Permalink
Browse files

Imported Upstream version 2.7.13

  • Loading branch information...
1 parent 8480fb5 commit cbe1169be0f768782dc5ff62f169070803d6dc3a @haus haus committed Apr 10, 2012
View
@@ -1,3 +1,13 @@
+2.7.13
+===
+1f58ea6 Stub mktmpdir and remove_entry_secure in os x package providers
+b7553a5 (#13260) Spec test to verify that mktmpdir is used
+46e8dc0 (#13260) Use mktmpdir when downloading packages
+b36bda9 Refactor pkgdmg specs
+91e7ce4 Remove telnet Output_log parameter
+0d6d299 Fix for bucket_path security vulnerability
+19bd30a Removed text/marshal support
+
2.7.12
===
36ca299 Update packaging spec files for 2.7.12
View
@@ -24,7 +24,7 @@
# it's also a place to find top-level commands like 'debug'
module Puppet
- PUPPETVERSION = '2.7.12'
+ PUPPETVERSION = '2.7.13'
def Puppet.version
PUPPETVERSION
@@ -77,33 +77,6 @@ def decode(yaml)
end
end
-
-Puppet::Network::FormatHandler.create(:marshal, :mime => "text/marshal") do
- # Marshal doesn't need the class name; it's serialized.
- def intern(klass, text)
- Marshal.load(text)
- end
-
- # Marshal doesn't need the class name; it's serialized.
- def intern_multiple(klass, text)
- Marshal.load(text)
- end
-
- def render(instance)
- Marshal.dump(instance)
- end
-
- # Marshal monkey-patches Array, so this works.
- def render_multiple(instances)
- Marshal.dump(instances)
- end
-
- # Everything's supported
- def supported?(klass)
- true
- end
-end
-
Puppet::Network::FormatHandler.create(:s, :mime => "text/plain", :extension => "txt")
# A very low-weight format so it'll never get chosen automatically.
@@ -31,6 +31,7 @@ def uri2indirection(http_method, uri, params)
method = indirection_method(http_method, indirection)
params[:environment] = Puppet::Node::Environment.new(environment)
+ params.delete(:bucket_path)
raise ArgumentError, "No request key specified in #{uri}" if key == "" or key.nil?
@@ -50,23 +50,24 @@ def self.installapp(source, name, orig_source)
def self.installpkgdmg(source, name)
unless source =~ /\.dmg$/i
- self.fail "Mac OS X PKG DMG's must specificy a source string ending in .dmg"
+ self.fail "Mac OS X PKG DMG's must specify a source string ending in .dmg"
end
require 'open-uri'
require 'facter/util/plist'
cached_source = source
- if %r{\A[A-Za-z][A-Za-z0-9+\-\.]*://} =~ cached_source
- cached_source = "/tmp/#{name}"
- begin
- curl "-o", cached_source, "-C", "-", "-k", "-L", "-s", "--url", source
- Puppet.debug "Success: curl transfered [#{name}]"
- rescue Puppet::ExecutionFailure
- Puppet.debug "curl did not transfer [#{name}]. Falling back to slower open-uri transfer methods."
- cached_source = source
+ tmpdir = Dir.mktmpdir
+ begin
+ if %r{\A[A-Za-z][A-Za-z0-9+\-\.]*://} =~ cached_source
+ cached_source = File.join(tmpdir, name)
+ begin
+ curl "-o", cached_source, "-C", "-", "-k", "-L", "-s", "--url", source
+ Puppet.debug "Success: curl transfered [#{name}]"
+ rescue Puppet::ExecutionFailure
+ Puppet.debug "curl did not transfer [#{name}]. Falling back to slower open-uri transfer methods."
+ cached_source = source
+ end
end
- end
- begin
open(cached_source) do |dmg|
xml_str = hdiutil "mount", "-plist", "-nobrowse", "-readonly", "-mountrandom", "/tmp", dmg.path
ptable = Plist::parse_xml xml_str
@@ -87,8 +88,7 @@ def self.installpkgdmg(source, name)
end
end
ensure
- # JJM Remove the file if open-uri didn't already do so.
- File.unlink(cached_source) if File.exist?(cached_source)
+ FileUtils.remove_entry_secure(tmpdir, force=true)
end
end
@@ -39,11 +39,7 @@ def self.instance_by_name
def self.instances
instance_by_name.collect do |name|
- new(
- :name => name,
- :provider => :pkgdmg,
- :ensure => :installed
- )
+ new(:name => name, :provider => :pkgdmg, :ensure => :installed)
end
end
@@ -58,22 +54,23 @@ def self.installpkg(source, name, orig_source)
def self.installpkgdmg(source, name)
unless source =~ /\.dmg$/i || source =~ /\.pkg$/i
- raise Puppet::Error.new("Mac OS X PKG DMG's must specificy a source string ending in .dmg or flat .pkg file")
+ raise Puppet::Error.new("Mac OS X PKG DMG's must specify a source string ending in .dmg or flat .pkg file")
end
require 'open-uri'
cached_source = source
- if %r{\A[A-Za-z][A-Za-z0-9+\-\.]*://} =~ cached_source
- cached_source = "/tmp/#{name}"
- begin
- curl "-o", cached_source, "-C", "-", "-k", "-L", "-s", "--url", source
- Puppet.debug "Success: curl transfered [#{name}]"
- rescue Puppet::ExecutionFailure
- Puppet.debug "curl did not transfer [#{name}]. Falling back to slower open-uri transfer methods."
- cached_source = source
+ tmpdir = Dir.mktmpdir
+ begin
+ if %r{\A[A-Za-z][A-Za-z0-9+\-\.]*://} =~ cached_source
+ cached_source = File.join(tmpdir, name)
+ begin
+ curl "-o", cached_source, "-C", "-", "-k", "-L", "-s", "--url", source
+ Puppet.debug "Success: curl transfered [#{name}]"
+ rescue Puppet::ExecutionFailure
+ Puppet.debug "curl did not transfer [#{name}]. Falling back to slower open-uri transfer methods."
+ cached_source = source
+ end
end
- end
- begin
if source =~ /\.dmg$/i
File.open(cached_source) do |dmg|
xml_str = hdiutil "mount", "-plist", "-nobrowse", "-readonly", "-noidme", "-mountrandom", "/tmp", dmg.path
@@ -96,14 +93,11 @@ def self.installpkgdmg(source, name)
end
end
end
- elsif source =~ /\.pkg$/i
- installpkg(cached_source, name, source)
else
- raise Puppet::Error.new("Mac OS X PKG DMG's must specificy a source string ending in .dmg or flat .pkg file")
+ installpkg(cached_source, name, source)
end
ensure
- # JJM Remove the file if open-uri didn't already do so.
- File.unlink(cached_source) if File.exist?(cached_source)
+ FileUtils.remove_entry_secure(tmpdir, force=true)
end
end
@@ -15,7 +15,7 @@ def handles_login?
def connect
@telnet = Net::Telnet::new("Host" => host, "Port" => port || 23,
"Timeout" => 10,
- "Prompt" => default_prompt, "Output_log" => "/tmp/out.log")
+ "Prompt" => default_prompt)
end
def close
@@ -39,4 +39,4 @@ def command(cmd, options = {})
def send(line)
@telnet.puts(line)
end
-end
+end
@@ -162,49 +162,6 @@ def to_pson(*args)
end
- it "should include a marshal format" do
- Puppet::Network::FormatHandler.format(:marshal).should_not be_nil
- end
-
- describe "marshal" do
- before do
- @marshal = Puppet::Network::FormatHandler.format(:marshal)
- end
-
- it "should have its mime type set to text/marshal" do
- Puppet::Network::FormatHandler.format(:marshal).mime.should == "text/marshal"
- end
-
- it "should be supported on Strings" do
- @marshal.should be_supported(String)
- end
-
- it "should render by calling 'Marshal.dump' on the instance" do
- instance = mock 'instance'
- Marshal.expects(:dump).with(instance).returns "foo"
- @marshal.render(instance).should == "foo"
- end
-
- it "should render multiple instances by calling 'to_marshal' on the array" do
- instances = [mock('instance')]
-
- Marshal.expects(:dump).with(instances).returns "foo"
- @marshal.render_multiple(instances).should == "foo"
- end
-
- it "should intern by calling 'Marshal.load'" do
- text = "foo"
- Marshal.expects(:load).with("foo").returns "bar"
- @marshal.intern(String, text).should == "bar"
- end
-
- it "should intern multiples by calling 'Marshal.load'" do
- text = "foo"
- Marshal.expects(:load).with("foo").returns "bar"
- @marshal.intern_multiple(String, text).should == "bar"
- end
- end
-
describe "plaintext" do
before do
@text = Puppet::Network::FormatHandler.format(:s)
@@ -42,6 +42,14 @@ class V1RestApiTester
@tester.uri2indirection("GET", "/env/foo/bar", {:environment => "otherenv"})[3][:environment].to_s.should == "env"
end
+ it "should not pass a buck_path parameter through (See Bugs #13553, #13518, #13511)" do
+ @tester.uri2indirection("GET", "/env/foo/bar", { :bucket_path => "/malicious/path" })[3].should_not include({ :bucket_path => "/malicious/path" })
+ end
+
+ it "should pass allowed parameters through" do
+ @tester.uri2indirection("GET", "/env/foo/bar", { :allowed_param => "value" })[3].should include({ :allowed_param => "value" })
+ end
+
it "should return the environment as a Puppet::Node::Environment" do
@tester.uri2indirection("GET", "/env/foo/bar", {})[3][:environment].should be_a Puppet::Node::Environment
end
@@ -0,0 +1,42 @@
+#!/usr/bin/env rspec
+require 'spec_helper'
+
+describe Puppet::Type.type(:package).provider(:appdmg) do
+ let(:resource) { Puppet::Type.type(:package).new(:name => 'foo', :provider => :appdmg) }
+ let(:provider) { described_class.new(resource) }
+
+ describe "when installing an appdmg" do
+ let(:fake_mountpoint) { "/tmp/dmg.foo" }
+ let(:empty_hdiutil_plist) { Plist::Emit.dump({}) }
+ let(:fake_hdiutil_plist) { Plist::Emit.dump({"system-entities" => [{"mount-point" => fake_mountpoint}]}) }
+
+ before do
+ fh = mock 'filehandle'
+ fh.stubs(:path).yields "/tmp/foo"
+ resource[:source] = "foo.dmg"
+ described_class.stubs(:open).yields fh
+ Dir.stubs(:mktmpdir).returns "/tmp/testtmp123"
+ FileUtils.stubs(:remove_entry_secure)
+ end
+
+ describe "from a remote source" do
+ let(:tmpdir) { "/tmp/good123" }
+
+ before :each do
+ resource[:source] = "http://fake.puppetlabs.com/foo.dmg"
+ end
+
+ it "should call tmpdir and use the returned directory" do
+ Dir.expects(:mktmpdir).returns tmpdir
+ Dir.stubs(:entries).returns ["foo.app"]
+ described_class.expects(:curl).with do |*args|
+ args[0] == "-o" and args[1].include? tmpdir
+ end
+ described_class.stubs(:hdiutil).returns fake_hdiutil_plist
+ described_class.expects(:installapp)
+
+ provider.install
+ end
+ end
+ end
+end
Oops, something went wrong.

0 comments on commit cbe1169

Please sign in to comment.