Merge 3006.x into master

2025-04-17 10:10:20 +00:00 · 2023-03-22 15:09:39 +00:00 · 2023-03-22 15:09:39 +00:00 · d86d7338d8
commit d86d7338d8
parent b6b6ccde7b e9ce7a60a5
106 changed files with 3633 additions and 1088 deletions
--- a/.github/actions/build-onedir-deps/action.yml
+++ b/.github/actions/build-onedir-deps/action.yml
@ -43,37 +43,11 @@ runs:
        path: artifacts/${{ inputs.package-name }}
        key: ${{ inputs.cache-prefix }}|${{ inputs.python-version }}|deps|${{ inputs.platform }}|${{ inputs.arch }}|${{ inputs.package-name }}|${{ hashFiles(format('{0}/.relenv/**/*.xz', github.workspace), 'requirements/static/pkg/*/*.txt', '.github/actions/build-onedir-deps/action.yml') }}

-    - name: Create Onedir Directory
-      shell: bash
-      if: steps.onedir-pkg-cache.outputs.cache-hit != 'true'
-      run: |
-        python3 -c "import os; os.makedirs('artifacts', exist_ok=True)"
-        python3 -m relenv create --arch=${{ inputs.arch }} --python=${{ inputs.python-version }} artifacts/${{ inputs.package-name }}
-
-    - name: Get Ondir Python Version
-      id: get-python-version
-      if: steps.onedir-pkg-cache.outputs.cache-hit != 'true'
-      uses: ./.github/actions/get-python-version
-      with:
-        python-binary: artifacts/${{ inputs.package-name }}/${{ inputs.platform == 'windows' && 'Scripts/python' || 'bin/python3' }}
-
-    - name: Install Wheel & Upgrade Setuptools & Pip
-      shell: bash
-      if: steps.onedir-pkg-cache.outputs.cache-hit != 'true'
-      run: |
-        ${{ steps.get-python-version.outputs.binary }} -m pip install -U "wheel"
-        ${{ steps.get-python-version.outputs.binary }} -m pip install -U "pip>=22.3.1,<23.0"
-        ${{ steps.get-python-version.outputs.binary }} -m pip install -U "setuptools>=65.6.3,<66"
-
    - name: Install Salt Onedir Package Dependencies
      shell: bash
      if: steps.onedir-pkg-cache.outputs.cache-hit != 'true'
      run: |
-        if [ "${{ inputs.platform }}" != "windows" ]; then
-          ${{ steps.get-python-version.outputs.binary }} -m pip install -r requirements/static/pkg/py${{ steps.get-python-version.outputs.version }}/${{ inputs.platform }}.txt --no-binary=':all:'
-        else
-          ${{ steps.get-python-version.outputs.binary }} -m pip install -r requirements/static/pkg/py${{ steps.get-python-version.outputs.version }}/${{ inputs.platform }}.txt
-        fi
+        tools pkg build onedir-dependencies --arch ${{ inputs.arch }} --python-version ${{ inputs.python-version }} --package-name ${{ inputs.package-name }} --platform ${{ inputs.platform }}

    - name: Cleanup Salt Onedir Directory
      shell: bash
--- a/.github/actions/build-onedir-salt/action.yml
+++ b/.github/actions/build-onedir-salt/action.yml
@ -53,30 +53,9 @@ runs:
        name: salt-${{ inputs.salt-version }}.tar.gz

    - name: Install Salt Into Onedir
-      if: ${{ inputs.platform != 'windows' }}
-      env:
-        USE_STATIC_REQUIREMENTS: "1"
-        RELENV_PIP_DIR: "1"
      shell: bash
      run: |
-        artifacts/${{ inputs.package-name }}/bin/python3 -m pip install salt-${{ inputs.salt-version }}.tar.gz
-        if [ ${{ inputs.platform }} == "darwin" ]; then
-          pkg/macos/prep_salt.sh --build-dir ./artifacts/${{ inputs.package-name }}
-          rm -rf ./artifacts/${{ inputs.package-name }}/opt
-          rm -rf ./artifacts/${{ inputs.package-name }}/etc
-          rm -rf ./artifacts/${{ inputs.package-name }}/Library
-        fi
-
-    - name: Install Salt Into Onedir (Windows)
-      if: ${{ inputs.platform == 'windows' }}
-      env:
-        USE_STATIC_REQUIREMENTS: "1"
-      shell: powershell
-      run: |
-        # install salt
-        pkg\windows\install_salt.cmd -BuildDir ".\artifacts\${{ inputs.package-name }}" -CICD -SourceTarball salt-${{ inputs.salt-version }}.tar.gz
-        # prep salt
-        pkg\windows\prep_salt.cmd -BuildDir ".\artifacts\${{ inputs.package-name }}" -CICD
+        tools pkg build salt-onedir salt-${{ inputs.salt-version }}.tar.gz --platform ${{ inputs.platform }} --package-name ${{ inputs.package-name }}

    - name: Cleanup Salt Onedir Directory
      shell: bash
--- a/.github/actions/build-source-tarball/action.yml
+++ b/.github/actions/build-source-tarball/action.yml
@ -32,14 +32,12 @@ runs:
    - name: Configure Git
      shell: bash
      run: |
-        git config --global user.name "Salt Project Packaging"
-        git config --global user.email saltproject-packaging@vmware.com
+        tools pkg configure-git

    - name: Apply Release Patch
      shell: bash
      run: |
-        git am --committer-date-is-author-date salt-${{ inputs.salt-version }}.patch
-        rm salt-${{ inputs.salt-version }}.patch
+        tools pkg apply-release-patch salt-${{ inputs.salt-version }}.patch --delete

    - name: Create Source Tarball
      shell: bash
--- a/.github/actions/setup-python-tools-scripts/action.yml
+++ b/.github/actions/setup-python-tools-scripts/action.yml
@ -2,6 +2,12 @@
 name: setup-python-tools-scripts
 description: Setup 'python-tools-scripts'

+inputs:
+  cwd:
+    type: string
+    description: The directory the salt checkout is located in
+    default: "."
+
 outputs:
  version:
    value: ${{ steps.get-version.outputs.version }}
@ -25,12 +31,14 @@ runs:

    - name: Install 'python-tools-scripts'
      shell: bash
+      working-directory: ${{ inputs.cwd }}
      run: |
        python3 -m pip install -r requirements/static/ci/py${{ steps.get-python-version.outputs.version }}/tools.txt

    - name: Get 'python-tools-scripts' Version
      id: get-version
      shell: bash
+      working-directory: ${{ inputs.cwd }}
      run: |
        VERSION=$(tools --version)
        echo "version=$VERSION" >> "${GITHUB_OUTPUT}"
--- a/.github/actions/setup-relenv/action.yml
+++ b/.github/actions/setup-relenv/action.yml
@ -22,7 +22,7 @@ inputs:
    required: false
    type: string
    description: The version of relenv to use
-    default: 0.6.0
+    default: 0.9.0

 outputs:
  version:
--- a/.github/workflows/build-deb-packages.yml
+++ b/.github/workflows/build-deb-packages.yml
@ -27,7 +27,12 @@ jobs:
      image: ghcr.io/saltstack/salt-ci-containers/packaging:debian-11

    steps:
+      # Checkout here so we can easily use custom actions
      - uses: actions/checkout@v3
+
+      # Checkout here for the build process
+      - name: Checkout in build directory
+        uses: actions/checkout@v3
        with:
          path:
            pkgs/checkout/
@ -38,38 +43,38 @@ jobs:
          name: salt-${{ inputs.salt-version }}-onedir-linux-${{ matrix.arch }}.tar.xz
          path: pkgs/checkout/artifacts/

-      - name: Download System Dependencies
-        run: |
-          apt update
-          apt install -y python3 python3-venv python3-pip build-essential devscripts debhelper bash-completion git
-
      - name: Download Release Patch
        uses: actions/download-artifact@v3
        with:
          name: salt-${{ inputs.salt-version }}.patch
          path: pkgs/checkout/

-      - name: Configure Git
-        shell: bash
-        run: |
-          git config --global user.name "Salt Project Packaging"
-          git config --global user.email saltproject-packaging@vmware.com
+      - name: Setup Python Tools Scripts
+        uses: ./.github/actions/setup-python-tools-scripts
+        with:
+          cwd: pkgs/checkout/

-      - name: Apply Release Patch
-        shell: bash
+      - name: Setup Salt Version
+        id: setup-salt-version
+        uses: ./.github/actions/setup-salt-version
+        with:
+          salt-version: "${{ inputs.salt-version }}"
+          cwd: pkgs/checkout/
+
+      - name: Configure Git
+        working-directory: pkgs/checkout/
        run: |
-          cd pkgs/checkout/
-          git am --committer-date-is-author-date salt-${{ inputs.salt-version }}.patch
-          rm salt-${{ inputs.salt-version }}.patch
+          tools pkg configure-git
+
+      - name: Apply release patch
+        working-directory: pkgs/checkout/
+        run: |
+          tools pkg apply-release-patch salt-${{ inputs.salt-version }}.patch --delete

      - name: Build Deb
-        env:
-          SALT_ONEDIR_ARCHIVE: "${{ github.workspace }}/pkgs/checkout/artifacts/salt-${{ inputs.salt-version }}-onedir-linux-${{ matrix.arch }}.tar.xz"
+        working-directory: pkgs/checkout/
        run: |
-          cd pkgs/checkout/
-          echo "${{ inputs.salt-version }}" > salt/_version.txt
-          ln -sf pkg/debian/ .
-          debuild -e SALT_ONEDIR_ARCHIVE -uc -us
+          tools pkg build deb --onedir salt-${{ inputs.salt-version }}-onedir-linux-${{ matrix.arch }}.tar.xz

      - name: Cleanup
        run: |
--- a/.github/workflows/build-deps-onedir.yml
+++ b/.github/workflows/build-deps-onedir.yml
@ -21,7 +21,7 @@ on:
      relenv-version:
        required: false
        type: string
-        default: 0.6.0
+        default: 0.9.0
        description: The version of relenv to use
      python-version-linux:
        required: false
--- a/.github/workflows/build-docs.yml
+++ b/.github/workflows/build-docs.yml
@ -39,19 +39,6 @@ jobs:
        with:
          name: salt-${{ inputs.salt-version }}.patch

-      - name: Configure Git
-        shell: bash
-        run: |
-          git config --global user.name "Salt Project Packaging"
-          git config --global user.email saltproject-packaging@vmware.com
-          git config --global --add safe.directory "$(pwd)"
-
-      - name: Apply Release Patch
-        shell: bash
-        run: |
-          git am --committer-date-is-author-date salt-${{ inputs.salt-version }}.patch
-          rm salt-${{ inputs.salt-version }}.patch
-
      - name: Get Python Version
        id: get-python-version
        uses: ./.github/actions/get-python-version
@ -62,6 +49,14 @@ jobs:
        id: python-tools-scripts
        uses: ./.github/actions/setup-python-tools-scripts

+      - name: Configure Git
+        run: |
+          tools pkg configure-git
+
+      - name: Apply release patch
+        run: |
+          tools pkg apply-release-patch salt-${{ inputs.salt-version }}.patch --delete
+
      - name: Cache Python Tools Docs Virtualenv
        id: tools-venvs-dependencies-cache
        uses: actions/cache@v3
--- a/.github/workflows/build-macos-packages.yml
+++ b/.github/workflows/build-macos-packages.yml
@ -39,21 +39,11 @@ jobs:
        uses: actions/download-artifact@v3
        with:
          name: salt-${{ inputs.salt-version }}-onedir-darwin-${{ matrix.arch }}.tar.xz
+          path: artifacts/

-      - name: Decompress Onedir Tarball
+      - name: Build MacOS Package
        run: |
-          mkdir -p artifacts
-          cd artifacts
-          tar xvf ${{ github.workspace }}/salt-${{ inputs.salt-version }}-onedir-darwin-${{ matrix.arch }}.tar.xz
-          cd ${{ github.workspace }}
-          mkdir -p pkg/macos/build/opt
-          cp -Rp artifacts/salt pkg/macos/build/opt/
-
-      - name: Build Package
-        run: |
-          cd pkg/macos
-          ./prep_salt.sh
-          sudo ./package.sh -n ${{ inputs.salt-version }}
+          tools pkg build macos --onedir salt-${{ inputs.salt-version }}-onedir-darwin-${{ matrix.arch }}.tar.xz --salt-version ${{ inputs.salt-version }}

      - name: Upload ${{ matrix.arch }} Package
        uses: actions/upload-artifact@v3
--- a/.github/workflows/build-rpm-packages.yml
+++ b/.github/workflows/build-rpm-packages.yml
@ -32,11 +32,6 @@ jobs:
    steps:
      - uses: actions/checkout@v3

-      - name: Download System Dependencies
-        run: |
-          yum -y update
-          yum -y install python3 python3-pip openssl git rpmdevtools rpmlint systemd-units libxcrypt-compat git
-
      - name: Download Onedir Tarball as an Artifact
        uses: actions/download-artifact@v3
        with:
@ -48,25 +43,26 @@ jobs:
        with:
          name: salt-${{ inputs.salt-version }}.patch

-      - name: Configure Git
-        shell: bash
-        run: |
-          git config --global user.name "Salt Project Packaging"
-          git config --global user.email saltproject-packaging@vmware.com
-          git config --global --add safe.directory "$(pwd)"
+      - name: Setup Python Tools Scripts
+        uses: ./.github/actions/setup-python-tools-scripts

-      - name: Apply Release Patch
-        shell: bash
+      - name: Setup Salt Version
+        id: setup-salt-version
+        uses: ./.github/actions/setup-salt-version
+        with:
+          salt-version: "${{ inputs.salt-version }}"
+
+      - name: Configure Git
        run: |
-          git am --committer-date-is-author-date salt-${{ inputs.salt-version }}.patch
-          rm salt-${{ inputs.salt-version }}.patch
+          tools pkg configure-git
+
+      - name: Apply release patch
+        run: |
+          tools pkg apply-release-patch salt-${{ inputs.salt-version }}.patch --delete

      - name: Build RPM
-        env:
-          SALT_ONEDIR_ARCHIVE: "${{ github.workspace }}/artifacts/salt-${{ inputs.salt-version }}-onedir-linux-${{ matrix.arch }}.tar.xz"
        run: |
-          echo "${{ inputs.salt-version }}" > salt/_version.txt
-          rpmbuild -bb --define="_salt_src $(pwd)" "$(pwd)/pkg/rpm/salt.spec"
+          tools pkg build rpm --onedir salt-${{ inputs.salt-version }}-onedir-linux-${{ matrix.arch }}.tar.xz

      - name: Upload RPMs
        uses: actions/upload-artifact@v3
--- a/.github/workflows/build-salt-onedir.yml
+++ b/.github/workflows/build-salt-onedir.yml
@ -21,7 +21,7 @@ on:
      relenv-version:
        required: false
        type: string
-        default: 0.6.0
+        default: 0.9.0
        description: The version of relenv to use
      python-version-linux:
        required: false
--- a/.github/workflows/build-windows-packages.yml
+++ b/.github/workflows/build-windows-packages.yml
@ -41,16 +41,11 @@ jobs:
        uses: actions/download-artifact@v3
        with:
          name: salt-${{ inputs.salt-version }}-onedir-windows-${{ matrix.arch }}.zip
+          path: artifacts/

-      - name: Decompress Onedir Zipfile
+      - name: Build Windows Packages
        run: |
-          py -3 -m zipfile -e salt-${{ inputs.salt-version }}-onedir-windows-${{ matrix.arch }}.zip pkg/windows/
-          mv pkg/windows/salt pkg/windows/buildenv
-
-      - name: Build Package
-        shell: powershell
-        run: |
-          & pkg/windows/build.cmd -Architecture ${{ matrix.arch }} -Version ${{ inputs.salt-version }} -CICD -SkipInstall
+          tools pkg build windows --onedir salt-${{ inputs.salt-version }}-onedir-windows-${{ matrix.arch }}.zip --salt-version ${{ inputs.salt-version }} --arch ${{ matrix.arch }}

      - name: Upload ${{ matrix.arch }} Packages
        uses: actions/upload-artifact@v3
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@ -9,7 +9,7 @@ on:

 env:
  COLUMNS: 190
-  CACHE_SEED: SEED-3  # Bump the number to invalidate all caches
+  CACHE_SEED: SEED-5  # Bump the number to invalidate all caches
  RELENV_DATA: "${{ github.workspace }}/.relenv"

 permissions:
@ -393,7 +393,7 @@ jobs:
      salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
      self-hosted-runners: ${{ fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }}
      github-hosted-runners: ${{ fromJSON(needs.prepare-workflow.outputs.runners)['github-hosted'] }}
-      relenv-version: "0.7.0"
+      relenv-version: "0.9.0"
      python-version-linux: "3.10.10"
      python-version-macos: "3.10.10"
      python-version-windows: "3.10.10"
@ -411,7 +411,7 @@ jobs:
      salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
      self-hosted-runners: ${{ fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }}
      github-hosted-runners: ${{ fromJSON(needs.prepare-workflow.outputs.runners)['github-hosted'] }}
-      relenv-version: "0.7.0"
+      relenv-version: "0.9.0"
      python-version-linux: "3.10.10"
      python-version-macos: "3.10.10"
      python-version-windows: "3.10.10"
--- a/.github/workflows/nightly.yml
+++ b/.github/workflows/nightly.yml
@ -13,7 +13,7 @@ on:

 env:
  COLUMNS: 190
-  CACHE_SEED: SEED-3  # Bump the number to invalidate all caches
+  CACHE_SEED: SEED-5  # Bump the number to invalidate all caches
  RELENV_DATA: "${{ github.workspace }}/.relenv"

 permissions:
@ -437,7 +437,7 @@ jobs:
      salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
      self-hosted-runners: ${{ fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }}
      github-hosted-runners: ${{ fromJSON(needs.prepare-workflow.outputs.runners)['github-hosted'] }}
-      relenv-version: "0.7.0"
+      relenv-version: "0.9.0"
      python-version-linux: "3.10.10"
      python-version-macos: "3.10.10"
      python-version-windows: "3.10.10"
@ -455,7 +455,7 @@ jobs:
      salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
      self-hosted-runners: ${{ fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }}
      github-hosted-runners: ${{ fromJSON(needs.prepare-workflow.outputs.runners)['github-hosted'] }}
-      relenv-version: "0.7.0"
+      relenv-version: "0.9.0"
      python-version-linux: "3.10.10"
      python-version-macos: "3.10.10"
      python-version-windows: "3.10.10"
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@ -17,7 +17,7 @@ on:

 env:
  COLUMNS: 190
-  CACHE_SEED: SEED-3  # Bump the number to invalidate all caches
+  CACHE_SEED: SEED-5  # Bump the number to invalidate all caches
  RELENV_DATA: "${{ github.workspace }}/.relenv"
  REPO_BASE_URL: "https://${{ secrets.SALT_REPO_DOMAIN }}"

--- a/.github/workflows/scheduled.yml
+++ b/.github/workflows/scheduled.yml
@ -12,7 +12,7 @@ on:

 env:
  COLUMNS: 190
-  CACHE_SEED: SEED-3  # Bump the number to invalidate all caches
+  CACHE_SEED: SEED-5  # Bump the number to invalidate all caches
  RELENV_DATA: "${{ github.workspace }}/.relenv"

 permissions:
@ -436,7 +436,7 @@ jobs:
      salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
      self-hosted-runners: ${{ fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }}
      github-hosted-runners: ${{ fromJSON(needs.prepare-workflow.outputs.runners)['github-hosted'] }}
-      relenv-version: "0.7.0"
+      relenv-version: "0.9.0"
      python-version-linux: "3.10.10"
      python-version-macos: "3.10.10"
      python-version-windows: "3.10.10"
@ -454,7 +454,7 @@ jobs:
      salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
      self-hosted-runners: ${{ fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }}
      github-hosted-runners: ${{ fromJSON(needs.prepare-workflow.outputs.runners)['github-hosted'] }}
-      relenv-version: "0.7.0"
+      relenv-version: "0.9.0"
      python-version-linux: "3.10.10"
      python-version-macos: "3.10.10"
      python-version-windows: "3.10.10"
--- a/.github/workflows/staging.yml
+++ b/.github/workflows/staging.yml
@ -25,7 +25,7 @@ on:

 env:
  COLUMNS: 190
-  CACHE_SEED: SEED-3  # Bump the number to invalidate all caches
+  CACHE_SEED: SEED-5  # Bump the number to invalidate all caches
  RELENV_DATA: "${{ github.workspace }}/.relenv"
  REPO_BASE_URL: "https://${{ secrets.SALT_REPO_USER }}:${{ secrets.SALT_REPO_PASS }}@${{ secrets.SALT_REPO_DOMAIN }}"

@ -438,7 +438,7 @@ jobs:
      salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
      self-hosted-runners: ${{ fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }}
      github-hosted-runners: ${{ fromJSON(needs.prepare-workflow.outputs.runners)['github-hosted'] }}
-      relenv-version: "0.7.0"
+      relenv-version: "0.9.0"
      python-version-linux: "3.10.10"
      python-version-macos: "3.10.10"
      python-version-windows: "3.10.10"
@ -456,7 +456,7 @@ jobs:
      salt-version: "${{ needs.prepare-workflow.outputs.salt-version }}"
      self-hosted-runners: ${{ fromJSON(needs.prepare-workflow.outputs.runners)['self-hosted'] }}
      github-hosted-runners: ${{ fromJSON(needs.prepare-workflow.outputs.runners)['github-hosted'] }}
-      relenv-version: "0.7.0"
+      relenv-version: "0.9.0"
      python-version-linux: "3.10.10"
      python-version-macos: "3.10.10"
      python-version-windows: "3.10.10"
--- a/.github/workflows/templates/layout.yml.jinja
+++ b/.github/workflows/templates/layout.yml.jinja
@ -9,7 +9,7 @@
 <%- set python_version_linux = "3.10.10" %>
 <%- set python_version_macos = "3.10.10" %>
 <%- set python_version_windows = "3.10.10" %>
-<%- set relenv_version = "0.7.0" %>
+<%- set relenv_version = "0.9.0" %>
 <%- set gpg_key_id = "64CBBC8173D76B3F" %>
 <%- set prepare_actual_release = prepare_actual_release | default(False) %>
 <%- set release_branches = ["master", "3006.x"] %>
@ -31,7 +31,7 @@ on:

 env:
  COLUMNS: 190
-  CACHE_SEED: SEED-3  # Bump the number to invalidate all caches
+  CACHE_SEED: SEED-5  # Bump the number to invalidate all caches
  RELENV_DATA: "${{ github.workspace }}/.relenv"

 <%- endblock env %>
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@ -46,7 +46,7 @@ repos:
          )$

  - repo: https://github.com/s0undt3ch/python-tools-scripts
-    rev: "0.11.1"
+    rev: "0.12.0"
    hooks:
      - id: tools
        alias: check-changelog-entries
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -7,6 +7,338 @@ Versions are `MAJOR.PATCH`.

 # Changelog

+## 3006.0rc2 (2023-03-19)
+
+
+### Removed
+
+- Remove and deprecate the __orchestration__ key from salt.runner and salt.wheel return data. To get it back, set features.enable_deprecated_orchestration_flag master configuration option to True. The flag will be completely removed in Salt 3008 Argon. [#59917](https://github.com/saltstack/salt/issues/59917)
+- Removed distutils and replaced with setuptools, given distutils is deprecated and removed in Python 3.12 [#60476](https://github.com/saltstack/salt/issues/60476)
+- Removed ``runtests`` targets from ``noxfile.py`` [#62239](https://github.com/saltstack/salt/issues/62239)
+- Removed the PyObjC dependency.
+
+  This addresses problems with building a one dir build for macOS.
+  It became problematic because depending on the macOS version, it pulls different dependencies, and we would either have to build a macos onedir for each macOS supported release, or ship a crippled onedir(because it would be tied to the macOS version where the onedir was built).
+  Since it's currently not being used, it's removed. [#62432](https://github.com/saltstack/salt/issues/62432)
+- Removed `SixRedirectImporter` from Salt. Salt hasn't shipped `six` since Salt 3004. [#63874](https://github.com/saltstack/salt/issues/63874)
+
+
+### Deprecated
+
+- renamed `keep_jobs`, specifying job cache TTL in hours, to `keep_jobs_seconds`, specifying TTL in seconds.
+  `keep_jobs` will be removed in the Argon release [#55295](https://github.com/saltstack/salt/issues/55295)
+- Removing all references to napalm-base which is no longer supported. [#61542](https://github.com/saltstack/salt/issues/61542)
+- The 'ip_bracket' function has been moved from salt/utils/zeromq.py in salt/utils/network.py [#62009](https://github.com/saltstack/salt/issues/62009)
+- The `expand_repo_def` function in `salt.modules.aptpkg` is now deprecated. It's only used in `salt.states.pkgrepo` and it has no use of being exposed to the CLI. [#62485](https://github.com/saltstack/salt/issues/62485)
+- Deprecated defunct Django returner [#62644](https://github.com/saltstack/salt/issues/62644)
+- Deprecate core ESXi and associated states and modules, vcenter and vsphere support in favor of Salt VMware Extensions [#62754](https://github.com/saltstack/salt/issues/62754)
+- Removing manufacture grain which has been deprecated. [#62914](https://github.com/saltstack/salt/issues/62914)
+- Removing deprecated utils/boto3_elasticsearch.py [#62915](https://github.com/saltstack/salt/issues/62915)
+- Removing support for the now deprecated _ext_nodes from salt/master.py. [#62917](https://github.com/saltstack/salt/issues/62917)
+- Deprecating the Salt Slack engine in favor of the Salt Slack Bolt Engine. [#63095](https://github.com/saltstack/salt/issues/63095)
+- `salt.utils.version.StrictVersion` is now deprecated and it's use should be replaced with `salt.utils.version.Version`. [#63383](https://github.com/saltstack/salt/issues/63383)
+
+
+### Changed
+
+- More intelligent diffing in changes of file.serialize state. [#48609](https://github.com/saltstack/salt/issues/48609)
+- Move deprecation of the neutron module to Argon. Please migrate to the neutronng module instead. [#49430](https://github.com/saltstack/salt/issues/49430)
+- ``umask`` is now a global state argument, instead of only applying to ``cmd``
+  states. [#57803](https://github.com/saltstack/salt/issues/57803)
+- Update pillar.obfuscate to accept kwargs in addition to args.  This is useful when passing in keyword arguments like saltenv that are then passed along to pillar.items. [#58971](https://github.com/saltstack/salt/issues/58971)
+- Improve support for listing macOS brew casks [#59439](https://github.com/saltstack/salt/issues/59439)
+- Add missing MariaDB Grants to mysql module.
+  MariaDB has added some grants in 10.4.x and 10.5.x that are not present here, which results in an error when creating.
+  Also improved exception handling in `grant_add` which did not log the original error message and replaced it with a generic error. [#61409](https://github.com/saltstack/salt/issues/61409)
+- Use VENV_PIP_TARGET environment variable as a default target for pip if present. [#62089](https://github.com/saltstack/salt/issues/62089)
+- Disabled FQDNs grains on macOS by default [#62168](https://github.com/saltstack/salt/issues/62168)
+- Replaced pyroute2.IPDB with pyroute2.NDB, as the former is deprecated [#62218](https://github.com/saltstack/salt/issues/62218)
+- Enhance capture of error messages for Zypper calls in zypperpkg module. [#62346](https://github.com/saltstack/salt/issues/62346)
+- Removed GPG_1_3_1 check [#62895](https://github.com/saltstack/salt/issues/62895)
+- Requisite state chunks now all consistently contain `__id__`, `__sls__` and `name`. [#63012](https://github.com/saltstack/salt/issues/63012)
+- netapi_enable_clients option to allow enabling/disabling of clients in salt-api.
+  By default all clients will now be disabled. Users of salt-api will need
+  to update their master config to enable the clients that they use. Not adding
+  the netapi_enable_clients option with required clients to the master config will
+  disable salt-api. [#63050](https://github.com/saltstack/salt/issues/63050)
+- Stop relying on `salt/_version.py` to write Salt's version. Instead use `salt/_version.txt` which only contains the version string. [#63383](https://github.com/saltstack/salt/issues/63383)
+- Set enable_fqdns_grains to be False by default. [#63595](https://github.com/saltstack/salt/issues/63595)
+- Changelog snippet files must now have a `.md` file extension to be more explicit on what type of rendering is done when they are included in the main `CHANGELOG.md` file. [#63710](https://github.com/saltstack/salt/issues/63710)
+
+
+### Fixed
+
+- Add kwargs to handle extra parameters for http.query [#36138](https://github.com/saltstack/salt/issues/36138)
+- Fix mounted bind mounts getting active mount options added [#39292](https://github.com/saltstack/salt/issues/39292)
+- Fix `sysctl.present` converts spaces to tabs. [#40054](https://github.com/saltstack/salt/issues/40054)
+- Fixes state pkg.purged to purge removed packages on Debian family systems [#42306](https://github.com/saltstack/salt/issues/42306)
+- Fix fun_args missing from syndic returns [#45823](https://github.com/saltstack/salt/issues/45823)
+- Fix mount.mounted with 'mount: False' reports unmounted file system as unchanged when running with test=True [#47201](https://github.com/saltstack/salt/issues/47201)
+- Issue #49310: Allow users to touch a file with Unix date of birth [#49310](https://github.com/saltstack/salt/issues/49310)
+- Do not raise an exception in pkg.info_installed on nonzero return code [#51620](https://github.com/saltstack/salt/issues/51620)
+- Passes the value of the force parameter from file.copy to its call to file.remove so that files with the read-only attribute are handled. [#51739](https://github.com/saltstack/salt/issues/51739)
+- Fixed x509.certificate_managed creates new certificate every run in the new cryptography x509 module. Please migrate to the new cryptography x509 module for this improvement. [#52167](https://github.com/saltstack/salt/issues/52167)
+- Don't check for cached pillar errors on state.apply [#52354](https://github.com/saltstack/salt/issues/52354), [#57180](https://github.com/saltstack/salt/issues/57180), [#59339](https://github.com/saltstack/salt/issues/59339)
+- Swapping out args and kwargs for arg and kwarg respectively in the Slack engine when the command passed is a runner. [#52400](https://github.com/saltstack/salt/issues/52400)
+- Ensure when we're adding chunks to the rules when running aggregation with the iptables state module we use a copy of the chunk otherwise we end up with a recursive mess. [#53353](https://github.com/saltstack/salt/issues/53353)
+- When user_create or user_remove fail, return False instead of returning the error. [#53377](https://github.com/saltstack/salt/issues/53377)
+- Include sync_roster when sync_all is called. [#53914](https://github.com/saltstack/salt/issues/53914)
+- Avoid warning noise in lograte.get [#53988](https://github.com/saltstack/salt/issues/53988)
+- Fixed listing revoked keys with gpg.list_keys [#54347](https://github.com/saltstack/salt/issues/54347)
+- Fix mount.mounted does not handle blanks properly [#54508](https://github.com/saltstack/salt/issues/54508)
+- Fixed grain num_cpus get wrong CPUs count in case of inconsistent CPU numbering. [#54682](https://github.com/saltstack/salt/issues/54682)
+- Fix spelling error for python_shell argument in dpkg_lower module [#54907](https://github.com/saltstack/salt/issues/54907)
+- Cleaned up bytes response data before sending to non-bytes compatible returners (postgres, mysql) [#55226](https://github.com/saltstack/salt/issues/55226)
+- Fixed malformed state return when testing file.managed with unavailable source file [#55269](https://github.com/saltstack/salt/issues/55269)
+- Included stdout in error message for Zypper calls in zypperpkg module. [#56016](https://github.com/saltstack/salt/issues/56016)
+- Fixed pillar.filter_by with salt-ssh [#56093](https://github.com/saltstack/salt/issues/56093)
+- Fix boto_route53 issue with (multiple) VPCs. [#57139](https://github.com/saltstack/salt/issues/57139)
+- Remove log from mine runner which was not used. [#57463](https://github.com/saltstack/salt/issues/57463)
+- Fixed x509.read_certificate error when reading a Microsoft CA issued certificate in the new cryptography x509 module. Please migrate to the new cryptography x509 module for this improvement. [#57535](https://github.com/saltstack/salt/issues/57535)
+- Updating Slack engine to use slack_bolt library. [#57842](https://github.com/saltstack/salt/issues/57842)
+- Fixed warning about replace=True with x509.certificate_managed in the new cryptography x509 module. [#58165](https://github.com/saltstack/salt/issues/58165)
+- Fix salt.modules.pip:is_installed doesn't handle locally installed packages [#58202](https://github.com/saltstack/salt/issues/58202)
+- Add missing MariaDB Grants to mysql module. MariaDB has added some grants in 10.4.x and 10.5.x that are not present here, which results in an error when creating. [#58297](https://github.com/saltstack/salt/issues/58297)
+- linux_shadow: Fix cases where malformed shadow entries cause `user.present`
+  states to fail. [#58423](https://github.com/saltstack/salt/issues/58423)
+- Fixed salt.utils.compat.cmp to work with dictionaries [#58729](https://github.com/saltstack/salt/issues/58729)
+- Fixed formatting for terse output mode [#58953](https://github.com/saltstack/salt/issues/58953)
+- Fixed RecursiveDictDiffer with added nested dicts [#59017](https://github.com/saltstack/salt/issues/59017)
+- Fixed x509.certificate_managed has DoS effect on master in the new cryptography x509 module. Please migrate to the new cryptography x509 module for this improvement. [#59169](https://github.com/saltstack/salt/issues/59169)
+- Fixed saltnado websockets disconnecting immediately [#59183](https://github.com/saltstack/salt/issues/59183)
+- Fixed x509.certificate_managed rolls certificates every now and then in the new cryptography x509 module. Please migrate to the new cryptography x509 module for this improvement. [#59315](https://github.com/saltstack/salt/issues/59315)
+- Fix postgres_privileges.present not idempotent for functions [#59585](https://github.com/saltstack/salt/issues/59585)
+- Fixed influxdb_continuous_query.present state to provide the client args to the underlying module on create. [#59766](https://github.com/saltstack/salt/issues/59766)
+- Warn when using insecure (http:// based) key_urls for apt-based systems in pkgrepo.managed, and add a kwarg that determines the validity of such a url. [#59786](https://github.com/saltstack/salt/issues/59786)
+- add load balancing policy default option and ensure the module can be executed with arguments from CLI [#59909](https://github.com/saltstack/salt/issues/59909)
+- Fix salt-ssh when using imports with extra-filerefs. [#60003](https://github.com/saltstack/salt/issues/60003)
+- Fixed cache directory corruption startup error [#60170](https://github.com/saltstack/salt/issues/60170)
+- Update docs remove dry_run in docstring of file.blockreplace state. [#60227](https://github.com/saltstack/salt/issues/60227)
+- Adds Parrot to OS_Family_Map in grains. [#60249](https://github.com/saltstack/salt/issues/60249)
+- Fixed stdout and stderr being empty sometimes when use_vt=True for the cmd.run[*] functions [#60365](https://github.com/saltstack/salt/issues/60365)
+- Use return code in iptables --check to verify rule exists. [#60467](https://github.com/saltstack/salt/issues/60467)
+- Fix regression pip.installed does not pass env_vars when calling pip.list [#60557](https://github.com/saltstack/salt/issues/60557)
+- Fix xfs module when additional output included in mkfs.xfs command. [#60853](https://github.com/saltstack/salt/issues/60853)
+- Fixed parsing new format of terraform states in roster.terraform [#60915](https://github.com/saltstack/salt/issues/60915)
+- Fixed recognizing installed ARMv7 rpm packages in compatible architectures. [#60994](https://github.com/saltstack/salt/issues/60994)
+- Fixing changes dict in pkg state to be consistent when installing and test=True. [#60995](https://github.com/saltstack/salt/issues/60995)
+- Fix cron.present duplicating entries when changing timespec to special. [#60997](https://github.com/saltstack/salt/issues/60997)
+- Made salt-ssh respect --wipe again [#61083](https://github.com/saltstack/salt/issues/61083)
+- state.orchestrate_single only passes a pillar if it is set to the state
+  function. This allows it to be used with state functions that don't accept a
+  pillar keyword argument. [#61092](https://github.com/saltstack/salt/issues/61092)
+- Fix ipset state when the comment kwarg is set. [#61122](https://github.com/saltstack/salt/issues/61122)
+- Fix issue with archive.unzip where the password was not being encoded for the extract function [#61422](https://github.com/saltstack/salt/issues/61422)
+- Some Linux distributions (like AlmaLinux, Astra Linux, Debian, Mendel, Linux
+  Mint, Pop!_OS, Rocky Linux) report different `oscodename`, `osfullname`,
+  `osfinger` grains if lsb-release is installed or not. They have been changed to
+  only derive these OS grains from `/etc/os-release`. [#61618](https://github.com/saltstack/salt/issues/61618)
+- Pop!_OS uses the full version (YY.MM) in the osfinger grain now, not just the year. This allows differentiating for example between 20.04 and 20.10. [#61619](https://github.com/saltstack/salt/issues/61619)
+- Fix ssh config roster to correctly parse the ssh config files that contain spaces. [#61650](https://github.com/saltstack/salt/issues/61650)
+- Fix SoftLayer configuration not raising an exception when a domain is missing [#61727](https://github.com/saltstack/salt/issues/61727)
+- Allow the minion to start or salt-call to run even if the user doesn't have permissions to read the root_dir value from the registry [#61789](https://github.com/saltstack/salt/issues/61789)
+- Need to move the creation of the proxy object for the ProxyMinion further down in the initialization for sub proxies to ensure that all modules, especially any custom proxy modules, are available before attempting to run the init function. [#61805](https://github.com/saltstack/salt/issues/61805)
+- Fixed malformed state return when merge-serializing to an improperly formatted file [#61814](https://github.com/saltstack/salt/issues/61814)
+- Made cmdmod._run[_all]_quiet work during minion startup on MacOS with runas specified (which fixed mac_service) [#61816](https://github.com/saltstack/salt/issues/61816)
+- When deleting the vault cache, also delete from the session cache [#61821](https://github.com/saltstack/salt/issues/61821)
+- Ignore errors on reading license info with dpkg_lowpkg to prevent tracebacks on getting package information. [#61827](https://github.com/saltstack/salt/issues/61827)
+- win_lgpo: Display conflicting policy names when more than one policy is found [#61859](https://github.com/saltstack/salt/issues/61859)
+- win_lgpo: Fixed intermittent KeyError when getting policy setting using lgpo.get_policy [#61860](https://github.com/saltstack/salt/issues/61860)
+- Fixed listing minions on OpenBSD [#61966](https://github.com/saltstack/salt/issues/61966)
+- Make Salt to return an error on "pkg" modules and states when targeting duplicated package names [#62019](https://github.com/saltstack/salt/issues/62019)
+- Fix return of REST-returned permissions when auth_list is set [#62022](https://github.com/saltstack/salt/issues/62022)
+- Normalize package names once on using pkg.installed/removed with yum to make it possible to install packages with the name containing a part similar to a name of architecture. [#62029](https://github.com/saltstack/salt/issues/62029)
+- Fix inconsitency regarding name and pkgs parameters between zypperpkg.upgrade() and yumpkg.upgrade() [#62030](https://github.com/saltstack/salt/issues/62030)
+- Fix attr=all handling in pkg.list_pkgs() (yum/zypper). [#62032](https://github.com/saltstack/salt/issues/62032)
+- Fixed the humanname being ignored in pkgrepo.managed on openSUSE Leap [#62053](https://github.com/saltstack/salt/issues/62053)
+- Fixed issue with some LGPO policies having whitespace at the beginning or end of the element alias [#62058](https://github.com/saltstack/salt/issues/62058)
+- Fix ordering of args to libcloud_storage.download_object module [#62074](https://github.com/saltstack/salt/issues/62074)
+- Ignore extend declarations in sls files that are excluded. [#62082](https://github.com/saltstack/salt/issues/62082)
+- Remove leftover usage of impacket [#62101](https://github.com/saltstack/salt/issues/62101)
+- Pass executable path from _get_path_exec() is used when calling the program.
+  The $HOME env is no longer modified globally.
+  Only trailing newlines are stripped from the fetched secret.
+  Pass process arguments are handled in a secure way. [#62120](https://github.com/saltstack/salt/issues/62120)
+- Ignore some command return codes in openbsdrcctl_service to prevent spurious errors [#62131](https://github.com/saltstack/salt/issues/62131)
+- Fixed extra period in filename output in tls module. Instead of "server.crt." it will now be "server.crt". [#62139](https://github.com/saltstack/salt/issues/62139)
+- Make sure lingering PAexec-*.exe files in the Windows directory are cleaned up [#62152](https://github.com/saltstack/salt/issues/62152)
+- Restored Salt's DeprecationWarnings [#62185](https://github.com/saltstack/salt/issues/62185)
+- Fixed issue with forward slashes on Windows with file.recurse and clean=True [#62197](https://github.com/saltstack/salt/issues/62197)
+- Recognize OSMC as Debian-based [#62198](https://github.com/saltstack/salt/issues/62198)
+- Fixed Zypper module failing on RPM lock file being temporarily unavailable. [#62204](https://github.com/saltstack/salt/issues/62204)
+- Improved error handling and diagnostics in the proxmox salt-cloud driver [#62211](https://github.com/saltstack/salt/issues/62211)
+- Added EndeavourOS to the Arch os_family. [#62220](https://github.com/saltstack/salt/issues/62220)
+- Fix salt-ssh not detecting `platform-python` as a valid interpreter on EL8 [#62235](https://github.com/saltstack/salt/issues/62235)
+- Fix pkg.version_cmp on openEuler and a few other os flavors. [#62248](https://github.com/saltstack/salt/issues/62248)
+- Fix localhost detection in glusterfs.peers [#62273](https://github.com/saltstack/salt/issues/62273)
+- Fix Salt Package Manager (SPM) exception when calling spm create_repo . [#62281](https://github.com/saltstack/salt/issues/62281)
+- Fix matcher slowness due to loader invocation [#62283](https://github.com/saltstack/salt/issues/62283)
+- Fixes the Puppet module for non-aio Puppet packages for example running the Puppet module on FreeBSD. [#62323](https://github.com/saltstack/salt/issues/62323)
+- Issue 62334: Displays a debug log message instead of an error log message when the publisher fails to connect [#62334](https://github.com/saltstack/salt/issues/62334)
+- Fix pyobjects renderer access to opts and sls [#62336](https://github.com/saltstack/salt/issues/62336)
+- Fix use of random shuffle and sample functions as Jinja filters [#62372](https://github.com/saltstack/salt/issues/62372)
+- Fix groups with duplicate GIDs are not returned by get_group_list [#62377](https://github.com/saltstack/salt/issues/62377)
+- Fix the "zpool.present" state when enabling zpool features that are already active. [#62390](https://github.com/saltstack/salt/issues/62390)
+- Fix ability to execute remote file client methods in saltcheck [#62398](https://github.com/saltstack/salt/issues/62398)
+- Update all platforms to use pycparser 2.21 or greater for Py 3.9 or higher, fixes fips fault with openssl v3.x [#62400](https://github.com/saltstack/salt/issues/62400)
+- Due to changes in the Netmiko library for the exception paths, need to check the version of Netmiko python library and then import the exceptions from different locations depending on the result. [#62405](https://github.com/saltstack/salt/issues/62405)
+- When using preq on a state, then prereq state will first be run with test=True to determine if there are changes.  When there are changes, the state with the prereq option will be run prior to the prereq state.  If this state fails then the prereq state will not run and the state output uses the test=True run.  However, the proposed changes are included for the prereq state are included from the test=True run.  We should pull those out as there weren't actually changes since the prereq state did not run. [#62408](https://github.com/saltstack/salt/issues/62408)
+- Added directory mode for file.copy with makedirs [#62426](https://github.com/saltstack/salt/issues/62426)
+- Provide better error handling in the various napalm proxy minion functions when the device is not accessible. [#62435](https://github.com/saltstack/salt/issues/62435)
+- When handling aggregation, change the order to ensure that the requisites are aggregated first and then the state functions are aggregated.  Caching whether aggregate functions are available for particular states so we don't need to attempt to load them everytime. [#62439](https://github.com/saltstack/salt/issues/62439)
+- The patch allows to boostrap kubernetes clusters in the version above 1.13 via salt module [#62451](https://github.com/saltstack/salt/issues/62451)
+- sysctl.persist now updates the in-memory value on FreeBSD even if the on-disk value was already correct. [#62461](https://github.com/saltstack/salt/issues/62461)
+- Fixed parsing CDROM apt sources [#62474](https://github.com/saltstack/salt/issues/62474)
+- Update sanitizing masking for Salt SSH to include additional password like strings. [#62483](https://github.com/saltstack/salt/issues/62483)
+- Fix user/group checking on file state functions in the test mode. [#62499](https://github.com/saltstack/salt/issues/62499)
+- Fix user.present to allow removing groups using optional_groups parameter and enforcing idempotent group membership. [#62502](https://github.com/saltstack/salt/issues/62502)
+- Fix possible tracebacks if there is a package with '------' or '======' in the description is installed on the Debian based minion. [#62519](https://github.com/saltstack/salt/issues/62519)
+- Fixed the omitted "pool" parameter when cloning a VM with the proxmox salt-cloud driver [#62521](https://github.com/saltstack/salt/issues/62521)
+- Fix rendering of pyobjects states in saltcheck [#62523](https://github.com/saltstack/salt/issues/62523)
+- Fixes pillar where a corrupted CacheDisk file forces the pillar to be rebuilt [#62527](https://github.com/saltstack/salt/issues/62527)
+- Use str() method instead of repo_line for when python3-apt is installed or not in aptpkg.py. [#62546](https://github.com/saltstack/salt/issues/62546)
+- Remove the connection_timeout from netmiko_connection_args before netmiko_connection_args is added to __context__["netmiko_device"]["args"] which is passed along to the Netmiko library. [#62547](https://github.com/saltstack/salt/issues/62547)
+- Fix order specific mount.mounted options for persist [#62556](https://github.com/saltstack/salt/issues/62556)
+- Fixed salt-cloud cloning a proxmox VM with a specified new vmid. [#62558](https://github.com/saltstack/salt/issues/62558)
+- Fix runas with cmd module when using the onedir bundled packages [#62565](https://github.com/saltstack/salt/issues/62565)
+- Update setproctitle version for all platforms [#62576](https://github.com/saltstack/salt/issues/62576)
+- Fixed missing parameters when cloning a VM with the proxmox salt-cloud driver [#62580](https://github.com/saltstack/salt/issues/62580)
+- Handle PermissionError when importing crypt when FIPS is enabled. [#62587](https://github.com/saltstack/salt/issues/62587)
+- Correctly reraise exceptions in states.http [#62595](https://github.com/saltstack/salt/issues/62595)
+- Fixed syndic eauth. Now jobs will be published when a valid eauth user is targeting allowed minions/functions. [#62618](https://github.com/saltstack/salt/issues/62618)
+- updated rest_cherry/app to properly detect arg sent as a string as curl will do when only one arg is supplied. [#62624](https://github.com/saltstack/salt/issues/62624)
+- Prevent possible tracebacks in core grains module by ignoring non utf8 characters in /proc/1/environ, /proc/1/cmdline, /proc/cmdline [#62633](https://github.com/saltstack/salt/issues/62633)
+- Fixed vault ext pillar return data for KV v2 [#62651](https://github.com/saltstack/salt/issues/62651)
+- Fix saltcheck _get_top_states doesn't pass saltenv to state.show_top [#62654](https://github.com/saltstack/salt/issues/62654)
+- Fix groupadd.* functions hard code relative command name [#62657](https://github.com/saltstack/salt/issues/62657)
+- Fixed pdbedit.create trying to use a bytes-like hash as string. [#62670](https://github.com/saltstack/salt/issues/62670)
+- Fix depenency on legacy boto module in boto3 modules [#62672](https://github.com/saltstack/salt/issues/62672)
+- Modified "_get_flags" function so that it returns regex flags instead of integers [#62676](https://github.com/saltstack/salt/issues/62676)
+- Change startup ReqServer log messages from error to info level. [#62728](https://github.com/saltstack/salt/issues/62728)
+- Fix kmod.* functions hard code relative command name [#62772](https://github.com/saltstack/salt/issues/62772)
+- Fix mac_brew_pkg to work with null taps [#62793](https://github.com/saltstack/salt/issues/62793)
+- Fixing a bug when listing the running schedule if "schedule.enable" and/or "schedule.disable" has been run, where the "enabled" items is being treated as a schedule item. [#62795](https://github.com/saltstack/salt/issues/62795)
+- Prevent annoying RuntimeWarning message about line buffering (buffering=1) not being supported in binary mode [#62817](https://github.com/saltstack/salt/issues/62817)
+- Include UID and GID checks in modules.file.check_perms as well as comparing
+  ownership by username and group name. [#62818](https://github.com/saltstack/salt/issues/62818)
+- Fix presence events on TCP transport by removing a client's presence when minion disconnects from publish channel correctly [#62826](https://github.com/saltstack/salt/issues/62826)
+- Remove Azure deprecation messages from functions that always run w/ salt-cloud [#62845](https://github.com/saltstack/salt/issues/62845)
+- Use select instead of iterating over entrypoints as a dictionary for importlib_metadata>=5.0.0 [#62854](https://github.com/saltstack/salt/issues/62854)
+- Fixed master job scheduler using when [#62858](https://github.com/saltstack/salt/issues/62858)
+- LGPO: Added support for missing domain controller policies: VulnerableChannelAllowList and LdapEnforceChannelBinding [#62873](https://github.com/saltstack/salt/issues/62873)
+- Fix unnecessarily complex gce metadata grains code to use googles metadata service more effectively. [#62878](https://github.com/saltstack/salt/issues/62878)
+- Fixed dockermod version_info function for docker-py 6.0.0+ [#62882](https://github.com/saltstack/salt/issues/62882)
+- Moving setting the LOAD_BALANCING_POLICY_MAP dictionary into the try except block that determines if the cassandra_cql module should be made available. [#62886](https://github.com/saltstack/salt/issues/62886)
+- Updating various MongoDB module functions to work with latest version of pymongo. [#62900](https://github.com/saltstack/salt/issues/62900)
+- Restored channel for Syndic minions to send job returns to the Salt master. [#62933](https://github.com/saltstack/salt/issues/62933)
+- removed _resolve_deps as it required a library that is not generally avalible. and switched to apt-get for everything as that can auto resolve dependencies. [#62934](https://github.com/saltstack/salt/issues/62934)
+- Updated pyzmq to version 22.0.3 on Windows builds because the old version was causing salt-minion/salt-call to hang [#62937](https://github.com/saltstack/salt/issues/62937)
+- Allow root user to modify crontab lines for non-root users (except AIX and Solaris). Align crontab line changes with the file ones and also with listing crontab. [#62940](https://github.com/saltstack/salt/issues/62940)
+- Fix systemd_service.* functions hard code relative command name [#62942](https://github.com/saltstack/salt/issues/62942)
+- Fix file.symlink backupname operation can copy remote contents to local disk [#62953](https://github.com/saltstack/salt/issues/62953)
+- Issue #62968: Fix issue where cloud deployments were putting the keys in the wrong location on Windows hosts [#62968](https://github.com/saltstack/salt/issues/62968)
+- Fixed gpg_passphrase issue with gpg decrypt/encrypt functions [#62977](https://github.com/saltstack/salt/issues/62977)
+- Fix file.tidied FileNotFoundError [#62986](https://github.com/saltstack/salt/issues/62986)
+- Fixed bug where module.wait states were detected as running legacy module.run syntax [#62988](https://github.com/saltstack/salt/issues/62988)
+- Fixed issue with win_wua module where it wouldn't load if the CryptSvc was set to Manual start [#62993](https://github.com/saltstack/salt/issues/62993)
+- The `__opts__` dunder dictionary is now added to the loader's `pack` if not
+  already present, which makes it accessible via the
+  `salt.loader.context.NamedLoaderContext` class. [#63013](https://github.com/saltstack/salt/issues/63013)
+- Issue #63024: Fix issue where grains and config data were being place in the wrong location on Windows hosts [#63024](https://github.com/saltstack/salt/issues/63024)
+- Fix btrfs.subvolume_snapshot command failing [#63025](https://github.com/saltstack/salt/issues/63025)
+- Fix file.retention_schedule always reports changes [#63033](https://github.com/saltstack/salt/issues/63033)
+- Fix mongo authentication for mongo ext_pillar and mongo returner
+
+  This fix also include the ability to use the mongo connection string for mongo ext_pillar [#63058](https://github.com/saltstack/salt/issues/63058)
+- Fixed x509.create_csr creates invalid CSR by default in the new cryptography x509 module. [#63103](https://github.com/saltstack/salt/issues/63103)
+- TCP transport documentation now contains proper master/minion-side filtering information [#63120](https://github.com/saltstack/salt/issues/63120)
+- Fixed gpg.verify does not respect gnupghome [#63145](https://github.com/saltstack/salt/issues/63145)
+- Made pillar cache pass extra minion data as well [#63208](https://github.com/saltstack/salt/issues/63208)
+- Fix serious performance issues with the file.tidied module [#63231](https://github.com/saltstack/salt/issues/63231)
+- Fix rpm_lowpkg version comparison logic when using rpm-vercmp and only one version has a release number. [#63317](https://github.com/saltstack/salt/issues/63317)
+- Import StrictVersion and LooseVersion from setuptools.distutils.verison or setuptools._distutils.version, if first not available [#63350](https://github.com/saltstack/salt/issues/63350)
+- When the shell is passed as powershell or pwsh, only wrapper the shell in quotes if cmd.run is running on Windows.  When quoted on Linux hosts, this results in an error when the keyword arguments are appended. [#63590](https://github.com/saltstack/salt/issues/63590)
+- LGPO: Added support for "Relax minimum password length limits" [#63596](https://github.com/saltstack/salt/issues/63596)
+- When a job is disabled only increase it's _next_fire_time value if the job would have run at the current time, eg. the current _next_fire_time == now. [#63699](https://github.com/saltstack/salt/issues/63699)
+- Check file is not empty before attempting to read pillar disk cache file [#63729](https://github.com/saltstack/salt/issues/63729)
+- fix cherrypy 400 error output to be less generic. [#63835](https://github.com/saltstack/salt/issues/63835)
+- remove eval and update logging to be more informative on bad config [#63879](https://github.com/saltstack/salt/issues/63879)
+
+
+### Added
+
+- Introduce a `LIB_STATE_DIR` syspaths variable which defaults to `CONFIG_DIR`,
+  but can be individually customized during installation by specifying
+  `--salt-lib-state-dir` during installation. Change the default `pki_dir` to
+  `<LIB_STATE_DIR>/pki/master` (for the master) and `<LIB_STATE_DIR>/pki/minion`
+  (for the minion). [#3396](https://github.com/saltstack/salt/issues/3396)
+- Allow users to enable 'queue=True' for all state runs via config file [#31468](https://github.com/saltstack/salt/issues/31468)
+- Added pillar templating to vault policies [#43287](https://github.com/saltstack/salt/issues/43287)
+- Add support for NVMeF as a transport protocol for hosts in a Pure Storage FlashArray [#51088](https://github.com/saltstack/salt/issues/51088)
+- A new salt-ssh roster that generates a roster by parses a known_hosts file. [#54679](https://github.com/saltstack/salt/issues/54679)
+- Added Windows Event Viewer support [#54713](https://github.com/saltstack/salt/issues/54713)
+- Added the win_lgpo_reg state and execution modules which will allow registry based group policy to be set directly in the Registry.pol file [#56013](https://github.com/saltstack/salt/issues/56013)
+- Added resource tagging functions to boto_dynamodb execution module [#57500](https://github.com/saltstack/salt/issues/57500)
+- Added `openvswitch_db` state module and functions `bridge_to_parent`,
+  `bridge_to_vlan`, `db_get`, and `db_set` to the `openvswitch` execution module.
+  Also added optional `parent` and `vlan` parameters to the
+  `openvswitch_bridge.present` state module function and the
+  `openvswitch.bridge_create` execution module function. [#58986](https://github.com/saltstack/salt/issues/58986)
+- State module to manage SysFS attributes [#60154](https://github.com/saltstack/salt/issues/60154)
+- Added ability for `salt.wait_for_event` to handle `event_id`s that have a list value. [#60430](https://github.com/saltstack/salt/issues/60430)
+- Added suport for Linux ppc64le core grains (cpu_model, virtual, productname, manufacturer, serialnumber) and arm core grains (serialnumber, productname) [#60518](https://github.com/saltstack/salt/issues/60518)
+- Added autostart option to virt.defined and virt.running states, along with virt.update execution modules. [#60700](https://github.com/saltstack/salt/issues/60700)
+- Added .0 back to our versioning scheme for future versions (e.g. 3006.0) [#60722](https://github.com/saltstack/salt/issues/60722)
+- Initial work to allow parallel startup of proxy minions when used as sub proxies with Deltaproxy. [#61153](https://github.com/saltstack/salt/issues/61153)
+- Added node label support for GCE [#61245](https://github.com/saltstack/salt/issues/61245)
+- Support the --priority flag when adding sources to Chocolatey. [#61319](https://github.com/saltstack/salt/issues/61319)
+- Add namespace option to ext_pillar.http_json [#61335](https://github.com/saltstack/salt/issues/61335)
+- Added a filter function to ps module to get a list of processes on a minion according to their state. [#61420](https://github.com/saltstack/salt/issues/61420)
+- Add postgres.timeout option to postgres module for limiting postgres query times [#61433](https://github.com/saltstack/salt/issues/61433)
+- Added new optional vault option, ``config_location``. This can be either ``master`` or ``local`` and defines where vault will look for connection details, either requesting them from the master or using the local config. [#61857](https://github.com/saltstack/salt/issues/61857)
+- Add ipwrap() jinja filter to wrap IPv6 addresses with brackets. [#61931](https://github.com/saltstack/salt/issues/61931)
+- 'tcp' transport is now available in ipv6-only network [#62009](https://github.com/saltstack/salt/issues/62009)
+- Add `diff_attr` parameter to pkg.upgrade() (zypper/yum). [#62031](https://github.com/saltstack/salt/issues/62031)
+- Config option pass_variable_prefix allows to distinguish variables that contain paths to pass secrets.
+  Config option pass_strict_fetch allows to error out when a secret cannot be fetched from pass.
+  Config option pass_dir allows setting the PASSWORD_STORE_DIR env for pass.
+  Config option pass_gnupghome allows setting the $GNUPGHOME env for pass. [#62120](https://github.com/saltstack/salt/issues/62120)
+- Add file.pruned state and expanded file.rmdir exec module functionality [#62178](https://github.com/saltstack/salt/issues/62178)
+- Added "dig.PTR" function to resolve PTR records for IPs, as well as tests and documentation [#62275](https://github.com/saltstack/salt/issues/62275)
+- Added the ability to remove a KB using the DISM state/execution modules [#62366](https://github.com/saltstack/salt/issues/62366)
+- Add "<tiamat> python" subcommand to allow execution or arbitrary scripts via bundled Python runtime [#62381](https://github.com/saltstack/salt/issues/62381)
+- Add ability to provide conditions which convert normal state actions to no-op when true [#62446](https://github.com/saltstack/salt/issues/62446)
+- Added debug log messages displaying the command being run when installing packages on Windows [#62480](https://github.com/saltstack/salt/issues/62480)
+- Add biosvendor grain [#62496](https://github.com/saltstack/salt/issues/62496)
+- Add ifelse Jinja function as found in CFEngine [#62508](https://github.com/saltstack/salt/issues/62508)
+- Implementation of Amazon EC2 instance detection and setting `virtual_subtype` grain accordingly including the product if possible to identify. [#62539](https://github.com/saltstack/salt/issues/62539)
+- Adds __env__substitution to ext_pillar.stack; followup of #61531, improved exception handling for stacked template (jinja) template rendering and yaml parsing in ext_pillar.stack [#62578](https://github.com/saltstack/salt/issues/62578)
+- Increase file.tidied flexibility with regard to age and size [#62678](https://github.com/saltstack/salt/issues/62678)
+- Added "connected_devices" feature to netbox pillar module. It contains extra information about devices connected to the minion [#62761](https://github.com/saltstack/salt/issues/62761)
+- Add atomic file operation for symlink changes [#62768](https://github.com/saltstack/salt/issues/62768)
+- Add password/account locking/unlocking in user.present state on supported operating systems [#62856](https://github.com/saltstack/salt/issues/62856)
+- Added onchange configuration for script engine [#62867](https://github.com/saltstack/salt/issues/62867)
+- Added output and bare functionality to export_key gpg module function [#62978](https://github.com/saltstack/salt/issues/62978)
+- Add keyvalue serializer for environment files [#62983](https://github.com/saltstack/salt/issues/62983)
+- Add ability to ignore symlinks in file.tidied [#63042](https://github.com/saltstack/salt/issues/63042)
+- salt-cloud support IMDSv2 tokens when using 'use-instance-role-credentials' [#63067](https://github.com/saltstack/salt/issues/63067)
+- Add ability for file.symlink to not set ownership on existing links [#63093](https://github.com/saltstack/salt/issues/63093)
+- Restore the previous slack engine and deprecate it, rename replace the slack engine to slack_bolt until deprecation [#63095](https://github.com/saltstack/salt/issues/63095)
+- Add functions that will return the underlying block device, mount point, and filesystem type for a given path [#63098](https://github.com/saltstack/salt/issues/63098)
+- Add ethtool execution and state module functions for pause [#63128](https://github.com/saltstack/salt/issues/63128)
+- Add boardname grain [#63131](https://github.com/saltstack/salt/issues/63131)
+- Added management of ECDSA/EdDSA private keys with x509 modules in the new cryptography x509 module. Please migrate to the new cryptography x509 module for this improvement. [#63248](https://github.com/saltstack/salt/issues/63248)
+- Added x509 modules support for different output formats in the new cryptography x509 module. Please migrate to the new cryptography x509 module for this improvement. [#63249](https://github.com/saltstack/salt/issues/63249)
+- Added deprecation_warning test state for ensuring that deprecation warnings are correctly emitted. [#63315](https://github.com/saltstack/salt/issues/63315)
+- Adds a state_events option to state.highstate, state.apply, state.sls, state.sls_id.
+  This allows users to enable state_events on a per use basis rather than having to
+  enable them globally for all state runs. [#63316](https://github.com/saltstack/salt/issues/63316)
+- Allow max queue size setting for state runs to prevent performance problems from queue growth [#63356](https://github.com/saltstack/salt/issues/63356)
+- Add support of exposing meta_server_grains for Azure VMs [#63606](https://github.com/saltstack/salt/issues/63606)
+- Include the version of `relenv` in the versions report. [#63827](https://github.com/saltstack/salt/issues/63827)
+- Added debug log messages displaying the command being run when removing packages on Windows [#63866](https://github.com/saltstack/salt/issues/63866)
+
+
 ## 3006.0rc1 (2023-03-01)


--- a/changelog/63742.fixed.md
+++ b/changelog/63742.fixed.md
@ -0,0 +1 @@
+Fixed an issue with generating fingerprints for public keys with different line endings
--- a/changelog/63882.security.md
+++ b/changelog/63882.security.md
@ -0,0 +1,9 @@
+Upgrade Requirements Due to Security Issues.
+
+* Upgrade to `cryptography>=39.0.1` due to:
+  * https://github.com/advisories/GHSA-x4qr-2fvf-3mr5
+  * https://github.com/advisories/GHSA-w7pp-m8wf-vj6r
+* Upgrade to `pyopenssl==23.0.0` due to the cryptography upgrade.
+* Update to `markdown-it-py==2.2.0` due to:
+  * https://github.com/advisories/GHSA-jrwr-5x3p-hvc3
+  * https://github.com/advisories/GHSA-vrjv-mxr7-vjf8
--- a/changelog/63883.changed.md
+++ b/changelog/63883.changed.md
@ -0,0 +1 @@
+Upgraded to `relenv==0.9.0`
--- a/changelog/63904.fixed.md
+++ b/changelog/63904.fixed.md
@ -0,0 +1 @@
+add linux_distribution to util to stop dep warning
--- a/doc/man/salt-api.1
+++ b/doc/man/salt-api.1
@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .in \\n[rst2man-indent\\n[rst2man-indent-level]]u
 ..
-.TH "SALT-API" "1" "Generated on March 01, 2023 at 10:47:29 PM UTC." "3006.0" "Salt"
+.TH "SALT-API" "1" "Generated on March 19, 2023 at 12:36:05 PM UTC." "3006.0" "Salt"
 .SH NAME
 salt-api \- salt-api Command
 .sp
--- a/doc/man/salt-call.1
+++ b/doc/man/salt-call.1
@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .in \\n[rst2man-indent\\n[rst2man-indent-level]]u
 ..
-.TH "SALT-CALL" "1" "Generated on March 01, 2023 at 10:47:29 PM UTC." "3006.0" "Salt"
+.TH "SALT-CALL" "1" "Generated on March 19, 2023 at 12:36:05 PM UTC." "3006.0" "Salt"
 .SH NAME
 salt-call \- salt-call Documentation
 .SH SYNOPSIS
--- a/doc/man/salt-cloud.1
+++ b/doc/man/salt-cloud.1
@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .in \\n[rst2man-indent\\n[rst2man-indent-level]]u
 ..
-.TH "SALT-CLOUD" "1" "Generated on March 01, 2023 at 10:47:29 PM UTC." "3006.0" "Salt"
+.TH "SALT-CLOUD" "1" "Generated on March 19, 2023 at 12:36:05 PM UTC." "3006.0" "Salt"
 .SH NAME
 salt-cloud \- Salt Cloud Command
 .sp
--- a/doc/man/salt-cp.1
+++ b/doc/man/salt-cp.1
@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .in \\n[rst2man-indent\\n[rst2man-indent-level]]u
 ..
-.TH "SALT-CP" "1" "Generated on March 01, 2023 at 10:47:29 PM UTC." "3006.0" "Salt"
+.TH "SALT-CP" "1" "Generated on March 19, 2023 at 12:36:05 PM UTC." "3006.0" "Salt"
 .SH NAME
 salt-cp \- salt-cp Documentation
 .sp
--- a/doc/man/salt-key.1
+++ b/doc/man/salt-key.1
@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .in \\n[rst2man-indent\\n[rst2man-indent-level]]u
 ..
-.TH "SALT-KEY" "1" "Generated on March 01, 2023 at 10:47:29 PM UTC." "3006.0" "Salt"
+.TH "SALT-KEY" "1" "Generated on March 19, 2023 at 12:36:05 PM UTC." "3006.0" "Salt"
 .SH NAME
 salt-key \- salt-key Documentation
 .SH SYNOPSIS
--- a/doc/man/salt-master.1
+++ b/doc/man/salt-master.1
@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .in \\n[rst2man-indent\\n[rst2man-indent-level]]u
 ..
-.TH "SALT-MASTER" "1" "Generated on March 01, 2023 at 10:47:29 PM UTC." "3006.0" "Salt"
+.TH "SALT-MASTER" "1" "Generated on March 19, 2023 at 12:36:05 PM UTC." "3006.0" "Salt"
 .SH NAME
 salt-master \- salt-master Documentation
 .sp
--- a/doc/man/salt-minion.1
+++ b/doc/man/salt-minion.1
@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .in \\n[rst2man-indent\\n[rst2man-indent-level]]u
 ..
-.TH "SALT-MINION" "1" "Generated on March 01, 2023 at 10:47:29 PM UTC." "3006.0" "Salt"
+.TH "SALT-MINION" "1" "Generated on March 19, 2023 at 12:36:05 PM UTC." "3006.0" "Salt"
 .SH NAME
 salt-minion \- salt-minion Documentation
 .sp
--- a/doc/man/salt-proxy.1
+++ b/doc/man/salt-proxy.1
@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .in \\n[rst2man-indent\\n[rst2man-indent-level]]u
 ..
-.TH "SALT-PROXY" "1" "Generated on March 01, 2023 at 10:47:29 PM UTC." "3006.0" "Salt"
+.TH "SALT-PROXY" "1" "Generated on March 19, 2023 at 12:36:05 PM UTC." "3006.0" "Salt"
 .SH NAME
 salt-proxy \- salt-proxy Documentation
 .sp
--- a/doc/man/salt-run.1
+++ b/doc/man/salt-run.1
@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .in \\n[rst2man-indent\\n[rst2man-indent-level]]u
 ..
-.TH "SALT-RUN" "1" "Generated on March 01, 2023 at 10:47:29 PM UTC." "3006.0" "Salt"
+.TH "SALT-RUN" "1" "Generated on March 19, 2023 at 12:36:05 PM UTC." "3006.0" "Salt"
 .SH NAME
 salt-run \- salt-run Documentation
 .sp
--- a/doc/man/salt-ssh.1
+++ b/doc/man/salt-ssh.1
@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .in \\n[rst2man-indent\\n[rst2man-indent-level]]u
 ..
-.TH "SALT-SSH" "1" "Generated on March 01, 2023 at 10:47:29 PM UTC." "3006.0" "Salt"
+.TH "SALT-SSH" "1" "Generated on March 19, 2023 at 12:36:05 PM UTC." "3006.0" "Salt"
 .SH NAME
 salt-ssh \- salt-ssh Documentation
 .SH SYNOPSIS
--- a/doc/man/salt-syndic.1
+++ b/doc/man/salt-syndic.1
@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .in \\n[rst2man-indent\\n[rst2man-indent-level]]u
 ..
-.TH "SALT-SYNDIC" "1" "Generated on March 01, 2023 at 10:47:29 PM UTC." "3006.0" "Salt"
+.TH "SALT-SYNDIC" "1" "Generated on March 19, 2023 at 12:36:05 PM UTC." "3006.0" "Salt"
 .SH NAME
 salt-syndic \- salt-syndic Documentation
 .sp
--- a/doc/man/salt.1
+++ b/doc/man/salt.1
@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .in \\n[rst2man-indent\\n[rst2man-indent-level]]u
 ..
-.TH "SALT" "1" "Generated on March 01, 2023 at 10:47:29 PM UTC." "3006.0" "Salt"
+.TH "SALT" "1" "Generated on March 19, 2023 at 12:36:05 PM UTC." "3006.0" "Salt"
 .SH NAME
 salt \- salt
 .SH SYNOPSIS
--- a/doc/man/salt.7
+++ b/doc/man/salt.7
@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .in \\n[rst2man-indent\\n[rst2man-indent-level]]u
 ..
-.TH "SALT" "7" "Generated on March 01, 2023 at 10:47:29 PM UTC." "3006.0" "Salt"
+.TH "SALT" "7" "Generated on March 19, 2023 at 12:36:05 PM UTC." "3006.0" "Salt"
 .SH NAME
 salt \- Salt Documentation
 .SH SALT PROJECT
@ -60904,8 +60904,12 @@ Beacons are typically enabled by placing a \fBbeacons:\fP top level block in
 beacons:
  inotify:
    \- files:
-        /etc/important_file: {}
-        /opt: {}
+        /etc/important_file:
+          mask:
+            \- modify
+        /opt:
+          mask:
+            \- modify
 .ft P
 .fi
 .UNINDENT
@ -60936,11 +60940,15 @@ Multiple copies of a particular Salt beacon can be configured by including the \
 beacons:
  watch_important_file:
    \- files:
-        /etc/important_file: {}
+        /etc/important_file:
+          mask:
+            \- modify
    \- beacon_module: inotify
  watch_another_file:
    \- files:
-        /etc/another_file: {}
+        /etc/another_file:
+          mask:
+            \- modify
    \- beacon_module: inotify
 .ft P
 .fi
@ -60959,8 +60967,12 @@ and 10\-second intervals:
 beacons:
  inotify:
    \- files:
-        /etc/important_file: {}
-        /opt: {}
+        /etc/important_file:
+          mask:
+            \- modify
+        /opt:
+          mask:
+            \- modify
    \- interval: 5
    \- disable_during_state_run: True
  load:
@ -60999,6 +61011,8 @@ beacons:
  inotify:
    \- files:
        /etc/important_file: {}
+          mask:
+            \- modify
    \- disable_during_state_run: True
 .ft P
 .fi
@ -84826,33 +84840,280 @@ on the needs of the deployed vm.
 .sp
 Starting in 3006, only onedir packaging will be available. The 3006 onedir packages
 are built with the \fI\%relenv\fP tool.
-.SS How to build rpm packages
+.SS Docker Containers
 .sp
-You only need to run rpmbuild in the Salt repo:
+The Salt Project uses docker containers to build our packages. If you are building your own packages you can use
+the same containers we build with in the Github piplines. These containers are documented \fI\%here\fP\&.
+.SS How to build onedir only
+.INDENT 0.0
+.IP 1. 3
+Install relenv:
+.INDENT 3.0
+.INDENT 3.5
 .INDENT 0.0
 .INDENT 3.5
 .sp
 .nf
 .ft C
-# rpmbuild \-bb \-\-define=\(dq_salt_src $(pwd)\(dq $(pwd)/pkg/rpm/salt.spec
+pip install relenv
 .ft P
 .fi
 .UNINDENT
 .UNINDENT
+.UNINDENT
+.UNINDENT
+.IP 2. 3
+Fetch toolchain (Only required for linux OSs)
+.INDENT 3.0
+.INDENT 3.5
+.INDENT 0.0
+.INDENT 3.5
+.sp
+.nf
+.ft C
+relenv toolchain fetch
+.ft P
+.fi
+.UNINDENT
+.UNINDENT
+.UNINDENT
+.UNINDENT
+.IP 3. 3
+Fetch Native Python Build:
+.INDENT 3.0
+.INDENT 3.5
+.INDENT 0.0
+.INDENT 3.5
+.sp
+.nf
+.ft C
+relenv fetch \-\-python=<pythonversion>
+.ft P
+.fi
+.UNINDENT
+.UNINDENT
+.UNINDENT
+.UNINDENT
+.IP 4. 3
+Create relenv environment:
+.INDENT 3.0
+.INDENT 3.5
+.INDENT 0.0
+.INDENT 3.5
+.sp
+.nf
+.ft C
+relenv create \-\-python=3.10.10 <relenv name>
+.ft P
+.fi
+.UNINDENT
+.UNINDENT
+.UNINDENT
+.UNINDENT
+.IP 5. 3
+Add Salt into onedir.
+.INDENT 3.0
+.INDENT 3.5
+.INDENT 0.0
+.INDENT 3.5
+.sp
+.nf
+.ft C
+path/to/<relenv\-name>/bin/pip install /path/to/salt
+.ft P
+.fi
+.UNINDENT
+.UNINDENT
+.UNINDENT
+.UNINDENT
+.UNINDENT
+.SS How to build rpm packages
+.INDENT 0.0
+.IP 1. 3
+Install the dependencies:
+.INDENT 3.0
+.INDENT 3.5
+.INDENT 0.0
+.INDENT 3.5
+.sp
+.nf
+.ft C
+yum \-y install python3 python3\-pip openssl git rpmdevtools rpmlint systemd\-units libxcrypt\-compat git
+.ft P
+.fi
+.UNINDENT
+.UNINDENT
+.UNINDENT
+.UNINDENT
+.IP 2. 3
+(Optional) To build a specific Salt version, you will need to install tools and changelog dependencies:
+.INDENT 3.0
+.INDENT 3.5
+.INDENT 0.0
+.INDENT 3.5
+.sp
+.nf
+.ft C
+pip install \-r requirements/static/ci/py{python_version}/tools.txt
+.ft P
+.fi
+.UNINDENT
+.UNINDENT
+.INDENT 0.0
+.INDENT 3.5
+.sp
+.nf
+.ft C
+pip install \-r requirements/static/ci/py{python_version}/changelog.txt
+.ft P
+.fi
+.UNINDENT
+.UNINDENT
+.UNINDENT
+.UNINDENT
+.IP 3. 3
+Ensure you are in the current Salt cloned git repo:
+.INDENT 3.0
+.INDENT 3.5
+.INDENT 0.0
+.INDENT 3.5
+.sp
+.nf
+.ft C
+cd salt
+.ft P
+.fi
+.UNINDENT
+.UNINDENT
+.UNINDENT
+.UNINDENT
+.IP 4. 3
+(Optional) To build a specific Salt version, run tools and set Salt version:
+.INDENT 3.0
+.INDENT 3.5
+.INDENT 0.0
+.INDENT 3.5
+.sp
+.nf
+.ft C
+tools changelog update\-rpm <salt version>
+.ft P
+.fi
+.UNINDENT
+.UNINDENT
+.UNINDENT
+.UNINDENT
+.IP 5. 3
+Run rpmbuild in the Salt repo:
+.INDENT 3.0
+.INDENT 3.5
+.INDENT 0.0
+.INDENT 3.5
+.sp
+.nf
+.ft C
+rpmbuild \-bb \-\-define=\(dq_salt_src $(pwd)\(dq $(pwd)/pkg/rpm/salt.spec
+.ft P
+.fi
+.UNINDENT
+.UNINDENT
+.UNINDENT
+.UNINDENT
+.UNINDENT
 .SS How to build deb packages
-.sp
-You only need to add a symlink and run debuild in the Salt repo:
+.INDENT 0.0
+.IP 1. 3
+Install the dependencies:
+.INDENT 3.0
+.INDENT 3.5
 .INDENT 0.0
 .INDENT 3.5
 .sp
 .nf
 .ft C
-# ln \-s pkg/deb/debian debian
-# debuild \-uc \-us
+apt install \-y python3 python3\-venv python3\-pip build\-essential devscripts debhelper bash\-completion git
 .ft P
 .fi
 .UNINDENT
 .UNINDENT
+.UNINDENT
+.UNINDENT
+.IP 2. 3
+(Optional) To build a specific Salt version, you will need to install tools and changelog dependencies:
+.INDENT 3.0
+.INDENT 3.5
+.INDENT 0.0
+.INDENT 3.5
+.sp
+.nf
+.ft C
+pip install \-r requirements/static/ci/py{python_version}/tools.txt
+.ft P
+.fi
+.UNINDENT
+.UNINDENT
+.INDENT 0.0
+.INDENT 3.5
+.sp
+.nf
+.ft C
+pip install \-r requirements/static/ci/py{python_version}/changelog.txt
+.ft P
+.fi
+.UNINDENT
+.UNINDENT
+.UNINDENT
+.UNINDENT
+.IP 3. 3
+Ensure you are in the current Salt cloned git repo.:
+.INDENT 3.0
+.INDENT 3.5
+.INDENT 0.0
+.INDENT 3.5
+.sp
+.nf
+.ft C
+cd salt
+.ft P
+.fi
+.UNINDENT
+.UNINDENT
+.UNINDENT
+.UNINDENT
+.IP 4. 3
+(Optional) To build a specific Salt version, run tools and set Salt version:
+.INDENT 3.0
+.INDENT 3.5
+.INDENT 0.0
+.INDENT 3.5
+.sp
+.nf
+.ft C
+tools changelog update\-deb <salt version>
+.ft P
+.fi
+.UNINDENT
+.UNINDENT
+.UNINDENT
+.UNINDENT
+.IP 5. 3
+Add a symlink and run debuild in the Salt repo:
+.INDENT 3.0
+.INDENT 3.5
+.INDENT 0.0
+.INDENT 3.5
+.sp
+.nf
+.ft C
+ln \-sf pkg/debian/ .
+debuild \-uc \-us
+.ft P
+.fi
+.UNINDENT
+.UNINDENT
+.UNINDENT
+.UNINDENT
+.UNINDENT
 .SS How to access python binary
 .sp
 The python library is available in the install directory of the onedir package. For example
@ -167549,13 +167810,13 @@ Support for DEB packages
 New in version 2015.8.0.

 .sp
-Parses RPM metadata and returns a dictionary of information about the
+Parses DEB metadata and returns a dictionary of information about the
 package (name, version, etc.).
 .INDENT 7.0
 .TP
 .B path
 Path to the file. Can either be an absolute path to a file on the
-minion, or a salt fileserver URL (e.g. \fBsalt://path/to/file.rpm\fP).
+minion, or a salt fileserver URL (e.g. \fBsalt://path/to/file.deb\fP).
 If a salt fileserver URL is passed, the file will be cached to the
 minion so that it can be examined.
 .TP
@ -193428,7 +193689,7 @@ Passes through all the parameters described in the
 \fI\%utils.http.query function\fP:
 .INDENT 7.0
 .TP
-.B salt.utils.http.query(url, method=\(aqGET\(aq, params=None, data=None, data_file=None, header_dict=None, header_list=None, header_file=None, username=None, password=None, auth=None, decode=False, decode_type=\(aqauto\(aq, status=False, headers=False, text=False, cookies=None, cookie_jar=None, cookie_format=\(aqlwp\(aq, persist_session=False, session_cookie_jar=None, data_render=False, data_renderer=None, header_render=False, header_renderer=None, template_dict=None, test=False, test_url=None, node=\(aqminion\(aq, port=80, opts=None, backend=None, ca_bundle=None, verify_ssl=None, cert=None, text_out=None, headers_out=None, decode_out=None, stream=False, streaming_callback=None, header_callback=None, handle=False, agent=\(aqSalt/3006.0rc1\(aq, hide_fields=None, raise_error=True, formdata=False, formdata_fieldname=None, formdata_filename=None, decode_body=True, **kwargs)
+.B salt.utils.http.query(url, method=\(aqGET\(aq, params=None, data=None, data_file=None, header_dict=None, header_list=None, header_file=None, username=None, password=None, auth=None, decode=False, decode_type=\(aqauto\(aq, status=False, headers=False, text=False, cookies=None, cookie_jar=None, cookie_format=\(aqlwp\(aq, persist_session=False, session_cookie_jar=None, data_render=False, data_renderer=None, header_render=False, header_renderer=None, template_dict=None, test=False, test_url=None, node=\(aqminion\(aq, port=80, opts=None, backend=None, ca_bundle=None, verify_ssl=None, cert=None, text_out=None, headers_out=None, decode_out=None, stream=False, streaming_callback=None, header_callback=None, handle=False, agent=\(aqSalt/3006.0rc2\(aq, hide_fields=None, raise_error=True, formdata=False, formdata_fieldname=None, formdata_filename=None, decode_body=True, **kwargs)
 Query a resource, and decode the return data
 .UNINDENT
 .INDENT 7.0
@ -475825,6 +476086,601 @@ Allow max queue size setting for state runs to prevent performance problems from
 .IP \(bu 2
 Add support of exposing meta_server_grains for Azure VMs \fI\%#63606\fP
 .UNINDENT
+.SS Changelog
+.SS Removed
+.INDENT 0.0
+.IP \(bu 2
+Remove and deprecate the \fBorchestration\fP key from salt.runner and salt.wheel return data. To get it back, set features.enable_deprecated_orchestration_flag master configuration option to True. The flag will be completely removed in Salt 3008 Argon. \fI\%#59917\fP
+.IP \(bu 2
+Removed distutils and replaced with setuptools, given distutils is deprecated and removed in Python 3.12 \fI\%#60476\fP
+.IP \(bu 2
+Removed \fBruntests\fP targets from \fBnoxfile.py\fP \fI\%#62239\fP
+.IP \(bu 2
+Removed the PyObjC dependency.
+.sp
+This addresses problems with building a one dir build for macOS.
+It became problematic because depending on the macOS version, it pulls different dependencies, and we would either have to build a macos onedir for each macOS supported release, or ship a crippled onedir(because it would be tied to the macOS version where the onedir was built).
+Since it\(aqs currently not being used, it\(aqs removed. \fI\%#62432\fP
+.IP \(bu 2
+Removed \fBSixRedirectImporter\fP from Salt. Salt hasn\(aqt shipped \fBsix\fP since Salt 3004. \fI\%#63874\fP
+.UNINDENT
+.SS Deprecated
+.INDENT 0.0
+.IP \(bu 2
+renamed \fBkeep_jobs\fP, specifying job cache TTL in hours, to \fBkeep_jobs_seconds\fP, specifying TTL in seconds.
+\fBkeep_jobs\fP will be removed in the Argon release \fI\%#55295\fP
+.IP \(bu 2
+Removing all references to napalm\-base which is no longer supported. \fI\%#61542\fP
+.IP \(bu 2
+The \(aqip_bracket\(aq function has been moved from salt/utils/zeromq.py in salt/utils/network.py \fI\%#62009\fP
+.IP \(bu 2
+The \fBexpand_repo_def\fP function in \fBsalt.modules.aptpkg\fP is now deprecated. It\(aqs only used in \fBsalt.states.pkgrepo\fP and it has no use of being exposed to the CLI. \fI\%#62485\fP
+.IP \(bu 2
+Deprecated defunct Django returner \fI\%#62644\fP
+.IP \(bu 2
+Deprecate core ESXi and associated states and modules, vcenter and vsphere support in favor of Salt VMware Extensions \fI\%#62754\fP
+.IP \(bu 2
+Removing manufacture grain which has been deprecated. \fI\%#62914\fP
+.IP \(bu 2
+Removing deprecated utils/boto3_elasticsearch.py \fI\%#62915\fP
+.IP \(bu 2
+Removing support for the now deprecated _ext_nodes from salt/master.py. \fI\%#62917\fP
+.IP \(bu 2
+Deprecating the Salt Slack engine in favor of the Salt Slack Bolt Engine. \fI\%#63095\fP
+.IP \(bu 2
+\fBsalt.utils.version.StrictVersion\fP is now deprecated and it\(aqs use should be replaced with \fBsalt.utils.version.Version\fP\&. \fI\%#63383\fP
+.UNINDENT
+.SS Changed
+.INDENT 0.0
+.IP \(bu 2
+More intelligent diffing in changes of file.serialize state. \fI\%#48609\fP
+.IP \(bu 2
+Move deprecation of the neutron module to Argon. Please migrate to the neutronng module instead. \fI\%#49430\fP
+.IP \(bu 2
+\fBumask\fP is now a global state argument, instead of only applying to \fBcmd\fP
+states. \fI\%#57803\fP
+.IP \(bu 2
+Update pillar.obfuscate to accept kwargs in addition to args.  This is useful when passing in keyword arguments like saltenv that are then passed along to pillar.items. \fI\%#58971\fP
+.IP \(bu 2
+Improve support for listing macOS brew casks \fI\%#59439\fP
+.IP \(bu 2
+Add missing MariaDB Grants to mysql module.
+MariaDB has added some grants in 10.4.x and 10.5.x that are not present here, which results in an error when creating.
+Also improved exception handling in \fBgrant_add\fP which did not log the original error message and replaced it with a generic error. \fI\%#61409\fP
+.IP \(bu 2
+Use VENV_PIP_TARGET environment variable as a default target for pip if present. \fI\%#62089\fP
+.IP \(bu 2
+Disabled FQDNs grains on macOS by default \fI\%#62168\fP
+.IP \(bu 2
+Replaced pyroute2.IPDB with pyroute2.NDB, as the former is deprecated \fI\%#62218\fP
+.IP \(bu 2
+Enhance capture of error messages for Zypper calls in zypperpkg module. \fI\%#62346\fP
+.IP \(bu 2
+Removed GPG_1_3_1 check \fI\%#62895\fP
+.IP \(bu 2
+Requisite state chunks now all consistently contain \fB__id__\fP, \fB__sls__\fP and \fBname\fP\&. \fI\%#63012\fP
+.IP \(bu 2
+netapi_enable_clients option to allow enabling/disabling of clients in salt\-api.
+By default all clients will now be disabled. Users of salt\-api will need
+to update their master config to enable the clients that they use. Not adding
+the netapi_enable_clients option with required clients to the master config will
+disable salt\-api. \fI\%#63050\fP
+.IP \(bu 2
+Stop relying on \fBsalt/_version.py\fP to write Salt\(aqs version. Instead use \fBsalt/_version.txt\fP which only contains the version string. \fI\%#63383\fP
+.IP \(bu 2
+Set enable_fqdns_grains to be False by default. \fI\%#63595\fP
+.IP \(bu 2
+Changelog snippet files must now have a \fB\&.md\fP file extension to be more explicit on what type of rendering is done when they are included in the main \fBCHANGELOG.md\fP file. \fI\%#63710\fP
+.UNINDENT
+.SS Fixed
+.INDENT 0.0
+.IP \(bu 2
+Add kwargs to handle extra parameters for http.query \fI\%#36138\fP
+.IP \(bu 2
+Fix mounted bind mounts getting active mount options added \fI\%#39292\fP
+.IP \(bu 2
+Fix \fBsysctl.present\fP converts spaces to tabs. \fI\%#40054\fP
+.IP \(bu 2
+Fixes state pkg.purged to purge removed packages on Debian family systems \fI\%#42306\fP
+.IP \(bu 2
+Fix fun_args missing from syndic returns \fI\%#45823\fP
+.IP \(bu 2
+Fix mount.mounted with \(aqmount: False\(aq reports unmounted file system as unchanged when running with test=True \fI\%#47201\fP
+.IP \(bu 2
+Issue #49310: Allow users to touch a file with Unix date of birth \fI\%#49310\fP
+.IP \(bu 2
+Do not raise an exception in pkg.info_installed on nonzero return code \fI\%#51620\fP
+.IP \(bu 2
+Passes the value of the force parameter from file.copy to its call to file.remove so that files with the read\-only attribute are handled. \fI\%#51739\fP
+.IP \(bu 2
+Fixed x509.certificate_managed creates new certificate every run in the new cryptography x509 module. Please migrate to the new cryptography x509 module for this improvement. \fI\%#52167\fP
+.IP \(bu 2
+Don\(aqt check for cached pillar errors on state.apply \fI\%#52354\fP, \fI\%#57180\fP, \fI\%#59339\fP
+.IP \(bu 2
+Swapping out args and kwargs for arg and kwarg respectively in the Slack engine when the command passed is a runner. \fI\%#52400\fP
+.IP \(bu 2
+Ensure when we\(aqre adding chunks to the rules when running aggregation with the iptables state module we use a copy of the chunk otherwise we end up with a recursive mess. \fI\%#53353\fP
+.IP \(bu 2
+When user_create or user_remove fail, return False instead of returning the error. \fI\%#53377\fP
+.IP \(bu 2
+Include sync_roster when sync_all is called. \fI\%#53914\fP
+.IP \(bu 2
+Avoid warning noise in lograte.get \fI\%#53988\fP
+.IP \(bu 2
+Fixed listing revoked keys with gpg.list_keys \fI\%#54347\fP
+.IP \(bu 2
+Fix mount.mounted does not handle blanks properly \fI\%#54508\fP
+.IP \(bu 2
+Fixed grain num_cpus get wrong CPUs count in case of inconsistent CPU numbering. \fI\%#54682\fP
+.IP \(bu 2
+Fix spelling error for python_shell argument in dpkg_lower module \fI\%#54907\fP
+.IP \(bu 2
+Cleaned up bytes response data before sending to non\-bytes compatible returners (postgres, mysql) \fI\%#55226\fP
+.IP \(bu 2
+Fixed malformed state return when testing file.managed with unavailable source file \fI\%#55269\fP
+.IP \(bu 2
+Included stdout in error message for Zypper calls in zypperpkg module. \fI\%#56016\fP
+.IP \(bu 2
+Fixed pillar.filter_by with salt\-ssh \fI\%#56093\fP
+.IP \(bu 2
+Fix boto_route53 issue with (multiple) VPCs. \fI\%#57139\fP
+.IP \(bu 2
+Remove log from mine runner which was not used. \fI\%#57463\fP
+.IP \(bu 2
+Fixed x509.read_certificate error when reading a Microsoft CA issued certificate in the new cryptography x509 module. Please migrate to the new cryptography x509 module for this improvement. \fI\%#57535\fP
+.IP \(bu 2
+Updating Slack engine to use slack_bolt library. \fI\%#57842\fP
+.IP \(bu 2
+Fixed warning about replace=True with x509.certificate_managed in the new cryptography x509 module. \fI\%#58165\fP
+.IP \(bu 2
+Fix salt.modules.pip:is_installed doesn\(aqt handle locally installed packages \fI\%#58202\fP
+.IP \(bu 2
+Add missing MariaDB Grants to mysql module. MariaDB has added some grants in 10.4.x and 10.5.x that are not present here, which results in an error when creating. \fI\%#58297\fP
+.IP \(bu 2
+linux_shadow: Fix cases where malformed shadow entries cause \fBuser.present\fP
+states to fail. \fI\%#58423\fP
+.IP \(bu 2
+Fixed salt.utils.compat.cmp to work with dictionaries \fI\%#58729\fP
+.IP \(bu 2
+Fixed formatting for terse output mode \fI\%#58953\fP
+.IP \(bu 2
+Fixed RecursiveDictDiffer with added nested dicts \fI\%#59017\fP
+.IP \(bu 2
+Fixed x509.certificate_managed has DoS effect on master in the new cryptography x509 module. Please migrate to the new cryptography x509 module for this improvement. \fI\%#59169\fP
+.IP \(bu 2
+Fixed saltnado websockets disconnecting immediately \fI\%#59183\fP
+.IP \(bu 2
+Fixed x509.certificate_managed rolls certificates every now and then in the new cryptography x509 module. Please migrate to the new cryptography x509 module for this improvement. \fI\%#59315\fP
+.IP \(bu 2
+Fix postgres_privileges.present not idempotent for functions \fI\%#59585\fP
+.IP \(bu 2
+Fixed influxdb_continuous_query.present state to provide the client args to the underlying module on create. \fI\%#59766\fP
+.IP \(bu 2
+Warn when using insecure (http:// based) key_urls for apt\-based systems in pkgrepo.managed, and add a kwarg that determines the validity of such a url. \fI\%#59786\fP
+.IP \(bu 2
+add load balancing policy default option and ensure the module can be executed with arguments from CLI \fI\%#59909\fP
+.IP \(bu 2
+Fix salt\-ssh when using imports with extra\-filerefs. \fI\%#60003\fP
+.IP \(bu 2
+Fixed cache directory corruption startup error \fI\%#60170\fP
+.IP \(bu 2
+Update docs remove dry_run in docstring of file.blockreplace state. \fI\%#60227\fP
+.IP \(bu 2
+Adds Parrot to OS_Family_Map in grains. \fI\%#60249\fP
+.IP \(bu 2
+Fixed stdout and stderr being empty sometimes when use_vt=True for the cmd.run[*] functions \fI\%#60365\fP
+.IP \(bu 2
+Use return code in iptables \-\-check to verify rule exists. \fI\%#60467\fP
+.IP \(bu 2
+Fix regression pip.installed does not pass env_vars when calling pip.list \fI\%#60557\fP
+.IP \(bu 2
+Fix xfs module when additional output included in mkfs.xfs command. \fI\%#60853\fP
+.IP \(bu 2
+Fixed parsing new format of terraform states in roster.terraform \fI\%#60915\fP
+.IP \(bu 2
+Fixed recognizing installed ARMv7 rpm packages in compatible architectures. \fI\%#60994\fP
+.IP \(bu 2
+Fixing changes dict in pkg state to be consistent when installing and test=True. \fI\%#60995\fP
+.IP \(bu 2
+Fix cron.present duplicating entries when changing timespec to special. \fI\%#60997\fP
+.IP \(bu 2
+Made salt\-ssh respect \-\-wipe again \fI\%#61083\fP
+.IP \(bu 2
+state.orchestrate_single only passes a pillar if it is set to the state
+function. This allows it to be used with state functions that don\(aqt accept a
+pillar keyword argument. \fI\%#61092\fP
+.IP \(bu 2
+Fix ipset state when the comment kwarg is set. \fI\%#61122\fP
+.IP \(bu 2
+Fix issue with archive.unzip where the password was not being encoded for the extract function \fI\%#61422\fP
+.IP \(bu 2
+Some Linux distributions (like AlmaLinux, Astra Linux, Debian, Mendel, Linux
+Mint, Pop!_OS, Rocky Linux) report different \fBoscodename\fP, \fBosfullname\fP,
+\fBosfinger\fP grains if lsb\-release is installed or not. They have been changed to
+only derive these OS grains from \fB/etc/os\-release\fP\&. \fI\%#61618\fP
+.IP \(bu 2
+Pop!_OS uses the full version (\fI\%YY.MM\fP) in the osfinger grain now, not just the year. This allows differentiating for example between 20.04 and 20.10. \fI\%#61619\fP
+.IP \(bu 2
+Fix ssh config roster to correctly parse the ssh config files that contain spaces. \fI\%#61650\fP
+.IP \(bu 2
+Fix SoftLayer configuration not raising an exception when a domain is missing \fI\%#61727\fP
+.IP \(bu 2
+Allow the minion to start or salt\-call to run even if the user doesn\(aqt have permissions to read the root_dir value from the registry \fI\%#61789\fP
+.IP \(bu 2
+Need to move the creation of the proxy object for the ProxyMinion further down in the initialization for sub proxies to ensure that all modules, especially any custom proxy modules, are available before attempting to run the init function. \fI\%#61805\fP
+.IP \(bu 2
+Fixed malformed state return when merge\-serializing to an improperly formatted file \fI\%#61814\fP
+.IP \(bu 2
+Made cmdmod._run[_all]_quiet work during minion startup on MacOS with runas specified (which fixed mac_service) \fI\%#61816\fP
+.IP \(bu 2
+When deleting the vault cache, also delete from the session cache \fI\%#61821\fP
+.IP \(bu 2
+Ignore errors on reading license info with dpkg_lowpkg to prevent tracebacks on getting package information. \fI\%#61827\fP
+.IP \(bu 2
+win_lgpo: Display conflicting policy names when more than one policy is found \fI\%#61859\fP
+.IP \(bu 2
+win_lgpo: Fixed intermittent KeyError when getting policy setting using lgpo.get_policy \fI\%#61860\fP
+.IP \(bu 2
+Fixed listing minions on OpenBSD \fI\%#61966\fP
+.IP \(bu 2
+Make Salt to return an error on \(dqpkg\(dq modules and states when targeting duplicated package names \fI\%#62019\fP
+.IP \(bu 2
+Fix return of REST\-returned permissions when auth_list is set \fI\%#62022\fP
+.IP \(bu 2
+Normalize package names once on using pkg.installed/removed with yum to make it possible to install packages with the name containing a part similar to a name of architecture. \fI\%#62029\fP
+.IP \(bu 2
+Fix inconsitency regarding name and pkgs parameters between zypperpkg.upgrade() and yumpkg.upgrade() \fI\%#62030\fP
+.IP \(bu 2
+Fix attr=all handling in pkg.list_pkgs() (yum/zypper). \fI\%#62032\fP
+.IP \(bu 2
+Fixed the humanname being ignored in pkgrepo.managed on openSUSE Leap \fI\%#62053\fP
+.IP \(bu 2
+Fixed issue with some LGPO policies having whitespace at the beginning or end of the element alias \fI\%#62058\fP
+.IP \(bu 2
+Fix ordering of args to libcloud_storage.download_object module \fI\%#62074\fP
+.IP \(bu 2
+Ignore extend declarations in sls files that are excluded. \fI\%#62082\fP
+.IP \(bu 2
+Remove leftover usage of impacket \fI\%#62101\fP
+.IP \(bu 2
+Pass executable path from _get_path_exec() is used when calling the program.
+The $HOME env is no longer modified globally.
+Only trailing newlines are stripped from the fetched secret.
+Pass process arguments are handled in a secure way. \fI\%#62120\fP
+.IP \(bu 2
+Ignore some command return codes in openbsdrcctl_service to prevent spurious errors \fI\%#62131\fP
+.IP \(bu 2
+Fixed extra period in filename output in tls module. Instead of \(dqserver.crt.\(dq it will now be \(dqserver.crt\(dq. \fI\%#62139\fP
+.IP \(bu 2
+Make sure lingering PAexec\-*.exe files in the Windows directory are cleaned up \fI\%#62152\fP
+.IP \(bu 2
+Restored Salt\(aqs DeprecationWarnings \fI\%#62185\fP
+.IP \(bu 2
+Fixed issue with forward slashes on Windows with file.recurse and clean=True \fI\%#62197\fP
+.IP \(bu 2
+Recognize OSMC as Debian\-based \fI\%#62198\fP
+.IP \(bu 2
+Fixed Zypper module failing on RPM lock file being temporarily unavailable. \fI\%#62204\fP
+.IP \(bu 2
+Improved error handling and diagnostics in the proxmox salt\-cloud driver \fI\%#62211\fP
+.IP \(bu 2
+Added EndeavourOS to the Arch os_family. \fI\%#62220\fP
+.IP \(bu 2
+Fix salt\-ssh not detecting \fBplatform\-python\fP as a valid interpreter on EL8 \fI\%#62235\fP
+.IP \(bu 2
+Fix pkg.version_cmp on openEuler and a few other os flavors. \fI\%#62248\fP
+.IP \(bu 2
+Fix localhost detection in glusterfs.peers \fI\%#62273\fP
+.IP \(bu 2
+Fix Salt Package Manager (SPM) exception when calling spm create_repo . \fI\%#62281\fP
+.IP \(bu 2
+Fix matcher slowness due to loader invocation \fI\%#62283\fP
+.IP \(bu 2
+Fixes the Puppet module for non\-aio Puppet packages for example running the Puppet module on FreeBSD. \fI\%#62323\fP
+.IP \(bu 2
+Issue 62334: Displays a debug log message instead of an error log message when the publisher fails to connect \fI\%#62334\fP
+.IP \(bu 2
+Fix pyobjects renderer access to opts and sls \fI\%#62336\fP
+.IP \(bu 2
+Fix use of random shuffle and sample functions as Jinja filters \fI\%#62372\fP
+.IP \(bu 2
+Fix groups with duplicate GIDs are not returned by get_group_list \fI\%#62377\fP
+.IP \(bu 2
+Fix the \(dqzpool.present\(dq state when enabling zpool features that are already active. \fI\%#62390\fP
+.IP \(bu 2
+Fix ability to execute remote file client methods in saltcheck \fI\%#62398\fP
+.IP \(bu 2
+Update all platforms to use pycparser 2.21 or greater for Py 3.9 or higher, fixes fips fault with openssl v3.x \fI\%#62400\fP
+.IP \(bu 2
+Due to changes in the Netmiko library for the exception paths, need to check the version of Netmiko python library and then import the exceptions from different locations depending on the result. \fI\%#62405\fP
+.IP \(bu 2
+When using preq on a state, then prereq state will first be run with test=True to determine if there are changes.  When there are changes, the state with the prereq option will be run prior to the prereq state.  If this state fails then the prereq state will not run and the state output uses the test=True run.  However, the proposed changes are included for the prereq state are included from the test=True run.  We should pull those out as there weren\(aqt actually changes since the prereq state did not run. \fI\%#62408\fP
+.IP \(bu 2
+Added directory mode for file.copy with makedirs \fI\%#62426\fP
+.IP \(bu 2
+Provide better error handling in the various napalm proxy minion functions when the device is not accessible. \fI\%#62435\fP
+.IP \(bu 2
+When handling aggregation, change the order to ensure that the requisites are aggregated first and then the state functions are aggregated.  Caching whether aggregate functions are available for particular states so we don\(aqt need to attempt to load them everytime. \fI\%#62439\fP
+.IP \(bu 2
+The patch allows to boostrap kubernetes clusters in the version above 1.13 via salt module \fI\%#62451\fP
+.IP \(bu 2
+sysctl.persist now updates the in\-memory value on FreeBSD even if the on\-disk value was already correct. \fI\%#62461\fP
+.IP \(bu 2
+Fixed parsing CDROM apt sources \fI\%#62474\fP
+.IP \(bu 2
+Update sanitizing masking for Salt SSH to include additional password like strings. \fI\%#62483\fP
+.IP \(bu 2
+Fix user/group checking on file state functions in the test mode. \fI\%#62499\fP
+.IP \(bu 2
+Fix user.present to allow removing groups using optional_groups parameter and enforcing idempotent group membership. \fI\%#62502\fP
+.IP \(bu 2
+Fix possible tracebacks if there is a package with \(aq\-\-\-\-\-\-\(aq or \(aq======\(aq in the description is installed on the Debian based minion. \fI\%#62519\fP
+.IP \(bu 2
+Fixed the omitted \(dqpool\(dq parameter when cloning a VM with the proxmox salt\-cloud driver \fI\%#62521\fP
+.IP \(bu 2
+Fix rendering of pyobjects states in saltcheck \fI\%#62523\fP
+.IP \(bu 2
+Fixes pillar where a corrupted CacheDisk file forces the pillar to be rebuilt \fI\%#62527\fP
+.IP \(bu 2
+Use str() method instead of repo_line for when python3\-apt is installed or not in \fI\%aptpkg.py\fP\&. \fI\%#62546\fP
+.IP \(bu 2
+Remove the connection_timeout from netmiko_connection_args before netmiko_connection_args is added to \fBcontext\fP[\(dqnetmiko_device\(dq][\(dqargs\(dq] which is passed along to the Netmiko library. \fI\%#62547\fP
+.IP \(bu 2
+Fix order specific mount.mounted options for persist \fI\%#62556\fP
+.IP \(bu 2
+Fixed salt\-cloud cloning a proxmox VM with a specified new vmid. \fI\%#62558\fP
+.IP \(bu 2
+Fix runas with cmd module when using the onedir bundled packages \fI\%#62565\fP
+.IP \(bu 2
+Update setproctitle version for all platforms \fI\%#62576\fP
+.IP \(bu 2
+Fixed missing parameters when cloning a VM with the proxmox salt\-cloud driver \fI\%#62580\fP
+.IP \(bu 2
+Handle PermissionError when importing crypt when FIPS is enabled. \fI\%#62587\fP
+.IP \(bu 2
+Correctly reraise exceptions in states.http \fI\%#62595\fP
+.IP \(bu 2
+Fixed syndic eauth. Now jobs will be published when a valid eauth user is targeting allowed minions/functions. \fI\%#62618\fP
+.IP \(bu 2
+updated rest_cherry/app to properly detect arg sent as a string as curl will do when only one arg is supplied. \fI\%#62624\fP
+.IP \(bu 2
+Prevent possible tracebacks in core grains module by ignoring non utf8 characters in /proc/1/environ, /proc/1/cmdline, /proc/cmdline \fI\%#62633\fP
+.IP \(bu 2
+Fixed vault ext pillar return data for KV v2 \fI\%#62651\fP
+.IP \(bu 2
+Fix saltcheck _get_top_states doesn\(aqt pass saltenv to state.show_top \fI\%#62654\fP
+.IP \(bu 2
+Fix groupadd.* functions hard code relative command name \fI\%#62657\fP
+.IP \(bu 2
+Fixed pdbedit.create trying to use a bytes\-like hash as string. \fI\%#62670\fP
+.IP \(bu 2
+Fix depenency on legacy boto module in boto3 modules \fI\%#62672\fP
+.IP \(bu 2
+Modified \(dq_get_flags\(dq function so that it returns regex flags instead of integers \fI\%#62676\fP
+.IP \(bu 2
+Change startup ReqServer log messages from error to info level. \fI\%#62728\fP
+.IP \(bu 2
+Fix kmod.* functions hard code relative command name \fI\%#62772\fP
+.IP \(bu 2
+Fix mac_brew_pkg to work with null taps \fI\%#62793\fP
+.IP \(bu 2
+Fixing a bug when listing the running schedule if \(dqschedule.enable\(dq and/or \(dqschedule.disable\(dq has been run, where the \(dqenabled\(dq items is being treated as a schedule item. \fI\%#62795\fP
+.IP \(bu 2
+Prevent annoying RuntimeWarning message about line buffering (buffering=1) not being supported in binary mode \fI\%#62817\fP
+.IP \(bu 2
+Include UID and GID checks in modules.file.check_perms as well as comparing
+ownership by username and group name. \fI\%#62818\fP
+.IP \(bu 2
+Fix presence events on TCP transport by removing a client\(aqs presence when minion disconnects from publish channel correctly \fI\%#62826\fP
+.IP \(bu 2
+Remove Azure deprecation messages from functions that always run w/ salt\-cloud \fI\%#62845\fP
+.IP \(bu 2
+Use select instead of iterating over entrypoints as a dictionary for importlib_metadata>=5.0.0 \fI\%#62854\fP
+.IP \(bu 2
+Fixed master job scheduler using when \fI\%#62858\fP
+.IP \(bu 2
+LGPO: Added support for missing domain controller policies: VulnerableChannelAllowList and LdapEnforceChannelBinding \fI\%#62873\fP
+.IP \(bu 2
+Fix unnecessarily complex gce metadata grains code to use googles metadata service more effectively. \fI\%#62878\fP
+.IP \(bu 2
+Fixed dockermod version_info function for docker\-py 6.0.0+ \fI\%#62882\fP
+.IP \(bu 2
+Moving setting the LOAD_BALANCING_POLICY_MAP dictionary into the try except block that determines if the cassandra_cql module should be made available. \fI\%#62886\fP
+.IP \(bu 2
+Updating various MongoDB module functions to work with latest version of pymongo. \fI\%#62900\fP
+.IP \(bu 2
+Restored channel for Syndic minions to send job returns to the Salt master. \fI\%#62933\fP
+.IP \(bu 2
+removed _resolve_deps as it required a library that is not generally avalible. and switched to apt\-get for everything as that can auto resolve dependencies. \fI\%#62934\fP
+.IP \(bu 2
+Updated pyzmq to version 22.0.3 on Windows builds because the old version was causing salt\-minion/salt\-call to hang \fI\%#62937\fP
+.IP \(bu 2
+Allow root user to modify crontab lines for non\-root users (except AIX and Solaris). Align crontab line changes with the file ones and also with listing crontab. \fI\%#62940\fP
+.IP \(bu 2
+Fix systemd_service.* functions hard code relative command name \fI\%#62942\fP
+.IP \(bu 2
+Fix file.symlink backupname operation can copy remote contents to local disk \fI\%#62953\fP
+.IP \(bu 2
+Issue #62968: Fix issue where cloud deployments were putting the keys in the wrong location on Windows hosts \fI\%#62968\fP
+.IP \(bu 2
+Fixed gpg_passphrase issue with gpg decrypt/encrypt functions \fI\%#62977\fP
+.IP \(bu 2
+Fix file.tidied FileNotFoundError \fI\%#62986\fP
+.IP \(bu 2
+Fixed bug where module.wait states were detected as running legacy module.run syntax \fI\%#62988\fP
+.IP \(bu 2
+Fixed issue with win_wua module where it wouldn\(aqt load if the CryptSvc was set to Manual start \fI\%#62993\fP
+.IP \(bu 2
+The \fB__opts__\fP dunder dictionary is now added to the loader\(aqs \fBpack\fP if not
+already present, which makes it accessible via the
+\fBsalt.loader.context.NamedLoaderContext\fP class. \fI\%#63013\fP
+.IP \(bu 2
+Issue #63024: Fix issue where grains and config data were being place in the wrong location on Windows hosts \fI\%#63024\fP
+.IP \(bu 2
+Fix btrfs.subvolume_snapshot command failing \fI\%#63025\fP
+.IP \(bu 2
+Fix file.retention_schedule always reports changes \fI\%#63033\fP
+.IP \(bu 2
+Fix mongo authentication for mongo ext_pillar and mongo returner
+.sp
+This fix also include the ability to use the mongo connection string for mongo ext_pillar \fI\%#63058\fP
+.IP \(bu 2
+Fixed x509.create_csr creates invalid CSR by default in the new cryptography x509 module. \fI\%#63103\fP
+.IP \(bu 2
+TCP transport documentation now contains proper master/minion\-side filtering information \fI\%#63120\fP
+.IP \(bu 2
+Fixed gpg.verify does not respect gnupghome \fI\%#63145\fP
+.IP \(bu 2
+Made pillar cache pass extra minion data as well \fI\%#63208\fP
+.IP \(bu 2
+Fix serious performance issues with the file.tidied module \fI\%#63231\fP
+.IP \(bu 2
+Fix rpm_lowpkg version comparison logic when using rpm\-vercmp and only one version has a release number. \fI\%#63317\fP
+.IP \(bu 2
+Import StrictVersion and LooseVersion from setuptools.distutils.verison or setuptools._distutils.version, if first not available \fI\%#63350\fP
+.IP \(bu 2
+When the shell is passed as powershell or pwsh, only wrapper the shell in quotes if cmd.run is running on Windows.  When quoted on Linux hosts, this results in an error when the keyword arguments are appended. \fI\%#63590\fP
+.IP \(bu 2
+LGPO: Added support for \(dqRelax minimum password length limits\(dq \fI\%#63596\fP
+.IP \(bu 2
+When a job is disabled only increase it\(aqs _next_fire_time value if the job would have run at the current time, eg. the current _next_fire_time == now. \fI\%#63699\fP
+.IP \(bu 2
+Check file is not empty before attempting to read pillar disk cache file \fI\%#63729\fP
+.IP \(bu 2
+fix cherrypy 400 error output to be less generic. \fI\%#63835\fP
+.IP \(bu 2
+remove eval and update logging to be more informative on bad config \fI\%#63879\fP
+.UNINDENT
+.SS Added
+.INDENT 0.0
+.IP \(bu 2
+Introduce a \fBLIB_STATE_DIR\fP syspaths variable which defaults to \fBCONFIG_DIR\fP,
+but can be individually customized during installation by specifying
+\fB\-\-salt\-lib\-state\-dir\fP during installation. Change the default \fBpki_dir\fP to
+\fB<LIB_STATE_DIR>/pki/master\fP (for the master) and \fB<LIB_STATE_DIR>/pki/minion\fP
+(for the minion). \fI\%#3396\fP
+.IP \(bu 2
+Allow users to enable \(aqqueue=True\(aq for all state runs via config file \fI\%#31468\fP
+.IP \(bu 2
+Added pillar templating to vault policies \fI\%#43287\fP
+.IP \(bu 2
+Add support for NVMeF as a transport protocol for hosts in a Pure Storage FlashArray \fI\%#51088\fP
+.IP \(bu 2
+A new salt\-ssh roster that generates a roster by parses a known_hosts file. \fI\%#54679\fP
+.IP \(bu 2
+Added Windows Event Viewer support \fI\%#54713\fP
+.IP \(bu 2
+Added the win_lgpo_reg state and execution modules which will allow registry based group policy to be set directly in the Registry.pol file \fI\%#56013\fP
+.IP \(bu 2
+Added resource tagging functions to boto_dynamodb execution module \fI\%#57500\fP
+.IP \(bu 2
+Added \fBopenvswitch_db\fP state module and functions \fBbridge_to_parent\fP,
+\fBbridge_to_vlan\fP, \fBdb_get\fP, and \fBdb_set\fP to the \fBopenvswitch\fP execution module.
+Also added optional \fBparent\fP and \fBvlan\fP parameters to the
+\fBopenvswitch_bridge.present\fP state module function and the
+\fBopenvswitch.bridge_create\fP execution module function. \fI\%#58986\fP
+.IP \(bu 2
+State module to manage SysFS attributes \fI\%#60154\fP
+.IP \(bu 2
+Added ability for \fBsalt.wait_for_event\fP to handle \fBevent_id\fPs that have a list value. \fI\%#60430\fP
+.IP \(bu 2
+Added suport for Linux ppc64le core grains (cpu_model, virtual, productname, manufacturer, serialnumber) and arm core grains (serialnumber, productname) \fI\%#60518\fP
+.IP \(bu 2
+Added autostart option to virt.defined and virt.running states, along with virt.update execution modules. \fI\%#60700\fP
+.IP \(bu 2
+Added .0 back to our versioning scheme for future versions (e.g. 3006.0) \fI\%#60722\fP
+.IP \(bu 2
+Initial work to allow parallel startup of proxy minions when used as sub proxies with Deltaproxy. \fI\%#61153\fP
+.IP \(bu 2
+Added node label support for GCE \fI\%#61245\fP
+.IP \(bu 2
+Support the \-\-priority flag when adding sources to Chocolatey. \fI\%#61319\fP
+.IP \(bu 2
+Add namespace option to ext_pillar.http_json \fI\%#61335\fP
+.IP \(bu 2
+Added a filter function to ps module to get a list of processes on a minion according to their state. \fI\%#61420\fP
+.IP \(bu 2
+Add postgres.timeout option to postgres module for limiting postgres query times \fI\%#61433\fP
+.IP \(bu 2
+Added new optional vault option, \fBconfig_location\fP\&. This can be either \fBmaster\fP or \fBlocal\fP and defines where vault will look for connection details, either requesting them from the master or using the local config. \fI\%#61857\fP
+.IP \(bu 2
+Add ipwrap() jinja filter to wrap IPv6 addresses with brackets. \fI\%#61931\fP
+.IP \(bu 2
+\(aqtcp\(aq transport is now available in ipv6\-only network \fI\%#62009\fP
+.IP \(bu 2
+Add \fBdiff_attr\fP parameter to pkg.upgrade() (zypper/yum). \fI\%#62031\fP
+.IP \(bu 2
+Config option pass_variable_prefix allows to distinguish variables that contain paths to pass secrets.
+Config option pass_strict_fetch allows to error out when a secret cannot be fetched from pass.
+Config option pass_dir allows setting the PASSWORD_STORE_DIR env for pass.
+Config option pass_gnupghome allows setting the $GNUPGHOME env for pass. \fI\%#62120\fP
+.IP \(bu 2
+Add file.pruned state and expanded file.rmdir exec module functionality \fI\%#62178\fP
+.IP \(bu 2
+Added \(dqdig.PTR\(dq function to resolve PTR records for IPs, as well as tests and documentation \fI\%#62275\fP
+.IP \(bu 2
+Added the ability to remove a KB using the DISM state/execution modules \fI\%#62366\fP
+.IP \(bu 2
+Add \(dq python\(dq subcommand to allow execution or arbitrary scripts via bundled Python runtime \fI\%#62381\fP
+.IP \(bu 2
+Add ability to provide conditions which convert normal state actions to no\-op when true \fI\%#62446\fP
+.IP \(bu 2
+Added debug log messages displaying the command being run when installing packages on Windows \fI\%#62480\fP
+.IP \(bu 2
+Add biosvendor grain \fI\%#62496\fP
+.IP \(bu 2
+Add ifelse Jinja function as found in CFEngine \fI\%#62508\fP
+.IP \(bu 2
+Implementation of Amazon EC2 instance detection and setting \fBvirtual_subtype\fP grain accordingly including the product if possible to identify. \fI\%#62539\fP
+.IP \(bu 2
+Adds __env__substitution to ext_pillar.stack; followup of #61531, improved exception handling for stacked template (jinja) template rendering and yaml parsing in ext_pillar.stack \fI\%#62578\fP
+.IP \(bu 2
+Increase file.tidied flexibility with regard to age and size \fI\%#62678\fP
+.IP \(bu 2
+Added \(dqconnected_devices\(dq feature to netbox pillar module. It contains extra information about devices connected to the minion \fI\%#62761\fP
+.IP \(bu 2
+Add atomic file operation for symlink changes \fI\%#62768\fP
+.IP \(bu 2
+Add password/account locking/unlocking in user.present state on supported operating systems \fI\%#62856\fP
+.IP \(bu 2
+Added onchange configuration for script engine \fI\%#62867\fP
+.IP \(bu 2
+Added output and bare functionality to export_key gpg module function \fI\%#62978\fP
+.IP \(bu 2
+Add keyvalue serializer for environment files \fI\%#62983\fP
+.IP \(bu 2
+Add ability to ignore symlinks in file.tidied \fI\%#63042\fP
+.IP \(bu 2
+salt\-cloud support IMDSv2 tokens when using \(aquse\-instance\-role\-credentials\(aq \fI\%#63067\fP
+.IP \(bu 2
+Add ability for file.symlink to not set ownership on existing links \fI\%#63093\fP
+.IP \(bu 2
+Restore the previous slack engine and deprecate it, rename replace the slack engine to slack_bolt until deprecation \fI\%#63095\fP
+.IP \(bu 2
+Add functions that will return the underlying block device, mount point, and filesystem type for a given path \fI\%#63098\fP
+.IP \(bu 2
+Add ethtool execution and state module functions for pause \fI\%#63128\fP
+.IP \(bu 2
+Add boardname grain \fI\%#63131\fP
+.IP \(bu 2
+Added management of ECDSA/EdDSA private keys with x509 modules in the new cryptography x509 module. Please migrate to the new cryptography x509 module for this improvement. \fI\%#63248\fP
+.IP \(bu 2
+Added x509 modules support for different output formats in the new cryptography x509 module. Please migrate to the new cryptography x509 module for this improvement. \fI\%#63249\fP
+.IP \(bu 2
+Added deprecation_warning test state for ensuring that deprecation warnings are correctly emitted. \fI\%#63315\fP
+.IP \(bu 2
+Adds a state_events option to state.highstate, state.apply, state.sls, state.sls_id.
+This allows users to enable state_events on a per use basis rather than having to
+enable them globally for all state runs. \fI\%#63316\fP
+.IP \(bu 2
+Allow max queue size setting for state runs to prevent performance problems from queue growth \fI\%#63356\fP
+.IP \(bu 2
+Add support of exposing meta_server_grains for Azure VMs \fI\%#63606\fP
+.IP \(bu 2
+Include the version of \fBrelenv\fP in the versions report. \fI\%#63827\fP
+.IP \(bu 2
+Added debug log messages displaying the command being run when removing packages on Windows \fI\%#63866\fP
+.UNINDENT
 .sp
 See \fI\%Install a release candidate\fP
 for more information about installing an RC when one is available.
--- a/doc/man/spm.1
+++ b/doc/man/spm.1
@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
 .in \\n[rst2man-indent\\n[rst2man-indent-level]]u
 ..
-.TH "SPM" "1" "Generated on March 01, 2023 at 10:47:29 PM UTC." "3006.0" "Salt"
+.TH "SPM" "1" "Generated on March 19, 2023 at 12:36:05 PM UTC." "3006.0" "Salt"
 .SH NAME
 spm \- Salt Package Manager Command
 .sp
--- a/doc/topics/releases/3006.0.md
+++ b/doc/topics/releases/3006.0.md
@ -377,3 +377,333 @@ lib-bar:
  enable them globally for all state runs. [#63316](https://github.com/saltstack/salt/issues/63316)
 - Allow max queue size setting for state runs to prevent performance problems from queue growth [#63356](https://github.com/saltstack/salt/issues/63356)
 - Add support of exposing meta_server_grains for Azure VMs [#63606](https://github.com/saltstack/salt/issues/63606)
+
+## Changelog
+
+### Removed
+
+- Remove and deprecate the __orchestration__ key from salt.runner and salt.wheel return data. To get it back, set features.enable_deprecated_orchestration_flag master configuration option to True. The flag will be completely removed in Salt 3008 Argon. [#59917](https://github.com/saltstack/salt/issues/59917)
+- Removed distutils and replaced with setuptools, given distutils is deprecated and removed in Python 3.12 [#60476](https://github.com/saltstack/salt/issues/60476)
+- Removed ``runtests`` targets from ``noxfile.py`` [#62239](https://github.com/saltstack/salt/issues/62239)
+- Removed the PyObjC dependency.
+
+  This addresses problems with building a one dir build for macOS.
+  It became problematic because depending on the macOS version, it pulls different dependencies, and we would either have to build a macos onedir for each macOS supported release, or ship a crippled onedir(because it would be tied to the macOS version where the onedir was built).
+  Since it's currently not being used, it's removed. [#62432](https://github.com/saltstack/salt/issues/62432)
+- Removed `SixRedirectImporter` from Salt. Salt hasn't shipped `six` since Salt 3004. [#63874](https://github.com/saltstack/salt/issues/63874)
+
+
+### Deprecated
+
+- renamed `keep_jobs`, specifying job cache TTL in hours, to `keep_jobs_seconds`, specifying TTL in seconds.
+  `keep_jobs` will be removed in the Argon release [#55295](https://github.com/saltstack/salt/issues/55295)
+- Removing all references to napalm-base which is no longer supported. [#61542](https://github.com/saltstack/salt/issues/61542)
+- The 'ip_bracket' function has been moved from salt/utils/zeromq.py in salt/utils/network.py [#62009](https://github.com/saltstack/salt/issues/62009)
+- The `expand_repo_def` function in `salt.modules.aptpkg` is now deprecated. It's only used in `salt.states.pkgrepo` and it has no use of being exposed to the CLI. [#62485](https://github.com/saltstack/salt/issues/62485)
+- Deprecated defunct Django returner [#62644](https://github.com/saltstack/salt/issues/62644)
+- Deprecate core ESXi and associated states and modules, vcenter and vsphere support in favor of Salt VMware Extensions [#62754](https://github.com/saltstack/salt/issues/62754)
+- Removing manufacture grain which has been deprecated. [#62914](https://github.com/saltstack/salt/issues/62914)
+- Removing deprecated utils/boto3_elasticsearch.py [#62915](https://github.com/saltstack/salt/issues/62915)
+- Removing support for the now deprecated _ext_nodes from salt/master.py. [#62917](https://github.com/saltstack/salt/issues/62917)
+- Deprecating the Salt Slack engine in favor of the Salt Slack Bolt Engine. [#63095](https://github.com/saltstack/salt/issues/63095)
+- `salt.utils.version.StrictVersion` is now deprecated and it's use should be replaced with `salt.utils.version.Version`. [#63383](https://github.com/saltstack/salt/issues/63383)
+
+
+### Changed
+
+- More intelligent diffing in changes of file.serialize state. [#48609](https://github.com/saltstack/salt/issues/48609)
+- Move deprecation of the neutron module to Argon. Please migrate to the neutronng module instead. [#49430](https://github.com/saltstack/salt/issues/49430)
+- ``umask`` is now a global state argument, instead of only applying to ``cmd``
+  states. [#57803](https://github.com/saltstack/salt/issues/57803)
+- Update pillar.obfuscate to accept kwargs in addition to args.  This is useful when passing in keyword arguments like saltenv that are then passed along to pillar.items. [#58971](https://github.com/saltstack/salt/issues/58971)
+- Improve support for listing macOS brew casks [#59439](https://github.com/saltstack/salt/issues/59439)
+- Add missing MariaDB Grants to mysql module.
+  MariaDB has added some grants in 10.4.x and 10.5.x that are not present here, which results in an error when creating.
+  Also improved exception handling in `grant_add` which did not log the original error message and replaced it with a generic error. [#61409](https://github.com/saltstack/salt/issues/61409)
+- Use VENV_PIP_TARGET environment variable as a default target for pip if present. [#62089](https://github.com/saltstack/salt/issues/62089)
+- Disabled FQDNs grains on macOS by default [#62168](https://github.com/saltstack/salt/issues/62168)
+- Replaced pyroute2.IPDB with pyroute2.NDB, as the former is deprecated [#62218](https://github.com/saltstack/salt/issues/62218)
+- Enhance capture of error messages for Zypper calls in zypperpkg module. [#62346](https://github.com/saltstack/salt/issues/62346)
+- Removed GPG_1_3_1 check [#62895](https://github.com/saltstack/salt/issues/62895)
+- Requisite state chunks now all consistently contain `__id__`, `__sls__` and `name`. [#63012](https://github.com/saltstack/salt/issues/63012)
+- netapi_enable_clients option to allow enabling/disabling of clients in salt-api.
+  By default all clients will now be disabled. Users of salt-api will need
+  to update their master config to enable the clients that they use. Not adding
+  the netapi_enable_clients option with required clients to the master config will
+  disable salt-api. [#63050](https://github.com/saltstack/salt/issues/63050)
+- Stop relying on `salt/_version.py` to write Salt's version. Instead use `salt/_version.txt` which only contains the version string. [#63383](https://github.com/saltstack/salt/issues/63383)
+- Set enable_fqdns_grains to be False by default. [#63595](https://github.com/saltstack/salt/issues/63595)
+- Changelog snippet files must now have a `.md` file extension to be more explicit on what type of rendering is done when they are included in the main `CHANGELOG.md` file. [#63710](https://github.com/saltstack/salt/issues/63710)
+
+
+### Fixed
+
+- Add kwargs to handle extra parameters for http.query [#36138](https://github.com/saltstack/salt/issues/36138)
+- Fix mounted bind mounts getting active mount options added [#39292](https://github.com/saltstack/salt/issues/39292)
+- Fix `sysctl.present` converts spaces to tabs. [#40054](https://github.com/saltstack/salt/issues/40054)
+- Fixes state pkg.purged to purge removed packages on Debian family systems [#42306](https://github.com/saltstack/salt/issues/42306)
+- Fix fun_args missing from syndic returns [#45823](https://github.com/saltstack/salt/issues/45823)
+- Fix mount.mounted with 'mount: False' reports unmounted file system as unchanged when running with test=True [#47201](https://github.com/saltstack/salt/issues/47201)
+- Issue #49310: Allow users to touch a file with Unix date of birth [#49310](https://github.com/saltstack/salt/issues/49310)
+- Do not raise an exception in pkg.info_installed on nonzero return code [#51620](https://github.com/saltstack/salt/issues/51620)
+- Passes the value of the force parameter from file.copy to its call to file.remove so that files with the read-only attribute are handled. [#51739](https://github.com/saltstack/salt/issues/51739)
+- Fixed x509.certificate_managed creates new certificate every run in the new cryptography x509 module. Please migrate to the new cryptography x509 module for this improvement. [#52167](https://github.com/saltstack/salt/issues/52167)
+- Don't check for cached pillar errors on state.apply [#52354](https://github.com/saltstack/salt/issues/52354), [#57180](https://github.com/saltstack/salt/issues/57180), [#59339](https://github.com/saltstack/salt/issues/59339)
+- Swapping out args and kwargs for arg and kwarg respectively in the Slack engine when the command passed is a runner. [#52400](https://github.com/saltstack/salt/issues/52400)
+- Ensure when we're adding chunks to the rules when running aggregation with the iptables state module we use a copy of the chunk otherwise we end up with a recursive mess. [#53353](https://github.com/saltstack/salt/issues/53353)
+- When user_create or user_remove fail, return False instead of returning the error. [#53377](https://github.com/saltstack/salt/issues/53377)
+- Include sync_roster when sync_all is called. [#53914](https://github.com/saltstack/salt/issues/53914)
+- Avoid warning noise in lograte.get [#53988](https://github.com/saltstack/salt/issues/53988)
+- Fixed listing revoked keys with gpg.list_keys [#54347](https://github.com/saltstack/salt/issues/54347)
+- Fix mount.mounted does not handle blanks properly [#54508](https://github.com/saltstack/salt/issues/54508)
+- Fixed grain num_cpus get wrong CPUs count in case of inconsistent CPU numbering. [#54682](https://github.com/saltstack/salt/issues/54682)
+- Fix spelling error for python_shell argument in dpkg_lower module [#54907](https://github.com/saltstack/salt/issues/54907)
+- Cleaned up bytes response data before sending to non-bytes compatible returners (postgres, mysql) [#55226](https://github.com/saltstack/salt/issues/55226)
+- Fixed malformed state return when testing file.managed with unavailable source file [#55269](https://github.com/saltstack/salt/issues/55269)
+- Included stdout in error message for Zypper calls in zypperpkg module. [#56016](https://github.com/saltstack/salt/issues/56016)
+- Fixed pillar.filter_by with salt-ssh [#56093](https://github.com/saltstack/salt/issues/56093)
+- Fix boto_route53 issue with (multiple) VPCs. [#57139](https://github.com/saltstack/salt/issues/57139)
+- Remove log from mine runner which was not used. [#57463](https://github.com/saltstack/salt/issues/57463)
+- Fixed x509.read_certificate error when reading a Microsoft CA issued certificate in the new cryptography x509 module. Please migrate to the new cryptography x509 module for this improvement. [#57535](https://github.com/saltstack/salt/issues/57535)
+- Updating Slack engine to use slack_bolt library. [#57842](https://github.com/saltstack/salt/issues/57842)
+- Fixed warning about replace=True with x509.certificate_managed in the new cryptography x509 module. [#58165](https://github.com/saltstack/salt/issues/58165)
+- Fix salt.modules.pip:is_installed doesn't handle locally installed packages [#58202](https://github.com/saltstack/salt/issues/58202)
+- Add missing MariaDB Grants to mysql module. MariaDB has added some grants in 10.4.x and 10.5.x that are not present here, which results in an error when creating. [#58297](https://github.com/saltstack/salt/issues/58297)
+- linux_shadow: Fix cases where malformed shadow entries cause `user.present`
+  states to fail. [#58423](https://github.com/saltstack/salt/issues/58423)
+- Fixed salt.utils.compat.cmp to work with dictionaries [#58729](https://github.com/saltstack/salt/issues/58729)
+- Fixed formatting for terse output mode [#58953](https://github.com/saltstack/salt/issues/58953)
+- Fixed RecursiveDictDiffer with added nested dicts [#59017](https://github.com/saltstack/salt/issues/59017)
+- Fixed x509.certificate_managed has DoS effect on master in the new cryptography x509 module. Please migrate to the new cryptography x509 module for this improvement. [#59169](https://github.com/saltstack/salt/issues/59169)
+- Fixed saltnado websockets disconnecting immediately [#59183](https://github.com/saltstack/salt/issues/59183)
+- Fixed x509.certificate_managed rolls certificates every now and then in the new cryptography x509 module. Please migrate to the new cryptography x509 module for this improvement. [#59315](https://github.com/saltstack/salt/issues/59315)
+- Fix postgres_privileges.present not idempotent for functions [#59585](https://github.com/saltstack/salt/issues/59585)
+- Fixed influxdb_continuous_query.present state to provide the client args to the underlying module on create. [#59766](https://github.com/saltstack/salt/issues/59766)
+- Warn when using insecure (http:// based) key_urls for apt-based systems in pkgrepo.managed, and add a kwarg that determines the validity of such a url. [#59786](https://github.com/saltstack/salt/issues/59786)
+- add load balancing policy default option and ensure the module can be executed with arguments from CLI [#59909](https://github.com/saltstack/salt/issues/59909)
+- Fix salt-ssh when using imports with extra-filerefs. [#60003](https://github.com/saltstack/salt/issues/60003)
+- Fixed cache directory corruption startup error [#60170](https://github.com/saltstack/salt/issues/60170)
+- Update docs remove dry_run in docstring of file.blockreplace state. [#60227](https://github.com/saltstack/salt/issues/60227)
+- Adds Parrot to OS_Family_Map in grains. [#60249](https://github.com/saltstack/salt/issues/60249)
+- Fixed stdout and stderr being empty sometimes when use_vt=True for the cmd.run[*] functions [#60365](https://github.com/saltstack/salt/issues/60365)
+- Use return code in iptables --check to verify rule exists. [#60467](https://github.com/saltstack/salt/issues/60467)
+- Fix regression pip.installed does not pass env_vars when calling pip.list [#60557](https://github.com/saltstack/salt/issues/60557)
+- Fix xfs module when additional output included in mkfs.xfs command. [#60853](https://github.com/saltstack/salt/issues/60853)
+- Fixed parsing new format of terraform states in roster.terraform [#60915](https://github.com/saltstack/salt/issues/60915)
+- Fixed recognizing installed ARMv7 rpm packages in compatible architectures. [#60994](https://github.com/saltstack/salt/issues/60994)
+- Fixing changes dict in pkg state to be consistent when installing and test=True. [#60995](https://github.com/saltstack/salt/issues/60995)
+- Fix cron.present duplicating entries when changing timespec to special. [#60997](https://github.com/saltstack/salt/issues/60997)
+- Made salt-ssh respect --wipe again [#61083](https://github.com/saltstack/salt/issues/61083)
+- state.orchestrate_single only passes a pillar if it is set to the state
+  function. This allows it to be used with state functions that don't accept a
+  pillar keyword argument. [#61092](https://github.com/saltstack/salt/issues/61092)
+- Fix ipset state when the comment kwarg is set. [#61122](https://github.com/saltstack/salt/issues/61122)
+- Fix issue with archive.unzip where the password was not being encoded for the extract function [#61422](https://github.com/saltstack/salt/issues/61422)
+- Some Linux distributions (like AlmaLinux, Astra Linux, Debian, Mendel, Linux
+  Mint, Pop!_OS, Rocky Linux) report different `oscodename`, `osfullname`,
+  `osfinger` grains if lsb-release is installed or not. They have been changed to
+  only derive these OS grains from `/etc/os-release`. [#61618](https://github.com/saltstack/salt/issues/61618)
+- Pop!_OS uses the full version (YY.MM) in the osfinger grain now, not just the year. This allows differentiating for example between 20.04 and 20.10. [#61619](https://github.com/saltstack/salt/issues/61619)
+- Fix ssh config roster to correctly parse the ssh config files that contain spaces. [#61650](https://github.com/saltstack/salt/issues/61650)
+- Fix SoftLayer configuration not raising an exception when a domain is missing [#61727](https://github.com/saltstack/salt/issues/61727)
+- Allow the minion to start or salt-call to run even if the user doesn't have permissions to read the root_dir value from the registry [#61789](https://github.com/saltstack/salt/issues/61789)
+- Need to move the creation of the proxy object for the ProxyMinion further down in the initialization for sub proxies to ensure that all modules, especially any custom proxy modules, are available before attempting to run the init function. [#61805](https://github.com/saltstack/salt/issues/61805)
+- Fixed malformed state return when merge-serializing to an improperly formatted file [#61814](https://github.com/saltstack/salt/issues/61814)
+- Made cmdmod._run[_all]_quiet work during minion startup on MacOS with runas specified (which fixed mac_service) [#61816](https://github.com/saltstack/salt/issues/61816)
+- When deleting the vault cache, also delete from the session cache [#61821](https://github.com/saltstack/salt/issues/61821)
+- Ignore errors on reading license info with dpkg_lowpkg to prevent tracebacks on getting package information. [#61827](https://github.com/saltstack/salt/issues/61827)
+- win_lgpo: Display conflicting policy names when more than one policy is found [#61859](https://github.com/saltstack/salt/issues/61859)
+- win_lgpo: Fixed intermittent KeyError when getting policy setting using lgpo.get_policy [#61860](https://github.com/saltstack/salt/issues/61860)
+- Fixed listing minions on OpenBSD [#61966](https://github.com/saltstack/salt/issues/61966)
+- Make Salt to return an error on "pkg" modules and states when targeting duplicated package names [#62019](https://github.com/saltstack/salt/issues/62019)
+- Fix return of REST-returned permissions when auth_list is set [#62022](https://github.com/saltstack/salt/issues/62022)
+- Normalize package names once on using pkg.installed/removed with yum to make it possible to install packages with the name containing a part similar to a name of architecture. [#62029](https://github.com/saltstack/salt/issues/62029)
+- Fix inconsitency regarding name and pkgs parameters between zypperpkg.upgrade() and yumpkg.upgrade() [#62030](https://github.com/saltstack/salt/issues/62030)
+- Fix attr=all handling in pkg.list_pkgs() (yum/zypper). [#62032](https://github.com/saltstack/salt/issues/62032)
+- Fixed the humanname being ignored in pkgrepo.managed on openSUSE Leap [#62053](https://github.com/saltstack/salt/issues/62053)
+- Fixed issue with some LGPO policies having whitespace at the beginning or end of the element alias [#62058](https://github.com/saltstack/salt/issues/62058)
+- Fix ordering of args to libcloud_storage.download_object module [#62074](https://github.com/saltstack/salt/issues/62074)
+- Ignore extend declarations in sls files that are excluded. [#62082](https://github.com/saltstack/salt/issues/62082)
+- Remove leftover usage of impacket [#62101](https://github.com/saltstack/salt/issues/62101)
+- Pass executable path from _get_path_exec() is used when calling the program.
+  The $HOME env is no longer modified globally.
+  Only trailing newlines are stripped from the fetched secret.
+  Pass process arguments are handled in a secure way. [#62120](https://github.com/saltstack/salt/issues/62120)
+- Ignore some command return codes in openbsdrcctl_service to prevent spurious errors [#62131](https://github.com/saltstack/salt/issues/62131)
+- Fixed extra period in filename output in tls module. Instead of "server.crt." it will now be "server.crt". [#62139](https://github.com/saltstack/salt/issues/62139)
+- Make sure lingering PAexec-*.exe files in the Windows directory are cleaned up [#62152](https://github.com/saltstack/salt/issues/62152)
+- Restored Salt's DeprecationWarnings [#62185](https://github.com/saltstack/salt/issues/62185)
+- Fixed issue with forward slashes on Windows with file.recurse and clean=True [#62197](https://github.com/saltstack/salt/issues/62197)
+- Recognize OSMC as Debian-based [#62198](https://github.com/saltstack/salt/issues/62198)
+- Fixed Zypper module failing on RPM lock file being temporarily unavailable. [#62204](https://github.com/saltstack/salt/issues/62204)
+- Improved error handling and diagnostics in the proxmox salt-cloud driver [#62211](https://github.com/saltstack/salt/issues/62211)
+- Added EndeavourOS to the Arch os_family. [#62220](https://github.com/saltstack/salt/issues/62220)
+- Fix salt-ssh not detecting `platform-python` as a valid interpreter on EL8 [#62235](https://github.com/saltstack/salt/issues/62235)
+- Fix pkg.version_cmp on openEuler and a few other os flavors. [#62248](https://github.com/saltstack/salt/issues/62248)
+- Fix localhost detection in glusterfs.peers [#62273](https://github.com/saltstack/salt/issues/62273)
+- Fix Salt Package Manager (SPM) exception when calling spm create_repo . [#62281](https://github.com/saltstack/salt/issues/62281)
+- Fix matcher slowness due to loader invocation [#62283](https://github.com/saltstack/salt/issues/62283)
+- Fixes the Puppet module for non-aio Puppet packages for example running the Puppet module on FreeBSD. [#62323](https://github.com/saltstack/salt/issues/62323)
+- Issue 62334: Displays a debug log message instead of an error log message when the publisher fails to connect [#62334](https://github.com/saltstack/salt/issues/62334)
+- Fix pyobjects renderer access to opts and sls [#62336](https://github.com/saltstack/salt/issues/62336)
+- Fix use of random shuffle and sample functions as Jinja filters [#62372](https://github.com/saltstack/salt/issues/62372)
+- Fix groups with duplicate GIDs are not returned by get_group_list [#62377](https://github.com/saltstack/salt/issues/62377)
+- Fix the "zpool.present" state when enabling zpool features that are already active. [#62390](https://github.com/saltstack/salt/issues/62390)
+- Fix ability to execute remote file client methods in saltcheck [#62398](https://github.com/saltstack/salt/issues/62398)
+- Update all platforms to use pycparser 2.21 or greater for Py 3.9 or higher, fixes fips fault with openssl v3.x [#62400](https://github.com/saltstack/salt/issues/62400)
+- Due to changes in the Netmiko library for the exception paths, need to check the version of Netmiko python library and then import the exceptions from different locations depending on the result. [#62405](https://github.com/saltstack/salt/issues/62405)
+- When using preq on a state, then prereq state will first be run with test=True to determine if there are changes.  When there are changes, the state with the prereq option will be run prior to the prereq state.  If this state fails then the prereq state will not run and the state output uses the test=True run.  However, the proposed changes are included for the prereq state are included from the test=True run.  We should pull those out as there weren't actually changes since the prereq state did not run. [#62408](https://github.com/saltstack/salt/issues/62408)
+- Added directory mode for file.copy with makedirs [#62426](https://github.com/saltstack/salt/issues/62426)
+- Provide better error handling in the various napalm proxy minion functions when the device is not accessible. [#62435](https://github.com/saltstack/salt/issues/62435)
+- When handling aggregation, change the order to ensure that the requisites are aggregated first and then the state functions are aggregated.  Caching whether aggregate functions are available for particular states so we don't need to attempt to load them everytime. [#62439](https://github.com/saltstack/salt/issues/62439)
+- The patch allows to boostrap kubernetes clusters in the version above 1.13 via salt module [#62451](https://github.com/saltstack/salt/issues/62451)
+- sysctl.persist now updates the in-memory value on FreeBSD even if the on-disk value was already correct. [#62461](https://github.com/saltstack/salt/issues/62461)
+- Fixed parsing CDROM apt sources [#62474](https://github.com/saltstack/salt/issues/62474)
+- Update sanitizing masking for Salt SSH to include additional password like strings. [#62483](https://github.com/saltstack/salt/issues/62483)
+- Fix user/group checking on file state functions in the test mode. [#62499](https://github.com/saltstack/salt/issues/62499)
+- Fix user.present to allow removing groups using optional_groups parameter and enforcing idempotent group membership. [#62502](https://github.com/saltstack/salt/issues/62502)
+- Fix possible tracebacks if there is a package with '------' or '======' in the description is installed on the Debian based minion. [#62519](https://github.com/saltstack/salt/issues/62519)
+- Fixed the omitted "pool" parameter when cloning a VM with the proxmox salt-cloud driver [#62521](https://github.com/saltstack/salt/issues/62521)
+- Fix rendering of pyobjects states in saltcheck [#62523](https://github.com/saltstack/salt/issues/62523)
+- Fixes pillar where a corrupted CacheDisk file forces the pillar to be rebuilt [#62527](https://github.com/saltstack/salt/issues/62527)
+- Use str() method instead of repo_line for when python3-apt is installed or not in aptpkg.py. [#62546](https://github.com/saltstack/salt/issues/62546)
+- Remove the connection_timeout from netmiko_connection_args before netmiko_connection_args is added to __context__["netmiko_device"]["args"] which is passed along to the Netmiko library. [#62547](https://github.com/saltstack/salt/issues/62547)
+- Fix order specific mount.mounted options for persist [#62556](https://github.com/saltstack/salt/issues/62556)
+- Fixed salt-cloud cloning a proxmox VM with a specified new vmid. [#62558](https://github.com/saltstack/salt/issues/62558)
+- Fix runas with cmd module when using the onedir bundled packages [#62565](https://github.com/saltstack/salt/issues/62565)
+- Update setproctitle version for all platforms [#62576](https://github.com/saltstack/salt/issues/62576)
+- Fixed missing parameters when cloning a VM with the proxmox salt-cloud driver [#62580](https://github.com/saltstack/salt/issues/62580)
+- Handle PermissionError when importing crypt when FIPS is enabled. [#62587](https://github.com/saltstack/salt/issues/62587)
+- Correctly reraise exceptions in states.http [#62595](https://github.com/saltstack/salt/issues/62595)
+- Fixed syndic eauth. Now jobs will be published when a valid eauth user is targeting allowed minions/functions. [#62618](https://github.com/saltstack/salt/issues/62618)
+- updated rest_cherry/app to properly detect arg sent as a string as curl will do when only one arg is supplied. [#62624](https://github.com/saltstack/salt/issues/62624)
+- Prevent possible tracebacks in core grains module by ignoring non utf8 characters in /proc/1/environ, /proc/1/cmdline, /proc/cmdline [#62633](https://github.com/saltstack/salt/issues/62633)
+- Fixed vault ext pillar return data for KV v2 [#62651](https://github.com/saltstack/salt/issues/62651)
+- Fix saltcheck _get_top_states doesn't pass saltenv to state.show_top [#62654](https://github.com/saltstack/salt/issues/62654)
+- Fix groupadd.* functions hard code relative command name [#62657](https://github.com/saltstack/salt/issues/62657)
+- Fixed pdbedit.create trying to use a bytes-like hash as string. [#62670](https://github.com/saltstack/salt/issues/62670)
+- Fix depenency on legacy boto module in boto3 modules [#62672](https://github.com/saltstack/salt/issues/62672)
+- Modified "_get_flags" function so that it returns regex flags instead of integers [#62676](https://github.com/saltstack/salt/issues/62676)
+- Change startup ReqServer log messages from error to info level. [#62728](https://github.com/saltstack/salt/issues/62728)
+- Fix kmod.* functions hard code relative command name [#62772](https://github.com/saltstack/salt/issues/62772)
+- Fix mac_brew_pkg to work with null taps [#62793](https://github.com/saltstack/salt/issues/62793)
+- Fixing a bug when listing the running schedule if "schedule.enable" and/or "schedule.disable" has been run, where the "enabled" items is being treated as a schedule item. [#62795](https://github.com/saltstack/salt/issues/62795)
+- Prevent annoying RuntimeWarning message about line buffering (buffering=1) not being supported in binary mode [#62817](https://github.com/saltstack/salt/issues/62817)
+- Include UID and GID checks in modules.file.check_perms as well as comparing
+  ownership by username and group name. [#62818](https://github.com/saltstack/salt/issues/62818)
+- Fix presence events on TCP transport by removing a client's presence when minion disconnects from publish channel correctly [#62826](https://github.com/saltstack/salt/issues/62826)
+- Remove Azure deprecation messages from functions that always run w/ salt-cloud [#62845](https://github.com/saltstack/salt/issues/62845)
+- Use select instead of iterating over entrypoints as a dictionary for importlib_metadata>=5.0.0 [#62854](https://github.com/saltstack/salt/issues/62854)
+- Fixed master job scheduler using when [#62858](https://github.com/saltstack/salt/issues/62858)
+- LGPO: Added support for missing domain controller policies: VulnerableChannelAllowList and LdapEnforceChannelBinding [#62873](https://github.com/saltstack/salt/issues/62873)
+- Fix unnecessarily complex gce metadata grains code to use googles metadata service more effectively. [#62878](https://github.com/saltstack/salt/issues/62878)
+- Fixed dockermod version_info function for docker-py 6.0.0+ [#62882](https://github.com/saltstack/salt/issues/62882)
+- Moving setting the LOAD_BALANCING_POLICY_MAP dictionary into the try except block that determines if the cassandra_cql module should be made available. [#62886](https://github.com/saltstack/salt/issues/62886)
+- Updating various MongoDB module functions to work with latest version of pymongo. [#62900](https://github.com/saltstack/salt/issues/62900)
+- Restored channel for Syndic minions to send job returns to the Salt master. [#62933](https://github.com/saltstack/salt/issues/62933)
+- removed _resolve_deps as it required a library that is not generally avalible. and switched to apt-get for everything as that can auto resolve dependencies. [#62934](https://github.com/saltstack/salt/issues/62934)
+- Updated pyzmq to version 22.0.3 on Windows builds because the old version was causing salt-minion/salt-call to hang [#62937](https://github.com/saltstack/salt/issues/62937)
+- Allow root user to modify crontab lines for non-root users (except AIX and Solaris). Align crontab line changes with the file ones and also with listing crontab. [#62940](https://github.com/saltstack/salt/issues/62940)
+- Fix systemd_service.* functions hard code relative command name [#62942](https://github.com/saltstack/salt/issues/62942)
+- Fix file.symlink backupname operation can copy remote contents to local disk [#62953](https://github.com/saltstack/salt/issues/62953)
+- Issue #62968: Fix issue where cloud deployments were putting the keys in the wrong location on Windows hosts [#62968](https://github.com/saltstack/salt/issues/62968)
+- Fixed gpg_passphrase issue with gpg decrypt/encrypt functions [#62977](https://github.com/saltstack/salt/issues/62977)
+- Fix file.tidied FileNotFoundError [#62986](https://github.com/saltstack/salt/issues/62986)
+- Fixed bug where module.wait states were detected as running legacy module.run syntax [#62988](https://github.com/saltstack/salt/issues/62988)
+- Fixed issue with win_wua module where it wouldn't load if the CryptSvc was set to Manual start [#62993](https://github.com/saltstack/salt/issues/62993)
+- The `__opts__` dunder dictionary is now added to the loader's `pack` if not
+  already present, which makes it accessible via the
+  `salt.loader.context.NamedLoaderContext` class. [#63013](https://github.com/saltstack/salt/issues/63013)
+- Issue #63024: Fix issue where grains and config data were being place in the wrong location on Windows hosts [#63024](https://github.com/saltstack/salt/issues/63024)
+- Fix btrfs.subvolume_snapshot command failing [#63025](https://github.com/saltstack/salt/issues/63025)
+- Fix file.retention_schedule always reports changes [#63033](https://github.com/saltstack/salt/issues/63033)
+- Fix mongo authentication for mongo ext_pillar and mongo returner
+
+  This fix also include the ability to use the mongo connection string for mongo ext_pillar [#63058](https://github.com/saltstack/salt/issues/63058)
+- Fixed x509.create_csr creates invalid CSR by default in the new cryptography x509 module. [#63103](https://github.com/saltstack/salt/issues/63103)
+- TCP transport documentation now contains proper master/minion-side filtering information [#63120](https://github.com/saltstack/salt/issues/63120)
+- Fixed gpg.verify does not respect gnupghome [#63145](https://github.com/saltstack/salt/issues/63145)
+- Made pillar cache pass extra minion data as well [#63208](https://github.com/saltstack/salt/issues/63208)
+- Fix serious performance issues with the file.tidied module [#63231](https://github.com/saltstack/salt/issues/63231)
+- Fix rpm_lowpkg version comparison logic when using rpm-vercmp and only one version has a release number. [#63317](https://github.com/saltstack/salt/issues/63317)
+- Import StrictVersion and LooseVersion from setuptools.distutils.verison or setuptools._distutils.version, if first not available [#63350](https://github.com/saltstack/salt/issues/63350)
+- When the shell is passed as powershell or pwsh, only wrapper the shell in quotes if cmd.run is running on Windows.  When quoted on Linux hosts, this results in an error when the keyword arguments are appended. [#63590](https://github.com/saltstack/salt/issues/63590)
+- LGPO: Added support for "Relax minimum password length limits" [#63596](https://github.com/saltstack/salt/issues/63596)
+- When a job is disabled only increase it's _next_fire_time value if the job would have run at the current time, eg. the current _next_fire_time == now. [#63699](https://github.com/saltstack/salt/issues/63699)
+- Check file is not empty before attempting to read pillar disk cache file [#63729](https://github.com/saltstack/salt/issues/63729)
+- fix cherrypy 400 error output to be less generic. [#63835](https://github.com/saltstack/salt/issues/63835)
+- remove eval and update logging to be more informative on bad config [#63879](https://github.com/saltstack/salt/issues/63879)
+
+
+### Added
+
+- Introduce a `LIB_STATE_DIR` syspaths variable which defaults to `CONFIG_DIR`,
+  but can be individually customized during installation by specifying
+  `--salt-lib-state-dir` during installation. Change the default `pki_dir` to
+  `<LIB_STATE_DIR>/pki/master` (for the master) and `<LIB_STATE_DIR>/pki/minion`
+  (for the minion). [#3396](https://github.com/saltstack/salt/issues/3396)
+- Allow users to enable 'queue=True' for all state runs via config file [#31468](https://github.com/saltstack/salt/issues/31468)
+- Added pillar templating to vault policies [#43287](https://github.com/saltstack/salt/issues/43287)
+- Add support for NVMeF as a transport protocol for hosts in a Pure Storage FlashArray [#51088](https://github.com/saltstack/salt/issues/51088)
+- A new salt-ssh roster that generates a roster by parses a known_hosts file. [#54679](https://github.com/saltstack/salt/issues/54679)
+- Added Windows Event Viewer support [#54713](https://github.com/saltstack/salt/issues/54713)
+- Added the win_lgpo_reg state and execution modules which will allow registry based group policy to be set directly in the Registry.pol file [#56013](https://github.com/saltstack/salt/issues/56013)
+- Added resource tagging functions to boto_dynamodb execution module [#57500](https://github.com/saltstack/salt/issues/57500)
+- Added `openvswitch_db` state module and functions `bridge_to_parent`,
+  `bridge_to_vlan`, `db_get`, and `db_set` to the `openvswitch` execution module.
+  Also added optional `parent` and `vlan` parameters to the
+  `openvswitch_bridge.present` state module function and the
+  `openvswitch.bridge_create` execution module function. [#58986](https://github.com/saltstack/salt/issues/58986)
+- State module to manage SysFS attributes [#60154](https://github.com/saltstack/salt/issues/60154)
+- Added ability for `salt.wait_for_event` to handle `event_id`s that have a list value. [#60430](https://github.com/saltstack/salt/issues/60430)
+- Added suport for Linux ppc64le core grains (cpu_model, virtual, productname, manufacturer, serialnumber) and arm core grains (serialnumber, productname) [#60518](https://github.com/saltstack/salt/issues/60518)
+- Added autostart option to virt.defined and virt.running states, along with virt.update execution modules. [#60700](https://github.com/saltstack/salt/issues/60700)
+- Added .0 back to our versioning scheme for future versions (e.g. 3006.0) [#60722](https://github.com/saltstack/salt/issues/60722)
+- Initial work to allow parallel startup of proxy minions when used as sub proxies with Deltaproxy. [#61153](https://github.com/saltstack/salt/issues/61153)
+- Added node label support for GCE [#61245](https://github.com/saltstack/salt/issues/61245)
+- Support the --priority flag when adding sources to Chocolatey. [#61319](https://github.com/saltstack/salt/issues/61319)
+- Add namespace option to ext_pillar.http_json [#61335](https://github.com/saltstack/salt/issues/61335)
+- Added a filter function to ps module to get a list of processes on a minion according to their state. [#61420](https://github.com/saltstack/salt/issues/61420)
+- Add postgres.timeout option to postgres module for limiting postgres query times [#61433](https://github.com/saltstack/salt/issues/61433)
+- Added new optional vault option, ``config_location``. This can be either ``master`` or ``local`` and defines where vault will look for connection details, either requesting them from the master or using the local config. [#61857](https://github.com/saltstack/salt/issues/61857)
+- Add ipwrap() jinja filter to wrap IPv6 addresses with brackets. [#61931](https://github.com/saltstack/salt/issues/61931)
+- 'tcp' transport is now available in ipv6-only network [#62009](https://github.com/saltstack/salt/issues/62009)
+- Add `diff_attr` parameter to pkg.upgrade() (zypper/yum). [#62031](https://github.com/saltstack/salt/issues/62031)
+- Config option pass_variable_prefix allows to distinguish variables that contain paths to pass secrets.
+  Config option pass_strict_fetch allows to error out when a secret cannot be fetched from pass.
+  Config option pass_dir allows setting the PASSWORD_STORE_DIR env for pass.
+  Config option pass_gnupghome allows setting the $GNUPGHOME env for pass. [#62120](https://github.com/saltstack/salt/issues/62120)
+- Add file.pruned state and expanded file.rmdir exec module functionality [#62178](https://github.com/saltstack/salt/issues/62178)
+- Added "dig.PTR" function to resolve PTR records for IPs, as well as tests and documentation [#62275](https://github.com/saltstack/salt/issues/62275)
+- Added the ability to remove a KB using the DISM state/execution modules [#62366](https://github.com/saltstack/salt/issues/62366)
+- Add "<tiamat> python" subcommand to allow execution or arbitrary scripts via bundled Python runtime [#62381](https://github.com/saltstack/salt/issues/62381)
+- Add ability to provide conditions which convert normal state actions to no-op when true [#62446](https://github.com/saltstack/salt/issues/62446)
+- Added debug log messages displaying the command being run when installing packages on Windows [#62480](https://github.com/saltstack/salt/issues/62480)
+- Add biosvendor grain [#62496](https://github.com/saltstack/salt/issues/62496)
+- Add ifelse Jinja function as found in CFEngine [#62508](https://github.com/saltstack/salt/issues/62508)
+- Implementation of Amazon EC2 instance detection and setting `virtual_subtype` grain accordingly including the product if possible to identify. [#62539](https://github.com/saltstack/salt/issues/62539)
+- Adds __env__substitution to ext_pillar.stack; followup of #61531, improved exception handling for stacked template (jinja) template rendering and yaml parsing in ext_pillar.stack [#62578](https://github.com/saltstack/salt/issues/62578)
+- Increase file.tidied flexibility with regard to age and size [#62678](https://github.com/saltstack/salt/issues/62678)
+- Added "connected_devices" feature to netbox pillar module. It contains extra information about devices connected to the minion [#62761](https://github.com/saltstack/salt/issues/62761)
+- Add atomic file operation for symlink changes [#62768](https://github.com/saltstack/salt/issues/62768)
+- Add password/account locking/unlocking in user.present state on supported operating systems [#62856](https://github.com/saltstack/salt/issues/62856)
+- Added onchange configuration for script engine [#62867](https://github.com/saltstack/salt/issues/62867)
+- Added output and bare functionality to export_key gpg module function [#62978](https://github.com/saltstack/salt/issues/62978)
+- Add keyvalue serializer for environment files [#62983](https://github.com/saltstack/salt/issues/62983)
+- Add ability to ignore symlinks in file.tidied [#63042](https://github.com/saltstack/salt/issues/63042)
+- salt-cloud support IMDSv2 tokens when using 'use-instance-role-credentials' [#63067](https://github.com/saltstack/salt/issues/63067)
+- Add ability for file.symlink to not set ownership on existing links [#63093](https://github.com/saltstack/salt/issues/63093)
+- Restore the previous slack engine and deprecate it, rename replace the slack engine to slack_bolt until deprecation [#63095](https://github.com/saltstack/salt/issues/63095)
+- Add functions that will return the underlying block device, mount point, and filesystem type for a given path [#63098](https://github.com/saltstack/salt/issues/63098)
+- Add ethtool execution and state module functions for pause [#63128](https://github.com/saltstack/salt/issues/63128)
+- Add boardname grain [#63131](https://github.com/saltstack/salt/issues/63131)
+- Added management of ECDSA/EdDSA private keys with x509 modules in the new cryptography x509 module. Please migrate to the new cryptography x509 module for this improvement. [#63248](https://github.com/saltstack/salt/issues/63248)
+- Added x509 modules support for different output formats in the new cryptography x509 module. Please migrate to the new cryptography x509 module for this improvement. [#63249](https://github.com/saltstack/salt/issues/63249)
+- Added deprecation_warning test state for ensuring that deprecation warnings are correctly emitted. [#63315](https://github.com/saltstack/salt/issues/63315)
+- Adds a state_events option to state.highstate, state.apply, state.sls, state.sls_id.
+  This allows users to enable state_events on a per use basis rather than having to
+  enable them globally for all state runs. [#63316](https://github.com/saltstack/salt/issues/63316)
+- Allow max queue size setting for state runs to prevent performance problems from queue growth [#63356](https://github.com/saltstack/salt/issues/63356)
+- Add support of exposing meta_server_grains for Azure VMs [#63606](https://github.com/saltstack/salt/issues/63606)
+- Include the version of `relenv` in the versions report. [#63827](https://github.com/saltstack/salt/issues/63827)
+- Added debug log messages displaying the command being run when removing packages on Windows [#63866](https://github.com/saltstack/salt/issues/63866)
--- a/pkg/debian/changelog
+++ b/pkg/debian/changelog
@ -1,3 +1,333 @@
+salt (1:3006.0rc2) stable; urgency=medium
+
+
+  # Removed
+
+  * Remove and deprecate the __orchestration__ key from salt.runner and salt.wheel return data. To get it back, set features.enable_deprecated_orchestration_flag master configuration option to True. The flag will be completely removed in Salt 3008 Argon. [#59917](https://github.com/saltstack/salt/issues/59917)
+  * Removed distutils and replaced with setuptools, given distutils is deprecated and removed in Python 3.12 [#60476](https://github.com/saltstack/salt/issues/60476)
+  * Removed ``runtests`` targets from ``noxfile.py`` [#62239](https://github.com/saltstack/salt/issues/62239)
+  * Removed the PyObjC dependency.
+
+    This addresses problems with building a one dir build for macOS.
+    It became problematic because depending on the macOS version, it pulls different dependencies, and we would either have to build a macos onedir for each macOS supported release, or ship a crippled onedir(because it would be tied to the macOS version where the onedir was built).
+    Since it's currently not being used, it's removed. [#62432](https://github.com/saltstack/salt/issues/62432)
+  * Removed `SixRedirectImporter` from Salt. Salt hasn't shipped `six` since Salt 3004. [#63874](https://github.com/saltstack/salt/issues/63874)
+
+  # Deprecated
+
+  * renamed `keep_jobs`, specifying job cache TTL in hours, to `keep_jobs_seconds`, specifying TTL in seconds.
+    `keep_jobs` will be removed in the Argon release [#55295](https://github.com/saltstack/salt/issues/55295)
+  * Removing all references to napalm-base which is no longer supported. [#61542](https://github.com/saltstack/salt/issues/61542)
+  * The 'ip_bracket' function has been moved from salt/utils/zeromq.py in salt/utils/network.py [#62009](https://github.com/saltstack/salt/issues/62009)
+  * The `expand_repo_def` function in `salt.modules.aptpkg` is now deprecated. It's only used in `salt.states.pkgrepo` and it has no use of being exposed to the CLI. [#62485](https://github.com/saltstack/salt/issues/62485)
+  * Deprecated defunct Django returner [#62644](https://github.com/saltstack/salt/issues/62644)
+  * Deprecate core ESXi and associated states and modules, vcenter and vsphere support in favor of Salt VMware Extensions [#62754](https://github.com/saltstack/salt/issues/62754)
+  * Removing manufacture grain which has been deprecated. [#62914](https://github.com/saltstack/salt/issues/62914)
+  * Removing deprecated utils/boto3_elasticsearch.py [#62915](https://github.com/saltstack/salt/issues/62915)
+  * Removing support for the now deprecated _ext_nodes from salt/master.py. [#62917](https://github.com/saltstack/salt/issues/62917)
+  * Deprecating the Salt Slack engine in favor of the Salt Slack Bolt Engine. [#63095](https://github.com/saltstack/salt/issues/63095)
+  * `salt.utils.version.StrictVersion` is now deprecated and it's use should be replaced with `salt.utils.version.Version`. [#63383](https://github.com/saltstack/salt/issues/63383)
+
+  # Changed
+
+  * More intelligent diffing in changes of file.serialize state. [#48609](https://github.com/saltstack/salt/issues/48609)
+  * Move deprecation of the neutron module to Argon. Please migrate to the neutronng module instead. [#49430](https://github.com/saltstack/salt/issues/49430)
+  * ``umask`` is now a global state argument, instead of only applying to ``cmd``
+    states. [#57803](https://github.com/saltstack/salt/issues/57803)
+  * Update pillar.obfuscate to accept kwargs in addition to args.  This is useful when passing in keyword arguments like saltenv that are then passed along to pillar.items. [#58971](https://github.com/saltstack/salt/issues/58971)
+  * Improve support for listing macOS brew casks [#59439](https://github.com/saltstack/salt/issues/59439)
+  * Add missing MariaDB Grants to mysql module.
+    MariaDB has added some grants in 10.4.x and 10.5.x that are not present here, which results in an error when creating.
+    Also improved exception handling in `grant_add` which did not log the original error message and replaced it with a generic error. [#61409](https://github.com/saltstack/salt/issues/61409)
+  * Use VENV_PIP_TARGET environment variable as a default target for pip if present. [#62089](https://github.com/saltstack/salt/issues/62089)
+  * Disabled FQDNs grains on macOS by default [#62168](https://github.com/saltstack/salt/issues/62168)
+  * Replaced pyroute2.IPDB with pyroute2.NDB, as the former is deprecated [#62218](https://github.com/saltstack/salt/issues/62218)
+  * Enhance capture of error messages for Zypper calls in zypperpkg module. [#62346](https://github.com/saltstack/salt/issues/62346)
+  * Removed GPG_1_3_1 check [#62895](https://github.com/saltstack/salt/issues/62895)
+  * Requisite state chunks now all consistently contain `__id__`, `__sls__` and `name`. [#63012](https://github.com/saltstack/salt/issues/63012)
+  * netapi_enable_clients option to allow enabling/disabling of clients in salt-api.
+    By default all clients will now be disabled. Users of salt*api will need
+    to update their master config to enable the clients that they use. Not adding
+    the netapi_enable_clients option with required clients to the master config will
+    disable salt*api. [#63050](https://github.com/saltstack/salt/issues/63050)
+  * Stop relying on `salt/_version.py` to write Salt's version. Instead use `salt/_version.txt` which only contains the version string. [#63383](https://github.com/saltstack/salt/issues/63383)
+  * Set enable_fqdns_grains to be False by default. [#63595](https://github.com/saltstack/salt/issues/63595)
+  * Changelog snippet files must now have a `.md` file extension to be more explicit on what type of rendering is done when they are included in the main `CHANGELOG.md` file. [#63710](https://github.com/saltstack/salt/issues/63710)
+
+  # Fixed
+
+  * Add kwargs to handle extra parameters for http.query [#36138](https://github.com/saltstack/salt/issues/36138)
+  * Fix mounted bind mounts getting active mount options added [#39292](https://github.com/saltstack/salt/issues/39292)
+  * Fix `sysctl.present` converts spaces to tabs. [#40054](https://github.com/saltstack/salt/issues/40054)
+  * Fixes state pkg.purged to purge removed packages on Debian family systems [#42306](https://github.com/saltstack/salt/issues/42306)
+  * Fix fun_args missing from syndic returns [#45823](https://github.com/saltstack/salt/issues/45823)
+  * Fix mount.mounted with 'mount: False' reports unmounted file system as unchanged when running with test=True [#47201](https://github.com/saltstack/salt/issues/47201)
+  * Issue #49310: Allow users to touch a file with Unix date of birth [#49310](https://github.com/saltstack/salt/issues/49310)
+  * Do not raise an exception in pkg.info_installed on nonzero return code [#51620](https://github.com/saltstack/salt/issues/51620)
+  * Passes the value of the force parameter from file.copy to its call to file.remove so that files with the read-only attribute are handled. [#51739](https://github.com/saltstack/salt/issues/51739)
+  * Fixed x509.certificate_managed creates new certificate every run in the new cryptography x509 module. Please migrate to the new cryptography x509 module for this improvement. [#52167](https://github.com/saltstack/salt/issues/52167)
+  * Don't check for cached pillar errors on state.apply [#52354](https://github.com/saltstack/salt/issues/52354), [#57180](https://github.com/saltstack/salt/issues/57180), [#59339](https://github.com/saltstack/salt/issues/59339)
+  * Swapping out args and kwargs for arg and kwarg respectively in the Slack engine when the command passed is a runner. [#52400](https://github.com/saltstack/salt/issues/52400)
+  * Ensure when we're adding chunks to the rules when running aggregation with the iptables state module we use a copy of the chunk otherwise we end up with a recursive mess. [#53353](https://github.com/saltstack/salt/issues/53353)
+  * When user_create or user_remove fail, return False instead of returning the error. [#53377](https://github.com/saltstack/salt/issues/53377)
+  * Include sync_roster when sync_all is called. [#53914](https://github.com/saltstack/salt/issues/53914)
+  * Avoid warning noise in lograte.get [#53988](https://github.com/saltstack/salt/issues/53988)
+  * Fixed listing revoked keys with gpg.list_keys [#54347](https://github.com/saltstack/salt/issues/54347)
+  * Fix mount.mounted does not handle blanks properly [#54508](https://github.com/saltstack/salt/issues/54508)
+  * Fixed grain num_cpus get wrong CPUs count in case of inconsistent CPU numbering. [#54682](https://github.com/saltstack/salt/issues/54682)
+  * Fix spelling error for python_shell argument in dpkg_lower module [#54907](https://github.com/saltstack/salt/issues/54907)
+  * Cleaned up bytes response data before sending to non-bytes compatible returners (postgres, mysql) [#55226](https://github.com/saltstack/salt/issues/55226)
+  * Fixed malformed state return when testing file.managed with unavailable source file [#55269](https://github.com/saltstack/salt/issues/55269)
+  * Included stdout in error message for Zypper calls in zypperpkg module. [#56016](https://github.com/saltstack/salt/issues/56016)
+  * Fixed pillar.filter_by with salt-ssh [#56093](https://github.com/saltstack/salt/issues/56093)
+  * Fix boto_route53 issue with (multiple) VPCs. [#57139](https://github.com/saltstack/salt/issues/57139)
+  * Remove log from mine runner which was not used. [#57463](https://github.com/saltstack/salt/issues/57463)
+  * Fixed x509.read_certificate error when reading a Microsoft CA issued certificate in the new cryptography x509 module. Please migrate to the new cryptography x509 module for this improvement. [#57535](https://github.com/saltstack/salt/issues/57535)
+  * Updating Slack engine to use slack_bolt library. [#57842](https://github.com/saltstack/salt/issues/57842)
+  * Fixed warning about replace=True with x509.certificate_managed in the new cryptography x509 module. [#58165](https://github.com/saltstack/salt/issues/58165)
+  * Fix salt.modules.pip:is_installed doesn't handle locally installed packages [#58202](https://github.com/saltstack/salt/issues/58202)
+  * Add missing MariaDB Grants to mysql module. MariaDB has added some grants in 10.4.x and 10.5.x that are not present here, which results in an error when creating. [#58297](https://github.com/saltstack/salt/issues/58297)
+  * linux_shadow: Fix cases where malformed shadow entries cause `user.present`
+    states to fail. [#58423](https://github.com/saltstack/salt/issues/58423)
+  * Fixed salt.utils.compat.cmp to work with dictionaries [#58729](https://github.com/saltstack/salt/issues/58729)
+  * Fixed formatting for terse output mode [#58953](https://github.com/saltstack/salt/issues/58953)
+  * Fixed RecursiveDictDiffer with added nested dicts [#59017](https://github.com/saltstack/salt/issues/59017)
+  * Fixed x509.certificate_managed has DoS effect on master in the new cryptography x509 module. Please migrate to the new cryptography x509 module for this improvement. [#59169](https://github.com/saltstack/salt/issues/59169)
+  * Fixed saltnado websockets disconnecting immediately [#59183](https://github.com/saltstack/salt/issues/59183)
+  * Fixed x509.certificate_managed rolls certificates every now and then in the new cryptography x509 module. Please migrate to the new cryptography x509 module for this improvement. [#59315](https://github.com/saltstack/salt/issues/59315)
+  * Fix postgres_privileges.present not idempotent for functions [#59585](https://github.com/saltstack/salt/issues/59585)
+  * Fixed influxdb_continuous_query.present state to provide the client args to the underlying module on create. [#59766](https://github.com/saltstack/salt/issues/59766)
+  * Warn when using insecure (http:// based) key_urls for apt-based systems in pkgrepo.managed, and add a kwarg that determines the validity of such a url. [#59786](https://github.com/saltstack/salt/issues/59786)
+  * add load balancing policy default option and ensure the module can be executed with arguments from CLI [#59909](https://github.com/saltstack/salt/issues/59909)
+  * Fix salt-ssh when using imports with extra-filerefs. [#60003](https://github.com/saltstack/salt/issues/60003)
+  * Fixed cache directory corruption startup error [#60170](https://github.com/saltstack/salt/issues/60170)
+  * Update docs remove dry_run in docstring of file.blockreplace state. [#60227](https://github.com/saltstack/salt/issues/60227)
+  * Adds Parrot to OS_Family_Map in grains. [#60249](https://github.com/saltstack/salt/issues/60249)
+  * Fixed stdout and stderr being empty sometimes when use_vt=True for the cmd.run[*] functions [#60365](https://github.com/saltstack/salt/issues/60365)
+  * Use return code in iptables --check to verify rule exists. [#60467](https://github.com/saltstack/salt/issues/60467)
+  * Fix regression pip.installed does not pass env_vars when calling pip.list [#60557](https://github.com/saltstack/salt/issues/60557)
+  * Fix xfs module when additional output included in mkfs.xfs command. [#60853](https://github.com/saltstack/salt/issues/60853)
+  * Fixed parsing new format of terraform states in roster.terraform [#60915](https://github.com/saltstack/salt/issues/60915)
+  * Fixed recognizing installed ARMv7 rpm packages in compatible architectures. [#60994](https://github.com/saltstack/salt/issues/60994)
+  * Fixing changes dict in pkg state to be consistent when installing and test=True. [#60995](https://github.com/saltstack/salt/issues/60995)
+  * Fix cron.present duplicating entries when changing timespec to special. [#60997](https://github.com/saltstack/salt/issues/60997)
+  * Made salt-ssh respect --wipe again [#61083](https://github.com/saltstack/salt/issues/61083)
+  * state.orchestrate_single only passes a pillar if it is set to the state
+    function. This allows it to be used with state functions that don't accept a
+    pillar keyword argument. [#61092](https://github.com/saltstack/salt/issues/61092)
+  * Fix ipset state when the comment kwarg is set. [#61122](https://github.com/saltstack/salt/issues/61122)
+  * Fix issue with archive.unzip where the password was not being encoded for the extract function [#61422](https://github.com/saltstack/salt/issues/61422)
+  * Some Linux distributions (like AlmaLinux, Astra Linux, Debian, Mendel, Linux
+    Mint, Pop!_OS, Rocky Linux) report different `oscodename`, `osfullname`,
+    `osfinger` grains if lsb*release is installed or not. They have been changed to
+    only derive these OS grains from `/etc/os*release`. [#61618](https://github.com/saltstack/salt/issues/61618)
+  * Pop!_OS uses the full version (YY.MM) in the osfinger grain now, not just the year. This allows differentiating for example between 20.04 and 20.10. [#61619](https://github.com/saltstack/salt/issues/61619)
+  * Fix ssh config roster to correctly parse the ssh config files that contain spaces. [#61650](https://github.com/saltstack/salt/issues/61650)
+  * Fix SoftLayer configuration not raising an exception when a domain is missing [#61727](https://github.com/saltstack/salt/issues/61727)
+  * Allow the minion to start or salt-call to run even if the user doesn't have permissions to read the root_dir value from the registry [#61789](https://github.com/saltstack/salt/issues/61789)
+  * Need to move the creation of the proxy object for the ProxyMinion further down in the initialization for sub proxies to ensure that all modules, especially any custom proxy modules, are available before attempting to run the init function. [#61805](https://github.com/saltstack/salt/issues/61805)
+  * Fixed malformed state return when merge-serializing to an improperly formatted file [#61814](https://github.com/saltstack/salt/issues/61814)
+  * Made cmdmod._run[_all]_quiet work during minion startup on MacOS with runas specified (which fixed mac_service) [#61816](https://github.com/saltstack/salt/issues/61816)
+  * When deleting the vault cache, also delete from the session cache [#61821](https://github.com/saltstack/salt/issues/61821)
+  * Ignore errors on reading license info with dpkg_lowpkg to prevent tracebacks on getting package information. [#61827](https://github.com/saltstack/salt/issues/61827)
+  * win_lgpo: Display conflicting policy names when more than one policy is found [#61859](https://github.com/saltstack/salt/issues/61859)
+  * win_lgpo: Fixed intermittent KeyError when getting policy setting using lgpo.get_policy [#61860](https://github.com/saltstack/salt/issues/61860)
+  * Fixed listing minions on OpenBSD [#61966](https://github.com/saltstack/salt/issues/61966)
+  * Make Salt to return an error on "pkg" modules and states when targeting duplicated package names [#62019](https://github.com/saltstack/salt/issues/62019)
+  * Fix return of REST-returned permissions when auth_list is set [#62022](https://github.com/saltstack/salt/issues/62022)
+  * Normalize package names once on using pkg.installed/removed with yum to make it possible to install packages with the name containing a part similar to a name of architecture. [#62029](https://github.com/saltstack/salt/issues/62029)
+  * Fix inconsitency regarding name and pkgs parameters between zypperpkg.upgrade() and yumpkg.upgrade() [#62030](https://github.com/saltstack/salt/issues/62030)
+  * Fix attr=all handling in pkg.list_pkgs() (yum/zypper). [#62032](https://github.com/saltstack/salt/issues/62032)
+  * Fixed the humanname being ignored in pkgrepo.managed on openSUSE Leap [#62053](https://github.com/saltstack/salt/issues/62053)
+  * Fixed issue with some LGPO policies having whitespace at the beginning or end of the element alias [#62058](https://github.com/saltstack/salt/issues/62058)
+  * Fix ordering of args to libcloud_storage.download_object module [#62074](https://github.com/saltstack/salt/issues/62074)
+  * Ignore extend declarations in sls files that are excluded. [#62082](https://github.com/saltstack/salt/issues/62082)
+  * Remove leftover usage of impacket [#62101](https://github.com/saltstack/salt/issues/62101)
+  * Pass executable path from _get_path_exec() is used when calling the program.
+    The $HOME env is no longer modified globally.
+    Only trailing newlines are stripped from the fetched secret.
+    Pass process arguments are handled in a secure way. [#62120](https://github.com/saltstack/salt/issues/62120)
+  * Ignore some command return codes in openbsdrcctl_service to prevent spurious errors [#62131](https://github.com/saltstack/salt/issues/62131)
+  * Fixed extra period in filename output in tls module. Instead of "server.crt." it will now be "server.crt". [#62139](https://github.com/saltstack/salt/issues/62139)
+  * Make sure lingering PAexec-*.exe files in the Windows directory are cleaned up [#62152](https://github.com/saltstack/salt/issues/62152)
+  * Restored Salt's DeprecationWarnings [#62185](https://github.com/saltstack/salt/issues/62185)
+  * Fixed issue with forward slashes on Windows with file.recurse and clean=True [#62197](https://github.com/saltstack/salt/issues/62197)
+  * Recognize OSMC as Debian-based [#62198](https://github.com/saltstack/salt/issues/62198)
+  * Fixed Zypper module failing on RPM lock file being temporarily unavailable. [#62204](https://github.com/saltstack/salt/issues/62204)
+  * Improved error handling and diagnostics in the proxmox salt-cloud driver [#62211](https://github.com/saltstack/salt/issues/62211)
+  * Added EndeavourOS to the Arch os_family. [#62220](https://github.com/saltstack/salt/issues/62220)
+  * Fix salt-ssh not detecting `platform-python` as a valid interpreter on EL8 [#62235](https://github.com/saltstack/salt/issues/62235)
+  * Fix pkg.version_cmp on openEuler and a few other os flavors. [#62248](https://github.com/saltstack/salt/issues/62248)
+  * Fix localhost detection in glusterfs.peers [#62273](https://github.com/saltstack/salt/issues/62273)
+  * Fix Salt Package Manager (SPM) exception when calling spm create_repo . [#62281](https://github.com/saltstack/salt/issues/62281)
+  * Fix matcher slowness due to loader invocation [#62283](https://github.com/saltstack/salt/issues/62283)
+  * Fixes the Puppet module for non-aio Puppet packages for example running the Puppet module on FreeBSD. [#62323](https://github.com/saltstack/salt/issues/62323)
+  * Issue 62334: Displays a debug log message instead of an error log message when the publisher fails to connect [#62334](https://github.com/saltstack/salt/issues/62334)
+  * Fix pyobjects renderer access to opts and sls [#62336](https://github.com/saltstack/salt/issues/62336)
+  * Fix use of random shuffle and sample functions as Jinja filters [#62372](https://github.com/saltstack/salt/issues/62372)
+  * Fix groups with duplicate GIDs are not returned by get_group_list [#62377](https://github.com/saltstack/salt/issues/62377)
+  * Fix the "zpool.present" state when enabling zpool features that are already active. [#62390](https://github.com/saltstack/salt/issues/62390)
+  * Fix ability to execute remote file client methods in saltcheck [#62398](https://github.com/saltstack/salt/issues/62398)
+  * Update all platforms to use pycparser 2.21 or greater for Py 3.9 or higher, fixes fips fault with openssl v3.x [#62400](https://github.com/saltstack/salt/issues/62400)
+  * Due to changes in the Netmiko library for the exception paths, need to check the version of Netmiko python library and then import the exceptions from different locations depending on the result. [#62405](https://github.com/saltstack/salt/issues/62405)
+  * When using preq on a state, then prereq state will first be run with test=True to determine if there are changes.  When there are changes, the state with the prereq option will be run prior to the prereq state.  If this state fails then the prereq state will not run and the state output uses the test=True run.  However, the proposed changes are included for the prereq state are included from the test=True run.  We should pull those out as there weren't actually changes since the prereq state did not run. [#62408](https://github.com/saltstack/salt/issues/62408)
+  * Added directory mode for file.copy with makedirs [#62426](https://github.com/saltstack/salt/issues/62426)
+  * Provide better error handling in the various napalm proxy minion functions when the device is not accessible. [#62435](https://github.com/saltstack/salt/issues/62435)
+  * When handling aggregation, change the order to ensure that the requisites are aggregated first and then the state functions are aggregated.  Caching whether aggregate functions are available for particular states so we don't need to attempt to load them everytime. [#62439](https://github.com/saltstack/salt/issues/62439)
+  * The patch allows to boostrap kubernetes clusters in the version above 1.13 via salt module [#62451](https://github.com/saltstack/salt/issues/62451)
+  * sysctl.persist now updates the in-memory value on FreeBSD even if the on-disk value was already correct. [#62461](https://github.com/saltstack/salt/issues/62461)
+  * Fixed parsing CDROM apt sources [#62474](https://github.com/saltstack/salt/issues/62474)
+  * Update sanitizing masking for Salt SSH to include additional password like strings. [#62483](https://github.com/saltstack/salt/issues/62483)
+  * Fix user/group checking on file state functions in the test mode. [#62499](https://github.com/saltstack/salt/issues/62499)
+  * Fix user.present to allow removing groups using optional_groups parameter and enforcing idempotent group membership. [#62502](https://github.com/saltstack/salt/issues/62502)
+  * Fix possible tracebacks if there is a package with '------' or '======' in the description is installed on the Debian based minion. [#62519](https://github.com/saltstack/salt/issues/62519)
+  * Fixed the omitted "pool" parameter when cloning a VM with the proxmox salt-cloud driver [#62521](https://github.com/saltstack/salt/issues/62521)
+  * Fix rendering of pyobjects states in saltcheck [#62523](https://github.com/saltstack/salt/issues/62523)
+  * Fixes pillar where a corrupted CacheDisk file forces the pillar to be rebuilt [#62527](https://github.com/saltstack/salt/issues/62527)
+  * Use str() method instead of repo_line for when python3-apt is installed or not in aptpkg.py. [#62546](https://github.com/saltstack/salt/issues/62546)
+  * Remove the connection_timeout from netmiko_connection_args before netmiko_connection_args is added to __context__["netmiko_device"]["args"] which is passed along to the Netmiko library. [#62547](https://github.com/saltstack/salt/issues/62547)
+  * Fix order specific mount.mounted options for persist [#62556](https://github.com/saltstack/salt/issues/62556)
+  * Fixed salt-cloud cloning a proxmox VM with a specified new vmid. [#62558](https://github.com/saltstack/salt/issues/62558)
+  * Fix runas with cmd module when using the onedir bundled packages [#62565](https://github.com/saltstack/salt/issues/62565)
+  * Update setproctitle version for all platforms [#62576](https://github.com/saltstack/salt/issues/62576)
+  * Fixed missing parameters when cloning a VM with the proxmox salt-cloud driver [#62580](https://github.com/saltstack/salt/issues/62580)
+  * Handle PermissionError when importing crypt when FIPS is enabled. [#62587](https://github.com/saltstack/salt/issues/62587)
+  * Correctly reraise exceptions in states.http [#62595](https://github.com/saltstack/salt/issues/62595)
+  * Fixed syndic eauth. Now jobs will be published when a valid eauth user is targeting allowed minions/functions. [#62618](https://github.com/saltstack/salt/issues/62618)
+  * updated rest_cherry/app to properly detect arg sent as a string as curl will do when only one arg is supplied. [#62624](https://github.com/saltstack/salt/issues/62624)
+  * Prevent possible tracebacks in core grains module by ignoring non utf8 characters in /proc/1/environ, /proc/1/cmdline, /proc/cmdline [#62633](https://github.com/saltstack/salt/issues/62633)
+  * Fixed vault ext pillar return data for KV v2 [#62651](https://github.com/saltstack/salt/issues/62651)
+  * Fix saltcheck _get_top_states doesn't pass saltenv to state.show_top [#62654](https://github.com/saltstack/salt/issues/62654)
+  * Fix groupadd.* functions hard code relative command name [#62657](https://github.com/saltstack/salt/issues/62657)
+  * Fixed pdbedit.create trying to use a bytes-like hash as string. [#62670](https://github.com/saltstack/salt/issues/62670)
+  * Fix depenency on legacy boto module in boto3 modules [#62672](https://github.com/saltstack/salt/issues/62672)
+  * Modified "_get_flags" function so that it returns regex flags instead of integers [#62676](https://github.com/saltstack/salt/issues/62676)
+  * Change startup ReqServer log messages from error to info level. [#62728](https://github.com/saltstack/salt/issues/62728)
+  * Fix kmod.* functions hard code relative command name [#62772](https://github.com/saltstack/salt/issues/62772)
+  * Fix mac_brew_pkg to work with null taps [#62793](https://github.com/saltstack/salt/issues/62793)
+  * Fixing a bug when listing the running schedule if "schedule.enable" and/or "schedule.disable" has been run, where the "enabled" items is being treated as a schedule item. [#62795](https://github.com/saltstack/salt/issues/62795)
+  * Prevent annoying RuntimeWarning message about line buffering (buffering=1) not being supported in binary mode [#62817](https://github.com/saltstack/salt/issues/62817)
+  * Include UID and GID checks in modules.file.check_perms as well as comparing
+    ownership by username and group name. [#62818](https://github.com/saltstack/salt/issues/62818)
+  * Fix presence events on TCP transport by removing a client's presence when minion disconnects from publish channel correctly [#62826](https://github.com/saltstack/salt/issues/62826)
+  * Remove Azure deprecation messages from functions that always run w/ salt-cloud [#62845](https://github.com/saltstack/salt/issues/62845)
+  * Use select instead of iterating over entrypoints as a dictionary for importlib_metadata>=5.0.0 [#62854](https://github.com/saltstack/salt/issues/62854)
+  * Fixed master job scheduler using when [#62858](https://github.com/saltstack/salt/issues/62858)
+  * LGPO: Added support for missing domain controller policies: VulnerableChannelAllowList and LdapEnforceChannelBinding [#62873](https://github.com/saltstack/salt/issues/62873)
+  * Fix unnecessarily complex gce metadata grains code to use googles metadata service more effectively. [#62878](https://github.com/saltstack/salt/issues/62878)
+  * Fixed dockermod version_info function for docker-py 6.0.0+ [#62882](https://github.com/saltstack/salt/issues/62882)
+  * Moving setting the LOAD_BALANCING_POLICY_MAP dictionary into the try except block that determines if the cassandra_cql module should be made available. [#62886](https://github.com/saltstack/salt/issues/62886)
+  * Updating various MongoDB module functions to work with latest version of pymongo. [#62900](https://github.com/saltstack/salt/issues/62900)
+  * Restored channel for Syndic minions to send job returns to the Salt master. [#62933](https://github.com/saltstack/salt/issues/62933)
+  * removed _resolve_deps as it required a library that is not generally avalible. and switched to apt-get for everything as that can auto resolve dependencies. [#62934](https://github.com/saltstack/salt/issues/62934)
+  * Updated pyzmq to version 22.0.3 on Windows builds because the old version was causing salt-minion/salt-call to hang [#62937](https://github.com/saltstack/salt/issues/62937)
+  * Allow root user to modify crontab lines for non-root users (except AIX and Solaris). Align crontab line changes with the file ones and also with listing crontab. [#62940](https://github.com/saltstack/salt/issues/62940)
+  * Fix systemd_service.* functions hard code relative command name [#62942](https://github.com/saltstack/salt/issues/62942)
+  * Fix file.symlink backupname operation can copy remote contents to local disk [#62953](https://github.com/saltstack/salt/issues/62953)
+  * Issue #62968: Fix issue where cloud deployments were putting the keys in the wrong location on Windows hosts [#62968](https://github.com/saltstack/salt/issues/62968)
+  * Fixed gpg_passphrase issue with gpg decrypt/encrypt functions [#62977](https://github.com/saltstack/salt/issues/62977)
+  * Fix file.tidied FileNotFoundError [#62986](https://github.com/saltstack/salt/issues/62986)
+  * Fixed bug where module.wait states were detected as running legacy module.run syntax [#62988](https://github.com/saltstack/salt/issues/62988)
+  * Fixed issue with win_wua module where it wouldn't load if the CryptSvc was set to Manual start [#62993](https://github.com/saltstack/salt/issues/62993)
+  * The `__opts__` dunder dictionary is now added to the loader's `pack` if not
+    already present, which makes it accessible via the
+    `salt.loader.context.NamedLoaderContext` class. [#63013](https://github.com/saltstack/salt/issues/63013)
+  * Issue #63024: Fix issue where grains and config data were being place in the wrong location on Windows hosts [#63024](https://github.com/saltstack/salt/issues/63024)
+  * Fix btrfs.subvolume_snapshot command failing [#63025](https://github.com/saltstack/salt/issues/63025)
+  * Fix file.retention_schedule always reports changes [#63033](https://github.com/saltstack/salt/issues/63033)
+  * Fix mongo authentication for mongo ext_pillar and mongo returner
+
+    This fix also include the ability to use the mongo connection string for mongo ext_pillar [#63058](https://github.com/saltstack/salt/issues/63058)
+  * Fixed x509.create_csr creates invalid CSR by default in the new cryptography x509 module. [#63103](https://github.com/saltstack/salt/issues/63103)
+  * TCP transport documentation now contains proper master/minion-side filtering information [#63120](https://github.com/saltstack/salt/issues/63120)
+  * Fixed gpg.verify does not respect gnupghome [#63145](https://github.com/saltstack/salt/issues/63145)
+  * Made pillar cache pass extra minion data as well [#63208](https://github.com/saltstack/salt/issues/63208)
+  * Fix serious performance issues with the file.tidied module [#63231](https://github.com/saltstack/salt/issues/63231)
+  * Fix rpm_lowpkg version comparison logic when using rpm-vercmp and only one version has a release number. [#63317](https://github.com/saltstack/salt/issues/63317)
+  * Import StrictVersion and LooseVersion from setuptools.distutils.verison or setuptools._distutils.version, if first not available [#63350](https://github.com/saltstack/salt/issues/63350)
+  * When the shell is passed as powershell or pwsh, only wrapper the shell in quotes if cmd.run is running on Windows.  When quoted on Linux hosts, this results in an error when the keyword arguments are appended. [#63590](https://github.com/saltstack/salt/issues/63590)
+  * LGPO: Added support for "Relax minimum password length limits" [#63596](https://github.com/saltstack/salt/issues/63596)
+  * When a job is disabled only increase it's _next_fire_time value if the job would have run at the current time, eg. the current _next_fire_time == now. [#63699](https://github.com/saltstack/salt/issues/63699)
+  * Check file is not empty before attempting to read pillar disk cache file [#63729](https://github.com/saltstack/salt/issues/63729)
+  * fix cherrypy 400 error output to be less generic. [#63835](https://github.com/saltstack/salt/issues/63835)
+  * remove eval and update logging to be more informative on bad config [#63879](https://github.com/saltstack/salt/issues/63879)
+
+  # Added
+
+  * Introduce a `LIB_STATE_DIR` syspaths variable which defaults to `CONFIG_DIR`,
+    but can be individually customized during installation by specifying
+    `*-salt-lib-state-dir` during installation. Change the default `pki_dir` to
+    `<LIB_STATE_DIR>/pki/master` (for the master) and `<LIB_STATE_DIR>/pki/minion`
+    (for the minion). [#3396](https://github.com/saltstack/salt/issues/3396)
+  * Allow users to enable 'queue=True' for all state runs via config file [#31468](https://github.com/saltstack/salt/issues/31468)
+  * Added pillar templating to vault policies [#43287](https://github.com/saltstack/salt/issues/43287)
+  * Add support for NVMeF as a transport protocol for hosts in a Pure Storage FlashArray [#51088](https://github.com/saltstack/salt/issues/51088)
+  * A new salt-ssh roster that generates a roster by parses a known_hosts file. [#54679](https://github.com/saltstack/salt/issues/54679)
+  * Added Windows Event Viewer support [#54713](https://github.com/saltstack/salt/issues/54713)
+  * Added the win_lgpo_reg state and execution modules which will allow registry based group policy to be set directly in the Registry.pol file [#56013](https://github.com/saltstack/salt/issues/56013)
+  * Added resource tagging functions to boto_dynamodb execution module [#57500](https://github.com/saltstack/salt/issues/57500)
+  * Added `openvswitch_db` state module and functions `bridge_to_parent`,
+    `bridge_to_vlan`, `db_get`, and `db_set` to the `openvswitch` execution module.
+    Also added optional `parent` and `vlan` parameters to the
+    `openvswitch_bridge.present` state module function and the
+    `openvswitch.bridge_create` execution module function. [#58986](https://github.com/saltstack/salt/issues/58986)
+  * State module to manage SysFS attributes [#60154](https://github.com/saltstack/salt/issues/60154)
+  * Added ability for `salt.wait_for_event` to handle `event_id`s that have a list value. [#60430](https://github.com/saltstack/salt/issues/60430)
+  * Added suport for Linux ppc64le core grains (cpu_model, virtual, productname, manufacturer, serialnumber) and arm core grains (serialnumber, productname) [#60518](https://github.com/saltstack/salt/issues/60518)
+  * Added autostart option to virt.defined and virt.running states, along with virt.update execution modules. [#60700](https://github.com/saltstack/salt/issues/60700)
+  * Added .0 back to our versioning scheme for future versions (e.g. 3006.0) [#60722](https://github.com/saltstack/salt/issues/60722)
+  * Initial work to allow parallel startup of proxy minions when used as sub proxies with Deltaproxy. [#61153](https://github.com/saltstack/salt/issues/61153)
+  * Added node label support for GCE [#61245](https://github.com/saltstack/salt/issues/61245)
+  * Support the --priority flag when adding sources to Chocolatey. [#61319](https://github.com/saltstack/salt/issues/61319)
+  * Add namespace option to ext_pillar.http_json [#61335](https://github.com/saltstack/salt/issues/61335)
+  * Added a filter function to ps module to get a list of processes on a minion according to their state. [#61420](https://github.com/saltstack/salt/issues/61420)
+  * Add postgres.timeout option to postgres module for limiting postgres query times [#61433](https://github.com/saltstack/salt/issues/61433)
+  * Added new optional vault option, ``config_location``. This can be either ``master`` or ``local`` and defines where vault will look for connection details, either requesting them from the master or using the local config. [#61857](https://github.com/saltstack/salt/issues/61857)
+  * Add ipwrap() jinja filter to wrap IPv6 addresses with brackets. [#61931](https://github.com/saltstack/salt/issues/61931)
+  * 'tcp' transport is now available in ipv6-only network [#62009](https://github.com/saltstack/salt/issues/62009)
+  * Add `diff_attr` parameter to pkg.upgrade() (zypper/yum). [#62031](https://github.com/saltstack/salt/issues/62031)
+  * Config option pass_variable_prefix allows to distinguish variables that contain paths to pass secrets.
+    Config option pass_strict_fetch allows to error out when a secret cannot be fetched from pass.
+    Config option pass_dir allows setting the PASSWORD_STORE_DIR env for pass.
+    Config option pass_gnupghome allows setting the $GNUPGHOME env for pass. [#62120](https://github.com/saltstack/salt/issues/62120)
+  * Add file.pruned state and expanded file.rmdir exec module functionality [#62178](https://github.com/saltstack/salt/issues/62178)
+  * Added "dig.PTR" function to resolve PTR records for IPs, as well as tests and documentation [#62275](https://github.com/saltstack/salt/issues/62275)
+  * Added the ability to remove a KB using the DISM state/execution modules [#62366](https://github.com/saltstack/salt/issues/62366)
+  * Add "<tiamat> python" subcommand to allow execution or arbitrary scripts via bundled Python runtime [#62381](https://github.com/saltstack/salt/issues/62381)
+  * Add ability to provide conditions which convert normal state actions to no-op when true [#62446](https://github.com/saltstack/salt/issues/62446)
+  * Added debug log messages displaying the command being run when installing packages on Windows [#62480](https://github.com/saltstack/salt/issues/62480)
+  * Add biosvendor grain [#62496](https://github.com/saltstack/salt/issues/62496)
+  * Add ifelse Jinja function as found in CFEngine [#62508](https://github.com/saltstack/salt/issues/62508)
+  * Implementation of Amazon EC2 instance detection and setting `virtual_subtype` grain accordingly including the product if possible to identify. [#62539](https://github.com/saltstack/salt/issues/62539)
+  * Adds __env__substitution to ext_pillar.stack; followup of #61531, improved exception handling for stacked template (jinja) template rendering and yaml parsing in ext_pillar.stack [#62578](https://github.com/saltstack/salt/issues/62578)
+  * Increase file.tidied flexibility with regard to age and size [#62678](https://github.com/saltstack/salt/issues/62678)
+  * Added "connected_devices" feature to netbox pillar module. It contains extra information about devices connected to the minion [#62761](https://github.com/saltstack/salt/issues/62761)
+  * Add atomic file operation for symlink changes [#62768](https://github.com/saltstack/salt/issues/62768)
+  * Add password/account locking/unlocking in user.present state on supported operating systems [#62856](https://github.com/saltstack/salt/issues/62856)
+  * Added onchange configuration for script engine [#62867](https://github.com/saltstack/salt/issues/62867)
+  * Added output and bare functionality to export_key gpg module function [#62978](https://github.com/saltstack/salt/issues/62978)
+  * Add keyvalue serializer for environment files [#62983](https://github.com/saltstack/salt/issues/62983)
+  * Add ability to ignore symlinks in file.tidied [#63042](https://github.com/saltstack/salt/issues/63042)
+  * salt-cloud support IMDSv2 tokens when using 'use-instance-role-credentials' [#63067](https://github.com/saltstack/salt/issues/63067)
+  * Add ability for file.symlink to not set ownership on existing links [#63093](https://github.com/saltstack/salt/issues/63093)
+  * Restore the previous slack engine and deprecate it, rename replace the slack engine to slack_bolt until deprecation [#63095](https://github.com/saltstack/salt/issues/63095)
+  * Add functions that will return the underlying block device, mount point, and filesystem type for a given path [#63098](https://github.com/saltstack/salt/issues/63098)
+  * Add ethtool execution and state module functions for pause [#63128](https://github.com/saltstack/salt/issues/63128)
+  * Add boardname grain [#63131](https://github.com/saltstack/salt/issues/63131)
+  * Added management of ECDSA/EdDSA private keys with x509 modules in the new cryptography x509 module. Please migrate to the new cryptography x509 module for this improvement. [#63248](https://github.com/saltstack/salt/issues/63248)
+  * Added x509 modules support for different output formats in the new cryptography x509 module. Please migrate to the new cryptography x509 module for this improvement. [#63249](https://github.com/saltstack/salt/issues/63249)
+  * Added deprecation_warning test state for ensuring that deprecation warnings are correctly emitted. [#63315](https://github.com/saltstack/salt/issues/63315)
+  * Adds a state_events option to state.highstate, state.apply, state.sls, state.sls_id.
+    This allows users to enable state_events on a per use basis rather than having to
+    enable them globally for all state runs. [#63316](https://github.com/saltstack/salt/issues/63316)
+  * Allow max queue size setting for state runs to prevent performance problems from queue growth [#63356](https://github.com/saltstack/salt/issues/63356)
+  * Add support of exposing meta_server_grains for Azure VMs [#63606](https://github.com/saltstack/salt/issues/63606)
+  * Include the version of `relenv` in the versions report. [#63827](https://github.com/saltstack/salt/issues/63827)
+  * Added debug log messages displaying the command being run when removing packages on Windows [#63866](https://github.com/saltstack/salt/issues/63866)
+
+
+ -- Salt Project Packaging <saltproject-packaging@vmware.com>  Sun, 19 Mar 2023 12:34:47 +0000
+
 salt (1:3006.0rc1) stable; urgency=medium


--- a/pkg/debian/rules
+++ b/pkg/debian/rules
@ -23,7 +23,7 @@ override_dh_auto_build:
 	build/onedir/venv/bin/relenv create build/onedir/salt
 	build/onedir/salt/bin/python3 -m pip install "pip>=22.3.1,<23.0" "setuptools>=65.6.3,<66" "wheel"
 	export PY=$$(build/onedir/salt/bin/python3 -c 'import sys; sys.stdout.write("{}.{}".format(*sys.version_info)); sys.stdout.flush()') \
-		&& build/onedir/salt/bin/python3 -m pip install -r requirements/static/pkg/py$${PY}/linux.txt
+		&& build/onedir/salt/bin/python3 -m pip install -r requirements/static/pkg/py$${PY}/linux.txt --no-binary=':all:'

 	# Fix any hardcoded paths to the relenv python binary on any of the scripts installed in the <onedir>/bin directory
 	find build/onedir/salt/bin/ -type f -exec sed -i 's:#!/\(.*\)salt/bin/python3:#!/bin/sh\n"exec" "$$(dirname $$(readlink -f $$0))/python3" "$$0" "$$@":g' {} \;
--- a/pkg/rpm/salt.spec
+++ b/pkg/rpm/salt.spec
@ -21,7 +21,7 @@
 %define fish_dir %{_datadir}/fish/vendor_functions.d

 Name:    salt
-Version: 3006.0~rc1
+Version: 3006.0~rc2
 Release: 0
 Summary: A parallel remote execution system
 Group:   System Environment/Daemons
@ -142,7 +142,7 @@ cd $RPM_BUILD_DIR
  build/venv/bin/relenv create build/salt
  build/salt/bin/python3 -m pip install "pip>=22.3.1,<23.0" "setuptools>=65.6.3,<66" "wheel"
  export PY=$(build/salt/bin/python3 -c 'import sys; sys.stdout.write("{}.{}".format(*sys.version_info)); sys.stdout.flush()')
-  build/salt/bin/python3 -m pip install -r %{_salt_src}/requirements/static/pkg/py${PY}/linux.txt
+  build/salt/bin/python3 -m pip install -r %{_salt_src}/requirements/static/pkg/py${PY}/linux.txt --no-binary=':all:'

  # Fix any hardcoded paths to the relenv python binary on any of the scripts installed in
  # the <onedir>/bin directory
@ -428,6 +428,333 @@ fi


 %changelog
+* Sun Mar 19 2023 Salt Project Packaging <saltproject-packaging@vmware.com> - 3006.0~rc2
+
+# Removed
+
+- Remove and deprecate the __orchestration__ key from salt.runner and salt.wheel return data. To get it back, set features.enable_deprecated_orchestration_flag master configuration option to True. The flag will be completely removed in Salt 3008 Argon. [#59917](https://github.com/saltstack/salt/issues/59917)
+- Removed distutils and replaced with setuptools, given distutils is deprecated and removed in Python 3.12 [#60476](https://github.com/saltstack/salt/issues/60476)
+- Removed ``runtests`` targets from ``noxfile.py`` [#62239](https://github.com/saltstack/salt/issues/62239)
+- Removed the PyObjC dependency.
+
+  This addresses problems with building a one dir build for macOS.
+  It became problematic because depending on the macOS version, it pulls different dependencies, and we would either have to build a macos onedir for each macOS supported release, or ship a crippled onedir(because it would be tied to the macOS version where the onedir was built).
+  Since it's currently not being used, it's removed. [#62432](https://github.com/saltstack/salt/issues/62432)
+- Removed `SixRedirectImporter` from Salt. Salt hasn't shipped `six` since Salt 3004. [#63874](https://github.com/saltstack/salt/issues/63874)
+
+# Deprecated
+
+- renamed `keep_jobs`, specifying job cache TTL in hours, to `keep_jobs_seconds`, specifying TTL in seconds.
+  `keep_jobs` will be removed in the Argon release [#55295](https://github.com/saltstack/salt/issues/55295)
+- Removing all references to napalm-base which is no longer supported. [#61542](https://github.com/saltstack/salt/issues/61542)
+- The 'ip_bracket' function has been moved from salt/utils/zeromq.py in salt/utils/network.py [#62009](https://github.com/saltstack/salt/issues/62009)
+- The `expand_repo_def` function in `salt.modules.aptpkg` is now deprecated. It's only used in `salt.states.pkgrepo` and it has no use of being exposed to the CLI. [#62485](https://github.com/saltstack/salt/issues/62485)
+- Deprecated defunct Django returner [#62644](https://github.com/saltstack/salt/issues/62644)
+- Deprecate core ESXi and associated states and modules, vcenter and vsphere support in favor of Salt VMware Extensions [#62754](https://github.com/saltstack/salt/issues/62754)
+- Removing manufacture grain which has been deprecated. [#62914](https://github.com/saltstack/salt/issues/62914)
+- Removing deprecated utils/boto3_elasticsearch.py [#62915](https://github.com/saltstack/salt/issues/62915)
+- Removing support for the now deprecated _ext_nodes from salt/master.py. [#62917](https://github.com/saltstack/salt/issues/62917)
+- Deprecating the Salt Slack engine in favor of the Salt Slack Bolt Engine. [#63095](https://github.com/saltstack/salt/issues/63095)
+- `salt.utils.version.StrictVersion` is now deprecated and it's use should be replaced with `salt.utils.version.Version`. [#63383](https://github.com/saltstack/salt/issues/63383)
+
+# Changed
+
+- More intelligent diffing in changes of file.serialize state. [#48609](https://github.com/saltstack/salt/issues/48609)
+- Move deprecation of the neutron module to Argon. Please migrate to the neutronng module instead. [#49430](https://github.com/saltstack/salt/issues/49430)
+- ``umask`` is now a global state argument, instead of only applying to ``cmd``
+  states. [#57803](https://github.com/saltstack/salt/issues/57803)
+- Update pillar.obfuscate to accept kwargs in addition to args.  This is useful when passing in keyword arguments like saltenv that are then passed along to pillar.items. [#58971](https://github.com/saltstack/salt/issues/58971)
+- Improve support for listing macOS brew casks [#59439](https://github.com/saltstack/salt/issues/59439)
+- Add missing MariaDB Grants to mysql module.
+  MariaDB has added some grants in 10.4.x and 10.5.x that are not present here, which results in an error when creating.
+  Also improved exception handling in `grant_add` which did not log the original error message and replaced it with a generic error. [#61409](https://github.com/saltstack/salt/issues/61409)
+- Use VENV_PIP_TARGET environment variable as a default target for pip if present. [#62089](https://github.com/saltstack/salt/issues/62089)
+- Disabled FQDNs grains on macOS by default [#62168](https://github.com/saltstack/salt/issues/62168)
+- Replaced pyroute2.IPDB with pyroute2.NDB, as the former is deprecated [#62218](https://github.com/saltstack/salt/issues/62218)
+- Enhance capture of error messages for Zypper calls in zypperpkg module. [#62346](https://github.com/saltstack/salt/issues/62346)
+- Removed GPG_1_3_1 check [#62895](https://github.com/saltstack/salt/issues/62895)
+- Requisite state chunks now all consistently contain `__id__`, `__sls__` and `name`. [#63012](https://github.com/saltstack/salt/issues/63012)
+- netapi_enable_clients option to allow enabling/disabling of clients in salt-api.
+  By default all clients will now be disabled. Users of salt-api will need
+  to update their master config to enable the clients that they use. Not adding
+  the netapi_enable_clients option with required clients to the master config will
+  disable salt-api. [#63050](https://github.com/saltstack/salt/issues/63050)
+- Stop relying on `salt/_version.py` to write Salt's version. Instead use `salt/_version.txt` which only contains the version string. [#63383](https://github.com/saltstack/salt/issues/63383)
+- Set enable_fqdns_grains to be False by default. [#63595](https://github.com/saltstack/salt/issues/63595)
+- Changelog snippet files must now have a `.md` file extension to be more explicit on what type of rendering is done when they are included in the main `CHANGELOG.md` file. [#63710](https://github.com/saltstack/salt/issues/63710)
+
+# Fixed
+
+- Add kwargs to handle extra parameters for http.query [#36138](https://github.com/saltstack/salt/issues/36138)
+- Fix mounted bind mounts getting active mount options added [#39292](https://github.com/saltstack/salt/issues/39292)
+- Fix `sysctl.present` converts spaces to tabs. [#40054](https://github.com/saltstack/salt/issues/40054)
+- Fixes state pkg.purged to purge removed packages on Debian family systems [#42306](https://github.com/saltstack/salt/issues/42306)
+- Fix fun_args missing from syndic returns [#45823](https://github.com/saltstack/salt/issues/45823)
+- Fix mount.mounted with 'mount: False' reports unmounted file system as unchanged when running with test=True [#47201](https://github.com/saltstack/salt/issues/47201)
+- Issue #49310: Allow users to touch a file with Unix date of birth [#49310](https://github.com/saltstack/salt/issues/49310)
+- Do not raise an exception in pkg.info_installed on nonzero return code [#51620](https://github.com/saltstack/salt/issues/51620)
+- Passes the value of the force parameter from file.copy to its call to file.remove so that files with the read-only attribute are handled. [#51739](https://github.com/saltstack/salt/issues/51739)
+- Fixed x509.certificate_managed creates new certificate every run in the new cryptography x509 module. Please migrate to the new cryptography x509 module for this improvement. [#52167](https://github.com/saltstack/salt/issues/52167)
+- Don't check for cached pillar errors on state.apply [#52354](https://github.com/saltstack/salt/issues/52354), [#57180](https://github.com/saltstack/salt/issues/57180), [#59339](https://github.com/saltstack/salt/issues/59339)
+- Swapping out args and kwargs for arg and kwarg respectively in the Slack engine when the command passed is a runner. [#52400](https://github.com/saltstack/salt/issues/52400)
+- Ensure when we're adding chunks to the rules when running aggregation with the iptables state module we use a copy of the chunk otherwise we end up with a recursive mess. [#53353](https://github.com/saltstack/salt/issues/53353)
+- When user_create or user_remove fail, return False instead of returning the error. [#53377](https://github.com/saltstack/salt/issues/53377)
+- Include sync_roster when sync_all is called. [#53914](https://github.com/saltstack/salt/issues/53914)
+- Avoid warning noise in lograte.get [#53988](https://github.com/saltstack/salt/issues/53988)
+- Fixed listing revoked keys with gpg.list_keys [#54347](https://github.com/saltstack/salt/issues/54347)
+- Fix mount.mounted does not handle blanks properly [#54508](https://github.com/saltstack/salt/issues/54508)
+- Fixed grain num_cpus get wrong CPUs count in case of inconsistent CPU numbering. [#54682](https://github.com/saltstack/salt/issues/54682)
+- Fix spelling error for python_shell argument in dpkg_lower module [#54907](https://github.com/saltstack/salt/issues/54907)
+- Cleaned up bytes response data before sending to non-bytes compatible returners (postgres, mysql) [#55226](https://github.com/saltstack/salt/issues/55226)
+- Fixed malformed state return when testing file.managed with unavailable source file [#55269](https://github.com/saltstack/salt/issues/55269)
+- Included stdout in error message for Zypper calls in zypperpkg module. [#56016](https://github.com/saltstack/salt/issues/56016)
+- Fixed pillar.filter_by with salt-ssh [#56093](https://github.com/saltstack/salt/issues/56093)
+- Fix boto_route53 issue with (multiple) VPCs. [#57139](https://github.com/saltstack/salt/issues/57139)
+- Remove log from mine runner which was not used. [#57463](https://github.com/saltstack/salt/issues/57463)
+- Fixed x509.read_certificate error when reading a Microsoft CA issued certificate in the new cryptography x509 module. Please migrate to the new cryptography x509 module for this improvement. [#57535](https://github.com/saltstack/salt/issues/57535)
+- Updating Slack engine to use slack_bolt library. [#57842](https://github.com/saltstack/salt/issues/57842)
+- Fixed warning about replace=True with x509.certificate_managed in the new cryptography x509 module. [#58165](https://github.com/saltstack/salt/issues/58165)
+- Fix salt.modules.pip:is_installed doesn't handle locally installed packages [#58202](https://github.com/saltstack/salt/issues/58202)
+- Add missing MariaDB Grants to mysql module. MariaDB has added some grants in 10.4.x and 10.5.x that are not present here, which results in an error when creating. [#58297](https://github.com/saltstack/salt/issues/58297)
+- linux_shadow: Fix cases where malformed shadow entries cause `user.present`
+  states to fail. [#58423](https://github.com/saltstack/salt/issues/58423)
+- Fixed salt.utils.compat.cmp to work with dictionaries [#58729](https://github.com/saltstack/salt/issues/58729)
+- Fixed formatting for terse output mode [#58953](https://github.com/saltstack/salt/issues/58953)
+- Fixed RecursiveDictDiffer with added nested dicts [#59017](https://github.com/saltstack/salt/issues/59017)
+- Fixed x509.certificate_managed has DoS effect on master in the new cryptography x509 module. Please migrate to the new cryptography x509 module for this improvement. [#59169](https://github.com/saltstack/salt/issues/59169)
+- Fixed saltnado websockets disconnecting immediately [#59183](https://github.com/saltstack/salt/issues/59183)
+- Fixed x509.certificate_managed rolls certificates every now and then in the new cryptography x509 module. Please migrate to the new cryptography x509 module for this improvement. [#59315](https://github.com/saltstack/salt/issues/59315)
+- Fix postgres_privileges.present not idempotent for functions [#59585](https://github.com/saltstack/salt/issues/59585)
+- Fixed influxdb_continuous_query.present state to provide the client args to the underlying module on create. [#59766](https://github.com/saltstack/salt/issues/59766)
+- Warn when using insecure (http:// based) key_urls for apt-based systems in pkgrepo.managed, and add a kwarg that determines the validity of such a url. [#59786](https://github.com/saltstack/salt/issues/59786)
+- add load balancing policy default option and ensure the module can be executed with arguments from CLI [#59909](https://github.com/saltstack/salt/issues/59909)
+- Fix salt-ssh when using imports with extra-filerefs. [#60003](https://github.com/saltstack/salt/issues/60003)
+- Fixed cache directory corruption startup error [#60170](https://github.com/saltstack/salt/issues/60170)
+- Update docs remove dry_run in docstring of file.blockreplace state. [#60227](https://github.com/saltstack/salt/issues/60227)
+- Adds Parrot to OS_Family_Map in grains. [#60249](https://github.com/saltstack/salt/issues/60249)
+- Fixed stdout and stderr being empty sometimes when use_vt=True for the cmd.run[*] functions [#60365](https://github.com/saltstack/salt/issues/60365)
+- Use return code in iptables --check to verify rule exists. [#60467](https://github.com/saltstack/salt/issues/60467)
+- Fix regression pip.installed does not pass env_vars when calling pip.list [#60557](https://github.com/saltstack/salt/issues/60557)
+- Fix xfs module when additional output included in mkfs.xfs command. [#60853](https://github.com/saltstack/salt/issues/60853)
+- Fixed parsing new format of terraform states in roster.terraform [#60915](https://github.com/saltstack/salt/issues/60915)
+- Fixed recognizing installed ARMv7 rpm packages in compatible architectures. [#60994](https://github.com/saltstack/salt/issues/60994)
+- Fixing changes dict in pkg state to be consistent when installing and test=True. [#60995](https://github.com/saltstack/salt/issues/60995)
+- Fix cron.present duplicating entries when changing timespec to special. [#60997](https://github.com/saltstack/salt/issues/60997)
+- Made salt-ssh respect --wipe again [#61083](https://github.com/saltstack/salt/issues/61083)
+- state.orchestrate_single only passes a pillar if it is set to the state
+  function. This allows it to be used with state functions that don't accept a
+  pillar keyword argument. [#61092](https://github.com/saltstack/salt/issues/61092)
+- Fix ipset state when the comment kwarg is set. [#61122](https://github.com/saltstack/salt/issues/61122)
+- Fix issue with archive.unzip where the password was not being encoded for the extract function [#61422](https://github.com/saltstack/salt/issues/61422)
+- Some Linux distributions (like AlmaLinux, Astra Linux, Debian, Mendel, Linux
+  Mint, Pop!_OS, Rocky Linux) report different `oscodename`, `osfullname`,
+  `osfinger` grains if lsb-release is installed or not. They have been changed to
+  only derive these OS grains from `/etc/os-release`. [#61618](https://github.com/saltstack/salt/issues/61618)
+- Pop!_OS uses the full version (YY.MM) in the osfinger grain now, not just the year. This allows differentiating for example between 20.04 and 20.10. [#61619](https://github.com/saltstack/salt/issues/61619)
+- Fix ssh config roster to correctly parse the ssh config files that contain spaces. [#61650](https://github.com/saltstack/salt/issues/61650)
+- Fix SoftLayer configuration not raising an exception when a domain is missing [#61727](https://github.com/saltstack/salt/issues/61727)
+- Allow the minion to start or salt-call to run even if the user doesn't have permissions to read the root_dir value from the registry [#61789](https://github.com/saltstack/salt/issues/61789)
+- Need to move the creation of the proxy object for the ProxyMinion further down in the initialization for sub proxies to ensure that all modules, especially any custom proxy modules, are available before attempting to run the init function. [#61805](https://github.com/saltstack/salt/issues/61805)
+- Fixed malformed state return when merge-serializing to an improperly formatted file [#61814](https://github.com/saltstack/salt/issues/61814)
+- Made cmdmod._run[_all]_quiet work during minion startup on MacOS with runas specified (which fixed mac_service) [#61816](https://github.com/saltstack/salt/issues/61816)
+- When deleting the vault cache, also delete from the session cache [#61821](https://github.com/saltstack/salt/issues/61821)
+- Ignore errors on reading license info with dpkg_lowpkg to prevent tracebacks on getting package information. [#61827](https://github.com/saltstack/salt/issues/61827)
+- win_lgpo: Display conflicting policy names when more than one policy is found [#61859](https://github.com/saltstack/salt/issues/61859)
+- win_lgpo: Fixed intermittent KeyError when getting policy setting using lgpo.get_policy [#61860](https://github.com/saltstack/salt/issues/61860)
+- Fixed listing minions on OpenBSD [#61966](https://github.com/saltstack/salt/issues/61966)
+- Make Salt to return an error on "pkg" modules and states when targeting duplicated package names [#62019](https://github.com/saltstack/salt/issues/62019)
+- Fix return of REST-returned permissions when auth_list is set [#62022](https://github.com/saltstack/salt/issues/62022)
+- Normalize package names once on using pkg.installed/removed with yum to make it possible to install packages with the name containing a part similar to a name of architecture. [#62029](https://github.com/saltstack/salt/issues/62029)
+- Fix inconsitency regarding name and pkgs parameters between zypperpkg.upgrade() and yumpkg.upgrade() [#62030](https://github.com/saltstack/salt/issues/62030)
+- Fix attr=all handling in pkg.list_pkgs() (yum/zypper). [#62032](https://github.com/saltstack/salt/issues/62032)
+- Fixed the humanname being ignored in pkgrepo.managed on openSUSE Leap [#62053](https://github.com/saltstack/salt/issues/62053)
+- Fixed issue with some LGPO policies having whitespace at the beginning or end of the element alias [#62058](https://github.com/saltstack/salt/issues/62058)
+- Fix ordering of args to libcloud_storage.download_object module [#62074](https://github.com/saltstack/salt/issues/62074)
+- Ignore extend declarations in sls files that are excluded. [#62082](https://github.com/saltstack/salt/issues/62082)
+- Remove leftover usage of impacket [#62101](https://github.com/saltstack/salt/issues/62101)
+- Pass executable path from _get_path_exec() is used when calling the program.
+  The $HOME env is no longer modified globally.
+  Only trailing newlines are stripped from the fetched secret.
+  Pass process arguments are handled in a secure way. [#62120](https://github.com/saltstack/salt/issues/62120)
+- Ignore some command return codes in openbsdrcctl_service to prevent spurious errors [#62131](https://github.com/saltstack/salt/issues/62131)
+- Fixed extra period in filename output in tls module. Instead of "server.crt." it will now be "server.crt". [#62139](https://github.com/saltstack/salt/issues/62139)
+- Make sure lingering PAexec-*.exe files in the Windows directory are cleaned up [#62152](https://github.com/saltstack/salt/issues/62152)
+- Restored Salt's DeprecationWarnings [#62185](https://github.com/saltstack/salt/issues/62185)
+- Fixed issue with forward slashes on Windows with file.recurse and clean=True [#62197](https://github.com/saltstack/salt/issues/62197)
+- Recognize OSMC as Debian-based [#62198](https://github.com/saltstack/salt/issues/62198)
+- Fixed Zypper module failing on RPM lock file being temporarily unavailable. [#62204](https://github.com/saltstack/salt/issues/62204)
+- Improved error handling and diagnostics in the proxmox salt-cloud driver [#62211](https://github.com/saltstack/salt/issues/62211)
+- Added EndeavourOS to the Arch os_family. [#62220](https://github.com/saltstack/salt/issues/62220)
+- Fix salt-ssh not detecting `platform-python` as a valid interpreter on EL8 [#62235](https://github.com/saltstack/salt/issues/62235)
+- Fix pkg.version_cmp on openEuler and a few other os flavors. [#62248](https://github.com/saltstack/salt/issues/62248)
+- Fix localhost detection in glusterfs.peers [#62273](https://github.com/saltstack/salt/issues/62273)
+- Fix Salt Package Manager (SPM) exception when calling spm create_repo . [#62281](https://github.com/saltstack/salt/issues/62281)
+- Fix matcher slowness due to loader invocation [#62283](https://github.com/saltstack/salt/issues/62283)
+- Fixes the Puppet module for non-aio Puppet packages for example running the Puppet module on FreeBSD. [#62323](https://github.com/saltstack/salt/issues/62323)
+- Issue 62334: Displays a debug log message instead of an error log message when the publisher fails to connect [#62334](https://github.com/saltstack/salt/issues/62334)
+- Fix pyobjects renderer access to opts and sls [#62336](https://github.com/saltstack/salt/issues/62336)
+- Fix use of random shuffle and sample functions as Jinja filters [#62372](https://github.com/saltstack/salt/issues/62372)
+- Fix groups with duplicate GIDs are not returned by get_group_list [#62377](https://github.com/saltstack/salt/issues/62377)
+- Fix the "zpool.present" state when enabling zpool features that are already active. [#62390](https://github.com/saltstack/salt/issues/62390)
+- Fix ability to execute remote file client methods in saltcheck [#62398](https://github.com/saltstack/salt/issues/62398)
+- Update all platforms to use pycparser 2.21 or greater for Py 3.9 or higher, fixes fips fault with openssl v3.x [#62400](https://github.com/saltstack/salt/issues/62400)
+- Due to changes in the Netmiko library for the exception paths, need to check the version of Netmiko python library and then import the exceptions from different locations depending on the result. [#62405](https://github.com/saltstack/salt/issues/62405)
+- When using preq on a state, then prereq state will first be run with test=True to determine if there are changes.  When there are changes, the state with the prereq option will be run prior to the prereq state.  If this state fails then the prereq state will not run and the state output uses the test=True run.  However, the proposed changes are included for the prereq state are included from the test=True run.  We should pull those out as there weren't actually changes since the prereq state did not run. [#62408](https://github.com/saltstack/salt/issues/62408)
+- Added directory mode for file.copy with makedirs [#62426](https://github.com/saltstack/salt/issues/62426)
+- Provide better error handling in the various napalm proxy minion functions when the device is not accessible. [#62435](https://github.com/saltstack/salt/issues/62435)
+- When handling aggregation, change the order to ensure that the requisites are aggregated first and then the state functions are aggregated.  Caching whether aggregate functions are available for particular states so we don't need to attempt to load them everytime. [#62439](https://github.com/saltstack/salt/issues/62439)
+- The patch allows to boostrap kubernetes clusters in the version above 1.13 via salt module [#62451](https://github.com/saltstack/salt/issues/62451)
+- sysctl.persist now updates the in-memory value on FreeBSD even if the on-disk value was already correct. [#62461](https://github.com/saltstack/salt/issues/62461)
+- Fixed parsing CDROM apt sources [#62474](https://github.com/saltstack/salt/issues/62474)
+- Update sanitizing masking for Salt SSH to include additional password like strings. [#62483](https://github.com/saltstack/salt/issues/62483)
+- Fix user/group checking on file state functions in the test mode. [#62499](https://github.com/saltstack/salt/issues/62499)
+- Fix user.present to allow removing groups using optional_groups parameter and enforcing idempotent group membership. [#62502](https://github.com/saltstack/salt/issues/62502)
+- Fix possible tracebacks if there is a package with '------' or '======' in the description is installed on the Debian based minion. [#62519](https://github.com/saltstack/salt/issues/62519)
+- Fixed the omitted "pool" parameter when cloning a VM with the proxmox salt-cloud driver [#62521](https://github.com/saltstack/salt/issues/62521)
+- Fix rendering of pyobjects states in saltcheck [#62523](https://github.com/saltstack/salt/issues/62523)
+- Fixes pillar where a corrupted CacheDisk file forces the pillar to be rebuilt [#62527](https://github.com/saltstack/salt/issues/62527)
+- Use str() method instead of repo_line for when python3-apt is installed or not in aptpkg.py. [#62546](https://github.com/saltstack/salt/issues/62546)
+- Remove the connection_timeout from netmiko_connection_args before netmiko_connection_args is added to __context__["netmiko_device"]["args"] which is passed along to the Netmiko library. [#62547](https://github.com/saltstack/salt/issues/62547)
+- Fix order specific mount.mounted options for persist [#62556](https://github.com/saltstack/salt/issues/62556)
+- Fixed salt-cloud cloning a proxmox VM with a specified new vmid. [#62558](https://github.com/saltstack/salt/issues/62558)
+- Fix runas with cmd module when using the onedir bundled packages [#62565](https://github.com/saltstack/salt/issues/62565)
+- Update setproctitle version for all platforms [#62576](https://github.com/saltstack/salt/issues/62576)
+- Fixed missing parameters when cloning a VM with the proxmox salt-cloud driver [#62580](https://github.com/saltstack/salt/issues/62580)
+- Handle PermissionError when importing crypt when FIPS is enabled. [#62587](https://github.com/saltstack/salt/issues/62587)
+- Correctly reraise exceptions in states.http [#62595](https://github.com/saltstack/salt/issues/62595)
+- Fixed syndic eauth. Now jobs will be published when a valid eauth user is targeting allowed minions/functions. [#62618](https://github.com/saltstack/salt/issues/62618)
+- updated rest_cherry/app to properly detect arg sent as a string as curl will do when only one arg is supplied. [#62624](https://github.com/saltstack/salt/issues/62624)
+- Prevent possible tracebacks in core grains module by ignoring non utf8 characters in /proc/1/environ, /proc/1/cmdline, /proc/cmdline [#62633](https://github.com/saltstack/salt/issues/62633)
+- Fixed vault ext pillar return data for KV v2 [#62651](https://github.com/saltstack/salt/issues/62651)
+- Fix saltcheck _get_top_states doesn't pass saltenv to state.show_top [#62654](https://github.com/saltstack/salt/issues/62654)
+- Fix groupadd.* functions hard code relative command name [#62657](https://github.com/saltstack/salt/issues/62657)
+- Fixed pdbedit.create trying to use a bytes-like hash as string. [#62670](https://github.com/saltstack/salt/issues/62670)
+- Fix depenency on legacy boto module in boto3 modules [#62672](https://github.com/saltstack/salt/issues/62672)
+- Modified "_get_flags" function so that it returns regex flags instead of integers [#62676](https://github.com/saltstack/salt/issues/62676)
+- Change startup ReqServer log messages from error to info level. [#62728](https://github.com/saltstack/salt/issues/62728)
+- Fix kmod.* functions hard code relative command name [#62772](https://github.com/saltstack/salt/issues/62772)
+- Fix mac_brew_pkg to work with null taps [#62793](https://github.com/saltstack/salt/issues/62793)
+- Fixing a bug when listing the running schedule if "schedule.enable" and/or "schedule.disable" has been run, where the "enabled" items is being treated as a schedule item. [#62795](https://github.com/saltstack/salt/issues/62795)
+- Prevent annoying RuntimeWarning message about line buffering (buffering=1) not being supported in binary mode [#62817](https://github.com/saltstack/salt/issues/62817)
+- Include UID and GID checks in modules.file.check_perms as well as comparing
+  ownership by username and group name. [#62818](https://github.com/saltstack/salt/issues/62818)
+- Fix presence events on TCP transport by removing a client's presence when minion disconnects from publish channel correctly [#62826](https://github.com/saltstack/salt/issues/62826)
+- Remove Azure deprecation messages from functions that always run w/ salt-cloud [#62845](https://github.com/saltstack/salt/issues/62845)
+- Use select instead of iterating over entrypoints as a dictionary for importlib_metadata>=5.0.0 [#62854](https://github.com/saltstack/salt/issues/62854)
+- Fixed master job scheduler using when [#62858](https://github.com/saltstack/salt/issues/62858)
+- LGPO: Added support for missing domain controller policies: VulnerableChannelAllowList and LdapEnforceChannelBinding [#62873](https://github.com/saltstack/salt/issues/62873)
+- Fix unnecessarily complex gce metadata grains code to use googles metadata service more effectively. [#62878](https://github.com/saltstack/salt/issues/62878)
+- Fixed dockermod version_info function for docker-py 6.0.0+ [#62882](https://github.com/saltstack/salt/issues/62882)
+- Moving setting the LOAD_BALANCING_POLICY_MAP dictionary into the try except block that determines if the cassandra_cql module should be made available. [#62886](https://github.com/saltstack/salt/issues/62886)
+- Updating various MongoDB module functions to work with latest version of pymongo. [#62900](https://github.com/saltstack/salt/issues/62900)
+- Restored channel for Syndic minions to send job returns to the Salt master. [#62933](https://github.com/saltstack/salt/issues/62933)
+- removed _resolve_deps as it required a library that is not generally avalible. and switched to apt-get for everything as that can auto resolve dependencies. [#62934](https://github.com/saltstack/salt/issues/62934)
+- Updated pyzmq to version 22.0.3 on Windows builds because the old version was causing salt-minion/salt-call to hang [#62937](https://github.com/saltstack/salt/issues/62937)
+- Allow root user to modify crontab lines for non-root users (except AIX and Solaris). Align crontab line changes with the file ones and also with listing crontab. [#62940](https://github.com/saltstack/salt/issues/62940)
+- Fix systemd_service.* functions hard code relative command name [#62942](https://github.com/saltstack/salt/issues/62942)
+- Fix file.symlink backupname operation can copy remote contents to local disk [#62953](https://github.com/saltstack/salt/issues/62953)
+- Issue #62968: Fix issue where cloud deployments were putting the keys in the wrong location on Windows hosts [#62968](https://github.com/saltstack/salt/issues/62968)
+- Fixed gpg_passphrase issue with gpg decrypt/encrypt functions [#62977](https://github.com/saltstack/salt/issues/62977)
+- Fix file.tidied FileNotFoundError [#62986](https://github.com/saltstack/salt/issues/62986)
+- Fixed bug where module.wait states were detected as running legacy module.run syntax [#62988](https://github.com/saltstack/salt/issues/62988)
+- Fixed issue with win_wua module where it wouldn't load if the CryptSvc was set to Manual start [#62993](https://github.com/saltstack/salt/issues/62993)
+- The `__opts__` dunder dictionary is now added to the loader's `pack` if not
+  already present, which makes it accessible via the
+  `salt.loader.context.NamedLoaderContext` class. [#63013](https://github.com/saltstack/salt/issues/63013)
+- Issue #63024: Fix issue where grains and config data were being place in the wrong location on Windows hosts [#63024](https://github.com/saltstack/salt/issues/63024)
+- Fix btrfs.subvolume_snapshot command failing [#63025](https://github.com/saltstack/salt/issues/63025)
+- Fix file.retention_schedule always reports changes [#63033](https://github.com/saltstack/salt/issues/63033)
+- Fix mongo authentication for mongo ext_pillar and mongo returner
+
+  This fix also include the ability to use the mongo connection string for mongo ext_pillar [#63058](https://github.com/saltstack/salt/issues/63058)
+- Fixed x509.create_csr creates invalid CSR by default in the new cryptography x509 module. [#63103](https://github.com/saltstack/salt/issues/63103)
+- TCP transport documentation now contains proper master/minion-side filtering information [#63120](https://github.com/saltstack/salt/issues/63120)
+- Fixed gpg.verify does not respect gnupghome [#63145](https://github.com/saltstack/salt/issues/63145)
+- Made pillar cache pass extra minion data as well [#63208](https://github.com/saltstack/salt/issues/63208)
+- Fix serious performance issues with the file.tidied module [#63231](https://github.com/saltstack/salt/issues/63231)
+- Fix rpm_lowpkg version comparison logic when using rpm-vercmp and only one version has a release number. [#63317](https://github.com/saltstack/salt/issues/63317)
+- Import StrictVersion and LooseVersion from setuptools.distutils.verison or setuptools._distutils.version, if first not available [#63350](https://github.com/saltstack/salt/issues/63350)
+- When the shell is passed as powershell or pwsh, only wrapper the shell in quotes if cmd.run is running on Windows.  When quoted on Linux hosts, this results in an error when the keyword arguments are appended. [#63590](https://github.com/saltstack/salt/issues/63590)
+- LGPO: Added support for "Relax minimum password length limits" [#63596](https://github.com/saltstack/salt/issues/63596)
+- When a job is disabled only increase it's _next_fire_time value if the job would have run at the current time, eg. the current _next_fire_time == now. [#63699](https://github.com/saltstack/salt/issues/63699)
+- Check file is not empty before attempting to read pillar disk cache file [#63729](https://github.com/saltstack/salt/issues/63729)
+- fix cherrypy 400 error output to be less generic. [#63835](https://github.com/saltstack/salt/issues/63835)
+- remove eval and update logging to be more informative on bad config [#63879](https://github.com/saltstack/salt/issues/63879)
+
+# Added
+
+- Introduce a `LIB_STATE_DIR` syspaths variable which defaults to `CONFIG_DIR`,
+  but can be individually customized during installation by specifying
+  `--salt-lib-state-dir` during installation. Change the default `pki_dir` to
+  `<LIB_STATE_DIR>/pki/master` (for the master) and `<LIB_STATE_DIR>/pki/minion`
+  (for the minion). [#3396](https://github.com/saltstack/salt/issues/3396)
+- Allow users to enable 'queue=True' for all state runs via config file [#31468](https://github.com/saltstack/salt/issues/31468)
+- Added pillar templating to vault policies [#43287](https://github.com/saltstack/salt/issues/43287)
+- Add support for NVMeF as a transport protocol for hosts in a Pure Storage FlashArray [#51088](https://github.com/saltstack/salt/issues/51088)
+- A new salt-ssh roster that generates a roster by parses a known_hosts file. [#54679](https://github.com/saltstack/salt/issues/54679)
+- Added Windows Event Viewer support [#54713](https://github.com/saltstack/salt/issues/54713)
+- Added the win_lgpo_reg state and execution modules which will allow registry based group policy to be set directly in the Registry.pol file [#56013](https://github.com/saltstack/salt/issues/56013)
+- Added resource tagging functions to boto_dynamodb execution module [#57500](https://github.com/saltstack/salt/issues/57500)
+- Added `openvswitch_db` state module and functions `bridge_to_parent`,
+  `bridge_to_vlan`, `db_get`, and `db_set` to the `openvswitch` execution module.
+  Also added optional `parent` and `vlan` parameters to the
+  `openvswitch_bridge.present` state module function and the
+  `openvswitch.bridge_create` execution module function. [#58986](https://github.com/saltstack/salt/issues/58986)
+- State module to manage SysFS attributes [#60154](https://github.com/saltstack/salt/issues/60154)
+- Added ability for `salt.wait_for_event` to handle `event_id`s that have a list value. [#60430](https://github.com/saltstack/salt/issues/60430)
+- Added suport for Linux ppc64le core grains (cpu_model, virtual, productname, manufacturer, serialnumber) and arm core grains (serialnumber, productname) [#60518](https://github.com/saltstack/salt/issues/60518)
+- Added autostart option to virt.defined and virt.running states, along with virt.update execution modules. [#60700](https://github.com/saltstack/salt/issues/60700)
+- Added .0 back to our versioning scheme for future versions (e.g. 3006.0) [#60722](https://github.com/saltstack/salt/issues/60722)
+- Initial work to allow parallel startup of proxy minions when used as sub proxies with Deltaproxy. [#61153](https://github.com/saltstack/salt/issues/61153)
+- Added node label support for GCE [#61245](https://github.com/saltstack/salt/issues/61245)
+- Support the --priority flag when adding sources to Chocolatey. [#61319](https://github.com/saltstack/salt/issues/61319)
+- Add namespace option to ext_pillar.http_json [#61335](https://github.com/saltstack/salt/issues/61335)
+- Added a filter function to ps module to get a list of processes on a minion according to their state. [#61420](https://github.com/saltstack/salt/issues/61420)
+- Add postgres.timeout option to postgres module for limiting postgres query times [#61433](https://github.com/saltstack/salt/issues/61433)
+- Added new optional vault option, ``config_location``. This can be either ``master`` or ``local`` and defines where vault will look for connection details, either requesting them from the master or using the local config. [#61857](https://github.com/saltstack/salt/issues/61857)
+- Add ipwrap() jinja filter to wrap IPv6 addresses with brackets. [#61931](https://github.com/saltstack/salt/issues/61931)
+- 'tcp' transport is now available in ipv6-only network [#62009](https://github.com/saltstack/salt/issues/62009)
+- Add `diff_attr` parameter to pkg.upgrade() (zypper/yum). [#62031](https://github.com/saltstack/salt/issues/62031)
+- Config option pass_variable_prefix allows to distinguish variables that contain paths to pass secrets.
+  Config option pass_strict_fetch allows to error out when a secret cannot be fetched from pass.
+  Config option pass_dir allows setting the PASSWORD_STORE_DIR env for pass.
+  Config option pass_gnupghome allows setting the $GNUPGHOME env for pass. [#62120](https://github.com/saltstack/salt/issues/62120)
+- Add file.pruned state and expanded file.rmdir exec module functionality [#62178](https://github.com/saltstack/salt/issues/62178)
+- Added "dig.PTR" function to resolve PTR records for IPs, as well as tests and documentation [#62275](https://github.com/saltstack/salt/issues/62275)
+- Added the ability to remove a KB using the DISM state/execution modules [#62366](https://github.com/saltstack/salt/issues/62366)
+- Add "<tiamat> python" subcommand to allow execution or arbitrary scripts via bundled Python runtime [#62381](https://github.com/saltstack/salt/issues/62381)
+- Add ability to provide conditions which convert normal state actions to no-op when true [#62446](https://github.com/saltstack/salt/issues/62446)
+- Added debug log messages displaying the command being run when installing packages on Windows [#62480](https://github.com/saltstack/salt/issues/62480)
+- Add biosvendor grain [#62496](https://github.com/saltstack/salt/issues/62496)
+- Add ifelse Jinja function as found in CFEngine [#62508](https://github.com/saltstack/salt/issues/62508)
+- Implementation of Amazon EC2 instance detection and setting `virtual_subtype` grain accordingly including the product if possible to identify. [#62539](https://github.com/saltstack/salt/issues/62539)
+- Adds __env__substitution to ext_pillar.stack; followup of #61531, improved exception handling for stacked template (jinja) template rendering and yaml parsing in ext_pillar.stack [#62578](https://github.com/saltstack/salt/issues/62578)
+- Increase file.tidied flexibility with regard to age and size [#62678](https://github.com/saltstack/salt/issues/62678)
+- Added "connected_devices" feature to netbox pillar module. It contains extra information about devices connected to the minion [#62761](https://github.com/saltstack/salt/issues/62761)
+- Add atomic file operation for symlink changes [#62768](https://github.com/saltstack/salt/issues/62768)
+- Add password/account locking/unlocking in user.present state on supported operating systems [#62856](https://github.com/saltstack/salt/issues/62856)
+- Added onchange configuration for script engine [#62867](https://github.com/saltstack/salt/issues/62867)
+- Added output and bare functionality to export_key gpg module function [#62978](https://github.com/saltstack/salt/issues/62978)
+- Add keyvalue serializer for environment files [#62983](https://github.com/saltstack/salt/issues/62983)
+- Add ability to ignore symlinks in file.tidied [#63042](https://github.com/saltstack/salt/issues/63042)
+- salt-cloud support IMDSv2 tokens when using 'use-instance-role-credentials' [#63067](https://github.com/saltstack/salt/issues/63067)
+- Add ability for file.symlink to not set ownership on existing links [#63093](https://github.com/saltstack/salt/issues/63093)
+- Restore the previous slack engine and deprecate it, rename replace the slack engine to slack_bolt until deprecation [#63095](https://github.com/saltstack/salt/issues/63095)
+- Add functions that will return the underlying block device, mount point, and filesystem type for a given path [#63098](https://github.com/saltstack/salt/issues/63098)
+- Add ethtool execution and state module functions for pause [#63128](https://github.com/saltstack/salt/issues/63128)
+- Add boardname grain [#63131](https://github.com/saltstack/salt/issues/63131)
+- Added management of ECDSA/EdDSA private keys with x509 modules in the new cryptography x509 module. Please migrate to the new cryptography x509 module for this improvement. [#63248](https://github.com/saltstack/salt/issues/63248)
+- Added x509 modules support for different output formats in the new cryptography x509 module. Please migrate to the new cryptography x509 module for this improvement. [#63249](https://github.com/saltstack/salt/issues/63249)
+- Added deprecation_warning test state for ensuring that deprecation warnings are correctly emitted. [#63315](https://github.com/saltstack/salt/issues/63315)
+- Adds a state_events option to state.highstate, state.apply, state.sls, state.sls_id.
+  This allows users to enable state_events on a per use basis rather than having to
+  enable them globally for all state runs. [#63316](https://github.com/saltstack/salt/issues/63316)
+- Allow max queue size setting for state runs to prevent performance problems from queue growth [#63356](https://github.com/saltstack/salt/issues/63356)
+- Add support of exposing meta_server_grains for Azure VMs [#63606](https://github.com/saltstack/salt/issues/63606)
+- Include the version of `relenv` in the versions report. [#63827](https://github.com/saltstack/salt/issues/63827)
+- Added debug log messages displaying the command being run when removing packages on Windows [#63866](https://github.com/saltstack/salt/issues/63866)
+
+
 * Wed Mar 01 2023 Salt Project Packaging <saltproject-packaging@vmware.com> - 3006.0~rc1

 # Removed
--- a/pkg/tests/download/test_pkg_download.py
+++ b/pkg/tests/download/test_pkg_download.py
@ -201,25 +201,20 @@ def root_url(salt_release):
        salt_path = "salt_rc/salt"
    else:
        salt_path = "salt"
-    if repo_type == "staging":
-        salt_repo_user = os.environ.get("SALT_REPO_USER")
-        if salt_repo_user:
-            log.warning(
-                "SALT_REPO_USER: %s",
-                salt_repo_user[0]
-                + "*" * (len(salt_repo_user) - 2)
-                + salt_repo_user[-1],
-            )
-        salt_repo_pass = os.environ.get("SALT_REPO_PASS")
-        if salt_repo_pass:
-            log.warning(
-                "SALT_REPO_PASS: %s",
-                salt_repo_pass[0]
-                + "*" * (len(salt_repo_pass) - 2)
-                + salt_repo_pass[-1],
-            )
-        if salt_repo_user and salt_repo_pass:
-            repo_domain = f"{salt_repo_user}:{salt_repo_pass}@{repo_domain}"
+    salt_repo_user = os.environ.get("SALT_REPO_USER")
+    if salt_repo_user:
+        log.warning(
+            "SALT_REPO_USER: %s",
+            salt_repo_user[0] + "*" * (len(salt_repo_user) - 2) + salt_repo_user[-1],
+        )
+    salt_repo_pass = os.environ.get("SALT_REPO_PASS")
+    if salt_repo_pass:
+        log.warning(
+            "SALT_REPO_PASS: %s",
+            salt_repo_pass[0] + "*" * (len(salt_repo_pass) - 2) + salt_repo_pass[-1],
+        )
+    if salt_repo_user and salt_repo_pass:
+        repo_domain = f"{salt_repo_user}:{salt_repo_pass}@{repo_domain}"
    _root_url = f"https://{repo_domain}/{salt_path}/py3"
    log.info("Repository Root URL: %s", _root_url)
    return _root_url
--- a/requirements/darwin.txt
+++ b/requirements/darwin.txt
@ -5,7 +5,7 @@
 apache-libcloud>=2.4.0
 backports.ssl_match_hostname>=3.7.0.1; python_version < '3.7'
 cherrypy>=17.4.1
-cryptography>=2.6.1
+cryptography>=39.0.1
 gitpython>=3.1.30; python_version >= '3.7'
 idna>=2.8
 linode-python>=1.1.1
--- a/requirements/static/ci/py3.10/cloud.txt
+++ b/requirements/static/ci/py3.10/cloud.txt
@ -385,8 +385,9 @@ contextvars==2.4
    # via -r requirements/base.txt
 croniter==1.0.15 ; sys_platform != "win32"
    # via -r requirements/static/ci/common.in
-cryptography==3.3.2
+cryptography==39.0.2
    # via
+    #   -r requirements/static/pkg/linux.in
    #   adal
    #   azure-cosmosdb-table
    #   azure-keyvault
@ -670,7 +671,7 @@ pyjwt==2.4.0
    # via adal
 pynacl==1.4.0
    # via paramiko
-pyopenssl==20.0.1
+pyopenssl==23.0.0
    # via
    #   -r requirements/static/pkg/linux.in
    #   etcd3-py
@ -807,7 +808,6 @@ six==1.16.0
    #   bcrypt
    #   cassandra-driver
    #   cheroot
-    #   cryptography
    #   etcd3-py
    #   genshi
    #   geomet
@ -821,7 +821,6 @@ six==1.16.0
    #   paramiko
    #   profitbricks
    #   pynacl
-    #   pyopenssl
    #   pypsexec
    #   python-dateutil
    #   pyvmomi
--- a/requirements/static/ci/py3.10/darwin.txt
+++ b/requirements/static/ci/py3.10/darwin.txt
@ -386,7 +386,7 @@ contextvars==2.4
    # via -r requirements/base.txt
 croniter==0.3.29 ; sys_platform != "win32"
    # via -r requirements/static/ci/common.in
-cryptography==3.3.2
+cryptography==39.0.2
    # via
    #   -r requirements/darwin.txt
    #   adal
@ -672,7 +672,7 @@ pyjwt==2.4.0
    # via adal
 pynacl==1.3.0
    # via paramiko
-pyopenssl==19.0.0
+pyopenssl==23.0.0
    # via
    #   -r requirements/darwin.txt
    #   etcd3-py
@ -800,7 +800,6 @@ six==1.16.0
    #   bcrypt
    #   cassandra-driver
    #   cheroot
-    #   cryptography
    #   etcd3-py
    #   genshi
    #   geomet
@ -814,7 +813,6 @@ six==1.16.0
    #   ncclient
    #   paramiko
    #   pynacl
-    #   pyopenssl
    #   python-dateutil
    #   pyvmomi
    #   responses
--- a/requirements/static/ci/py3.10/docs.txt
+++ b/requirements/static/ci/py3.10/docs.txt
@ -78,7 +78,7 @@ looseversion==1.0.2
    # via
    #   -c requirements/static/ci/py3.10/linux.txt
    #   -r requirements/base.txt
-markdown-it-py==2.1.0
+markdown-it-py==2.2.0
    # via
    #   mdit-py-plugins
    #   myst-docutils
--- a/requirements/static/ci/py3.10/freebsd.txt
+++ b/requirements/static/ci/py3.10/freebsd.txt
@ -384,7 +384,7 @@ contextvars==2.4
    # via -r requirements/base.txt
 croniter==0.3.29 ; sys_platform != "win32"
    # via -r requirements/static/ci/common.in
-cryptography==3.3.2
+cryptography==39.0.2
    # via
    #   adal
    #   azure-cosmosdb-table
@ -669,7 +669,7 @@ pyjwt==2.4.0
    # via adal
 pynacl==1.3.0
    # via paramiko
-pyopenssl==19.1.0
+pyopenssl==23.0.0
    # via
    #   -r requirements/static/pkg/freebsd.in
    #   etcd3-py
@ -796,7 +796,6 @@ six==1.16.0
    #   bcrypt
    #   cassandra-driver
    #   cheroot
-    #   cryptography
    #   etcd3-py
    #   genshi
    #   geomet
@ -812,7 +811,6 @@ six==1.16.0
    #   ncclient
    #   paramiko
    #   pynacl
-    #   pyopenssl
    #   python-dateutil
    #   pyvmomi
    #   responses
--- a/requirements/static/ci/py3.10/lint.txt
+++ b/requirements/static/ci/py3.10/lint.txt
@ -390,8 +390,9 @@ contextvars==2.4
    # via -r requirements/base.txt
 croniter==1.0.15 ; sys_platform != "win32"
    # via -r requirements/static/ci/common.in
-cryptography==3.4.7
+cryptography==39.0.2
    # via
+    #   -r requirements/static/pkg/linux.in
    #   adal
    #   ansible-core
    #   azure-cosmosdb-table
@ -674,7 +675,7 @@ pymysql==1.0.2 ; python_version > "3.5"
    # via -r requirements/static/ci/linux.in
 pynacl==1.4.0
    # via paramiko
-pyopenssl==20.0.1
+pyopenssl==23.0.0
    # via
    #   -r requirements/static/pkg/linux.in
    #   etcd3-py
@ -793,7 +794,6 @@ six==1.16.0
    #   ncclient
    #   paramiko
    #   pynacl
-    #   pyopenssl
    #   python-consul
    #   python-dateutil
    #   pyvmomi
--- a/requirements/static/ci/py3.10/linux.txt
+++ b/requirements/static/ci/py3.10/linux.txt
@ -398,8 +398,9 @@ contextvars==2.4
    # via -r requirements/base.txt
 croniter==0.3.29 ; sys_platform != "win32"
    # via -r requirements/static/ci/common.in
-cryptography==3.3.2
+cryptography==39.0.2
    # via
+    #   -r requirements/static/pkg/linux.in
    #   adal
    #   ansible-core
    #   azure-cosmosdb-table
@ -688,7 +689,7 @@ pymysql==1.0.2 ; python_version > "3.5"
    # via -r requirements/static/ci/linux.in
 pynacl==1.3.0
    # via paramiko
-pyopenssl==19.1.0
+pyopenssl==23.0.0
    # via
    #   -r requirements/static/pkg/linux.in
    #   etcd3-py
@ -833,7 +834,6 @@ six==1.16.0
    #   bcrypt
    #   cassandra-driver
    #   cheroot
-    #   cryptography
    #   etcd3-py
    #   genshi
    #   geomet
@ -848,7 +848,6 @@ six==1.16.0
    #   ncclient
    #   paramiko
    #   pynacl
-    #   pyopenssl
    #   python-consul
    #   python-dateutil
    #   pyvmomi
--- a/requirements/static/ci/py3.10/tools.txt
+++ b/requirements/static/ci/py3.10/tools.txt
@ -36,7 +36,7 @@ pygments==2.13.0
    # via rich
 python-dateutil==2.8.2
    # via botocore
-python-tools-scripts==0.11.1
+python-tools-scripts==0.12.0
    # via -r requirements/static/ci/tools.in
 pyyaml==6.0
    # via -r requirements/static/ci/tools.in
--- a/requirements/static/ci/py3.10/windows.txt
+++ b/requirements/static/ci/py3.10/windows.txt
@ -71,7 +71,7 @@ colorama==0.4.1
    # via pytest
 contextvars==2.4
    # via -r requirements/base.txt
-cryptography==3.4.7
+cryptography==39.0.2
    # via
    #   -r requirements/windows.txt
    #   etcd3-py
@ -239,7 +239,7 @@ pymssql==2.2.7
    # via -r requirements/windows.txt
 pymysql==1.0.2
    # via -r requirements/windows.txt
-pyopenssl==20.0.1
+pyopenssl==23.0.0
    # via
    #   -r requirements/windows.txt
    #   etcd3-py
@ -364,7 +364,6 @@ six==1.15.0
    #   jsonschema
    #   kubernetes
    #   mock
-    #   pyopenssl
    #   python-dateutil
    #   pyvmomi
    #   pywinrm
--- a/requirements/static/ci/py3.7/cloud.txt
+++ b/requirements/static/ci/py3.7/cloud.txt
@ -392,8 +392,9 @@ contextvars==2.4
    # via -r requirements/base.txt
 croniter==1.0.15 ; sys_platform != "win32"
    # via -r requirements/static/ci/common.in
-cryptography==3.3.2
+cryptography==39.0.2
    # via
+    #   -r requirements/static/pkg/linux.in
    #   adal
    #   azure-cosmosdb-table
    #   azure-keyvault
@ -712,7 +713,7 @@ pyjwt==2.4.0
    # via adal
 pynacl==1.4.0
    # via paramiko
-pyopenssl==20.0.1
+pyopenssl==23.0.0
    # via
    #   -r requirements/static/pkg/linux.in
    #   etcd3-py
@ -856,7 +857,6 @@ six==1.16.0
    #   bcrypt
    #   cassandra-driver
    #   cheroot
-    #   cryptography
    #   etcd3-py
    #   genshi
    #   geomet
@ -870,7 +870,6 @@ six==1.16.0
    #   paramiko
    #   profitbricks
    #   pynacl
-    #   pyopenssl
    #   pypsexec
    #   python-dateutil
    #   pyvmomi
--- a/requirements/static/ci/py3.7/docs.txt
+++ b/requirements/static/ci/py3.7/docs.txt
@ -82,7 +82,7 @@ looseversion==1.0.2
    # via
    #   -c requirements/static/ci/py3.7/linux.txt
    #   -r requirements/base.txt
-markdown-it-py==2.1.0
+markdown-it-py==2.2.0
    # via
    #   mdit-py-plugins
    #   myst-docutils
--- a/requirements/static/ci/py3.7/freebsd.txt
+++ b/requirements/static/ci/py3.7/freebsd.txt
@ -391,7 +391,7 @@ contextvars==2.4
    # via -r requirements/base.txt
 croniter==0.3.29 ; sys_platform != "win32"
    # via -r requirements/static/ci/common.in
-cryptography==3.3.2
+cryptography==39.0.2
    # via
    #   adal
    #   azure-cosmosdb-table
@ -705,7 +705,7 @@ pyjwt==2.4.0
    # via adal
 pynacl==1.3.0
    # via paramiko
-pyopenssl==19.1.0
+pyopenssl==23.0.0
    # via
    #   -r requirements/static/pkg/freebsd.in
    #   etcd3-py
@ -839,7 +839,6 @@ six==1.16.0
    #   bcrypt
    #   cassandra-driver
    #   cheroot
-    #   cryptography
    #   etcd3-py
    #   genshi
    #   geomet
@ -855,7 +854,6 @@ six==1.16.0
    #   ncclient
    #   paramiko
    #   pynacl
-    #   pyopenssl
    #   python-dateutil
    #   pyvmomi
    #   responses
--- a/requirements/static/ci/py3.7/lint.txt
+++ b/requirements/static/ci/py3.7/lint.txt
@ -399,8 +399,9 @@ contextvars==2.4
    # via -r requirements/base.txt
 croniter==1.0.15 ; sys_platform != "win32"
    # via -r requirements/static/ci/common.in
-cryptography==3.4.7
+cryptography==39.0.2
    # via
+    #   -r requirements/static/pkg/linux.in
    #   adal
    #   ansible-core
    #   azure-cosmosdb-table
@ -717,7 +718,7 @@ pymysql==1.0.2 ; python_version > "3.5"
    # via -r requirements/static/ci/linux.in
 pynacl==1.4.0
    # via paramiko
-pyopenssl==20.0.1
+pyopenssl==23.0.0
    # via
    #   -r requirements/static/pkg/linux.in
    #   etcd3-py
@ -843,7 +844,6 @@ six==1.16.0
    #   ncclient
    #   paramiko
    #   pynacl
-    #   pyopenssl
    #   python-consul
    #   python-dateutil
    #   pyvmomi
--- a/requirements/static/ci/py3.7/linux.txt
+++ b/requirements/static/ci/py3.7/linux.txt
@ -405,8 +405,9 @@ contextvars==2.4
    # via -r requirements/base.txt
 croniter==0.3.29 ; sys_platform != "win32"
    # via -r requirements/static/ci/common.in
-cryptography==3.3.2
+cryptography==39.0.2
    # via
+    #   -r requirements/static/pkg/linux.in
    #   adal
    #   ansible-core
    #   azure-cosmosdb-table
@ -724,7 +725,7 @@ pymysql==1.0.2 ; python_version > "3.5"
    # via -r requirements/static/ci/linux.in
 pynacl==1.3.0
    # via paramiko
-pyopenssl==19.1.0
+pyopenssl==23.0.0
    # via
    #   -r requirements/static/pkg/linux.in
    #   etcd3-py
@ -878,7 +879,6 @@ six==1.16.0
    #   bcrypt
    #   cassandra-driver
    #   cheroot
-    #   cryptography
    #   etcd3-py
    #   genshi
    #   geomet
@ -893,7 +893,6 @@ six==1.16.0
    #   ncclient
    #   paramiko
    #   pynacl
-    #   pyopenssl
    #   python-consul
    #   python-dateutil
    #   pyvmomi
--- a/requirements/static/ci/py3.7/windows.txt
+++ b/requirements/static/ci/py3.7/windows.txt
@ -77,7 +77,7 @@ colorama==0.4.1
    # via pytest
 contextvars==2.4
    # via -r requirements/base.txt
-cryptography==3.4.7
+cryptography==39.0.2
    # via
    #   -r requirements/windows.txt
    #   etcd3-py
@ -252,7 +252,7 @@ pymssql==2.2.1
    # via -r requirements/windows.txt
 pymysql==1.0.2
    # via -r requirements/windows.txt
-pyopenssl==20.0.1
+pyopenssl==23.0.0
    # via
    #   -r requirements/windows.txt
    #   etcd3-py
@ -378,7 +378,6 @@ six==1.15.0
    #   jsonschema
    #   kubernetes
    #   mock
-    #   pyopenssl
    #   python-dateutil
    #   pyvmomi
    #   pywinrm
--- a/requirements/static/ci/py3.8/cloud.txt
+++ b/requirements/static/ci/py3.8/cloud.txt
@ -390,8 +390,9 @@ contextvars==2.4
    # via -r requirements/base.txt
 croniter==1.0.15 ; sys_platform != "win32"
    # via -r requirements/static/ci/common.in
-cryptography==3.3.2
+cryptography==39.0.2
    # via
+    #   -r requirements/static/pkg/linux.in
    #   adal
    #   azure-cosmosdb-table
    #   azure-keyvault
@ -701,7 +702,7 @@ pyjwt==2.4.0
    # via adal
 pynacl==1.4.0
    # via paramiko
-pyopenssl==20.0.1
+pyopenssl==23.0.0
    # via
    #   -r requirements/static/pkg/linux.in
    #   etcd3-py
@ -845,7 +846,6 @@ six==1.16.0
    #   bcrypt
    #   cassandra-driver
    #   cheroot
-    #   cryptography
    #   etcd3-py
    #   genshi
    #   geomet
@ -859,7 +859,6 @@ six==1.16.0
    #   paramiko
    #   profitbricks
    #   pynacl
-    #   pyopenssl
    #   pypsexec
    #   python-dateutil
    #   pyvmomi
--- a/requirements/static/ci/py3.8/docs.txt
+++ b/requirements/static/ci/py3.8/docs.txt
@ -78,7 +78,7 @@ looseversion==1.0.2
    # via
    #   -c requirements/static/ci/py3.8/linux.txt
    #   -r requirements/base.txt
-markdown-it-py==2.1.0
+markdown-it-py==2.2.0
    # via
    #   mdit-py-plugins
    #   myst-docutils
--- a/requirements/static/ci/py3.8/freebsd.txt
+++ b/requirements/static/ci/py3.8/freebsd.txt
@ -389,7 +389,7 @@ contextvars==2.4
    # via -r requirements/base.txt
 croniter==0.3.29 ; sys_platform != "win32"
    # via -r requirements/static/ci/common.in
-cryptography==3.3.2
+cryptography==39.0.2
    # via
    #   adal
    #   azure-cosmosdb-table
@ -695,7 +695,7 @@ pyjwt==2.4.0
    # via adal
 pynacl==1.3.0
    # via paramiko
-pyopenssl==19.1.0
+pyopenssl==23.0.0
    # via
    #   -r requirements/static/pkg/freebsd.in
    #   etcd3-py
@ -829,7 +829,6 @@ six==1.16.0
    #   bcrypt
    #   cassandra-driver
    #   cheroot
-    #   cryptography
    #   etcd3-py
    #   genshi
    #   geomet
@ -845,7 +844,6 @@ six==1.16.0
    #   ncclient
    #   paramiko
    #   pynacl
-    #   pyopenssl
    #   python-dateutil
    #   pyvmomi
    #   responses
--- a/requirements/static/ci/py3.8/lint.txt
+++ b/requirements/static/ci/py3.8/lint.txt
@ -397,8 +397,9 @@ contextvars==2.4
    # via -r requirements/base.txt
 croniter==1.0.15 ; sys_platform != "win32"
    # via -r requirements/static/ci/common.in
-cryptography==3.4.7
+cryptography==39.0.2
    # via
+    #   -r requirements/static/pkg/linux.in
    #   adal
    #   ansible-core
    #   azure-cosmosdb-table
@ -708,7 +709,7 @@ pymysql==1.0.2 ; python_version > "3.5"
    # via -r requirements/static/ci/linux.in
 pynacl==1.4.0
    # via paramiko
-pyopenssl==20.0.1
+pyopenssl==23.0.0
    # via
    #   -r requirements/static/pkg/linux.in
    #   etcd3-py
@ -834,7 +835,6 @@ six==1.16.0
    #   ncclient
    #   paramiko
    #   pynacl
-    #   pyopenssl
    #   python-consul
    #   python-dateutil
    #   pyvmomi
--- a/requirements/static/ci/py3.8/linux.txt
+++ b/requirements/static/ci/py3.8/linux.txt
@ -403,8 +403,9 @@ contextvars==2.4
    # via -r requirements/base.txt
 croniter==0.3.29 ; sys_platform != "win32"
    # via -r requirements/static/ci/common.in
-cryptography==3.3.2
+cryptography==39.0.2
    # via
+    #   -r requirements/static/pkg/linux.in
    #   adal
    #   ansible-core
    #   azure-cosmosdb-table
@ -714,7 +715,7 @@ pymysql==1.0.2 ; python_version > "3.5"
    # via -r requirements/static/ci/linux.in
 pynacl==1.3.0
    # via paramiko
-pyopenssl==19.1.0
+pyopenssl==23.0.0
    # via
    #   -r requirements/static/pkg/linux.in
    #   etcd3-py
@ -866,7 +867,6 @@ six==1.16.0
    #   bcrypt
    #   cassandra-driver
    #   cheroot
-    #   cryptography
    #   etcd3-py
    #   genshi
    #   geomet
@ -881,7 +881,6 @@ six==1.16.0
    #   ncclient
    #   paramiko
    #   pynacl
-    #   pyopenssl
    #   python-consul
    #   python-dateutil
    #   pyvmomi
--- a/requirements/static/ci/py3.8/windows.txt
+++ b/requirements/static/ci/py3.8/windows.txt
@ -73,7 +73,7 @@ colorama==0.4.1
    # via pytest
 contextvars==2.4
    # via -r requirements/base.txt
-cryptography==3.4.7
+cryptography==39.0.2
    # via
    #   -r requirements/windows.txt
    #   etcd3-py
@ -240,7 +240,7 @@ pymssql==2.2.1
    # via -r requirements/windows.txt
 pymysql==1.0.2
    # via -r requirements/windows.txt
-pyopenssl==20.0.1
+pyopenssl==23.0.0
    # via
    #   -r requirements/windows.txt
    #   etcd3-py
@ -366,7 +366,6 @@ six==1.15.0
    #   jsonschema
    #   kubernetes
    #   mock
-    #   pyopenssl
    #   python-dateutil
    #   pyvmomi
    #   pywinrm
--- a/requirements/static/ci/py3.9/cloud.txt
+++ b/requirements/static/ci/py3.9/cloud.txt
@ -390,8 +390,9 @@ contextvars==2.4
    # via -r requirements/base.txt
 croniter==1.0.15 ; sys_platform != "win32"
    # via -r requirements/static/ci/common.in
-cryptography==3.3.2
+cryptography==39.0.2
    # via
+    #   -r requirements/static/pkg/linux.in
    #   adal
    #   azure-cosmosdb-table
    #   azure-keyvault
@ -704,7 +705,7 @@ pyjwt==2.4.0
    # via adal
 pynacl==1.4.0
    # via paramiko
-pyopenssl==20.0.1
+pyopenssl==23.0.0
    # via
    #   -r requirements/static/pkg/linux.in
    #   etcd3-py
@ -848,7 +849,6 @@ six==1.16.0
    #   bcrypt
    #   cassandra-driver
    #   cheroot
-    #   cryptography
    #   etcd3-py
    #   genshi
    #   geomet
@ -862,7 +862,6 @@ six==1.16.0
    #   paramiko
    #   profitbricks
    #   pynacl
-    #   pyopenssl
    #   pypsexec
    #   python-dateutil
    #   pyvmomi
--- a/requirements/static/ci/py3.9/darwin.txt
+++ b/requirements/static/ci/py3.9/darwin.txt
@ -391,7 +391,7 @@ contextvars==2.4
    # via -r requirements/base.txt
 croniter==0.3.29 ; sys_platform != "win32"
    # via -r requirements/static/ci/common.in
-cryptography==3.3.2
+cryptography==39.0.2
    # via
    #   -r requirements/darwin.txt
    #   adal
@ -701,7 +701,7 @@ pyjwt==2.4.0
    # via adal
 pynacl==1.3.0
    # via paramiko
-pyopenssl==19.0.0
+pyopenssl==23.0.0
    # via
    #   -r requirements/darwin.txt
    #   etcd3-py
@ -836,7 +836,6 @@ six==1.16.0
    #   bcrypt
    #   cassandra-driver
    #   cheroot
-    #   cryptography
    #   etcd3-py
    #   genshi
    #   geomet
@ -850,7 +849,6 @@ six==1.16.0
    #   ncclient
    #   paramiko
    #   pynacl
-    #   pyopenssl
    #   python-dateutil
    #   pyvmomi
    #   responses
--- a/requirements/static/ci/py3.9/docs.txt
+++ b/requirements/static/ci/py3.9/docs.txt
@ -82,7 +82,7 @@ looseversion==1.0.2
    # via
    #   -c requirements/static/ci/py3.9/linux.txt
    #   -r requirements/base.txt
-markdown-it-py==2.1.0
+markdown-it-py==2.2.0
    # via
    #   mdit-py-plugins
    #   myst-docutils
--- a/requirements/static/ci/py3.9/freebsd.txt
+++ b/requirements/static/ci/py3.9/freebsd.txt
@ -389,7 +389,7 @@ contextvars==2.4
    # via -r requirements/base.txt
 croniter==0.3.29 ; sys_platform != "win32"
    # via -r requirements/static/ci/common.in
-cryptography==3.3.2
+cryptography==39.0.2
    # via
    #   adal
    #   azure-cosmosdb-table
@ -698,7 +698,7 @@ pyjwt==2.4.0
    # via adal
 pynacl==1.3.0
    # via paramiko
-pyopenssl==19.1.0
+pyopenssl==23.0.0
    # via
    #   -r requirements/static/pkg/freebsd.in
    #   etcd3-py
@ -832,7 +832,6 @@ six==1.16.0
    #   bcrypt
    #   cassandra-driver
    #   cheroot
-    #   cryptography
    #   etcd3-py
    #   genshi
    #   geomet
@ -848,7 +847,6 @@ six==1.16.0
    #   ncclient
    #   paramiko
    #   pynacl
-    #   pyopenssl
    #   python-dateutil
    #   pyvmomi
    #   responses
--- a/requirements/static/ci/py3.9/lint.txt
+++ b/requirements/static/ci/py3.9/lint.txt
@ -395,8 +395,9 @@ contextvars==2.4
    # via -r requirements/base.txt
 croniter==1.0.15 ; sys_platform != "win32"
    # via -r requirements/static/ci/common.in
-cryptography==3.4.7
+cryptography==39.0.2
    # via
+    #   -r requirements/static/pkg/linux.in
    #   adal
    #   ansible-core
    #   azure-cosmosdb-table
@ -709,7 +710,7 @@ pymysql==1.0.2 ; python_version > "3.5"
    # via -r requirements/static/ci/linux.in
 pynacl==1.4.0
    # via paramiko
-pyopenssl==20.0.1
+pyopenssl==23.0.0
    # via
    #   -r requirements/static/pkg/linux.in
    #   etcd3-py
@ -835,7 +836,6 @@ six==1.16.0
    #   ncclient
    #   paramiko
    #   pynacl
-    #   pyopenssl
    #   python-consul
    #   python-dateutil
    #   pyvmomi
--- a/requirements/static/ci/py3.9/linux.txt
+++ b/requirements/static/ci/py3.9/linux.txt
@ -405,8 +405,9 @@ contextvars==2.4
    # via -r requirements/base.txt
 croniter==0.3.29 ; sys_platform != "win32"
    # via -r requirements/static/ci/common.in
-cryptography==3.3.2
+cryptography==39.0.2
    # via
+    #   -r requirements/static/pkg/linux.in
    #   adal
    #   ansible-core
    #   azure-cosmosdb-table
@ -719,7 +720,7 @@ pymysql==1.0.2 ; python_version > "3.5"
    # via -r requirements/static/ci/linux.in
 pynacl==1.3.0
    # via paramiko
-pyopenssl==19.1.0
+pyopenssl==23.0.0
    # via
    #   -r requirements/static/pkg/linux.in
    #   etcd3-py
@ -871,7 +872,6 @@ six==1.16.0
    #   bcrypt
    #   cassandra-driver
    #   cheroot
-    #   cryptography
    #   etcd3-py
    #   genshi
    #   geomet
@ -886,7 +886,6 @@ six==1.16.0
    #   ncclient
    #   paramiko
    #   pynacl
-    #   pyopenssl
    #   python-consul
    #   python-dateutil
    #   pyvmomi
--- a/requirements/static/ci/py3.9/tools.txt
+++ b/requirements/static/ci/py3.9/tools.txt
@ -36,7 +36,7 @@ pygments==2.13.0
    # via rich
 python-dateutil==2.8.2
    # via botocore
-python-tools-scripts==0.11.1
+python-tools-scripts==0.12.0
    # via -r requirements/static/ci/tools.in
 pyyaml==6.0
    # via -r requirements/static/ci/tools.in
--- a/requirements/static/ci/py3.9/windows.txt
+++ b/requirements/static/ci/py3.9/windows.txt
@ -73,7 +73,7 @@ colorama==0.4.1
    # via pytest
 contextvars==2.4
    # via -r requirements/base.txt
-cryptography==3.4.7
+cryptography==39.0.2
    # via
    #   -r requirements/windows.txt
    #   etcd3-py
@ -241,7 +241,7 @@ pymssql==2.2.1
    # via -r requirements/windows.txt
 pymysql==1.0.2
    # via -r requirements/windows.txt
-pyopenssl==20.0.1
+pyopenssl==23.0.0
    # via
    #   -r requirements/windows.txt
    #   etcd3-py
@ -367,7 +367,6 @@ six==1.15.0
    #   jsonschema
    #   kubernetes
    #   mock
-    #   pyopenssl
    #   python-dateutil
    #   pyvmomi
    #   pywinrm
--- a/requirements/static/ci/tools.in
+++ b/requirements/static/ci/tools.in
@ -1,4 +1,4 @@
-python-tools-scripts >= 0.11.1
+python-tools-scripts >= 0.12.0
 attrs
 boto3
 pyyaml
--- a/requirements/static/pkg/linux.in
+++ b/requirements/static/pkg/linux.in
@ -10,3 +10,4 @@ rpm-vercmp
 setproctitle>=1.2.3
 timelib>=0.2.5
 importlib-metadata>=3.3.0
+cryptography>=39.0.1
--- a/requirements/static/pkg/py3.10/darwin.txt
+++ b/requirements/static/pkg/py3.10/darwin.txt
@ -18,7 +18,7 @@ cherrypy==18.6.1
    # via -r requirements/darwin.txt
 contextvars==2.4
    # via -r requirements/base.txt
-cryptography==3.3.2
+cryptography==39.0.2
    # via
    #   -r requirements/darwin.txt
    #   pyopenssl
@ -84,7 +84,7 @@ pycparser==2.21
    #   cffi
 pycryptodomex==3.9.8
    # via -r requirements/crypto.txt
-pyopenssl==19.0.0
+pyopenssl==23.0.0
    # via -r requirements/darwin.txt
 python-dateutil==2.8.0
    # via -r requirements/darwin.txt
@ -106,8 +106,6 @@ setproctitle==1.3.2
 six==1.16.0
    # via
    #   cheroot
-    #   cryptography
-    #   pyopenssl
    #   python-dateutil
 smmap==3.0.2
    # via gitdb
--- a/requirements/static/pkg/py3.10/freebsd.txt
+++ b/requirements/static/pkg/py3.10/freebsd.txt
@ -16,7 +16,7 @@ cherrypy==18.6.1
    # via -r requirements/static/pkg/freebsd.in
 contextvars==2.4
    # via -r requirements/base.txt
-cryptography==3.3.2
+cryptography==39.0.2
    # via pyopenssl
 distro==1.5.0
    # via
@ -69,7 +69,7 @@ pycparser==2.21 ; python_version >= "3.9"
    #   cffi
 pycryptodomex==3.9.8
    # via -r requirements/crypto.txt
-pyopenssl==19.1.0
+pyopenssl==23.0.0
    # via -r requirements/static/pkg/freebsd.in
 python-dateutil==2.8.1
    # via -r requirements/static/pkg/freebsd.in
@ -88,9 +88,7 @@ setproctitle==1.3.2
 six==1.16.0
    # via
    #   cheroot
-    #   cryptography
    #   more-itertools
-    #   pyopenssl
    #   python-dateutil
 tempora==4.1.1
    # via portend
--- a/requirements/static/pkg/py3.10/linux.txt
+++ b/requirements/static/pkg/py3.10/linux.txt
@ -16,8 +16,10 @@ cherrypy==18.6.1
    # via -r requirements/static/pkg/linux.in
 contextvars==2.4
    # via -r requirements/base.txt
-cryptography==3.3.2
-    # via pyopenssl
+cryptography==39.0.2
+    # via
+    #   -r requirements/static/pkg/linux.in
+    #   pyopenssl
 distro==1.5.0
    # via -r requirements/base.txt
 idna==2.8
@ -67,7 +69,7 @@ pycparser==2.21 ; python_version >= "3.9"
    #   cffi
 pycryptodomex==3.9.8
    # via -r requirements/crypto.txt
-pyopenssl==19.1.0
+pyopenssl==23.0.0
    # via -r requirements/static/pkg/linux.in
 python-dateutil==2.8.1
    # via -r requirements/static/pkg/linux.in
@ -88,9 +90,7 @@ setproctitle==1.3.2
 six==1.16.0
    # via
    #   cheroot
-    #   cryptography
    #   more-itertools
-    #   pyopenssl
    #   python-dateutil
 tempora==4.1.1
    # via portend
--- a/requirements/static/pkg/py3.10/windows.txt
+++ b/requirements/static/pkg/py3.10/windows.txt
@ -23,7 +23,7 @@ clr-loader==0.2.4
    # via pythonnet
 contextvars==2.4
    # via -r requirements/base.txt
-cryptography==3.4.7
+cryptography==39.0.2
    # via
    #   -r requirements/windows.txt
    #   pyopenssl
@ -93,7 +93,7 @@ pymssql==2.2.7
    # via -r requirements/windows.txt
 pymysql==1.0.2
    # via -r requirements/windows.txt
-pyopenssl==20.0.1
+pyopenssl==23.0.0
    # via -r requirements/windows.txt
 python-dateutil==2.8.1
    # via -r requirements/windows.txt
@ -120,7 +120,6 @@ setproctitle==1.3.2
 six==1.15.0
    # via
    #   cheroot
-    #   pyopenssl
    #   python-dateutil
 smmap==4.0.0
    # via gitdb
--- a/requirements/static/pkg/py3.7/freebsd.txt
+++ b/requirements/static/pkg/py3.7/freebsd.txt
@ -16,7 +16,7 @@ cherrypy==18.6.1
    # via -r requirements/static/pkg/freebsd.in
 contextvars==2.4
    # via -r requirements/base.txt
-cryptography==3.3.2
+cryptography==39.0.2
    # via pyopenssl
 distro==1.5.0
    # via
@ -67,7 +67,7 @@ pycparser==2.17
    # via cffi
 pycryptodomex==3.9.8
    # via -r requirements/crypto.txt
-pyopenssl==19.1.0
+pyopenssl==23.0.0
    # via -r requirements/static/pkg/freebsd.in
 python-dateutil==2.8.1
    # via -r requirements/static/pkg/freebsd.in
@ -86,9 +86,7 @@ setproctitle==1.3.2
 six==1.16.0
    # via
    #   cheroot
-    #   cryptography
    #   more-itertools
-    #   pyopenssl
    #   python-dateutil
 tempora==4.1.1
    # via portend
--- a/requirements/static/pkg/py3.7/linux.txt
+++ b/requirements/static/pkg/py3.7/linux.txt
@ -16,8 +16,10 @@ cherrypy==18.6.1
    # via -r requirements/static/pkg/linux.in
 contextvars==2.4
    # via -r requirements/base.txt
-cryptography==3.3.2
-    # via pyopenssl
+cryptography==39.0.2
+    # via
+    #   -r requirements/static/pkg/linux.in
+    #   pyopenssl
 distro==1.5.0
    # via -r requirements/base.txt
 idna==2.8
@ -65,7 +67,7 @@ pycparser==2.17
    # via cffi
 pycryptodomex==3.9.8
    # via -r requirements/crypto.txt
-pyopenssl==19.1.0
+pyopenssl==23.0.0
    # via -r requirements/static/pkg/linux.in
 python-dateutil==2.8.1
    # via -r requirements/static/pkg/linux.in
@ -86,9 +88,7 @@ setproctitle==1.3.2
 six==1.16.0
    # via
    #   cheroot
-    #   cryptography
    #   more-itertools
-    #   pyopenssl
    #   python-dateutil
 tempora==4.1.1
    # via portend
--- a/requirements/static/pkg/py3.7/windows.txt
+++ b/requirements/static/pkg/py3.7/windows.txt
@ -23,7 +23,7 @@ clr-loader==0.2.4
    # via pythonnet
 contextvars==2.4
    # via -r requirements/base.txt
-cryptography==3.4.7
+cryptography==39.0.2
    # via
    #   -r requirements/windows.txt
    #   pyopenssl
@ -95,7 +95,7 @@ pymssql==2.2.1
    # via -r requirements/windows.txt
 pymysql==1.0.2
    # via -r requirements/windows.txt
-pyopenssl==20.0.1
+pyopenssl==23.0.0
    # via -r requirements/windows.txt
 python-dateutil==2.8.1
    # via -r requirements/windows.txt
@ -123,7 +123,6 @@ setproctitle==1.3.2
 six==1.15.0
    # via
    #   cheroot
-    #   pyopenssl
    #   python-dateutil
 smmap==4.0.0
    # via gitdb
--- a/requirements/static/pkg/py3.8/freebsd.txt
+++ b/requirements/static/pkg/py3.8/freebsd.txt
@ -16,7 +16,7 @@ cherrypy==18.6.1
    # via -r requirements/static/pkg/freebsd.in
 contextvars==2.4
    # via -r requirements/base.txt
-cryptography==3.3.2
+cryptography==39.0.2
    # via pyopenssl
 distro==1.5.0
    # via
@ -67,7 +67,7 @@ pycparser==2.17
    # via cffi
 pycryptodomex==3.9.8
    # via -r requirements/crypto.txt
-pyopenssl==19.1.0
+pyopenssl==23.0.0
    # via -r requirements/static/pkg/freebsd.in
 python-dateutil==2.8.1
    # via -r requirements/static/pkg/freebsd.in
@ -86,9 +86,7 @@ setproctitle==1.3.2
 six==1.16.0
    # via
    #   cheroot
-    #   cryptography
    #   more-itertools
-    #   pyopenssl
    #   python-dateutil
 tempora==4.1.1
    # via portend
--- a/requirements/static/pkg/py3.8/linux.txt
+++ b/requirements/static/pkg/py3.8/linux.txt
@ -16,8 +16,10 @@ cherrypy==18.6.1
    # via -r requirements/static/pkg/linux.in
 contextvars==2.4
    # via -r requirements/base.txt
-cryptography==3.3.2
-    # via pyopenssl
+cryptography==39.0.2
+    # via
+    #   -r requirements/static/pkg/linux.in
+    #   pyopenssl
 distro==1.5.0
    # via -r requirements/base.txt
 idna==2.8
@ -65,7 +67,7 @@ pycparser==2.17
    # via cffi
 pycryptodomex==3.9.8
    # via -r requirements/crypto.txt
-pyopenssl==19.1.0
+pyopenssl==23.0.0
    # via -r requirements/static/pkg/linux.in
 python-dateutil==2.8.1
    # via -r requirements/static/pkg/linux.in
@ -86,9 +88,7 @@ setproctitle==1.3.2
 six==1.16.0
    # via
    #   cheroot
-    #   cryptography
    #   more-itertools
-    #   pyopenssl
    #   python-dateutil
 tempora==4.1.1
    # via portend
--- a/requirements/static/pkg/py3.8/windows.txt
+++ b/requirements/static/pkg/py3.8/windows.txt
@ -23,7 +23,7 @@ clr-loader==0.2.4
    # via pythonnet
 contextvars==2.4
    # via -r requirements/base.txt
-cryptography==3.4.7
+cryptography==39.0.2
    # via
    #   -r requirements/windows.txt
    #   pyopenssl
@ -93,7 +93,7 @@ pymssql==2.2.1
    # via -r requirements/windows.txt
 pymysql==1.0.2
    # via -r requirements/windows.txt
-pyopenssl==20.0.1
+pyopenssl==23.0.0
    # via -r requirements/windows.txt
 python-dateutil==2.8.1
    # via -r requirements/windows.txt
@ -121,7 +121,6 @@ setproctitle==1.3.2
 six==1.15.0
    # via
    #   cheroot
-    #   pyopenssl
    #   python-dateutil
 smmap==4.0.0
    # via gitdb
--- a/requirements/static/pkg/py3.9/darwin.txt
+++ b/requirements/static/pkg/py3.9/darwin.txt
@ -18,7 +18,7 @@ cherrypy==18.6.1
    # via -r requirements/darwin.txt
 contextvars==2.4
    # via -r requirements/base.txt
-cryptography==3.3.2
+cryptography==39.0.2
    # via
    #   -r requirements/darwin.txt
    #   pyopenssl
@ -84,7 +84,7 @@ pycparser==2.21
    #   cffi
 pycryptodomex==3.9.8
    # via -r requirements/crypto.txt
-pyopenssl==19.0.0
+pyopenssl==23.0.0
    # via -r requirements/darwin.txt
 python-dateutil==2.8.0
    # via -r requirements/darwin.txt
@ -106,8 +106,6 @@ setproctitle==1.3.2
 six==1.16.0
    # via
    #   cheroot
-    #   cryptography
-    #   pyopenssl
    #   python-dateutil
 smmap==3.0.2
    # via gitdb
--- a/requirements/static/pkg/py3.9/freebsd.txt
+++ b/requirements/static/pkg/py3.9/freebsd.txt
@ -16,7 +16,7 @@ cherrypy==18.6.1
    # via -r requirements/static/pkg/freebsd.in
 contextvars==2.4
    # via -r requirements/base.txt
-cryptography==3.3.2
+cryptography==39.0.2
    # via pyopenssl
 distro==1.5.0
    # via
@ -69,7 +69,7 @@ pycparser==2.21 ; python_version >= "3.9"
    #   cffi
 pycryptodomex==3.9.8
    # via -r requirements/crypto.txt
-pyopenssl==19.1.0
+pyopenssl==23.0.0
    # via -r requirements/static/pkg/freebsd.in
 python-dateutil==2.8.1
    # via -r requirements/static/pkg/freebsd.in
@ -88,9 +88,7 @@ setproctitle==1.3.2
 six==1.16.0
    # via
    #   cheroot
-    #   cryptography
    #   more-itertools
-    #   pyopenssl
    #   python-dateutil
 tempora==4.1.1
    # via portend
--- a/requirements/static/pkg/py3.9/linux.txt
+++ b/requirements/static/pkg/py3.9/linux.txt
@ -16,8 +16,10 @@ cherrypy==18.6.1
    # via -r requirements/static/pkg/linux.in
 contextvars==2.4
    # via -r requirements/base.txt
-cryptography==3.3.2
-    # via pyopenssl
+cryptography==39.0.2
+    # via
+    #   -r requirements/static/pkg/linux.in
+    #   pyopenssl
 distro==1.5.0
    # via -r requirements/base.txt
 idna==2.8
@ -67,7 +69,7 @@ pycparser==2.21 ; python_version >= "3.9"
    #   cffi
 pycryptodomex==3.9.8
    # via -r requirements/crypto.txt
-pyopenssl==19.1.0
+pyopenssl==23.0.0
    # via -r requirements/static/pkg/linux.in
 python-dateutil==2.8.1
    # via -r requirements/static/pkg/linux.in
@ -88,9 +90,7 @@ setproctitle==1.3.2
 six==1.16.0
    # via
    #   cheroot
-    #   cryptography
    #   more-itertools
-    #   pyopenssl
    #   python-dateutil
 tempora==4.1.1
    # via portend
--- a/requirements/static/pkg/py3.9/windows.txt
+++ b/requirements/static/pkg/py3.9/windows.txt
@ -23,7 +23,7 @@ clr-loader==0.2.4
    # via pythonnet
 contextvars==2.4
    # via -r requirements/base.txt
-cryptography==3.4.7
+cryptography==39.0.2
    # via
    #   -r requirements/windows.txt
    #   pyopenssl
@ -93,7 +93,7 @@ pymssql==2.2.1
    # via -r requirements/windows.txt
 pymysql==1.0.2
    # via -r requirements/windows.txt
-pyopenssl==20.0.1
+pyopenssl==23.0.0
    # via -r requirements/windows.txt
 python-dateutil==2.8.1
    # via -r requirements/windows.txt
@ -121,7 +121,6 @@ setproctitle==1.3.2
 six==1.15.0
    # via
    #   cheroot
-    #   pyopenssl
    #   python-dateutil
 smmap==4.0.0
    # via gitdb
--- a/requirements/windows.txt
+++ b/requirements/windows.txt
@ -10,7 +10,7 @@ backports.ssl-match-hostname>=3.7.0.1; python_version < '3.7'
 certifi>=2022.12.07
 cffi>=1.14.5
 cherrypy>=18.6.1
-cryptography>=3.4.7
+cryptography>=39.0.1
 gitpython>=3.1.30; python_version >= '3.7'
 ioloop>=0.1a0
 lxml>=4.6.3
--- a/salt/grains/core.py
+++ b/salt/grains/core.py
@ -23,8 +23,6 @@ import time
 import uuid
 from errno import EACCES, EPERM

-import distro
-
 import salt.exceptions

 # Solve the Chicken and egg problem where grains need to run before any
@ -41,6 +39,7 @@ import salt.utils.pkg.rpm
 import salt.utils.platform
 import salt.utils.stringutils
 from salt.utils.network import _clear_interfaces, _get_interfaces
+from salt.utils.platform import linux_distribution as _linux_distribution

 try:
    # pylint: disable=no-name-in-module
@ -90,15 +89,6 @@ except ImportError:  # Define freedesktop_os_release for Python < 3.10
        return _parse_os_release("/etc/os-release", "/usr/lib/os-release")


-# rewrite distro.linux_distribution to allow best=True kwarg in version(), needed to get the minor version numbers in CentOS
-def _linux_distribution():
-    return (
-        distro.id(),
-        distro.version(best=True),
-        distro.codename(),
-    )
-
-
 def __init__(opts):
    _clear_interfaces()

--- a/salt/utils/crypt.py
+++ b/salt/utils/crypt.py
@ -143,6 +143,13 @@ def pem_finger(path=None, key=None, sum_type="sha256"):

        with salt.utils.files.fopen(path, "rb") as fp_:
            key = b"".join([x for x in fp_.readlines() if x.strip()][1:-1])
+            # We should never have \r\n in a key file. This will cause the
+            # finger to be different even though the only difference is the line
+            # endings.
+            key = key.replace(b"\r\n", b"\n")
+
+    if not isinstance(key, bytes):
+        key = key.encode("utf-8")

    pre = getattr(hashlib, sum_type)(key).hexdigest()
    finger = ""
--- a/salt/utils/platform.py
+++ b/salt/utils/platform.py
@ -8,11 +8,20 @@ import platform
 import subprocess
 import sys

-from distro import linux_distribution
+import distro

 from salt.utils.decorators import memoize as real_memoize


+def linux_distribution(full_distribution_name=True):
+    """
+    Simple function to return information about the OS distribution (id_name, version, codename).
+    """
+    if full_distribution_name:
+        return distro.name(), distro.version(best=True), distro.codename()
+    return distro.id(), distro.version(best=True), distro.codename()
+
+
@real_memoize
 def is_windows():
    """
--- a/salt/version.py
+++ b/salt/version.py
@ -755,7 +755,7 @@ def system_information():
    Report system versions.
    """
    # Late import so that when getting called from setup.py does not break
-    from distro import linux_distribution
+    from salt.utils.platform import linux_distribution

    def system_version():
        """
--- a/tests/pytests/functional/states/test_x509_v2.py
+++ b/tests/pytests/functional/states/test_x509_v2.py
@ -1205,7 +1205,7 @@ def test_certificate_managed_chain_change(
    if cert_args["encoding"].startswith("pkcs7"):
        cert = cert[0]
    elif cert_args["encoding"] == "pkcs12":
-        if CRYPTOGRAPHY_VERSION[0] == 36:
+        if CRYPTOGRAPHY_VERSION[0] >= 36:
            # it seems (serial number) parsing of pkcs12 certificates is broken (?) in that release
            return
        cert = cert.cert.certificate
@ -2456,7 +2456,7 @@ def test_certificate_managed_should_not_fail_with_removed_args(
    cert_args["days_valid"] = 30
    cert_args["days_remaining"] = 7
    cert_args["private_key"] = rsa_privkey
-    with pytest.deprecated_call():
+    with pytest.warns(DeprecationWarning):
        ret = x509.certificate_managed(**cert_args, **arg)
    assert ret.result is True
    cert = _get_cert(cert_args["name"])
@ -2469,7 +2469,7 @@ def test_certificate_managed_warns_about_algorithm_renaming(
    cert_args["days_valid"] = 30
    cert_args["days_remaining"] = 7
    cert_args["private_key"] = rsa_privkey
-    with pytest.deprecated_call():
+    with pytest.warns(DeprecationWarning):
        ret = x509.certificate_managed(**cert_args, algorithm="sha512")
    assert ret.result is True
    cert = _get_cert(cert_args["name"])
@ -2483,7 +2483,7 @@ def test_certificate_managed_warns_about_long_name_attributes(
    cert_args["days_remaining"] = 7
    cert_args["commonName"] = "success"
    cert_args["private_key"] = rsa_privkey
-    with pytest.deprecated_call():
+    with pytest.warns(DeprecationWarning):
        ret = x509.certificate_managed(**cert_args)
    assert ret.result is True
    cert = _get_cert(cert_args["name"])
@ -2495,7 +2495,7 @@ def test_certificate_managed_warns_about_long_extensions(x509, cert_args, rsa_pr
    cert_args["days_valid"] = 30
    cert_args["days_remaining"] = 7
    cert_args["private_key"] = rsa_privkey
-    with pytest.deprecated_call():
+    with pytest.warns(DeprecationWarning):
        ret = x509.certificate_managed(**cert_args)
    assert ret.result is True
    cert = _get_cert(cert_args["name"])
@ -2508,7 +2508,7 @@ def test_certificate_managed_warns_about_long_extensions(x509, cert_args, rsa_pr

@pytest.mark.parametrize("arg", [{"version": 1}, {"text": True}])
 def test_csr_managed_should_not_fail_with_removed_args(x509, arg, csr_args):
-    with pytest.deprecated_call():
+    with pytest.warns(DeprecationWarning):
        ret = x509.csr_managed(**csr_args, **arg)
    assert ret.result is True
    csr = _get_csr(csr_args["name"])
@ -2516,7 +2516,7 @@ def test_csr_managed_should_not_fail_with_removed_args(x509, arg, csr_args):


 def test_csr_managed_warns_about_algorithm_renaming(x509, csr_args):
-    with pytest.deprecated_call():
+    with pytest.warns(DeprecationWarning):
        ret = x509.csr_managed(**csr_args, algorithm="sha512")
    assert ret.result is True
    csr = _get_csr(csr_args["name"])
@ -2525,7 +2525,7 @@ def test_csr_managed_warns_about_algorithm_renaming(x509, csr_args):

 def test_csr_managed_warns_about_long_name_attributes(x509, csr_args):
    csr_args.pop("CN", None)
-    with pytest.deprecated_call():
+    with pytest.warns(DeprecationWarning):
        ret = x509.csr_managed(**csr_args, commonName="deprecated_yo")
    assert ret.result is True
    csr = _get_csr(csr_args["name"])
@ -2534,7 +2534,7 @@ def test_csr_managed_warns_about_long_name_attributes(x509, csr_args):

 def test_csr_managed_warns_about_long_extensions(x509, csr_args):
    csr_args["X509v3 Basic Constraints"] = "critical CA:FALSE"
-    with pytest.deprecated_call():
+    with pytest.warns(DeprecationWarning):
        ret = x509.csr_managed(**csr_args)
    assert ret.result is True
    csr = _get_csr(csr_args["name"])
@ -2549,7 +2549,7 @@ def test_csr_managed_warns_about_long_extensions(x509, csr_args):
 def test_crl_managed_should_not_fail_with_removed_args(x509, arg, crl_args):
    crl_args["days_remaining"] = 3
    crl_args["days_valid"] = 7
-    with pytest.deprecated_call():
+    with pytest.warns(DeprecationWarning):
        ret = x509.crl_managed(**crl_args, **arg)
    assert ret.result is True
    crl = _get_crl(crl_args["name"])
@ -2564,7 +2564,7 @@ def test_crl_managed_should_recognize_old_style_revoked(x509, crl_args, crl_revo
    crl_args["revoked"] = revoked
    crl_args["days_remaining"] = 3
    crl_args["days_valid"] = 7
-    with pytest.deprecated_call():
+    with pytest.warns(DeprecationWarning):
        ret = x509.crl_managed(**crl_args)
    assert ret.result is True
    crl = _get_crl(crl_args["name"])
@ -2587,7 +2587,7 @@ def test_crl_managed_should_recognize_old_style_revoked_for_change_detection(
    crl_args["revoked"] = revoked
    crl_args["days_remaining"] = 3
    crl_args["days_valid"] = 7
-    with pytest.deprecated_call():
+    with pytest.warns(DeprecationWarning):
        ret = x509.crl_managed(**crl_args)
    assert ret.result is True
    assert not ret.changes
@ -2598,7 +2598,7 @@ def test_crl_managed_should_recognize_old_style_reason(x509, crl_args):
    crl_args["revoked"] = revoked
    crl_args["days_remaining"] = 3
    crl_args["days_valid"] = 7
-    with pytest.deprecated_call():
+    with pytest.warns(DeprecationWarning):
        ret = x509.crl_managed(**crl_args)
    assert ret.result is True
    crl = _get_crl(crl_args["name"])
@ -2614,14 +2614,14 @@ def test_crl_managed_should_recognize_old_style_reason(x509, crl_args):
    "arg", [{"cipher": "aes_256_cbc"}, {"verbose": True}, {"text": True}]
 )
 def test_private_key_managed_should_not_fail_with_removed_args(x509, arg, pk_args):
-    with pytest.deprecated_call():
+    with pytest.warns(DeprecationWarning):
        ret = x509.private_key_managed(**pk_args, **arg)
    assert ret.result is True
    assert _get_privkey(pk_args["name"])


 def test_private_key_managed_warns_about_bits_renaming(x509, pk_args):
-    with pytest.deprecated_call():
+    with pytest.warns(DeprecationWarning):
        ret = x509.private_key_managed(**pk_args, bits=3072)
    assert ret.result is True
    pk = _get_privkey(pk_args["name"])
--- a/tests/pytests/unit/modules/test_linux_shadow.py
+++ b/tests/pytests/unit/modules/test_linux_shadow.py
@ -0,0 +1,324 @@
+"""
+    :codeauthor: Erik Johnson <erik@saltstack.com>
+"""
+import types
+
+import pytest
+
+from tests.support.mock import DEFAULT, MagicMock, mock_open, patch
+
+pytestmark = [
+    pytest.mark.skip_unless_on_linux,
+]
+
+shadow = pytest.importorskip(
+    "salt.modules.linux_shadow", reason="shadow module is not available"
+)
+spwd = pytest.importorskip(
+    "spwd", reason="Standard library spwd module is not available"
+)
+
+
+def _pw_hash_ids(value):
+    return value.algorithm
+
+
+@pytest.fixture(
+    params=[
+        types.SimpleNamespace(
+            algorithm="md5",
+            clear="lamepassword",
+            pw_salt="TgIp9OTu",
+            pw_hash="$1$TgIp9OTu$.d0FFP6jVi5ANoQmk6GpM1",
+            pw_hash_passlib="$1$TgIp9OTu$.d0FFP6jVi5ANoQmk6GpM1",
+        ),
+        types.SimpleNamespace(
+            algorithm="sha256",
+            clear="lamepassword",
+            pw_salt="3vINbSrC",
+            pw_hash="$5$3vINbSrC$hH8A04jAY3bG123yU4FQ0wvP678QDTvWBhHHFbz6j0D",
+            pw_hash_passlib="$5$rounds=535000$3vINbSrC$YUDOmjJNDLWhL2Z7aAdLJnGIAsbUgkHNEcdUUujHHy8",
+        ),
+        types.SimpleNamespace(
+            algorithm="sha512",
+            clear="lamepassword",
+            pw_salt="PiGA3V2o",
+            pw_hash="$6$PiGA3V2o$/PrntRYufz49bRV/V5Eb1V6DdHaS65LB0fu73Tp/xxmDFr6HWJKptY2TvHRDViXZugWpnAcOnrbORpOgZUGTn.",
+            pw_hash_passlib="$6$rounds=656000$PiGA3V2o$eaAfTU0e1iUFcQycB94otS66/hTgVj94VIAaDp9IJHagSQ.gZascQYOE5.RO87kSY52lJ1LoYX8LNVa2OG8/U/",
+        ),
+    ],
+    ids=_pw_hash_ids,
+)
+def password(request):
+    # Not testing blowfish as it is not available on most Linux distros
+    return request.param
+
+
+@pytest.fixture(params=["crypto", "passlib"])
+def library(request):
+    with patch("salt.utils.pycrypto.HAS_CRYPT", request.param == "crypto"):
+        yield request.param
+
+
+@pytest.fixture
+def configure_loader_modules():
+    return {shadow: {}}
+
+
+def test_gen_password(password, library):
+    """
+    Test shadow.gen_password
+    """
+    if library == "passlib":
+        pw_hash = password.pw_hash_passlib
+    else:
+        pw_hash = password.pw_hash
+    assert (
+        shadow.gen_password(
+            password.clear,
+            crypt_salt=password.pw_salt,
+            algorithm=password.algorithm,
+        )
+        == pw_hash
+    )
+
+
+def test_set_password():
+    """
+    Test the corner case in which shadow.set_password is called for a user
+    that has an entry in /etc/passwd but not /etc/shadow.
+    """
+    original_lines = [
+        "foo:orighash:17955::::::\n",
+        "bar:somehash:17955::::::\n",
+    ]
+
+    data = {
+        "/etc/shadow": "".join(original_lines),
+        "*": Exception("Attempted to open something other than /etc/shadow"),
+    }
+    isfile_mock = MagicMock(
+        side_effect=lambda x: True if x == "/etc/shadow" else DEFAULT
+    )
+    password = "newhash"
+    shadow_info_mock = MagicMock(return_value={"passwd": password})
+
+    #
+    # CASE 1: Normal password change
+    #
+    user = "bar"
+    user_exists_mock = MagicMock(
+        side_effect=lambda x, **y: 0 if x == ["id", user] else DEFAULT
+    )
+    with patch(
+        "salt.utils.files.fopen", mock_open(read_data=data)
+    ) as shadow_mock, patch("os.path.isfile", isfile_mock), patch.object(
+        shadow, "info", shadow_info_mock
+    ), patch.dict(
+        shadow.__salt__, {"cmd.retcode": user_exists_mock}
+    ), patch.dict(
+        shadow.__grains__, {"os": "CentOS"}
+    ):
+        assert shadow.set_password(user, password, use_usermod=False)
+
+    filehandles = shadow_mock.filehandles["/etc/shadow"]
+    # We should only have opened twice, once to read the contents and once
+    # to write.
+    assert len(filehandles) == 2
+    # We're rewriting the entire file
+    assert filehandles[1].mode == "w+"
+    # We should be calling writelines instead of write, to rewrite the
+    # entire file.
+    assert len(filehandles[1].writelines_calls) == 1
+    # Make sure we wrote the correct info
+    lines = filehandles[1].writelines_calls[0]
+    # Should only have the same two users in the file
+    assert len(lines) == 2
+    # The first line should be unchanged
+    assert lines[0] == original_lines[0]
+    # The second line should have the new password hash
+    assert lines[1].split(":")[:2] == [user, password]
+
+    #
+    # CASE 2: Corner case: no /etc/shadow entry for user
+    #
+    user = "baz"
+    user_exists_mock = MagicMock(
+        side_effect=lambda x, **y: 0 if x == ["id", user] else DEFAULT
+    )
+    with patch(
+        "salt.utils.files.fopen", mock_open(read_data=data)
+    ) as shadow_mock, patch("os.path.isfile", isfile_mock), patch.object(
+        shadow, "info", shadow_info_mock
+    ), patch.dict(
+        shadow.__salt__, {"cmd.retcode": user_exists_mock}
+    ), patch.dict(
+        shadow.__grains__, {"os": "CentOS"}
+    ):
+        assert shadow.set_password(user, password, use_usermod=False)
+
+    filehandles = shadow_mock.filehandles["/etc/shadow"]
+    # We should only have opened twice, once to read the contents and once
+    # to write.
+    assert len(filehandles) == 2
+    # We're just appending to the file, not rewriting
+    assert filehandles[1].mode == "a+"
+    # We should only have written to the file once
+    assert len(filehandles[1].write_calls) == 1
+    # Make sure we wrote the correct info
+    assert filehandles[1].write_calls[0].split(":")[:2] == [user, password]
+
+
+def test_info(password):
+    """
+    Test if info shows the correct user information
+    """
+
+    # First test is with a succesful call
+    expected_result = [
+        ("expire", -1),
+        ("inact", -1),
+        ("lstchg", 31337),
+        ("max", 99999),
+        ("min", 0),
+        ("name", "foo"),
+        ("passwd", password.pw_hash),
+        ("warn", 7),
+    ]
+    getspnam_return = spwd.struct_spwd(
+        ["foo", password.pw_hash, 31337, 0, 99999, 7, -1, -1, -1]
+    )
+    with patch("spwd.getspnam", return_value=getspnam_return):
+        result = shadow.info("foo")
+        assert expected_result == sorted(result.items(), key=lambda x: x[0])
+
+    # The next two is for a non-existent user
+    expected_result = [
+        ("expire", ""),
+        ("inact", ""),
+        ("lstchg", ""),
+        ("max", ""),
+        ("min", ""),
+        ("name", ""),
+        ("passwd", ""),
+        ("warn", ""),
+    ]
+    # We get KeyError exception for non-existent users in glibc based systems
+    getspnam_return = KeyError
+    with patch("spwd.getspnam", side_effect=getspnam_return):
+        result = shadow.info("foo")
+        assert expected_result == sorted(result.items(), key=lambda x: x[0])
+    # And FileNotFoundError in musl based systems
+    getspnam_return = FileNotFoundError
+    with patch("spwd.getspnam", side_effect=getspnam_return):
+        result = shadow.info("foo")
+        assert expected_result == sorted(result.items(), key=lambda x: x[0])
+
+
+def test_set_password_malformed_shadow_entry():
+    """
+    Test that Salt will repair a malformed shadow entry (that is, one that
+    doesn't have the correct number of fields).
+    """
+    original_lines = [
+        "valid:s00persekr1thash:17955::::::\n",
+        "tooshort:orighash:17955:::::\n",
+        "toolong:orighash:17955:::::::\n",
+    ]
+    data = {
+        "/etc/shadow": "".join(original_lines),
+        "*": Exception("Attempted to open something other than /etc/shadow"),
+    }
+    isfile_mock = MagicMock(
+        side_effect=lambda x: True if x == "/etc/shadow" else DEFAULT
+    )
+    password = "newhash"
+    shadow_info_mock = MagicMock(return_value={"passwd": password})
+
+    #
+    # CASE 1: Fix an entry with too few fields
+    #
+    user = "tooshort"
+    user_exists_mock = MagicMock(
+        side_effect=lambda x, **y: 0 if x == ["id", user] else DEFAULT
+    )
+    with patch(
+        "salt.utils.files.fopen", mock_open(read_data=data)
+    ) as shadow_mock, patch("os.path.isfile", isfile_mock), patch.object(
+        shadow, "info", shadow_info_mock
+    ), patch.dict(
+        shadow.__salt__, {"cmd.retcode": user_exists_mock}
+    ), patch.dict(
+        shadow.__grains__, {"os": "CentOS"}
+    ):
+        assert shadow.set_password(user, password, use_usermod=False)
+
+    filehandles = shadow_mock.filehandles["/etc/shadow"]
+    # We should only have opened twice, once to read the contents and once
+    # to write.
+    assert len(filehandles) == 2
+    # We're rewriting the entire file
+    assert filehandles[1].mode == "w+"
+    # We should be calling writelines instead of write, to rewrite the
+    # entire file.
+    assert len(filehandles[1].writelines_calls) == 1
+    # Make sure we wrote the correct info
+    lines = filehandles[1].writelines_calls[0]
+    # Should only have the same three users in the file
+    assert len(lines) == 3
+    # The first and third line should be unchanged
+    assert lines[0] == original_lines[0]
+    assert lines[2] == original_lines[2]
+    # The second line should have the new password hash, and it should have
+    # gotten "fixed" by adding another colon.
+    fixed = lines[1].split(":")
+    assert fixed[:2] == [user, password]
+    assert len(fixed) == 9
+
+    #
+    # CASE 2: Fix an entry with too many fields
+    #
+    user = "toolong"
+    user_exists_mock = MagicMock(
+        side_effect=lambda x, **y: 0 if x == ["id", user] else DEFAULT
+    )
+    with patch(
+        "salt.utils.files.fopen", mock_open(read_data=data)
+    ) as shadow_mock, patch("os.path.isfile", isfile_mock), patch.object(
+        shadow, "info", shadow_info_mock
+    ), patch.dict(
+        shadow.__salt__, {"cmd.retcode": user_exists_mock}
+    ), patch.dict(
+        shadow.__grains__, {"os": "CentOS"}
+    ):
+        assert shadow.set_password(user, password, use_usermod=False)
+
+    filehandles = shadow_mock.filehandles["/etc/shadow"]
+    # We should only have opened twice, once to read the contents and once
+    # to write.
+    assert len(filehandles) == 2
+    # We're rewriting the entire file
+    assert filehandles[1].mode == "w+"
+    # We should be calling writelines instead of write, to rewrite the
+    # entire file.
+    assert len(filehandles[1].writelines_calls) == 1
+    # Make sure we wrote the correct info
+    lines = filehandles[1].writelines_calls[0]
+    # Should only have the same three users in the file
+    assert len(lines) == 3
+    # The first and second line should be unchanged
+    assert lines[0] == original_lines[0]
+    assert lines[1] == original_lines[1]
+    # The third line should have the new password hash, and it should have
+    # gotten "fixed" by reducing it to 9 fields instead of 10.
+    fixed = lines[2].split(":")
+    assert fixed[:2] == [user, password]
+    assert len(fixed) == 9
+
+
+@pytest.mark.skip_if_not_root
+def test_list_users():
+    """
+    Test if it returns a list of all users
+    """
+    assert shadow.list_users()
--- a/tests/pytests/unit/states/test_netconfig.py
+++ b/tests/pytests/unit/states/test_netconfig.py
@ -0,0 +1,110 @@
+"""
+    :codeauthor: Gareth J. Greenaway <gareth@saltstack.com>
+
+    Test cases for salt.states.netconfig
+"""
+
+import pytest
+
+import salt.modules.napalm_network as net_mod
+import salt.states.netconfig as netconfig
+import salt.utils.files
+from tests.support.mock import MagicMock, patch
+
+
+@pytest.fixture
+def configure_loader_modules():
+    state_loader_globals = {
+        "__env__": "base",
+        "__salt__": {"net.replace_pattern": net_mod.replace_pattern},
+    }
+    module_loader_globals = {
+        "__env__": "base",
+        "__salt__": {
+            "net.replace_pattern": net_mod.replace_pattern,
+            "net.load_config": net_mod.load_config,
+        },
+    }
+    return {netconfig: state_loader_globals, net_mod: module_loader_globals}
+
+
+def test_replace_pattern_test_is_true():
+    """
+    Test to replace_pattern to ensure that test=True
+    is being passed correctly.
+    """
+    name = "name"
+    pattern = "OLD-POLICY-NAME"
+    repl = "new-policy-name"
+
+    mock = MagicMock()
+    mock_net_replace_pattern = MagicMock()
+    mock_loaded_ret = MagicMock()
+
+    with patch.dict(netconfig.__salt__, {"config.merge": mock}):
+        with patch.dict(
+            netconfig.__salt__, {"net.replace_pattern": mock_net_replace_pattern}
+        ):
+            with patch.object(salt.utils.napalm, "loaded_ret", mock_loaded_ret):
+                # Test if test=True is passed as argument to state.apply
+                with patch.dict(netconfig.__opts__, {"test": True}):
+                    netconfig.replace_pattern(name, pattern, repl)
+
+                    # Get the args and kwargs from the mocked call net.replace_pattern
+                    args, kwargs = mock_net_replace_pattern.call_args_list[0]
+
+                    # Verify that the keyword argument is True
+                    assert kwargs["test"]
+
+                    # Get the args and kwargs from the mocked call to salt.utils.napalm.loaded_ret
+                    args, kwargs = mock_loaded_ret.call_args_list[0]
+
+                    # Verify that the third positional argument is True
+                    assert args[2]
+
+                # Test if test=True is passed as argument to state directly
+                netconfig.replace_pattern(name, pattern, repl, test=True)
+
+                # Get the args and kwargs from the mocked call net.replace_pattern
+                args, kwargs = mock_net_replace_pattern.call_args_list[0]
+
+                # Verify that the keyword argument is True
+                assert kwargs["test"]
+
+                # Get the args and kwargs from the mocked call to salt.utils.napalm.loaded_ret
+                args, kwargs = mock_loaded_ret.call_args_list[0]
+
+                # Verify that the third positional argument is True
+                assert args[2]
+
+
+def test_managed_test_is_true():
+    """
+    Test to managed to ensure that test=True
+    is being passed correctly.
+    """
+    name = "name"
+
+    mock = MagicMock()
+    mock_update_config = MagicMock()
+
+    with patch.dict(netconfig.__salt__, {"config.merge": mock}):
+        with patch.object(netconfig, "_update_config", mock_update_config):
+            # Test if test=True is passed as argument to state.apply
+            with patch.dict(netconfig.__opts__, {"test": True}):
+                netconfig.managed(name)
+
+                # Get the args and kwargs from the mocked call net.replace_pattern
+                args, kwargs = mock_update_config.call_args_list[0]
+
+                # Verify that the keyword argument is True
+                assert kwargs["test"]
+
+            # Test if test=True is passed as argument to state directly
+            netconfig.managed(name, test=True)
+
+            # Get the args and kwargs from the mocked call net.replace_pattern
+            args, kwargs = mock_update_config.call_args_list[0]
+
+            # Verify that the keyword argument is True
+            assert kwargs["test"]
--- a/tests/pytests/unit/states/test_network.py
+++ b/tests/pytests/unit/states/test_network.py
@ -0,0 +1,269 @@
+"""
+    :codeauthor: Rahul Handay <rahulha@saltstack.com>
+
+    Test cases for salt.states.network
+"""
+
+import logging
+
+import pytest
+
+import salt.states.network as network
+from tests.support.mock import MagicMock, patch
+
+log = logging.getLogger(__name__)
+
+
+@pytest.fixture
+def configure_loader_modules():
+    return {network: {}}
+
+
+class MockNetwork:
+    """
+    Mock network class
+    """
+
+    def __init__(self):
+        pass
+
+    @staticmethod
+    def interfaces():
+        """
+        Mock interface method
+        """
+        ifaces = {
+            "salt": {"up": 1},
+            "lo": {"up": 1, "inet": [{"label": "lo"}, {"label": "lo:alias1"}]},
+        }
+        return ifaces
+
+
+class MockGrains:
+    """
+    Mock Grains class
+    """
+
+    def __init__(self):
+        pass
+
+    @staticmethod
+    def grains(lis, bol):
+        """
+        Mock grains method
+        """
+        return {"A": "B"}
+
+
+def test_managed():
+    """
+    Test to ensure that the named interface is configured properly
+    """
+    with patch("salt.states.network.salt.utils.network", MockNetwork()), patch(
+        "salt.states.network.salt.loader", MockGrains()
+    ):
+        ret = {"name": "salt", "changes": {}, "result": False, "comment": ""}
+
+        change = {
+            "interface": "--- \n+++ \n@@ -1 +1 @@\n-A\n+B",
+            "status": "Interface salt restart to validate",
+        }
+
+        dunder_salt = {
+            "ip.get_interface": MagicMock(
+                side_effect=[AttributeError, "A", "A", "A", "A", "A"]
+            ),
+            "ip.build_interface": MagicMock(return_value="B"),
+            "saltutil.refresh_grains": MagicMock(return_value=True),
+        }
+
+        with patch.dict(network.__salt__, dunder_salt):
+            with patch.dict(
+                network.__salt__,
+                {"ip.get_bond": MagicMock(side_effect=AttributeError)},
+            ):
+                assert network.managed("salt", type="bond", test=True) == ret
+
+            ret.update(
+                {
+                    "comment": (
+                        "Interface salt is set to be"
+                        " updated:\n--- \n+++ \n@@ -1 +1 @@\n-A\n+B"
+                    ),
+                    "result": None,
+                }
+            )
+            assert network.managed("salt", type="stack", test=True) == ret
+
+            ipupdown = MagicMock(return_value=True)
+            with patch.dict(network.__salt__, {"ip.down": ipupdown, "ip.up": ipupdown}):
+                ret.update(
+                    {
+                        "comment": "Interface salt updated.",
+                        "result": True,
+                        "changes": change,
+                    }
+                )
+                assert network.managed("salt", type="stack") == ret
+
+                with patch.dict(network.__grains__, {"A": True}):
+                    ret.update(
+                        {
+                            "result": True,
+                            "changes": {
+                                "interface": "--- \n+++ \n@@ -1 +1 @@\n-A\n+B",
+                                "status": "Interface salt down",
+                            },
+                        }
+                    )
+                    assert network.managed("salt", type="stack", enabled=False) == ret
+
+                mock = MagicMock(return_value=True)
+                with patch.dict(network.__salt__, {"ip.down": mock}):
+                    with patch.dict(
+                        network.__salt__, {"saltutil.refresh_modules": mock}
+                    ):
+                        change = {
+                            "interface": "--- \n+++ \n@@ -1 +1 @@\n-A\n+B",
+                            "status": "Interface lo:alias1 down",
+                        }
+                        ret.update(
+                            {
+                                "name": "lo:alias1",
+                                "comment": "Interface lo:alias1 updated.",
+                                "result": True,
+                                "changes": change,
+                            }
+                        )
+                        assert (
+                            network.managed("lo:alias1", type="eth", enabled=False)
+                            == ret
+                        )
+
+
+def test_routes():
+    """
+    Test to manage network interface static routes.
+    """
+    ret = {"name": "salt", "changes": {}, "result": False, "comment": ""}
+
+    mock = MagicMock(side_effect=[AttributeError, False, False, "True", False, False])
+    with patch.dict(network.__salt__, {"ip.get_routes": mock}):
+        assert network.routes("salt") == ret
+
+        mock = MagicMock(side_effect=[False, True, "", True, True])
+        with patch.dict(network.__salt__, {"ip.build_routes": mock}):
+            ret.update(
+                {"result": True, "comment": "Interface salt routes are up to date."}
+            )
+            assert network.routes("salt", test="a") == ret
+
+            ret.update(
+                {
+                    "comment": "Interface salt routes are set to be added.",
+                    "result": None,
+                }
+            )
+            assert network.routes("salt", test="a") == ret
+
+            ret.update(
+                {
+                    "comment": (
+                        "Interface salt routes are set to be"
+                        " updated:\n--- \n+++ \n@@ -1,4 +0,0 @@\n-T\n-r"
+                        "\n-u\n-e"
+                    )
+                }
+            )
+            assert network.routes("salt", test="a") == ret
+
+            mock = MagicMock(side_effect=[AttributeError, True])
+            with patch.dict(network.__salt__, {"ip.apply_network_settings": mock}):
+                ret.update(
+                    {
+                        "changes": {"network_routes": "Added interface salt routes."},
+                        "comment": "",
+                        "result": False,
+                    }
+                )
+                assert network.routes("salt") == ret
+
+                ret.update(
+                    {
+                        "changes": {"network_routes": "Added interface salt routes."},
+                        "comment": "Interface salt routes added.",
+                        "result": True,
+                    }
+                )
+                assert network.routes("salt") == ret
+
+
+def test_system():
+    """
+    Test to ensure that global network settings
+    are configured properly
+    """
+    ret = {"name": "salt", "changes": {}, "result": False, "comment": ""}
+
+    with patch.dict(network.__opts__, {"test": True}):
+        mock = MagicMock(side_effect=[AttributeError, False, False, "As"])
+        with patch.dict(network.__salt__, {"ip.get_network_settings": mock}):
+            assert network.system("salt") == ret
+
+            mock = MagicMock(side_effect=[False, True, ""])
+            with patch.dict(network.__salt__, {"ip.build_network_settings": mock}):
+                ret.update(
+                    {
+                        "comment": "Global network settings are up to date.",
+                        "result": True,
+                    }
+                )
+                assert network.system("salt") == ret
+
+                ret.update(
+                    {
+                        "comment": "Global network settings are set to be added.",
+                        "result": None,
+                    }
+                )
+                assert network.system("salt") == ret
+
+                ret.update(
+                    {
+                        "comment": (
+                            "Global network settings are set to"
+                            " be updated:\n--- \n+++ \n@@ -1,2 +0,0"
+                            " @@\n-A\n-s"
+                        )
+                    }
+                )
+                assert network.system("salt") == ret
+
+    with patch.dict(network.__opts__, {"test": False}):
+        mock = MagicMock(side_effect=[False, False])
+        with patch.dict(network.__salt__, {"ip.get_network_settings": mock}):
+            mock = MagicMock(side_effect=[True, True])
+            with patch.dict(network.__salt__, {"ip.build_network_settings": mock}):
+                mock = MagicMock(side_effect=[AttributeError, True])
+                with patch.dict(network.__salt__, {"ip.apply_network_settings": mock}):
+                    ret.update(
+                        {
+                            "changes": {
+                                "network_settings": "Added global network settings."
+                            },
+                            "comment": "",
+                            "result": False,
+                        }
+                    )
+                    assert network.system("salt") == ret
+
+                    ret.update(
+                        {
+                            "changes": {
+                                "network_settings": "Added global network settings."
+                            },
+                            "comment": "Global network settings are up to date.",
+                            "result": True,
+                        }
+                    )
+                    assert network.system("salt") == ret
--- a/tests/pytests/unit/test_version.py
+++ b/tests/pytests/unit/test_version.py
@ -433,7 +433,7 @@ def test_system_version_linux():
    """

    with patch(
-        "distro.linux_distribution",
+        "salt.utils.platform.linux_distribution",
        MagicMock(return_value=("Manjaro Linux", "20.0.2", "Lysia")),
    ):
        versions = [item for item in system_information()]
@ -441,7 +441,7 @@ def test_system_version_linux():
        assert version in versions

    with patch(
-        "distro.linux_distribution",
+        "salt.utils.platform.linux_distribution",
        MagicMock(return_value=("Debian GNU/Linux", "9", "stretch")),
    ):
        versions = [item for item in system_information()]
@ -449,7 +449,7 @@ def test_system_version_linux():
        assert version in versions

    with patch(
-        "distro.linux_distribution",
+        "salt.utils.platform.linux_distribution",
        MagicMock(return_value=("Debian GNU/Linux", "10", "buster")),
    ):
        versions = [item for item in system_information()]
@ -457,7 +457,7 @@ def test_system_version_linux():
        assert version in versions

    with patch(
-        "distro.linux_distribution",
+        "salt.utils.platform.linux_distribution",
        MagicMock(return_value=("CentOS Linux", "7", "Core")),
    ):
        versions = [item for item in system_information()]
@ -465,7 +465,7 @@ def test_system_version_linux():
        assert version in versions

    with patch(
-        "distro.linux_distribution",
+        "salt.utils.platform.linux_distribution",
        MagicMock(return_value=("CentOS Linux", "8", "Core")),
    ):
        versions = [item for item in system_information()]
@ -473,7 +473,7 @@ def test_system_version_linux():
        assert version in versions

    with patch(
-        "distro.linux_distribution",
+        "salt.utils.platform.linux_distribution",
        MagicMock(return_value=("OpenSUSE Leap", "15.1", "")),
    ):
        versions = [item for item in system_information()]
--- a/tests/pytests/unit/utils/test_crypt.py
+++ b/tests/pytests/unit/utils/test_crypt.py
@ -1,7 +1,7 @@
 """
 Unit tests for salt.utils.crypt.py
 """
-
+import pytest

 import salt.utils.crypt
 from tests.support.mock import patch
@ -29,8 +29,23 @@ except ImportError:
    HAS_CRYPTO = False


+@pytest.fixture
+def pub_key_data():
+    return [
+        "-----BEGIN PUBLIC KEY-----",
+        "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyc9ehbU4J2uzPZZCEw8K",
+        "5URYcKSUh0h/c6m9PR2kRFbXkHcSnpkWX+LCuFKQ5iF2+0rVn9pO/94rL5zAQ6DU",
+        "lucqk9EvamSk+TjHh3Ps/HdSxxVbkLk3nglVJrDgENxnAz+Kp+OSNfI2uhhzJiu1",
+        "Dhn86Wb46eu7EFYeJ+7z9+29UXuCiMIUL5sRx3Xy37gpiD4Z+JVtoBNx1MKJ4MqB",
+        "24ZXsvtEyrCmuLwhKCiQqvNx91CkyIL+sfMoHDSf7sLwl1CuCEgny7EV7bJpoNzN",
+        "ZFKggcJCopfzLWDijF5A5OOvvvFrr/rYjW79LkGviWTzJrBPNgoD01zWIlzJfLdh",
+        "ywIDAQAB",
+        "-----END PUBLIC KEY-----",
+    ]
+
+
 def test_random():
-    # make sure the right liberty is used for random
+    # make sure the right library is used for random
    if HAS_M2CRYPTO:
        assert None is salt.utils.crypt.Random
    elif HAS_CYPTODOME:
@ -40,7 +55,7 @@ def test_random():


 def test_reinit_crypto():
-    # make sure reinit cryptot does not crash
+    # make sure reinit crypto does not crash
    salt.utils.crypt.reinit_crypto()

    # make sure reinit does not crash when no crypt is found
@ -49,3 +64,32 @@ def test_reinit_crypto():
            with patch("salt.utils.crypt.HAS_CRYPTO", False):
                with patch("salt.utils.crypt.Random", None):
                    salt.utils.crypt.reinit_crypto()
+
+
+@pytest.mark.parametrize("line_ending", ["\n", "\r\n"])
+def test_pem_finger_file_line_endings(tmp_path, pub_key_data, line_ending):
+    key_file = tmp_path / "master_crlf.pub"
+    key_file.write_bytes(line_ending.join(pub_key_data).encode("utf-8"))
+    finger = salt.utils.crypt.pem_finger(path=str(key_file))
+    assert (
+        finger
+        == "9b:42:66:92:8a:d1:b9:27:42:e0:6d:f3:12:c9:74:74:b0:e0:0e:42:83:87:62:ad:95:49:9d:6f:8e:d0:ed:35"
+    )
+
+
+@pytest.mark.parametrize("key", [b"123abc", "123abc"])
+def test_pem_finger_key(key):
+    finger = salt.utils.crypt.pem_finger(key=key)
+    assert (
+        finger
+        == "dd:13:0a:84:9d:7b:29:e5:54:1b:05:d2:f7:f8:6a:4a:cd:4f:1e:c5:98:c1:c9:43:87:83:f5:6b:c4:f0:ff:80"
+    )
+
+
+def test_pem_finger_sha512():
+    finger = salt.utils.crypt.pem_finger(key="123abc", sum_type="sha512")
+    assert (
+        finger
+        == "7b:6a:d7:9b:34:6f:b6:95:12:75:34:39:48:e1:3c:1b:4e:bc:a8:2a:54:52:a6:c5:d1:56:84:37:7f:09:6c:a9:"
+        "27:50:6a:23:a8:47:e6:e0:46:06:13:99:63:1b:16:fc:28:20:c8:b0:e0:2d:0e:a8:7a:a5:a2:03:a7:7c:2a:7e"
+    )
--- a/tests/unit/modules/test_linux_shadow.py
+++ b/tests/unit/modules/test_linux_shadow.py
@ -1,312 +0,0 @@
-"""
-    :codeauthor: Erik Johnson <erik@saltstack.com>
-"""
-import textwrap
-
-import pytest
-
-from tests.support.mixins import LoaderModuleMockMixin
-from tests.support.mock import DEFAULT, MagicMock, mock_open, patch
-from tests.support.unit import TestCase
-
-try:
-    import spwd
-except ImportError:
-    pass
-
-try:
-    import salt.modules.linux_shadow as shadow
-
-    HAS_SHADOW = True
-except ImportError:
-    HAS_SHADOW = False
-
-_PASSWORD = "lamepassword"
-
-# Not testing blowfish as it is not available on most Linux distros
-_HASHES = dict(
-    md5=dict(pw_salt="TgIp9OTu", pw_hash="$1$TgIp9OTu$.d0FFP6jVi5ANoQmk6GpM1"),
-    sha256=dict(
-        pw_salt="3vINbSrC",
-        pw_hash="$5$3vINbSrC$hH8A04jAY3bG123yU4FQ0wvP678QDTvWBhHHFbz6j0D",
-    ),
-    sha512=dict(
-        pw_salt="PiGA3V2o",
-        pw_hash="$6$PiGA3V2o$/PrntRYufz49bRV/V5Eb1V6DdHaS65LB0fu73Tp/xxmDFr6HWJKptY2TvHRDViXZugWpnAcOnrbORpOgZUGTn.",
-    ),
-)
-
-
-@pytest.mark.skip_unless_on_linux
-@pytest.mark.skipif(HAS_SHADOW is False, reason="shadow module is not available")
-class LinuxShadowTest(TestCase, LoaderModuleMockMixin):
-    def setup_loader_modules(self):
-        return {shadow: {}}
-
-    def test_gen_password(self):
-        """
-        Test shadow.gen_password
-        """
-        self.assertTrue(HAS_SHADOW)
-        for algorithm, hash_info in _HASHES.items():
-            self.assertEqual(
-                shadow.gen_password(
-                    _PASSWORD, crypt_salt=hash_info["pw_salt"], algorithm=algorithm
-                ),
-                hash_info["pw_hash"],
-            )
-
-    def test_set_password(self):
-        """
-        Test the corner case in which shadow.set_password is called for a user
-        that has an entry in /etc/passwd but not /etc/shadow.
-        """
-        original_file = textwrap.dedent(
-            """\
-            foo:orighash:17955::::::
-            bar:somehash:17955::::::
-            """
-        )
-        original_lines = original_file.splitlines(True)
-
-        data = {
-            "/etc/shadow": original_file,
-            "*": Exception("Attempted to open something other than /etc/shadow"),
-        }
-        isfile_mock = MagicMock(
-            side_effect=lambda x: True if x == "/etc/shadow" else DEFAULT
-        )
-        password = "newhash"
-        shadow_info_mock = MagicMock(return_value={"passwd": password})
-
-        #
-        # CASE 1: Normal password change
-        #
-        user = "bar"
-        user_exists_mock = MagicMock(
-            side_effect=lambda x, **y: 0 if x == ["id", user] else DEFAULT
-        )
-        with patch(
-            "salt.utils.files.fopen", mock_open(read_data=data)
-        ) as shadow_mock, patch("os.path.isfile", isfile_mock), patch.object(
-            shadow, "info", shadow_info_mock
-        ), patch.dict(
-            shadow.__salt__, {"cmd.retcode": user_exists_mock}
-        ), patch.dict(
-            shadow.__grains__, {"os": "CentOS"}
-        ):
-            result = shadow.set_password(user, password, use_usermod=False)
-
-        assert result
-        filehandles = shadow_mock.filehandles["/etc/shadow"]
-        # We should only have opened twice, once to read the contents and once
-        # to write.
-        assert len(filehandles) == 2
-        # We're rewriting the entire file
-        assert filehandles[1].mode == "w+"
-        # We should be calling writelines instead of write, to rewrite the
-        # entire file.
-        assert len(filehandles[1].writelines_calls) == 1
-        # Make sure we wrote the correct info
-        lines = filehandles[1].writelines_calls[0]
-        # Should only have the same two users in the file
-        assert len(lines) == 2
-        # The first line should be unchanged
-        assert lines[0] == original_lines[0]
-        # The second line should have the new password hash
-        assert lines[1].split(":")[:2] == [user, password]
-
-        #
-        # CASE 2: Corner case: no /etc/shadow entry for user
-        #
-        user = "baz"
-        user_exists_mock = MagicMock(
-            side_effect=lambda x, **y: 0 if x == ["id", user] else DEFAULT
-        )
-        with patch(
-            "salt.utils.files.fopen", mock_open(read_data=data)
-        ) as shadow_mock, patch("os.path.isfile", isfile_mock), patch.object(
-            shadow, "info", shadow_info_mock
-        ), patch.dict(
-            shadow.__salt__, {"cmd.retcode": user_exists_mock}
-        ), patch.dict(
-            shadow.__grains__, {"os": "CentOS"}
-        ):
-            result = shadow.set_password(user, password, use_usermod=False)
-
-        assert result
-        filehandles = shadow_mock.filehandles["/etc/shadow"]
-        # We should only have opened twice, once to read the contents and once
-        # to write.
-        assert len(filehandles) == 2
-        # We're just appending to the file, not rewriting
-        assert filehandles[1].mode == "a+"
-        # We should only have written to the file once
-        assert len(filehandles[1].write_calls) == 1
-        # Make sure we wrote the correct info
-        assert filehandles[1].write_calls[0].split(":")[:2] == [user, password]
-
-    def test_info(self):
-        """
-        Test if info shows the correct user information
-        """
-
-        # First test is with a succesful call
-        expected_result = [
-            ("expire", -1),
-            ("inact", -1),
-            ("lstchg", 31337),
-            ("max", 99999),
-            ("min", 0),
-            ("name", "foo"),
-            ("passwd", _HASHES["sha512"]["pw_hash"]),
-            ("warn", 7),
-        ]
-        getspnam_return = spwd.struct_spwd(
-            ["foo", _HASHES["sha512"]["pw_hash"], 31337, 0, 99999, 7, -1, -1, -1]
-        )
-        with patch("spwd.getspnam", return_value=getspnam_return):
-            result = shadow.info("foo")
-            self.assertEqual(
-                expected_result, sorted(result.items(), key=lambda x: x[0])
-            )
-
-        # The next two is for a non-existent user
-        expected_result = [
-            ("expire", ""),
-            ("inact", ""),
-            ("lstchg", ""),
-            ("max", ""),
-            ("min", ""),
-            ("name", ""),
-            ("passwd", ""),
-            ("warn", ""),
-        ]
-        # We get KeyError exception for non-existent users in glibc based systems
-        getspnam_return = KeyError
-        with patch("spwd.getspnam", side_effect=getspnam_return):
-            result = shadow.info("foo")
-            self.assertEqual(
-                expected_result, sorted(result.items(), key=lambda x: x[0])
-            )
-        # And FileNotFoundError in musl based systems
-        getspnam_return = FileNotFoundError
-        with patch("spwd.getspnam", side_effect=getspnam_return):
-            result = shadow.info("foo")
-            self.assertEqual(
-                expected_result, sorted(result.items(), key=lambda x: x[0])
-            )
-
-    @pytest.mark.skip_if_not_root
-    def test_set_password_malformed_shadow_entry(self):
-        """
-        Test that Salt will repair a malformed shadow entry (that is, one that
-        doesn't have the correct number of fields).
-        """
-        original_file = textwrap.dedent(
-            """\
-            valid:s00persekr1thash:17955::::::
-            tooshort:orighash:17955:::::
-            toolong:orighash:17955:::::::
-            """
-        )
-        original_lines = original_file.splitlines(True)
-
-        data = {
-            "/etc/shadow": original_file,
-            "*": Exception("Attempted to open something other than /etc/shadow"),
-        }
-        isfile_mock = MagicMock(
-            side_effect=lambda x: True if x == "/etc/shadow" else DEFAULT
-        )
-        password = "newhash"
-        shadow_info_mock = MagicMock(return_value={"passwd": password})
-
-        #
-        # CASE 1: Fix an entry with too few fields
-        #
-        user = "tooshort"
-        user_exists_mock = MagicMock(
-            side_effect=lambda x, **y: 0 if x == ["id", user] else DEFAULT
-        )
-        with patch(
-            "salt.utils.files.fopen", mock_open(read_data=data)
-        ) as shadow_mock, patch("os.path.isfile", isfile_mock), patch.object(
-            shadow, "info", shadow_info_mock
-        ), patch.dict(
-            shadow.__salt__, {"cmd.retcode": user_exists_mock}
-        ), patch.dict(
-            shadow.__grains__, {"os": "CentOS"}
-        ):
-            result = shadow.set_password(user, password, use_usermod=False)
-
-        assert result
-        filehandles = shadow_mock.filehandles["/etc/shadow"]
-        # We should only have opened twice, once to read the contents and once
-        # to write.
-        assert len(filehandles) == 2
-        # We're rewriting the entire file
-        assert filehandles[1].mode == "w+"
-        # We should be calling writelines instead of write, to rewrite the
-        # entire file.
-        assert len(filehandles[1].writelines_calls) == 1
-        # Make sure we wrote the correct info
-        lines = filehandles[1].writelines_calls[0]
-        # Should only have the same three users in the file
-        assert len(lines) == 3
-        # The first and third line should be unchanged
-        assert lines[0] == original_lines[0]
-        assert lines[2] == original_lines[2]
-        # The second line should have the new password hash, and it should have
-        # gotten "fixed" by adding another colon.
-        fixed = lines[1].split(":")
-        assert fixed[:2] == [user, password]
-        assert len(fixed) == 9
-
-        #
-        # CASE 2: Fix an entry with too many fields
-        #
-        user = "toolong"
-        user_exists_mock = MagicMock(
-            side_effect=lambda x, **y: 0 if x == ["id", user] else DEFAULT
-        )
-        with patch(
-            "salt.utils.files.fopen", mock_open(read_data=data)
-        ) as shadow_mock, patch("os.path.isfile", isfile_mock), patch.object(
-            shadow, "info", shadow_info_mock
-        ), patch.dict(
-            shadow.__salt__, {"cmd.retcode": user_exists_mock}
-        ), patch.dict(
-            shadow.__grains__, {"os": "CentOS"}
-        ):
-            result = shadow.set_password(user, password, use_usermod=False)
-
-        assert result
-        filehandles = shadow_mock.filehandles["/etc/shadow"]
-        # We should only have opened twice, once to read the contents and once
-        # to write.
-        assert len(filehandles) == 2
-        # We're rewriting the entire file
-        assert filehandles[1].mode == "w+"
-        # We should be calling writelines instead of write, to rewrite the
-        # entire file.
-        assert len(filehandles[1].writelines_calls) == 1
-        # Make sure we wrote the correct info
-        lines = filehandles[1].writelines_calls[0]
-        # Should only have the same three users in the file
-        assert len(lines) == 3
-        # The first and second line should be unchanged
-        assert lines[0] == original_lines[0]
-        assert lines[1] == original_lines[1]
-        # The third line should have the new password hash, and it should have
-        # gotten "fixed" by reducing it to 9 fields instead of 10.
-        fixed = lines[2].split(":")
-        assert fixed[:2] == [user, password]
-        assert len(fixed) == 9
-
-    @pytest.mark.skip_if_not_root
-    def test_list_users(self):
-        """
-        Test if it returns a list of all users
-        """
-        self.assertTrue(shadow.list_users())
--- a/Show more
+++ b/Show more
				`@ -0,0 +1 @@`
				`Fixed an issue with generating fingerprints for public keys with different line endings`
				`@ -0,0 +1 @@`
				`add linux_distribution to util to stop dep warning`