Merge pull request #57096 from frogunder/man_pages_2019.2.5

Update man_pages 2019.2.5

doc/man/salt-api.1

@@ -1,6 +1,6 @@
 .\" Man page generated from reStructuredText.
 .
-.TH "SALT-API" "1" "Apr 14, 2020" "2019.2.4" "Salt"
+.TH "SALT-API" "1" "May 05, 2020" "2019.2.5" "Salt"
 .SH NAME
 salt-api \- salt-api Command
 .

doc/man/salt-call.1

@@ -1,6 +1,6 @@
 .\" Man page generated from reStructuredText.
 .
-.TH "SALT-CALL" "1" "Apr 14, 2020" "2019.2.4" "Salt"
+.TH "SALT-CALL" "1" "May 05, 2020" "2019.2.5" "Salt"
 .SH NAME
 salt-call \- salt-call Documentation
 .

doc/man/salt-cloud.1

@@ -1,6 +1,6 @@
 .\" Man page generated from reStructuredText.
 .
-.TH "SALT-CLOUD" "1" "Apr 14, 2020" "2019.2.4" "Salt"
+.TH "SALT-CLOUD" "1" "May 05, 2020" "2019.2.5" "Salt"
 .SH NAME
 salt-cloud \- Salt Cloud Command
 .

doc/man/salt-cp.1

@@ -1,6 +1,6 @@
 .\" Man page generated from reStructuredText.
 .
-.TH "SALT-CP" "1" "Apr 14, 2020" "2019.2.4" "Salt"
+.TH "SALT-CP" "1" "May 05, 2020" "2019.2.5" "Salt"
 .SH NAME
 salt-cp \- salt-cp Documentation
 .

doc/man/salt-key.1

@@ -1,6 +1,6 @@
 .\" Man page generated from reStructuredText.
 .
-.TH "SALT-KEY" "1" "Apr 14, 2020" "2019.2.4" "Salt"
+.TH "SALT-KEY" "1" "May 05, 2020" "2019.2.5" "Salt"
 .SH NAME
 salt-key \- salt-key Documentation
 .

doc/man/salt-master.1

@@ -1,6 +1,6 @@
 .\" Man page generated from reStructuredText.
 .
-.TH "SALT-MASTER" "1" "Apr 14, 2020" "2019.2.4" "Salt"
+.TH "SALT-MASTER" "1" "May 05, 2020" "2019.2.5" "Salt"
 .SH NAME
 salt-master \- salt-master Documentation
 .

doc/man/salt-minion.1

@@ -1,6 +1,6 @@
 .\" Man page generated from reStructuredText.
 .
-.TH "SALT-MINION" "1" "Apr 14, 2020" "2019.2.4" "Salt"
+.TH "SALT-MINION" "1" "May 05, 2020" "2019.2.5" "Salt"
 .SH NAME
 salt-minion \- salt-minion Documentation
 .

doc/man/salt-proxy.1

@@ -1,6 +1,6 @@
 .\" Man page generated from reStructuredText.
 .
-.TH "SALT-PROXY" "1" "Apr 14, 2020" "2019.2.4" "Salt"
+.TH "SALT-PROXY" "1" "May 05, 2020" "2019.2.5" "Salt"
 .SH NAME
 salt-proxy \- salt-proxy Documentation
 .

doc/man/salt-run.1

@@ -1,6 +1,6 @@
 .\" Man page generated from reStructuredText.
 .
-.TH "SALT-RUN" "1" "Apr 14, 2020" "2019.2.4" "Salt"
+.TH "SALT-RUN" "1" "May 05, 2020" "2019.2.5" "Salt"
 .SH NAME
 salt-run \- salt-run Documentation
 .

doc/man/salt-ssh.1

@@ -1,6 +1,6 @@
 .\" Man page generated from reStructuredText.
 .
-.TH "SALT-SSH" "1" "Apr 14, 2020" "2019.2.4" "Salt"
+.TH "SALT-SSH" "1" "May 05, 2020" "2019.2.5" "Salt"
 .SH NAME
 salt-ssh \- salt-ssh Documentation
 .

doc/man/salt-syndic.1

@@ -1,6 +1,6 @@
 .\" Man page generated from reStructuredText.
 .
-.TH "SALT-SYNDIC" "1" "Apr 14, 2020" "2019.2.4" "Salt"
+.TH "SALT-SYNDIC" "1" "May 05, 2020" "2019.2.5" "Salt"
 .SH NAME
 salt-syndic \- salt-syndic Documentation
 .

doc/man/salt-unity.1

@@ -1,6 +1,6 @@
 .\" Man page generated from reStructuredText.
 .
-.TH "SALT-UNITY" "1" "Apr 14, 2020" "2019.2.4" "Salt"
+.TH "SALT-UNITY" "1" "May 05, 2020" "2019.2.5" "Salt"
 .SH NAME
 salt-unity \- salt-unity Command
 .

doc/man/salt.1

@@ -1,6 +1,6 @@
 .\" Man page generated from reStructuredText.
 .
-.TH "SALT" "1" "Apr 14, 2020" "2019.2.4" "Salt"
+.TH "SALT" "1" "May 05, 2020" "2019.2.5" "Salt"
 .SH NAME
 salt \- salt
 .

doc/man/salt.7

@@ -1,6 +1,6 @@
 .\" Man page generated from reStructuredText.
 .
-.TH "SALT" "7" "Apr 14, 2020" "2019.2.4" "Salt"
+.TH "SALT" "7" "May 05, 2020" "2019.2.5" "Salt"
 .SH NAME
 salt \- Salt Documentation
 .
@@ -24535,6 +24535,11 @@ Run masterless\-mode minions on
 particularly sensitive minions. There is also salt\-ssh or the
 \fBmodules.sudo\fP if you need to further restrict
 a minion.
+.IP \(bu 2
+Monitor specific security releated log messages. Salt \fBsalt\-master\fP logs
+attempts to access methods which are not exposed to network clients. These log
+messages are logged at the \fBerror\fP log level and start with \fBRequested
+method not exposed\fP\&.
 .UNINDENT
 .SS Security disclosure policy
 .INDENT 0.0
@@ -180035,7 +180040,7 @@ Passes through all the parameters described in the
 \fI\%utils.http.query function\fP:
 .INDENT 7.0
 .TP
-.B salt.utils.http.query(url, method=u\(aqGET\(aq, params=None, data=None, data_file=None, header_dict=None, header_list=None, header_file=None, username=None, password=None, auth=None, decode=False, decode_type=u\(aqauto\(aq, status=False, headers=False, text=False, cookies=None, cookie_jar=None, cookie_format=u\(aqlwp\(aq, persist_session=False, session_cookie_jar=None, data_render=False, data_renderer=None, header_render=False, header_renderer=None, template_dict=None, test=False, test_url=None, node=u\(aqminion\(aq, port=80, opts=None, backend=None, ca_bundle=None, verify_ssl=None, cert=None, text_out=None, headers_out=None, decode_out=None, stream=False, streaming_callback=None, header_callback=None, handle=False, agent=u\(aqSalt/2019.2.3\-6\-g46e67b2\(aq, hide_fields=None, raise_error=True, **kwargs)
+.B salt.utils.http.query(url, method=u\(aqGET\(aq, params=None, data=None, data_file=None, header_dict=None, header_list=None, header_file=None, username=None, password=None, auth=None, decode=False, decode_type=u\(aqauto\(aq, status=False, headers=False, text=False, cookies=None, cookie_jar=None, cookie_format=u\(aqlwp\(aq, persist_session=False, session_cookie_jar=None, data_render=False, data_renderer=None, header_render=False, header_renderer=None, template_dict=None, test=False, test_url=None, node=u\(aqminion\(aq, port=80, opts=None, backend=None, ca_bundle=None, verify_ssl=None, cert=None, text_out=None, headers_out=None, decode_out=None, stream=False, streaming_callback=None, header_callback=None, handle=False, agent=u\(aqSalt/2019.2.4\(aq, hide_fields=None, raise_error=True, **kwargs)
 Query a resource, and decode the return data
 .UNINDENT
 .sp
@@ -431464,6 +431469,47 @@ With the Salt NetAPI enabled in addition to having a SSH roster defined,
 unauthenticated access is possible when specifying the client as SSH.
 Additionally, when the raw_shell option is specified any arbitrary command
 may be run on the Salt master when specifying SSH options.
+.SS Salt 2019.2.4 Release Notes
+.sp
+Version 2019.2.4 is a CVE\-fix release for 2019.2.0\&.
+.SS Security Fix
+.sp
+\fBCVE\-2020\-11651\fP
+.sp
+An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2.
+The salt\-master process ClearFuncs class does not properly validate
+method calls. This allows a remote user to access some methods without
+authentication. These methods can be used to retrieve user tokens from
+the salt master and/or run arbitrary commands on salt minions.
+.sp
+\fBCVE\-2020\-11652\fP
+.sp
+An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2.
+The salt\-master process ClearFuncs class allows access to some methods
+that improperly sanitize paths. These methods allow arbitrary
+directory access to authenticated users.
+.SS Known Issue
+.sp
+Part of the fix for CVE\-2020\-11651 added better validation of the methods allowed to be called by remote clients.
+Both AESFuncs and ClearFuncs now have an explicit list of methods that can be called.
+The name of one of these whitlisted methods on AESFuncs had a typo.
+The _minion_runner method should be minion_runner (without the underscore prefix).
+This typo breaks the publish module’s runner method.
+Calling runners, for example:
+.INDENT 0.0
+.INDENT 3.5
+.sp
+.nf
+.ft C
+salt minion publish.runner manage.down
+.ft P
+.fi
+.UNINDENT
+.UNINDENT
+.sp
+Will not work, and you will receive and empty reply from the salt master.
+.sp
+This will be addressed in the Sodium release of Salt set for mid\-June 2020.
 .SS Salt 2018.3.0 Release Notes \- Codename Oxygen
 .sp
 \fBWARNING:\fP

doc/man/spm.1

@@ -1,6 +1,6 @@
 .\" Man page generated from reStructuredText.
 .
-.TH "SPM" "1" "Apr 14, 2020" "2019.2.4" "Salt"
+.TH "SPM" "1" "May 05, 2020" "2019.2.5" "Salt"
 .SH NAME
 spm \- Salt Package Manager Command
 .