Path to this page:
Subject: CVS commit: [pkgsrc-2015Q4] pkgsrc/sysutils/salt
From: S.P.Zeidler
Date: 2016-02-20 22:24:10
Message id: 20160220212410.8E9D5FBB7@cvs.NetBSD.org
Log Message:
Pullup ticket #4926 - requested by bsiegert
sysutils/salt: security fix
Revisions pulled up:
- sysutils/salt/Makefile 1.34-1.36
- sysutils/salt/PLIST 1.15
- sysutils/salt/distinfo 1.17-1.19
- sysutils/salt/patches/patch-salt_modules_cron.py 1.1
- sysutils/salt/patches/patch-salt_modules_status.py 1.1
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: khorben
Date: Thu Feb 4 22:05:36 UTC 2016
Modified Files:
pkgsrc/sysutils/salt: Makefile distinfo
Added Files:
pkgsrc/sysutils/salt/patches: patch-salt_modules_status.py
Log Message:
Avoid a crash in "status.diskusage" when not on Linux or FreeBSD
Bump PKGREVISION in the process.
To generate a diff of this commit:
cvs rdiff -u -r1.33 -r1.34 pkgsrc/sysutils/salt/Makefile
cvs rdiff -u -r1.16 -r1.17 pkgsrc/sysutils/salt/distinfo
cvs rdiff -u -r0 -r1.1 \
pkgsrc/sysutils/salt/patches/patch-salt_modules_status.py
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: sevan
Date: Sun Feb 7 23:55:01 UTC 2016
Modified Files:
pkgsrc/sysutils/salt: Makefile PLIST distinfo
Log Message:
Update to 2015.8.5, from PR#50779 addresses CVE-2016-1866
Salt 2015.8.5 is identical to the 2015.8.4 release with the addition of a f=
ix
for issue 30820, fixed by PR #30833.
SECURITY FIX
CVE-2016-1866: Improper handling of clear messages on the minion, which cou=
ld
result in executing commands not sent by the master.
This issue affects only the 2015.8.x releases of Salt. In order for an atta=
cker
to use this attack vector, they would have to execute a successful attack o=
n an
existing TCP connection between minion and master on the pub port. It does =
not
allow an external attacker to obtain the shared secret or decrypt any encry=
pted
traffic between minion and master.
We recommend everyone upgrade to 2015.8.4 as soon as possible.
CORE CHANGES
PR #28994: timcharper Salt S3 module has learned how to assume IAM roles
Added option mock=3DTrue for state.sls and state.highstate. This allows the=
salt
state compiler to process sls data in a state run without actually calling =
the
state functions, thus providing feedback on the validity of the arguments u=
sed
for the functions beyond the preprocessing validation provided by state.sho=
w_sls
(issue 30118 and issue 30189).
salt '*' state.sls core,edit.vim mock=3DTrue
salt '*' state.highstate mock=3DTrue
salt '*' state.apply edit.vim mock=3DTrue
CHANGES FOR V2015.8.3..V2015.8.4
Extended changelog courtesy of Todd Stansell
(https://github.com/tjstansell/salt-changelogs):
Generated at: 2016-01-25T17:48:35Z
Total Merges: 320
Changes:
PR #30613: (basepi) Fix minion/syndic clearfuncs
PR #30609: (seanjnkns) Fix documentation for pillar_merge_lists which defau=
lt is
False, not =E2=80=A6
PR #30584: (julianbrost) file.line state: add missing colon in docstring
PR #30589: (terminalmage) Merge 2015.5 into 2015.8
PR #30599: (multani) Documentation formatting fixes
PR #30554: (rallytime) Make the salt-cloud actions output more verbose and
helpful
PR #30549: (techhat) Salt Virt cleanup
PR #30553: (techhat) AWS: Support 17-character IDs
PR #30532: (whiteinge) Add execution module for working in sls files
PR #30529: (terminalmage) Merge 2015.5 into 2015.8
PR #30526: (twangboy) Added FlushKey to make sure it's changes are saved to=
disk
PR #30521: (basepi) [2015.8] Merge forward from 2015.5 to 2015.8
PR #30485: (jtand) Updated pip_state to work with pip 8.0 on 2015.8
PR #30494: (isbm) Zypper: info_installed =E2=80=94 'errors' flag change to =
type
'boolean'
PR #30506: (jacksontj) Properly remove newlines after reading the file
PR #30508: (rallytime) Fix Linode driver cloning functionality
PR #30522: (terminalmage) Update git.list_worktree tests to reflect new ret=
urn
data
PR #30483: (borgstrom) Pyobjects recursive import support (for 2015.8)
PR #30491: (jacksontj) Add multi-IP support to network state
PR #30496: (anlutro) Fix KeyError when adding ignored pillars
PR #30359: (kingsquirrel152) Removes suspected copy/paste error for
zmq_filtering functionailty
PR #30448: (cournape) Fix osx scripts location
PR #30457: (rallytime) Remove fsutils references from modules list
PR #30453: (rallytime) Make sure private AND public IPs are listed for Lino=
de
driver
PR #30458: (rallytime) Back-port #30062 to 2015.8
PR #30468: (timcharper) make note of s3 role assumption in upcoming changel=
og
PR #30470: (whiteinge) Add example of the match_dict format to accept_dict =
wheel
function
PR #30450: (gtmanfred) fix extension loading in novaclient
PR #30212: (abednarik) Fix incorrect file permissions in file.line
PR #29947: (jfindlay) fileclient: decode file list from master
PR #30363: (terminalmage) Use native "list" subcommand to list git \
worktree=
s
PR #30445: (jtand) Boto uses False for is_default instead of None
PR #30406: (frioux) Add an example of how to use file.managed/check_cmd
PR #30424: (isbm) Check if byte strings are properly encoded in UTF-8
PR #30405: (jtand) Updated glusterfs.py for python2.6 compatibility.
PR #30396: (pass-by-value) Remove hardcoded val
PR #30391: (jtand) Added else statements
PR #30375: (rallytime) Wrap formatted log statements with six.u() in
cloud/__init__.py
PR #30384: (isbm) Bugfix: info_available does not work correctly on SLE 11
series
PR #30376: (pritambaral) Fix FLO_DIR path in 2015.8
PR #30389: (jtand) Older versions of ipset don't support comments
PR #30373: (basepi) [2015.8] Merge forward from 2015.5 to 2015.8
PR #30372: (jacobhammons) Updated man pages for 2015.8.4, updated copyright=
to
2016
PR #30370: (rallytime) Remove incomplete function
PR #30366: (rallytime) Back-port #28702 to 2015.8
PR #30361: (cro) Flip the sense of the test for proxymodule imports, add mo=
re
fns for esxi proxy
PR #30267: (isbm) Fix RPM issues with the date/time and add package attribu=
tes
filtering
PR #30360: (jfindlay) file.remove, file.absent: mention recursive dir remov=
al
PR #30221: (mbarrien) No rolcatupdate for user_exist in Postgres>=3D9.5 `#2=
6845`_
PR #30358: (terminalmage) Add libgit2 version to versions-report
PR #30346: (pass-by-value) Prevent orphaned volumes
PR #30349: (rallytime) Back-port #30347 to 2015.8
PR #30354: (anlutro) Make sure all ignore_missing SLSes are caught
PR #30356: (nmadhok) Adding code author
PR #30340: (jtand) Updated seed_test.py for changes made to seed module
PR #30339: (jfindlay) Backport #26511
PR #30343: (rallytime) Fix 2015.8 from incomplete back-port
PR #30342: (eliasp) Correct whitespace placement in error message
PR #30308: (rallytime) Back-port #30257 to 2015.8
PR #30187: (rallytime) Back-port #27606 to 2015.8
PR #30223: (serge-p) adding support for DragonFly BSD
PR #30238: (rallytime) Reinit crypto before calling RSA.generate when gener=
ating
keys.
PR #30246: (dmacvicar) Add missing return data to scheduled jobs (`#24237`_=
)
PR #30292: (thegoodduke) ipset: fix test=3Dtrue & add comment for every ent=
ry
PR #30275: (abednarik) Add permanent argument in firewalld.
PR #30328: (cachedout) Fix file test
PR #30310: (pass-by-value) Empty bucket fix
PR #30211: (techhat) Execute choot on the correct path
PR #30309: (rallytime) Back-port #30304 to 2015.8
PR #30278: (nmadhok) If datacenter is specified in the config, then look fo=
r
managed objects under it
PR #30305: (jacobhammons) Changed examples to use the "example.com" \
domain
instead of "mycompan=E2=80=A6
PR #30249: (mpreziuso) Fixes performance and timeout issues on win_pkg.inst=
all
PR #30217: (pass-by-value) Make sure cloud actions can be called via salt r=
un
PR #30268: (terminalmage) Optimize file_tree ext_pillar and update file.man=
aged
to allow for binary contents
PR #30245: (rallytime) Boto secgroup/iam_role: Add note stating us-east-1 i=
s
default region
PR #30299: (rallytime) ESXi Proxy minions states are located at
salt.states.esxi, not vsphere.
PR #30202: (opdude) Fixed the periodic call to beacons
PR #30303: (jacobhammons) Changed notes to indicate that functions are matc=
hed
using regular ex=E2=80=A6
PR #30284: (terminalmage) salt.utils.gitfs: Fix Dulwich env detection and
submodule handling
PR #30280: (jfindlay) add state mocking to release notes
PR #30273: (rallytime) Back-port #30121 to 2015.8
PR #30301: (cachedout) Accept whatever comes into hightstate mock for state
tests
PR #30282: (cachedout) Fix file.append logic
PR #30289: (cro) Fix problems with targeting proxies by grains
PR #30293: (cro) Ensure we don't log stuff we shouldn't
PR #30279: (cachedout) Allow modules to be packed into boto utils
PR #30186: (rallytime) Update CLI Examples in boto_ec2 module to reflect co=
rrect
arg/kwarg positioning
PR #30156: (abednarik) Add option in file.append to ignore_whitespace.
PR #30189: (rallytime) Back-port #30185 to 2015.8
PR #30215: (jacobhammons) Assorted doc bug fixes
PR #30206: (cachedout) Revert "Fix incorrect file permissions in \
file.line"
PR #30190: (jacobhammons) Updated doc site banners
PR #30180: (jfindlay) modules.x509._dec2hex: add fmt index for 2.6 compat
PR #30179: (terminalmage) Backport #26962 to 2015.8 branch
PR #29693: (abednarik) Handle missing source file in ssh_auth.
PR #30155: (rallytime) Update boto_secgroup and boto_iam_role docs to only =
use
region OR profile
PR #30158: (rallytime) Move _option(value) calls to __salt__['config.option=
'] in
boto utils
PR #30160: (dmurphy18) Fix parsing disk usage for line with no number and A=
IX
values in Kilos
PR #30162: (rallytime) Update list_present and append grains state function=
docs
to be more clear.
PR #30163: (rallytime) Add warning about using "=3D" in file.line \
function
PR #30164: (basepi) [2015.8] Merge forward from 2015.5 to 2015.8
PR #30168: (abednarik) Fix incorrect file permissions in file.line
PR #30154: (Oro) Fix file serialize on windows
PR #30144: (rallytime) Added generic ESXCLI command ability to ESXi Proxy M=
inion
PR #30142: (terminalmage) Fix dockerng.push, and allow for multiple images
PR #30075: (joejulian) Convert glusterfs module to use xml
PR #30129: (optix2000) Clean up _uptodate() in git state
PR #30139: (rallytime) Back-port #29589 to 2015.8
PR #30124: (abednarik) Update regex to detect ip alias in OpenBSD.
PR #30133: (stanislavb) Fix typo in gpgkey URL
PR #30126: (stanislavb) Log S3 API error message
PR #30128: (oeuftete) Log retryable transport errors as warnings
PR #30096: (cachedout) Add rm_special to crontab module
PR #30106: (techhat) Ensure last dir
PR #30101: (gtmanfred) fix bug where nova driver exits with no adminPass
PR #30090: (techhat) Add argument to isdir()
PR #30094: (rallytime) Fix doc formatting for cloud.create example in modul=
e.py
state
PR #30095: (rallytime) Add the list_nodes_select function to linode driver
PR #30082: (abednarik) Fixed saltversioninfo grain return
PR #30084: (rallytime) Back-port #29987 to 2015.8
PR #30071: (rallytime) Merge branch '2015.5' into '2015.8'
PR #30067: (ryan-lane) Pass in kwargs to boto_secgroup.convert_to_group_ids
explicitly
PR #30069: (techhat) Ensure that pki_dir exists
PR #30064: (rallytime) Add Syndic documentation to miscellaneous Salt Cloud
config options
PR #30049: (rallytime) Add some more unit tests for the vsphere execution m=
odule
PR #30060: (rallytime) Back-port #27104 to 2015.8
PR #30048: (jacobhammons) Remove internal APIs from rest_cherrypy docs.
PR #30043: (rallytime) Be explicit about importing from salt.utils.jinja to
avoid circular imports
PR #30038: (rallytime) Back-port #30017 to 2015.8
PR #30036: (rallytime) Back-port #29995 to 2015.8
PR #30035: (rallytime) Back-port #29895 to 2015.8
PR #30034: (rallytime) Back-port #29893 to 2015.8
PR #30033: (rallytime) Back-port #29876 to 2015.8
PR #30029: (terminalmage) git.latest: Fix handling of nonexistent branches
PR #30016: (anlutro) Properly normalize locales in locale.gen_locale
PR #30015: (anlutro) locale module: don't escape the slash in \n
PR #30022: (gqgunhed) Two minor typos fixed
PR #30026: (anlutro) states.at: fix wrong variable being used
PR #29966: (multani) Fix bigip state/module documentation + serializers
documentation
PR #29904: (twangboy) Improvements to osx packaging scripts
PR #29950: (multani) boto_iam: fix deletion of IAM users when using
delete_keys=3Dtrue
PR #29937: (multani) Fix states.boto_iam group users
PR #29934: (multani) Fix state.boto_iam virtual name
PR #29943: (cachedout) Check args correctly in boto_rds
PR #29924: (gqgunhed) fixed: uptime now working on non-US Windows
PR #29883: (serge-p) fix for nfs mounts in _active_mounts_openbsd()
PR #29894: (techhat) Support Saltfile in SPM
PR #29856: (rallytime) Added some initial unit tests for the
salt.modules.vsphere.py file
PR #29855: (rallytime) Back-port #29740 to 2015.8
PR #29890: (multani) Various documentation fixes
PR #29850: (basepi) [2015.8] Merge forward from 2015.5 to 2015.8
PR #29811: (anlutro) influxdb: add retention policy module functions
PR #29814: (basepi) [2015.8][Windows] Fix multi-master on windows
PR #29819: (rallytime) Add esxi module and state to docs build
PR #29832: (jleimbach) Fixed typo in order to use the keyboard module for R=
HEL
without systemd
PR #29803: (rallytime) Add vSphere module to doc ref module tree
PR #29767: (abednarik) Hosts file update in mod_hostname.
PR #29772: (terminalmage) pygit2: skip submodules when traversing tree
PR #29765: (gtmanfred) allow nova driver to be boot from volume
PR #29773: (l2ol33rt) Append missing wget in debian installation guide
PR #29800: (rallytime) Back-port #29769 to 2015.8
PR #29775: (paulnivin) Change listen requisite resolution from name to ID
declaration
PR #29754: (rallytime) Back-port #29719 to 2015.8
PR #29713: (The-Loeki) Pillar-based cloud providers still forcing use of
deprecated 'provider'
PR #29729: (rallytime) Further clarifications on "unless" and \
"onlyif"
requisites.
PR #29737: (akissa) fix pillar sqlite3 documentation examples
PR #29743: (akissa) fix pillar sqlite not honouring config options
PR #29723: (rallytime) Clarify db_user and db_password kwargs for
postgres_user.present state function
PR #29722: (rallytime) Link "stateful" kwargs to definition of what \
"statef=
ul"
means for cmd state.
PR #29724: (rallytime) Add examples of using multiple matching levels to Pi=
llar
docs
PR #29726: (cachedout) Disable some boto tests per resolution of moto issue
PR #29708: (lagesag) Fix test=3DTrue for file.directory with recurse
ignore_files/ignore_dirs.
PR #29642: (cachedout) Correctly restart deamonized minions on failure
PR #29599: (cachedout) Clean up minion shutdown
PR #29675: (clinta) allow returning all refs
PR #29683: (rallytime) Catch more specific error to pass the error message
through elegantly.
PR #29687: (basepi) [2015.8] Merge forward from 2015.5 to 2015.8
PR #29681: (clinta) fix bare/mirror in git.latest
PR #29644: (rallytime) Fixed a couple more ESXi proxy minion bugs
PR #29645: (rallytime) Back-port #29558 to 2015.8
PR #29632: (jfindlay) reduce severity of tls module __virtual__ logging
PR #29606: (abednarik) Fixed duplicate mtu entry in RedHat 7 network
configuration.
PR #29613: (rallytime) Various ESXi Proxy Minion Bug Fixes
PR #29628: (DmitryKuzmenko) Don't create io_loop before fork
PR #29609: (basepi) [2015.8][salt-ssh] Add ability to set salt-ssh command =
umask
in roster
PR #29603: (basepi) Fix orchestration failure-checking
PR #29597: (terminalmage) dockerng: Prevent exception when API response con=
tains
empty dictionary
PR #29596: (rallytime) Back-port #29587 to 2015.8
PR #29588: (rallytime) Added ESXi Proxy Minion Tutorial
PR #29572: (gtmanfred) [nova] use old discover_extensions if available
PR #29545: (terminalmage) git.latest: init submodules if not yet initialize=
d
PR #29548: (rallytime) Back-port #29449 to 2015.8
PR #29547: (rallytime) Refactored ESXCLI-based functions to accept a list o=
f
esxi_hosts
PR #29563: (anlutro) Fix a call to deprecated method in python-influxdb
PR #29565: (bdrung) Fix typos and missing release note
PR #29540: (basepi) [2015.8] Merge forward from 2015.5 to 2015.8
PR #29499: (rallytime) Initial commit of ESXi Proxy Minion
PR #29526: (jfindlay) 2015.8.2 notes: add note about not being released
PR #29531: (jfindlay) grains.core: handle undefined variable
PR #29538: (basepi) [2015.8] [salt-ssh] Remove umask around actual executio=
n for
salt-ssh
PR #29505: (rallytime) Update boto_rds state docs to include funky yaml syn=
tax
for "tags" option.
PR #29513: (bdrung) Drop obsolete syslog.target from systemd services
PR #29500: (rallytime) Back-port #29467 to 2015.8
PR #29463: (abednarik) Add **kwargs to debconf.set.
PR #29399: (jfindlay) modules.status: add human_readable option to uptime
PR #29433: (cro) Files for building .pkg files for MacOS X
PR #29455: (jfindlay) modules.nova.__init__: do not return None
PR #29454: (jfindlay) rh_service module __virtual__ return error messages
PR #29476: (tbaker57) Doc fix - route_table_present needs subnet_names (not
subnets) as a key
PR #29487: (rallytime) Back-port #29450 to 2015.8
PR #29441: (rallytime) Make sure docs line up with blade_idrac function spe=
cs
PR #29440: (rallytime) Back-port #28925 to 2015.8
PR #29435: (galet) Grains return wrong OS version and other OS related valu=
es
for Oracle Linux
PR #29430: (rall0r) Fix host.present state limitation
PR #29417: (jacobhammons) Repo install updates
PR #29402: (techhat) Add rate limiting to linode
PR #29400: (twangboy) Fix #19332
PR #29398: (cachedout) Lint 29288
PR #29331: (DmitryKuzmenko) Bugfix - #29116 raet dns error
PR #29390: (jacobhammons) updated version numbers in documentation
PR #29381: (nmadhok) No need to deepcopy since six.iterkeys() creates a cop=
y
PR #29349: (cro) Fix mis-setting chassis names
PR #29334: (rallytime) Back-port #29237 to 2015.8
PR #29300: (ticosax) [dockerng] Add support for volume management in docker=
ng
PR #29218: (clan) check service enable state in test mode
PR #29315: (jfindlay) dev tutorial doc: fix markup errors
PR #29317: (basepi) [2015.8] Merge forward from 2015.5 to 2015.8
PR #29240: (clan) handle acl_type [[d]efault:][user|group|mask|other]
PR #29305: (lorengordon) Add 'file' as a source_hash proto
PR #29272: (jfindlay) win_status module: handle 12 hour time in uptime
PR #29289: (terminalmage) file.managed: Allow local file sources to use
source_hash
PR #29264: (anlutro) Prevent ssh_auth.absent from running when test=3DTrue
PR #29277: (terminalmage) Update git_pillar runner to support new git ext_p=
illar
config schema
PR #29283: (cachedout) Single-quotes and use format
PR #29139: (thomaso-mirodin) [salt-ssh] Add a range roster and range target=
ing
options for the flat roster
PR #29282: (cachedout) dev docs: add development tutorial
PR #28994: (timcharper) add support to s3 for aws role assumption
PR #29278: (techhat) Add verify_log to SPM
PR #29067: (jacksontj) Fix infinite recursion in state compiler for prereq =
of
SLSs
PR #29207: (jfindlay) do not shadow ret function argument
PR #29215: (rallytime) Back-port #29192 to 2015.8
PR #29217: (clan) show duration only if state_output_profile is False
PR #29221: (ticosax) [dokcerng] Docu network mode
PR #29269: (jfindlay) win_status module: fix function names in docs
PR #29213: (rallytime) Move _wait_for_task func from vmware cloud to vmware
utils
PR #29271: (techhat) Pass full path for digest (SPM)
PR #29244: (isbm) List products consistently across all SLES systems
PR #29255: (garethgreenaway) fixes to consul module
PR #29208: (whytewolf) Glance more profile errors
PR #29200: (jfindlay) mount state: unmount by device is optional
PR #29205: (trevor-h) Fixes #29187 - using winrm on EC2
PR #29170: (cachedout) Migrate pydsl tests to integration test suite
PR #29198: (jfindlay) rh_ip module: only set the mtu once
PR #29135: (jfindlay) ssh_known_hosts.present state: catch not found exc
PR #29196: (s0undt3ch) We need novaclient imported to compare versions
PR #29059: (terminalmage) Work around upstream pygit2 bug
PR #29112: (eliasp) Prevent backtrace (KeyError) in ssh_known_hosts.present
state
To generate a diff of this commit:
cvs rdiff -u -r1.34 -r1.35 pkgsrc/sysutils/salt/Makefile
cvs rdiff -u -r1.14 -r1.15 pkgsrc/sysutils/salt/PLIST
cvs rdiff -u -r1.17 -r1.18 pkgsrc/sysutils/salt/distinfo
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: wiz
Date: Tue Feb 9 14:23:04 UTC 2016
Modified Files:
pkgsrc/sysutils/salt: Makefile distinfo
Added Files:
pkgsrc/sysutils/salt/patches: patch-salt_modules_cron.py
Log Message:
Add upstream patch fixing problem with cron on Solaris.
>From Travis Paul in PR 50567.
Bump PKGREVISION.
To generate a diff of this commit:
cvs rdiff -u -r1.35 -r1.36 pkgsrc/sysutils/salt/Makefile
cvs rdiff -u -r1.18 -r1.19 pkgsrc/sysutils/salt/distinfo
cvs rdiff -u -r0 -r1.1 \
pkgsrc/sysutils/salt/patches/patch-salt_modules_cron.py
Files: