Revisions of salt
Dominique Leuenberger (dimstar_suse)
accepted
request 984677
from
Pablo Suárez Hernández (PSuarezHernandez)
(revision 129)
- Fix PAM auth issue due missing check for PAM_ACCT_MGM return value (CVE-2022-22967) (bsc#1200566) - Added: * fix-for-cve-2022-22967-bsc-1200566.patch - Make sure SaltCacheLoader use correct fileclient (bsc#1199149) - Added: * make-sure-saltcacheloader-use-correct-fileclient-519.patch
Dominique Leuenberger (dimstar_suse)
accepted
request 969843
from
Pablo Suárez Hernández (PSuarezHernandez)
(revision 128)
- Prevent data pollution between actions proceesed at the same time (bsc#1197637) - Fix regression preventing bootstrapping new clients caused by redundant dependency on psutil (bsc#1197533) - Added: * fix-regression-with-depending-client.ssh-on-psutil-b.patch * prevent-affection-of-ssh.opts-with-lazyloader-bsc-11.patch - Fixes for Python 3.10 - Added: * fixes-for-python-3.10-502.patch * Sign authentication replies to prevent MiTM (CVE-2022-22935) * Sign pillar data to prevent MiTM attacks. (CVE-2022-22934) * Prevent job and fileserver replays (CVE-2022-22936) * Fixed targeting bug, especially visible when using syndic and user auth. (CVE-2022-22941)
Dominique Leuenberger (dimstar_suse)
accepted
request 966247
from
Pablo Suárez Hernández (PSuarezHernandez)
(revision 127)
- Fix salt-ssh opts poisoning (bsc#1197637) - Added: * fix-salt-ssh-opts-poisoning-bsc-1197637-3004-501.patch - Fix multiple security issues (bsc#1197417) - * Sign authentication replies to prevent MiTM (CVE-2022-22935) - * Sign pillar data to prevent MiTM attacks. (CVE-2022-22934) - * Prevent job and fileserver replays (CVE-2022-22936) - * Fixed targeting bug, especially visible when using syndic and user auth. (CVE-2022-22941) - Added: * fix-multiple-security-issues-bsc-1197417.patch
Dominique Leuenberger (dimstar_suse)
accepted
request 958078
from
Pablo Suárez Hernández (PSuarezHernandez)
(revision 126)
- Fix issues found around pre_flight_script_args - Added: * prevent-shell-injection-via-pre_flight_script_args-4.patch - Add salt-ssh with Salt Bundle support (venv-salt-minion) (bsc#1182851, bsc#1196432) - Added: * add-salt-ssh-support-with-venv-salt-minion-3004-493.patch - Restrict "state.orchestrate_single" to pass a pillar value if it exists (bsc#1194632) - Added: * state.orchestrate_single-does-not-pass-pillar-none-4.patch
Dominique Leuenberger (dimstar_suse)
accepted
request 952700
from
Pablo Suárez Hernández (PSuarezHernandez)
(revision 125)
- Update generated documentation to 3004 - Expose missing "ansible" module functions in Salt 3004 (bsc#1195625) - Added: * add-missing-ansible-module-functions-to-whitelist-in.patch - Fix salt-call event.send with pillar or grains - Added: * fix-salt-call-event.send-call-with-grains-and-pillar.patch
Dominique Leuenberger (dimstar_suse)
accepted
request 950374
from
Pablo Suárez Hernández (PSuarezHernandez)
(revision 124)
- Fix exception in batch_async caused by a bad function call - Added: * drop-serial-from-event.unpack-in-cli.batch_async.patch - Fix inspector module export function (bsc#1097531) - Wipe NOTIFY_SOCKET from env in cmdmod (bsc#1193357) - Added: * fix-inspector-module-export-function-bsc-1097531-481.patch * wipe-notify_socket-from-env-in-cmdmod-bsc-1193357-30.patch
Dominique Leuenberger (dimstar_suse)
accepted
request 949489
from
Alexander Graul (agraul)
(revision 123)
- Update to version 3004, see release notes: https://docs.saltproject.io/en/master/topics/releases/3004.html - Don't check for cached pillar errors on state.apply (bsc#1190781) - Added: * state.apply-don-t-check-for-cached-pillar-errors.patch - Modified: * add-migrated-state-and-gpg-key-management-functions-.patch * switch-firewalld-state-to-use-change_interface.patch * include-aliases-in-the-fqdns-grains.patch * debian-info_installed-compatibility-50453.patch * info_installed-works-without-status-attr-now.patch * fix-traceback.print_exc-calls-for-test_pip_state-432.patch * add-custom-suse-capabilities-as-grains.patch * add-rpm_vercmp-python-library-for-version-comparison.patch * 3003.3-do-not-consider-skipped-targets-as-failed-for.patch * support-transactional-systems-microos.patch * do-not-crash-when-unexpected-cmd-output-at-listing-p.patch * enable-passing-a-unix_socket-for-mysql-returners-bsc.patch * update-target-fix-for-salt-ssh-to-process-targets-li.patch * fix-exception-in-yumpkg.remove-for-not-installed-pac.patch * enhance-openscap-module-add-xccdf_eval-call-386.patch * add-environment-variable-to-know-if-yum-is-invoked-f.patch * zypperpkg-ignore-retcode-104-for-search-bsc-1176697-.patch * run-salt-master-as-dedicated-salt-user.patch * 3003.3-postgresql-json-support-in-pillar-423.patch * prevent-pkg-plugins-errors-on-missing-cookie-path-bs.patch * early-feature-support-config.patch * implementation-of-held-unheld-functions-for-state-pk.patch * x509-fixes-111.patch * fix-issues-with-salt-ssh-s-extra-filerefs.patch * mock-ip_addrs-in-utils-minions.py-unit-test-443.patch
Dominique Leuenberger (dimstar_suse)
accepted
request 931742
from
Pablo Suárez Hernández (PSuarezHernandez)
(revision 122)
- Simplify "transactional_update" module to not use SSH wrapper and allow more flexible execution - Add "--no-return-event" option to salt-call to prevent sending return event back to master. - Make "state.highstate" to acts on concurrent flag. - Fix print regression for yumnotify plugin - Added: * refactor-and-improvements-for-transactional-updates-.patch * fix-the-regression-for-yumnotify-plugin-456.patch - Use dnfnotify instead yumnotify for relevant distros - dnfnotify pkgset plugin implementation - Add rpm_vercmp python library support for version comparison - Prevent pkg plugins errors on missing cookie path (bsc#1186738) - Added: * add-rpm_vercmp-python-library-for-version-comparison.patch * mock-ip_addrs-in-utils-minions.py-unit-test-443.patch * dnfnotify-pkgset-plugin-implementation-3002.2-450.patch * fix-traceback.print_exc-calls-for-test_pip_state-432.patch * prevent-pkg-plugins-errors-on-missing-cookie-path-bs.patch - Fix ip6_interface grain to not leak secondary IPv4 aliases (bsc#1191412) - Make "salt-api" package to require python3-cherrypy on RHEL systems - Make "tar" as required for "salt-transactional-update" package - Added: * fix-ip6_interface-grain-to-not-leak-secondary-ipv4-a.patch
Dominique Leuenberger (dimstar_suse)
accepted
request 925143
from
Pablo Suárez Hernández (PSuarezHernandez)
(revision 121)
- Fix issues with salt-ssh's extra-filerefs - Added: * fix-issues-with-salt-ssh-s-extra-filerefs.patch - Fix crash when calling manage.not_alive runners - Added: * fix-crash-when-calling-manage.not_alive-runners.patch - Do not consider skipped targets as failed for ansible.playbooks state (bsc#1190446) - Added: * 3003.3-do-not-consider-skipped-targets-as-failed-for.patch
Dominique Leuenberger (dimstar_suse)
accepted
request 922525
from
Pablo Suárez Hernández (PSuarezHernandez)
(revision 120)
- Do not break master_tops for minion with version lower to 3003 - Added: * do-not-break-master_tops-for-minion-with-version-low.patch
Dominique Leuenberger (dimstar_suse)
accepted
request 921725
from
Pablo Suárez Hernández (PSuarezHernandez)
(revision 119)
- Support querying for JSON data in external sql pillar - Added: * 3003.3-postgresql-json-support-in-pillar-423.patch - Update to Salt release version 3003.3 - See release notes: https://docs.saltstack.com/en/latest/topics/releases/3003.3.html - Added: * allow-vendor-change-option-with-zypper.patch * support-transactional-systems-microos.patch * virt-enhancements.patch - Modified: * adds-explicit-type-cast-for-port.patch * use-adler32-algorithm-to-compute-string-checksums.patch * do-not-load-pip-state-if-there-is-no-3rd-party-depen.patch * fixes-56144-to-enable-hotadd-profile-support.patch * include-aliases-in-the-fqdns-grains.patch * implementation-of-held-unheld-functions-for-state-pk.patch * add-alibaba-cloud-linux-2-by-backporting-upstream-s-.patch * debian-info_installed-compatibility-50453.patch * fix-wrong-test_mod_del_repo_multiline_values-test-af.patch * update-target-fix-for-salt-ssh-to-process-targets-li.patch * x509-fixes-111.patch * prevent-logging-deadlock-on-salt-api-subprocesses-bs.patch * restore-default-behaviour-of-pkg-list-return.patch * adding-preliminary-support-for-rocky.-59682-391.patch * add-astra-linux-common-edition-to-the-os-family-list.patch * templates-move-the-globals-up-to-the-environment-jin.patch * fix-bsc-1065792.patch * add-migrated-state-and-gpg-key-management-functions-.patch * zypperpkg-ignore-retcode-104-for-search-bsc-1176697-.patch
Dominique Leuenberger (dimstar_suse)
accepted
request 919452
from
Pablo Suárez Hernández (PSuarezHernandez)
(revision 118)
- Exclude the full path of a download URL to prevent injection of malicious code (bsc#1190265) (CVE-2021-21996) - Added: * exclude-the-full-path-of-a-download-url-to-prevent-i.patch - Fix wrong relative paths resolution with Jinja renderer when importing subdirectories - Added: * templates-move-the-globals-up-to-the-environment-jin.patch - Don't pass shell="/sbin/nologin" to onlyif/unless checks (bsc#1188259) - Add missing aarch64 to rpm package architectures - Backport of upstream PR#59492 - Added: * backport-of-upstream-pr59492-to-3002.2-404.patch * don-t-use-shell-sbin-nologin-in-requisites.patch * add-missing-aarch64-to-rpm-package-architectures-405.patch - Fix failing unit test for systemd - Fix error handling in openscap module (bsc#1188647) - Better handling of bad public keys from minions (bsc#1189040) - Added: * better-handling-of-bad-public-keys-from-minions-bsc-.patch * fix-error-handling-in-openscap-module-bsc-1188647-40.patch * fix-failing-unit-tests-for-systemd.patch - Define license macro as doc in spec file if not existing - Add standalone formulas configuration for salt minion and remove salt-master requirement (bsc#1168327) - Do noop for services states when running systemd in offline mode (bsc#1187787) - transactional_updates: do not execute states in parallel but use a queue (bsc#1188170)
Dominique Leuenberger (dimstar_suse)
accepted
request 887060
from
Pablo Suárez Hernández (PSuarezHernandez)
(revision 117)
- Improvements on "ansiblegate" module: * New methods: ansible.targets / ansible.discover_playbooks * General bugfixes - Added: * improvements-on-ansiblegate-module-354.patch - Regression fix of salt-ssh on processing some targets - Added: * regression-fix-of-salt-ssh-on-processing-targets-353.patch - Add support for Alibaba Cloud Linux 2 (Aliyun Linux) - Added: * add-alibaba-cloud-linux-2-by-backporting-upstream-s-.patch - Update target fix for salt-ssh to process targets list (bsc#1179831) - Added: * update-target-fix-for-salt-ssh-to-process-targets-li.patch - Add notify beacon for Debian/Ubuntu systems - Add core grains support for AlmaLinux and Alibaba Could Linux - Added: * add-almalinux-and-alibaba-cloud-linux-to-the-os-fami.patch * notify-beacon-for-debian-ubuntu-systems-347.patch - Allow vendor change option with zypper - Added: * allow-vendor-change-option-with-zypper-313.patch
Dominique Leuenberger (dimstar_suse)
accepted
request 878135
from
Pablo Suárez Hernández (PSuarezHernandez)
(revision 116)
- virt.network_update: handle missing ipv4 netmask attribute - Added: * virt.network_update-handle-missing-ipv4-netmask-attr.patch - Set distro requirement to oldest supported version in requirements/base.txt - Added: * 3002-set-distro-requirement-to-oldest-supported-vers.patch - Do not monkey patch yaml loaders: Prevent breaking Ansible filter modules (bsc#1177474) - Don't require python3-certifi - Added: * do-not-monkey-patch-yaml-bsc-1177474.patch - Fix race conditions for corner cases when handling SIGTERM by minion (bsc#1172110) - Added: * prevent-race-condition-on-sigterm-for-the-minion-bsc.patch - Master can read grains (bsc#1179696)
Dominique Leuenberger (dimstar_suse)
accepted
request 876003
from
Alexander Graul (agraul)
(revision 115)
Fix for multiple Salt CVEs
Dominique Leuenberger (dimstar_suse)
accepted
request 871386
from
Pablo Suárez Hernández (PSuarezHernandez)
(revision 114)
- virt: search for grub.xen path - Xen spicevmc, DNS SRV records backports: Fix virtual network generated DNS XML for SRV records Don't add spicevmc channel to xen VMs - virt UEFI fix: virt.update when efi=True - Added: * virt-uefi-fix-backport-312.patch * 3002.2-xen-spicevmc-dns-srv-records-backports-314.patch * open-suse-3002.2-xen-grub-316.patch - Do not crash when unexpected cmd output at listing patches (bsc#1181290) - Added: * do-not-crash-when-unexpected-cmd-output-at-listing-p.patch - Fix behavior for "onlyif/unless" when multiple conditions (bsc#1180818) - Added: * fix-onlyif-unless-when-multiple-conditions-bsc-11808.patch
Dominique Leuenberger (dimstar_suse)
accepted
request 862930
from
Pablo Suárez Hernández (PSuarezHernandez)
(revision 113)
- Remove deprecated warning that breaks minion execution when "server_id_use_crc" opts is missing - Added: * remove-deprecated-warning-that-breaks-miniion-execut.patch - Revert wrong zypper patch to support vendorchanges flags on pkg.install - Added: * revert-add-patch-support-for-allow-vendor-change-opt.patch - Force zyppnotify to prefer Packages.db than Packages if it exists - Allow vendor change option with zypper - Add pkg.services_need_restart - Fix for file.check_perms to work with numeric uid/gid - Added: * force-zyppnotify-to-prefer-packages.db-than-packages.patch * fix-salt.utils.stringutils.to_str-calls-to-make-it-w.patch * add-patch-support-for-allow-vendor-change-option-wit.patch * add-pkg.services_need_restart-302.patch - virt: more network support Add more network and PCI/USB host devices passthrough support to virt module and states - Added: * open-suse-3002.2-virt-network-311.patch - Bigvm backports virt consoles, CPU tuning and topology, and memory tuning. - Added: * open-suse-3002.2-bigvm-310.patch - Fix pkg states when DEB package has "all" arch
Dominique Leuenberger (dimstar_suse)
accepted
request 850470
from
Pablo Suárez Hernández (PSuarezHernandez)
(revision 112)
- Fix syntax error on pkgrepo state with Python 2.7 - transactional_update: unify with chroot.call - Added: * pkgrepo-support-python-2.7-function-call-295.patch * transactional_update-unify-with-chroot.call.patch - Add "migrated" state and GPG key management functions - Added: * add-migrated-state-and-gpg-key-management-functions-.patch - Master can read grains - Added: * grains-master-can-read-grains.patch - Fix for broken psutil (bsc#1102248) - Added: * fix-for-bsc-1102248-psutil-is-broken-and-so-process-.patch
Dominique Leuenberger (dimstar_suse)
accepted
request 846425
from
Pablo Suárez Hernández (PSuarezHernandez)
(revision 111)
- Set passphrase for salt-ssh keys to empty string (bsc#1178485) - Added: * set-passphrase-for-salt-ssh-keys-to-empty-string-293.patch - Properly validate eauth credentials and tokens on SSH calls made by Salt API (bsc#1178319) (bsc#1178362) (bsc#1178361) (CVE-2020-25592) (CVE-2020-17490) (CVE-2020-16846) - Added: * fix-cve-2020-25592-and-add-tests-bsc-1178319.patch - Fix novendorchange handling in zypperpkg module - Added: * fix-novendorchange-option-284.patch - Fix disk.blkid to avoid unexpected keyword argument '__pub_user' (bsc#1177867) - Added: * path-replace-functools.wraps-with-six.wraps-bsc-1177.patch
Dominique Leuenberger (dimstar_suse)
accepted
request 841799
from
Pablo Suárez Hernández (PSuarezHernandez)
(revision 110)
- Ensure virt.update stop_on_reboot is updated with its default value - Added: * ensure-virt.update-stop_on_reboot-is-updated-with-it.patch - Do not break package building for systemd OSes - Drop wrong mock from chroot unit test - Added: * drop-wrong-mock-from-chroot-unit-test.patch - Support systemd versions with dot (bsc#1176294) - Fix for grains.test_core unit test - Fix file/directory user and group ownership containing UTF-8 characters (bsc#1176024) - Several changes to virtualization: - - Fix virt update when cpu and memory are changed - - Memory Tuning GSoC - - Properly fix memory setting regression in virt.update - - Expose libvirt on_reboot in virt states - Support transactional systems (MicroOS) - zypperpkg module ignores retcode 104 for search() (bsc#1159670) - Xen disk fixes. No longer generates volumes for Xen disks, but the corresponding file or block disk (bsc#1175987) - Added: * fix-grains.test_core-unit-test-277.patch * support-transactional-systems-microos-271.patch * backport-a-few-virt-prs-272.patch * xen-disk-fixes-264.patch * zypperpkg-ignore-retcode-104-for-search-bsc-1176697-.patch
Displaying revisions 21 - 40 of 149