Skip to content

Commit

Permalink
Release v3006.6
Browse files Browse the repository at this point in the history
  • Loading branch information
saltbot-open committed Jan 26, 2024
1 parent 4b17045 commit b1fa82b
Show file tree
Hide file tree
Showing 23 changed files with 194 additions and 66 deletions.
26 changes: 26 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,32 @@ Versions are `MAJOR.PATCH`.

# Changelog

## 3006.6 (2024-01-26)


### Changed

- Salt no longer time bombs user installations on code using `salt.utils.versions.warn_until_date` [#665924](https://github.com/saltstack/salt/issues/665924)


### Fixed

- Fix un-closed transport in tornado netapi [#65759](https://github.com/saltstack/salt/issues/65759)


### Security

- CVE-2024-22231 Prevent directory traversal when creating syndic cache directory on the master
CVE-2024-22232 Prevent directory traversal attacks in the master's serve_file method.
These vulerablities were discovered and reported by:
Yudi Zhao(Huawei Nebula Security Lab),Chenwei Jiang(Huawei Nebula Security Lab) [#565](https://github.com/saltstack/salt/issues/565)
- Update some requirements which had some security issues:

* Bump to `pycryptodome==3.19.1` and `pycryptodomex==3.19.1` due to https://github.com/advisories/GHSA-j225-cvw7-qrx7
* Bump to `gitpython==3.1.41` due to https://github.com/advisories/GHSA-2mqj-m65w-jghx
* Bump to `jinja2==3.1.3` due to https://github.com/advisories/GHSA-h5c8-rqwp-cp95 [#65830](https://github.com/saltstack/salt/issues/65830)


## 3006.5 (2023-12-12)


Expand Down
4 changes: 0 additions & 4 deletions changelog/565.security.md

This file was deleted.

1 change: 0 additions & 1 deletion changelog/65759.fixed.md

This file was deleted.

5 changes: 0 additions & 5 deletions changelog/65830.security.md

This file was deleted.

1 change: 0 additions & 1 deletion changelog/665924.changed.md

This file was deleted.

4 changes: 2 additions & 2 deletions doc/man/salt-api.1
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
..
.TH "SALT-API" "1" "Generated on December 12, 2023 at 05:54:17 PM UTC." "3006.5" "Salt"
.TH "SALT-API" "1" "Generated on January 26, 2024 at 11:57:28 AM UTC." "3006.6" "Salt"
.SH NAME
salt-api \- salt-api Command
.sp
Expand Down Expand Up @@ -109,6 +109,6 @@ Logfile logging log level. One of \fBall\fP, \fBgarbage\fP, \fBtrace\fP,
.SH AUTHOR
Thomas S. Hatch <[email protected]> and many others, please see the Authors file
.SH COPYRIGHT
2023
2024
.\" Generated by docutils manpage writer.
.
4 changes: 2 additions & 2 deletions doc/man/salt-call.1
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
..
.TH "SALT-CALL" "1" "Generated on December 12, 2023 at 05:54:17 PM UTC." "3006.5" "Salt"
.TH "SALT-CALL" "1" "Generated on January 26, 2024 at 11:57:28 AM UTC." "3006.6" "Salt"
.SH NAME
salt-call \- salt-call Documentation
.SH SYNOPSIS
Expand Down Expand Up @@ -262,6 +262,6 @@ output. Set to True or False. Default: none.
.SH AUTHOR
Thomas S. Hatch <[email protected]> and many others, please see the Authors file
.SH COPYRIGHT
2023
2024
.\" Generated by docutils manpage writer.
.
4 changes: 2 additions & 2 deletions doc/man/salt-cloud.1
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
..
.TH "SALT-CLOUD" "1" "Generated on December 12, 2023 at 05:54:17 PM UTC." "3006.5" "Salt"
.TH "SALT-CLOUD" "1" "Generated on January 26, 2024 at 11:57:28 AM UTC." "3006.6" "Salt"
.SH NAME
salt-cloud \- Salt Cloud Command
.sp
Expand Down Expand Up @@ -380,6 +380,6 @@ salt\-cloud \-m /path/to/cloud.map \-Q
.SH AUTHOR
Thomas S. Hatch <[email protected]> and many others, please see the Authors file
.SH COPYRIGHT
2023
2024
.\" Generated by docutils manpage writer.
.
4 changes: 2 additions & 2 deletions doc/man/salt-cp.1
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
..
.TH "SALT-CP" "1" "Generated on December 12, 2023 at 05:54:17 PM UTC." "3006.5" "Salt"
.TH "SALT-CP" "1" "Generated on January 26, 2024 at 11:57:28 AM UTC." "3006.6" "Salt"
.SH NAME
salt-cp \- salt-cp Documentation
.sp
Expand Down Expand Up @@ -207,6 +207,6 @@ New in version 2016.3.7,2016.11.6,2017.7.0.
.SH AUTHOR
Thomas S. Hatch <[email protected]> and many others, please see the Authors file
.SH COPYRIGHT
2023
2024
.\" Generated by docutils manpage writer.
.
4 changes: 2 additions & 2 deletions doc/man/salt-key.1
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
..
.TH "SALT-KEY" "1" "Generated on December 12, 2023 at 05:54:17 PM UTC." "3006.5" "Salt"
.TH "SALT-KEY" "1" "Generated on January 26, 2024 at 11:57:28 AM UTC." "3006.6" "Salt"
.SH NAME
salt-key \- salt-key Documentation
.SH SYNOPSIS
Expand Down Expand Up @@ -332,6 +332,6 @@ Auto\-create a signing key\-pair if it does not yet exist
.SH AUTHOR
Thomas S. Hatch <[email protected]> and many others, please see the Authors file
.SH COPYRIGHT
2023
2024
.\" Generated by docutils manpage writer.
.
4 changes: 2 additions & 2 deletions doc/man/salt-master.1
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
..
.TH "SALT-MASTER" "1" "Generated on December 12, 2023 at 05:54:17 PM UTC." "3006.5" "Salt"
.TH "SALT-MASTER" "1" "Generated on January 26, 2024 at 11:57:28 AM UTC." "3006.6" "Salt"
.SH NAME
salt-master \- salt-master Documentation
.sp
Expand Down Expand Up @@ -114,6 +114,6 @@ Logfile logging log level. One of \fBall\fP, \fBgarbage\fP, \fBtrace\fP,
.SH AUTHOR
Thomas S. Hatch <[email protected]> and many others, please see the Authors file
.SH COPYRIGHT
2023
2024
.\" Generated by docutils manpage writer.
.
4 changes: 2 additions & 2 deletions doc/man/salt-minion.1
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
..
.TH "SALT-MINION" "1" "Generated on December 12, 2023 at 05:54:17 PM UTC." "3006.5" "Salt"
.TH "SALT-MINION" "1" "Generated on January 26, 2024 at 11:57:28 AM UTC." "3006.6" "Salt"
.SH NAME
salt-minion \- salt-minion Documentation
.sp
Expand Down Expand Up @@ -115,6 +115,6 @@ Logfile logging log level. One of \fBall\fP, \fBgarbage\fP, \fBtrace\fP,
.SH AUTHOR
Thomas S. Hatch <[email protected]> and many others, please see the Authors file
.SH COPYRIGHT
2023
2024
.\" Generated by docutils manpage writer.
.
4 changes: 2 additions & 2 deletions doc/man/salt-proxy.1
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
..
.TH "SALT-PROXY" "1" "Generated on December 12, 2023 at 05:54:17 PM UTC." "3006.5" "Salt"
.TH "SALT-PROXY" "1" "Generated on January 26, 2024 at 11:57:28 AM UTC." "3006.6" "Salt"
.SH NAME
salt-proxy \- salt-proxy Documentation
.sp
Expand Down Expand Up @@ -123,6 +123,6 @@ Logfile logging log level. One of \fBall\fP, \fBgarbage\fP, \fBtrace\fP,
.SH AUTHOR
Thomas S. Hatch <[email protected]> and many others, please see the Authors file
.SH COPYRIGHT
2023
2024
.\" Generated by docutils manpage writer.
.
4 changes: 2 additions & 2 deletions doc/man/salt-run.1
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
..
.TH "SALT-RUN" "1" "Generated on December 12, 2023 at 05:54:17 PM UTC." "3006.5" "Salt"
.TH "SALT-RUN" "1" "Generated on January 26, 2024 at 11:57:28 AM UTC." "3006.6" "Salt"
.SH NAME
salt-run \- salt-run Documentation
.sp
Expand Down Expand Up @@ -120,6 +120,6 @@ Logfile logging log level. One of \fBall\fP, \fBgarbage\fP, \fBtrace\fP,
.SH AUTHOR
Thomas S. Hatch <[email protected]> and many others, please see the Authors file
.SH COPYRIGHT
2023
2024
.\" Generated by docutils manpage writer.
.
4 changes: 2 additions & 2 deletions doc/man/salt-ssh.1
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
..
.TH "SALT-SSH" "1" "Generated on December 12, 2023 at 05:54:17 PM UTC." "3006.5" "Salt"
.TH "SALT-SSH" "1" "Generated on January 26, 2024 at 11:57:28 AM UTC." "3006.6" "Salt"
.SH NAME
salt-ssh \- salt-ssh Documentation
.SH SYNOPSIS
Expand Down Expand Up @@ -365,6 +365,6 @@ to a JSON parser, use \fB\-\-static\fP as well.
.SH AUTHOR
Thomas S. Hatch <[email protected]> and many others, please see the Authors file
.SH COPYRIGHT
2023
2024
.\" Generated by docutils manpage writer.
.
4 changes: 2 additions & 2 deletions doc/man/salt-syndic.1
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
..
.TH "SALT-SYNDIC" "1" "Generated on December 12, 2023 at 05:54:17 PM UTC." "3006.5" "Salt"
.TH "SALT-SYNDIC" "1" "Generated on January 26, 2024 at 11:57:28 AM UTC." "3006.6" "Salt"
.SH NAME
salt-syndic \- salt-syndic Documentation
.sp
Expand Down Expand Up @@ -116,6 +116,6 @@ Logfile logging log level. One of \fBall\fP, \fBgarbage\fP, \fBtrace\fP,
.SH AUTHOR
Thomas S. Hatch <[email protected]> and many others, please see the Authors file
.SH COPYRIGHT
2023
2024
.\" Generated by docutils manpage writer.
.
4 changes: 2 additions & 2 deletions doc/man/salt.1
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
..
.TH "SALT" "1" "Generated on December 12, 2023 at 05:54:17 PM UTC." "3006.5" "Salt"
.TH "SALT" "1" "Generated on January 26, 2024 at 11:57:28 AM UTC." "3006.6" "Salt"
.SH NAME
salt \- salt
.SH SYNOPSIS
Expand Down Expand Up @@ -354,6 +354,6 @@ to a JSON parser, use \fB\-\-static\fP as well.
.SH AUTHOR
Thomas S. Hatch <[email protected]> and many others, please see the Authors file
.SH COPYRIGHT
2023
2024
.\" Generated by docutils manpage writer.
.
65 changes: 37 additions & 28 deletions doc/man/salt.7
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
..
.TH "SALT" "7" "Generated on December 12, 2023 at 05:54:17 PM UTC." "3006.5" "Salt"
.TH "SALT" "7" "Generated on January 26, 2024 at 11:57:28 AM UTC." "3006.6" "Salt"
.SH NAME
salt \- Salt Documentation
.SH SALT PROJECT
Expand Down Expand Up @@ -85609,7 +85609,7 @@ built packages need to be placed in the correct locations.
.INDENT 0.0
.IP \(bu 2
Place all salt packages for the applicable testing version in
\fB<repo\-root>/pkg/artifacts/\fP\&.
\fB<repo\-root>/artifacts/pkg/\fP\&.
.IP \(bu 2
The onedir must be located under \fB<repo\-root>/artifacts/\fP\&.
.IP \(bu 2
Expand Down Expand Up @@ -85733,7 +85733,7 @@ artifact may look like \fBnox\-ubuntu\-20.04\-test\-pkgs\-onedir\-x86_64\fP\&.
Place the artifacts in the correct location:
.INDENT 3.0
.INDENT 3.5
Unzip the packages and place them in \fB<repo\-root>/pkg/artifacts/\fP\&.
Unzip the packages and place them in \fB<repo\-root>/artifacts/pkg/\fP\&.
.sp
You must unzip and untar the onedir packages and place them in
\fB<repo\-root>/artifacts/\fP\&. Windows onedir requires an additional unzip
Expand Down Expand Up @@ -116861,28 +116861,6 @@ salt \(aq*\(aq pkg.del_repo_key name=\(aqppa:foo/bar\(aq keyid_ppa=True
.UNINDENT
.INDENT 0.0
.TP
.B salt.modules.aptpkg.expand_repo_def(**kwargs)
Take a repository definition and expand it to the full pkg repository dict
that can be used for comparison. This is a helper function to make
the Debian/Ubuntu apt sources sane for comparison in the pkgrepo states.
.sp
This is designed to be called from pkgrepo states and will have little use
being called on the CLI.
.sp
CLI Examples:
.INDENT 7.0
.INDENT 3.5
.sp
.nf
.ft C
NOT USABLE IN THE CLI
.ft P
.fi
.UNINDENT
.UNINDENT
.UNINDENT
.INDENT 0.0
.TP
.B salt.modules.aptpkg.file_dict(*packages, **kwargs)
List the files that belong to a package, grouped by package. Not
specifying any packages will return a list of _every_ file on the system\(aqs
Expand Down Expand Up @@ -194390,7 +194368,7 @@ Passes through all the parameters described in the
\fI\%utils.http.query function\fP:
.INDENT 7.0
.TP
.B salt.utils.http.query(url, method=\(aqGET\(aq, params=None, data=None, data_file=None, header_dict=None, header_list=None, header_file=None, username=None, password=None, auth=None, decode=False, decode_type=\(aqauto\(aq, status=False, headers=False, text=False, cookies=None, cookie_jar=None, cookie_format=\(aqlwp\(aq, persist_session=False, session_cookie_jar=None, data_render=False, data_renderer=None, header_render=False, header_renderer=None, template_dict=None, test=False, test_url=None, node=\(aqminion\(aq, port=80, opts=None, backend=None, ca_bundle=None, verify_ssl=None, cert=None, text_out=None, headers_out=None, decode_out=None, stream=False, streaming_callback=None, header_callback=None, handle=False, agent=\(aqSalt/3006.5\(aq, hide_fields=None, raise_error=True, formdata=False, formdata_fieldname=None, formdata_filename=None, decode_body=True, **kwargs)
.B salt.utils.http.query(url, method=\(aqGET\(aq, params=None, data=None, data_file=None, header_dict=None, header_list=None, header_file=None, username=None, password=None, auth=None, decode=False, decode_type=\(aqauto\(aq, status=False, headers=False, text=False, cookies=None, cookie_jar=None, cookie_format=\(aqlwp\(aq, persist_session=False, session_cookie_jar=None, data_render=False, data_renderer=None, header_render=False, header_renderer=None, template_dict=None, test=False, test_url=None, node=\(aqminion\(aq, port=80, opts=None, backend=None, ca_bundle=None, verify_ssl=None, cert=None, text_out=None, headers_out=None, decode_out=None, stream=False, streaming_callback=None, header_callback=None, handle=False, agent=\(aqSalt/3006.6\(aq, hide_fields=None, raise_error=True, formdata=False, formdata_fieldname=None, formdata_filename=None, decode_body=True, **kwargs)
Query a resource, and decode the return data
.UNINDENT
.INDENT 7.0
Expand Down Expand Up @@ -457920,7 +457898,7 @@ installed2
.UNINDENT
.INDENT 0.0
.TP
.B salt.states.zcbuildout.installed(name, config=\(aqbuildout.cfg\(aq, quiet=False, parts=None, user=None, env=(), buildout_ver=None, test_release=False, distribute=None, new_st=None, offline=False, newest=False, python=\(aq/opt/actions\-runner/_work/salt/salt/.tools\-venvs/py3.10/docs/bin/python\(aq, debug=False, verbose=False, unless=None, onlyif=None, use_vt=False, loglevel=\(aqdebug\(aq, **kwargs)
.B salt.states.zcbuildout.installed(name, config=\(aqbuildout.cfg\(aq, quiet=False, parts=None, user=None, env=(), buildout_ver=None, test_release=False, distribute=None, new_st=None, offline=False, newest=False, python=\(aq/opt/actions\-runner/_work/salt\-priv/salt\-priv/.tools\-venvs/py3.10/docs/bin/python\(aq, debug=False, verbose=False, unless=None, onlyif=None, use_vt=False, loglevel=\(aqdebug\(aq, **kwargs)
Install buildout in a specific directory
.sp
It is a thin wrapper to modules.buildout.buildout
Expand Down Expand Up @@ -478000,6 +477978,37 @@ Bump to \fBcryptography==41.0.4\fP due to \fI\%https://github.com/advisories/GHS
.IP \(bu 2
Bump to \fBcryptography==41.0.7\fP due to \fI\%https://github.com/advisories/GHSA\-jfhm\-5ghh\-2f97\fP \fI\%#65643\fP
.UNINDENT
(release\-3006.6)=
.SS Salt 3006.6 release notes
.SS Changelog
.SS Changed
.INDENT 0.0
.IP \(bu 2
Salt no longer time bombs user installations on code using \fBsalt.utils.versions.warn_until_date\fP \fI\%#665924\fP
.UNINDENT
.SS Fixed
.INDENT 0.0
.IP \(bu 2
Fix un\-closed transport in tornado netapi \fI\%#65759\fP
.UNINDENT
.SS Security
.INDENT 0.0
.IP \(bu 2
CVE\-2024\-22231 Prevent directory traversal when creating syndic cache directory on the master
CVE\-2024\-22232 Prevent directory traversal attacks in the master\(aqs serve_file method.
These vulerablities were discovered and reported by:
Yudi Zhao(Huawei Nebula Security Lab),Chenwei Jiang(Huawei Nebula Security Lab) \fI\%#565\fP
.IP \(bu 2
Update some requirements which had some security issues:
.INDENT 2.0
.IP \(bu 2
Bump to \fBpycryptodome==3.19.1\fP and \fBpycryptodomex==3.19.1\fP due to \fI\%https://github.com/advisories/GHSA\-j225\-cvw7\-qrx7\fP
.IP \(bu 2
Bump to \fBgitpython==3.1.41\fP due to \fI\%https://github.com/advisories/GHSA\-2mqj\-m65w\-jghx\fP
.IP \(bu 2
Bump to \fBjinja2==3.1.3\fP due to \fI\%https://github.com/advisories/GHSA\-h5c8\-rqwp\-cp95\fP \fI\%#65830\fP
.UNINDENT
.UNINDENT
.sp
See \fI\%Install a release candidate\fP
for more information about installing an RC when one is available.
Expand Down Expand Up @@ -603011,6 +603020,6 @@ minions. \fISee also\fP:
.SH AUTHOR
Thomas S. Hatch <[email protected]> and many others, please see the Authors file
.SH COPYRIGHT
2023
2024
.\" Generated by docutils manpage writer.
.
4 changes: 2 additions & 2 deletions doc/man/spm.1
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
..
.TH "SPM" "1" "Generated on December 12, 2023 at 05:54:17 PM UTC." "3006.5" "Salt"
.TH "SPM" "1" "Generated on January 26, 2024 at 11:57:28 AM UTC." "3006.6" "Salt"
.SH NAME
spm \- Salt Package Manager Command
.sp
Expand Down Expand Up @@ -138,6 +138,6 @@ in that directory which describes them.
.SH AUTHOR
Thomas S. Hatch <[email protected]> and many others, please see the Authors file
.SH COPYRIGHT
2023
2024
.\" Generated by docutils manpage writer.
.
Loading

0 comments on commit b1fa82b

Please sign in to comment.