2024-11-13 12:34:22 by Jonathan Perkin | Files touched by this commit (1) |
Log message:
salt: Spell PYTHON_VERSIONS_ACCEPTED correctly.
|
2024-11-13 12:31:26 by Jonathan Perkin | Files touched by this commit (1) | |
Log message:
salt: Pin to python310.
It's what upstream recommend, and it doesn't even start up using
python312. I assume this works with python311 as that was the default
when this was last updated, but we might as well stick with upstream.
Bump PKGREVISION.
|
2024-03-06 20:11:53 by Adam Ciarcinski | Files touched by this commit (3) | |
Log message:
salt salt-docs: updated to 3006.7
SALT 3006.7 RELEASE NOTES
CHANGELOG
DEPRECATED
Deprecate and stop using salt.features
CHANGED
Change module search path priority, so Salt extensions can be overridden by \
syncable modules and module_dirs. You can switch back to the old logic by \
setting features.enable_deprecated_module_search_path_priority to true, but it \
will be removed in Salt 3008.
FIXED
Fix an issue with mac_shadow that was causing a command execution error when \
retrieving values that were not yet set. For example, retrieving last login \
before the user had logged in.
Fixed an issue when keys didn't match because of line endings
Corrected encoding of credentials for use with Artifactory
Use send_multipart instead of send when sending multipart message.
Fix an issue where the minion would crash on Windows if some of the grains \
failed to resolve
Fix issue with openscap when the error was outside the expected scope. It now \
returns failed with the error code and the error
Upgrade relenv to 0.15.0 to fix namespaced packages installed by salt-pip
Fix regression of fileclient re-use when rendering sls pillars and states
Fixes the s3fs backend computing the local cache's files with the wrong hash type
Fixed Salt-SSH pillar rendering and state rendering with nested SSH calls when \
called via saltutil.cmd or in an orchestration
Fix boto execution module loading
Removed PR 65185 changes since incomplete solution
catch only ret/ events not all returning events.
Fix nonsensical time in fileclient timeout error.
Fixes an issue when reading/modifying ini files that contain unicode characters
added https proxy to the list of proxies so that requests knows what to do with \
https based proxies
Ensure minion channels are closed on any master connection error.
Fixed issue where Salt can't find libcrypto when pip installed from a cloned repo
Fix RPM package systemd scriptlets to make RPM packages more universal
Fixed an issue where fileclient requests during Pillar rendering cause \
fileserver backends to be needlessly refreshed.
Fix exceptions being set on futures that are already done in ZeroMQ transport
Use hmac compare_digest method in hashutil module to mitigate potential timing \
attacks
Fix request channel default timeout regression. In 3006.5 it was changed from 60 \
to 30 and is now set back to 60 by default.
Upgrade relenv to 0.15.1 to fix debugpy support.
SECURITY
Bump to cryptography==42.0.0 due to https://github.com/advisories/GHSA-3ww4-gg4f-jr7f
In the process, we were also required to update to pyOpenSSL==24.0.0
Bump to cryptography==42.0.3 due to https://github.com/advisories/GHSA-3ww4-gg4f-jr7f
|
2024-02-02 21:17:24 by Adam Ciarcinski | Files touched by this commit (3) | |
Log message:
salt: updated to 3006.6
SALT 3006.6 RELEASE NOTES
CHANGED
Salt no longer time bombs user installations on code using \
salt.utils.versions.warn_until_date
FIXED
Fix un-closed transport in tornado netapi
SECURITY
CVE-2024-22231 Prevent directory traversal when creating syndic cache directory \
on the master CVE-2024-22232 Prevent directory traversal attacks in the master's \
serve_file method. These vulerablities were discovered and reported by: Yudi \
Zhao(Huawei Nebula Security Lab),Chenwei Jiang(Huawei Nebula Security Lab)
Update some requirements which had some security issues:
Bump to pycryptodome==3.19.1 and pycryptodomex==3.19.1 due to \
https://github.com/advisories/GHSA-j225-cvw7-qrx7
Bump to gitpython==3.1.41 due to https://github.com/advisories/GHSA-2mqj-m65w-jghx
Bump to jinja2==3.1.3 due to https://github.com/advisories/GHSA-h5c8-rqwp-cp95
|
2024-01-22 17:35:25 by Adam Ciarcinski | Files touched by this commit (8) | |
Log message:
salt salt-docs: updated to 3006.5
SALT 3006.5
REMOVED
Tech Debt - support for pysss removed due to functionality addition in Python 3.3
FIXED
Improved error message when state arguments are accidentally passed as a string
Allow pip.install to create a log file that is passed in if the parent directory \
is writeable
Fixed merging of complex pillar overrides with salt-ssh states
Fixed gpg pillar rendering with salt-ssh
Made salt-ssh states not re-render pillars unnecessarily
Made Salt maintain options in Debian package repo definitions
Migrated all invoke tasks to python-tools-scripts.
tasks/docs.py -> tools/precommit/docs.py
tasks/docstrings.py -> tools/precommit/docstrings.py
tasks/loader.py -> tools/precommit/loader.py
tasks/filemap.py -> tools/precommit/filemap.py
Fix salt user login shell path in Debian packages
Fill out lsb_distrib_xxxx (best estimate) grains if problems with retrieving \
lsb_release data
Fixed an issue in the file.directory state where the children_only keyword \
argument was not being respected.
Move salt.ufw to correct location /etc/ufw/applications.d/
Fixed salt-ssh stacktrace when retcode is not an integer
Fixed SSH shell seldomly fails to report any exit code
Fixed some issues in x509_v2 execution module private key functions
Fixed grp.getgrall() in utils/user.py causing performance issues
Fix user.list_groups omits remote groups via sssd, etc.
Ensure sync from _grains occurs before attempting pillar compilation in case \
custom grain used in pillar file
Moved gitfs locks to salt working dir to avoid lock wipes
Only attempt to create a keys directory when --gen-keys is passed to the salt-key CLI
Fix nonce verification, request server replies do not stomp on eachother.
speed up yumpkg list_pkgs by not requiring digest or signature verification on \
lookup.
Fix pkg.latest failing on windows for winrepo packages where the package is \
already up to date
Ensure kwarg is preserved when checking for kwargs. This change affects proxy \
minions when used with Deltaproxy, which had kwargs popped when targeting \
multiple minions id.
Fixes traceback when state id is an int in a reactor SLS file.
Install logrotate config as /etc/logrotate.d/salt-common for Debian packages \
Remove broken /etc/logrotate.d/salt directory from 3006.3 if it exists.
Use sha256 as the default hash_type. It has been the default since Salt v2016.9
Preserve ownership on log rotation
Ensure that the correct value of jid_inclue is passed if the argument is \
included in the passed keyword arguments.
Uprade relenv to 0.14.2
Update openssl to address CVE-2023-5363.
Fix bug in openssl setup when openssl binary can't be found.
Add M1 mac support.
Fix regex for filespec adding/deleting fcontext policy in selinux
Ensure CLI options take priority over Saltfile options
Test mode for state function saltmod.wheel no longer set's result to (None,)
Client only process events which tag conforms to an event return.
Fixes an issue setting user or machine policy on Windows when the Group Policy \
directory is missing
Fix regression in file module which was not re-using a file client.
pip.installed state will now properly fail when a specified user does not exists
Publish channel connect callback method properly closes it's request channel.
Ensured the pillar in SSH wrapper modules is the same as the one used in \
template rendering when overrides are passed
Fix file.comment ignore_missing not working with multiline char
Warn when an un-closed transport client is being garbage collected.
Only generate the HMAC's for libssl.so.1.1 and libcrypto.so.1.1 if those files exist.
Fixed an issue where Salt Cloud would fail if it could not delete lingering \
PAexec binaries
ADDED
Added Salt support for Debian 12
Added Salt support for Amazon Linux 2023
SECURITY
Bump to cryptography==41.0.4 due to https://github.com/advisories/GHSA-v8gr-m533-ghj9
Bump to cryptography==41.0.7 due to https://github.com/advisories/GHSA-jfhm-5ghh-2f97
|
2023-08-14 07:25:36 by Thomas Klausner | Files touched by this commit (1247) |
Log message:
*: recursive bump for Python 3.11 as new default
|
2023-05-07 15:09:52 by Thomas Klausner | Files touched by this commit (2) |
Log message:
salt-docs: fix build with latest sphinx
|
2022-10-31 18:32:46 by Adam Ciarcinski | Files touched by this commit (8) | |
Log message:
salt salt-docs: updated to 3005.1
3005.1
FIXED
Fix arch parsing issue in apt source files
Fixed parsing CDROM apt sources
Use str() method instead of repo_line for when python3-apt is installed or not \
in aptpkg.py.
Remove the connection_timeout from netmiko_connection_args before \
netmiko_connection_args is added to \
__context__["netmiko_device"]["args"] which is passed along \
to the Netmiko library.
fixes #62553 by checking for disabled master_type before starting master \
connection and skipping it if set.
Fix runas with cmd module when using the onedir bundled packages
Fix the Pyinstaller hooks to preserve the environment if None is passed.
pkgrepo.managed sets wrong permissions on keys installed to /etc/apt/keyring
pkgrepo.managed creates zero byte gpg files when dearmoring contents to the same \
filename
Ensure default values for IPC Buffers are correct type
Fix a hang on salt-ssh when using sudo.
Renderers now have access to the correct set of salt functions.
Fix including Jinja template from absolute path
include jmespath in package requirements
Fix pkgrepo.managed signed-by in test=true mode
Ensure the status of the service is captured when the beacon function is called, \
even when the event is not being emitted.
The sub proxies controlled by Deltaproxy need to have their own req_channel \
otherwise there are timeout exceptions when the __master_req_channel_payload is \
fired and reacted on.
|
2022-09-30 12:02:12 by Stephen Borrill | Files touched by this commit (1) | |
Log message:
salt: update HOMEPAGE
|
2022-06-30 13:19:02 by Nia Alarie | Files touched by this commit (524) |
Log message:
*: Revbump packages that use Python at runtime without a PKGNAME prefix
|