saltstack/salt
1
0
Fork 0
mirror of https://github.com/saltstack/salt.git synced 2025-04-17 10:10:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Merge pull request #39048 from rallytime/merge-2016.11

Browse source 
[2016.11] Merge forward from 2016.3 to 2016.11
This commit is contained in:
Nicole Thomas 2017-01-31 08:55:48 -07:00 committed by GitHub
commit 88b171f863
6 changed files with 59 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

20
doc/topics/releases/2015.8.13.rst
View file

@ -5,6 +5,26 @@ Salt 2015.8.13 Release Notes
Version 2015.8.13 is a bugfix release for :ref:`2015.8.0 <release-2015-8-0>`.
Security Fixes
==============
CVE-2017-5192: local_batch client external authentication not respected
The ``LocalClient.cmd_batch()`` method client does not accept ``external_auth``
credentials and so access to it from salt-api has been removed for now. This
vulnerability allows code execution for already-authenticated users and is only
in effect when running salt-api as the ``root`` user.
CVE-2017-5200: Salt-api allows arbitrary command execution on a salt-master via
Salt's ssh_client
Users of Salt-API and salt-ssh could execute a command on the salt master via a
hole when both systems were enabled.
We recommend everyone on the 2015.8 branch upgrade to a patched release as soon
as possible.
Changes for v2015.8.12..v2015.8.13
----------------------------------

5
doc/topics/releases/2015.8.14.rst Normal file
View file

@ -0,0 +1,5 @@
============================
Salt 2015.8.14 Release Notes
============================
Version 2015.8.14 is a bugfix release for :ref:`2015.8.0 <release-2015-8-0>`.

22
doc/topics/releases/2016.3.5.rst
View file

@ -5,6 +5,26 @@ Salt 2016.3.5 Release Notes
Version 2016.3.5 is a bugfix release for :ref:`2016.3.0 <release-2016-3-0>`.
Security Fixes
==============
CVE-2017-5192: local_batch client external authentication not respected
The ``LocalClient.cmd_batch()`` method client does not accept ``external_auth``
credentials and so access to it from salt-api has been removed for now. This
vulnerability allows code execution for already-authenticated users and is only
in effect when running salt-api as the ``root`` user.
CVE-2017-5200: Salt-api allows arbitrary command execution on a salt-master via
Salt's ssh_client
Users of Salt-API and salt-ssh could execute a command on the salt master via a
hole when both systems were enabled.
We recommend everyone on the 2016.3 branch upgrade to a patched release as soon
as possible.
Improved Checksum Handling in :py:func:`file.managed <salt.states.file.managed>`, :py:func:`archive.extracted <salt.states.archive.extracted>` States
-----------------------------------------------------------------------------------------------------------------------------------------------------
@ -21,7 +41,7 @@ A more detailed explanation of this functionality can be found in the
section for the new ``source_hash_name`` argument.
Changes for v2016.3.4..v2016.3.5
--------------------------------------
--------------------------------
Extended changelog courtesy of Todd Stansell (https://github.com/tjstansell/salt-changelogs):

5
doc/topics/releases/saltapi/2016.3.6.rst Normal file
View file

@ -0,0 +1,5 @@
===========================
Salt 2016.3.6 Release Notes
===========================
Version 2016.3.6 is a bugfix release for :ref:`2016.3.0 <release-2016-3-0>`.

5
salt/modules/grains.py
View file

@ -91,7 +91,9 @@ def get(key, default='', delimiter=DEFAULT_TARGET_DELIM, ordered=True):
:param delimiter:
Specify an alternate delimiter to use when traversing a nested dict
Specify an alternate delimiter to use when traversing a nested dict.
This is useful for when the desired key contains a colon. See CLI
example below for usage.
.. versionadded:: 2014.7.0
@ -105,6 +107,7 @@ def get(key, default='', delimiter=DEFAULT_TARGET_DELIM, ordered=True):
.. code-block:: bash
salt '*' grains.get pkg:apache
salt '*' grains.get abc::def|ghi delimiter='|'
'''
if ordered is True:
grains = __grains__

5
salt/modules/pillar.py
View file

@ -55,7 +55,9 @@ def get(key,
.. versionadded:: 2014.7.0
delimiter
Specify an alternate delimiter to use when traversing a nested dict
Specify an alternate delimiter to use when traversing a nested dict.
This is useful for when the desired key contains a colon. See CLI
example below for usage.
.. versionadded:: 2014.7.0
@ -80,6 +82,7 @@ def get(key,
.. code-block:: bash
salt '*' pillar.get pkg:apache
salt '*' pillar.get abc::def|ghi delimiter='|'
'''
if not __opts__.get('pillar_raise_on_missing'):
if default is KeyError: