Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package cfengine for openSUSE:Factory checked in at 2022-02-25 21:25:11 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/cfengine (Old) and /work/SRC/openSUSE:Factory/.cfengine.new.1958 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "cfengine" Fri Feb 25 21:25:11 2022 rev:79 rq:957526 version:3.19.0 Changes: -------- --- /work/SRC/openSUSE:Factory/cfengine/cfengine.changes 2021-08-31 19:56:14.910003779 +0200 +++ /work/SRC/openSUSE:Factory/.cfengine.new.1958/cfengine.changes 2022-02-25 21:25:41.651644972 +0100 @@ -1,0 +2,48 @@ +Thu Feb 24 15:23:22 UTC 2022 - Ferdinand Thiessen <[email protected]> + +- Update to version 3.19.0 + * -N/--negate now prevents persistent classes from being defined + * 'null' JSON value is now handled as empty data in + augments/host-specific data + * Added a new common control attribute 'system_log_level' + For specifying the minimum log level required for log messages to + go to the system log. + * Added support for cfbs managed policy set to masterfiles staging script + * Trailing commas can now be used in policy argument lists + * Changed cf-key option --print-digest to take an optional argument. + * Enabled 'handle', 'depends_on', 'with' attribute for custom + promise types + * Don't fail on new file creation when backups are enabled + * Set apache umask to 0177 + * cf-serverd now binds to both IPV6 and IPV4 if bindtointerface + is unspecified + * cf-serverd now reports if fails to bind to all possible + addresses/interfaces + * Fixed dbm_quick.c, dbm_tokyocab.c DBPrivRead() argument type + * Fixed crashes (Segfaults) +- Update to version 3.18.0 + * Fix CVE-2021-38379 - Publicly available exported reports + An attacker with network access to the hub machine (port 443) + can obtain reports generated by users in Mission Portal with + potentially sensitive data. + * Fix CVE-2021-36756 - Certificate not checked in Federated Reporting + An attacker can use IP spoofing, DNS spoofing or other common + techniques to direct the traffic from the superhub to their own + machine instead of the real feeder hub and get it connected to + the superhub. + * "No action for file" warning is no longer triggered when only + 'content => "something"' is used + * "source=promise_iteration" variables are no longer created in + foreign bundles + * 'rename => newname()' now supports relative paths + * 'variables' and 'classes' in CMDB and augments data now support + 'comment' fields + * Added a new --simulate=manifest-full mode + * Added a new runagent_socket_allow_users body executor control attribute + * Fixed crash when attempting to put methods promises in bundles + which are not agent bundles + * Fixed various memory leaks + * Various other changes see provided ChangeLog file +- Refresh harden_cf-hub.service.patch + +------------------------------------------------------------------- Old: ---- core-3.17.0.tar.gz libntech-4e9efcb84172110fa92742836b8d34688983c2e7.tar.gz New: ---- core-3.19.0.tar.gz libntech-66274a1752c88922c2acd000e23b11b76b3bfc2a.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ cfengine.spec ++++++ --- /var/tmp/diff_new_pack.DN5puW/_old 2022-02-25 21:25:42.307645090 +0100 +++ /var/tmp/diff_new_pack.DN5puW/_new 2022-02-25 21:25:42.311645090 +0100 @@ -1,7 +1,7 @@ # # spec file for package cfengine # -# Copyright (c) 2021 SUSE LLC +# Copyright (c) 2022 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -18,14 +18,12 @@ %define libname libpromises %define libsoname %{libname}3 - # Yes, its not FHS conformant but in sync with cfengine documentation %define basedir %{_localstatedir}/%{name} %define workdir %{basedir} # This is the place where workdir should be #%%define basedir %%{_localstatedir}/lib/%%{name} #%%define workdir %%{basedir}/work - %if 0%{?suse_version} < 1500 # assume SuSEfirewall2 %define with_sfw2 1 @@ -34,13 +32,13 @@ %define with_sfw2 0 %endif # Version of libntech needed (see git repo of core) -%define libntech_hash 4e9efcb84172110fa92742836b8d34688983c2e7 +%define libntech_hash 66274a1752c88922c2acd000e23b11b76b3bfc2a # pass --with-bla to enable the build %bcond_with mysql %bcond_with postgresql %bcond_with libvirt Name: cfengine -Version: 3.17.0 +Version: 3.19.0 Release: 0 Summary: Configuration management framework License: GPL-3.0-only ++++++ cfengine-rpmlintrc ++++++ --- /var/tmp/diff_new_pack.DN5puW/_old 2022-02-25 21:25:42.403645107 +0100 +++ /var/tmp/diff_new_pack.DN5puW/_new 2022-02-25 21:25:42.403645107 +0100 @@ -1,2 +1,3 @@ -addFilter(".* is not allowed anymore in FHS 2.2."); +addFilter("E: filelist-forbidden-fhs23 *"); +addFilter("cfengine-examples.noarch: E: wrong-script-interpreter *") ++++++ core-3.17.0.tar.gz -> core-3.19.0.tar.gz ++++++ ++++ 33362 lines of diff (skipped) ++++++ harden_cf-hub.service.patch ++++++ --- /var/tmp/diff_new_pack.DN5puW/_old 2022-02-25 21:25:43.383645282 +0100 +++ /var/tmp/diff_new_pack.DN5puW/_new 2022-02-25 21:25:43.387645282 +0100 @@ -1,9 +1,9 @@ -Index: core-3.17.0/misc/systemd/cf-hub.service.in +Index: core-3.19.0/misc/systemd/cf-hub.service.in =================================================================== ---- core-3.17.0.orig/misc/systemd/cf-hub.service.in -+++ core-3.17.0/misc/systemd/cf-hub.service.in -@@ -10,6 +10,19 @@ After=cf-postgres.service - Requires=cf-postgres.service +--- core-3.19.0.orig/misc/systemd/cf-hub.service.in ++++ core-3.19.0/misc/systemd/cf-hub.service.in +@@ -10,6 +10,19 @@ Wants=cf-postgres.service + After=cf-postgres.service [Service] +# added automatically, for details please see ++++++ libntech-4e9efcb84172110fa92742836b8d34688983c2e7.tar.gz -> libntech-66274a1752c88922c2acd000e23b11b76b3bfc2a.tar.gz ++++++ ++++ 5825 lines of diff (skipped)
