← Back to branch summary

~lynxman/ubuntu/precise/puppet/puppetlabsfixbug12844

~lynxman/ubuntu/precise/puppet/puppetlabsfixbug12844

« back to all changes in this revision

Viewing changes to .pc/CVE-2011-3872.patch/test/network/client/dipper.rb

Committer: Bazaar Package Importer
Author(s): Marc Deslauriers
Date: 2011-10-24 15:05:12 UTC
Revision ID: james.westby@ubuntu.com-20111024150512-yxqwfdp6hcs6of5l

Tags: 2.7.1-1ubuntu3.2

* SECURITY UPDATE: puppet master impersonation via incorrect certificates
  - debian/patches/CVE-2011-3872.patch: refactor certificate handling.
  - Thanks to upstream for providing the patch.
  - CVE-2011-3872

files added:
.pc/CVE-2011-3872.patch

.pc/CVE-2011-3872.patch/acceptance

.pc/CVE-2011-3872.patch/acceptance/tests

.pc/CVE-2011-3872.patch/acceptance/tests/ticket_5477_master_not_dectect_sitepp.rb

.pc/CVE-2011-3872.patch/acceptance/tests/ticket_7117_broke_env_criteria_authconf.rb

.pc/CVE-2011-3872.patch/lib

.pc/CVE-2011-3872.patch/lib/puppet

.pc/CVE-2011-3872.patch/lib/puppet/application

.pc/CVE-2011-3872.patch/lib/puppet/application/cert.rb

.pc/CVE-2011-3872.patch/lib/puppet/application/kick.rb

.pc/CVE-2011-3872.patch/lib/puppet/defaults.rb

.pc/CVE-2011-3872.patch/lib/puppet/face

.pc/CVE-2011-3872.patch/lib/puppet/face/certificate.rb

.pc/CVE-2011-3872.patch/lib/puppet/network

.pc/CVE-2011-3872.patch/lib/puppet/network/client

.pc/CVE-2011-3872.patch/lib/puppet/network/client.rb

.pc/CVE-2011-3872.patch/lib/puppet/network/client/ca.rb

.pc/CVE-2011-3872.patch/lib/puppet/network/client/file.rb

.pc/CVE-2011-3872.patch/lib/puppet/network/client/proxy.rb

.pc/CVE-2011-3872.patch/lib/puppet/network/client/report.rb

.pc/CVE-2011-3872.patch/lib/puppet/network/client/runner.rb

.pc/CVE-2011-3872.patch/lib/puppet/network/client/status.rb

.pc/CVE-2011-3872.patch/lib/puppet/network/handler

.pc/CVE-2011-3872.patch/lib/puppet/network/handler/ca.rb

.pc/CVE-2011-3872.patch/lib/puppet/network/handler/master.rb

.pc/CVE-2011-3872.patch/lib/puppet/network/handler/runner.rb

.pc/CVE-2011-3872.patch/lib/puppet/network/http_server

.pc/CVE-2011-3872.patch/lib/puppet/network/http_server/webrick.rb

.pc/CVE-2011-3872.patch/lib/puppet/network/xmlrpc

.pc/CVE-2011-3872.patch/lib/puppet/network/xmlrpc/client.rb

.pc/CVE-2011-3872.patch/lib/puppet/ssl

.pc/CVE-2011-3872.patch/lib/puppet/ssl/certificate.rb

.pc/CVE-2011-3872.patch/lib/puppet/ssl/certificate_authority

.pc/CVE-2011-3872.patch/lib/puppet/ssl/certificate_authority.rb

.pc/CVE-2011-3872.patch/lib/puppet/ssl/certificate_authority/interface.rb

.pc/CVE-2011-3872.patch/lib/puppet/ssl/certificate_factory.rb

.pc/CVE-2011-3872.patch/lib/puppet/ssl/certificate_request.rb

.pc/CVE-2011-3872.patch/lib/puppet/ssl/host.rb

.pc/CVE-2011-3872.patch/lib/puppet/sslcertificates

.pc/CVE-2011-3872.patch/lib/puppet/sslcertificates.rb

.pc/CVE-2011-3872.patch/lib/puppet/sslcertificates/ca.rb

.pc/CVE-2011-3872.patch/lib/puppet/sslcertificates/certificate.rb

.pc/CVE-2011-3872.patch/lib/puppet/sslcertificates/inventory.rb

.pc/CVE-2011-3872.patch/lib/puppet/sslcertificates/support.rb

.pc/CVE-2011-3872.patch/lib/puppet/type

.pc/CVE-2011-3872.patch/lib/puppet/type/file.rb

.pc/CVE-2011-3872.patch/lib/puppet/util

.pc/CVE-2011-3872.patch/lib/puppet/util/monkey_patches.rb

.pc/CVE-2011-3872.patch/lib/puppet/util/settings.rb

.pc/CVE-2011-3872.patch/spec

.pc/CVE-2011-3872.patch/spec/integration

.pc/CVE-2011-3872.patch/spec/integration/defaults_spec.rb

.pc/CVE-2011-3872.patch/spec/integration/network

.pc/CVE-2011-3872.patch/spec/integration/network/client_spec.rb

.pc/CVE-2011-3872.patch/spec/integration/network/handler_spec.rb

.pc/CVE-2011-3872.patch/spec/spec_helper.rb

.pc/CVE-2011-3872.patch/spec/unit

.pc/CVE-2011-3872.patch/spec/unit/face

.pc/CVE-2011-3872.patch/spec/unit/face/certificate_spec.rb

.pc/CVE-2011-3872.patch/spec/unit/indirector

.pc/CVE-2011-3872.patch/spec/unit/indirector/certificate_request

.pc/CVE-2011-3872.patch/spec/unit/indirector/certificate_request/ca_spec.rb

.pc/CVE-2011-3872.patch/spec/unit/network

.pc/CVE-2011-3872.patch/spec/unit/network/client_spec.rb

.pc/CVE-2011-3872.patch/spec/unit/network/handler

.pc/CVE-2011-3872.patch/spec/unit/network/handler/ca_spec.rb

.pc/CVE-2011-3872.patch/spec/unit/network/xmlrpc

.pc/CVE-2011-3872.patch/spec/unit/network/xmlrpc/client_spec.rb

.pc/CVE-2011-3872.patch/spec/unit/ssl

.pc/CVE-2011-3872.patch/spec/unit/ssl/certificate_authority

.pc/CVE-2011-3872.patch/spec/unit/ssl/certificate_authority/interface_spec.rb

.pc/CVE-2011-3872.patch/spec/unit/ssl/certificate_authority_spec.rb

.pc/CVE-2011-3872.patch/spec/unit/ssl/certificate_factory_spec.rb

.pc/CVE-2011-3872.patch/spec/unit/ssl/certificate_request_spec.rb

.pc/CVE-2011-3872.patch/spec/unit/ssl/certificate_spec.rb

.pc/CVE-2011-3872.patch/spec/unit/ssl/host_spec.rb

.pc/CVE-2011-3872.patch/spec/unit/sslcertificates

.pc/CVE-2011-3872.patch/spec/unit/sslcertificates/ca_spec.rb

.pc/CVE-2011-3872.patch/spec/unit/util

.pc/CVE-2011-3872.patch/spec/unit/util/settings_spec.rb

.pc/CVE-2011-3872.patch/test

.pc/CVE-2011-3872.patch/test/certmgr

.pc/CVE-2011-3872.patch/test/certmgr/certmgr.rb

.pc/CVE-2011-3872.patch/test/certmgr/inventory.rb

.pc/CVE-2011-3872.patch/test/certmgr/support.rb

.pc/CVE-2011-3872.patch/test/language

.pc/CVE-2011-3872.patch/test/language/functions.rb

.pc/CVE-2011-3872.patch/test/language/snippets.rb

.pc/CVE-2011-3872.patch/test/lib

.pc/CVE-2011-3872.patch/test/lib/puppettest

.pc/CVE-2011-3872.patch/test/lib/puppettest/exetest.rb

.pc/CVE-2011-3872.patch/test/lib/puppettest/servertest.rb

.pc/CVE-2011-3872.patch/test/network

.pc/CVE-2011-3872.patch/test/network/client

.pc/CVE-2011-3872.patch/test/network/client/ca.rb

.pc/CVE-2011-3872.patch/test/network/client/dipper.rb

.pc/CVE-2011-3872.patch/test/network/handler

.pc/CVE-2011-3872.patch/test/network/handler/ca.rb

.pc/CVE-2011-3872.patch/test/network/server

.pc/CVE-2011-3872.patch/test/network/server/mongrel_test.rb

.pc/CVE-2011-3872.patch/test/network/server/webrick.rb

.pc/CVE-2011-3872.patch/test/network/xmlrpc

.pc/CVE-2011-3872.patch/test/network/xmlrpc/client.rb

.pc/CVE-2011-3872.patch/test/rails

.pc/CVE-2011-3872.patch/test/rails/rails.rb

.pc/CVE-2011-3872.patch/test/ral

.pc/CVE-2011-3872.patch/test/ral/type

.pc/CVE-2011-3872.patch/test/ral/type/filesources.rb

debian/patches/CVE-2011-3872.patch

spec/unit/network/handler/ca_spec.rb

files removed:
lib/puppet/network/client

lib/puppet/network/client.rb

lib/puppet/network/client/ca.rb

lib/puppet/network/client/file.rb

lib/puppet/network/client/proxy.rb

lib/puppet/network/client/report.rb

lib/puppet/network/client/runner.rb

lib/puppet/network/client/status.rb

lib/puppet/network/http_server/webrick.rb

lib/puppet/network/xmlrpc/client.rb

lib/puppet/sslcertificates

lib/puppet/sslcertificates.rb

lib/puppet/sslcertificates/ca.rb

lib/puppet/sslcertificates/certificate.rb

lib/puppet/sslcertificates/inventory.rb

lib/puppet/sslcertificates/support.rb

spec/integration/network/client_spec.rb

spec/unit/network/client_spec.rb

spec/unit/network/xmlrpc

spec/unit/network/xmlrpc/client_spec.rb

spec/unit/sslcertificates

spec/unit/sslcertificates/ca_spec.rb

test/certmgr

test/certmgr/certmgr.rb

test/certmgr/inventory.rb

test/certmgr/support.rb

test/network/client

test/network/client/ca.rb

test/network/client/dipper.rb

test/network/handler/ca.rb

test/network/server

test/network/server/mongrel_test.rb

test/network/server/webrick.rb

test/network/xmlrpc/client.rb

files modified:
.pc/applied-patches

acceptance/tests/ticket_5477_master_not_dectect_sitepp.rb

acceptance/tests/ticket_7117_broke_env_criteria_authconf.rb

debian/changelog

debian/patches/series

lib/puppet/application/cert.rb

lib/puppet/application/kick.rb

lib/puppet/defaults.rb

lib/puppet/face/certificate.rb

lib/puppet/network/handler/ca.rb

lib/puppet/network/handler/master.rb

lib/puppet/network/handler/runner.rb

lib/puppet/ssl/certificate.rb

lib/puppet/ssl/certificate_authority.rb

lib/puppet/ssl/certificate_authority/interface.rb

lib/puppet/ssl/certificate_factory.rb

lib/puppet/ssl/certificate_request.rb

lib/puppet/ssl/host.rb

lib/puppet/type/file.rb

lib/puppet/util/monkey_patches.rb

lib/puppet/util/settings.rb

spec/integration/defaults_spec.rb

spec/integration/network/handler_spec.rb

spec/spec_helper.rb

spec/unit/face/certificate_spec.rb

spec/unit/indirector/certificate_request/ca_spec.rb

spec/unit/ssl/certificate_authority/interface_spec.rb

spec/unit/ssl/certificate_authority_spec.rb

spec/unit/ssl/certificate_factory_spec.rb

spec/unit/ssl/certificate_request_spec.rb

spec/unit/ssl/certificate_spec.rb

spec/unit/ssl/host_spec.rb

spec/unit/util/settings_spec.rb

test/language/functions.rb

test/language/snippets.rb

test/lib/puppettest/exetest.rb

test/lib/puppettest/servertest.rb

test/rails/rails.rb

test/ral/type/filesources.rb

Show diffs side-by-side

added added

removed removed

.pc/CVE-2011-3872.patch/test/network/client/dipper.rb

1

#!/usr/bin/env ruby

2

3

require File.expand_path(File.dirname(__FILE__) + '/../../lib/puppettest')

4

5

require 'puppettest'

6

require 'puppet/file_bucket/dipper'

7

8

class TestDipperClient < Test::Unit::TestCase

9

include PuppetTest::ServerTest

10

11

def setup

12

super

13

@dipper = Puppet::FileBucket::Dipper.new(:Path => tempfile)

14

end

15

16

# Make sure we can create a new file with 'restore'.

17

def test_restore_to_new_file

18

file = tempfile

19

text = "asdf;lkajseofiqwekj"

20

File.open(file, "w") { |f| f.puts text }

21

md5 = nil

22

assert_nothing_raised("Could not send file") do

23

md5 = @dipper.backup(file)

24

end

25

26

newfile = tempfile

27

assert_nothing_raised("could not restore to new path") do

28

@dipper.restore(newfile, md5)

29

end

30

31

assert_equal(File.read(file), File.read(newfile), "did not restore correctly")

32

end

33

end

34

Older »