Jira (PUP-6471) Add toggle to disable symlinks in the file server
Title: Message Title Rob Braden created an issue Puppet / PUP-6471 Add toggle to disable symlinks in the file server Issue Type: Improvement Assignee: Unassigned Created: 2016/07/04 10:26 PM Priority: Normal Reporter: Rob Braden The fileserver functionality of puppet (https://docs.puppet.com/puppet/latest/reference/config_file_fileserver.html) follows symlinks. While this is not an issue in simple deployments, if the fileserver is used to serve files from mixed trust sources; its possible that a symlink was placed under the fileserver's root that references say /. It would then be possible to read arbitrary files as the puppet service, such as private keys and eyaml keys. What would be great is a fileserver.conf option to not follow symlinks. This way if the fileserver directory has a mixed trust level, an upstream compromise or other attack won't allow a compromise of puppet itself. For example, puppet's fileserver might be a NFS share mounted from a remote host. With symlinks enabled, puppet now has to fully trust the remote share and the network as NFS is vuln to MITM. Add Comment
Jira (FACT-1415) Replace Facter 3.x Windows Operating System kernel query with Windows Kernel API call RtlGetVersion
Title: Message Title Steve Barlow updated an issue Facter / FACT-1415 Replace Facter 3.x Windows Operating System kernel query with Windows Kernel API call RtlGetVersion Change By: Steve Barlow Fix Version/s: FACT 3.3.0 Fix Version/s: FACT 3.4.0 Add Comment This message was sent by Atlassian JIRA (v6.4.13#64028-sha1:b7939e9) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (FACT-1381) Facter module not available in at_exit
Title: Message Title Steve Barlow updated an issue Facter / FACT-1381 Facter module not available in at_exit Change By: Steve Barlow Fix Version/s: FACT 3.3.0 Fix Version/s: FACT 3.4.0 Add Comment This message was sent by Atlassian JIRA (v6.4.13#64028-sha1:b7939e9) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (HI-521) Puppet Lookup does only went through the module hieradata once
Title: Message Title CJ Toolseram created an issue Hiera / HI-521 Puppet Lookup does only went through the module hieradata once Issue Type: Bug Assignee: Unassigned Attachments: NESTED.tar.gz Created: 2016/07/04 5:25 PM Priority: Normal Reporter: CJ Toolseram Puppet lookup in the module hieradata only happen once. If the second variable or lookup happens, it won't look in the module hieradata again. Steps to reproduce: 1. Download the module and extract it into the module directory 2. Run the following command to see the differences sudo /usr/local/bin/puppet apply -e 'nestedlookup::twolevel {"BLAH": }' --modulepath=$PWD --debug --noop sudo /usr/local/bin/puppet apply -e 'nestedlookup::onelevel {"TEST": }' --modulepath=$PWD --debug --noop
Jira (PUP-3076) Solaris (10) acceptance tests assume that /opt/csw/bin (opencsw) is in the path (necessary for solaris 10)
Title: Message Title Kenn Hussey updated an issue Puppet / PUP-3076 Solaris (10) acceptance tests assume that /opt/csw/bin (opencsw) is in the path (necessary for solaris 10) Change By: Kenn Hussey Security: Internal Add Comment This message was sent by Atlassian JIRA (v6.4.13#64028-sha1:b7939e9) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-6411) Puppet 3.x fails acceptance on Ubuntu precise
Title: Message Title Trent Lloyd commented on PUP-6411 Re: Puppet 3.x fails acceptance on Ubuntu precise This (duplicate) ticket has a bit of discussion: https://tickets.puppetlabs.com/browse/PUP-6424 This issue is also being tracked upstream, it appears related to the patch for CVE-2015-7519 https://bugs.launchpad.net/ubuntu/+source/passenger/+bug/1575220 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=812103 The patch for this CVE is busted, I'm working on it in the Launchpad bug above Add Comment This message was sent by Atlassian JIRA (v6.4.13#64028-sha1:b7939e9) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-6470) EPP - Syntax error raised in wrong location after attempting .empty? in template
Title: Message Title Helen Campbell created an issue Puppet / PUP-6470 EPP - Syntax error raised in wrong location after attempting .empty? in template Issue Type: Bug Assignee: Unassigned Created: 2016/07/04 7:33 AM Environment: Puppet 4.2.0 Priority: Minor Reporter: Helen Campbell When attempting to translate a .erb file to a .epp file for the ntp module I ran into a syntax error on a specific line while running epp validate. As can be seen below, the syntax error claims to be at line 3, and is complaining about a '['. But what is actually apparent, is that the syntax error should be two lines before, at the attempted use of '.empty?'. Error: ➜ puppetlabs-ntp git:(factsUpdate) ✗ puppet epp validate templates/tmp.epp Error: Syntax error at '[' at templates/tmp.epp:3:4 Error: Errors while validating epp Error: Try 'puppet help epp validate' for usage EPP Code: 1 <% unless $peers.empty? {-%> 2 # Peers
Jira (PUP-1927) Yum Package Provider Ignores Source Parameter
Title: Message Title Kylo Ginsberg assigned an issue to Unassigned Puppet / PUP-1927 Yum Package Provider Ignores Source Parameter Change By: Kylo Ginsberg Assignee: Kylo Ginsberg Add Comment This message was sent by Atlassian JIRA (v6.4.13#64028-sha1:b7939e9) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.