puppet 4.10.6-universal-darwin → 4.10.7-universal-darwin

data/lib/puppet/application/device.rb

@@ -65,50 +65,54 @@ puppet-device(8) -- Manage remote network devices
 
 SYNOPSIS
 --------
-Retrieves all configurations from the puppet master and apply
-them to the remote devices configured in /etc/puppetlabs/puppet/device.conf.
+Retrieves catalogs from the Puppet master and applies them to remote devices. 
+
+This subcommand can be run manually; or periodically using cron,
+a scheduled task, or a similar tool.
 
-Currently must be run out periodically, using cron or something similar.
 
 USAGE
 -----
-  puppet device [-d|--debug] [--detailed-exitcodes] [-V|--version]
+  puppet device [-d|--debug] [--detailed-exitcodes]
                 [-h|--help] [-l|--logdest syslog|<file>|console]
                 [-v|--verbose] [-w|--waitforcert <seconds>]
+                [--user=<user>] [-V|--version]
 
 
 DESCRIPTION
 -----------
-Once the client has a signed certificate for a given remote device, it will
-retrieve its configuration and apply it.
+Devices require a proxy Puppet agent to request certificates, collect facts,
+retrieve and apply catalogs, and store reports.
+
 
 USAGE NOTES
 -----------
-One need a /etc/puppetlabs/puppet/device.conf file with the following content:
+Devices managed by the puppet-device subcommand on a Puppet agent are 
+configured in device.conf, which is located at $confdir/device.conf by default, 
+and is configurable with the $deviceconfig setting. 
+
+The device.conf file is an INI-like file, with one section per device:
+
+[<DEVICE_CERTNAME>]
+type <TYPE>
+url <URL>
+debug
 
-[remote.device.fqdn]
-type <type>
-url <url>
+The section name specifies the certname of the device. 
 
-where:
- * type: the current device type (the only value at this time is cisco)
- * url: an url allowing to connect to the device
+The values for the type and url properties are specific to each type of device.
 
-Supported url must conforms to:
- scheme://user:password@hostname/?query
+The optional debug property specifies transport-level debugging,
+and is limited to telnet and ssh transports.
+
+See https://docs.puppet.com/puppet/latest/config_file_device.html for details.
 
- with:
-  * scheme: either ssh or telnet
-  * user: username, can be omitted depending on the switch/router configuration
-  * password: the connection password
-  * query: this is device specific. Cisco devices supports an enable parameter whose
-  value would be the enable password.
 
 OPTIONS
 -------
-Note that any setting that's valid in the configuration file
-is also a valid long argument.  For example, 'server' is a valid configuration
-parameter, so you can specify '--server <servername>' as an argument.
+Note that any setting that's valid in the configuration file is also a valid 
+long argument. For example, 'server' is a valid configuration parameter, so 
+you can specify '--server <servername>' as an argument.
 
 * --debug:
   Enable full debugging.
@@ -133,6 +137,10 @@ parameter, so you can specify '--server <servername>' as an argument.
   appending nature of logging. It must be appended manually to make the content
   valid JSON.
 
+* --user:
+  The user to run as. '--user=root' is required, even when run as root,
+  for runs that create device certificates or keys.
+
 * --verbose:
   Turn on verbose reporting.
 
@@ -141,8 +149,8 @@ parameter, so you can specify '--server <servername>' as an argument.
   and it is enabled by default, with a value of 120 (seconds).  This causes
   +puppet agent+ to connect to the server every 2 minutes and ask it to sign a
   certificate request.  This is useful for the initial setup of a puppet
-  client.  You can turn off waiting for certificates by specifying a time
-  of 0.
+  client.  You can turn off waiting for certificates by specifying a time of 0.
+
 
 EXAMPLE
 -------

data/lib/puppet/functions/epp.rb

@@ -21,6 +21,9 @@
 # `epp('apache/vhost/_docroot.epp', { 'docroot' => '/var/www/html',
 # 'virtual_docroot' => '/var/www/example' })`
 #
+# This function can also accept an absolute path, which can load a template file
+# from anywhere on disk.
+#
 # Puppet produces a syntax error if you pass more parameters than are declared in
 # the template's parameter tag. When passing parameters to a template that
 # contains a parameter tag, use the same names as the tag's declared parameters.

data/lib/puppet/generate/models/type/property.rb

@@ -40,7 +40,7 @@ module Puppet
             values = property.value_collection.instance_variable_get('@values') || {}
             values.each do |_, value|
               if value.regex?
-                regexes << "/#{value.name.source.gsub(/\//, '\/')}/"
+                regexes << Puppet::Pops::Types::StringConverter.convert(value.name, '%p')
                 next
               end
 

data/lib/puppet/indirector/request.rb

@@ -207,7 +207,7 @@ class Puppet::Indirector::Request
       if primary_server = Puppet.settings[:server_list][0]
         bound_server = primary_server[0]
       else
-        bound_server = nil
+        bound_server = Puppet.settings[:server]
       end
     end
 
@@ -217,11 +217,11 @@ class Puppet::Indirector::Request
       if primary_server = Puppet.settings[:server_list][0]
         bound_port = primary_server[1]
       else
-        bound_port = nil
+        bound_port = Puppet.settings[:masterport]
       end
     end
-    self.server = default_server || bound_server || Puppet.settings[:server]
-    self.port   = default_port || bound_port || Puppet.settings[:masterport]
+    self.server = default_server || bound_server
+    self.port   = default_port || bound_port
 
     Puppet.debug "No more servers left, falling back to #{self.server}:#{self.port}" if Puppet.settings[:use_srv_records]
 

data/lib/puppet/parser/ast/leaf.rb

@@ -70,6 +70,6 @@ class Puppet::Parser::AST::Regex < Puppet::Parser::AST::Leaf
   end
 
   def to_s
-    "/#{@value.source}/"
+    Puppet::Pops::Types::PRegexpType.regexp_to_s_with_delimiters(@value)
   end
 end

data/lib/puppet/parser/functions/epp.rb

@@ -22,6 +22,9 @@ function like this:
 `epp('apache/vhost/_docroot.epp', { 'docroot' => '/var/www/html',
 'virtual_docroot' => '/var/www/example' })`
 
+This function can also accept an absolute path, which can load a template file
+from anywhere on disk.
+
 Puppet produces a syntax error if you pass more parameters than are declared in
 the template's parameter tag. When passing parameters to a template that
 contains a parameter tag, use the same names as the tag's declared parameters.

data/lib/puppet/pops/evaluator/evaluator_impl.rb

@@ -1087,7 +1087,7 @@ class EvaluatorImpl
   end
 
   def string_Regexp(o, scope)
-    "/#{o.source}/"
+    Types::PRegexpType.regexp_to_s_with_delimiters(o)
   end
 
   def string_PAnyType(o, scope)

data/lib/puppet/pops/model/model_tree_dumper.rb

@@ -159,7 +159,7 @@ class Puppet::Pops::Model::ModelTreeDumper < Puppet::Pops::Model::TreeDumper
   end
 
   def dump_LiteralRegularExpression o
-    "/#{o.value.source}/"
+    Puppet::Pops::Types::StringConverter.convert(o.value, '%p')
   end
 
   def dump_Nop o

data/lib/puppet/pops/patterns.rb

@@ -48,7 +48,7 @@ module Puppet::Pops::Patterns
 
   # VAR_NAME matches the name part of a variable (The $ character is not included)
   # Note, that only the final segment may start with an underscore.
-  VAR_NAME = %r{\A(?:(::)?[a-z]\w*)*(?:(::)?[a-z_]\w*)\z}
+  VAR_NAME = %r{\A(?:((::)?[a-z]\w*)*(?:(::)?_\w*)?)\z}
 
   # PARAM_NAME matches the name part of a parameter (The $ character is not included)
   PARAM_NAME = %r{\A[a-z_]\w*\z}

data/lib/puppet/pops/types/string_converter.rb

@@ -826,12 +826,10 @@ class StringConverter
     f = get_format(val_type, format_map)
     case f.format
     when :p
-      rx_s = val.options == 0 ? val.source : val.to_s
-      rx_s = rx_s.gsub(/\//, '\/') unless Gem::Version.new(RUBY_VERSION.dup) < Gem::Version.new('2.0.0')
-      str_regexp = "/#{rx_s}/"
+      str_regexp = PRegexpType.regexp_to_s_with_delimiters(val)
       f.orig_fmt == '%p' ? str_regexp : Kernel.format(f.orig_fmt.gsub('p', 's'), str_regexp)
     when :s
-      str_regexp = val.options == 0 ? val.source : val.to_s
+      str_regexp = PRegexpType.regexp_to_s(val)
       str_regexp = puppet_quote(str_regexp) if f.alt?
       f.orig_fmt == '%s' ? str_regexp : Kernel.format(f.orig_fmt, str_regexp)
     else

data/lib/puppet/pops/types/type_calculator.rb

@@ -606,7 +606,7 @@ class TypeCalculator
 
   # @api private
   def infer_Regexp(o)
-    PRegexpType.new(o.source)
+    PRegexpType.new(o)
   end
 
   # @api private

data/lib/puppet/pops/types/type_formatter.rb

@@ -507,7 +507,7 @@ class TypeFormatter
   def string_Numeric(t)      ; @bld << t.to_s    ; end
 
   # @api private
-  def string_Regexp(t)       ; @bld << t.inspect; end
+  def string_Regexp(t)       ; @bld << PRegexpType.regexp_to_s_with_delimiters(t); end
 
   # @api private
   def string_String(t)

data/lib/puppet/pops/types/types.rb

@@ -1573,10 +1573,64 @@ class PRegexpType < PScalarType
 
   attr_reader :pattern
 
+  # @param regexp [Regexp] the regular expression
+  # @return [String] the Regexp as a slash delimited string with slashes escaped
+  def self.regexp_to_s_with_delimiters(regexp)
+    regexp.options == 0 ? regexp.inspect : "/#{regexp.to_s}/"
+  end
+
+  # @param regexp [Regexp] the regular expression
+  # @return [String] the Regexp as a string without escaped slash
+  def self.regexp_to_s(regexp)
+    # Rubies < 2.0.0 retains escaped delimiters in the source string.
+    @source_retains_escaped_slash ||= Gem::Version.new(RUBY_VERSION.dup) < Gem::Version.new('2.0.0')
+    source = regexp.source
+    if @source_retains_escaped_slash && source.include?('\\')
+      # Restore corrupt string in rubies <2.0.0, i.e. turn '\/' into '/' but
+      # don't touch valid escapes such as '\s', '\{' etc.
+      escaped = false
+      bld = ''
+      source.each_codepoint do |codepoint|
+        if escaped
+          bld << 0x5c unless codepoint == 0x2f # '/'
+          bld << codepoint
+          escaped = false
+        elsif codepoint == 0x5c # '\'
+          escaped = true
+        elsif codepoint <= 0x7f
+          bld << codepoint
+        else
+          bld << [codepoint].pack('U')
+        end
+      end
+      source = bld
+    end
+    append_flags_group(source, regexp.options)
+  end
+
+  def self.append_flags_group(rx_string, options)
+    if options == 0
+      rx_string
+    else
+      bld = '(?'
+      bld << 'i' if (options & Regexp::IGNORECASE) != 0
+      bld << 'm' if (options & Regexp::MULTILINE) != 0
+      bld << 'x' if (options & Regexp::EXTENDED) != 0
+      unless options == (Regexp::IGNORECASE | Regexp::MULTILINE | Regexp::EXTENDED)
+        bld << '-'
+        bld << 'i' if (options & Regexp::IGNORECASE) == 0
+        bld << 'm' if (options & Regexp::MULTILINE) == 0
+        bld << 'x' if (options & Regexp::EXTENDED) == 0
+      end
+      bld << ':' << rx_string << ')'
+      bld.freeze
+    end
+  end
+
   def initialize(pattern)
     if pattern.is_a?(Regexp)
       @regexp = pattern
-      @pattern = pattern.options == 0 ? pattern.source : pattern.to_s
+      @pattern = PRegexpType.regexp_to_s(pattern)
     else
       @pattern = pattern
     end
@@ -1595,7 +1649,7 @@ class PRegexpType < PScalarType
   end
 
   def instance?(o, guard=nil)
-    o.is_a?(Regexp) && (@pattern.nil? || @pattern == (o.options == 0 ? o.source : o.to_s))
+    o.is_a?(Regexp) && @pattern.nil? || regexp == o
   end
 
   DEFAULT = PRegexpType.new(nil)

data/lib/puppet/provider/package/aix.rb

@@ -38,7 +38,7 @@ Puppet::Type.type(:package).provide :aix, :parent => Puppet::Provider::Package d
 
     return unless packages.detect { |name, package| package.should(:ensure) == :latest }
 
-    sources = packages.collect { |name, package| package[:source] }.uniq
+    sources = packages.collect { |name, package| package[:source] }.uniq.compact
 
     updates = {}
     sources.each do |source|

data/lib/puppet/provider/package/yum.rb

@@ -92,6 +92,7 @@ Puppet::Type.type(:package).provide :yum, :parent => :rpm, :source => :rpm do
     updates = Hash.new { |h, k| h[k] = [] }
     body.split.each_slice(3) do |tuple|
       break if tuple[0] =~ /^(Obsoleting|Security:|Update)/
+      break unless tuple[1].match(/^(?:(\d+):)?(\S+)-(\S+)$/)
       hash = update_to_hash(*tuple[0..1])
       # Create entries for both the package name without a version and a
       # version since yum considers those as mostly interchangeable.

data/lib/puppet/util/windows/api_types.rb

@@ -53,17 +53,21 @@ module Puppet::Util::Windows::APITypes
     alias_method :read_word,  :read_uint16
     alias_method :read_array_of_wchar, :read_array_of_uint16
 
-    def read_wide_string(char_length, dst_encoding = Encoding::UTF_8)
+    def read_wide_string(char_length, dst_encoding = Encoding::UTF_8, encode_options = {})
       # char_length is number of wide chars (typically excluding NULLs), *not* bytes
       str = get_bytes(0, char_length * 2).force_encoding('UTF-16LE')
-      str.encode(dst_encoding)
+      str.encode(dst_encoding, str.encoding, encode_options)
+    rescue Exception => e
+      Puppet.debug "Unable to convert value #{str.dump} to encoding #{dst_encoding} due to #{e.inspect}"
+      raise
     end
 
     # @param max_char_length [Integer] Maximum number of wide chars to return (typically excluding NULLs), *not* bytes
     # @param null_terminator [Symbol] Number of number of null wchar characters, *not* bytes, that determine the end of the string
     #   null_terminator = :single_null, then the terminating sequence is two bytes of zero.   This is UNIT16 = 0
     #   null_terminator = :double_null, then the terminating sequence is four bytes of zero.  This is UNIT32 = 0
-    def read_arbitrary_wide_string_up_to(max_char_length = 512, null_terminator = :single_null)
+    # @param encode_options [Hash] Accepts the same option hash that may be passed to String#encode in Ruby
+    def read_arbitrary_wide_string_up_to(max_char_length = 512, null_terminator = :single_null, encode_options = {})
       if null_terminator != :single_null && null_terminator != :double_null
         raise "Unable to read wide strings with #{null_terminator} terminal nulls"
       end
@@ -73,11 +77,11 @@ module Puppet::Util::Windows::APITypes
 
       # Look for a null terminating characters; if found, read up to that null (exclusive)
       (0...max_char_length - terminator_width).each do |i|
-        return read_wide_string(i) if send(reader_method, (i * 2)) == 0
+        return read_wide_string(i, Encoding::UTF_8, encode_options) if send(reader_method, (i * 2)) == 0
       end
 
       # String is longer than the max; read just to the max
-      read_wide_string(max_char_length)
+      read_wide_string(max_char_length, Encoding::UTF_8, encode_options)
     end
 
     def read_win32_local_pointer(&block)

data/lib/puppet/util/windows/process.rb

@@ -236,9 +236,17 @@ module Puppet::Util::Windows::Process
   def get_environment_strings
     env_ptr = GetEnvironmentStringsW()
 
-    pairs = env_ptr.read_arbitrary_wide_string_up_to(65534, :double_null)
+    # pass :invalid => :replace to the Ruby String#encode to use replacement characters
+    pairs = env_ptr.read_arbitrary_wide_string_up_to(65534, :double_null, { :invalid => :replace })
       .split(?\x00)
       .reject { |env_str| env_str.nil? || env_str.empty? || env_str[0] == '=' }
+      .reject do |env_str|
+        # reject any string containing the Unicode replacement character
+        if env_str.include?("\uFFFD")
+          Puppet.warning("Discarding environment variable #{env_str} which contains invalid bytes")
+          true
+        end
+      end
       .map { |env_pair| env_pair.split('=', 2) }
     Hash[ pairs ]
   ensure

data/lib/puppet/version.rb

@@ -6,7 +6,7 @@
 # Raketasks and such to set the version based on the output of `git describe`
 
 module Puppet
-  PUPPETVERSION = '4.10.6'
+  PUPPETVERSION = '4.10.7'
 
   ##
   # version is a public API method intended to always provide a fast and

data/spec/fixtures/unit/provider/package/yum/yum-check-update-plugin-output.txt

@@ -0,0 +1,36 @@
+Loaded plugins: fastestmirror
+Loading mirror speeds from cached hostfile
+
+NetworkManager.x86_64              1:1.0.0-14.git20150121.b4ea599c.el7    base
+NetworkManager-glib.x86_64         1:1.0.0-14.git20150121.b4ea599c.el7    base
+NetworkManager-tui.x86_64          1:1.0.0-14.git20150121.b4ea599c.el7    base
+alsa-firmware.noarch               1.0.28-2.el7                           base
+alsa-lib.x86_64                    1.0.28-2.el7                           base
+audit.x86_64                       2.4.1-5.el7                            base
+audit-libs.x86_64                  2.4.1-5.el7                            base
+authconfig.x86_64                  6.2.8-9.el7                            base
+avahi.x86_64                       0.6.31-14.el7                          base
+avahi-autoipd.x86_64               0.6.31-14.el7                          base
+avahi-libs.x86_64                  0.6.31-14.el7                          base
+bash.x86_64                        4.2.46-12.el7                          base
+bind-libs-lite.x86_64              32:9.9.4-18.el7_1.1                    updates
+bind-license.noarch                32:9.9.4-18.el7_1.1                    updates
+binutils.x86_64                    2.23.52.0.1-30.el7_1.2                 updates
+biosdevname.x86_64                 0.6.1-2.el7                            base
+btrfs-progs.x86_64                 3.16.2-1.el7                           base
+ca-certificates.noarch             2015.2.4-70.0.el7_1                    updates
+centos-logos.noarch                70.0.6-2.el7.centos                    updates
+centos-release.x86_64              7-1.1503.el7.centos.2.8                base
+cpp.x86_64                         4.8.3-9.el7                            base
+cronie.x86_64                      1.4.11-13.el7                          base
+cronie-anacron.x86_64              1.4.11-13.el7                          base
+cryptsetup-libs.x86_64             1.6.6-3.el7                            base
+dbus.x86_64                        1:1.6.12-11.el7                        base
+dbus-libs.x86_64                   1:1.6.12-11.el7                        base
+device-mapper.x86_64               7:1.02.93-3.el7                        base
+device-mapper-event.x86_64         7:1.02.93-3.el7                        base
+device-mapper-event-libs.x86_64    7:1.02.93-3.el7                        base
+device-mapper-libs.x86_64          7:1.02.93-3.el7                        base
+Random plugin output
+Loaded plugins: fastestmirror, product-id, fake-plugin
+Random plugin failed, is the mirror available?

data/spec/integration/util/windows/process_spec.rb

@@ -34,6 +34,51 @@ describe "Puppet::Util::Windows::Process", :if => Puppet.features.microsoft_wind
     end
   end
 
+  describe "when reading environment variables" do
+    after :each do
+      # spec\integration\test\test_helper_spec.rb calls set_environment_strings
+      # after :all and thus needs access to the real APIs once again
+      Puppet::Util::Windows::Process.unstub(:GetEnvironmentStringsW)
+      Puppet::Util::Windows::Process.unstub(:FreeEnvironmentStringsW)
+    end
+
+    it "will ignore only keys or values with corrupt byte sequences" do
+      arraydest = []
+      Puppet::Util::Log.newdestination(Puppet::Test::LogCollector.new(arraydest))
+
+      env_vars = {}
+
+      # Create a UTF-16LE version of the below null separated environment string
+      # "a=b\x00c=d\x00e=\xDD\xDD\x00f=g\x00\x00"
+      env_var_block =
+        "a=b\x00".encode(Encoding::UTF_16LE) +
+        "c=d\x00".encode(Encoding::UTF_16LE) +
+        'e='.encode(Encoding::UTF_16LE) + "\xDD\xDD".force_encoding(Encoding::UTF_16LE) + "\x00".encode(Encoding::UTF_16LE) +
+        "f=g\x00\x00".encode(Encoding::UTF_16LE)
+
+      env_var_block_bytes = env_var_block.bytes.to_a
+
+      FFI::MemoryPointer.new(:byte, env_var_block_bytes.count) do |ptr|
+        # uchar here is synonymous with byte
+        ptr.put_array_of_uchar(0, env_var_block_bytes)
+
+        # stub the block of memory that the Win32 API would typically return via pointer
+        Puppet::Util::Windows::Process.expects(:GetEnvironmentStringsW).returns(ptr)
+        # stub out the real API call to free memory, else process crashes
+        Puppet::Util::Windows::Process.expects(:FreeEnvironmentStringsW)
+
+        env_vars = Puppet::Util::Windows::Process.get_environment_strings
+      end
+
+      # based on corrupted memory, the e=\xDD\xDD should have been removed from the set
+      expect(env_vars).to eq({'a' => 'b', 'c' => 'd', 'f' => 'g'})
+
+      # and Puppet should emit a warning about it
+      expect(arraydest.last.level).to eq(:warning)
+      expect(arraydest.last.message).to eq("Discarding environment variable e=\uFFFD which contains invalid bytes")
+    end
+  end
+
   describe "when setting environment variables" do
     it "can properly handle env var values with = in them" do
       begin