Merge remote-tracking branch 'cve/2.7rc' into 2.7.x
- cve/2.7rc: Update CHANGELOG lib/puppet.rb conf/redhat/puppet.spec for 2.7.18 Reject directory traversal in store report processor Tighten permissions on classfile, resourcefile, lastrunfile, and lastrunreport. Use "inspect" when listing certificates Don't allow the creation of SSL objects with invalid certnames Validate CSR CN and provided certname before signing Add specs for selector terminuses of file_{content,metadata} Fix whitespace inside parentheses Use head method to determine if file is in file bucket Always use the local file_bucket on master Fail more gracefully when finding module files if no file is specified Reject file requests containing .. Add Selector terminus for file_content/file_metadata Deprecate IP-based authentication