Skip to content

Releases: chef-boneyard/opscode-omnibus

Keys to the Kingdom

18 Feb 15:57
@mmzyk mmzyk
12.0.3
dc78b35
Compare
Choose a tag to compare
Keys to the Kingdom Latest
Latest

See https://www.chef.io/blog/2015/02/05/chef-server-12-0-3-released/

Assets 2
Loading

Security Release: Fix oc-id CSRF

18 Dec 16:26
@mmzyk mmzyk
12.0.1
404c006
Compare
Choose a tag to compare
Security Release: Fix oc-id CSRF

A CSRF vulnerability was found in the oc-id service that ships with the Chef Server (specifically in the doorkeeper gem that is used by the oc-id service). This release updates the gem.

Chef Server 12.0.1 and Enterprise Chef Server 11.2.6 contain the fix. Open Source Chef Server 11 does not need the fix, as it does not ship with the oc-id service.

Assets 2
Loading

EC 11.2.5

11 Nov 15:14
@mmzyk mmzyk
11.2.5
e1b7b1d
Compare
Choose a tag to compare
EC 11.2.5

Add support for Chef 12 client by removing max client check

Assets 2
Loading

11.1.1

18 Feb 17:56
@schisamo schisamo
11.1.1
a206c23
Compare
Choose a tag to compare
11.1.1

private-chef-cookbooks

BUGFIXES

  • remove banned/whitelist IP checking from OpenResty Lua config that breaks ipv6 clients
Assets 2
Loading

1.4.7

18 Feb 17:54
@schisamo schisamo
1.4.7
d277c7a
Compare
Choose a tag to compare
1.4.7

libyaml 0.1.5

  • [CVE-2013-6393] - ml_parser_scan_tag_uri function in scanner.c performs incorrect cast

openssl 1.0.1f

  • [CVE-2013-4353] - allows remote TLS servers to cause a denial of service

nginx 1.4.4

  • [CVE-2013-2070] - when proxy_pass is used with untrusted HTTP servers, allows remote attackers to cause a denial of service
  • [CVE-2013-4547] - allows remote attackers to bypass intended restrictions via an unescaped space character in a URI

ruby 1.9.3-p484

  • [CVE-2013-4164] - heap-based buffer overflow allows context-dependent attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a string that is converted to a floating point value

postgresql 9.1.9

  • [CVE-2013-1899] - allows remote attackers to cause a denial of service (file corruption), and allows remote authenticated users to modify configuration settings and execute arbitrary code
  • [CVE-2013-1900] - when using OpenSSL, generates insufficiently random numbers, which might allow remote authenticated users to have an unspecified impact via vectors related to the "contrib/pgcrypto functions"
  • [CVE-2013-1901] - does not properly check REPLICATION privileges, which allows remote authenticated users to bypass intended backup restrictions by calling the (1) pg_start_backup or (2) pg_stop_backup functions
  • [CVE-2013-1902] - generates insecure temporary files with predictable filenames, which has unspecified impact and attack vectors related to "graphical installers for Linux and Mac OS X"
  • [CVE-2013-1903] - incorrectly provides the superuser password to scripts related to "graphical installers for Linux and Mac OS X," which has unspecified impact and attack vectors
Assets 2
Loading

11.1.0

18 Feb 17:56
@schisamo schisamo
11.1.0
9c74fbf
Compare
Choose a tag to compare
11.1.0

omnibus-ruby 1.3.0

omnibus-software 3d9d097332199fdafc3237c0ec11fcd784c11b4d

  • [keepalived] update to 1.2.9 + patch for Centos 5.5
  • [perl] generate an Omnibus-friendly CPAN config
  • [openssl] CVE-2013-4353/CHEF-4939 - tls handshake causes null pointer in OpenSSL
  • [berkshelf] update to 2.0.12
  • [libyaml] CVE-2013-6393 - update libyaml to 0.1.5

redis-rb 3.0.6

  • Add redis gem for reconfigure management of redis install

openresty-lpeg 0.12

  • Add Lua lpeg library for use in refactored openresty routing config

redis 2.8.2

  • Add back in for use in openresty routing config

bookshelf 1.1.3

  • Remove request logging, which causes backups and crashing under heavy load

enterprise-chef-server-schema 2.2.3

  • Add containers table
  • Add new enum type and columns for user password hash
  • Add groups table
  • Add index for opc_users(customer_id) (improves delete performance)

oc-chef-pedant 1.0.25

  • [CHEF-4086] Add tests for cookbook version host header changes
  • Add tests to validate newly created organizations
  • Updates to /containers endpoint tests for ruby / erlang switching
  • Updates to /groups endpoint tests for ruby / erlang switching
  • Use IPV6-compatible rest-client gem for testing IPV6
  • Add tests for /users/:user/_acl endpoint
  • Update /principals endpoint tests for pushy updates

oc_bifrost 1.4.4

  • Add IPV6 support
  • Use shared opscoderl_wm to pull in webmachine dependency

oc_erchef 0.23.0

  • [CHEF-4086] Add configurable host for S3 pre-signed URLs
  • Refactor chef_objects, chef_db, and chef_wm to support non-open-source features
  • Add support for SQL/Erlang /containers endpoint (not migrated)
  • Add support for SQL/Erlang /groups endpoint (not migrated)
  • Convert all configuration fetching code to use envy library
  • Remove REST API for darklaunch
  • Add containers API docs to oc_erchef code base
  • Remove caching of search-related database responses
  • Remove fast_log and replace with lager
  • Add IPV6 support
  • Differentiate between 404s for missing principal vs. missing org

opscode-account rel-1.43.0

  • Remove SQL switching code for migrated objects
  • Support container objects in SQL
  • Support group objects in SQL
  • Remove obsolete clients controller
  • Encrypt user passwords with bcrypt
  • BUGFIX: allow non-admin users to leave organizations
  • Remove UPDATE from containers API
  • Add IPV6 support
  • BUGFIX: fix Ace.new method in #update_user_ace
  • BUGFIX: don't log password changes in plain text
  • BUGFIX: /organizations API can't show billing admins group

sqitch

  • Ensure sqitch uses an Omnibus-specific CPAN config

private-chef-cookbooks

  • [keepalived] Adjust command syntax for 1.2.9
  • [erchef / bookshelf] Add s3_external_url configuration
  • [all] Add IPV6 address support
  • [nginx] Add ipv6only option to listen directive
  • [sysctl] Force net.ipv6.bindonly to 0
  • [opscode-certificate] Run certificate service on front-ends
  • [redis] Add redis back into EC build (name redis-lb)
  • [enterprise-chef-server-schema] Add schema upgrade for bcrypt user password support
  • [openresty] Add lua-based upstream routing
  • [oc_bifrost] Use opscoderl_wm logging
  • [oc_erchef] Replace fast_log with lager
  • [oc_erchef] Remove deprecated use of db_type for sqerl config
  • [configuration] Increment api_version for release 11.0.0 -> 11.1.0
  • [opscode-certificate] Make sure :restart action occurs on all nodes
  • [keepalived] Fixes for keepalived.conf to work with 1.2.9 unicast
  • [bookshelf] Turn off request logging
Assets 2
Loading

11.0.2

04 Dec 01:14
@schisamo schisamo
11.0.2
cb96671
Compare
Choose a tag to compare
11.0.2

bookshelf 1.0.3

Improvement

  • Convert file IO to raw mode - Switching from cooked to raw mode to
    reduce the number of processes created per-request. Cooked mode creates
    at least 1 process per FD which can become an issue if the bookshelf
    server receives a sudden burst of traffic.
  • Tuning default values to handle high load.
  • Create bookshelf data dir and setup ownership before running migration.

OpenResty 1.4.3.6

Bug Fixes

  • [CVE-2013-4547] - security restriction bypass flaw due to whitespace parsing.

opscode-solr

Bug Fixes

  • [CHEF-4792] - Disable insecure JMX settings leading to potential remote code
    execution.

opscode-chef-mover (Migration)

Bug Fixes

  • Shifting up Mover log clean up in case the upgrade needs to be restarted.
  • Changing start opscode-chef-mover to a restart in case it is already running
    after a failed upgrade.
  • Adding a quick sleep before starting the migrate script to give time for all
    mover services to be running.
  • Remove recursive chown, run migration as opscode user.
  • Use compile mode and avoid /usr/bin/env for cookbook migration escript.

opscode-webui rel-3.8.10

Bug Fixes

  • [CVE-2013-4389] Possible DoS Vulnerability in Action Mailer
  • Render html for all 404s to avoid errors for other file types.
  • Coerce uptime to string in case it's a Fixnum.

Ruby 1.9.3-p484

Bug Fixes

Other Changes

Bug Fixes

  • [OC-10648] Fix check for disabled services in 008-fix-logging migration.
Assets 2
Loading

11.0.2-rc.4

27 Nov 22:48
@schisamo schisamo
11.0.2-rc.4
6a5d77c
Compare
Choose a tag to compare
11.0.2-rc.4 Pre-release
Pre-release

bookshelf 1.0.3

Improvement

  • Convert file IO to raw mode - Switching from cooked to raw mode to
    reduce the number of processes created per-request. Cooked mode creates
    at least 1 process per FD which can become an issue if the bookshelf
    server receives a sudden burst of traffic.
  • Tuning default values to handle high load.
  • Create bookshelf data dir and setup ownership before running migration.

OpenResty 1.4.3.6

Bug Fixes

  • [CVE-2013-4547] - security restriction bypass flaw due to whitespace parsing.

opscode-solr

Bug Fixes

  • [CHEF-4792] - Disable insecure JMX settings leading to potential remote code
    execution.

opscode-chef-mover (Migration)

Bug Fixes

  • Shifting up Mover log clean up in case the upgrade needs to be restarted.
  • Changing start opscode-chef-mover to a restart in case it is already running
    after a failed upgrade.
  • Adding a quick sleep before starting the migrate script to give time for all
    mover services to be running.
  • Remove recursive chown, run migration as opscode user.
  • Use compile mode and avoid /usr/bin/env for cookbook migration escript.

opscode-webui rel-3.8.10

Bug Fixes

  • [CVE-2013-4389] Possible DoS Vulnerability in Action Mailer
  • Render html for all 404s to avoid errors for other file types.
  • Coerce uptime to string in case it's a Fixnum.

Ruby 1.9.3-p484

Bug Fixes

Assets 2
Loading