saltstack/salt
1
0
Fork 0
mirror of https://github.com/saltstack/salt.git synced 2025-04-16 09:40:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Release v3006.3

Browse source
This commit is contained in:
Salt Project Packaging 2023-09-06 17:02:29 +00:00
parent eb493bfdd5
commit 8505972418
No known key found for this signature in database
GPG key ID: 64CBBC8173D76B3F
95 changed files with 1852 additions and 501 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

146
CHANGELOG.md
View file

@ -7,6 +7,152 @@ Versions are `MAJOR.PATCH`.
# Changelog
## 3006.3 (2023-09-06)
### Removed
- Fedora 36 support was removed because it reached EOL [#64315](https://github.com/saltstack/salt/issues/64315)
- Handle deprecation warnings:
* Switch to `FullArgSpec` since Py 3.11 no longer has `ArgSpec`, deprecated since Py 3.0
* Stop using the deprecated `cgi` module
* Stop using the deprecated `pipes` module
* Stop using the deprecated `imp` module [#64553](https://github.com/saltstack/salt/issues/64553)
### Changed
- Replace libnacl with PyNaCl [#64372](https://github.com/saltstack/salt/issues/64372)
- Don't hardcode the python version on the Salt Package tests and on the `pkg/debian/salt-cloud.postinst` file [#64553](https://github.com/saltstack/salt/issues/64553)
- Some more deprecated code fixes:
* Stop using the deprecated `locale.getdefaultlocale()` function
* Stop accessing deprecated attributes
* `pathlib.Path.__enter__()` usage is deprecated and not required, a no-op [#64565](https://github.com/saltstack/salt/issues/64565)
- Bump to `pyyaml==6.0.1` due to https://github.com/yaml/pyyaml/issues/601 and address lint issues [#64657](https://github.com/saltstack/salt/issues/64657)
### Fixed
- Fix for assume role when used salt-cloud to create aws ec2. [#52501](https://github.com/saltstack/salt/issues/52501)
- fixes aptpkg module by checking for blank comps. [#58667](https://github.com/saltstack/salt/issues/58667)
- `wheel.file_roots.find` is now able to find files in subdirectories of the roots. [#59800](https://github.com/saltstack/salt/issues/59800)
- pkg.latest no longer fails when multiple versions are reported to be installed (e.g. updating the kernel) [#60931](https://github.com/saltstack/salt/issues/60931)
- Do not update the credentials dictionary in `utils/aws.py` while iterating over it, and use the correct delete functionality [#61049](https://github.com/saltstack/salt/issues/61049)
- fixed runner not having a proper exit code when runner modules throw an exception. [#61173](https://github.com/saltstack/salt/issues/61173)
- `pip.list_all_versions` now works with `index_url` and `extra_index_url` [#61610](https://github.com/saltstack/salt/issues/61610)
- speed up file.recurse by using prefix with cp.list_master_dir and remove an un-needed loop. [#61998](https://github.com/saltstack/salt/issues/61998)
- Preserve test=True condition while running sub states. [#62590](https://github.com/saltstack/salt/issues/62590)
- Job returns are only sent to originating master [#62834](https://github.com/saltstack/salt/issues/62834)
- Fixes an issue with failing subsequent state runs with the lgpo state module.
The ``lgpo.get_polcy`` function now returns all boolean settings. [#63296](https://github.com/saltstack/salt/issues/63296)
- Fix SELinux get policy with trailing whitespace [#63336](https://github.com/saltstack/salt/issues/63336)
- Fixes an issue with boolean settings not being reported after being set. The
``lgpo.get_polcy`` function now returns all boolean settings. [#63473](https://github.com/saltstack/salt/issues/63473)
- Ensure body is returned when salt.utils.http returns something other than 200 with tornado backend. [#63557](https://github.com/saltstack/salt/issues/63557)
- Allow long running pillar and file client requests to finish using request_channel_timeout and request_channel_tries minion config. [#63824](https://github.com/saltstack/salt/issues/63824)
- Fix state_queue type checking to allow int values [#64122](https://github.com/saltstack/salt/issues/64122)
- Call global logger when catching pip.list exceptions in states.pip.installed
Rename global logger `log` to `logger` inside pip_state [#64169](https://github.com/saltstack/salt/issues/64169)
- Fixes permissions created by the Debian and RPM packages for the salt user.
The salt user created by the Debian and RPM packages to run the salt-master process, was previously given ownership of various directories in a way which compromised the benefits of running the salt-master process as a non-root user.
This fix sets the salt user to only have write access to those files and
directories required for the salt-master process to run. [#64193](https://github.com/saltstack/salt/issues/64193)
- Fix user.present state when groups is unset to ensure the groups are unchanged, as documented. [#64211](https://github.com/saltstack/salt/issues/64211)
- Fixes issue with MasterMinion class loading configuration from `/etc/salt/minion.d/*.conf.
The MasterMinion class (used for running orchestraions on master and other functionality) was incorrectly loading configuration from `/etc/salt/minion.d/*.conf`, when it should only load configuration from `/etc/salt/master` and `/etc/salt/master.d/*.conf`. [#64219](https://github.com/saltstack/salt/issues/64219)
- Fixed issue in mac_user.enable_auto_login that caused the user's keychain to be reset at each boot [#64226](https://github.com/saltstack/salt/issues/64226)
- Fixed KeyError in logs when running a state that fails. [#64231](https://github.com/saltstack/salt/issues/64231)
- Fixed x509_v2 `create_private_key`/`create_crl` unknown kwargs: __pub_fun... [#64232](https://github.com/saltstack/salt/issues/64232)
- remove the hard coded python version in error. [#64237](https://github.com/saltstack/salt/issues/64237)
- `salt-pip` now properly errors out when being called from a non `onedir` environment. [#64249](https://github.com/saltstack/salt/issues/64249)
- Ensure we return an error when adding the key fails in the pkgrepo state for debian hosts. [#64253](https://github.com/saltstack/salt/issues/64253)
- Fixed file client private attribute reference on `SaltMakoTemplateLookup` [#64280](https://github.com/saltstack/salt/issues/64280)
- Fix pkgrepo.absent failures on apt-based systems when repo either a) contains a
trailing slash, or b) there is an arch mismatch. [#64286](https://github.com/saltstack/salt/issues/64286)
- Fix detection of Salt codename by "salt_version" execution module [#64306](https://github.com/saltstack/salt/issues/64306)
- Ensure selinux values are handled lowercase [#64318](https://github.com/saltstack/salt/issues/64318)
- Remove the `clr.AddReference`, it is causing an `Illegal characters in path` exception [#64339](https://github.com/saltstack/salt/issues/64339)
- Update `pkg.group_installed` state to support repo options [#64348](https://github.com/saltstack/salt/issues/64348)
- Fix salt user login shell path in Debian packages [#64377](https://github.com/saltstack/salt/issues/64377)
- Allow for multiple user's keys presented when authenticating, for example: root, salt, etc. [#64398](https://github.com/saltstack/salt/issues/64398)
- Fixed an issue with ``lgpo_reg`` where existing entries for the same key in
``Registry.pol`` were being overwritten in subsequent runs if the value name in
the subesequent run was contained in the existing value name. For example, a
key named ``SetUpdateNotificationLevel`` would be overwritten by a subsequent
run attempting to set ``UpdateNotificationLevel`` [#64401](https://github.com/saltstack/salt/issues/64401)
- Add search for %ProgramData%\Chocolatey\choco.exe to determine if Chocolatey is installed or not [#64427](https://github.com/saltstack/salt/issues/64427)
- Fix regression for user.present on handling groups with dupe GIDs [#64430](https://github.com/saltstack/salt/issues/64430)
- Fix inconsistent use of args in ssh_auth.managed [#64442](https://github.com/saltstack/salt/issues/64442)
- Ensure we raise an error when the name argument is invalid in pkgrepo.managed state for systems using apt. [#64451](https://github.com/saltstack/salt/issues/64451)
- Fix file.symlink will not replace/update existing symlink [#64477](https://github.com/saltstack/salt/issues/64477)
- Fixed salt-ssh state.* commands returning retcode 0 when state/pillar rendering fails [#64514](https://github.com/saltstack/salt/issues/64514)
- Fix pkg.install when using a port in the url. [#64516](https://github.com/saltstack/salt/issues/64516)
- `win_pkg` Fixes an issue runing `pkg.install` with `version=latest` where the
new installer would not be cached if there was already an installer present
with the same name. [#64519](https://github.com/saltstack/salt/issues/64519)
- Added a `test:full` label in the salt repository, which, when selected, will force a full test run. [#64539](https://github.com/saltstack/salt/issues/64539)
- Syndic's async_req_channel uses the asynchornous version of request channel [#64552](https://github.com/saltstack/salt/issues/64552)
- Ensure runners properly save information to job cache. [#64570](https://github.com/saltstack/salt/issues/64570)
- Added salt.ufw to salt-master install on Debian and Ubuntu [#64572](https://github.com/saltstack/salt/issues/64572)
- Added support for Chocolatey 2.0.0+ while maintaining support for older versions [#64622](https://github.com/saltstack/salt/issues/64622)
- Updated semanage fcontext to use --modify if context already exists when adding context [#64625](https://github.com/saltstack/salt/issues/64625)
- Preserve request client socket between requests. [#64627](https://github.com/saltstack/salt/issues/64627)
- Show user friendly message when pillars timeout [#64651](https://github.com/saltstack/salt/issues/64651)
- File client timeouts durring jobs show user friendly errors instead of tracbacks [#64653](https://github.com/saltstack/salt/issues/64653)
- SaltClientError does not log a traceback on minions, we expect these to happen so a user friendly log is shown. [#64729](https://github.com/saltstack/salt/issues/64729)
- Look in location salt is running from, this accounts for running from an unpacked onedir file that has not been installed. [#64877](https://github.com/saltstack/salt/issues/64877)
- Preserve credentials on spawning platforms, minions no longer re-authenticate
with every job when using `multiprocessing=True`. [#64914](https://github.com/saltstack/salt/issues/64914)
- Fixed uninstaller to not remove the `salt` directory by default. This allows
the `extras-3.##` folder to persist so salt-pip dependencies are not wiped out
during an upgrade. [#64957](https://github.com/saltstack/salt/issues/64957)
- fix msteams by adding the missing header that Microsoft is now enforcing. [#64973](https://github.com/saltstack/salt/issues/64973)
- Fix __env__ and improve cache cleaning see more info at pull #65017. [#65002](https://github.com/saltstack/salt/issues/65002)
- Better error message on inconsistent decoded payload [#65020](https://github.com/saltstack/salt/issues/65020)
- Handle permissions access error when calling `lsb_release` with the salt user [#65024](https://github.com/saltstack/salt/issues/65024)
- Allow schedule state module to update schedule when the minion is offline. [#65033](https://github.com/saltstack/salt/issues/65033)
- Fixed creation of wildcard DNS in SAN in `x509_v2` [#65072](https://github.com/saltstack/salt/issues/65072)
- The macOS installer no longer removes the extras directory [#65073](https://github.com/saltstack/salt/issues/65073)
### Added
- Added a script to automate setting up a 2nd minion in a user context on Windows [#64439](https://github.com/saltstack/salt/issues/64439)
- Several fixes to the CI workflow:
* Don't override the `on` Jinja block on the `ci.yaml` template. This enables reacting to labels getting added/removed
to/from pull requests.
* Switch to using `tools` and re-use the event payload available instead of querying the GH API again to get the pull
request labels
* Concentrate test selection by labels to a single place
* Enable code coverage on pull-requests by setting the `test:coverage` label [#64547](https://github.com/saltstack/salt/issues/64547)
### Security
- Upgrade to `cryptography==41.0.3`(and therefor `pyopenssl==23.2.0` due to https://github.com/advisories/GHSA-jm77-qphf-c4w8)
This only really impacts pip installs of Salt and the windows onedir since the linux and macos onedir build every package dependency from source, not from pre-existing wheels.
Also resolves the following cryptography advisories:
Due to:
* https://github.com/advisories/GHSA-5cpq-8wj7-hf2v
* https://github.com/advisories/GHSA-x4qr-2fvf-3mr5
* https://github.com/advisories/GHSA-w7pp-m8wf-vj6r [#64595](https://github.com/saltstack/salt/issues/64595)
- Bump to `aiohttp==3.8.5` due to https://github.com/advisories/GHSA-45c4-8wx5-qw6w [#64687](https://github.com/saltstack/salt/issues/64687)
- Bump to `certifi==2023.07.22` due to https://github.com/advisories/GHSA-xqr8-7jwr-rhp7 [#64718](https://github.com/saltstack/salt/issues/64718)
- Upgrade `relenv` to `0.13.2` and Python to `3.10.12`
Addresses multiple CVEs in Python's dependencies: https://docs.python.org/release/3.10.12/whatsnew/changelog.html#python-3-10-12 [#64719](https://github.com/saltstack/salt/issues/64719)
- Update to `gitpython>=3.1.32` due to https://github.com/advisories/GHSA-pr76-5cm5-w9cj [#64988](https://github.com/saltstack/salt/issues/64988)
## 3006.2 (2023-08-09)

1
changelog/52501.fixed.md
View file

@ -1 +0,0 @@
Fix for assume role when used salt-cloud to create aws ec2.

1
changelog/58667.fixed.md
View file

@ -1 +0,0 @@
fixes aptpkg module by checking for blank comps.

1
changelog/59800.fixed.md
View file

@ -1 +0,0 @@
`wheel.file_roots.find` is now able to find files in subdirectories of the roots.

1
changelog/60931.fixed.md
View file

@ -1 +0,0 @@
pkg.latest no longer fails when multiple versions are reported to be installed (e.g. updating the kernel)

1
changelog/61049.fixed.md
View file

@ -1 +0,0 @@
Do not update the credentials dictionary in `utils/aws.py` while iterating over it, and use the correct delete functionality

1
changelog/61173.fixed.md
View file

@ -1 +0,0 @@
fixed runner not having a proper exit code when runner modules throw an exception.

1
changelog/61610.fixed.md
View file

@ -1 +0,0 @@
`pip.list_all_versions` now works with `index_url` and `extra_index_url`

1
changelog/61998.fixed.md
View file

@ -1 +0,0 @@
speed up file.recurse by using prefix with cp.list_master_dir and remove an un-needed loop.

1
changelog/62590.fixed.md
View file

@ -1 +0,0 @@
Preserve test=True condition while running sub states.

1
changelog/62834.fixed.md
View file

@ -1 +0,0 @@
Job returns are only sent to originating master

2
changelog/63296.fixed.md
View file

@ -1,2 +0,0 @@
Fixes an issue with failing subsequent state runs with the lgpo state module.
The ``lgpo.get_polcy`` function now returns all boolean settings.

1
changelog/63336.fixed.md
View file

@ -1 +0,0 @@
Fix SELinux get policy with trailing whitespace

2
changelog/63473.fixed.md
View file

@ -1,2 +0,0 @@
Fixes an issue with boolean settings not being reported after being set. The
``lgpo.get_polcy`` function now returns all boolean settings.

1
changelog/63557.fixed.md
View file

@ -1 +0,0 @@
Ensure body is returned when salt.utils.http returns something other than 200 with tornado backend.

1
changelog/63824.fixed.md
View file

@ -1 +0,0 @@
Allow long running pillar and file client requests to finish using request_channel_timeout and request_channel_tries minion config.

1
changelog/64122.fixed.md
View file

@ -1 +0,0 @@
Fix state_queue type checking to allow int values

2
changelog/64169.fixed.md
View file

@ -1,2 +0,0 @@
Call global logger when catching pip.list exceptions in states.pip.installed
Rename global logger `log` to `logger` inside pip_state

6
changelog/64193.fixed.md
View file

@ -1,6 +0,0 @@
Fixes permissions created by the Debian and RPM packages for the salt user.
The salt user created by the Debian and RPM packages to run the salt-master process, was previously given ownership of various directories in a way which compromised the benefits of running the salt-master process as a non-root user.
This fix sets the salt user to only have write access to those files and
directories required for the salt-master process to run.

1
changelog/64211.fixed.md
View file

@ -1 +0,0 @@
Fix user.present state when groups is unset to ensure the groups are unchanged, as documented.

3
changelog/64219.fixed.md
View file

@ -1,3 +0,0 @@
Fixes issue with MasterMinion class loading configuration from `/etc/salt/minion.d/*.conf.
The MasterMinion class (used for running orchestraions on master and other functionality) was incorrectly loading configuration from `/etc/salt/minion.d/*.conf`, when it should only load configuration from `/etc/salt/master` and `/etc/salt/master.d/*.conf`.

1
changelog/64226.fixed.md
View file

@ -1 +0,0 @@
Fixed issue in mac_user.enable_auto_login that caused the user's keychain to be reset at each boot

1
changelog/64231.fixed.md
View file

@ -1 +0,0 @@
Fixed KeyError in logs when running a state that fails.

1
changelog/64232.fixed.md
View file

@ -1 +0,0 @@
Fixed x509_v2 `create_private_key`/`create_crl` unknown kwargs: __pub_fun...

1
changelog/64237.fixed.md
View file

@ -1 +0,0 @@
remove the hard coded python version in error.

1
changelog/64249.fixed.md
View file

@ -1 +0,0 @@
`salt-pip` now properly errors out when being called from a non `onedir` environment.

1
changelog/64253.fixed.md
View file

@ -1 +0,0 @@
Ensure we return an error when adding the key fails in the pkgrepo state for debian hosts.

1
changelog/64280.fixed.md
View file

@ -1 +0,0 @@
Fixed file client private attribute reference on `SaltMakoTemplateLookup`

2
changelog/64286.fixed.md
View file

@ -1,2 +0,0 @@
Fix pkgrepo.absent failures on apt-based systems when repo either a) contains a
trailing slash, or b) there is an arch mismatch.

1
changelog/64306.fixed.md
View file

@ -1 +0,0 @@
Fix detection of Salt codename by "salt_version" execution module

1
changelog/64315.removed.md
View file

@ -1 +0,0 @@
Fedora 36 support was removed because it reached EOL

1
changelog/64318.fixed.md
View file

@ -1 +0,0 @@
Ensure selinux values are handled lowercase

1
changelog/64339.fixed.md
View file

@ -1 +0,0 @@
Remove the `clr.AddReference`, it is causing an `Illegal characters in path` exception

1
changelog/64348.fixed.md
View file

@ -1 +0,0 @@
Update `pkg.group_installed` state to support repo options

1
changelog/64372.changed.md
View file

@ -1 +0,0 @@
Replace libnacl with PyNaCl

1
changelog/64377.fixed.md
View file

@ -1 +0,0 @@
Fix salt user login shell path in Debian packages

1
changelog/64398.fixed.md
View file

@ -1 +0,0 @@
Allow for multiple user's keys presented when authenticating, for example: root, salt, etc.

5
changelog/64401.fixed.md
View file

@ -1,5 +0,0 @@
Fixed an issue with ``lgpo_reg`` where existing entries for the same key in
``Registry.pol`` were being overwritten in subsequent runs if the value name in
the subesequent run was contained in the existing value name. For example, a
key named ``SetUpdateNotificationLevel`` would be overwritten by a subsequent
run attempting to set ``UpdateNotificationLevel``

1
changelog/64427.fixed.md
View file

@ -1 +0,0 @@
Add search for %ProgramData%\Chocolatey\choco.exe to determine if Chocolatey is installed or not

1
changelog/64430.fixed.md
View file

@ -1 +0,0 @@
Fix regression for user.present on handling groups with dupe GIDs

1
changelog/64439.added.md
View file

@ -1 +0,0 @@
Added a script to automate setting up a 2nd minion in a user context on Windows

1
changelog/64442.fixed.md
View file

@ -1 +0,0 @@
Fix inconsistent use of args in ssh_auth.managed

1
changelog/64451.fixed.md
View file

@ -1 +0,0 @@
Ensure we raise an error when the name argument is invalid in pkgrepo.managed state for systems using apt.

1
changelog/64477.fixed.md
View file

@ -1 +0,0 @@
Fix file.symlink will not replace/update existing symlink

1
changelog/64514.fixed.md
View file

@ -1 +0,0 @@
Fixed salt-ssh state.* commands returning retcode 0 when state/pillar rendering fails

1
changelog/64516.fixed.md
View file

@ -1 +0,0 @@
Fix pkg.install when using a port in the url.

3
changelog/64519.fixed.md
View file

@ -1,3 +0,0 @@
`win_pkg` Fixes an issue runing `pkg.install` with `version=latest` where the
new installer would not be cached if there was already an installer present
with the same name.

1
changelog/64539.fixed.md
View file

@ -1 +0,0 @@
Added a `test:full` label in the salt repository, which, when selected, will force a full test run.

8
changelog/64547.added.md
View file

@ -1,8 +0,0 @@
Several fixes to the CI workflow:
* Don't override the `on` Jinja block on the `ci.yaml` template. This enables reacting to labels getting added/removed
to/from pull requests.
* Switch to using `tools` and re-use the event payload available instead of querying the GH API again to get the pull
request labels
* Concentrate test selection by labels to a single place
* Enable code coverage on pull-requests by setting the `test:coverage` label

1
changelog/64552.fixed.md
View file

@ -1 +0,0 @@
Syndic's async_req_channel uses the asynchornous version of request channel

1
changelog/64553.changed.md
View file

@ -1 +0,0 @@
Don't hardcode the python version on the Salt Package tests and on the `pkg/debian/salt-cloud.postinst` file

6
changelog/64553.removed.md
View file

@ -1,6 +0,0 @@
Handle deprecation warnings:
* Switch to `FullArgSpec` since Py 3.11 no longer has `ArgSpec`, deprecated since Py 3.0
* Stop using the deprecated `cgi` module
* Stop using the deprecated `pipes` module
* Stop using the deprecated `imp` module

5
changelog/64565.changed.md
View file

@ -1,5 +0,0 @@
Some more deprecated code fixes:
* Stop using the deprecated `locale.getdefaultlocale()` function
* Stop accessing deprecated attributes
* `pathlib.Path.__enter__()` usage is deprecated and not required, a no-op

1
changelog/64570.fixed.md
View file

@ -1 +0,0 @@
Ensure runners properly save information to job cache.

1
changelog/64572.fixed.md
View file

@ -1 +0,0 @@
Added salt.ufw to salt-master install on Debian and Ubuntu

10
changelog/64595.security.md
View file

@ -1,10 +0,0 @@
Upgrade to `cryptography==41.0.3`(and therefor `pyopenssl==23.2.0` due to https://github.com/advisories/GHSA-jm77-qphf-c4w8)
This only really impacts pip installs of Salt and the windows onedir since the linux and macos onedir build every package dependency from source, not from pre-existing wheels.
Also resolves the following cryptography advisories:
Due to:
* https://github.com/advisories/GHSA-5cpq-8wj7-hf2v
* https://github.com/advisories/GHSA-x4qr-2fvf-3mr5
* https://github.com/advisories/GHSA-w7pp-m8wf-vj6r

1
changelog/64622.fixed.md
View file

@ -1 +0,0 @@
Added support for Chocolatey 2.0.0+ while maintaining support for older versions

1
changelog/64625.fixed.md
View file

@ -1 +0,0 @@
Updated semanage fcontext to use --modify if context already exists when adding context

1
changelog/64627.fixed.md
View file

@ -1 +0,0 @@
Preserve request client socket between requests.

1
changelog/64651.fixed.md
View file

@ -1 +0,0 @@
Show user friendly message when pillars timeout

1
changelog/64653.fixed.md
View file

@ -1 +0,0 @@
File client timeouts durring jobs show user friendly errors instead of tracbacks

1
changelog/64657.changed.md
View file

@ -1 +0,0 @@
Bump to `pyyaml==6.0.1` due to https://github.com/yaml/pyyaml/issues/601 and address lint issues

1
changelog/64687.security.md
View file

@ -1 +0,0 @@
Bump to `aiohttp==3.8.5` due to https://github.com/advisories/GHSA-45c4-8wx5-qw6w

1
changelog/64718.security.md
View file

@ -1 +0,0 @@
Bump to `certifi==2023.07.22` due to https://github.com/advisories/GHSA-xqr8-7jwr-rhp7

3
changelog/64719.security.md
View file

@ -1,3 +0,0 @@
Upgrade `relenv` to `0.13.2` and Python to `3.10.12`
Addresses multiple CVEs in Python's dependencies: https://docs.python.org/release/3.10.12/whatsnew/changelog.html#python-3-10-12

1
changelog/64729.fixed.md
View file

@ -1 +0,0 @@
SaltClientError does not log a traceback on minions, we expect these to happen so a user friendly log is shown.

1
changelog/64877.fixed.md
View file

@ -1 +0,0 @@
Look in location salt is running from, this accounts for running from an unpacked onedir file that has not been installed.

2
changelog/64914.fixed.md
View file

@ -1,2 +0,0 @@
Preserve credentials on spawning platforms, minions no longer re-authenticate
with every job when using `multiprocessing=True`.

3
changelog/64957.fixed.md
View file

@ -1,3 +0,0 @@
Fixed uninstaller to not remove the `salt` directory by default. This allows
the `extras-3.##` folder to persist so salt-pip dependencies are not wiped out
during an upgrade.

1
changelog/64973.fixed.md
View file

@ -1 +0,0 @@
fix msteams by adding the missing header that Microsoft is now enforcing.

1
changelog/64988.security.md
View file

@ -1 +0,0 @@
Update to `gitpython>=3.1.32` due to https://github.com/advisories/GHSA-pr76-5cm5-w9cj

1
changelog/65002.fixed.md
View file

@ -1 +0,0 @@
Fix __env__ and improve cache cleaning see more info at pull #65017.

1
changelog/65020.fixed.md
View file

@ -1 +0,0 @@
Better error message on inconsistent decoded payload

1
changelog/65024.fixed.md
View file

@ -1 +0,0 @@
Handle permissions access error when calling `lsb_release` with the salt user

1
changelog/65033.fixed.md
View file

@ -1 +0,0 @@
Allow schedule state module to update schedule when the minion is offline.

1
changelog/65072.fixed.md
View file

@ -1 +0,0 @@
Fixed creation of wildcard DNS in SAN in `x509_v2`

1
changelog/65073.fixed.md
View file

@ -1 +0,0 @@
The macOS installer no longer removes the extras directory

2
doc/man/salt-api.1
View file

@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
..
.TH "SALT-API" "1" "Generated on August 09, 2023 at 12:02:24 PM UTC." "3006.2" "Salt"
.TH "SALT-API" "1" "Generated on September 06, 2023 at 04:52:57 PM UTC." "3006.3" "Salt"
.SH NAME
salt-api \- salt-api Command
.sp

2
doc/man/salt-call.1
View file

@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
..
.TH "SALT-CALL" "1" "Generated on August 09, 2023 at 12:02:24 PM UTC." "3006.2" "Salt"
.TH "SALT-CALL" "1" "Generated on September 06, 2023 at 04:52:57 PM UTC." "3006.3" "Salt"
.SH NAME
salt-call \- salt-call Documentation
.SH SYNOPSIS

2
doc/man/salt-cloud.1
View file

@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
..
.TH "SALT-CLOUD" "1" "Generated on August 09, 2023 at 12:02:24 PM UTC." "3006.2" "Salt"
.TH "SALT-CLOUD" "1" "Generated on September 06, 2023 at 04:52:57 PM UTC." "3006.3" "Salt"
.SH NAME
salt-cloud \- Salt Cloud Command
.sp

2
doc/man/salt-cp.1
View file

@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
..
.TH "SALT-CP" "1" "Generated on August 09, 2023 at 12:02:24 PM UTC." "3006.2" "Salt"
.TH "SALT-CP" "1" "Generated on September 06, 2023 at 04:52:57 PM UTC." "3006.3" "Salt"
.SH NAME
salt-cp \- salt-cp Documentation
.sp

2
doc/man/salt-key.1
View file

@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
..
.TH "SALT-KEY" "1" "Generated on August 09, 2023 at 12:02:24 PM UTC." "3006.2" "Salt"
.TH "SALT-KEY" "1" "Generated on September 06, 2023 at 04:52:57 PM UTC." "3006.3" "Salt"
.SH NAME
salt-key \- salt-key Documentation
.SH SYNOPSIS

2
doc/man/salt-master.1
View file

@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
..
.TH "SALT-MASTER" "1" "Generated on August 09, 2023 at 12:02:24 PM UTC." "3006.2" "Salt"
.TH "SALT-MASTER" "1" "Generated on September 06, 2023 at 04:52:57 PM UTC." "3006.3" "Salt"
.SH NAME
salt-master \- salt-master Documentation
.sp

2
doc/man/salt-minion.1
View file

@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
..
.TH "SALT-MINION" "1" "Generated on August 09, 2023 at 12:02:24 PM UTC." "3006.2" "Salt"
.TH "SALT-MINION" "1" "Generated on September 06, 2023 at 04:52:57 PM UTC." "3006.3" "Salt"
.SH NAME
salt-minion \- salt-minion Documentation
.sp

2
doc/man/salt-proxy.1
View file

@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
..
.TH "SALT-PROXY" "1" "Generated on August 09, 2023 at 12:02:24 PM UTC." "3006.2" "Salt"
.TH "SALT-PROXY" "1" "Generated on September 06, 2023 at 04:52:57 PM UTC." "3006.3" "Salt"
.SH NAME
salt-proxy \- salt-proxy Documentation
.sp

2
doc/man/salt-run.1
View file

@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
..
.TH "SALT-RUN" "1" "Generated on August 09, 2023 at 12:02:24 PM UTC." "3006.2" "Salt"
.TH "SALT-RUN" "1" "Generated on September 06, 2023 at 04:52:57 PM UTC." "3006.3" "Salt"
.SH NAME
salt-run \- salt-run Documentation
.sp

2
doc/man/salt-ssh.1
View file

@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
..
.TH "SALT-SSH" "1" "Generated on August 09, 2023 at 12:02:24 PM UTC." "3006.2" "Salt"
.TH "SALT-SSH" "1" "Generated on September 06, 2023 at 04:52:57 PM UTC." "3006.3" "Salt"
.SH NAME
salt-ssh \- salt-ssh Documentation
.SH SYNOPSIS

2
doc/man/salt-syndic.1
View file

@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
..
.TH "SALT-SYNDIC" "1" "Generated on August 09, 2023 at 12:02:24 PM UTC." "3006.2" "Salt"
.TH "SALT-SYNDIC" "1" "Generated on September 06, 2023 at 04:52:57 PM UTC." "3006.3" "Salt"
.SH NAME
salt-syndic \- salt-syndic Documentation
.sp

2
doc/man/salt.1
View file

@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
..
.TH "SALT" "1" "Generated on August 09, 2023 at 12:02:24 PM UTC." "3006.2" "Salt"
.TH "SALT" "1" "Generated on September 06, 2023 at 04:52:57 PM UTC." "3006.3" "Salt"
.SH NAME
salt \- salt
.SH SYNOPSIS

1596
doc/man/salt.7
View file

File diff suppressed because it is too large Load diff

2
doc/man/spm.1
View file

@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
..
.TH "SPM" "1" "Generated on August 09, 2023 at 12:02:24 PM UTC." "3006.2" "Salt"
.TH "SPM" "1" "Generated on September 06, 2023 at 04:52:57 PM UTC." "3006.3" "Salt"
.SH NAME
spm \- Salt Package Manager Command
.sp

161
doc/topics/releases/3006.3.md Normal file
View file

@ -0,0 +1,161 @@
(release-3006.3)=
# Salt 3006.3 release notes
<!---
Do not edit this file. This is auto generated.
Edit the templates in doc/topics/releases/templates/
for a given release.
-->
<!--
Add release specific details below
-->
<!--
Do not edit the changelog below.
This is auto generated.
-->
## Changelog
### Removed
- Fedora 36 support was removed because it reached EOL [#64315](https://github.com/saltstack/salt/issues/64315)
- Handle deprecation warnings:
* Switch to `FullArgSpec` since Py 3.11 no longer has `ArgSpec`, deprecated since Py 3.0
* Stop using the deprecated `cgi` module
* Stop using the deprecated `pipes` module
* Stop using the deprecated `imp` module [#64553](https://github.com/saltstack/salt/issues/64553)
### Changed
- Replace libnacl with PyNaCl [#64372](https://github.com/saltstack/salt/issues/64372)
- Don't hardcode the python version on the Salt Package tests and on the `pkg/debian/salt-cloud.postinst` file [#64553](https://github.com/saltstack/salt/issues/64553)
- Some more deprecated code fixes:
* Stop using the deprecated `locale.getdefaultlocale()` function
* Stop accessing deprecated attributes
* `pathlib.Path.__enter__()` usage is deprecated and not required, a no-op [#64565](https://github.com/saltstack/salt/issues/64565)
- Bump to `pyyaml==6.0.1` due to https://github.com/yaml/pyyaml/issues/601 and address lint issues [#64657](https://github.com/saltstack/salt/issues/64657)
### Fixed
- Fix for assume role when used salt-cloud to create aws ec2. [#52501](https://github.com/saltstack/salt/issues/52501)
- fixes aptpkg module by checking for blank comps. [#58667](https://github.com/saltstack/salt/issues/58667)
- `wheel.file_roots.find` is now able to find files in subdirectories of the roots. [#59800](https://github.com/saltstack/salt/issues/59800)
- pkg.latest no longer fails when multiple versions are reported to be installed (e.g. updating the kernel) [#60931](https://github.com/saltstack/salt/issues/60931)
- Do not update the credentials dictionary in `utils/aws.py` while iterating over it, and use the correct delete functionality [#61049](https://github.com/saltstack/salt/issues/61049)
- fixed runner not having a proper exit code when runner modules throw an exception. [#61173](https://github.com/saltstack/salt/issues/61173)
- `pip.list_all_versions` now works with `index_url` and `extra_index_url` [#61610](https://github.com/saltstack/salt/issues/61610)
- speed up file.recurse by using prefix with cp.list_master_dir and remove an un-needed loop. [#61998](https://github.com/saltstack/salt/issues/61998)
- Preserve test=True condition while running sub states. [#62590](https://github.com/saltstack/salt/issues/62590)
- Job returns are only sent to originating master [#62834](https://github.com/saltstack/salt/issues/62834)
- Fixes an issue with failing subsequent state runs with the lgpo state module.
The ``lgpo.get_polcy`` function now returns all boolean settings. [#63296](https://github.com/saltstack/salt/issues/63296)
- Fix SELinux get policy with trailing whitespace [#63336](https://github.com/saltstack/salt/issues/63336)
- Fixes an issue with boolean settings not being reported after being set. The
``lgpo.get_polcy`` function now returns all boolean settings. [#63473](https://github.com/saltstack/salt/issues/63473)
- Ensure body is returned when salt.utils.http returns something other than 200 with tornado backend. [#63557](https://github.com/saltstack/salt/issues/63557)
- Allow long running pillar and file client requests to finish using request_channel_timeout and request_channel_tries minion config. [#63824](https://github.com/saltstack/salt/issues/63824)
- Fix state_queue type checking to allow int values [#64122](https://github.com/saltstack/salt/issues/64122)
- Call global logger when catching pip.list exceptions in states.pip.installed
Rename global logger `log` to `logger` inside pip_state [#64169](https://github.com/saltstack/salt/issues/64169)
- Fixes permissions created by the Debian and RPM packages for the salt user.
The salt user created by the Debian and RPM packages to run the salt-master process, was previously given ownership of various directories in a way which compromised the benefits of running the salt-master process as a non-root user.
This fix sets the salt user to only have write access to those files and
directories required for the salt-master process to run. [#64193](https://github.com/saltstack/salt/issues/64193)
- Fix user.present state when groups is unset to ensure the groups are unchanged, as documented. [#64211](https://github.com/saltstack/salt/issues/64211)
- Fixes issue with MasterMinion class loading configuration from `/etc/salt/minion.d/*.conf.
The MasterMinion class (used for running orchestraions on master and other functionality) was incorrectly loading configuration from `/etc/salt/minion.d/*.conf`, when it should only load configuration from `/etc/salt/master` and `/etc/salt/master.d/*.conf`. [#64219](https://github.com/saltstack/salt/issues/64219)
- Fixed issue in mac_user.enable_auto_login that caused the user's keychain to be reset at each boot [#64226](https://github.com/saltstack/salt/issues/64226)
- Fixed KeyError in logs when running a state that fails. [#64231](https://github.com/saltstack/salt/issues/64231)
- Fixed x509_v2 `create_private_key`/`create_crl` unknown kwargs: __pub_fun... [#64232](https://github.com/saltstack/salt/issues/64232)
- remove the hard coded python version in error. [#64237](https://github.com/saltstack/salt/issues/64237)
- `salt-pip` now properly errors out when being called from a non `onedir` environment. [#64249](https://github.com/saltstack/salt/issues/64249)
- Ensure we return an error when adding the key fails in the pkgrepo state for debian hosts. [#64253](https://github.com/saltstack/salt/issues/64253)
- Fixed file client private attribute reference on `SaltMakoTemplateLookup` [#64280](https://github.com/saltstack/salt/issues/64280)
- Fix pkgrepo.absent failures on apt-based systems when repo either a) contains a
trailing slash, or b) there is an arch mismatch. [#64286](https://github.com/saltstack/salt/issues/64286)
- Fix detection of Salt codename by "salt_version" execution module [#64306](https://github.com/saltstack/salt/issues/64306)
- Ensure selinux values are handled lowercase [#64318](https://github.com/saltstack/salt/issues/64318)
- Remove the `clr.AddReference`, it is causing an `Illegal characters in path` exception [#64339](https://github.com/saltstack/salt/issues/64339)
- Update `pkg.group_installed` state to support repo options [#64348](https://github.com/saltstack/salt/issues/64348)
- Fix salt user login shell path in Debian packages [#64377](https://github.com/saltstack/salt/issues/64377)
- Allow for multiple user's keys presented when authenticating, for example: root, salt, etc. [#64398](https://github.com/saltstack/salt/issues/64398)
- Fixed an issue with ``lgpo_reg`` where existing entries for the same key in
``Registry.pol`` were being overwritten in subsequent runs if the value name in
the subesequent run was contained in the existing value name. For example, a
key named ``SetUpdateNotificationLevel`` would be overwritten by a subsequent
run attempting to set ``UpdateNotificationLevel`` [#64401](https://github.com/saltstack/salt/issues/64401)
- Add search for %ProgramData%\Chocolatey\choco.exe to determine if Chocolatey is installed or not [#64427](https://github.com/saltstack/salt/issues/64427)
- Fix regression for user.present on handling groups with dupe GIDs [#64430](https://github.com/saltstack/salt/issues/64430)
- Fix inconsistent use of args in ssh_auth.managed [#64442](https://github.com/saltstack/salt/issues/64442)
- Ensure we raise an error when the name argument is invalid in pkgrepo.managed state for systems using apt. [#64451](https://github.com/saltstack/salt/issues/64451)
- Fix file.symlink will not replace/update existing symlink [#64477](https://github.com/saltstack/salt/issues/64477)
- Fixed salt-ssh state.* commands returning retcode 0 when state/pillar rendering fails [#64514](https://github.com/saltstack/salt/issues/64514)
- Fix pkg.install when using a port in the url. [#64516](https://github.com/saltstack/salt/issues/64516)
- `win_pkg` Fixes an issue runing `pkg.install` with `version=latest` where the
new installer would not be cached if there was already an installer present
with the same name. [#64519](https://github.com/saltstack/salt/issues/64519)
- Added a `test:full` label in the salt repository, which, when selected, will force a full test run. [#64539](https://github.com/saltstack/salt/issues/64539)
- Syndic's async_req_channel uses the asynchornous version of request channel [#64552](https://github.com/saltstack/salt/issues/64552)
- Ensure runners properly save information to job cache. [#64570](https://github.com/saltstack/salt/issues/64570)
- Added salt.ufw to salt-master install on Debian and Ubuntu [#64572](https://github.com/saltstack/salt/issues/64572)
- Added support for Chocolatey 2.0.0+ while maintaining support for older versions [#64622](https://github.com/saltstack/salt/issues/64622)
- Updated semanage fcontext to use --modify if context already exists when adding context [#64625](https://github.com/saltstack/salt/issues/64625)
- Preserve request client socket between requests. [#64627](https://github.com/saltstack/salt/issues/64627)
- Show user friendly message when pillars timeout [#64651](https://github.com/saltstack/salt/issues/64651)
- File client timeouts durring jobs show user friendly errors instead of tracbacks [#64653](https://github.com/saltstack/salt/issues/64653)
- SaltClientError does not log a traceback on minions, we expect these to happen so a user friendly log is shown. [#64729](https://github.com/saltstack/salt/issues/64729)
- Look in location salt is running from, this accounts for running from an unpacked onedir file that has not been installed. [#64877](https://github.com/saltstack/salt/issues/64877)
- Preserve credentials on spawning platforms, minions no longer re-authenticate
with every job when using `multiprocessing=True`. [#64914](https://github.com/saltstack/salt/issues/64914)
- Fixed uninstaller to not remove the `salt` directory by default. This allows
the `extras-3.##` folder to persist so salt-pip dependencies are not wiped out
during an upgrade. [#64957](https://github.com/saltstack/salt/issues/64957)
- fix msteams by adding the missing header that Microsoft is now enforcing. [#64973](https://github.com/saltstack/salt/issues/64973)
- Fix __env__ and improve cache cleaning see more info at pull #65017. [#65002](https://github.com/saltstack/salt/issues/65002)
- Better error message on inconsistent decoded payload [#65020](https://github.com/saltstack/salt/issues/65020)
- Handle permissions access error when calling `lsb_release` with the salt user [#65024](https://github.com/saltstack/salt/issues/65024)
- Allow schedule state module to update schedule when the minion is offline. [#65033](https://github.com/saltstack/salt/issues/65033)
- Fixed creation of wildcard DNS in SAN in `x509_v2` [#65072](https://github.com/saltstack/salt/issues/65072)
- The macOS installer no longer removes the extras directory [#65073](https://github.com/saltstack/salt/issues/65073)
### Added
- Added a script to automate setting up a 2nd minion in a user context on Windows [#64439](https://github.com/saltstack/salt/issues/64439)
- Several fixes to the CI workflow:
* Don't override the `on` Jinja block on the `ci.yaml` template. This enables reacting to labels getting added/removed
to/from pull requests.
* Switch to using `tools` and re-use the event payload available instead of querying the GH API again to get the pull
request labels
* Concentrate test selection by labels to a single place
* Enable code coverage on pull-requests by setting the `test:coverage` label [#64547](https://github.com/saltstack/salt/issues/64547)
### Security
- Upgrade to `cryptography==41.0.3`(and therefor `pyopenssl==23.2.0` due to https://github.com/advisories/GHSA-jm77-qphf-c4w8)
This only really impacts pip installs of Salt and the windows onedir since the linux and macos onedir build every package dependency from source, not from pre-existing wheels.
Also resolves the following cryptography advisories:
Due to:
* https://github.com/advisories/GHSA-5cpq-8wj7-hf2v
* https://github.com/advisories/GHSA-x4qr-2fvf-3mr5
* https://github.com/advisories/GHSA-w7pp-m8wf-vj6r [#64595](https://github.com/saltstack/salt/issues/64595)
- Bump to `aiohttp==3.8.5` due to https://github.com/advisories/GHSA-45c4-8wx5-qw6w [#64687](https://github.com/saltstack/salt/issues/64687)
- Bump to `certifi==2023.07.22` due to https://github.com/advisories/GHSA-xqr8-7jwr-rhp7 [#64718](https://github.com/saltstack/salt/issues/64718)
- Upgrade `relenv` to `0.13.2` and Python to `3.10.12`
Addresses multiple CVEs in Python's dependencies: https://docs.python.org/release/3.10.12/whatsnew/changelog.html#python-3-10-12 [#64719](https://github.com/saltstack/salt/issues/64719)
- Update to `gitpython>=3.1.32` due to https://github.com/advisories/GHSA-pr76-5cm5-w9cj [#64988](https://github.com/saltstack/salt/issues/64988)

14
doc/topics/releases/templates/3006.3.md.template Normal file
View file

@ -0,0 +1,14 @@
(release-3006.3)=
# Salt 3006.3 release notes{{ unreleased }}
{{ warning }}
<!--
Add release specific details below
-->
<!--
Do not edit the changelog below.
This is auto generated.
-->
## Changelog
{{ changelog }}

144
pkg/debian/changelog
View file

@ -1,3 +1,147 @@
salt (3006.3) stable; urgency=medium
# Removed
* Fedora 36 support was removed because it reached EOL [#64315](https://github.com/saltstack/salt/issues/64315)
* Handle deprecation warnings:
* Switch to `FullArgSpec` since Py 3.11 no longer has `ArgSpec`, deprecated since Py 3.0
* Stop using the deprecated `cgi` module
* Stop using the deprecated `pipes` module
* Stop using the deprecated `imp` module [#64553](https://github.com/saltstack/salt/issues/64553)
# Changed
* Replace libnacl with PyNaCl [#64372](https://github.com/saltstack/salt/issues/64372)
* Don't hardcode the python version on the Salt Package tests and on the `pkg/debian/salt-cloud.postinst` file [#64553](https://github.com/saltstack/salt/issues/64553)
* Some more deprecated code fixes:
* Stop using the deprecated `locale.getdefaultlocale()` function
* Stop accessing deprecated attributes
* `pathlib.Path.__enter__()` usage is deprecated and not required, a no*op [#64565](https://github.com/saltstack/salt/issues/64565)
* Bump to `pyyaml==6.0.1` due to https://github.com/yaml/pyyaml/issues/601 and address lint issues [#64657](https://github.com/saltstack/salt/issues/64657)
# Fixed
* Fix for assume role when used salt-cloud to create aws ec2. [#52501](https://github.com/saltstack/salt/issues/52501)
* fixes aptpkg module by checking for blank comps. [#58667](https://github.com/saltstack/salt/issues/58667)
* `wheel.file_roots.find` is now able to find files in subdirectories of the roots. [#59800](https://github.com/saltstack/salt/issues/59800)
* pkg.latest no longer fails when multiple versions are reported to be installed (e.g. updating the kernel) [#60931](https://github.com/saltstack/salt/issues/60931)
* Do not update the credentials dictionary in `utils/aws.py` while iterating over it, and use the correct delete functionality [#61049](https://github.com/saltstack/salt/issues/61049)
* fixed runner not having a proper exit code when runner modules throw an exception. [#61173](https://github.com/saltstack/salt/issues/61173)
* `pip.list_all_versions` now works with `index_url` and `extra_index_url` [#61610](https://github.com/saltstack/salt/issues/61610)
* speed up file.recurse by using prefix with cp.list_master_dir and remove an un-needed loop. [#61998](https://github.com/saltstack/salt/issues/61998)
* Preserve test=True condition while running sub states. [#62590](https://github.com/saltstack/salt/issues/62590)
* Job returns are only sent to originating master [#62834](https://github.com/saltstack/salt/issues/62834)
* Fixes an issue with failing subsequent state runs with the lgpo state module.
The ``lgpo.get_polcy`` function now returns all boolean settings. [#63296](https://github.com/saltstack/salt/issues/63296)
* Fix SELinux get policy with trailing whitespace [#63336](https://github.com/saltstack/salt/issues/63336)
* Fixes an issue with boolean settings not being reported after being set. The
``lgpo.get_polcy`` function now returns all boolean settings. [#63473](https://github.com/saltstack/salt/issues/63473)
* Ensure body is returned when salt.utils.http returns something other than 200 with tornado backend. [#63557](https://github.com/saltstack/salt/issues/63557)
* Allow long running pillar and file client requests to finish using request_channel_timeout and request_channel_tries minion config. [#63824](https://github.com/saltstack/salt/issues/63824)
* Fix state_queue type checking to allow int values [#64122](https://github.com/saltstack/salt/issues/64122)
* Call global logger when catching pip.list exceptions in states.pip.installed
Rename global logger `log` to `logger` inside pip_state [#64169](https://github.com/saltstack/salt/issues/64169)
* Fixes permissions created by the Debian and RPM packages for the salt user.
The salt user created by the Debian and RPM packages to run the salt*master process, was previously given ownership of various directories in a way which compromised the benefits of running the salt-master process as a non-root user.
This fix sets the salt user to only have write access to those files and
directories required for the salt*master process to run. [#64193](https://github.com/saltstack/salt/issues/64193)
* Fix user.present state when groups is unset to ensure the groups are unchanged, as documented. [#64211](https://github.com/saltstack/salt/issues/64211)
* Fixes issue with MasterMinion class loading configuration from `/etc/salt/minion.d/*.conf.
The MasterMinion class (used for running orchestraions on master and other functionality) was incorrectly loading configuration from `/etc/salt/minion.d/*.conf`, when it should only load configuration from `/etc/salt/master` and `/etc/salt/master.d/*.conf`. [#64219](https://github.com/saltstack/salt/issues/64219)
* Fixed issue in mac_user.enable_auto_login that caused the user's keychain to be reset at each boot [#64226](https://github.com/saltstack/salt/issues/64226)
* Fixed KeyError in logs when running a state that fails. [#64231](https://github.com/saltstack/salt/issues/64231)
* Fixed x509_v2 `create_private_key`/`create_crl` unknown kwargs: __pub_fun... [#64232](https://github.com/saltstack/salt/issues/64232)
* remove the hard coded python version in error. [#64237](https://github.com/saltstack/salt/issues/64237)
* `salt-pip` now properly errors out when being called from a non `onedir` environment. [#64249](https://github.com/saltstack/salt/issues/64249)
* Ensure we return an error when adding the key fails in the pkgrepo state for debian hosts. [#64253](https://github.com/saltstack/salt/issues/64253)
* Fixed file client private attribute reference on `SaltMakoTemplateLookup` [#64280](https://github.com/saltstack/salt/issues/64280)
* Fix pkgrepo.absent failures on apt-based systems when repo either a) contains a
trailing slash, or b) there is an arch mismatch. [#64286](https://github.com/saltstack/salt/issues/64286)
* Fix detection of Salt codename by "salt_version" execution module [#64306](https://github.com/saltstack/salt/issues/64306)
* Ensure selinux values are handled lowercase [#64318](https://github.com/saltstack/salt/issues/64318)
* Remove the `clr.AddReference`, it is causing an `Illegal characters in path` exception [#64339](https://github.com/saltstack/salt/issues/64339)
* Update `pkg.group_installed` state to support repo options [#64348](https://github.com/saltstack/salt/issues/64348)
* Fix salt user login shell path in Debian packages [#64377](https://github.com/saltstack/salt/issues/64377)
* Allow for multiple user's keys presented when authenticating, for example: root, salt, etc. [#64398](https://github.com/saltstack/salt/issues/64398)
* Fixed an issue with ``lgpo_reg`` where existing entries for the same key in
``Registry.pol`` were being overwritten in subsequent runs if the value name in
the subesequent run was contained in the existing value name. For example, a
key named ``SetUpdateNotificationLevel`` would be overwritten by a subsequent
run attempting to set ``UpdateNotificationLevel`` [#64401](https://github.com/saltstack/salt/issues/64401)
* Add search for %ProgramData%\Chocolatey\choco.exe to determine if Chocolatey is installed or not [#64427](https://github.com/saltstack/salt/issues/64427)
* Fix regression for user.present on handling groups with dupe GIDs [#64430](https://github.com/saltstack/salt/issues/64430)
* Fix inconsistent use of args in ssh_auth.managed [#64442](https://github.com/saltstack/salt/issues/64442)
* Ensure we raise an error when the name argument is invalid in pkgrepo.managed state for systems using apt. [#64451](https://github.com/saltstack/salt/issues/64451)
* Fix file.symlink will not replace/update existing symlink [#64477](https://github.com/saltstack/salt/issues/64477)
* Fixed salt-ssh state.* commands returning retcode 0 when state/pillar rendering fails [#64514](https://github.com/saltstack/salt/issues/64514)
* Fix pkg.install when using a port in the url. [#64516](https://github.com/saltstack/salt/issues/64516)
* `win_pkg` Fixes an issue runing `pkg.install` with `version=latest` where the
new installer would not be cached if there was already an installer present
with the same name. [#64519](https://github.com/saltstack/salt/issues/64519)
* Added a `test:full` label in the salt repository, which, when selected, will force a full test run. [#64539](https://github.com/saltstack/salt/issues/64539)
* Syndic's async_req_channel uses the asynchornous version of request channel [#64552](https://github.com/saltstack/salt/issues/64552)
* Ensure runners properly save information to job cache. [#64570](https://github.com/saltstack/salt/issues/64570)
* Added salt.ufw to salt-master install on Debian and Ubuntu [#64572](https://github.com/saltstack/salt/issues/64572)
* Added support for Chocolatey 2.0.0+ while maintaining support for older versions [#64622](https://github.com/saltstack/salt/issues/64622)
* Updated semanage fcontext to use --modify if context already exists when adding context [#64625](https://github.com/saltstack/salt/issues/64625)
* Preserve request client socket between requests. [#64627](https://github.com/saltstack/salt/issues/64627)
* Show user friendly message when pillars timeout [#64651](https://github.com/saltstack/salt/issues/64651)
* File client timeouts durring jobs show user friendly errors instead of tracbacks [#64653](https://github.com/saltstack/salt/issues/64653)
* SaltClientError does not log a traceback on minions, we expect these to happen so a user friendly log is shown. [#64729](https://github.com/saltstack/salt/issues/64729)
* Look in location salt is running from, this accounts for running from an unpacked onedir file that has not been installed. [#64877](https://github.com/saltstack/salt/issues/64877)
* Preserve credentials on spawning platforms, minions no longer re-authenticate
with every job when using `multiprocessing=True`. [#64914](https://github.com/saltstack/salt/issues/64914)
* Fixed uninstaller to not remove the `salt` directory by default. This allows
the `extras*3.##` folder to persist so salt-pip dependencies are not wiped out
during an upgrade. [#64957](https://github.com/saltstack/salt/issues/64957)
* fix msteams by adding the missing header that Microsoft is now enforcing. [#64973](https://github.com/saltstack/salt/issues/64973)
* Fix __env__ and improve cache cleaning see more info at pull #65017. [#65002](https://github.com/saltstack/salt/issues/65002)
* Better error message on inconsistent decoded payload [#65020](https://github.com/saltstack/salt/issues/65020)
* Handle permissions access error when calling `lsb_release` with the salt user [#65024](https://github.com/saltstack/salt/issues/65024)
* Allow schedule state module to update schedule when the minion is offline. [#65033](https://github.com/saltstack/salt/issues/65033)
* Fixed creation of wildcard DNS in SAN in `x509_v2` [#65072](https://github.com/saltstack/salt/issues/65072)
* The macOS installer no longer removes the extras directory [#65073](https://github.com/saltstack/salt/issues/65073)
# Added
* Added a script to automate setting up a 2nd minion in a user context on Windows [#64439](https://github.com/saltstack/salt/issues/64439)
* Several fixes to the CI workflow:
* Don't override the `on` Jinja block on the `ci.yaml` template. This enables reacting to labels getting added/removed
to/from pull requests.
* Switch to using `tools` and re*use the event payload available instead of querying the GH API again to get the pull
request labels
* Concentrate test selection by labels to a single place
* Enable code coverage on pull*requests by setting the `test:coverage` label [#64547](https://github.com/saltstack/salt/issues/64547)
# Security
* Upgrade to `cryptography==41.0.3`(and therefor `pyopenssl==23.2.0` due to https://github.com/advisories/GHSA-jm77-qphf-c4w8)
This only really impacts pip installs of Salt and the windows onedir since the linux and macos onedir build every package dependency from source, not from pre*existing wheels.
Also resolves the following cryptography advisories:
Due to:
* https://github.com/advisories/GHSA*5cpq-8wj7-hf2v
* https://github.com/advisories/GHSA*x4qr-2fvf-3mr5
* https://github.com/advisories/GHSA*w7pp-m8wf-vj6r [#64595](https://github.com/saltstack/salt/issues/64595)
* Bump to `aiohttp==3.8.5` due to https://github.com/advisories/GHSA-45c4-8wx5-qw6w [#64687](https://github.com/saltstack/salt/issues/64687)
* Bump to `certifi==2023.07.22` due to https://github.com/advisories/GHSA-xqr8-7jwr-rhp7 [#64718](https://github.com/saltstack/salt/issues/64718)
* Upgrade `relenv` to `0.13.2` and Python to `3.10.12`
Addresses multiple CVEs in Python's dependencies: https://docs.python.org/release/3.10.12/whatsnew/changelog.html#python*3-10-12 [#64719](https://github.com/saltstack/salt/issues/64719)
* Update to `gitpython>=3.1.32` due to https://github.com/advisories/GHSA-pr76-5cm5-w9cj [#64988](https://github.com/saltstack/salt/issues/64988)
-- Salt Project Packaging <saltproject-packaging@vmware.com> Wed, 06 Sep 2023 16:51:25 +0000
salt (3006.2) stable; urgency=medium

143
pkg/rpm/salt.spec
View file

@ -31,7 +31,7 @@
%define fish_dir %{_datadir}/fish/vendor_functions.d
Name: salt
Version: 3006.2
Version: 3006.3
Release: 0
Summary: A parallel remote execution system
Group: System Environment/Daemons
@ -563,6 +563,147 @@ fi
%changelog
* Wed Sep 06 2023 Salt Project Packaging <saltproject-packaging@vmware.com> - 3006.3
# Removed
- Fedora 36 support was removed because it reached EOL [#64315](https://github.com/saltstack/salt/issues/64315)
- Handle deprecation warnings:
* Switch to `FullArgSpec` since Py 3.11 no longer has `ArgSpec`, deprecated since Py 3.0
* Stop using the deprecated `cgi` module
* Stop using the deprecated `pipes` module
* Stop using the deprecated `imp` module [#64553](https://github.com/saltstack/salt/issues/64553)
# Changed
- Replace libnacl with PyNaCl [#64372](https://github.com/saltstack/salt/issues/64372)
- Don't hardcode the python version on the Salt Package tests and on the `pkg/debian/salt-cloud.postinst` file [#64553](https://github.com/saltstack/salt/issues/64553)
- Some more deprecated code fixes:
* Stop using the deprecated `locale.getdefaultlocale()` function
* Stop accessing deprecated attributes
* `pathlib.Path.__enter__()` usage is deprecated and not required, a no-op [#64565](https://github.com/saltstack/salt/issues/64565)
- Bump to `pyyaml==6.0.1` due to https://github.com/yaml/pyyaml/issues/601 and address lint issues [#64657](https://github.com/saltstack/salt/issues/64657)
# Fixed
- Fix for assume role when used salt-cloud to create aws ec2. [#52501](https://github.com/saltstack/salt/issues/52501)
- fixes aptpkg module by checking for blank comps. [#58667](https://github.com/saltstack/salt/issues/58667)
- `wheel.file_roots.find` is now able to find files in subdirectories of the roots. [#59800](https://github.com/saltstack/salt/issues/59800)
- pkg.latest no longer fails when multiple versions are reported to be installed (e.g. updating the kernel) [#60931](https://github.com/saltstack/salt/issues/60931)
- Do not update the credentials dictionary in `utils/aws.py` while iterating over it, and use the correct delete functionality [#61049](https://github.com/saltstack/salt/issues/61049)
- fixed runner not having a proper exit code when runner modules throw an exception. [#61173](https://github.com/saltstack/salt/issues/61173)
- `pip.list_all_versions` now works with `index_url` and `extra_index_url` [#61610](https://github.com/saltstack/salt/issues/61610)
- speed up file.recurse by using prefix with cp.list_master_dir and remove an un-needed loop. [#61998](https://github.com/saltstack/salt/issues/61998)
- Preserve test=True condition while running sub states. [#62590](https://github.com/saltstack/salt/issues/62590)
- Job returns are only sent to originating master [#62834](https://github.com/saltstack/salt/issues/62834)
- Fixes an issue with failing subsequent state runs with the lgpo state module.
The ``lgpo.get_polcy`` function now returns all boolean settings. [#63296](https://github.com/saltstack/salt/issues/63296)
- Fix SELinux get policy with trailing whitespace [#63336](https://github.com/saltstack/salt/issues/63336)
- Fixes an issue with boolean settings not being reported after being set. The
``lgpo.get_polcy`` function now returns all boolean settings. [#63473](https://github.com/saltstack/salt/issues/63473)
- Ensure body is returned when salt.utils.http returns something other than 200 with tornado backend. [#63557](https://github.com/saltstack/salt/issues/63557)
- Allow long running pillar and file client requests to finish using request_channel_timeout and request_channel_tries minion config. [#63824](https://github.com/saltstack/salt/issues/63824)
- Fix state_queue type checking to allow int values [#64122](https://github.com/saltstack/salt/issues/64122)
- Call global logger when catching pip.list exceptions in states.pip.installed
Rename global logger `log` to `logger` inside pip_state [#64169](https://github.com/saltstack/salt/issues/64169)
- Fixes permissions created by the Debian and RPM packages for the salt user.
The salt user created by the Debian and RPM packages to run the salt-master process, was previously given ownership of various directories in a way which compromised the benefits of running the salt-master process as a non-root user.
This fix sets the salt user to only have write access to those files and
directories required for the salt-master process to run. [#64193](https://github.com/saltstack/salt/issues/64193)
- Fix user.present state when groups is unset to ensure the groups are unchanged, as documented. [#64211](https://github.com/saltstack/salt/issues/64211)
- Fixes issue with MasterMinion class loading configuration from `/etc/salt/minion.d/*.conf.
The MasterMinion class (used for running orchestraions on master and other functionality) was incorrectly loading configuration from `/etc/salt/minion.d/*.conf`, when it should only load configuration from `/etc/salt/master` and `/etc/salt/master.d/*.conf`. [#64219](https://github.com/saltstack/salt/issues/64219)
- Fixed issue in mac_user.enable_auto_login that caused the user's keychain to be reset at each boot [#64226](https://github.com/saltstack/salt/issues/64226)
- Fixed KeyError in logs when running a state that fails. [#64231](https://github.com/saltstack/salt/issues/64231)
- Fixed x509_v2 `create_private_key`/`create_crl` unknown kwargs: __pub_fun... [#64232](https://github.com/saltstack/salt/issues/64232)
- remove the hard coded python version in error. [#64237](https://github.com/saltstack/salt/issues/64237)
- `salt-pip` now properly errors out when being called from a non `onedir` environment. [#64249](https://github.com/saltstack/salt/issues/64249)
- Ensure we return an error when adding the key fails in the pkgrepo state for debian hosts. [#64253](https://github.com/saltstack/salt/issues/64253)
- Fixed file client private attribute reference on `SaltMakoTemplateLookup` [#64280](https://github.com/saltstack/salt/issues/64280)
- Fix pkgrepo.absent failures on apt-based systems when repo either a) contains a
trailing slash, or b) there is an arch mismatch. [#64286](https://github.com/saltstack/salt/issues/64286)
- Fix detection of Salt codename by "salt_version" execution module [#64306](https://github.com/saltstack/salt/issues/64306)
- Ensure selinux values are handled lowercase [#64318](https://github.com/saltstack/salt/issues/64318)
- Remove the `clr.AddReference`, it is causing an `Illegal characters in path` exception [#64339](https://github.com/saltstack/salt/issues/64339)
- Update `pkg.group_installed` state to support repo options [#64348](https://github.com/saltstack/salt/issues/64348)
- Fix salt user login shell path in Debian packages [#64377](https://github.com/saltstack/salt/issues/64377)
- Allow for multiple user's keys presented when authenticating, for example: root, salt, etc. [#64398](https://github.com/saltstack/salt/issues/64398)
- Fixed an issue with ``lgpo_reg`` where existing entries for the same key in
``Registry.pol`` were being overwritten in subsequent runs if the value name in
the subesequent run was contained in the existing value name. For example, a
key named ``SetUpdateNotificationLevel`` would be overwritten by a subsequent
run attempting to set ``UpdateNotificationLevel`` [#64401](https://github.com/saltstack/salt/issues/64401)
- Add search for %ProgramData%\Chocolatey\choco.exe to determine if Chocolatey is installed or not [#64427](https://github.com/saltstack/salt/issues/64427)
- Fix regression for user.present on handling groups with dupe GIDs [#64430](https://github.com/saltstack/salt/issues/64430)
- Fix inconsistent use of args in ssh_auth.managed [#64442](https://github.com/saltstack/salt/issues/64442)
- Ensure we raise an error when the name argument is invalid in pkgrepo.managed state for systems using apt. [#64451](https://github.com/saltstack/salt/issues/64451)
- Fix file.symlink will not replace/update existing symlink [#64477](https://github.com/saltstack/salt/issues/64477)
- Fixed salt-ssh state.* commands returning retcode 0 when state/pillar rendering fails [#64514](https://github.com/saltstack/salt/issues/64514)
- Fix pkg.install when using a port in the url. [#64516](https://github.com/saltstack/salt/issues/64516)
- `win_pkg` Fixes an issue runing `pkg.install` with `version=latest` where the
new installer would not be cached if there was already an installer present
with the same name. [#64519](https://github.com/saltstack/salt/issues/64519)
- Added a `test:full` label in the salt repository, which, when selected, will force a full test run. [#64539](https://github.com/saltstack/salt/issues/64539)
- Syndic's async_req_channel uses the asynchornous version of request channel [#64552](https://github.com/saltstack/salt/issues/64552)
- Ensure runners properly save information to job cache. [#64570](https://github.com/saltstack/salt/issues/64570)
- Added salt.ufw to salt-master install on Debian and Ubuntu [#64572](https://github.com/saltstack/salt/issues/64572)
- Added support for Chocolatey 2.0.0+ while maintaining support for older versions [#64622](https://github.com/saltstack/salt/issues/64622)
- Updated semanage fcontext to use --modify if context already exists when adding context [#64625](https://github.com/saltstack/salt/issues/64625)
- Preserve request client socket between requests. [#64627](https://github.com/saltstack/salt/issues/64627)
- Show user friendly message when pillars timeout [#64651](https://github.com/saltstack/salt/issues/64651)
- File client timeouts durring jobs show user friendly errors instead of tracbacks [#64653](https://github.com/saltstack/salt/issues/64653)
- SaltClientError does not log a traceback on minions, we expect these to happen so a user friendly log is shown. [#64729](https://github.com/saltstack/salt/issues/64729)
- Look in location salt is running from, this accounts for running from an unpacked onedir file that has not been installed. [#64877](https://github.com/saltstack/salt/issues/64877)
- Preserve credentials on spawning platforms, minions no longer re-authenticate
with every job when using `multiprocessing=True`. [#64914](https://github.com/saltstack/salt/issues/64914)
- Fixed uninstaller to not remove the `salt` directory by default. This allows
the `extras-3.##` folder to persist so salt-pip dependencies are not wiped out
during an upgrade. [#64957](https://github.com/saltstack/salt/issues/64957)
- fix msteams by adding the missing header that Microsoft is now enforcing. [#64973](https://github.com/saltstack/salt/issues/64973)
- Fix __env__ and improve cache cleaning see more info at pull #65017. [#65002](https://github.com/saltstack/salt/issues/65002)
- Better error message on inconsistent decoded payload [#65020](https://github.com/saltstack/salt/issues/65020)
- Handle permissions access error when calling `lsb_release` with the salt user [#65024](https://github.com/saltstack/salt/issues/65024)
- Allow schedule state module to update schedule when the minion is offline. [#65033](https://github.com/saltstack/salt/issues/65033)
- Fixed creation of wildcard DNS in SAN in `x509_v2` [#65072](https://github.com/saltstack/salt/issues/65072)
- The macOS installer no longer removes the extras directory [#65073](https://github.com/saltstack/salt/issues/65073)
# Added
- Added a script to automate setting up a 2nd minion in a user context on Windows [#64439](https://github.com/saltstack/salt/issues/64439)
- Several fixes to the CI workflow:
* Don't override the `on` Jinja block on the `ci.yaml` template. This enables reacting to labels getting added/removed
to/from pull requests.
* Switch to using `tools` and re-use the event payload available instead of querying the GH API again to get the pull
request labels
* Concentrate test selection by labels to a single place
* Enable code coverage on pull-requests by setting the `test:coverage` label [#64547](https://github.com/saltstack/salt/issues/64547)
# Security
- Upgrade to `cryptography==41.0.3`(and therefor `pyopenssl==23.2.0` due to https://github.com/advisories/GHSA-jm77-qphf-c4w8)
This only really impacts pip installs of Salt and the windows onedir since the linux and macos onedir build every package dependency from source, not from pre-existing wheels.
Also resolves the following cryptography advisories:
Due to:
* https://github.com/advisories/GHSA-5cpq-8wj7-hf2v
* https://github.com/advisories/GHSA-x4qr-2fvf-3mr5
* https://github.com/advisories/GHSA-w7pp-m8wf-vj6r [#64595](https://github.com/saltstack/salt/issues/64595)
- Bump to `aiohttp==3.8.5` due to https://github.com/advisories/GHSA-45c4-8wx5-qw6w [#64687](https://github.com/saltstack/salt/issues/64687)
- Bump to `certifi==2023.07.22` due to https://github.com/advisories/GHSA-xqr8-7jwr-rhp7 [#64718](https://github.com/saltstack/salt/issues/64718)
- Upgrade `relenv` to `0.13.2` and Python to `3.10.12`
Addresses multiple CVEs in Python's dependencies: https://docs.python.org/release/3.10.12/whatsnew/changelog.html#python-3-10-12 [#64719](https://github.com/saltstack/salt/issues/64719)
- Update to `gitpython>=3.1.32` due to https://github.com/advisories/GHSA-pr76-5cm5-w9cj [#64988](https://github.com/saltstack/salt/issues/64988)
* Wed Aug 09 2023 Salt Project Packaging <saltproject-packaging@vmware.com> - 3006.2
# Fixed