- Update to 3.7.0

See https://github.com/cfengine/core/blob/3.7.x/ChangeLog for full changelog New features: - New package promise implementation. The syntax is much simpler, to try it out, check out the syntax: packages: "mypackage" policy => "absent/present", # Optional, default taken from common control package_module => apt_get, # Optional, will only match exact version. May be # "latest". version => "32.0", # Optional. architecture => "x86_64"; - Full systemd support for all relevant platforms - New classes to determine whether certain features are enabled: * feature_yaml * feature_xml For the official CFEngine packages, these are always enabled, but packages from other sources may be built without the support. - New readdata() support for generic data input (CSV, YAML, JSON, or auto) - YAML support: new readyaml() function and in readdata() - CSV support: new readcsv() function and in readdata() - New string_mustache() function - New data_regextract() function - eval() can now be called with "class" as the "mode" argument, which will cause it to return true ("any") if the calculated result is non-zero, and false ("!any") if it is zero. OBS-URL: https://build.opensuse.org/package/show/systemsmanagement/cfengine?expand=0&rev=131
2015-07-30 10:12:28 +00:00 · 2015-07-30 10:12:28 +00:00 · 19b8c826db
commit 19b8c826db
parent 38c52a00a9
8 changed files with 111 additions and 124 deletions
--- a/0001-Do-not-use-insecure-MD5-but-rather-SHA256.patch
+++ b/0001-Do-not-use-insecure-MD5-but-rather-SHA256.patch
@ -1,27 +0,0 @@
 From a814751421422cad22373eb6e568272fd24e1532 Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Tom=C3=A1=C5=A1=20Chv=C3=A1tal?= <tomas.chvatal@gmail.com>
 Date: Mon, 23 Mar 2015 11:12:58 +0100
 Subject: [PATCH] Do not use insecure MD5 but rather SHA256
 ---
 libpromises/generic_agent.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
 diff --git a/libpromises/generic_agent.c b/libpromises/generic_agent.c
 index eaace00..4863230 100644
 --- a/libpromises/generic_agent.c
 +++ b/libpromises/generic_agent.c
@@ -101,8 +101,8 @@ static void SanitizeEnvironment()
 ENTERPRISE_VOID_FUNC_2ARG_DEFINE_STUB(void, GenericAgentSetDefaultDigest, HashMethod *, digest, int *, digest_len)
 {
 -    *digest = HASH_METHOD_MD5;
 -    *digest_len = CF_MD5_LEN;
 +    *digest = HASH_METHOD_SHA256;
 +    *digest_len = CF_SHA256_LEN;
 }
 void MarkAsPolicyServer(EvalContext *ctx)
 -- 
 2.3.0
--- a/0001-Set-sys.bindir-to-usr-sbin-expect-cf-components-ther.patch
+++ b/0001-Set-sys.bindir-to-usr-sbin-expect-cf-components-ther.patch
@ -1,7 +1,7 @@
-From 7b0a005250c0398b86ea5adf93c16b5c8735a343 Mon Sep 17 00:00:00 2001
+From 900148bcea077497d062eccb7a8a5f1ea6f4f9e0 Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Klaus=20K=C3=A4mpf?= <kkaempf@suse.de>
-Date: Fri, 2 May 2014 12:47:37 +0200
+Date: Thu, 30 Jul 2015 10:48:47 +0200
-Subject: [PATCH 2/2] Set sys.bindir to /usr/sbin, expect cf-* components there
+Subject: [PATCH 1/2] Set sys.bindir to /usr/sbin, expect cf-*components there
 That's where the /var/cfengine/bin/* symlinks point to and where
 the systemd .service files expect the daemons.
@ -12,37 +12,38 @@ masterfiles/update/update_processes.cf:enable_cfengine_agents
 libenv/sysinfo.c | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)
-diff -wruN -x '*~' -x '*.o' -x '*.a' -x '*.so' -x '*.so.[0-9]' -x autom4te.cache -x .deps -x .libs ../orig-core-3.6.3rc-build1/libenv/sysinfo.c ./libenv/sysinfo.c
+diff --git a/libenv/sysinfo.c b/libenv/sysinfo.c
--- ../orig-core-3.6.3rc-build1/libenv/sysinfo.c	2014-11-27 20:17:34.000000000 +0100
+index a75c6aa1d8d6..1c1139aead94 100644
-+++ ./libenv/sysinfo.c	2014-11-28 10:18:49.023646654 +0100
+--- a/libenv/sysinfo.c
-@@ -567,8 +567,7 @@
+++ b/libenv/sysinfo.c
@@ -581,8 +581,7 @@ static void GetNameInfo3(EvalContext *ctx)
     EvalContextVariablePutSpecial(ctx, SPECIAL_SCOPE_SYS, "masterdir", GetMasterDir(), CF_DATA_TYPE_STRING, "source=agent");
     EvalContextVariablePutSpecial(ctx, SPECIAL_SCOPE_SYS, "inputdir", GetInputDir(), CF_DATA_TYPE_STRING, "source=agent");
-    snprintf(workbuf, CF_BUFSIZE, "%s%cbin", CFWORKDIR, FILE_SEPARATOR);
+-    snprintf(workbuf, CF_BUFSIZE, "%s%cbin", workdir, FILE_SEPARATOR);
 -    EvalContextVariablePutSpecial(ctx, SPECIAL_SCOPE_SYS, "bindir", workbuf, CF_DATA_TYPE_STRING, "source=agent");
 +    EvalContextVariablePutSpecial(ctx, SPECIAL_SCOPE_SYS, "bindir", "/usr/sbin", CF_DATA_TYPE_STRING, "source=agent");
     snprintf(workbuf, CF_BUFSIZE, "%s%cfailsafe.cf", GetInputDir(), FILE_SEPARATOR);
     EvalContextVariablePutSpecial(ctx, SPECIAL_SCOPE_SYS, "failsafe_policy_path", workbuf, CF_DATA_TYPE_STRING, "source=agent");
-@@ -613,7 +612,7 @@
+@@ -627,7 +626,7 @@ static void GetNameInfo3(EvalContext *ctx)
                      components[i]);
         }
 #else
-        snprintf(name, CF_MAXVARSIZE - 1, "%s%cbin%c%s", CFWORKDIR, FILE_SEPARATOR, FILE_SEPARATOR, components[i]);
+-        snprintf(name, CF_MAXVARSIZE - 1, "%s%cbin%c%s", workdir, FILE_SEPARATOR, FILE_SEPARATOR, components[i]);
 +        snprintf(name, CF_MAXVARSIZE - 1, "/usr/sbin/%s", components[i]);
 #endif
         have_component[i] = false;
-@@ -636,7 +635,7 @@
+@@ -650,7 +649,7 @@ static void GetNameInfo3(EvalContext *ctx)
-         snprintf(name, CF_MAXVARSIZE - 1, "%s%cbin%c%s.exe", CFWORKDIR, FILE_SEPARATOR, FILE_SEPARATOR,
+         snprintf(name, CF_MAXVARSIZE - 1, "%s%cbin%c%s.exe", workdir, FILE_SEPARATOR, FILE_SEPARATOR,
                  components[1]);
 #else
-        snprintf(name, CF_MAXVARSIZE - 1, "%s%cbin%c%s", CFWORKDIR, FILE_SEPARATOR, FILE_SEPARATOR, components[1]);
+-        snprintf(name, CF_MAXVARSIZE - 1, "%s%cbin%c%s", workdir, FILE_SEPARATOR, FILE_SEPARATOR, components[1]);
 +        snprintf(name, CF_MAXVARSIZE - 1, "/usr/sbin/%s", components[1]);
 #endif
         if (stat(name, &sb) != -1)
 -- 
-1.8.4.5
+2.1.4
--- a/0001-Simplify-and-fix-parsing-of-etc-SuSE-release-fixes-i.patch
+++ b/0001-Simplify-and-fix-parsing-of-etc-SuSE-release-fixes-i.patch
@ -1,7 +1,7 @@
-From 68e63ae137d4f829c569ca0af4fcb86c6d4f688f Mon Sep 17 00:00:00 2001
+From 5954a3e3c1c8be821e32cfac3ec4161892025c95 Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Klaus=20K=C3=A4mpf?= <kkaempf@suse.de>
 Date: Fri, 11 Apr 2014 09:25:05 +0200
-Subject: [PATCH 1/2] Simplify and fix parsing of /etc/SuSE-release (fixes
+Subject: [PATCH 2/2] Simplify and fix parsing of /etc/SuSE-release (fixes
 issue #5423)
 This patch is a simplification of sysinfo.c:Linux_Suse_Version()
@ -17,10 +17,10 @@ to achieve the following
 1 file changed, 60 insertions(+), 127 deletions(-)
 diff --git a/libenv/sysinfo.c b/libenv/sysinfo.c
-index 2bdfb8fbd2fa..f8ffd67b7a49 100644
+index 1c1139aead94..77667b611ad6 100644
 --- a/libenv/sysinfo.c
 +++ b/libenv/sysinfo.c
-@@ -1666,6 +1666,7 @@ static int Linux_Suse_Version(EvalContext *ctx)
+@@ -1754,6 +1754,7 @@ static int Linux_Suse_Version(EvalContext *ctx)
 #define SUSE_RELEASE_FLAG "linux "
     char classbuf[CF_MAXVARSIZE];
@ -28,7 +28,7 @@ index 2bdfb8fbd2fa..f8ffd67b7a49 100644
     Log(LOG_LEVEL_VERBOSE, "This appears to be a SUSE system.");
     EvalContextClassPutHard(ctx, "SUSE", "inventory,attribute_name=none,source=agent");
-@@ -1685,23 +1686,26 @@ static int Linux_Suse_Version(EvalContext *ctx)
+@@ -1773,23 +1774,26 @@ static int Linux_Suse_Version(EvalContext *ctx)
         return 1;
     }
@ -62,7 +62,7 @@ index 2bdfb8fbd2fa..f8ffd67b7a49 100644
         }
     }
     if (ferror(fp))
-@@ -1715,28 +1719,38 @@ static int Linux_Suse_Version(EvalContext *ctx)
+@@ -1803,28 +1807,38 @@ static int Linux_Suse_Version(EvalContext *ctx)
     fclose(fp);
@ -117,7 +117,7 @@ index 2bdfb8fbd2fa..f8ffd67b7a49 100644
     {
         Item *list, *ip;
-@@ -1754,120 +1768,39 @@ static int Linux_Suse_Version(EvalContext *ctx)
+@@ -1842,120 +1856,39 @@ static int Linux_Suse_Version(EvalContext *ctx)
     }
     else
     {
@ -262,5 +262,5 @@ index 2bdfb8fbd2fa..f8ffd67b7a49 100644
 }
 -- 
-1.8.4.5
+2.1.4
--- a/cfengine-fips.patch
+++ b/cfengine-fips.patch
@ -1,66 +0,0 @@
 Index: core-3.6.5/cf-key/cf-key-functions.c
 ===================================================================
 --- core-3.6.5.orig/cf-key/cf-key-functions.c
 +++ core-3.6.5/cf-key/cf-key-functions.c
@@ -243,11 +243,11 @@ void KeepKeyPromises(const char *public_
     printf("Making a key pair for cfengine, please wait, this could take a minute...\n");
 #ifdef OPENSSL_NO_DEPRECATED
 -    BN_set_word(rsa_bignum, 35);
 +    BN_set_word(rsa_bignum, RSA_F4);
     if (!RSA_generate_key_ex(pair, 2048, rsa_bignum, NULL))
 #else
 -    pair = RSA_generate_key(2048, 35, NULL, NULL);
 +    pair = RSA_generate_key(2048, 65537, NULL, NULL);
     if (pair == NULL)
 #endif
 Index: core-3.6.5/tests/unit/hash_test.c
 ===================================================================
 --- core-3.6.5.orig/tests/unit/hash_test.c
 +++ core-3.6.5/tests/unit/hash_test.c
@@ -52,7 +52,7 @@ void tests_setup()
             initialized = 0;
             return;
         }
 -        BN_set_word(bn, 3);
 +        BN_set_word(bn, RSA_F4);
         RSA_generate_key_ex(rsa, 1024, bn, NULL);
         BN_free(bn);
     }
 Index: core-3.6.5/tests/unit/key_test.c
 ===================================================================
 --- core-3.6.5.orig/tests/unit/key_test.c
 +++ core-3.6.5/tests/unit/key_test.c
@@ -25,7 +25,7 @@ void test_setup()
             initialized = 0;
             return;
         }
 -        BN_set_word(bn, 3);
 +        BN_set_word(bn, RSA_F4);
         RSA_generate_key_ex(rsa, 1024, bn, NULL);
         BN_free(bn);
     }
 Index: core-3.6.5/tests/unit/tls_generic_test.c
 ===================================================================
 --- core-3.6.5.orig/tests/unit/tls_generic_test.c
 +++ core-3.6.5/tests/unit/tls_generic_test.c
@@ -54,7 +54,7 @@ static bool init_test_server()
     int ret;
     RSA *key = RSA_new();
     BIGNUM *bignum = BN_new();
 -    BN_set_word(bignum, 17);
 +    BN_set_word(bignum, RSA_F4);
     ret = RSA_generate_key_ex(key, 1024, bignum, NULL);
     if (!ret)
     {
@@ -450,7 +450,7 @@ static bool init_test_client()
     int ret;
     RSA *key = RSA_new();
     BIGNUM *bignum = BN_new();
 -    BN_set_word(bignum, 17);
 +    BN_set_word(bignum, RSA_F4);
     ret = RSA_generate_key_ex(key, 1024, bignum, NULL);
     if (!ret)
     {
--- a/cfengine.changes
+++ b/cfengine.changes
@ -1,3 +1,86 @@
 -------------------------------------------------------------------
 Mon Jul 20 09:04:00 UTC 2015 - kkaempf@suse.com
 - Update to 3.7.0
  See https://github.com/cfengine/core/blob/3.7.x/ChangeLog for
  full changelog
  New features:
  - New package promise implementation.
    The syntax is much simpler, to try it out, check out the syntax:
      packages:
        "mypackage"
          policy => "absent/present",
          # Optional, default taken from common control
          package_module => apt_get,
          # Optional, will only match exact version. May be
          # "latest".
          version => "32.0",
          # Optional.
          architecture => "x86_64";
  - Full systemd support for all relevant platforms
  - New classes to determine whether certain features are enabled:
    * feature_yaml
    * feature_xml
    For the official CFEngine packages, these are always enabled, but
    packages from other sources may be built without the support.
  - New readdata() support for generic data input (CSV, YAML, JSON, or auto)
  - YAML support: new readyaml() function and in readdata()
  - CSV support: new readcsv() function and in readdata()
  - New string_mustache() function
  - New data_regextract() function
  - eval() can now be called with "class" as the "mode" argument, which
    will cause it to return true ("any") if the calculated result is
    non-zero, and false ("!any") if it is zero.
  - New list_ifelse() function
  - New mapjson() function as well as JSON support in maparray().
  - filestat() function now supports "xattr" argument for extended
    attributes.
  - "ifvarclass" now has "if" as an alias, and "unless" as an inverse
    alias.
  - Ability to expand JSON variables directory in Mustache templates:
    Prefix the name with '%' for multiline expansion, '$' for compact
    expansion.
  - Ability to expand the iteration *key* in Mustache templates with @
  - Canonical JSON output: JSON output has reliably sorted keys so the
    same data structure will produce the same JSON every time.
  - New "@if minimum_version(x.x)" syntax in order to hide future language
    improvements from versions that don't understand them.
  - compile time option (--with-statedir) to
    override the default state/ directory path.
  - Fix error messages/ handling in process signalling which no longer
    allowed any signals to fail silently
  - Also enable shortcut keyword for cf-serverd classic protocol, eg to
    simplify the bootstrap process for clients that have different
    sys.masterdir settings (Redmine #3697)
  - methods promises now accepts the bundle name in the promiser string,
    as long as it doesn't have any parameters.
  - In a services promise, if the service_method bundle is not specified,
    it defaults to the promiser string (canonified) with "service_" as a
    prefix. The bundle must be in the same namespace as the promise.
  - inline JSON in policy files: surrounding with parsejson() is now
    optional *when creating a new data container*.
  - New data_expand() function to interpolate variables in a data container.
  - Add configurable network bandwidth limit for all outgoing
    connections ("bwlimit" attribute in "body common control") . To
    enforce it in both directions, make sure the attribute is set on both
    sides of the connection.
  - Secure bootstrap has been facilitated by use of
    "cf-agent --boostrap HUB_ADDRESS --trust-server=no"
  - Implement new TLS-relevant options (Redmine #6883):
    - body common control: tls_min_version
    - body server control: allowtlsversion
    - body common control: tls_ciphers
    - body server control: allowciphers (preexisting)
 - Drop patches, both upstream
  0001-Do-not-use-insecure-MD5-but-rather-SHA256.patch
  cfengine-fips.patch
 -------------------------------------------------------------------
 Wed Jun 17 13:09:09 UTC 2015 - kkaempf@suse.com
--- a/cfengine.spec
+++ b/cfengine.spec
@ -33,7 +33,7 @@
 %bcond_with postgresql
 %bcond_with libvirt
 Name:           cfengine
-Version:        3.6.5
+Version:        3.7.0
 Release:        0
 # This is the place where workdir should be
 #define         basedir   /var/lib/%{name}
@ -64,9 +64,7 @@ Patch5:         0001-Simplify-and-fix-parsing-of-etc-SuSE-release-fixes-i.patch
 # set cfengine's notion of bindir to /usr/sbin instead of /var/cfengine/bin
 # kkaempf@suse.de
 Patch6:         0001-Set-sys.bindir-to-usr-sbin-expect-cf-components-ther.patch
-# PATCH-FIX-UPSTREAM: Use ssl exponent of 65537 for FIPS bnc#922571
+
 Patch7:         cfengine-fips.patch
 Patch8:         0001-Do-not-use-insecure-MD5-but-rather-SHA256.patch
 BuildRequires:  bison
 BuildRequires:  db-devel
 BuildRequires:  flex
@ -176,8 +174,6 @@ Lots of examples promises for CFEngine.
 %endif
 %patch5 -p1
 %patch6 -p1
 %patch7 -p1
 %patch8 -p1
 ##### rpmlint
 #### wrong-file-end-of-line-encoding
--- a/core-3.6.5.tar.gz
+++ b/core-3.6.5.tar.gz
@ -1,3 +0,0 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:62a308a954a70d6854aa182e0612731618d08ab364a5fdf5359585a02ae32d8c
 size 1549020
--- a/core-3.7.0.tar.gz
+++ b/core-3.7.0.tar.gz
@ -0,0 +1,3 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:f64dccbde4651e0bcf1ece8c756bd6ba42fe7f76c6fe23ba3a0a653dadb5e87c
 size 1638407