openSUSE Build Service

Overview Repositories Revisions Requests Users Attributes Meta

Revisions of salt

Dominique Leuenberger (dimstar_suse) accepted request 984677 from

Pablo Suárez Hernández (PSuarezHernandez) almost 2 years ago (revision 129)

- Fix PAM auth issue due missing check for PAM_ACCT_MGM return value (CVE-2022-22967) (bsc#1200566)
- Added:
  * fix-for-cve-2022-22967-bsc-1200566.patch

- Make sure SaltCacheLoader use correct fileclient (bsc#1199149)
- Added:
  * make-sure-saltcacheloader-use-correct-fileclient-519.patch

Dominique Leuenberger (dimstar_suse) accepted request 969843 from

Pablo Suárez Hernández (PSuarezHernandez) about 2 years ago (revision 128)

- Prevent data pollution between actions proceesed
  at the same time (bsc#1197637)
- Fix regression preventing bootstrapping new clients
  caused by redundant dependency on psutil (bsc#1197533)
- Added:
  * fix-regression-with-depending-client.ssh-on-psutil-b.patch
  * prevent-affection-of-ssh.opts-with-lazyloader-bsc-11.patch

- Fixes for Python 3.10
- Added:
  * fixes-for-python-3.10-502.patch

  * Sign authentication replies to prevent MiTM (CVE-2022-22935)
  * Sign pillar data to prevent MiTM attacks. (CVE-2022-22934)
  * Prevent job and fileserver replays (CVE-2022-22936)
  * Fixed targeting bug, especially visible when using syndic and user auth. (CVE-2022-22941)

Dominique Leuenberger (dimstar_suse) accepted request 966247 from

Pablo Suárez Hernández (PSuarezHernandez) about 2 years ago (revision 127)

- Fix salt-ssh opts poisoning (bsc#1197637)
- Added:
  * fix-salt-ssh-opts-poisoning-bsc-1197637-3004-501.patch

- Fix multiple security issues (bsc#1197417)
- * Sign authentication replies to prevent MiTM (CVE-2022-22935)
- * Sign pillar data to prevent MiTM attacks. (CVE-2022-22934)
- * Prevent job and fileserver replays (CVE-2022-22936)
- * Fixed targeting bug, especially visible when using syndic and user auth. (CVE-2022-22941)
- Added:
  * fix-multiple-security-issues-bsc-1197417.patch

Dominique Leuenberger (dimstar_suse) accepted request 958078 from

Pablo Suárez Hernández (PSuarezHernandez) about 2 years ago (revision 126)

- Fix issues found around pre_flight_script_args
- Added:
  * prevent-shell-injection-via-pre_flight_script_args-4.patch

- Add salt-ssh with Salt Bundle support (venv-salt-minion)
  (bsc#1182851, bsc#1196432)
- Added:
  * add-salt-ssh-support-with-venv-salt-minion-3004-493.patch

- Restrict "state.orchestrate_single" to pass a pillar value if it exists (bsc#1194632)
- Added:
  * state.orchestrate_single-does-not-pass-pillar-none-4.patch

Dominique Leuenberger (dimstar_suse) accepted request 952700 from

Pablo Suárez Hernández (PSuarezHernandez) over 2 years ago (revision 125)

- Update generated documentation to 3004

- Expose missing "ansible" module functions in Salt 3004 (bsc#1195625)
- Added:
  * add-missing-ansible-module-functions-to-whitelist-in.patch

- Fix salt-call event.send with pillar or grains
- Added:
  * fix-salt-call-event.send-call-with-grains-and-pillar.patch

Dominique Leuenberger (dimstar_suse) accepted request 950374 from

Pablo Suárez Hernández (PSuarezHernandez) over 2 years ago (revision 124)

- Fix exception in batch_async caused by a bad function call
- Added:
  * drop-serial-from-event.unpack-in-cli.batch_async.patch

- Fix inspector module export function (bsc#1097531)
- Wipe NOTIFY_SOCKET from env in cmdmod (bsc#1193357)
- Added:
  * fix-inspector-module-export-function-bsc-1097531-481.patch
  * wipe-notify_socket-from-env-in-cmdmod-bsc-1193357-30.patch

Dominique Leuenberger (dimstar_suse) accepted request 949489 from

Alexander Graul (agraul) over 2 years ago (revision 123)

- Update to version 3004, see release notes: https://docs.saltproject.io/en/master/topics/releases/3004.html
- Don't check for cached pillar errors on state.apply (bsc#1190781)
- Added:
  * state.apply-don-t-check-for-cached-pillar-errors.patch
- Modified:
  * add-migrated-state-and-gpg-key-management-functions-.patch
  * switch-firewalld-state-to-use-change_interface.patch
  * include-aliases-in-the-fqdns-grains.patch
  * debian-info_installed-compatibility-50453.patch
  * info_installed-works-without-status-attr-now.patch
  * fix-traceback.print_exc-calls-for-test_pip_state-432.patch
  * add-custom-suse-capabilities-as-grains.patch
  * add-rpm_vercmp-python-library-for-version-comparison.patch
  * 3003.3-do-not-consider-skipped-targets-as-failed-for.patch
  * support-transactional-systems-microos.patch
  * do-not-crash-when-unexpected-cmd-output-at-listing-p.patch
  * enable-passing-a-unix_socket-for-mysql-returners-bsc.patch
  * update-target-fix-for-salt-ssh-to-process-targets-li.patch
  * fix-exception-in-yumpkg.remove-for-not-installed-pac.patch
  * enhance-openscap-module-add-xccdf_eval-call-386.patch
  * add-environment-variable-to-know-if-yum-is-invoked-f.patch
  * zypperpkg-ignore-retcode-104-for-search-bsc-1176697-.patch
  * run-salt-master-as-dedicated-salt-user.patch
  * 3003.3-postgresql-json-support-in-pillar-423.patch
  * prevent-pkg-plugins-errors-on-missing-cookie-path-bs.patch
  * early-feature-support-config.patch
  * implementation-of-held-unheld-functions-for-state-pk.patch
  * x509-fixes-111.patch
  * fix-issues-with-salt-ssh-s-extra-filerefs.patch
  * mock-ip_addrs-in-utils-minions.py-unit-test-443.patch

Dominique Leuenberger (dimstar_suse) accepted request 931742 from

Pablo Suárez Hernández (PSuarezHernandez) over 2 years ago (revision 122)

- Simplify "transactional_update" module to not use SSH wrapper and allow more flexible execution
- Add "--no-return-event" option to salt-call to prevent sending return event back to master.
- Make "state.highstate" to acts on concurrent flag.
- Fix print regression for yumnotify plugin
- Added:
  * refactor-and-improvements-for-transactional-updates-.patch
  * fix-the-regression-for-yumnotify-plugin-456.patch

- Use dnfnotify instead yumnotify for relevant distros
- dnfnotify pkgset plugin implementation
- Add rpm_vercmp python library support for version comparison
- Prevent pkg plugins errors on missing cookie path (bsc#1186738)
- Added:
  * add-rpm_vercmp-python-library-for-version-comparison.patch
  * mock-ip_addrs-in-utils-minions.py-unit-test-443.patch
  * dnfnotify-pkgset-plugin-implementation-3002.2-450.patch
  * fix-traceback.print_exc-calls-for-test_pip_state-432.patch
  * prevent-pkg-plugins-errors-on-missing-cookie-path-bs.patch

- Fix ip6_interface grain to not leak secondary IPv4 aliases (bsc#1191412)
- Make "salt-api" package to require python3-cherrypy on RHEL systems
- Make "tar" as required for "salt-transactional-update" package
- Added:
  * fix-ip6_interface-grain-to-not-leak-secondary-ipv4-a.patch

Dominique Leuenberger (dimstar_suse) accepted request 925143 from

Pablo Suárez Hernández (PSuarezHernandez) over 2 years ago (revision 121)

- Fix issues with salt-ssh's extra-filerefs
- Added:
  * fix-issues-with-salt-ssh-s-extra-filerefs.patch

- Fix crash when calling manage.not_alive runners
- Added:
  * fix-crash-when-calling-manage.not_alive-runners.patch

- Do not consider skipped targets as failed for ansible.playbooks state (bsc#1190446)
- Added:
  * 3003.3-do-not-consider-skipped-targets-as-failed-for.patch

Dominique Leuenberger (dimstar_suse) accepted request 922525 from

Pablo Suárez Hernández (PSuarezHernandez) over 2 years ago (revision 120)

- Do not break master_tops for minion with version lower to 3003
- Added:
  * do-not-break-master_tops-for-minion-with-version-low.patch

Dominique Leuenberger (dimstar_suse) accepted request 921725 from

Pablo Suárez Hernández (PSuarezHernandez) over 2 years ago (revision 119)

- Support querying for JSON data in external sql pillar
- Added:
  * 3003.3-postgresql-json-support-in-pillar-423.patch

- Update to Salt release version 3003.3
- See release notes: https://docs.saltstack.com/en/latest/topics/releases/3003.3.html
- Added:
  * allow-vendor-change-option-with-zypper.patch
  * support-transactional-systems-microos.patch
  * virt-enhancements.patch
- Modified:
  * adds-explicit-type-cast-for-port.patch
  * use-adler32-algorithm-to-compute-string-checksums.patch
  * do-not-load-pip-state-if-there-is-no-3rd-party-depen.patch
  * fixes-56144-to-enable-hotadd-profile-support.patch
  * include-aliases-in-the-fqdns-grains.patch
  * implementation-of-held-unheld-functions-for-state-pk.patch
  * add-alibaba-cloud-linux-2-by-backporting-upstream-s-.patch
  * debian-info_installed-compatibility-50453.patch
  * fix-wrong-test_mod_del_repo_multiline_values-test-af.patch
  * update-target-fix-for-salt-ssh-to-process-targets-li.patch
  * x509-fixes-111.patch
  * prevent-logging-deadlock-on-salt-api-subprocesses-bs.patch
  * restore-default-behaviour-of-pkg-list-return.patch
  * adding-preliminary-support-for-rocky.-59682-391.patch
  * add-astra-linux-common-edition-to-the-os-family-list.patch
  * templates-move-the-globals-up-to-the-environment-jin.patch
  * fix-bsc-1065792.patch
  * add-migrated-state-and-gpg-key-management-functions-.patch
  * zypperpkg-ignore-retcode-104-for-search-bsc-1176697-.patch

Dominique Leuenberger (dimstar_suse) accepted request 919452 from

Pablo Suárez Hernández (PSuarezHernandez) over 2 years ago (revision 118)

- Exclude the full path of a download URL to prevent injection of
  malicious code (bsc#1190265) (CVE-2021-21996)
- Added:
  * exclude-the-full-path-of-a-download-url-to-prevent-i.patch

- Fix wrong relative paths resolution with Jinja renderer when importing subdirectories
- Added:
  * templates-move-the-globals-up-to-the-environment-jin.patch

- Don't pass shell="/sbin/nologin" to onlyif/unless checks (bsc#1188259)
- Add missing aarch64 to rpm package architectures
- Backport of upstream PR#59492
- Added:
  * backport-of-upstream-pr59492-to-3002.2-404.patch
  * don-t-use-shell-sbin-nologin-in-requisites.patch
  * add-missing-aarch64-to-rpm-package-architectures-405.patch

- Fix failing unit test for systemd
- Fix error handling in openscap module (bsc#1188647)
- Better handling of bad public keys from minions (bsc#1189040)
- Added:
  * better-handling-of-bad-public-keys-from-minions-bsc-.patch
  * fix-error-handling-in-openscap-module-bsc-1188647-40.patch
  * fix-failing-unit-tests-for-systemd.patch

- Define license macro as doc in spec file if not existing
- Add standalone formulas configuration for salt minion and remove salt-master requirement (bsc#1168327)

- Do noop for services states when running systemd in offline mode (bsc#1187787)
- transactional_updates: do not execute states in parallel but use a queue (bsc#1188170)

Dominique Leuenberger (dimstar_suse) accepted request 887060 from

Pablo Suárez Hernández (PSuarezHernandez) about 3 years ago (revision 117)

- Improvements on "ansiblegate" module:
  * New methods: ansible.targets / ansible.discover_playbooks
  * General bugfixes
- Added:
  * improvements-on-ansiblegate-module-354.patch

- Regression fix of salt-ssh on processing some targets
- Added:
  * regression-fix-of-salt-ssh-on-processing-targets-353.patch

- Add support for Alibaba Cloud Linux 2 (Aliyun Linux)
- Added:
  * add-alibaba-cloud-linux-2-by-backporting-upstream-s-.patch

- Update target fix for salt-ssh to process targets list (bsc#1179831)
- Added:
  * update-target-fix-for-salt-ssh-to-process-targets-li.patch

- Add notify beacon for Debian/Ubuntu systems
- Add core grains support for AlmaLinux and Alibaba Could Linux
- Added:
  * add-almalinux-and-alibaba-cloud-linux-to-the-os-fami.patch
  * notify-beacon-for-debian-ubuntu-systems-347.patch

- Allow vendor change option with zypper
- Added:
  * allow-vendor-change-option-with-zypper-313.patch

Dominique Leuenberger (dimstar_suse) accepted request 878135 from

Pablo Suárez Hernández (PSuarezHernandez) about 3 years ago (revision 116)

- virt.network_update: handle missing ipv4 netmask attribute
- Added:
  * virt.network_update-handle-missing-ipv4-netmask-attr.patch

- Set distro requirement to oldest supported version in requirements/base.txt
- Added:
  * 3002-set-distro-requirement-to-oldest-supported-vers.patch

- Do not monkey patch yaml loaders: Prevent breaking Ansible filter modules (bsc#1177474)
- Don't require python3-certifi
- Added:
  * do-not-monkey-patch-yaml-bsc-1177474.patch

- Fix race conditions for corner cases when handling SIGTERM by minion (bsc#1172110)
- Added:
  * prevent-race-condition-on-sigterm-for-the-minion-bsc.patch

- Master can read grains (bsc#1179696)

Dominique Leuenberger (dimstar_suse) accepted request 876003 from

Alexander Graul (agraul) about 3 years ago (revision 115)

Fix for multiple Salt CVEs

Dominique Leuenberger (dimstar_suse) accepted request 871386 from

Pablo Suárez Hernández (PSuarezHernandez) over 3 years ago (revision 114)

- virt: search for grub.xen path
- Xen spicevmc, DNS SRV records backports:
  Fix virtual network generated DNS XML for SRV records
  Don't add spicevmc channel to xen VMs
- virt UEFI fix: virt.update when efi=True
- Added:
  * virt-uefi-fix-backport-312.patch
  * 3002.2-xen-spicevmc-dns-srv-records-backports-314.patch
  * open-suse-3002.2-xen-grub-316.patch

- Do not crash when unexpected cmd output at listing patches (bsc#1181290)
- Added:
  * do-not-crash-when-unexpected-cmd-output-at-listing-p.patch

- Fix behavior for "onlyif/unless" when multiple conditions (bsc#1180818)
- Added:
  * fix-onlyif-unless-when-multiple-conditions-bsc-11808.patch

Dominique Leuenberger (dimstar_suse) accepted request 862930 from

Pablo Suárez Hernández (PSuarezHernandez) over 3 years ago (revision 113)

- Remove deprecated warning that breaks minion execution when "server_id_use_crc" opts is missing
- Added:
  * remove-deprecated-warning-that-breaks-miniion-execut.patch

- Revert wrong zypper patch to support vendorchanges flags on pkg.install
- Added:
  * revert-add-patch-support-for-allow-vendor-change-opt.patch

- Force zyppnotify to prefer Packages.db than Packages if it exists
- Allow vendor change option with zypper
- Add pkg.services_need_restart
- Fix for file.check_perms to work with numeric uid/gid
- Added:
  * force-zyppnotify-to-prefer-packages.db-than-packages.patch
  * fix-salt.utils.stringutils.to_str-calls-to-make-it-w.patch
  * add-patch-support-for-allow-vendor-change-option-wit.patch
  * add-pkg.services_need_restart-302.patch

- virt: more network support
  Add more network and PCI/USB host devices passthrough support
  to virt module and states
- Added:
  * open-suse-3002.2-virt-network-311.patch

- Bigvm backports
  virt consoles, CPU tuning and topology, and memory tuning.
- Added:
  * open-suse-3002.2-bigvm-310.patch

- Fix pkg states when DEB package has "all" arch

Dominique Leuenberger (dimstar_suse) accepted request 850470 from

Pablo Suárez Hernández (PSuarezHernandez) over 3 years ago (revision 112)

- Fix syntax error on pkgrepo state with Python 2.7
- transactional_update: unify with chroot.call
- Added:
  * pkgrepo-support-python-2.7-function-call-295.patch
  * transactional_update-unify-with-chroot.call.patch

- Add "migrated" state and GPG key management functions
- Added:
  * add-migrated-state-and-gpg-key-management-functions-.patch

- Master can read grains
- Added:
  * grains-master-can-read-grains.patch

- Fix for broken psutil (bsc#1102248)
- Added:
  * fix-for-bsc-1102248-psutil-is-broken-and-so-process-.patch

Dominique Leuenberger (dimstar_suse) accepted request 846425 from

Pablo Suárez Hernández (PSuarezHernandez) over 3 years ago (revision 111)

- Set passphrase for salt-ssh keys to empty string (bsc#1178485)
- Added:
  * set-passphrase-for-salt-ssh-keys-to-empty-string-293.patch

- Properly validate eauth credentials and tokens on SSH calls made by Salt API
  (bsc#1178319) (bsc#1178362) (bsc#1178361)
  (CVE-2020-25592) (CVE-2020-17490) (CVE-2020-16846)
- Added:
  * fix-cve-2020-25592-and-add-tests-bsc-1178319.patch

- Fix novendorchange handling in zypperpkg module
- Added:
  * fix-novendorchange-option-284.patch

- Fix disk.blkid to avoid unexpected keyword argument '__pub_user' (bsc#1177867)
- Added:
  * path-replace-functools.wraps-with-six.wraps-bsc-1177.patch

Dominique Leuenberger (dimstar_suse) accepted request 841799 from

Pablo Suárez Hernández (PSuarezHernandez) over 3 years ago (revision 110)

- Ensure virt.update stop_on_reboot is updated with its default value
- Added:
  * ensure-virt.update-stop_on_reboot-is-updated-with-it.patch

- Do not break package building for systemd OSes

- Drop wrong mock from chroot unit test
- Added:
  * drop-wrong-mock-from-chroot-unit-test.patch

- Support systemd versions with dot (bsc#1176294)

- Fix for grains.test_core unit test
- Fix file/directory user and group ownership containing UTF-8
  characters (bsc#1176024)
- Several changes to virtualization:
-   - Fix virt update when cpu and memory are changed
-   - Memory Tuning GSoC
-   - Properly fix memory setting regression in virt.update
-   - Expose libvirt on_reboot in virt states
- Support transactional systems (MicroOS)
- zypperpkg module ignores retcode 104 for search() (bsc#1159670)
- Xen disk fixes. No longer generates volumes for Xen disks, but the
  corresponding file or block disk (bsc#1175987)
- Added:
  * fix-grains.test_core-unit-test-277.patch
  * support-transactional-systems-microos-271.patch
  * backport-a-few-virt-prs-272.patch
  * xen-disk-fixes-264.patch
  * zypperpkg-ignore-retcode-104-for-search-bsc-1176697-.patch

Displaying revisions 21 - 40 of 149

Places

Revisions of salt

Places