90436ab0cc69934b03 | (download) |
spec/integration/type/file_spec.rb |
42 21 + 21 - 0 ! |
--- |
fix symlink 2 1b0e812ad9e33b3cc148fac30a28490f60f40c63 | (download) |
lib/puppet/type/file/source.rb |
4 2 + 2 - 0 ! |
--- |
fix symlink 3 3a00ed468617c17b5a527c68cfc37d7d1fddaa72 | (download) |
spec/unit/type/file/source_spec.rb |
15 8 + 7 - 0 ! |
--- |
fix symlink 4 1d8a76e060f610a9db20cf1bdd4ff95dddba9309 | (download) |
acceptance/tests/resource/file/ticket_7680-follow-symlinks.rb |
33 33 + 0 - 0 ! |
--- |
apache2 passenger template | (download) |
ext/rack/files/apache2.conf |
4 2 + 2 - 0 ! |
set passenger puppet master document root |
fix_logcheck | (download) |
ext/logcheck/puppet |
2 1 + 1 - 0 ! |
fix puppet-master logcheck rule |
CVE 2013 4969 2.7.x temp file.patch | (download) |
lib/puppet/type/file.rb |
35 12 + 23 - 0 ! |
[patch] (#23343) use `replace_file` to update a file's contents The previous code had an unsafe use of temp files by looking for a name it can use in a directory and then later opening the file and writing to it. An attacker could, through some lucky timing and good access, make the selected name a symlink to another file and thereby cause puppet to overwrite something that it did not intend to. The temporary file is used to make the file update atomic and also to check that the contents have been written correctly. This updates the file type to use the Puppet::Util#replace_file method to do a safe, atomic, content swap. Since replace_file requires a mode to be provided, the code was also updated to use the assumed default of 0644, which is used when figuring out the absolute mode integer from symbolic modes. In order to get this change to work on windows, there were a few modifications that needed to be made as well: - New file must have binmode set to generate checksums appropriately across operating sytems that results from newline |
CVE 2013 4969 2.7.x temp file regression fix.patch | (download) |
lib/puppet/type/file.rb |
4 1 + 3 - 0 ! |
(pup-1255) fix assumed default file mode to 0644 When a file is created with content, the assumed default mode should be 0644, but this wasn't being explicitly set. The secure file replacement (in Puppet::Util.replace_file) was instead defaulting to a file mode of 0600. The assumed default mode is now explicitly set when calling replace_file. . The code path for file creation without content continues to set a umask of 0022 if no mode is specified on the resource, so new files are implicitly created with a mode of 0644. |