From e32afd7c7c3139e0435756ee56048081bb1d1340 Mon Sep 17 00:00:00 2001
From: Travis Fields <travis@puppetlabs.com>
Date: Fri, 9 Jan 2015 14:09:03 -0800
Subject: [PATCH 1/2] FM-2130 Move cache file to non temp directory

---
 lib/facter/facter_dot_d.rb | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/lib/facter/facter_dot_d.rb b/lib/facter/facter_dot_d.rb
index 2c096b049..b0584370a 100644
--- a/lib/facter/facter_dot_d.rb
+++ b/lib/facter/facter_dot_d.rb
@@ -15,7 +15,7 @@
 class Facter::Util::DotD
   require 'yaml'
 
-  def initialize(dir="/etc/facts.d", cache_file="/tmp/facts_cache.yml")
+  def initialize(dir="/etc/facts.d", cache_file=File.join(Puppet[:libdir], "facts_dot_d.cache"))
     @dir = dir
     @cache_file = cache_file
     @cache = nil
@@ -23,7 +23,7 @@ def initialize(dir="/etc/facts.d", cache_file="/tmp/facts_cache.yml")
   end
 
   def entries
-    Dir.entries(@dir).reject{|f| f =~ /^\.|\.ttl$/}.sort.map {|f| File.join(@dir, f) }
+    Dir.entries(@dir).reject { |f| f =~ /^\.|\.ttl$/ }.sort.map { |f| File.join(@dir, f) }
   rescue
     []
   end
@@ -113,7 +113,7 @@ def script_parser(file)
 
   def cache_save!
     cache = load_cache
-    File.open(@cache_file, "w", 0600) {|f| f.write(YAML.dump(cache)) }
+    File.open(@cache_file, "w", 0600) { |f| f.write(YAML.dump(cache)) }
   rescue
   end
 

From 9e380b9685edb4eb0209b815a65c696be38fb4d5 Mon Sep 17 00:00:00 2001
From: Travis Fields <travis@puppetlabs.com>
Date: Wed, 14 Jan 2015 12:46:10 -0800
Subject: [PATCH 2/2] Prepare for 4.5.1 release

---
 CHANGELOG.md  | 8 ++++++++
 metadata.json | 2 +-
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index c66734ebb..84c8b24fc 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,11 @@
+##2015-01-14 - Supported Release 4.5.1
+###Summary
+
+This release changes the temporary facter_dot_d cache locations outside of the /tmp directory due to a possible security vunerability. CVE-2015-1029
+
+####Bugfixes
+- Facter_dot_d cache will now be stored in puppet libdir instead of tmp
+
 ##2014-12-15 - Supported Release 4.5.0
 ###Summary
 
diff --git a/metadata.json b/metadata.json
index 09ad4e889..27def9c08 100644
--- a/metadata.json
+++ b/metadata.json
@@ -1,6 +1,6 @@
 {
   "name": "puppetlabs-stdlib",
-  "version": "4.5.0",
+  "version": "4.5.1",
   "author": "puppetlabs",
   "summary": "Standard library of resources for Puppet modules.",
   "license": "Apache-2.0",