Subject: CVS commit: pkgsrc/sysutils/salt
From: Adam Ciarcinski
Date: 2024-02-02 21:17:24
Message id: 20240202201724.DA554FA42@cvs.NetBSD.org
Log Message:
salt: updated to 3006.6

SALT 3006.6 RELEASE NOTES

CHANGED

Salt no longer time bombs user installations on code using \ 
salt.utils.versions.warn_until_date

FIXED

Fix un-closed transport in tornado netapi

SECURITY

CVE-2024-22231 Prevent directory traversal when creating syndic cache directory \ 
on the master CVE-2024-22232 Prevent directory traversal attacks in the master's \ 
serve_file method. These vulerablities were discovered and reported by: Yudi \ 
Zhao(Huawei Nebula Security Lab),Chenwei Jiang(Huawei Nebula Security Lab)

Update some requirements which had some security issues:

Bump to pycryptodome==3.19.1 and pycryptodomex==3.19.1 due to \ 
https://github.com/advisories/GHSA-j225-cvw7-qrx7

Bump to gitpython==3.1.41 due to https://github.com/advisories/GHSA-2mqj-m65w-jghx

Bump to jinja2==3.1.3 due to https://github.com/advisories/GHSA-h5c8-rqwp-cp95
Files:
RevisionActionfile
1.84modifypkgsrc/sysutils/salt/Makefile
1.3modifypkgsrc/sysutils/salt/Makefile.common
1.49modifypkgsrc/sysutils/salt/distinfo