puppet 2.7.4 → 2.7.5

data/CHANGELOG

@@ -1,3 +1,13 @@
+2.7.5
+===
+a36f39d Updating version numbers for 2.7.5
+de51f3d (#9832) 2.7.4 StoreConfigs regression with PostgreSQL.
+1aa9be5 (#9793) "secure" indirector file backed terminus base class.
+d76c309 (#9792) Predictable temporary filename in ralsh. (CVE-2011-3871)
+b29b178 Drop privileges before creating and chmodding SSH keys.(CVE-2011-3870)
+7d4c169 (#9794) k5login can overwrite arbitrary files as root (CVE-2011-3869)
+
+
 2.7.4
 ===
 47135fb Resist directory traversal attacks through indirections. (CVE-2011-3484)

data/conf/redhat/puppet.spec

@@ -5,8 +5,8 @@
 %global confdir conf/redhat
 
 Name:           puppet
-Version:        2.7.2
-Release:        0.2.rc1%{?dist}
+Version:        2.7.5
+Release:        1%{?dist}
 Summary:        A network tool for managing many disparate systems
 License:        ASL 2.0
 URL:            http://puppetlabs.com
@@ -282,6 +282,12 @@ fi
 rm -rf %{buildroot}
 
 %changelog
+* Fri Sep 30 2011 Michael Stahnke <stahnma@puppetlabs.com> - 2.7.5-1
+- Fixes for CVE-2011-3869, 3870, 3871
+
+* Wed Sep 28 2011 Michael Stahnke <stahnma@puppetlabs.com> - 2.7.4-1
+- Fix for CVE-2011-3484
+
 * Wed Jul 06 2011 Michael Stahnke <stahnma@puppetlabs.com> - 2.7.2-0.2.rc1
 - Clean up rpmlint errors
 - Put man pages in correct package

data/lib/puppet.rb

@@ -24,7 +24,7 @@ require 'puppet/util/run_mode'
 # it's also a place to find top-level commands like 'debug'
 
 module Puppet
-  PUPPETVERSION = '2.7.4'
+  PUPPETVERSION = '2.7.5'
 
   def Puppet.version
     PUPPETVERSION

data/lib/puppet/application/resource.rb

@@ -190,18 +190,25 @@ Copyright (c) 2011 Puppet Labs, LLC Licensed under the Apache 2.0 License
     end.map(&format).join("\n")
 
     if options[:edit]
-      file = "/tmp/x2puppet-#{Process.pid}.pp"
+      require 'tempfile'
+      # Prefer the current directory, which is more likely to be secure
+      # and, in the case of interactive use, accessible to the user.
+      tmpfile = Tempfile.new('x2puppet', Dir.pwd)
       begin
-        File.open(file, "w") do |f|
-          f.puts text
-        end
-        ENV["EDITOR"] ||= "vi"
-        system(ENV["EDITOR"], file)
-        system("puppet -v #{file}")
+        # sync write, so nothing buffers before we invoke the editor.
+        tmpfile.sync = true
+        tmpfile.puts text
+
+        # edit the content
+        system(ENV["EDITOR"] || 'vi', tmpfile.path)
+
+        # ...and, now, pass that file to puppet to apply.  Because
+        # many editors rename or replace the original file we need to
+        # feed the pathname, not the file content itself, to puppet.
+        system('puppet -v ' + tmpfile.path)
       ensure
-        #if FileTest.exists? file
-        #    File.unlink(file)
-        #end
+        # The temporary file will be safely removed.
+        tmpfile.close(true)
       end
     else
       puts text

data/lib/puppet/indirector/resource/active_record.rb

@@ -62,7 +62,10 @@ class Puppet::Resource::ActiveRecord < Puppet::Indirector::ActiveRecord
     # Some versions of ActiveRecord just to_s a symbol, which our type is, but
     # others preserve the symbol-nature, which causes our storage (string) and
     # query (symbol) to mismatch.  So, manually stringify. --daniel 2011-09-08
-    arguments = [true, type.to_s]
+    #
+    # Also, PostgreSQL is case sensitive; we need to make sure our type name
+    # here matches what we inject. --daniel 2011-09-30
+    arguments = [true, type.to_s.capitalize]
 
     if filter then
       sql, values = filter_to_active_record(filter)

data/lib/puppet/provider/ssh_authorized_key/parsed.rb

@@ -50,21 +50,22 @@ require 'puppet/provider/parsedfile'
   def flush
     raise Puppet::Error, "Cannot write SSH authorized keys without user"    unless @resource.should(:user)
     raise Puppet::Error, "User '#{@resource.should(:user)}' does not exist" unless uid = Puppet::Util.uid(@resource.should(:user))
-    unless File.exist?(dir = File.dirname(target))
-      Puppet.debug "Creating #{dir}"
-      Dir.mkdir(dir, dir_perm)
-      File.chown(uid, nil, dir)
-    end
-
     # ParsedFile usually calls backup_target much later in the flush process,
     # but our SUID makes that fail to open filebucket files for writing.
     # Fortunately, there's already logic to make sure it only ever happens once,
     # so calling it here supresses the later attempt by our superclass's flush method.
     self.class.backup_target(target)
 
-    Puppet::Util::SUIDManager.asuser(@resource.should(:user)) { super }
-    File.chown(uid, nil, target)
-    File.chmod(file_perm, target)
+    Puppet::Util::SUIDManager.asuser(@resource.should(:user)) do
+        unless File.exist?(dir = File.dirname(target))
+          Puppet.debug "Creating #{dir}"
+          Dir.mkdir(dir, dir_perm)
+        end
+
+        super
+
+        File.chmod(file_perm, target)
+    end
   end
 
   # parse sshv2 option strings, wich is a comma separated list of

data/lib/puppet/type/k5login.rb

@@ -79,7 +79,9 @@ Puppet::Type.newtype(:k5login) do
 
     private
     def write(value)
-      File.open(@resource[:name], "w") { |f| f.puts value.join("\n") }
+      Puppet::Util.secure_open(@resource[:name], "w") do |f|
+        f.puts value.join("\n")
+      end
     end
   end
 end

data/spec/unit/indirector/resource/active_record_spec.rb

@@ -70,7 +70,7 @@ describe "Puppet::Resource::ActiveRecord", :if => (Puppet.features.rails? and de
         host = Puppet::Rails::Host.create!(:name => 'one.local')
         Puppet::Rails::Resource.
           create!(:host     => host,
-                  :restype  => 'exec', :title => 'whammo',
+                  :restype  => 'Exec', :title => 'whammo',
                   :exported => true)
 
       end
@@ -80,12 +80,12 @@ describe "Puppet::Resource::ActiveRecord", :if => (Puppet.features.rails? and de
         found.length.should == 1
         found.map do |item|
           item.should respond_to :to_resource
-          item.restype.should == "exec"
+          item.restype.should == "Exec"
         end
       end
 
       it "should not filter resources that have been found before" do
-        search("exec").should == search("exec")
+        search("Exec").should == search("Exec")
       end
     end
   end
@@ -137,7 +137,12 @@ describe "Puppet::Resource::ActiveRecord", :if => (Puppet.features.rails? and de
       got.keys.should =~ [:conditions]
       got[:conditions][0].should be_include "(exported=? AND restype=?)"
       got[:conditions][1].should == true
-      got[:conditions][2].should == type.to_s
+      got[:conditions][2].should == type.to_s.capitalize
+    end
+
+    it "should capitalize the type, since PGSQL is case sensitive" do
+      got = query(type, 'whatever')
+      got[:conditions][2].should == 'Notify'
     end
   end
 

data/spec/unit/indirector/terminus_spec.rb

@@ -2,7 +2,7 @@
 require 'spec_helper'
 require 'puppet/defaults'
 require 'puppet/indirector'
-require 'puppet/indirector/file'
+require 'puppet/indirector/memory'
 
 describe Puppet::Indirector::Terminus, :'fails_on_ruby_1.9.2' => true do
   before :each do
@@ -201,14 +201,14 @@ describe Puppet::Indirector::Terminus, " when parsing class constants for indire
     @subclass.expects(:indirection=).with(:test_ind)
     @subclass.stubs(:name=)
     @subclass.stubs(:terminus_type=)
-    Puppet::Indirector::File.inherited(@subclass)
+    Puppet::Indirector::Memory.inherited(@subclass)
   end
 
   it "should convert the indirection name to a downcased symbol" do
     @subclass.expects(:indirection=).with(:test_ind)
     @subclass.stubs(:name=)
     @subclass.stubs(:terminus_type=)
-    Puppet::Indirector::File.inherited(@subclass)
+    Puppet::Indirector::Memory.inherited(@subclass)
   end
 
   it "should convert camel case to lower case with underscores as word separators" do

data/spec/unit/provider/ssh_authorized_key/parsed_spec.rb

@@ -110,15 +110,15 @@ describe provider_class, :unless => Puppet.features.microsoft_windows? do
         @provider.flush
       end
 
-      it "should chown the directory to the user" do
+      it "should absolutely not chown the directory to the user" do
         uid = Puppet::Util.uid("random_bob")
-        File.expects(:chown).with(uid, nil, "/tmp/.ssh_dir")
+        File.expects(:chown).never
         @provider.flush
       end
 
-      it "should chown the key file to the user" do
+      it "should absolutely not chown the key file to the user" do
         uid = Puppet::Util.uid("random_bob")
-        File.expects(:chown).with(uid, nil, "/tmp/.ssh_dir/place_to_put_authorized_keys")
+        File.expects(:chown).never
         @provider.flush
       end
 
@@ -153,11 +153,11 @@ describe provider_class, :unless => Puppet.features.microsoft_windows? do
         @provider.flush
       end
 
-      it "should chown the directory to the user if it creates it" do
+      it "should absolutely not chown the directory to the user if it creates it" do
         File.stubs(:exist?).with(@dir).returns false
         Dir.stubs(:mkdir).with(@dir,0700)
         uid = Puppet::Util.uid("nobody")
-        File.expects(:chown).with(uid, nil, @dir)
+        File.expects(:chown).never
         @provider.flush
       end
 
@@ -168,9 +168,9 @@ describe provider_class, :unless => Puppet.features.microsoft_windows? do
         @provider.flush
       end
 
-      it "should chown the key file to the user" do
+      it "should absolutely not chown the key file to the user" do
         uid = Puppet::Util.uid("nobody")
-        File.expects(:chown).with(uid, nil, File.expand_path("~nobody/.ssh/authorized_keys"))
+        File.expects(:chown).never
         @provider.flush
       end
 

metadata

@@ -1,13 +1,13 @@
 --- !ruby/object:Gem::Specification 
 name: puppet
 version: !ruby/object:Gem::Version 
-  hash: 27
+  hash: 25
   prerelease: 
   segments: 
   - 2
   - 7
-  - 4
-  version: 2.7.4
+  - 5
+  version: 2.7.5
 platform: ruby
 authors: 
 - Puppet Labs
@@ -15,7 +15,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2011-09-28 00:00:00 Z
+date: 2011-09-30 00:00:00 Z
 dependencies: 
 - !ruby/object:Gem::Dependency 
   name: facter
@@ -215,7 +215,6 @@ files:
 - lib/puppet/indirector/facts/rest.rb
 - lib/puppet/indirector/facts/store_configs.rb
 - lib/puppet/indirector/facts/yaml.rb
-- lib/puppet/indirector/file.rb
 - lib/puppet/indirector/file_bucket_file/file.rb
 - lib/puppet/indirector/file_bucket_file/rest.rb
 - lib/puppet/indirector/file_content/file.rb
@@ -1332,7 +1331,6 @@ files:
 - spec/unit/indirector/file_metadata/file_spec.rb
 - spec/unit/indirector/file_metadata/rest_spec.rb
 - spec/unit/indirector/file_server_spec.rb
-- spec/unit/indirector/file_spec.rb
 - spec/unit/indirector/indirection_spec.rb
 - spec/unit/indirector/inventory/yaml_spec.rb
 - spec/unit/indirector/key/ca_spec.rb

data/lib/puppet/indirector/file.rb

@@ -1,79 +0,0 @@
-require 'puppet/indirector/terminus'
-
-# Store instances as files, usually serialized using some format.
-class Puppet::Indirector::File < Puppet::Indirector::Terminus
-  # Where do we store our data?
-  def data_directory
-    name = Puppet.run_mode.master? ? :server_datadir : :client_datadir
-
-    File.join(Puppet.settings[name], self.class.indirection_name.to_s)
-  end
-
-  def file_format(path)
-    path =~ /\.(\w+)$/ and return $1
-  end
-
-  def file_path(request)
-    File.join(data_directory, request.key + ".#{serialization_format}")
-  end
-
-  def latest_path(request)
-    files = Dir.glob(File.join(data_directory, request.key + ".*"))
-    return nil if files.empty?
-
-    # Return the newest file.
-    files.sort { |a, b| File.stat(b).mtime <=> File.stat(a).mtime }[0]
-  end
-
-  def serialization_format
-    model.default_format
-  end
-
-  # Remove files on disk.
-  def destroy(request)
-    begin
-      removed = false
-      Dir.glob(File.join(data_directory, request.key.to_s + ".*")).each do |file|
-        removed = true
-        File.unlink(file)
-      end
-    rescue => detail
-      raise Puppet::Error, "Could not remove #{request.key}: #{detail}"
-    end
-
-    raise Puppet::Error, "Could not find files for #{request.key} to remove" unless removed
-  end
-
-  # Return a model instance for a given file on disk.
-  def find(request)
-    return nil unless path = latest_path(request)
-    format = file_format(path)
-
-    raise ArgumentError, "File format #{format} is not supported by #{self.class.indirection_name}" unless model.support_format?(format)
-
-    begin
-      return model.convert_from(format, File.read(path))
-    rescue => detail
-      raise Puppet::Error, "Could not convert path #{path} into a #{self.class.indirection_name}: #{detail}"
-    end
-  end
-
-  # Save a new file to disk.
-  def save(request)
-    path = file_path(request)
-
-    dir = File.dirname(path)
-
-    raise Puppet::Error.new("Cannot save #{request.key}; parent directory #{dir} does not exist") unless File.directory?(dir)
-
-    begin
-      File.open(path, "w") { |f| f.print request.instance.render(serialization_format) }
-    rescue => detail
-      raise Puppet::Error, "Could not write #{request.key}: #{detail}" % [request.key, detail]
-    end
-  end
-
-  def path(key)
-    key
-  end
-end

data/spec/unit/indirector/file_spec.rb

@@ -1,179 +0,0 @@
-#!/usr/bin/env rspec
-require 'spec_helper'
-require 'puppet/indirector/file'
-
-
-describe Puppet::Indirector::File do
-  before :all do
-    Puppet::Indirector::Terminus.stubs(:register_terminus_class)
-    @model = mock 'model'
-    @indirection = stub 'indirection', :name => :mystuff, :register_terminus_type => nil, :model => @model
-    Puppet::Indirector::Indirection.stubs(:instance).returns(@indirection)
-
-    module Testing; end
-    @file_class = class Testing::MyFile < Puppet::Indirector::File
-      self
-    end
-
-    @searcher = @file_class.new
-
-    @path = "/my/file"
-    @dir = "/my"
-
-    @request = stub 'request', :key => @path
-  end
-
-  describe "when finding files" do
-    it "should provide a method to return file contents at a specified path" do
-      @searcher.should respond_to(:find)
-    end
-
-    it "should use the server data directory plus the indirection name if the run_mode is master" do
-      Puppet.run_mode.expects(:master?).returns true
-      Puppet.settings.expects(:value).with(:server_datadir).returns "/my/dir"
-
-      @searcher.data_directory.should == File.join("/my/dir", "mystuff")
-    end
-
-    it "should use the client data directory plus the indirection name if the run_mode is not master" do
-      Puppet.run_mode.expects(:master?).returns false
-      Puppet.settings.expects(:value).with(:client_datadir).returns "/my/dir"
-
-      @searcher.data_directory.should == File.join("/my/dir", "mystuff")
-    end
-
-    it "should use the newest file in the data directory matching the indirection key without extension" do
-      @searcher.expects(:data_directory).returns "/data/dir"
-      @request.stubs(:key).returns "foo"
-      Dir.expects(:glob).with("/data/dir/foo.*").returns %w{/data1.stuff /data2.stuff}
-
-      stat1 = stub 'data1', :mtime => (Time.now - 5)
-      stat2 = stub 'data2', :mtime => Time.now
-      File.expects(:stat).with("/data1.stuff").returns stat1
-      File.expects(:stat).with("/data2.stuff").returns stat2
-
-      @searcher.latest_path(@request).should == "/data2.stuff"
-    end
-
-    it "should return nil when no files are found" do
-      @searcher.stubs(:latest_path).returns nil
-
-      @searcher.find(@request).should be_nil
-    end
-
-    it "should determine the file format from the file extension" do
-      @searcher.file_format("/data2.pson").should == "pson"
-    end
-
-    it "should fail if the model does not support the file format" do
-      @searcher.stubs(:latest_path).returns "/my/file.pson"
-
-      @model.expects(:support_format?).with("pson").returns false
-
-      lambda { @searcher.find(@request) }.should raise_error(ArgumentError)
-    end
-  end
-
-  describe "when saving files" do
-    before do
-      @content = "my content"
-      @file = stub 'file', :content => @content, :path => @path, :name => @path, :render => "mydata"
-      @request.stubs(:instance).returns @file
-    end
-
-    it "should provide a method to save file contents at a specified path" do
-      @searcher.should respond_to(:save)
-    end
-
-    it "should choose the file extension based on the default format of the model" do
-      @model.expects(:default_format).returns "pson"
-
-      @searcher.serialization_format.should == "pson"
-    end
-
-    it "should place the file in the data directory, named after the indirection, key, and format" do
-      @searcher.stubs(:data_directory).returns "/my/dir"
-      @searcher.stubs(:serialization_format).returns "pson"
-
-      @request.stubs(:key).returns "foo"
-      @searcher.file_path(@request).should == File.join("/my/dir", "foo.pson")
-    end
-
-    it "should fail intelligently if the file's parent directory does not exist" do
-      @searcher.stubs(:file_path).returns "/my/dir/file.pson"
-      @searcher.stubs(:serialization_format).returns "pson"
-
-      @request.stubs(:key).returns "foo"
-      File.expects(:directory?).with(File.join("/my/dir")).returns(false)
-
-      proc { @searcher.save(@request) }.should raise_error(Puppet::Error)
-    end
-
-    it "should render the instance using the file format and print it to the file path" do
-      @searcher.stubs(:file_path).returns "/my/file.pson"
-      @searcher.stubs(:serialization_format).returns "pson"
-
-      File.stubs(:directory?).returns true
-
-      @request.instance.expects(:render).with("pson").returns "data"
-
-      fh = mock 'filehandle'
-      File.expects(:open).with("/my/file.pson", "w").yields fh
-      fh.expects(:print).with("data")
-
-      @searcher.save(@request)
-    end
-
-    it "should fail intelligently if a file cannot be written" do
-      filehandle = mock 'file'
-      File.stubs(:directory?).returns(true)
-      File.stubs(:open).yields(filehandle)
-      filehandle.expects(:print).raises(ArgumentError)
-
-      @searcher.stubs(:file_path).returns "/my/file.pson"
-      @model.stubs(:default_format).returns "pson"
-
-      @instance.stubs(:render).returns "stuff"
-
-      proc { @searcher.save(@request) }.should raise_error(Puppet::Error)
-    end
-  end
-
-  describe "when removing files" do
-    it "should provide a method to remove files" do
-      @searcher.should respond_to(:destroy)
-    end
-
-    it "should remove files in all formats found in the data directory that match the request key" do
-      @searcher.stubs(:data_directory).returns "/my/dir"
-      @request.stubs(:key).returns "me"
-
-      Dir.expects(:glob).with(File.join("/my/dir", "me.*")).returns %w{/one /two}
-
-      File.expects(:unlink).with("/one")
-      File.expects(:unlink).with("/two")
-
-      @searcher.destroy(@request)
-    end
-
-    it "should throw an exception if no file is found" do
-      @searcher.stubs(:data_directory).returns "/my/dir"
-      @request.stubs(:key).returns "me"
-
-      Dir.expects(:glob).with(File.join("/my/dir", "me.*")).returns []
-
-      proc { @searcher.destroy(@request) }.should raise_error(Puppet::Error)
-    end
-
-    it "should fail intelligently if a file cannot be removed" do
-      @searcher.stubs(:data_directory).returns "/my/dir"
-      @request.stubs(:key).returns "me"
-
-      Dir.expects(:glob).with(File.join("/my/dir", "me.*")).returns %w{/one}
-
-      File.expects(:unlink).with("/one").raises ArgumentError
-
-      proc { @searcher.destroy(@request) }.should raise_error(Puppet::Error)
-    end
-  end
-end