File _patchinfo of Package patchinfo.19537

Overview Repositories Revisions Requests Users Attributes Meta

File _patchinfo of Package patchinfo.19537

<patchinfo incident="19537">
  <issue tracker="bnc" id="1171257">Minion did not return. [No response] on salt under Python 3.8</issue>
  <issue tracker="bnc" id="1176293">According to pip/setuptools, salt depends on msgpack!=0.5.5,&lt;1.0.0,&gt;=0.5, but I can install python3-salt in Tumbleweed, which has python3-msgpack 1.0.0</issue>
  <issue tracker="bnc" id="1185092">Required Salt "ansiblegate" improvements for SUSE Manager 4.2 are missing on SLE15SP3:GA</issue>
  <issue tracker="bnc" id="1179831">Scheduled SSH-Push Tasks throws Exception and cause Salt-API to fail</issue>
  <issue tracker="bnc" id="1181368">L3: Ubuntu salt-minion freezes running salt-call state.apply</issue>
  <issue tracker="bnc" id="1182293">nothing provides python3-distro needed by python3-salt-3002.2-8.25.1.x86_64</issue>
  <issue tracker="bnc" id="1182281">SSH-Push/Salt-SSH "Adding minions for job xyz: [None]" cause unhandled Exception and salt-api to crash</issue>
  <issue tracker="bnc" id="1185281">VUL-0: CVE-2021-31607: salt: Command injection in the snapper module</issue>
  <issue tracker="bnc" id="1186674">Package installation fails on Ubuntu 20.04 SSH minion because dpkgnotify is not found</issue>
  <issue tracker="cve" id="2020-11651"/>
  <issue tracker="cve" id="2021-31607"/>
  <issue tracker="cve" id="2020-11652"/>
  <issue tracker="cve" id="2018-15751"/>
  <issue tracker="cve" id="2018-15750"/>
  <issue tracker="cve" id="2020-25592"/>
  <issue tracker="jsc" id="ECO-3212"/>
  <issue tracker="jsc" id="SLE-18028"/>
  <issue tracker="jsc" id="SLE-18033"/>
  <issue tracker="bnc" id="1182382">VUL-0: CVE-2021-25315: salt: salt-api unauthenticated remote code exec</issue>
  <issue tracker="cve" id="2021-25315"/>
  <packager>PSuarezHernandez</packager>
  <rating>critical</rating>
  <category>security</category>
  <summary>Security update for salt</summary>
  <description>This update for salt fixes the following issues:

Update to Salt release version 3002.2 (jsc#ECO-3212, jsc#SLE-18033, jsc#SLE-18028)

- Check if dpkgnotify is executable (bsc#1186674)
- Drop support for Python2. Obsoletes `python2-salt` package (jsc#SLE-18028)
- virt module updates
  * network: handle missing ipv4 netmask attribute
  * more network support
  * PCI/USB host devices passthrough support
- Set distro requirement to oldest supported version in requirements/base.txt
- Bring missing part of async batch implementation back (CVE-2021-25315, bsc#1182382)
- Always require `python3-distro` (bsc#1182293)
- Remove deprecated warning that breaks minion execution when "server_id_use_crc" opts is missing
- Fix pkg states when DEB package has "all" arch
- Do not force beacons configuration to be a list.
- Remove msgpack &lt; 1.0.0 from base requirements (bsc#1176293)
- msgpack support for version &gt;= 1.0.0 (bsc#1171257)
- Fix issue parsing errors in ansiblegate state module
- Prevent command injection in the snapper module (bsc#1185281, CVE-2021-31607)
- transactional_update: detect recursion in the executor
- Add subpackage salt-transactional-update (jsc#SLE-18033)
- Improvements on "ansiblegate" module (bsc#1185092):
  * New methods: ansible.targets / ansible.discover_playbooks
- Add support for Alibaba Cloud Linux 2 (Aliyun Linux)
- Regression fix of salt-ssh on processing targets
- Update target fix for salt-ssh and avoiding race condition on salt-ssh event processing (bsc#1179831, bsc#1182281)
- Add notify beacon for Debian/Ubuntu systems
- Fix zmq bug that causes salt-call to freeze (bsc#1181368)
</description>
<zypp_restart_needed/> 
</patchinfo>

Places

File _patchinfo of Package patchinfo.19537

Places