Subject: CVS commit: pkgsrc/sysutils/puppet
From: Takahiro Kambe
Date: 2022-12-18 16:00:31
Message id: 20221218150031.9F606FA90@cvs.NetBSD.org
Log Message:
sysutils/puppet: update to 7.21.0

pkgsrc changes:

* update HOMEPAGE.
* remove commented MASTER_SITES.
* add support to RUBYGEM_MANPAGES.

7.21.0 (2022-12)

Enhancements

* Allow legacy facts to be excluded

  Added a Puppet setting include_legacy_facts to control whether legacy
  facts are sent to puppetserver when requesting a catalog.  By default,
  Puppet continues to send legacy facts, but it can be disabled if all
  puppet manifests, hiera.yaml and hiera configuration layers are modified
  to no longer use legacy facts.  PUP-11662

* Allow omission of unchanged resources from reports

  With the new setting exclude_unchanged_resources, Puppet can omit data
  about unchanged resources from reports.  This can decrease the size of
  reports significantly.  PUP-11654

Resolved issues

* Tasks are not listed when a single task in an environment has malformed
  metadata

  Tasks containing invalid JSON metadata are skipped in the GET /tasks
  endpoint rather than the whole response returning 500.  PUP-11683

* Purging SSH keys on a user resource fails when alias is used

  Catalog compilation no longer fails when using the purge_ssh_keys
  parameter on a user resource with an alias metaparameter.  PUP-11631

* puppet lookup –E does not execute the ENC

  If you specify puppet lookup with an explicit environment ( --environment
  web ) then lookup did not call to the classifier, causing any node
  parameters set in the classifier to be omitted.  This was because calling
  the classifier assigns a different environment to the node by default,
  returning a lookup result for a different environment than was requested.
  This issue has been fixed.  It also affected open source (replace the word
  classifier with ENC).  PUP-11527

Security

* Bump puppet-runtime's Ruby to 2.7.7

  Updates puppet-agent's Ruby to 2.7.7, addressing CVE-2021-33621. PA-4805

* Update libxml2 to 2.10.3

  Updates puppet-agent's vendored libxml2 from 2.9.8 to 2.10.3, which
  addresses CVE-2021-4541, CVE-2022-23308, CVE-2022-29824, CVE-2022-40303,
  and CVE-2022-40304. Also updates puppet-agent's vendored libxslt from
  1.1.33 to 1.1.37, which addresses CVE-2021-30560.  PA-4770

* osx-10.15-x86_64 - NULL pointer dereference in Nokogiri

  Updates Nokogiri to 1.13.9, which addresses CVE-2022-2309, CVE-2022-40304,
  and CVE-2022-40303 in Nokogiri's vendored libxml2 and CVE-2022-37434 in
  Nokogiri's vendored zlib.  PA-4767
Files:
RevisionActionfile
1.58modifypkgsrc/sysutils/puppet/Makefile
1.36modifypkgsrc/sysutils/puppet/PLIST
1.41modifypkgsrc/sysutils/puppet/distinfo