Log message:
salt salt-docs: updated to 3007.1

3007.1

REMOVED

The salt.utils.psutil_compat was deprecated and now removed in Salt 3008. Please \ 
use the psutil module directly.

FIXED

Fixes multiple issues with the cmd module on Windows. Scripts are called using \ 
the -File parameter to the powershell.exe binary. CLIXML data in stderr is now \ 
removed (only applies to encoded commands). Commands can now be sent to \ 
cmd.powershell as a list. Makes sure JSON data returned is valid. Strips \ 
whitespace from the return when using runas.

Fixed the win_lgpo_netsh salt util to handle non-English systems. This was a \ 
rewrite to use PowerShell instead of netsh to make the changes on the system

Fix typo in nftables module to ensure unique nft family values

Corrected x509_v2 CRL creation last_update and next_update values when system \ 
timezone is not UTC

Fix for NoneType can't be used in 'await' expression error.

Log "Publish server binding pub to" messages to debug instead of error \ 
level.

Fix syndic startup by making payload handler a coroutine

Fixed aptpkg.remove "unable to locate package" error for non-existent \ 
package

Fixed pillar.ls doesn't accept kwargs

Fix cache directory setting in Master Cluster tutorial

Change log level of successful master cluster key exchange from error to info.

Made file.managed skip download of a remote source if the managed file already \ 
exists with the correct hash

Fixed nftables.build_rule breaks ipv6 rules by using the wrong syntax for source \ 
and destination addresses

ADDED

Added the ability to pass a version of chocolatey to install to the \ 
chocolatey.bootstrap function. Also added states to bootstrap and unbootstrap \ 
chocolatey.

Add Ubuntu 24.04 support

Add Fedora 40 support, replacing Fedora 39

SECURITY

Bump to pydantic==2.6.4 due to https://github.com/advisories/GHSA-mr82-8j83-vxmv

Bump to jinja2==3.1.4 due to https://github.com/advisories/GHSA-h75v-3vvj-5mfj

Log message:
salt: Spell PYTHON_VERSIONS_ACCEPTED correctly.

Log message:
salt: Pin to python310.

It's what upstream recommend, and it doesn't even start up using
python312.  I assume this works with python311 as that was the default
when this was last updated, but we might as well stick with upstream.

Bump PKGREVISION.

Log message:
salt salt-docs: updated to 3006.7

SALT 3006.7 RELEASE NOTES

CHANGELOG
DEPRECATED

Deprecate and stop using salt.features

CHANGED

Change module search path priority, so Salt extensions can be overridden by \ 
syncable modules and module_dirs. You can switch back to the old logic by \ 
setting features.enable_deprecated_module_search_path_priority to true, but it \ 
will be removed in Salt 3008.

FIXED

Fix an issue with mac_shadow that was causing a command execution error when \ 
retrieving values that were not yet set. For example, retrieving last login \ 
before the user had logged in.

Fixed an issue when keys didn't match because of line endings

Corrected encoding of credentials for use with Artifactory

Use send_multipart instead of send when sending multipart message.

Fix an issue where the minion would crash on Windows if some of the grains \ 
failed to resolve

Fix issue with openscap when the error was outside the expected scope. It now \ 
returns failed with the error code and the error

Upgrade relenv to 0.15.0 to fix namespaced packages installed by salt-pip

Fix regression of fileclient re-use when rendering sls pillars and states

Fixes the s3fs backend computing the local cache's files with the wrong hash type

Fixed Salt-SSH pillar rendering and state rendering with nested SSH calls when \ 
called via saltutil.cmd or in an orchestration

Fix boto execution module loading

Removed PR 65185 changes since incomplete solution

catch only ret/ events not all returning events.

Fix nonsensical time in fileclient timeout error.

Fixes an issue when reading/modifying ini files that contain unicode characters

added https proxy to the list of proxies so that requests knows what to do with \ 
https based proxies

Ensure minion channels are closed on any master connection error.

Fixed issue where Salt can't find libcrypto when pip installed from a cloned repo

Fix RPM package systemd scriptlets to make RPM packages more universal

Fixed an issue where fileclient requests during Pillar rendering cause \ 
fileserver backends to be needlessly refreshed.

Fix exceptions being set on futures that are already done in ZeroMQ transport

Use hmac compare_digest method in hashutil module to mitigate potential timing \ 
attacks

Fix request channel default timeout regression. In 3006.5 it was changed from 60 \ 
to 30 and is now set back to 60 by default.

Upgrade relenv to 0.15.1 to fix debugpy support.

SECURITY

Bump to cryptography==42.0.0 due to https://github.com/advisories/GHSA-3ww4-gg4f-jr7f

In the process, we were also required to update to pyOpenSSL==24.0.0

Bump to cryptography==42.0.3 due to https://github.com/advisories/GHSA-3ww4-gg4f-jr7f

Log message:
salt: updated to 3006.6

SALT 3006.6 RELEASE NOTES

CHANGED

Salt no longer time bombs user installations on code using \ 
salt.utils.versions.warn_until_date

FIXED

Fix un-closed transport in tornado netapi

SECURITY

CVE-2024-22231 Prevent directory traversal when creating syndic cache directory \ 
on the master CVE-2024-22232 Prevent directory traversal attacks in the master's \ 
serve_file method. These vulerablities were discovered and reported by: Yudi \ 
Zhao(Huawei Nebula Security Lab),Chenwei Jiang(Huawei Nebula Security Lab)

Update some requirements which had some security issues:

Bump to pycryptodome==3.19.1 and pycryptodomex==3.19.1 due to \ 
https://github.com/advisories/GHSA-j225-cvw7-qrx7

Bump to gitpython==3.1.41 due to https://github.com/advisories/GHSA-2mqj-m65w-jghx

Bump to jinja2==3.1.3 due to https://github.com/advisories/GHSA-h5c8-rqwp-cp95

Log message:
salt salt-docs: updated to 3006.5

SALT 3006.5

REMOVED

Tech Debt - support for pysss removed due to functionality addition in Python 3.3

FIXED

Improved error message when state arguments are accidentally passed as a string

Allow pip.install to create a log file that is passed in if the parent directory \ 
is writeable

Fixed merging of complex pillar overrides with salt-ssh states

Fixed gpg pillar rendering with salt-ssh

Made salt-ssh states not re-render pillars unnecessarily

Made Salt maintain options in Debian package repo definitions

Migrated all invoke tasks to python-tools-scripts.

tasks/docs.py -> tools/precommit/docs.py

tasks/docstrings.py -> tools/precommit/docstrings.py

tasks/loader.py -> tools/precommit/loader.py

tasks/filemap.py -> tools/precommit/filemap.py

Fix salt user login shell path in Debian packages

Fill out lsb_distrib_xxxx (best estimate) grains if problems with retrieving \ 
lsb_release data

Fixed an issue in the file.directory state where the children_only keyword \ 
argument was not being respected.

Move salt.ufw to correct location /etc/ufw/applications.d/

Fixed salt-ssh stacktrace when retcode is not an integer

Fixed SSH shell seldomly fails to report any exit code

Fixed some issues in x509_v2 execution module private key functions

Fixed grp.getgrall() in utils/user.py causing performance issues

Fix user.list_groups omits remote groups via sssd, etc.

Ensure sync from _grains occurs before attempting pillar compilation in case \ 
custom grain used in pillar file

Moved gitfs locks to salt working dir to avoid lock wipes

Only attempt to create a keys directory when --gen-keys is passed to the salt-key CLI

Fix nonce verification, request server replies do not stomp on eachother.

speed up yumpkg list_pkgs by not requiring digest or signature verification on \ 
lookup.

Fix pkg.latest failing on windows for winrepo packages where the package is \ 
already up to date

Ensure kwarg is preserved when checking for kwargs. This change affects proxy \ 
minions when used with Deltaproxy, which had kwargs popped when targeting \ 
multiple minions id.

Fixes traceback when state id is an int in a reactor SLS file.

Install logrotate config as /etc/logrotate.d/salt-common for Debian packages \ 
Remove broken /etc/logrotate.d/salt directory from 3006.3 if it exists.

Use sha256 as the default hash_type. It has been the default since Salt v2016.9

Preserve ownership on log rotation

Ensure that the correct value of jid_inclue is passed if the argument is \ 
included in the passed keyword arguments.

Uprade relenv to 0.14.2

Update openssl to address CVE-2023-5363.

Fix bug in openssl setup when openssl binary can't be found.

Add M1 mac support.

Fix regex for filespec adding/deleting fcontext policy in selinux

Ensure CLI options take priority over Saltfile options

Test mode for state function saltmod.wheel no longer set's result to (None,)

Client only process events which tag conforms to an event return.

Fixes an issue setting user or machine policy on Windows when the Group Policy \ 
directory is missing

Fix regression in file module which was not re-using a file client.

pip.installed state will now properly fail when a specified user does not exists

Publish channel connect callback method properly closes it's request channel.

Ensured the pillar in SSH wrapper modules is the same as the one used in \ 
template rendering when overrides are passed

Fix file.comment ignore_missing not working with multiline char

Warn when an un-closed transport client is being garbage collected.

Only generate the HMAC's for libssl.so.1.1 and libcrypto.so.1.1 if those files exist.

Fixed an issue where Salt Cloud would fail if it could not delete lingering \ 
PAexec binaries

ADDED

Added Salt support for Debian 12

Added Salt support for Amazon Linux 2023

SECURITY

Bump to cryptography==41.0.4 due to https://github.com/advisories/GHSA-v8gr-m533-ghj9

Bump to cryptography==41.0.7 due to https://github.com/advisories/GHSA-jfhm-5ghh-2f97

Log message:
*: recursive bump for Python 3.11 as new default

Log message:
salt-docs: fix build with latest sphinx