Merge default -> production production
authorDragos Crisan <dcrisan@mozilla.com>
Wed, 23 May 2018 16:50:49 +0300
branchproduction
changeset 6907 f7ecdce21210fe795071bf04bd5900c349f8e4be
parent 6906 a8904110fbed020b184e3da62c0e2b3ccbabdaf3 (current diff)
parent 6868 fc4e316100b8c92e4a2894af88dde5116b60f4f7 (diff)
child 6908 9b341df995cf43e0426dd20973c7a15f70b52065
push id2778
push userasasaki@mozilla.com
push dateTue, 29 May 2018 19:35:39 +0000
Merge default -> production
new file mode 100644
--- /dev/null
+++ b/modules/packages/manifests/dhcp.pp
@@ -0,0 +1,21 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+# Update dhcp client on CentOS systems for CVE-2018-1111
+# https://lists.centos.org/pipermail/centos-announce/2018-May/022831.html
+class packages::dhcp {
+    case $::operatingsystem {
+        CentOS: {
+            realize(Packages::Yumrepo['dhcp'])
+            package {
+                ['dhcp', 'dhcp-common']:
+                    ensure => '4.1.1-53.P1.el6.centos.4';
+            }
+        }
+
+        default: {
+            # Only RedHat/CentOS with the NetworkManager script is affected
+        }
+    }
+}
--- a/modules/packages/manifests/security_updates_1433165.pp
+++ b/modules/packages/manifests/security_updates_1433165.pp
@@ -1,15 +1,19 @@
 # This Source Code Form is subject to the terms of the Mozilla Public
 # License, v. 2.0. If a copy of the MPL was not distributed with this
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
 class packages::security_updates_1433165 {
 
     # This class contains pinned versions of package updates
     # See bug 1433165
+
+    # DHCP is updated into dhcp custom repo, and defined in dhcp.pp module. So, we only need to include it
+    include packages::dhcp
+
     anchor {
         'packages::security_updates_1433165::begin': ;
         'packages::security_updates_1433165::end': ;
     }
 
     case $::operatingsystem {
         CentOS: {
             realize(Packages::Yumrepo['security_update_1433165'])
--- a/modules/packages/manifests/setup.pp
+++ b/modules/packages/manifests/setup.pp
@@ -178,21 +178,24 @@ class packages::setup {
                 'openssh':
                     url_path => "repos/yum/custom/openssh/${::architecture}";
 
                 'duo_unix':
                     url_path => "repos/yum/custom/duo_unix/${::architecture}";
 
                 'lego':
                     url_path => "repos/yum/custom/lego/${::architecture}";
+
+                'dhcp':
+                    url_path => "repos/yum/custom/dhcp/${::architecture}";
             }
 
             # to flush the metadata cache, increase this value by one (or
             # anything, really, just change it).
-            $repoflag = 93
+            $repoflag = 94
             file {
                 '/etc/.repo-flag':
                     content =>
                     "# see \$repoflag in modules/packages/manifests/setup.pp\n${repoflag}\n",
                     notify  => Exec['yum-clean-expire-cache'];
             }
             exec {
                 'yum-clean-expire-cache':