./sysutils/salt, Remote execution and configuration management system

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]

Branch: CURRENT, Version: 3006.7, Package name: salt-3006.7, Maintainer: pkgsrc-users

Salt is a distributed remote execution system used to execute commands
and query data. It was developed in order to bring the best solutions
found in the world of remote execution together and make them better,
faster and more malleable. Salt accomplishes this via its ability to
handle larger loads of information, and not just dozens, but hundreds,
or even thousands of individual servers. It handles them quickly and
through a simple yet manageable interface.

Required to run:
[textproc/py-yaml] [textproc/py-jinja2] [lang/python27] [devel/py-msgpack] [net/py-zmq] [www/py-tornado] [textproc/py-markupsafe] [devel/py-requests] [sysutils/py-psutil] [devel/py-futures] [security/py-cryptodome]

Required to build:

Master sites:

Filesize: 20080.726 KB

Version history: (Expand)

CVS history: (Expand)

   2024-03-06 20:11:53 by Adam Ciarcinski | Files touched by this commit (3) | Package updated
Log message:
salt salt-docs: updated to 3006.7



Deprecate and stop using salt.features


Change module search path priority, so Salt extensions can be overridden by \ 
syncable modules and module_dirs. You can switch back to the old logic by \ 
setting features.enable_deprecated_module_search_path_priority to true, but it \ 
will be removed in Salt 3008.


Fix an issue with mac_shadow that was causing a command execution error when \ 
retrieving values that were not yet set. For example, retrieving last login \ 
before the user had logged in.

Fixed an issue when keys didn't match because of line endings

Corrected encoding of credentials for use with Artifactory

Use send_multipart instead of send when sending multipart message.

Fix an issue where the minion would crash on Windows if some of the grains \ 
failed to resolve

Fix issue with openscap when the error was outside the expected scope. It now \ 
returns failed with the error code and the error

Upgrade relenv to 0.15.0 to fix namespaced packages installed by salt-pip

Fix regression of fileclient re-use when rendering sls pillars and states

Fixes the s3fs backend computing the local cache's files with the wrong hash type

Fixed Salt-SSH pillar rendering and state rendering with nested SSH calls when \ 
called via saltutil.cmd or in an orchestration

Fix boto execution module loading

Removed PR 65185 changes since incomplete solution

catch only ret/ events not all returning events.

Fix nonsensical time in fileclient timeout error.

Fixes an issue when reading/modifying ini files that contain unicode characters

added https proxy to the list of proxies so that requests knows what to do with \ 
https based proxies

Ensure minion channels are closed on any master connection error.

Fixed issue where Salt can't find libcrypto when pip installed from a cloned repo

Fix RPM package systemd scriptlets to make RPM packages more universal

Fixed an issue where fileclient requests during Pillar rendering cause \ 
fileserver backends to be needlessly refreshed.

Fix exceptions being set on futures that are already done in ZeroMQ transport

Use hmac compare_digest method in hashutil module to mitigate potential timing \ 

Fix request channel default timeout regression. In 3006.5 it was changed from 60 \ 
to 30 and is now set back to 60 by default.

Upgrade relenv to 0.15.1 to fix debugpy support.


Bump to cryptography==42.0.0 due to https://github.com/advisories/GHSA-3ww4-gg4f-jr7f

In the process, we were also required to update to pyOpenSSL==24.0.0

Bump to cryptography==42.0.3 due to https://github.com/advisories/GHSA-3ww4-gg4f-jr7f
   2024-02-02 21:17:24 by Adam Ciarcinski | Files touched by this commit (3) | Package updated
Log message:
salt: updated to 3006.6



Salt no longer time bombs user installations on code using \ 


Fix un-closed transport in tornado netapi


CVE-2024-22231 Prevent directory traversal when creating syndic cache directory \ 
on the master CVE-2024-22232 Prevent directory traversal attacks in the master's \ 
serve_file method. These vulerablities were discovered and reported by: Yudi \ 
Zhao(Huawei Nebula Security Lab),Chenwei Jiang(Huawei Nebula Security Lab)

Update some requirements which had some security issues:

Bump to pycryptodome==3.19.1 and pycryptodomex==3.19.1 due to \ 

Bump to gitpython==3.1.41 due to https://github.com/advisories/GHSA-2mqj-m65w-jghx

Bump to jinja2==3.1.3 due to https://github.com/advisories/GHSA-h5c8-rqwp-cp95
   2024-01-22 17:35:25 by Adam Ciarcinski | Files touched by this commit (8) | Package updated
Log message:
salt salt-docs: updated to 3006.5

SALT 3006.5


Tech Debt - support for pysss removed due to functionality addition in Python 3.3


Improved error message when state arguments are accidentally passed as a string

Allow pip.install to create a log file that is passed in if the parent directory \ 
is writeable

Fixed merging of complex pillar overrides with salt-ssh states

Fixed gpg pillar rendering with salt-ssh

Made salt-ssh states not re-render pillars unnecessarily

Made Salt maintain options in Debian package repo definitions

Migrated all invoke tasks to python-tools-scripts.

tasks/docs.py -> tools/precommit/docs.py

tasks/docstrings.py -> tools/precommit/docstrings.py

tasks/loader.py -> tools/precommit/loader.py

tasks/filemap.py -> tools/precommit/filemap.py

Fix salt user login shell path in Debian packages

Fill out lsb_distrib_xxxx (best estimate) grains if problems with retrieving \ 
lsb_release data

Fixed an issue in the file.directory state where the children_only keyword \ 
argument was not being respected.

Move salt.ufw to correct location /etc/ufw/applications.d/

Fixed salt-ssh stacktrace when retcode is not an integer

Fixed SSH shell seldomly fails to report any exit code

Fixed some issues in x509_v2 execution module private key functions

Fixed grp.getgrall() in utils/user.py causing performance issues

Fix user.list_groups omits remote groups via sssd, etc.

Ensure sync from _grains occurs before attempting pillar compilation in case \ 
custom grain used in pillar file

Moved gitfs locks to salt working dir to avoid lock wipes

Only attempt to create a keys directory when --gen-keys is passed to the salt-key CLI

Fix nonce verification, request server replies do not stomp on eachother.

speed up yumpkg list_pkgs by not requiring digest or signature verification on \ 

Fix pkg.latest failing on windows for winrepo packages where the package is \ 
already up to date

Ensure kwarg is preserved when checking for kwargs. This change affects proxy \ 
minions when used with Deltaproxy, which had kwargs popped when targeting \ 
multiple minions id.

Fixes traceback when state id is an int in a reactor SLS file.

Install logrotate config as /etc/logrotate.d/salt-common for Debian packages \ 
Remove broken /etc/logrotate.d/salt directory from 3006.3 if it exists.

Use sha256 as the default hash_type. It has been the default since Salt v2016.9

Preserve ownership on log rotation

Ensure that the correct value of jid_inclue is passed if the argument is \ 
included in the passed keyword arguments.

Uprade relenv to 0.14.2

Update openssl to address CVE-2023-5363.

Fix bug in openssl setup when openssl binary can't be found.

Add M1 mac support.

Fix regex for filespec adding/deleting fcontext policy in selinux

Ensure CLI options take priority over Saltfile options

Test mode for state function saltmod.wheel no longer set's result to (None,)

Client only process events which tag conforms to an event return.

Fixes an issue setting user or machine policy on Windows when the Group Policy \ 
directory is missing

Fix regression in file module which was not re-using a file client.

pip.installed state will now properly fail when a specified user does not exists

Publish channel connect callback method properly closes it's request channel.

Ensured the pillar in SSH wrapper modules is the same as the one used in \ 
template rendering when overrides are passed

Fix file.comment ignore_missing not working with multiline char

Warn when an un-closed transport client is being garbage collected.

Only generate the HMAC's for libssl.so.1.1 and libcrypto.so.1.1 if those files exist.

Fixed an issue where Salt Cloud would fail if it could not delete lingering \ 
PAexec binaries


Added Salt support for Debian 12

Added Salt support for Amazon Linux 2023


Bump to cryptography==41.0.4 due to https://github.com/advisories/GHSA-v8gr-m533-ghj9

Bump to cryptography==41.0.7 due to https://github.com/advisories/GHSA-jfhm-5ghh-2f97
   2023-08-14 07:25:36 by Thomas Klausner | Files touched by this commit (1247)
Log message:
*: recursive bump for Python 3.11 as new default
   2023-05-07 15:09:52 by Thomas Klausner | Files touched by this commit (2)
Log message:
salt-docs: fix build with latest sphinx
   2022-10-31 18:32:46 by Adam Ciarcinski | Files touched by this commit (8) | Package updated
Log message:
salt salt-docs: updated to 3005.1


Fix arch parsing issue in apt source files

Fixed parsing CDROM apt sources

Use str() method instead of repo_line for when python3-apt is installed or not \ 
in aptpkg.py.

Remove the connection_timeout from netmiko_connection_args before \ 
netmiko_connection_args is added to \ 
__context__["netmiko_device"]["args"] which is passed along \ 
to the Netmiko library.

fixes #62553 by checking for disabled master_type before starting master \ 
connection and skipping it if set.

Fix runas with cmd module when using the onedir bundled packages

Fix the Pyinstaller hooks to preserve the environment if None is passed.

pkgrepo.managed sets wrong permissions on keys installed to /etc/apt/keyring

pkgrepo.managed creates zero byte gpg files when dearmoring contents to the same \ 

Ensure default values for IPC Buffers are correct type

Fix a hang on salt-ssh when using sudo.

Renderers now have access to the correct set of salt functions.

Fix including Jinja template from absolute path

include jmespath in package requirements

Fix pkgrepo.managed signed-by in test=true mode

Ensure the status of the service is captured when the beacon function is called, \ 
even when the event is not being emitted.

The sub proxies controlled by Deltaproxy need to have their own req_channel \ 
otherwise there are timeout exceptions when the __master_req_channel_payload is \ 
fired and reacted on.
   2022-09-30 12:02:12 by Stephen Borrill | Files touched by this commit (1) | Package updated
Log message:
salt: update HOMEPAGE
   2022-06-30 13:19:02 by Nia Alarie | Files touched by this commit (524)
Log message:
*: Revbump packages that use Python at runtime without a PKGNAME prefix