Looking at Puppet 1.10.8, I see in /opt/puppetlabs/puppet/lib/pkgconfig/augeas.pc:
Version: 1.4.0 That version was released on june 2015/ But at https://github.com/hercules-team/augeas/releases, current augeas version is 1.8.1, and still don't include patch for that bug. It prevent upgrade to RHEL7.4. Any hop to get it corrected soon in the puppet agent ? Or should I try to implement a workaround, because at the same time, there is CVE-2017-1000253 that requires an upgrade to 7.4. > Le 27 août 2017 à 14:17, Fabrice Bacchella <[email protected]> a > écrit : > > Thanks ! > >> Le 27 août 2017 à 06:56, David Lutterkort <[email protected]> a écrit : >> >> Hi Fabrice, >> >> I just merged this change to the sudoers lens to address that. You can just >> overwrite the stock lens in /usr/share/augeas/lenses/dist/sudoers.aug with >> the updated lens, and things should just work. >> >> David >> >> On Friday, August 25, 2017 at 9:43:13 AM UTC-7, Fabrice Bacchella wrote: >> I've upgraded a test machin with Centos 7.4 CR >> >> When I run puppet on it, configuring /etc/sudoers with augeas, I'm getting: >> >> Warning: Augeas[sudoers include](provider=augeas): Loading failed for one or >> more files, see debug for /augeas//error output >> >> augtool ls /augeas//error says : >> pos = 2308 >> line = 65 >> char = 12 >> lens/ = /usr/share/augeas/lenses/dist/sudoers.aug:529.10-.70: >> message = Iterated lens matched less than it should >> >> Line 65 is: >> Defaults match_group_by_gid >> >> If I look at /usr/share/augeas/lenses/dist/sudoers.aug, I found: >> let parameter_flag_kw = "always_set_home" | "authenticate" | "env_editor" >> | "env_reset" | "fqdn" | "ignore_dot" >> | "ignore_local_sudoers" | "insults" | "log_host" >> | "log_year" | "long_otp_prompt" | "mail_always" >> | "mail_badpass" | "mail_no_host" | "mail_no_perms" >> | "mail_no_user" | "noexec" | "path_info" >> | "passprompt_override" | "preserve_groups" >> | "requiretty" | "root_sudo" | "rootpw" | "runaspw" >> | "set_home" | "set_logname" | "setenv" >> | "shell_noargs" | "stay_setuid" | "targetpw" >> | "tty_tickets" | "visiblepw" | "closefrom_override" >> | "closefrom_override" | "compress_io" | "fast_glob" >> | "log_input" | "log_output" | "pwfeedback" >> | "umask_override" | "use_pty" >> >> match_group_by_gid is missing I think. >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Puppet Users" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/puppet-users/66d019bc-0554-48e3-a2dc-1b61e5f976b8%40googlegroups.com. >> For more options, visit https://groups.google.com/d/optout. > > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/puppet-users/77480E2A-BF98-4567-A536-4514CED03F41%40orange.fr. > For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/ADEFCF63-15F5-4B95-8468-D2C01044FFA1%40orange.fr. For more options, visit https://groups.google.com/d/optout.
