From 1f575065b3dcb1c46e6b8f38548f17d24587cf24 Mon Sep 17 00:00:00 2001 From: Morgan Haskel Date: Mon, 31 Aug 2015 16:43:46 -0700 Subject: [PATCH 1/4] 3.6.1 prep --- CHANGELOG.md | 9 +++++++++ metadata.json | 2 +- 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 872bf3b..dba249f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,12 @@ +## 2015-09-08 - Supported Release 3.6.1 +### Summary +This release fixes an incorrect function used in `mysql::server::backup` and fixes compatibility issues with PE 3.3.x. + +#### Bugfixes +- Use `warning()` not `warn()` +- Metadata had inadvertantly dropped 3.3.x support +- Some 3.3.x compatibility issues in `mysqltuner` were corrected + ## 2015-08-10 - Supported Release 3.6.0 ### Summary This release adds the ability to use mysql::db and `mysql_*` types against unmanaged or external mysql instances. diff --git a/metadata.json b/metadata.json index a077391..f5797e3 100644 --- a/metadata.json +++ b/metadata.json @@ -1,6 +1,6 @@ { "name": "puppetlabs-mysql", - "version": "3.6.0", + "version": "3.6.1", "author": "Puppet Labs", "summary": "Installs, configures, and manages the MySQL service.", "license": "Apache-2.0", From 57956783fa62b905e73cba6830d74da50dd10765 Mon Sep 17 00:00:00 2001 From: Bryan Jen Date: Tue, 8 Sep 2015 09:34:32 -0700 Subject: [PATCH 2/4] updates to 3.6.1 prep --- CHANGELOG.md | 1 + metadata.json | 10 +++++----- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index dba249f..83c06b2 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,7 @@ This release fixes an incorrect function used in `mysql::server::backup` and fix - Use `warning()` not `warn()` - Metadata had inadvertantly dropped 3.3.x support - Some 3.3.x compatibility issues in `mysqltuner` were corrected +- Fixes an incorrect warning in `mysql::server::backup` manifest ## 2015-08-10 - Supported Release 3.6.0 ### Summary diff --git a/metadata.json b/metadata.json index f5797e3..49217e0 100644 --- a/metadata.json +++ b/metadata.json @@ -7,6 +7,10 @@ "source": "git://github.com/puppetlabs/puppetlabs-mysql.git", "project_page": "http://github.com/puppetlabs/puppetlabs-mysql", "issues_url": "https://tickets.puppetlabs.com/browse/MODULES", + "dependencies": [ + {"name":"puppetlabs/stdlib","version_requirement":">= 3.2.0 < 5.0.0"}, + {"name":"nanliu/staging","version_requirement":">= 1.0.1 < 2.0.0"} + ], "operatingsystem_support": [ { "operatingsystem": "RedHat", @@ -81,9 +85,5 @@ "version_requirement": ">= 3.0.0 < 5.0.0" } ], - "description": "Mysql module", - "dependencies": [ - {"name":"puppetlabs/stdlib","version_requirement":">= 3.2.0 < 5.0.0"}, - {"name":"nanliu/staging","version_requirement":">= 1.0.1 < 2.0.0"} - ] + "description": "Mysql module" } From 97b8200a5f93d1a6853a8994229183706e6e989e Mon Sep 17 00:00:00 2001 From: Morgan Haskel Date: Thu, 17 Sep 2015 17:06:58 -0700 Subject: [PATCH 3/4] Improved user validation and munging We want to make sure we are validating the entire user parameter (and validating it consistently between mysql_user and mysql_grant). Additionally, for munging we do not want to do anything that could truncate the username. --- lib/puppet/type/mysql_grant.rb | 9 +++++++-- lib/puppet/type/mysql_user.rb | 6 +++--- spec/unit/puppet/type/mysql_user_spec.rb | 10 ++++++++++ 3 files changed, 20 insertions(+), 5 deletions(-) diff --git a/lib/puppet/type/mysql_grant.rb b/lib/puppet/type/mysql_grant.rb index e64e5d8..999100a 100644 --- a/lib/puppet/type/mysql_grant.rb +++ b/lib/puppet/type/mysql_grant.rb @@ -65,10 +65,10 @@ Puppet::Type.newtype(:mysql_grant) do # If at least one special char is used, string must be quoted # http://stackoverflow.com/questions/8055727/negating-a-backreference-in-regular-expressions/8057827#8057827 - if matches = /^(['`"])((?!\1).)*\1@([\w%\.:\-]+)/.match(value) + if matches = /^(['`"])((?!\1).)*\1@([\w%\.:\-\/]+)$/.match(value) user_part = matches[2] host_part = matches[3] - elsif matches = /^([0-9a-zA-Z$_]*)@([\w%\.:\-]+)/.match(value) + elsif matches = /^([0-9a-zA-Z$_]*)@([\w%\.:\-\/]+)$/.match(value) user_part = matches[1] host_part = matches[2] elsif matches = /^((?!['`"]).*[^0-9a-zA-Z$_].*)@(.+)$/.match(value) @@ -87,6 +87,11 @@ Puppet::Type.newtype(:mysql_grant) do end end end + + munge do |value| + matches = /^((['`"]?).*\2)@(.+)$/.match(value) + "#{matches[1]}@#{matches[3].downcase}" + end end newproperty(:options, :array_matching => :all) do diff --git a/lib/puppet/type/mysql_user.rb b/lib/puppet/type/mysql_user.rb index 7f2f56e..94f3685 100644 --- a/lib/puppet/type/mysql_user.rb +++ b/lib/puppet/type/mysql_user.rb @@ -14,10 +14,10 @@ Puppet::Type.newtype(:mysql_user) do # If at least one special char is used, string must be quoted # http://stackoverflow.com/questions/8055727/negating-a-backreference-in-regular-expressions/8057827#8057827 - if matches = /^(['`"])((?:(?!\1).)*)\1@([\w%\.:\-]+)/.match(value) + if matches = /^(['`"])((?:(?!\1).)*)\1@([\w%\.:\-\/]+)$/.match(value) user_part = matches[2] host_part = matches[3] - elsif matches = /^([0-9a-zA-Z$_]*)@([\w%\.:\-]+)/.match(value) + elsif matches = /^([0-9a-zA-Z$_]*)@([\w%\.:\-\/]+)$/.match(value) user_part = matches[1] host_part = matches[2] elsif matches = /^((?!['`"]).*[^0-9a-zA-Z$_].*)@(.+)$/.match(value) @@ -38,7 +38,7 @@ Puppet::Type.newtype(:mysql_user) do end munge do |value| - matches = /^((['`"]?).*\2)@([\w%\.:\-]+)/.match(value) + matches = /^((['`"]?).*\2)@(.+)$/.match(value) "#{matches[1]}@#{matches[3].downcase}" end end diff --git a/spec/unit/puppet/type/mysql_user_spec.rb b/spec/unit/puppet/type/mysql_user_spec.rb index 49bd13f..24530d8 100644 --- a/spec/unit/puppet/type/mysql_user_spec.rb +++ b/spec/unit/puppet/type/mysql_user_spec.rb @@ -51,6 +51,16 @@ describe Puppet::Type.type(:mysql_user) do end end + context 'using foo@192.168.1.0/255.255.255.0' do + before :each do + @user = Puppet::Type.type(:mysql_user).new(:name => 'foo@192.168.1.0/255.255.255.0', :password_hash => 'pass') + end + + it 'should create the user with the netmask' do + expect(@user[:name]).to eq('foo@192.168.1.0/255.255.255.0') + end + end + context 'using allo_wed$char@localhost' do before :each do @user = Puppet::Type.type(:mysql_user).new(:name => 'allo_wed$char@localhost', :password_hash => 'pass') From e1f4b83226a29d52874a63aff545536c38d31f78 Mon Sep 17 00:00:00 2001 From: Morgan Haskel Date: Thu, 17 Sep 2015 17:39:03 -0700 Subject: [PATCH 4/4] Update changelog --- CHANGELOG.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 83c06b2..5cbe103 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,12 +1,12 @@ -## 2015-09-08 - Supported Release 3.6.1 +## 2015-09-22 - Supported Release 3.6.1 ### Summary -This release fixes an incorrect function used in `mysql::server::backup` and fixes compatibility issues with PE 3.3.x. +This is a security and bugfix release that fixes incorrect username truncation in the munge for the mysql_user type, incorrect function used in `mysql::server::backup` and fixes compatibility issues with PE 3.3.x. #### Bugfixes +- Loosen the regex in mysql_user munging so the username is not unintentionally truncated. - Use `warning()` not `warn()` - Metadata had inadvertantly dropped 3.3.x support - Some 3.3.x compatibility issues in `mysqltuner` were corrected -- Fixes an incorrect warning in `mysql::server::backup` manifest ## 2015-08-10 - Supported Release 3.6.0 ### Summary