File prevent-shell-injection-via-pre_flight_script_args-4.patch of Package salt
From 1b4e382856e1d5d8ef95890aec5a8e5e07254708 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pablo=20Su=C3=A1rez=20Hern=C3=A1ndez?=
<psuarezhernandez@suse.com>
Date: Mon, 28 Feb 2022 14:25:43 +0000
Subject: [PATCH] Prevent shell injection via pre_flight_script_args
(#497)
Add tests around preflight script args
Readjust logic to validate script args
Use RLock to prevent issues in single threads
---
salt/_logging/impl.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/salt/_logging/impl.py b/salt/_logging/impl.py
index e050f43caf..2d1a276cb8 100644
--- a/salt/_logging/impl.py
+++ b/salt/_logging/impl.py
@@ -107,7 +107,7 @@ DFLT_LOG_FMT_LOGFILE = "%(asctime)s,%(msecs)03d [%(name)-17s:%(lineno)-4d][%(lev
# LOG_LOCK is used to prevent deadlocks on using logging
# in combination with multiprocessing with salt-api
-LOG_LOCK = threading.Lock()
+LOG_LOCK = threading.RLock()
class SaltLogRecord(logging.LogRecord):
--
2.39.2