Update to 0.25.2

- Fixes CVE-2010-0156, tmpfile security issue (#502881)
- Install auth.conf, puppetqd manpage, and queuing examples/docs
- Replace %%define with %%global for macros

5 files changed, 16 insertions, 113 deletions

diff --git a/.cvsignore b/.cvsignore
index 58fb452..728a193 100644
--- a/.cvsignore
+++ b/.cvsignore
@@ -1 +1 @@
-puppet-0.25.1.tar.gz
+puppet-0.25.2.tar.gz
diff --git a/puppet-0.25.1-0001-Initialize-supplementary-groups-ported-patch-from-0..patch b/puppet-0.25.1-0001-Initialize-supplementary-groups-ported-patch-from-0..patch
deleted file mode 100644
index 3cc8c09..0000000
--- a/puppet-0.25.1-0001-Initialize-supplementary-groups-ported-patch-from-0..patch
+++ /dev/null
@@ -1,75 +0,0 @@
-From 50952a627a9c96a147c7bcac91f6e2380e483310 Mon Sep 17 00:00:00 2001
-From: Jeroen van Meeuwen (Fedora Unity) <kanarip@fedoraunity.org>
-Date: Wed, 25 Nov 2009 13:38:52 +0100
-Subject: [PATCH] Initialize supplementary groups (ported patch from 0.24.8 originally from Till Maas)
-
----
- lib/puppet/util.rb             |    5 +++--
- lib/puppet/util/suidmanager.rb |   12 +++++++++++-
- 2 files changed, 14 insertions(+), 3 deletions(-)
-
-diff --git a/lib/puppet/util.rb b/lib/puppet/util.rb
-index 6f83c7a..8e2e8a3 100644
---- a/lib/puppet/util.rb
-+++ b/lib/puppet/util.rb
-@@ -55,10 +55,11 @@ module Util
-             end
-             unless Puppet::Util::SUIDManager.uid == user
-                 begin
-+                    Puppet::Util::SUIDManager.initgroups(user)
-                     Puppet::Util::SUIDManager.uid = user
-                     Puppet::Util::SUIDManager.euid = user
--                rescue
--                    $stderr.puts "could not change to user %s" % user
-+                rescue => detail
-+                    $stderr.puts "could not change to user %s: %s" % [user, detail]
-                     exit(74)
-                 end
-             end
-diff --git a/lib/puppet/util/suidmanager.rb b/lib/puppet/util/suidmanager.rb
-index c5df0d1..7896945 100644
---- a/lib/puppet/util/suidmanager.rb
-+++ b/lib/puppet/util/suidmanager.rb
-@@ -7,7 +7,7 @@ module Puppet::Util::SUIDManager
-     extend Forwardable
- 
-     to_delegate_to_process = [ :euid=, :euid, :egid=, :egid,
--                               :uid=, :uid, :gid=, :gid ]
-+                               :uid=, :uid, :gid=, :gid, :groups=, :groups ]
- 
-     to_delegate_to_process.each do |method|
-         def_delegator Process, method
-@@ -26,13 +26,16 @@ module Puppet::Util::SUIDManager
-         # We set both because some programs like to drop privs, i.e. bash.
-         old_uid, old_gid = self.uid, self.gid
-         old_euid, old_egid = self.euid, self.egid
-+        old_groups = self.groups
-         begin
-             self.egid = convert_xid :gid, new_gid if new_gid
-+            self.initgroups(convert_xid(:uid, new_uid)) if new_uid
-             self.euid = convert_xid :uid, new_uid if new_uid
- 
-             yield
-         ensure
-             self.euid, self.egid = old_euid, old_egid
-+            self.groups = old_groups
-         end
-     end
-     module_function :asuser
-@@ -49,6 +52,13 @@ module Puppet::Util::SUIDManager
-     end
-     module_function :convert_xid
- 
-+    # Initialize supplementary groups
-+    def initgroups(user)
-+        require 'etc'
-+        Process.initgroups(Etc.getpwuid(user).name, Process.gid)
-+    end
-+    module_function :initgroups
-+
- 
-     def run_and_capture(command, new_uid=nil, new_gid=nil)
-         output = Puppet::Util.execute(command, :failonfail => false, :uid => new_uid, :gid => new_gid)
--- 
-1.6.5.2
-
diff --git a/puppet-0.25.1-server-initscript.patch b/puppet-0.25.1-server-initscript.patch
deleted file mode 100644
index 69bbfac..0000000
--- a/puppet-0.25.1-server-initscript.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-From 8894aae81d26a9564305ae89ac159320c53dca83 Mon Sep 17 00:00:00 2001
-From: Todd Zullinger <tmz@pobox.com>
-Date: Tue, 27 Oct 2009 10:30:08 -0400
-Subject: [PATCH/puppet] conf/redhat: Prevent killproc from removing /usr/sbin/puppetmasterd
-
-Mattias Saou ran into a serious bug cause by 9dff71 (Use -p option to
-killproc).  The puppetmaster init script lacked a pidfile variable,
-which ended up with /usr/sbin/puppetmasterd being removed.
----
- conf/redhat/server.init |    1 +
- 1 files changed, 1 insertions(+), 0 deletions(-)
-
-diff --git a/conf/redhat/server.init b/conf/redhat/server.init
-index 5505058..4f44206 100644
---- a/conf/redhat/server.init
-+++ b/conf/redhat/server.init
-@@ -13,6 +13,7 @@ PATH=/usr/bin:/sbin:/bin:/usr/sbin
- export PATH
- 
- lockfile=/var/lock/subsys/puppetmaster
-+pidfile=/var/run/puppet/puppetmasterd.pid
- 
- # Source function library.
- . /etc/rc.d/init.d/functions
--- 
-1.6.5.2
-
diff --git a/puppet.spec b/puppet.spec
index 0e8a7a0..b08b81a 100644
--- a/puppet.spec
+++ b/puppet.spec
@@ -5,18 +5,14 @@
 %define confdir conf/redhat
 
 Name:           puppet
-Version:        0.25.1
+Version:        0.25.2
 Release:        1%{?dist}
 Summary:        A network tool for managing many disparate systems
 License:        GPLv2+
 URL:            http://puppet.reductivelabs.com/
 Source0:        http://reductivelabs.com/downloads/puppet/%{name}-%{version}.tar.gz
-# Brown paper bag fix for my killproc blunder (tmz)
-Patch0:         puppet-0.25.1-server-initscript.patch
-# https://bugzilla.redhat.com/475201
-Patch1:         puppet-0.25.1-0001-Initialize-supplementary-groups-ported-patch-from-0..patch
 # https://bugzilla.redhat.com/495096
-Patch2:         puppet-0.25.1-0002-Correct-rundir-permissions.patch
+Patch0:         puppet-0.25.1-0002-Correct-rundir-permissions.patch
 
 Group:          System Environment/Base
 
@@ -72,8 +68,6 @@ The server can also function as a certificate authority and file server.
 %prep
 %setup -q
 %patch0 -p1
-%patch1 -p1
-%patch2 -p1
 
 %build
 # Fix some rpmlint complaints
@@ -90,6 +84,9 @@ chmod +x ext/puppetstoredconfigclean.rb
 find examples/ -type f -empty | xargs rm
 find examples/ -type f | xargs chmod a-x
 
+# puppet-queue.conf is more of an example, used for stompserver
+mv conf/puppet-queue.conf examples/etc/puppet/
+
 %install
 rm -rf %{buildroot}
 ruby install.rb --destdir=%{buildroot} --quick --no-rdoc
@@ -104,6 +101,7 @@ install -Dp -m0644 %{confdir}/server.sysconfig %{buildroot}%{_sysconfdir}/syscon
 install -Dp -m0755 %{confdir}/server.init %{buildroot}%{_initrddir}/puppetmaster
 install -Dp -m0644 %{confdir}/fileserver.conf %{buildroot}%{_sysconfdir}/puppet/fileserver.conf
 install -Dp -m0644 %{confdir}/puppet.conf %{buildroot}%{_sysconfdir}/puppet/puppet.conf
+install -Dp -m0644 conf/auth.conf %{buildroot}%{_sysconfdir}/puppet/auth.conf
 install -Dp -m0644 %{confdir}/logrotate %{buildroot}%{_sysconfdir}/logrotate.d/puppet
 
 # We need something for these ghosted files, otherwise rpmbuild
@@ -131,7 +129,7 @@ install -Dp -m0644 ext/vim/syntax/puppet.vim $vimdir/syntax/puppet.vim
 
 %files
 %defattr(-, root, root, 0755)
-%doc CHANGELOG COPYING LICENSE README examples
+%doc CHANGELOG COPYING LICENSE README README.queueing examples
 %{_bindir}/pi
 %{_bindir}/puppet
 %{_bindir}/ralsh
@@ -144,6 +142,7 @@ install -Dp -m0644 ext/vim/syntax/puppet.vim $vimdir/syntax/puppet.vim
 %dir %{_sysconfdir}/puppet
 %config(noreplace) %{_sysconfdir}/sysconfig/puppet
 %config(noreplace) %{_sysconfdir}/puppet/puppet.conf
+%config(noreplace) %{_sysconfdir}/puppet/auth.conf
 %ghost %config(noreplace,missingok) %{_sysconfdir}/puppet/puppetca.conf
 %ghost %config(noreplace,missingok) %{_sysconfdir}/puppet/puppetd.conf
 %config(noreplace) %{_sysconfdir}/logrotate.d/puppet
@@ -177,6 +176,7 @@ install -Dp -m0644 ext/vim/syntax/puppet.vim $vimdir/syntax/puppet.vim
 %{_mandir}/man8/filebucket.8.gz
 %{_mandir}/man8/puppetmasterd.8.gz
 %{_mandir}/man8/puppetrun.8.gz
+%{_mandir}/man8/puppetqd.8.gz
 
 # Fixed uid/gid were assigned in bz 472073 (Fedora), 471918 (RHEL-5),
 # and 471919 (RHEL-4)
@@ -222,6 +222,11 @@ fi
 rm -rf %{buildroot}
 
 %changelog
+* Tue Jan 05 2010 Todd Zullinger <tmz@pobox.com> - 0.25.2-1
+- Update to 0.25.2
+- Fixes CVE-2010-0156, tmpfile security issue (#502881)
+- Install auth.conf, puppetqd manpage, and queuing examples/docs
+
 * Wed Nov 25 2009 Jeroen van Meeuwen <j.van.meeuwen@ogd.nl> - 0.25.1-1
 - New upstream version
 
diff --git a/sources b/sources
index a00c1fb..a914bda 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-55ced6102fe6ad8b2ecb2b1384008167  puppet-0.25.1.tar.gz
+d96be601ca6f936ec7c35a7206b2fa85  puppet-0.25.2.tar.gz