Revisions of salt
Fabian Vogt (favogt_factory)
accepted
request 1008560
from
Pablo Suárez Hernández (PSuarezHernandez)
(revision 131)
- Make pass renderer configurable and fix detected issues - Workaround fopen line buffering for binary mode (bsc#1203834) - Handle non-UTF-8 bytes in core grains generation (bsc#1202165) - Fix Syndic authentication errors (bsc#1199562) - Added: * make-pass-renderer-configurable-other-fixes-532.patch * ignore-non-utf8-characters-while-reading-files-with-.patch * fopen-workaround-bad-buffering-for-binary-mode-563.patch * backport-syndic-auth-fixes.patch - Add Amazon EC2 detection for virtual grains (bsc#1195624) - Fix the regression in schedule module releasded in 3004 (bsc#1202631) - Fix state.apply in test mode with file state module on user/group checking (bsc#1202167) - Change the delimeters to prevent possible tracebacks on some packages with dpkg_lowpkg - Make zypperpkg to retry if RPM lock is temporarily unavailable (bsc#1200596) - Added: * fix-the-regression-in-schedule-module-releasded-in-3.patch * retry-if-rpm-lock-is-temporarily-unavailable-547.patch * change-the-delimeters-to-prevent-possible-tracebacks.patch * add-amazon-ec2-detection-for-virtual-grains-bsc-1195.patch * fix-state.apply-in-test-mode-with-file-state-module-.patch - Fix test_ipc unit test - Added: * fix-test_ipc-unit-tests.patch
Dominique Leuenberger (dimstar_suse)
accepted
request 988366
from
Pablo Suárez Hernández (PSuarezHernandez)
(revision 130)
- Add support for gpgautoimport in zypperpkg module - Update Salt to work with Jinja >= and <= 3.1.0 (bsc#1198744) - Fix salt.states.file.managed() for follow_symlinks=True and test=True (bsc#1199372) - Make Salt 3004 compatible with pyzmq >= 23.0.0 (bsc#1201082) - Added: * fix-jinja2-contextfuntion-base-on-version-bsc-119874.patch * add-support-for-gpgautoimport-539.patch * fix-62092-catch-zmq.error.zmqerror-to-set-hwm-for-zm.patch * fix-salt.states.file.managed-for-follow_symlinks-tru.patch - Add support for name, pkgs and diff_attr parameters to upgrade function for zypper and yum (bsc#1198489) - Added: * add-support-for-name-pkgs-and-diff_attr-parameters-t.patch - Fix ownership of salt thin directory when using the Salt Bundle - Set default target for pip from VENV_PIP_TARGET environment variable - Normalize package names once with pkg.installed/removed using yum (bsc#1195895) - Save log to logfile with docker.build - Use Salt Bundle in dockermod - Ignore erros on reading license files with dpkg_lowpkg (bsc#1197288) - Added: * normalize-package-names-once-with-pkg.installed-remo.patch * use-salt-bundle-in-dockermod.patch * fix-ownership-of-salt-thin-directory-when-using-the-.patch * ignore-erros-on-reading-license-files-with-dpkg_lowp.patch * set-default-target-for-pip-from-venv_pip_target-envi.patch * save-log-to-logfile-with-docker.build.patch
Dominique Leuenberger (dimstar_suse)
accepted
request 984677
from
Pablo Suárez Hernández (PSuarezHernandez)
(revision 129)
- Fix PAM auth issue due missing check for PAM_ACCT_MGM return value (CVE-2022-22967) (bsc#1200566) - Added: * fix-for-cve-2022-22967-bsc-1200566.patch - Make sure SaltCacheLoader use correct fileclient (bsc#1199149) - Added: * make-sure-saltcacheloader-use-correct-fileclient-519.patch
Dominique Leuenberger (dimstar_suse)
accepted
request 969843
from
Pablo Suárez Hernández (PSuarezHernandez)
(revision 128)
- Prevent data pollution between actions proceesed at the same time (bsc#1197637) - Fix regression preventing bootstrapping new clients caused by redundant dependency on psutil (bsc#1197533) - Added: * fix-regression-with-depending-client.ssh-on-psutil-b.patch * prevent-affection-of-ssh.opts-with-lazyloader-bsc-11.patch - Fixes for Python 3.10 - Added: * fixes-for-python-3.10-502.patch * Sign authentication replies to prevent MiTM (CVE-2022-22935) * Sign pillar data to prevent MiTM attacks. (CVE-2022-22934) * Prevent job and fileserver replays (CVE-2022-22936) * Fixed targeting bug, especially visible when using syndic and user auth. (CVE-2022-22941)
Dominique Leuenberger (dimstar_suse)
accepted
request 966247
from
Pablo Suárez Hernández (PSuarezHernandez)
(revision 127)
- Fix salt-ssh opts poisoning (bsc#1197637) - Added: * fix-salt-ssh-opts-poisoning-bsc-1197637-3004-501.patch - Fix multiple security issues (bsc#1197417) - * Sign authentication replies to prevent MiTM (CVE-2022-22935) - * Sign pillar data to prevent MiTM attacks. (CVE-2022-22934) - * Prevent job and fileserver replays (CVE-2022-22936) - * Fixed targeting bug, especially visible when using syndic and user auth. (CVE-2022-22941) - Added: * fix-multiple-security-issues-bsc-1197417.patch
Dominique Leuenberger (dimstar_suse)
accepted
request 958078
from
Pablo Suárez Hernández (PSuarezHernandez)
(revision 126)
- Fix issues found around pre_flight_script_args - Added: * prevent-shell-injection-via-pre_flight_script_args-4.patch - Add salt-ssh with Salt Bundle support (venv-salt-minion) (bsc#1182851, bsc#1196432) - Added: * add-salt-ssh-support-with-venv-salt-minion-3004-493.patch - Restrict "state.orchestrate_single" to pass a pillar value if it exists (bsc#1194632) - Added: * state.orchestrate_single-does-not-pass-pillar-none-4.patch
Dominique Leuenberger (dimstar_suse)
accepted
request 952700
from
Pablo Suárez Hernández (PSuarezHernandez)
(revision 125)
- Update generated documentation to 3004 - Expose missing "ansible" module functions in Salt 3004 (bsc#1195625) - Added: * add-missing-ansible-module-functions-to-whitelist-in.patch - Fix salt-call event.send with pillar or grains - Added: * fix-salt-call-event.send-call-with-grains-and-pillar.patch
Dominique Leuenberger (dimstar_suse)
accepted
request 950374
from
Pablo Suárez Hernández (PSuarezHernandez)
(revision 124)
- Fix exception in batch_async caused by a bad function call - Added: * drop-serial-from-event.unpack-in-cli.batch_async.patch - Fix inspector module export function (bsc#1097531) - Wipe NOTIFY_SOCKET from env in cmdmod (bsc#1193357) - Added: * fix-inspector-module-export-function-bsc-1097531-481.patch * wipe-notify_socket-from-env-in-cmdmod-bsc-1193357-30.patch
Dominique Leuenberger (dimstar_suse)
accepted
request 949489
from
Alexander Graul (agraul)
(revision 123)
- Update to version 3004, see release notes: https://docs.saltproject.io/en/master/topics/releases/3004.html - Don't check for cached pillar errors on state.apply (bsc#1190781) - Added: * state.apply-don-t-check-for-cached-pillar-errors.patch - Modified: * add-migrated-state-and-gpg-key-management-functions-.patch * switch-firewalld-state-to-use-change_interface.patch * include-aliases-in-the-fqdns-grains.patch * debian-info_installed-compatibility-50453.patch * info_installed-works-without-status-attr-now.patch * fix-traceback.print_exc-calls-for-test_pip_state-432.patch * add-custom-suse-capabilities-as-grains.patch * add-rpm_vercmp-python-library-for-version-comparison.patch * 3003.3-do-not-consider-skipped-targets-as-failed-for.patch * support-transactional-systems-microos.patch * do-not-crash-when-unexpected-cmd-output-at-listing-p.patch * enable-passing-a-unix_socket-for-mysql-returners-bsc.patch * update-target-fix-for-salt-ssh-to-process-targets-li.patch * fix-exception-in-yumpkg.remove-for-not-installed-pac.patch * enhance-openscap-module-add-xccdf_eval-call-386.patch * add-environment-variable-to-know-if-yum-is-invoked-f.patch * zypperpkg-ignore-retcode-104-for-search-bsc-1176697-.patch * run-salt-master-as-dedicated-salt-user.patch * 3003.3-postgresql-json-support-in-pillar-423.patch * prevent-pkg-plugins-errors-on-missing-cookie-path-bs.patch * early-feature-support-config.patch * implementation-of-held-unheld-functions-for-state-pk.patch * x509-fixes-111.patch * fix-issues-with-salt-ssh-s-extra-filerefs.patch * mock-ip_addrs-in-utils-minions.py-unit-test-443.patch
Dominique Leuenberger (dimstar_suse)
accepted
request 931742
from
Pablo Suárez Hernández (PSuarezHernandez)
(revision 122)
- Simplify "transactional_update" module to not use SSH wrapper and allow more flexible execution - Add "--no-return-event" option to salt-call to prevent sending return event back to master. - Make "state.highstate" to acts on concurrent flag. - Fix print regression for yumnotify plugin - Added: * refactor-and-improvements-for-transactional-updates-.patch * fix-the-regression-for-yumnotify-plugin-456.patch - Use dnfnotify instead yumnotify for relevant distros - dnfnotify pkgset plugin implementation - Add rpm_vercmp python library support for version comparison - Prevent pkg plugins errors on missing cookie path (bsc#1186738) - Added: * add-rpm_vercmp-python-library-for-version-comparison.patch * mock-ip_addrs-in-utils-minions.py-unit-test-443.patch * dnfnotify-pkgset-plugin-implementation-3002.2-450.patch * fix-traceback.print_exc-calls-for-test_pip_state-432.patch * prevent-pkg-plugins-errors-on-missing-cookie-path-bs.patch - Fix ip6_interface grain to not leak secondary IPv4 aliases (bsc#1191412) - Make "salt-api" package to require python3-cherrypy on RHEL systems - Make "tar" as required for "salt-transactional-update" package - Added: * fix-ip6_interface-grain-to-not-leak-secondary-ipv4-a.patch
Dominique Leuenberger (dimstar_suse)
accepted
request 925143
from
Pablo Suárez Hernández (PSuarezHernandez)
(revision 121)
- Fix issues with salt-ssh's extra-filerefs - Added: * fix-issues-with-salt-ssh-s-extra-filerefs.patch - Fix crash when calling manage.not_alive runners - Added: * fix-crash-when-calling-manage.not_alive-runners.patch - Do not consider skipped targets as failed for ansible.playbooks state (bsc#1190446) - Added: * 3003.3-do-not-consider-skipped-targets-as-failed-for.patch
Dominique Leuenberger (dimstar_suse)
accepted
request 922525
from
Pablo Suárez Hernández (PSuarezHernandez)
(revision 120)
- Do not break master_tops for minion with version lower to 3003 - Added: * do-not-break-master_tops-for-minion-with-version-low.patch
Dominique Leuenberger (dimstar_suse)
accepted
request 921725
from
Pablo Suárez Hernández (PSuarezHernandez)
(revision 119)
- Support querying for JSON data in external sql pillar - Added: * 3003.3-postgresql-json-support-in-pillar-423.patch - Update to Salt release version 3003.3 - See release notes: https://docs.saltstack.com/en/latest/topics/releases/3003.3.html - Added: * allow-vendor-change-option-with-zypper.patch * support-transactional-systems-microos.patch * virt-enhancements.patch - Modified: * adds-explicit-type-cast-for-port.patch * use-adler32-algorithm-to-compute-string-checksums.patch * do-not-load-pip-state-if-there-is-no-3rd-party-depen.patch * fixes-56144-to-enable-hotadd-profile-support.patch * include-aliases-in-the-fqdns-grains.patch * implementation-of-held-unheld-functions-for-state-pk.patch * add-alibaba-cloud-linux-2-by-backporting-upstream-s-.patch * debian-info_installed-compatibility-50453.patch * fix-wrong-test_mod_del_repo_multiline_values-test-af.patch * update-target-fix-for-salt-ssh-to-process-targets-li.patch * x509-fixes-111.patch * prevent-logging-deadlock-on-salt-api-subprocesses-bs.patch * restore-default-behaviour-of-pkg-list-return.patch * adding-preliminary-support-for-rocky.-59682-391.patch * add-astra-linux-common-edition-to-the-os-family-list.patch * templates-move-the-globals-up-to-the-environment-jin.patch * fix-bsc-1065792.patch * add-migrated-state-and-gpg-key-management-functions-.patch * zypperpkg-ignore-retcode-104-for-search-bsc-1176697-.patch
Dominique Leuenberger (dimstar_suse)
accepted
request 919452
from
Pablo Suárez Hernández (PSuarezHernandez)
(revision 118)
- Exclude the full path of a download URL to prevent injection of malicious code (bsc#1190265) (CVE-2021-21996) - Added: * exclude-the-full-path-of-a-download-url-to-prevent-i.patch - Fix wrong relative paths resolution with Jinja renderer when importing subdirectories - Added: * templates-move-the-globals-up-to-the-environment-jin.patch - Don't pass shell="/sbin/nologin" to onlyif/unless checks (bsc#1188259) - Add missing aarch64 to rpm package architectures - Backport of upstream PR#59492 - Added: * backport-of-upstream-pr59492-to-3002.2-404.patch * don-t-use-shell-sbin-nologin-in-requisites.patch * add-missing-aarch64-to-rpm-package-architectures-405.patch - Fix failing unit test for systemd - Fix error handling in openscap module (bsc#1188647) - Better handling of bad public keys from minions (bsc#1189040) - Added: * better-handling-of-bad-public-keys-from-minions-bsc-.patch * fix-error-handling-in-openscap-module-bsc-1188647-40.patch * fix-failing-unit-tests-for-systemd.patch - Define license macro as doc in spec file if not existing - Add standalone formulas configuration for salt minion and remove salt-master requirement (bsc#1168327) - Do noop for services states when running systemd in offline mode (bsc#1187787) - transactional_updates: do not execute states in parallel but use a queue (bsc#1188170)
Dominique Leuenberger (dimstar_suse)
accepted
request 887060
from
Pablo Suárez Hernández (PSuarezHernandez)
(revision 117)
- Improvements on "ansiblegate" module: * New methods: ansible.targets / ansible.discover_playbooks * General bugfixes - Added: * improvements-on-ansiblegate-module-354.patch - Regression fix of salt-ssh on processing some targets - Added: * regression-fix-of-salt-ssh-on-processing-targets-353.patch - Add support for Alibaba Cloud Linux 2 (Aliyun Linux) - Added: * add-alibaba-cloud-linux-2-by-backporting-upstream-s-.patch - Update target fix for salt-ssh to process targets list (bsc#1179831) - Added: * update-target-fix-for-salt-ssh-to-process-targets-li.patch - Add notify beacon for Debian/Ubuntu systems - Add core grains support for AlmaLinux and Alibaba Could Linux - Added: * add-almalinux-and-alibaba-cloud-linux-to-the-os-fami.patch * notify-beacon-for-debian-ubuntu-systems-347.patch - Allow vendor change option with zypper - Added: * allow-vendor-change-option-with-zypper-313.patch
Dominique Leuenberger (dimstar_suse)
accepted
request 878135
from
Pablo Suárez Hernández (PSuarezHernandez)
(revision 116)
- virt.network_update: handle missing ipv4 netmask attribute - Added: * virt.network_update-handle-missing-ipv4-netmask-attr.patch - Set distro requirement to oldest supported version in requirements/base.txt - Added: * 3002-set-distro-requirement-to-oldest-supported-vers.patch - Do not monkey patch yaml loaders: Prevent breaking Ansible filter modules (bsc#1177474) - Don't require python3-certifi - Added: * do-not-monkey-patch-yaml-bsc-1177474.patch - Fix race conditions for corner cases when handling SIGTERM by minion (bsc#1172110) - Added: * prevent-race-condition-on-sigterm-for-the-minion-bsc.patch - Master can read grains (bsc#1179696)
Dominique Leuenberger (dimstar_suse)
accepted
request 876003
from
Alexander Graul (agraul)
(revision 115)
Fix for multiple Salt CVEs
Dominique Leuenberger (dimstar_suse)
accepted
request 871386
from
Pablo Suárez Hernández (PSuarezHernandez)
(revision 114)
- virt: search for grub.xen path - Xen spicevmc, DNS SRV records backports: Fix virtual network generated DNS XML for SRV records Don't add spicevmc channel to xen VMs - virt UEFI fix: virt.update when efi=True - Added: * virt-uefi-fix-backport-312.patch * 3002.2-xen-spicevmc-dns-srv-records-backports-314.patch * open-suse-3002.2-xen-grub-316.patch - Do not crash when unexpected cmd output at listing patches (bsc#1181290) - Added: * do-not-crash-when-unexpected-cmd-output-at-listing-p.patch - Fix behavior for "onlyif/unless" when multiple conditions (bsc#1180818) - Added: * fix-onlyif-unless-when-multiple-conditions-bsc-11808.patch
Dominique Leuenberger (dimstar_suse)
accepted
request 862930
from
Pablo Suárez Hernández (PSuarezHernandez)
(revision 113)
- Remove deprecated warning that breaks minion execution when "server_id_use_crc" opts is missing - Added: * remove-deprecated-warning-that-breaks-miniion-execut.patch - Revert wrong zypper patch to support vendorchanges flags on pkg.install - Added: * revert-add-patch-support-for-allow-vendor-change-opt.patch - Force zyppnotify to prefer Packages.db than Packages if it exists - Allow vendor change option with zypper - Add pkg.services_need_restart - Fix for file.check_perms to work with numeric uid/gid - Added: * force-zyppnotify-to-prefer-packages.db-than-packages.patch * fix-salt.utils.stringutils.to_str-calls-to-make-it-w.patch * add-patch-support-for-allow-vendor-change-option-wit.patch * add-pkg.services_need_restart-302.patch - virt: more network support Add more network and PCI/USB host devices passthrough support to virt module and states - Added: * open-suse-3002.2-virt-network-311.patch - Bigvm backports virt consoles, CPU tuning and topology, and memory tuning. - Added: * open-suse-3002.2-bigvm-310.patch - Fix pkg states when DEB package has "all" arch
Dominique Leuenberger (dimstar_suse)
accepted
request 850470
from
Pablo Suárez Hernández (PSuarezHernandez)
(revision 112)
- Fix syntax error on pkgrepo state with Python 2.7 - transactional_update: unify with chroot.call - Added: * pkgrepo-support-python-2.7-function-call-295.patch * transactional_update-unify-with-chroot.call.patch - Add "migrated" state and GPG key management functions - Added: * add-migrated-state-and-gpg-key-management-functions-.patch - Master can read grains - Added: * grains-master-can-read-grains.patch - Fix for broken psutil (bsc#1102248) - Added: * fix-for-bsc-1102248-psutil-is-broken-and-so-process-.patch
Displaying revisions 21 - 40 of 151