Merge pull request puppetlabs#82 from DavidS/security-updates

Security updates

Author: bmjen

configs/components/augeas.rb

@@ -0,0 +1,104 @@
+component 'augeas' do |pkg, settings, platform|
+  pkg.version '1.8.1'
+  pkg.md5sum '623ff89d71a42fab9263365145efdbfa'
+  pkg.url "http://buildsources.delivery.puppetlabs.net/augeas-#{pkg.get_version}.tar.gz"
+
+  # pkg.replaces 'pe-augeas'
+  if platform.is_sles? && platform.os_version == '10'
+    pkg.apply_patch 'resources/patches/augeas/augeas-1.2.0-fix-services-sles10.patch'
+  end
+
+  pkg.build_requires "libxml2"
+
+  # Ensure we're building against our own libraries when present
+  pkg.environment "PKG_CONFIG_PATH", "#{settings[:libdir]}/pkgconfig"
+
+  if platform.is_aix?
+    pkg.build_requires "http://osmirror.delivery.puppetlabs.net/AIX_MIRROR/pkg-config-0.19-6.aix5.2.ppc.rpm"
+    pkg.environment "CC", "/opt/pl-build-tools/bin/gcc"
+    pkg.environment "LDFLAGS", settings[:ldflags]
+    pkg.environment "CFLAGS", "-I/opt/puppetlabs/puppet/include/"
+    pkg.build_requires 'libedit'
+    pkg.build_requires 'runtime'
+  end
+
+  if platform.is_rpm? && !platform.is_aix?
+    pkg.build_requires 'readline-devel'
+    pkg.build_requires 'pkgconfig'
+
+    if platform.is_cisco_wrlinux?
+      pkg.requires 'libreadline6'
+    else
+      pkg.requires 'readline'
+    end
+
+    if platform.architecture =~ /ppc64le|s390x/
+      pkg.build_requires 'runtime'
+      pkg.environment "PATH", "/opt/pl-build-tools/bin:$(PATH):#{settings[:bindir]}"
+      pkg.environment "CFLAGS", settings[:cflags]
+      pkg.environment "LDFLAGS", settings[:ldflags]
+    end
+    pkg.environment "PATH" => "/opt/pl-build-tools/bin:$$PATH:#{settings[:bindir]}"
+    pkg.environment "CFLAGS" => settings[:cflags]
+    pkg.environment "LDFLAGS" => settings[:ldflags]
+  elsif platform.is_huaweios?
+    pkg.build_requires 'runtime'
+    pkg.build_requires 'pl-pkg-config'
+
+    pkg.environment "PATH", "/opt/pl-build-tools/bin:$(PATH):#{settings[:bindir]}"
+    pkg.environment "CFLAGS", settings[:cflags]
+    pkg.environment "LDFLAGS", settings[:ldflags]
+    pkg.environment "PKG_CONFIG", "/opt/pl-build-tools/bin/pkg-config"
+  elsif platform.is_deb?
+    pkg.build_requires 'libreadline-dev'
+    if platform.name =~ /debian-9/
+      pkg.requires 'libreadline7'
+    else
+      pkg.requires 'libreadline6'
+    end
+
+    pkg.build_requires 'pkg-config'
+    if platform.is_cross_compiled_linux?
+      pkg.environment "PATH", "/opt/pl-build-tools/bin:$(PATH):#{settings[:bindir]}"
+      pkg.environment "CFLAGS", settings[:cflags]
+      pkg.environment "LDFLAGS", settings[:ldflags]
+    end
+
+  elsif platform.is_solaris?
+    pkg.environment "PATH", "/opt/pl-build-tools/bin:$(PATH):/usr/local/bin:/usr/ccs/bin:/usr/sfw/bin:#{settings[:bindir]}"
+    pkg.environment "CFLAGS", settings[:cflags]
+    pkg.environment "LDFLAGS", settings[:ldflags]
+    pkg.build_requires 'libedit'
+    pkg.build_requires 'runtime'
+    if platform.os_version == "10"
+      pkg.build_requires 'pkgconfig'
+      pkg.environment "PKG_CONFIG_PATH", "/opt/csw/lib/pkgconfig"
+      pkg.environment "PKG_CONFIG", "/opt/csw/bin/pkg-config"
+    else
+      pkg.build_requires 'pl-pkg-config'
+      pkg.environment "PKG_CONFIG_PATH", "/usr/lib/pkgconfig"
+      pkg.environment "PKG_CONFIG", "/opt/pl-build-tools/bin/pkg-config"
+    end
+  elsif platform.is_macos?
+    pkg.environment "PATH" => "$$PATH:/usr/local/bin"
+    pkg.environment "CFLAGS" => settings[:cflags]
+  elsif platform.is_windows?
+    #nothing to see here
+  else
+    pkg.environment "PATH" => "/opt/pl-build-tools/bin:$$PATH:#{settings[:bindir]}"
+    pkg.environment "CFLAGS" => settings[:cflags]
+    pkg.environment "LDFLAGS" => settings[:ldflags]
+  end
+
+  pkg.configure do
+    ["./configure --prefix=#{settings[:prefix]} #{settings[:host]}"]
+  end
+
+  pkg.build do
+    ["#{platform[:make]} -j$(shell expr $(shell #{platform[:num_cores]}) + 1)"]
+  end
+
+  pkg.install do
+    ["#{platform[:make]} -j$(shell expr $(shell #{platform[:num_cores]}) + 1) install"]
+  end
+end

configs/components/curl.rb

@@ -1,15 +1,23 @@
 component 'curl' do |pkg, settings, platform|
-  pkg.version '7.51.0'
-  pkg.md5sum '490e19a8ccd1f4a244b50338a0eb9456'
+  pkg.version '7.56.0'
+  pkg.md5sum '65351b9df687ed539852ae7b9464006c'
   pkg.url "https://curl.haxx.se/download/curl-#{pkg.get_version}.tar.gz"
 
   pkg.build_requires "openssl"
   pkg.build_requires "puppet-ca-bundle"
 
+  if platform.is_cross_compiled_linux?
+    pkg.build_requires 'runtime'
+    pkg.environment "PATH" => "/opt/pl-build-tools/bin:$$PATH:#{settings[:bindir]}"
+    pkg.environment "PKG_CONFIG_PATH" => "/opt/puppetlabs/puppet/lib/pkgconfig"
+    pkg.environment "PATH" => "/opt/pl-build-tools/bin:$$PATH"
+  end
+
   if platform.is_windows?
     pkg.build_requires "runtime"
-    pkg.environment "PATH", "$(shell cygpath -u #{settings[:gcc_bindir]}):$$PATH"
-    pkg.environment "CYGWIN", settings[:cygwin]
+
+    pkg.environment "PATH" => "$$(cygpath -u #{settings[:gcc_bindir]}):$$PATH"
+    pkg.environment "CYGWIN" => settings[:cygwin]
   end
 
   pkg.configure do

configs/components/libxml2.rb

@@ -0,0 +1,55 @@
+component "libxml2" do |pkg, settings, platform|
+  pkg.version "2.9.4"
+  pkg.md5sum "ae249165c173b1ff386ee8ad676815f5"
+  pkg.url "http://xmlsoft.org/sources/#{pkg.get_name}-#{pkg.get_version}.tar.gz"
+  pkg.mirror "http://buildsources.delivery.puppetlabs.net/libxml2-#{pkg.get_version}.tar.gz"
+  # CVE-related patches needed until libxml 2.9.5 is released:
+  pkg.apply_patch 'resources/patches/libxml2/fix_XPointer_paths_beginning_with_range-to_CVE-2016-5131.patch'
+  pkg.apply_patch 'resources/patches/libxml2/fix_comparison_with_root_node_in_xmlXPathCmpNodes.patch'
+  pkg.apply_patch 'resources/patches/libxml2/disallow_namespace_nodes_in_XPointer_ranges_CVE-2016-4658.patch'
+
+  if platform.is_aix?
+    pkg.environment "PATH", "/opt/pl-build-tools/bin:$(PATH)"
+  elsif platform.is_cross_compiled_linux?
+    pkg.environment "PATH", "/opt/pl-build-tools/bin:$(PATH):#{settings[:bindir]}"
+    pkg.environment "CFLAGS", settings[:cflags]
+    pkg.environment "LDFLAGS", settings[:ldflags]
+  elsif platform.is_solaris?
+    pkg.environment "PATH", "/opt/pl-build-tools/bin:$(PATH):/usr/local/bin:/usr/ccs/bin:/usr/sfw/bin:#{settings[:bindir]}"
+    pkg.environment "CFLAGS", settings[:cflags]
+    pkg.environment "LDFLAGS", settings[:ldflags]
+  elsif platform.is_macos?
+    pkg.environment "LDFLAGS", settings[:ldflags]
+    pkg.environment "CFLAGS", settings[:cflags]
+  else
+    pkg.build_requires "make"
+    pkg.environment "PATH" => "/opt/pl-build-tools/bin:$$PATH:#{settings[:bindir]}"
+    pkg.environment "LDFLAGS" => settings[:ldflags]
+    pkg.environment "CFLAGS" => settings[:cflags]
+  end
+
+  pkg.build_requires 'runtime'
+
+  # The system pkg-config has been found to pass incorrect build flags on
+  # some (but not all) cross-compiled debian-based platforms:
+  if platform.is_cross_compiled? && platform.is_deb?
+    pkg.build_requires "pl-pkg-config" unless platform.name =~ /ubuntu-16\.04-ppc64el/
+  end
+
+  pkg.configure do
+    ["./configure --prefix=#{settings[:prefix]} --without-python #{settings[:host]}"]
+  end
+
+  pkg.build do
+    ["#{platform[:make]} VERBOSE=1 -j$(shell expr $(shell #{platform[:num_cores]}) + 1)"]
+  end
+
+  pkg.install do
+    [
+      "#{platform[:make]} VERBOSE=1 -j$(shell expr $(shell #{platform[:num_cores]}) + 1) install",
+      "rm -rf #{settings[:datadir]}/gtk-doc",
+      "rm -rf #{settings[:datadir]}/doc/#{pkg.get_name}*"
+    ]
+  end
+
+end

configs/components/libxslt.rb

@@ -0,0 +1,60 @@
+component "libxslt" do |pkg, settings, platform|
+  pkg.version "1.1.29"
+  pkg.md5sum "a129d3c44c022de3b9dcf6d6f288d72e"
+  pkg.url "http://xmlsoft.org/sources/#{pkg.get_name}-#{pkg.get_version}.tar.gz"
+  pkg.mirror "http://buildsources.delivery.puppetlabs.net/libxslt-#{pkg.get_version}.tar.gz"
+
+  pkg.build_requires "libxml2"
+
+  pkg.apply_patch 'resources/patches/libxslt/fix-heap-overread.patch'
+  pkg.apply_patch 'resources/patches/libxslt/check-for-integer-overflow.patch'
+
+  if platform.is_aix?
+    pkg.environment "PATH", "/opt/pl-build-tools/bin:$(PATH)"
+  elsif platform.is_cross_compiled_linux?
+    pkg.environment "PATH", "/opt/pl-build-tools/bin:$(PATH):#{settings[:bindir]}"
+    pkg.environment "CFLAGS", settings[:cflags]
+    pkg.environment "LDFLAGS", settings[:ldflags]
+
+    # libxslt is picky about manually specifying the build host
+    build = "--build x86_64-linux-gnu"
+    # don't depend on libgcrypto
+    disable_crypto = "--without-crypto"
+  elsif platform.is_solaris?
+    pkg.environment "PATH", "/opt/pl-build-tools/bin:$(PATH):/usr/local/bin:/usr/ccs/bin:/usr/sfw/bin:#{settings[:bindir]}"
+    pkg.environment "CFLAGS", settings[:cflags]
+    pkg.environment "LDFLAGS", settings[:ldflags]
+    # Configure on Solaris incorrectly passes flags to ld
+    pkg.apply_patch 'resources/patches/libxslt/disable-version-script.patch'
+    pkg.apply_patch 'resources/patches/libxslt/Update-missing-script-to-return-0.patch'
+  elsif platform.is_macos?
+    pkg.environment "LDFLAGS", settings[:ldflags]
+    pkg.environment "CFLAGS", settings[:cflags]
+  else
+    pkg.build_requires "make"
+    pkg.environment "PATH" => "/opt/pl-build-tools/bin:$$PATH:#{settings[:bindir]}"
+    pkg.environment "LDFLAGS" => settings[:ldflags]
+    pkg.environment "CFLAGS" => settings[:cflags]
+  end
+
+  if platform.is_cross_compiled_linux? || platform.name =~ /solaris-11/
+    pkg.build_requires "pl-gcc-#{platform.architecture}"
+  end
+
+  pkg.configure do
+    ["./configure --prefix=#{settings[:prefix]} --docdir=/tmp --with-libxml-prefix=#{settings[:prefix]} #{settings[:host]} #{disable_crypto} #{build}"]
+  end
+
+  pkg.build do
+    ["#{platform[:make]} VERBOSE=1 -j$(shell expr $(shell #{platform[:num_cores]}) + 1)"]
+  end
+
+  pkg.install do
+    [
+      "#{platform[:make]} VERBOSE=1 -j$(shell expr $(shell #{platform[:num_cores]}) + 1) install",
+      "rm -rf #{settings[:datadir]}/gtk-doc",
+      "rm -rf #{settings[:datadir]}/doc/#{pkg.get_name}*"
+    ]
+  end
+
+end

configs/components/pdk-module-template.rb

@@ -1,4 +1,4 @@
-component "rubygem-pdk" do |pkg, settings, platform|
+component "pdk-module-template" do |pkg, settings, platform|
   # Set url and ref from json file so it's easy for jenkins
   # to promote new template versions.
   pkg.load_from_json('configs/components/pdk-module-template.json')