Public bug reported: The fix for CVE-2013-4969 (tempfile vulnerability) contained a regression affecting the default file mode if none is specified on a file resource. This has been fixed in upstream 3.4.2 and 2.7.25.
Upstream bug: https://tickets.puppetlabs.com/browse/PUP-1255 Please apply the following patch from 2.7.x to fix the issue: https://github.com/puppetlabs/puppet/commit/6a11abb8ac This currently affects the Foreman installer as some resources in our modules rely on this behaviour. Reproduced on Ubuntu 12.04 with puppet 2.7.11-1ubuntu2.6: # puppet apply -e 'file { "/tmp/a": content => "foo" }' notice: /Stage[main]//File[/tmp/a]/ensure: defined content as '{md5}acbd18db4cc2f85cedef654fccc4a4d8' notice: Finished catalog run in 0.08 seconds # ls -l /tmp/a -rw------- 1 root root 3 Jan 9 09:13 /tmp/a ||/ Name Version Description +++-====================-====================-======================================================== ii puppet 2.7.11-1ubuntu2.6 Centralized configuration management - agent startup and ** Affects: puppet (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to puppet in Ubuntu. https://bugs.launchpad.net/bugs/1267385 Title: Default file mode now 0600 instead of 0644 (regression in CVE-2013-4969 fix) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/puppet/+bug/1267385/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
