From f1f50ef5829eb363724f014d561a92432143b232 Mon Sep 17 00:00:00 2001
From: Tim Smith <tsmith@chef.io>
Date: Wed, 25 Oct 2017 12:37:09 -0700
Subject: Update liblzma, libxml2, libxslt, libyaml, zlib, and openssl

Bump all omnibus deps to pull in security and bug fixes

Signed-off-by: Tim Smith <tsmith@chef.io>
---
 omnibus/Gemfile.lock | 52 +++++++++++++++++++++++++++-------------------------
 version_policy.rb    | 12 ++++++------
 2 files changed, 33 insertions(+), 31 deletions(-)

diff --git a/omnibus/Gemfile.lock b/omnibus/Gemfile.lock
index 8de20d810a..61bf4f953c 100644
--- a/omnibus/Gemfile.lock
+++ b/omnibus/Gemfile.lock
@@ -1,6 +1,6 @@
 GIT
   remote: https://github.com/chef/license_scout
-  revision: 0e89df12ad6bc451924610dd6a570fc264fde15e
+  revision: b7b1e6c5d027f201fc4fa30c775384112d81c1bd
   specs:
     license_scout (0.1.3)
       ffi-yajl (~> 2.2)
@@ -9,7 +9,7 @@ GIT
 
 GIT
   remote: https://github.com/chef/omnibus
-  revision: 52393d7cab443b61790f94c62775d9032d283497
+  revision: e3807801e61b9012ea2e0677a60c2bf72c0e4972
   specs:
     omnibus (5.6.1)
       aws-sdk (~> 2)
@@ -26,7 +26,7 @@ GIT
 
 GIT
   remote: https://github.com/chef/omnibus-software
-  revision: aa4162c2f7a4e8e5cf9d961e060d5a48a15a5e63
+  revision: 65a9bed9e37e0b6ba7c8aae0b588f11ce5fc399a
   specs:
     omnibus-software (4.0.0)
       chef-sugar (>= 3.4.0)
@@ -37,15 +37,14 @@ GEM
   specs:
     addressable (2.5.2)
       public_suffix (>= 2.0.2, < 4.0)
-    artifactory (2.8.2)
     awesome_print (1.8.0)
-    aws-sdk (2.10.45)
-      aws-sdk-resources (= 2.10.45)
-    aws-sdk-core (2.10.45)
+    aws-sdk (2.10.71)
+      aws-sdk-resources (= 2.10.71)
+    aws-sdk-core (2.10.71)
       aws-sigv4 (~> 1.0)
       jmespath (~> 1.0)
-    aws-sdk-resources (2.10.45)
-      aws-sdk-core (= 2.10.45)
+    aws-sdk-resources (2.10.71)
+      aws-sdk-core (= 2.10.71)
     aws-sigv4 (1.0.2)
     berkshelf (4.3.5)
       addressable (~> 2.3, >= 2.3.4)
@@ -69,7 +68,7 @@ GEM
       faraday (~> 0.9.1)
       httpclient (~> 2.7.0)
       ridley (~> 4.5)
-    binding_of_caller (0.7.2)
+    binding_of_caller (0.7.3)
       debug_inspector (>= 0.0.1)
     buff-config (1.0.1)
       buff-extensions (~> 1.0)
@@ -86,7 +85,7 @@ GEM
     celluloid-io (0.16.2)
       celluloid (>= 0.16.0)
       nio4r (>= 1.1.0)
-    chef-config (13.4.19)
+    chef-config (13.5.3)
       addressable
       fuzzyurl
       mixlib-config (~> 2.0)
@@ -123,15 +122,14 @@ GEM
     logging (2.2.2)
       little-plugger (~> 1.1)
       multi_json (~> 1.10)
-    method_source (0.8.2)
+    method_source (0.9.0)
     minitar (0.6.1)
     mixlib-archive (0.4.1)
       mixlib-log
     mixlib-authentication (1.4.2)
     mixlib-cli (1.7.0)
     mixlib-config (2.2.4)
-    mixlib-install (2.1.12)
-      artifactory
+    mixlib-install (3.6.0)
       mixlib-shellout
       mixlib-versioning
       thor
@@ -172,11 +170,10 @@ GEM
       progressbar
       zhexdump (>= 0.0.2)
     plist (3.3.0)
-    progressbar (1.8.2)
-    pry (0.10.4)
+    progressbar (1.9.0)
+    pry (0.11.2)
       coderay (~> 1.1.0)
-      method_source (~> 0.8.1)
-      slop (~> 3.4)
+      method_source (~> 0.9.0)
     pry-byebug (3.5.0)
       byebug (~> 9.1)
       pry (~> 0.10)
@@ -203,7 +200,7 @@ GEM
       retryable (~> 2.0)
       semverse (~> 1.1)
       varia_model (~> 0.4.0)
-    ruby-progressbar (1.8.3)
+    ruby-progressbar (1.9.0)
     rubyntlm (0.6.2)
     rubyzip (1.2.1)
     safe_yaml (1.0.4)
@@ -211,23 +208,25 @@ GEM
       addressable (>= 2.3.5, < 2.6)
       faraday (~> 0.8, < 1.0)
     semverse (1.2.1)
-    slop (3.6.0)
     solve (2.0.3)
       molinillo (~> 0.4.2)
       semverse (~> 1.1)
     systemu (2.6.5)
-    test-kitchen (1.17.0)
-      mixlib-install (>= 1.2, < 3.0)
+    test-kitchen (1.18.0)
+      mixlib-install (~> 3.6)
       mixlib-shellout (>= 1.2, < 3.0)
       net-scp (~> 1.1)
       net-ssh (>= 2.9, < 5.0)
       net-ssh-gateway (~> 1.2)
       safe_yaml (~> 1.0)
       thor (~> 0.19, < 0.19.2)
+      winrm (~> 2.0)
+      winrm-elevated (~> 1.0)
+      winrm-fs (~> 1.0.2)
     thor (0.19.1)
     timers (4.0.4)
       hitimes
-    toml-rb (1.0.0)
+    toml-rb (1.1.0)
       citrus (~> 3.0, > 3.0)
     varia_model (0.4.1)
       buff-extensions (~> 1.0)
@@ -243,7 +242,10 @@ GEM
       logging (>= 1.6.1, < 3.0)
       nori (~> 2.0)
       rubyntlm (~> 0.6.0, >= 0.6.1)
-    winrm-fs (1.0.1)
+    winrm-elevated (1.1.0)
+      winrm (~> 2.0)
+      winrm-fs (~> 1.0)
+    winrm-fs (1.0.2)
       erubis (~> 2.7)
       logging (>= 1.6.1, < 3.0)
       rubyzip (~> 1.1)
@@ -269,4 +271,4 @@ DEPENDENCIES
   winrm-fs (~> 1.0)
 
 BUNDLED WITH
-   1.12.5
+   1.15.4
diff --git a/version_policy.rb b/version_policy.rb
index 34336f7296..38e956ca32 100644
--- a/version_policy.rb
+++ b/version_policy.rb
@@ -23,13 +23,13 @@ OMNIBUS_OVERRIDES = {
   :bundler => "1.12.5", # until we figure out how to work with 1.13.0
   "libffi" => "3.2.1",
   "libiconv" => "1.15",
-  "liblzma" => "5.2.2",
+  "liblzma" => "5.2.3",
   ## according to comment in omnibus-sw, the very latest versions don't work on solaris
   # https://github.com/chef/omnibus-software/blob/aefb7e79d29ca746c3f843673ef5e317fa3cba54/config/software/libtool.rb#L23
   "libtool" => "2.4.2",
-  "libxml2" => "2.9.4",
-  "libxslt" => "1.1.29",
-  "libyaml" => "0.1.6",
+  "libxml2" => "2.9.5",
+  "libxslt" => "1.1.30",
+  "libyaml" => "0.1.7",
   "makedepend" => "1.0.5",
   "ncurses" => "5.9",
   "pkg-config-lite" => "0.28-1",
@@ -41,11 +41,11 @@ OMNIBUS_OVERRIDES = {
   "ruby-windows-devkit-bash" => "3.1.23-4-msys-1.0.18",
   "util-macros" => "1.19.0",
   "xproto" => "7.0.28",
-  "zlib" => "1.2.8",
+  "zlib" => "1.2.11",
 
   ## These can float as they are frequently updated in a way that works for us
   #override "cacerts" =>"???",
-  "openssl" => "1.0.2j",
+  "openssl" => "1.0.2l",
 }
 
 #
-- 
cgit v1.2.1