puppet has been updated to fix 2.6.18 multiple
vulnerabilities and bugs.
- (#19391) Find the catalog for the specified node name
- Don’t assume master supports SSLv2
- Don’t require openssl client to return 0 on failure
- Display SSL messages so we can match our regex
- Don’t assume puppetbindir is defined
- Remove unnecessary rubygems require
- Run openssl from windows when trying to downgrade
master
- Separate tests for same CVEs into separate files
- Fix order-dependent test failure in
rest_authconfig_spec
- Always read request body when using Rack
- (#19392) (CVE-2013-1653) Fix acceptance test to catch
unvalidated model on 2.6
- (#19392) (CVE-2013-1653) Validate indirection model
in save handler
- Acceptance tests for CVEs 2013 (1640, 1652, 1653,
1654, 2274, 2275)
- (#19531) (CVE-2013-2275) Only allow report save from
the node matching the certname
- (#19391) Backport Request#remote? method
- (#8858) Explicitly set SSL peer verification mode.
- (#8858) Refactor tests to use real HTTP objects
- (#19392) (CVE-2013-1653) Validate instances passed to
indirector
- (#19391) (CVE-2013-1652) Disallow use_node compiler
parameter for remote requests
- (#19151) Reject SSLv2 SSL handshakes and ciphers
- (#14093) Restore access to the filename in the
template
- (#14093) Remove unsafe attributes from TemplateWrapper