On 20/08/13 10:02, Raphael Geissert wrote: > Hi again, > > On 31 July 2013 17:43, Chris Boot <c...@tiger-computing.co.uk> wrote: >> This patch isn't part of 2.7.18-5, which is currently in wheezy. We've >> had to roll our own update internally that includes the patch in order >> to correctly process reports from other servers. > > Are you sure that this issue wasn't already present before the security > update? > After reviewing all the fields I don't see any extra being added or > deleted. There is one issue, however, where the report format wasn't > bumped to version 3 but this comes from upstream: > http://projects.puppetlabs.com/issues/15739 > > You could check if that is the issue by modifying > transaction/report.rb's initialize to @report_format = 3.
Apologies for not sending the debdiff like I said I would. I'll get onto this now. We were running 2.7.18-3~bpo60+1 on squeeze without issues. Following the wheezy upgrade (and going straight to 2.7.18-5) we started seeing the issues with reports not being processed correctly. The only change I can attribute this to is the fix for CVE-2013-3567. The issue was causing reports from squeeze machines (running 2.6.2-5+squeeze6/7/8) to be misparsed by the security-patched wheezy version of Puppet, causing invalid reports to be stored to disk and sent to Dashboard. Applying CVE-2013-3567.fixup-for-v3.patch on our Puppet master causes valid reports to be stored on disk and sent to Dashboard with no changes to the slave nodes. HTH, Chris -- Chris Boot Tiger Computing Ltd "Linux for Business" Tel: 01600 483 484 Web: http://www.tiger-computing.co.uk Follow us on Facebook: http://www.facebook.com/TigerComputing Registered in England. Company number: 3389961 Registered address: Wyastone Business Park, Wyastone Leys, Monmouth, NP25 3SR -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org