openSUSE-SU-2017:2822-1

Описание

Salt was updated to 2017.7.2 and also to fix various bugs and security issues.

See the following resources for the full changelog: https://docs.saltstack.com/en/develop/topics/releases/2017.7.2.html https://docs.saltstack.com/en/develop/topics/releases/2017.7.1.html https://docs.saltstack.com/en/develop/topics/releases/2017.7.0.html

Security issues fixed:

• CVE-2017-14695: A directory traversal during minion id validation was fixed. (boo#1062462)
• CVE-2017-14696: A remote denial of service attack with a specially crafted authentication request was fixed. (boo#1062464)
• CVE-2017-12791: crafted minion ID could lead directory traversal on the Salt-master (boo#1053955)

Non security issues fixed:

• Add possibility to generate _version.py at the build time for raw builds: https://github.com/saltstack/salt/pull/43955
• Fix salt target-type field returns 'String' for existing jids but an empty 'Array' for non existing jids. (issue #1711)
• Fixed minion resource exhaustion when many functions are being executed in parallel (boo#1059758)
• Remove 'TasksTask' attribute from salt-master.service in older versions of systemd (boo#985112)
• Provide custom SUSE salt-master.service file.
• Fix wrong version reported by Salt (boo#1061407)
• list_pkgs: add parameter for returned attribute selection (boo#1052264)
• Adding the leftover for zypper and yum list_pkgs functionality.
• Use $HOME to get the user home directory instead using '~' char (boo#1042749)
• fix ownership for whole master cache directory (boo#1035914)
• fix setting the language on SUSE systems (boo#1038855)
• wrong os_family grains on SUSE - fix unittests (boo#1038855)
• speed-up cherrypy by removing sleep call
• Disable 3rd party runtime packages to be explicitly recommended. (boo#1040886)
• fix format error (boo#1043111)
• Add a salt-minion watchdog for RHEL6 and SLES11 systems (sysV) to restart salt-minion in case of crashes during upgrade.
• Add procps as dependency.
• Bugfix: jobs scheduled to run at a future time stay pending for Salt minions (boo#1036125)
• Wrong os_family grains on SUSE - fix unittests. (boo#1038855)
• Fix setting the language on SUSE systems. (boo#1038855)
• Bugfix: unable to use hostname for minion ID as '127'. (upstream)
• Bugfix: remove sleep call in CheppryPy API handler. (upstream)
• Fix core grains constants for timezone. (boo#1032931)
• Prevents zero length error on Python 2.6.
• Fixes zypper test error after backporting.
• Refactoring on Zypper and Yum execution and state modules to allow installation of patches/errata.
• Allows to set 'timeout' and 'gather_job_timeout' via kwargs.
• Add missing bootstrap script for Salt Cloud. (boo#1032452)
• raet protocol is no longer supported. (boo#1020831)
• Fix: add missing /var/cache/salt/cloud directory. (boo#1032213)
• Cleanup salt user environment preparation. (boo#1027722)
• Fix: race condition on cache directory creation.
• Fix: /var/log/salt/minion fails logrotate. (boo#1030009)
• Fix: Result of master_tops extension is mutually overwritten. (boo#1030073)
• Allows to set custom timeouts for 'manage.up' and 'manage.status'.
• Keep fix for migrating salt home directory. (boo#1022562)
• Fix salt-minion update on RHEL. (boo#1022841)
• Prevents 'OSError' exception in case certain job cache path doesn't exist. (boo#1023535)