diff options
| author | adam <adam@pkgsrc.org> | 2018-10-25 09:08:37 +0000 |
|---|---|---|
| committer | adam <adam@pkgsrc.org> | 2018-10-25 09:08:37 +0000 |
| commit | d8db4c3fdc6ba515e8fd0f34b38407393443cf13 (patch) | |
| tree | 55487cac4df578789f5ceb3d7fb8e4c4e194859a /sysutils/salt | |
| parent | b53da0e7663be735fdbbf2388f5a5dfd1666c860 (diff) | |
| download | pkgsrc-d8db4c3fdc6ba515e8fd0f34b38407393443cf13.tar.gz | |
salt: updated to 2018.3.3
SALT 2018.3.3
CVE-2018-15751 Remote command execution and incorrect access control when using salt-api.
CVE-2018-15750 Directory traversal vulnerability when using salt-api. Allows an attacker to determine what files exist on a server when querying /run or /events.
Improves timezone detection by using the pytz module.
The tojson filter (from Jinja 2.9 and later) has been ported to Salt, and will be used when this filter is not available. This allows older LTS releases such as CentOS 7 and Ubuntu 14.04 to use this filter.
Diffstat (limited to 'sysutils/salt')
| -rw-r--r-- | sysutils/salt/Makefile | 8 | ||||
| -rw-r--r-- | sysutils/salt/PLIST | 20 | ||||
| -rw-r--r-- | sysutils/salt/distinfo | 13 | ||||
| -rw-r--r-- | sysutils/salt/patches/patch-salt_grains_core.py | 24 | ||||
| -rw-r--r-- | sysutils/salt/patches/patch-salt_modules_pkgin.py | 42 | ||||
| -rw-r--r-- | sysutils/salt/patches/patch-salt_utils_network.py | 114 |
6 files changed, 18 insertions, 203 deletions
diff --git a/sysutils/salt/Makefile b/sysutils/salt/Makefile index 01c11e93597..70108535f1a 100644 --- a/sysutils/salt/Makefile +++ b/sysutils/salt/Makefile @@ -1,6 +1,6 @@ -# $NetBSD: Makefile,v 1.66 2018/10/23 13:42:43 jperkin Exp $ +# $NetBSD: Makefile,v 1.67 2018/10/25 09:08:37 adam Exp $ -DISTNAME= salt-2018.3.2 +DISTNAME= salt-2018.3.3 CATEGORIES= sysutils MASTER_SITES= ${MASTER_SITE_PYPI:=s/salt/} @@ -21,7 +21,7 @@ DEPENDS+= ${PYPKGPREFIX}-cryptodome-[0-9]*:../../security/py-cryptodome DEPENDS+= ${PYPKGPREFIX}-zmq>=2.2.0:../../net/py-zmq .include "../../lang/python/pyversion.mk" -.if "${PYPKGPREFIX}" == "py27" +.if ${_PYTHON_VERSION} == 27 DEPENDS+= ${PYPKGPREFIX}-futures-[0-9]*:../../devel/py-futures .endif @@ -36,7 +36,6 @@ PYSETUPARGS+= --salt-logs-dir=${VARBASE}/log/salt PYSETUPARGS+= --salt-pidfile-dir=${VARBASE}/run PYSETUPARGS+= --salt-sock-dir=${VARBASE}/run/salt -#REPLACE_PYTHON= *.py */*.py */*/*.py REPLACE_SH= salt/templates/git/ssh-id-wrapper RCD_SCRIPTS+= salt_master salt_minion salt_syndic @@ -80,6 +79,5 @@ post-install: ${INSTALL_DATA} ${WRKSRC}/conf/master ${DESTDIR}${EGDIR}/ ${INSTALL_DATA} ${WRKSRC}/conf/minion ${DESTDIR}${EGDIR}/ -#.include "../../lang/python/application.mk" .include "../../lang/python/distutils.mk" .include "../../mk/bsd.pkg.mk" diff --git a/sysutils/salt/PLIST b/sysutils/salt/PLIST index 05b42e8c385..92e67688f24 100644 --- a/sysutils/salt/PLIST +++ b/sysutils/salt/PLIST @@ -1,4 +1,4 @@ -@comment $NetBSD: PLIST,v 1.26 2018/06/16 15:23:35 adam Exp $ +@comment $NetBSD: PLIST,v 1.27 2018/10/25 09:08:37 adam Exp $ bin/salt bin/salt-api bin/salt-call @@ -4104,24 +4104,24 @@ ${PYSITELIB}/salt/utils/aggregation.pyo ${PYSITELIB}/salt/utils/args.py ${PYSITELIB}/salt/utils/args.pyc ${PYSITELIB}/salt/utils/args.pyo -${PYSITELIB}/salt/utils/async.py -${PYSITELIB}/salt/utils/async.pyc -${PYSITELIB}/salt/utils/async.pyo +${PYSITELIB}/salt/utils/asynchronous.py +${PYSITELIB}/salt/utils/asynchronous.pyc +${PYSITELIB}/salt/utils/asynchronous.pyo ${PYSITELIB}/salt/utils/atomicfile.py ${PYSITELIB}/salt/utils/atomicfile.pyc ${PYSITELIB}/salt/utils/atomicfile.pyo ${PYSITELIB}/salt/utils/aws.py ${PYSITELIB}/salt/utils/aws.pyc ${PYSITELIB}/salt/utils/aws.pyo -${PYSITELIB}/salt/utils/boto.py -${PYSITELIB}/salt/utils/boto.pyc -${PYSITELIB}/salt/utils/boto.pyo -${PYSITELIB}/salt/utils/boto3.py -${PYSITELIB}/salt/utils/boto3.pyc -${PYSITELIB}/salt/utils/boto3.pyo +${PYSITELIB}/salt/utils/boto3mod.py +${PYSITELIB}/salt/utils/boto3mod.pyc +${PYSITELIB}/salt/utils/boto3mod.pyo ${PYSITELIB}/salt/utils/boto_elb_tag.py ${PYSITELIB}/salt/utils/boto_elb_tag.pyc ${PYSITELIB}/salt/utils/boto_elb_tag.pyo +${PYSITELIB}/salt/utils/botomod.py +${PYSITELIB}/salt/utils/botomod.pyc +${PYSITELIB}/salt/utils/botomod.pyo ${PYSITELIB}/salt/utils/cache.py ${PYSITELIB}/salt/utils/cache.pyc ${PYSITELIB}/salt/utils/cache.pyo diff --git a/sysutils/salt/distinfo b/sysutils/salt/distinfo index 3793acdb853..0c6be9edbc0 100644 --- a/sysutils/salt/distinfo +++ b/sysutils/salt/distinfo @@ -1,10 +1,7 @@ -$NetBSD: distinfo,v 1.39 2018/08/06 05:01:26 tpaul Exp $ +$NetBSD: distinfo,v 1.40 2018/10/25 09:08:37 adam Exp $ -SHA1 (salt-2018.3.2.tar.gz) = 2df3d3c1c35d29b66909c74818ec6ec945c4550e -RMD160 (salt-2018.3.2.tar.gz) = ab3c0397658280307110f020f4d9d9042336d0ee -SHA512 (salt-2018.3.2.tar.gz) = 142ebe13638d7e6dd0aecc9f0325002d30e115fe8688f5f74cbeb7ff21020327d65ded0dcd845e55362b97568b696887fa22243d66d5eadef65f97152d4775d3 -Size (salt-2018.3.2.tar.gz) = 12996445 bytes -SHA1 (patch-salt_grains_core.py) = 780bea66de43764a82035a9d9a3c2ae884846d9f -SHA1 (patch-salt_modules_pkgin.py) = f0141921e7faa6fb5bccfcd79f393a763f507d40 -SHA1 (patch-salt_utils_network.py) = effce8b4e6cdabdf25624da653b05609f1ae92ed +SHA1 (salt-2018.3.3.tar.gz) = 18e148c2ef4418efe741c4b84d0ae284ebbf108b +RMD160 (salt-2018.3.3.tar.gz) = 7a471e49f6b2f7e42263e89c88e195e1ce7293a1 +SHA512 (salt-2018.3.3.tar.gz) = f00ed83d5ec9d4767d7215fae8569ec560db61a0c8ded17469026e682e367c19811d33c6c53590a275ee24ad897a0eac09d8fde8ae9320d8706d6459ff3cc6da +Size (salt-2018.3.3.tar.gz) = 13953724 bytes SHA1 (patch-salt_version.py) = 1827dac3609a938fae38ee5dfd2a873c9723dfbd diff --git a/sysutils/salt/patches/patch-salt_grains_core.py b/sysutils/salt/patches/patch-salt_grains_core.py deleted file mode 100644 index 6790756888d..00000000000 --- a/sysutils/salt/patches/patch-salt_grains_core.py +++ /dev/null @@ -1,24 +0,0 @@ -$NetBSD: patch-salt_grains_core.py,v 1.7 2018/08/06 05:01:26 tpaul Exp $ - -Prevent crash on NetBSD and OpenBSD when no swap is configured. -https://github.com/saltstack/salt/pull/47600 -PR: pkg/53278 - -This patch should no longer be needed in 2018.3.3 -https://github.com/saltstack/salt/pull/47866 - ---- salt/grains/core.py.orig 2018-06-13 16:03:06.000000000 +0000 -+++ salt/grains/core.py -@@ -451,7 +451,11 @@ def _bsd_memdata(osdata): - - if osdata['kernel'] in ['OpenBSD', 'NetBSD']: - swapctl = salt.utils.path.which('swapctl') -- swap_total = __salt__['cmd.run']('{0} -sk'.format(swapctl)).split(' ')[1] -+ swap_total = __salt__['cmd.run']('{0} -sk'.format(swapctl)) -+ if swap_total == 'no swap devices configured': -+ swap_total = 0 -+ else: -+ swap_total = swap_total.split(' ')[1] - else: - swap_total = __salt__['cmd.run']('{0} -n vm.swap_total'.format(sysctl)) - grains['swap_total'] = int(swap_total) // 1024 // 1024 diff --git a/sysutils/salt/patches/patch-salt_modules_pkgin.py b/sysutils/salt/patches/patch-salt_modules_pkgin.py deleted file mode 100644 index 0e30a797974..00000000000 --- a/sysutils/salt/patches/patch-salt_modules_pkgin.py +++ /dev/null @@ -1,42 +0,0 @@ -$NetBSD: patch-salt_modules_pkgin.py,v 1.2 2018/08/06 05:01:26 tpaul Exp $ - -Fixes 2 bugs in the pkgin module: -- pkg.latest_version doesn't return a version for an uninstalled package. -- pkg.file_dict crashes. -https://github.com/saltstack/salt/pull/47814 -PR: pkg/53344 - -This patch should no longer be needed in 2018.3.3 -https://github.com/saltstack/salt/pull/47866 - ---- salt/modules/pkgin.py.orig 2018-04-02 16:35:12.000000000 +0000 -+++ salt/modules/pkgin.py -@@ -181,7 +181,9 @@ def latest_version(*names, **kwargs): - - out = __salt__['cmd.run'](cmd, output_loglevel='trace') - for line in out.splitlines(): -- p = line.split(',' if _supports_parsing() else None) -+ if line.startswith('No results found for'): -+ return pkglist -+ p = line.split(';' if _supports_parsing() else None) - - if p and p[0] in ('=:', '<:', '>:', ''): - # These are explanation comments -@@ -190,7 +192,7 @@ def latest_version(*names, **kwargs): - s = _splitpkg(p[0]) - if s: - if not s[0] in pkglist: -- if len(p) > 1 and p[1] == '<': -+ if len(p) > 1 and p[1] in ('<', '', '='): - pkglist[s[0]] = s[1] - else: - pkglist[s[0]] = '' -@@ -681,7 +683,7 @@ def file_dict(*packages): - continue # unexpected string - - ret = {'errors': errors, 'files': files} -- for field in ret: -+ for field in list(ret): - if not ret[field] or ret[field] == '': - del ret[field] - return ret diff --git a/sysutils/salt/patches/patch-salt_utils_network.py b/sysutils/salt/patches/patch-salt_utils_network.py deleted file mode 100644 index f34419a951d..00000000000 --- a/sysutils/salt/patches/patch-salt_utils_network.py +++ /dev/null @@ -1,114 +0,0 @@ -$NetBSD: patch-salt_utils_network.py,v 1.7 2018/08/06 05:01:26 tpaul Exp $ - -Handle new ifconfig output on NetBSD 8.0 - -Upstream issue: https://github.com/saltstack/salt/issues/48856 -Upstream pull request: https://github.com/saltstack/salt/pull/48926 - ---- salt/utils/network.py.orig 2018-06-27 16:04:57.000000000 +0000 -+++ salt/utils/network.py -@@ -15,6 +15,7 @@ import platform - import random - import subprocess - from string import ascii_letters, digits -+from salt.utils.versions import LooseVersion - - # Import 3rd-party libs - from salt.ext import six -@@ -862,6 +863,83 @@ def linux_interfaces(): - return ifaces - - -+def _netbsd_interfaces_ifconfig(out): -+ ''' -+ Uses ifconfig to return a dictionary of interfaces with various information -+ about each (up/down state, ip address, netmask, and hwaddr) -+ ''' -+ ret = dict() -+ -+ piface = re.compile(r'^([^\s:]+)') -+ pmac = re.compile('.*?address: ([0-9a-f:]+)') -+ -+ pip = re.compile(r'.*?inet [^\d]*(.*?)/([\d]*)\s') -+ pip6 = re.compile('.*?inet6 ([0-9a-f:]+)%([a-zA-Z0-9]*)/([\d]*)\s') -+ -+ pupdown = re.compile('UP') -+ pbcast = re.compile(r'.*?broadcast ([\d\.]+)') -+ -+ groups = re.compile('\r?\n(?=\\S)').split(out) -+ for group in groups: -+ data = dict() -+ iface = '' -+ updown = False -+ for line in group.splitlines(): -+ miface = piface.match(line) -+ mmac = pmac.match(line) -+ mip = pip.match(line) -+ mip6 = pip6.match(line) -+ mupdown = pupdown.search(line) -+ if miface: -+ iface = miface.group(1) -+ if mmac: -+ data['hwaddr'] = mmac.group(1) -+ if mip: -+ if 'inet' not in data: -+ data['inet'] = list() -+ addr_obj = dict() -+ addr_obj['address'] = mip.group(1) -+ mmask = mip.group(2) -+ if mip.group(2): -+ addr_obj['netmask'] = cidr_to_ipv4_netmask(mip.group(2)) -+ mbcast = pbcast.match(line) -+ if mbcast: -+ addr_obj['broadcast'] = mbcast.group(1) -+ data['inet'].append(addr_obj) -+ if mupdown: -+ updown = True -+ if mip6: -+ if 'inet6' not in data: -+ data['inet6'] = list() -+ addr_obj = dict() -+ addr_obj['address'] = mip6.group(1) -+ mmask6 = mip6.group(3) -+ addr_obj['scope'] = mip6.group(2) -+ addr_obj['prefixlen'] = mip6.group(3) -+ data['inet6'].append(addr_obj) -+ data['up'] = updown -+ ret[iface] = data -+ del data -+ return ret -+ -+def netbsd_interfaces(): -+ ''' -+ Obtain interface information for NetBSD >= 8 where the ifconfig -+ output diverged from other BSD variants (Netmask is now part of the -+ address) -+ ''' -+ # NetBSD versions prior to 8.0 can still use linux_interfaces() -+ if LooseVersion(os.uname()[2]) < LooseVersion('8.0'): -+ return linux_interfaces() -+ -+ ifconfig_path = salt.utils.path.which('ifconfig') -+ cmd = subprocess.Popen( -+ '{0} -a'.format(ifconfig_path), -+ shell=True, -+ stdout=subprocess.PIPE, -+ stderr=subprocess.STDOUT).communicate()[0] -+ return _netbsd_interfaces_ifconfig(salt.utils.stringutils.to_str(cmd)) -+ - def _interfaces_ipconfig(out): - ''' - Returns a dictionary of interfaces with various information about each -@@ -963,10 +1041,11 @@ def interfaces(): - ''' - if salt.utils.platform.is_windows(): - return win_interfaces() -+ elif salt.utils.platform.is_netbsd(): -+ return netbsd_interfaces() - else: - return linux_interfaces() - -- - def get_net_start(ipaddr, netmask): - ''' - Return the address of the network |