From 0472fd381e531b5062766609932293b8a2edba2b Mon Sep 17 00:00:00 2001 From: Salt Project Packaging Date: Tue, 12 Dec 2023 18:03:35 +0000 Subject: [PATCH] Release v3006.5 --- CHANGELOG.md | 77 +++ changelog/38098.fixed.md | 1 - changelog/44722.fixed.md | 1 - changelog/59802.fixed.md | 1 - changelog/60002.fixed.md | 1 - changelog/62230.fixed.md | 1 - changelog/64130.fixed.md | 1 - changelog/64223.added.md | 1 - changelog/64374.fixed.md | 6 - changelog/64377.fixed.md | 1 - changelog/64455.added.md | 1 - changelog/64473.fixed.md | 1 - changelog/64497.fixed.md | 2 - changelog/64572.fixed.md | 1 - changelog/64575.fixed.md | 1 - changelog/64588.fixed.md | 1 - changelog/64597.fixed.md | 1 - changelog/64888.fixed.md | 1 - changelog/64953.fixed.md | 1 - changelog/65027.fixed.md | 1 - changelog/65029.removed.md | 1 - changelog/65086.fixed.md | 1 - changelog/65093.fixed.md | 1 - changelog/65114.fixed.md | 1 - changelog/65152.fixed.md | 1 - changelog/65165.fixed.md | 1 - changelog/65179.fixed.md | 1 - changelog/65210.fixed.md | 1 - changelog/65231.fixed.md | 2 - changelog/65268.security.md | 1 - changelog/65287.fixed.md | 1 - changelog/65288.fixed.md | 1 - changelog/65302.fixed.md | 1 - changelog/65316.fixed.md | 4 - changelog/65340.fixed.md | 1 - changelog/65358.fixed.md | 1 - changelog/65372.fixed.md | 1 - changelog/65400.fixed.md | 1 - changelog/65411.fixed.md | 2 - changelog/65450.fixed.md | 1 - changelog/65458.fixed.md | 1 - changelog/65464.fixed.md | 1 - changelog/65483.fixed.md | 1 - changelog/65501.fixed.md | 1 - changelog/65554.fixed.md | 1 - changelog/65581.fixed.md | 1 - changelog/65584.fixed.md | 2 - changelog/65643.security.md | 1 - doc/man/salt-api.1 | 2 +- doc/man/salt-call.1 | 2 +- doc/man/salt-cloud.1 | 2 +- doc/man/salt-cp.1 | 2 +- doc/man/salt-key.1 | 2 +- doc/man/salt-master.1 | 2 +- doc/man/salt-minion.1 | 2 +- doc/man/salt-proxy.1 | 2 +- doc/man/salt-run.1 | 2 +- doc/man/salt-ssh.1 | 2 +- doc/man/salt-syndic.1 | 2 +- doc/man/salt.1 | 2 +- doc/man/salt.7 | 553 ++++++++++++++++-- doc/man/spm.1 | 2 +- doc/topics/releases/3006.5.md | 93 +++ .../releases/templates/3006.5.md.template | 14 + pkg/debian/changelog | 77 +++ pkg/rpm/salt.spec | 76 ++- 66 files changed, 852 insertions(+), 123 deletions(-) delete mode 100644 changelog/38098.fixed.md delete mode 100644 changelog/44722.fixed.md delete mode 100644 changelog/59802.fixed.md delete mode 100644 changelog/60002.fixed.md delete mode 100644 changelog/62230.fixed.md delete mode 100644 changelog/64130.fixed.md delete mode 100644 changelog/64223.added.md delete mode 100644 changelog/64374.fixed.md delete mode 100644 changelog/64377.fixed.md delete mode 100644 changelog/64455.added.md delete mode 100644 changelog/64473.fixed.md delete mode 100644 changelog/64497.fixed.md delete mode 100644 changelog/64572.fixed.md delete mode 100644 changelog/64575.fixed.md delete mode 100644 changelog/64588.fixed.md delete mode 100644 changelog/64597.fixed.md delete mode 100644 changelog/64888.fixed.md delete mode 100644 changelog/64953.fixed.md delete mode 100644 changelog/65027.fixed.md delete mode 100644 changelog/65029.removed.md delete mode 100644 changelog/65086.fixed.md delete mode 100644 changelog/65093.fixed.md delete mode 100644 changelog/65114.fixed.md delete mode 100644 changelog/65152.fixed.md delete mode 100644 changelog/65165.fixed.md delete mode 100644 changelog/65179.fixed.md delete mode 100644 changelog/65210.fixed.md delete mode 100644 changelog/65231.fixed.md delete mode 100644 changelog/65268.security.md delete mode 100644 changelog/65287.fixed.md delete mode 100644 changelog/65288.fixed.md delete mode 100644 changelog/65302.fixed.md delete mode 100644 changelog/65316.fixed.md delete mode 100644 changelog/65340.fixed.md delete mode 100644 changelog/65358.fixed.md delete mode 100644 changelog/65372.fixed.md delete mode 100644 changelog/65400.fixed.md delete mode 100644 changelog/65411.fixed.md delete mode 100644 changelog/65450.fixed.md delete mode 100644 changelog/65458.fixed.md delete mode 100644 changelog/65464.fixed.md delete mode 100644 changelog/65483.fixed.md delete mode 100644 changelog/65501.fixed.md delete mode 100644 changelog/65554.fixed.md delete mode 100644 changelog/65581.fixed.md delete mode 100644 changelog/65584.fixed.md delete mode 100644 changelog/65643.security.md create mode 100644 doc/topics/releases/3006.5.md create mode 100644 doc/topics/releases/templates/3006.5.md.template diff --git a/CHANGELOG.md b/CHANGELOG.md index 4b6fbc953aa8..0fd88914af8c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,83 @@ Versions are `MAJOR.PATCH`. # Changelog +## 3006.5 (2023-12-12) + + +### Removed + +- Tech Debt - support for pysss removed due to functionality addition in Python 3.3 [#65029](https://github.com/saltstack/salt/issues/65029) + + +### Fixed + +- Improved error message when state arguments are accidentally passed as a string [#38098](https://github.com/saltstack/salt/issues/38098) +- Allow `pip.install` to create a log file that is passed in if the parent directory is writeable [#44722](https://github.com/saltstack/salt/issues/44722) +- Fixed merging of complex pillar overrides with salt-ssh states [#59802](https://github.com/saltstack/salt/issues/59802) +- Fixed gpg pillar rendering with salt-ssh [#60002](https://github.com/saltstack/salt/issues/60002) +- Made salt-ssh states not re-render pillars unnecessarily [#62230](https://github.com/saltstack/salt/issues/62230) +- Made Salt maintain options in Debian package repo definitions [#64130](https://github.com/saltstack/salt/issues/64130) +- Migrated all [`invoke`](https://www.pyinvoke.org/) tasks to [`python-tools-scripts`](https://github.com/s0undt3ch/python-tools-scripts). + + * `tasks/docs.py` -> `tools/precommit/docs.py` + * `tasks/docstrings.py` -> `tools/precommit/docstrings.py` + * `tasks/loader.py` -> `tools/precommit/loader.py` + * `tasks/filemap.py` -> `tools/precommit/filemap.py` [#64374](https://github.com/saltstack/salt/issues/64374) +- Fix salt user login shell path in Debian packages [#64377](https://github.com/saltstack/salt/issues/64377) +- Fill out lsb_distrib_xxxx (best estimate) grains if problems with retrieving lsb_release data [#64473](https://github.com/saltstack/salt/issues/64473) +- Fixed an issue in the ``file.directory`` state where the ``children_only`` keyword + argument was not being respected. [#64497](https://github.com/saltstack/salt/issues/64497) +- Move salt.ufw to correct location /etc/ufw/applications.d/ [#64572](https://github.com/saltstack/salt/issues/64572) +- Fixed salt-ssh stacktrace when retcode is not an integer [#64575](https://github.com/saltstack/salt/issues/64575) +- Fixed SSH shell seldomly fails to report any exit code [#64588](https://github.com/saltstack/salt/issues/64588) +- Fixed some issues in x509_v2 execution module private key functions [#64597](https://github.com/saltstack/salt/issues/64597) +- Fixed grp.getgrall() in utils/user.py causing performance issues [#64888](https://github.com/saltstack/salt/issues/64888) +- Fix user.list_groups omits remote groups via sssd, etc. [#64953](https://github.com/saltstack/salt/issues/64953) +- Ensure sync from _grains occurs before attempting pillar compilation in case custom grain used in pillar file [#65027](https://github.com/saltstack/salt/issues/65027) +- Moved gitfs locks to salt working dir to avoid lock wipes [#65086](https://github.com/saltstack/salt/issues/65086) +- Only attempt to create a keys directory when `--gen-keys` is passed to the `salt-key` CLI [#65093](https://github.com/saltstack/salt/issues/65093) +- Fix nonce verification, request server replies do not stomp on eachother. [#65114](https://github.com/saltstack/salt/issues/65114) +- speed up yumpkg list_pkgs by not requiring digest or signature verification on lookup. [#65152](https://github.com/saltstack/salt/issues/65152) +- Fix pkg.latest failing on windows for winrepo packages where the package is already up to date [#65165](https://github.com/saltstack/salt/issues/65165) +- Ensure __kwarg__ is preserved when checking for kwargs. This change affects proxy minions when used with Deltaproxy, which had kwargs popped when targeting multiple minions id. [#65179](https://github.com/saltstack/salt/issues/65179) +- Fixes traceback when state id is an int in a reactor SLS file. [#65210](https://github.com/saltstack/salt/issues/65210) +- Install logrotate config as /etc/logrotate.d/salt-common for Debian packages + Remove broken /etc/logrotate.d/salt directory from 3006.3 if it exists. [#65231](https://github.com/saltstack/salt/issues/65231) +- Use ``sha256`` as the default ``hash_type``. It has been the default since Salt v2016.9 [#65287](https://github.com/saltstack/salt/issues/65287) +- Preserve ownership on log rotation [#65288](https://github.com/saltstack/salt/issues/65288) +- Ensure that the correct value of jid_inclue is passed if the argument is included in the passed keyword arguments. [#65302](https://github.com/saltstack/salt/issues/65302) +- Uprade relenv to 0.14.2 + - Update openssl to address CVE-2023-5363. + - Fix bug in openssl setup when openssl binary can't be found. + - Add M1 mac support. [#65316](https://github.com/saltstack/salt/issues/65316) +- Fix regex for filespec adding/deleting fcontext policy in selinux [#65340](https://github.com/saltstack/salt/issues/65340) +- Ensure CLI options take priority over Saltfile options [#65358](https://github.com/saltstack/salt/issues/65358) +- Test mode for state function `saltmod.wheel` no longer set's `result` to `(None,)` [#65372](https://github.com/saltstack/salt/issues/65372) +- Client only process events which tag conforms to an event return. [#65400](https://github.com/saltstack/salt/issues/65400) +- Fixes an issue setting user or machine policy on Windows when the Group Policy + directory is missing [#65411](https://github.com/saltstack/salt/issues/65411) +- Fix regression in file module which was not re-using a file client. [#65450](https://github.com/saltstack/salt/issues/65450) +- pip.installed state will now properly fail when a specified user does not exists [#65458](https://github.com/saltstack/salt/issues/65458) +- Publish channel connect callback method properly closes it's request channel. [#65464](https://github.com/saltstack/salt/issues/65464) +- Ensured the pillar in SSH wrapper modules is the same as the one used in template rendering when overrides are passed [#65483](https://github.com/saltstack/salt/issues/65483) +- Fix file.comment ignore_missing not working with multiline char [#65501](https://github.com/saltstack/salt/issues/65501) +- Warn when an un-closed transport client is being garbage collected. [#65554](https://github.com/saltstack/salt/issues/65554) +- Only generate the HMAC's for ``libssl.so.1.1`` and ``libcrypto.so.1.1`` if those files exist. [#65581](https://github.com/saltstack/salt/issues/65581) +- Fixed an issue where Salt Cloud would fail if it could not delete lingering + PAexec binaries [#65584](https://github.com/saltstack/salt/issues/65584) + + +### Added + +- Added Salt support for Debian 12 [#64223](https://github.com/saltstack/salt/issues/64223) +- Added Salt support for Amazon Linux 2023 [#64455](https://github.com/saltstack/salt/issues/64455) + + +### Security + +- Bump to `cryptography==41.0.4` due to https://github.com/advisories/GHSA-v8gr-m533-ghj9 [#65268](https://github.com/saltstack/salt/issues/65268) +- Bump to `cryptography==41.0.7` due to https://github.com/advisories/GHSA-jfhm-5ghh-2f97 [#65643](https://github.com/saltstack/salt/issues/65643) + ## 3006.4 (2023-10-16) diff --git a/changelog/38098.fixed.md b/changelog/38098.fixed.md deleted file mode 100644 index b40a693e456d..000000000000 --- a/changelog/38098.fixed.md +++ /dev/null @@ -1 +0,0 @@ -Improved error message when state arguments are accidentally passed as a string diff --git a/changelog/44722.fixed.md b/changelog/44722.fixed.md deleted file mode 100644 index ad790a6d44f2..000000000000 --- a/changelog/44722.fixed.md +++ /dev/null @@ -1 +0,0 @@ -Allow `pip.install` to create a log file that is passed in if the parent directory is writeable diff --git a/changelog/59802.fixed.md b/changelog/59802.fixed.md deleted file mode 100644 index e83222951c7d..000000000000 --- a/changelog/59802.fixed.md +++ /dev/null @@ -1 +0,0 @@ -Fixed merging of complex pillar overrides with salt-ssh states diff --git a/changelog/60002.fixed.md b/changelog/60002.fixed.md deleted file mode 100644 index 8d3869b7a3b7..000000000000 --- a/changelog/60002.fixed.md +++ /dev/null @@ -1 +0,0 @@ -Fixed gpg pillar rendering with salt-ssh diff --git a/changelog/62230.fixed.md b/changelog/62230.fixed.md deleted file mode 100644 index 8c83287a76fb..000000000000 --- a/changelog/62230.fixed.md +++ /dev/null @@ -1 +0,0 @@ -Made salt-ssh states not re-render pillars unnecessarily diff --git a/changelog/64130.fixed.md b/changelog/64130.fixed.md deleted file mode 100644 index 3f99dd59f4a7..000000000000 --- a/changelog/64130.fixed.md +++ /dev/null @@ -1 +0,0 @@ -Made Salt maintain options in Debian package repo definitions diff --git a/changelog/64223.added.md b/changelog/64223.added.md deleted file mode 100644 index a68be1cfe150..000000000000 --- a/changelog/64223.added.md +++ /dev/null @@ -1 +0,0 @@ -Added Salt support for Debian 12 diff --git a/changelog/64374.fixed.md b/changelog/64374.fixed.md deleted file mode 100644 index 31dfc9b1b1dd..000000000000 --- a/changelog/64374.fixed.md +++ /dev/null @@ -1,6 +0,0 @@ -Migrated all [`invoke`](https://www.pyinvoke.org/) tasks to [`python-tools-scripts`](https://github.com/s0undt3ch/python-tools-scripts). - -* `tasks/docs.py` -> `tools/precommit/docs.py` -* `tasks/docstrings.py` -> `tools/precommit/docstrings.py` -* `tasks/loader.py` -> `tools/precommit/loader.py` -* `tasks/filemap.py` -> `tools/precommit/filemap.py` diff --git a/changelog/64377.fixed.md b/changelog/64377.fixed.md deleted file mode 100644 index aa88ae79649c..000000000000 --- a/changelog/64377.fixed.md +++ /dev/null @@ -1 +0,0 @@ -Fix salt user login shell path in Debian packages diff --git a/changelog/64455.added.md b/changelog/64455.added.md deleted file mode 100644 index 8885a93e59f1..000000000000 --- a/changelog/64455.added.md +++ /dev/null @@ -1 +0,0 @@ -Added Salt support for Amazon Linux 2023 diff --git a/changelog/64473.fixed.md b/changelog/64473.fixed.md deleted file mode 100644 index 411d90bf9be3..000000000000 --- a/changelog/64473.fixed.md +++ /dev/null @@ -1 +0,0 @@ -Fill out lsb_distrib_xxxx (best estimate) grains if problems with retrieving lsb_release data diff --git a/changelog/64497.fixed.md b/changelog/64497.fixed.md deleted file mode 100644 index 2d90737562df..000000000000 --- a/changelog/64497.fixed.md +++ /dev/null @@ -1,2 +0,0 @@ -Fixed an issue in the ``file.directory`` state where the ``children_only`` keyword -argument was not being respected. diff --git a/changelog/64572.fixed.md b/changelog/64572.fixed.md deleted file mode 100644 index d9916bb29faf..000000000000 --- a/changelog/64572.fixed.md +++ /dev/null @@ -1 +0,0 @@ -Move salt.ufw to correct location /etc/ufw/applications.d/ diff --git a/changelog/64575.fixed.md b/changelog/64575.fixed.md deleted file mode 100644 index 71ff76ea9d41..000000000000 --- a/changelog/64575.fixed.md +++ /dev/null @@ -1 +0,0 @@ -Fixed salt-ssh stacktrace when retcode is not an integer diff --git a/changelog/64588.fixed.md b/changelog/64588.fixed.md deleted file mode 100644 index bf9def4eb4e4..000000000000 --- a/changelog/64588.fixed.md +++ /dev/null @@ -1 +0,0 @@ -Fixed SSH shell seldomly fails to report any exit code diff --git a/changelog/64597.fixed.md b/changelog/64597.fixed.md deleted file mode 100644 index 1810ce5ebb8f..000000000000 --- a/changelog/64597.fixed.md +++ /dev/null @@ -1 +0,0 @@ -Fixed some issues in x509_v2 execution module private key functions diff --git a/changelog/64888.fixed.md b/changelog/64888.fixed.md deleted file mode 100644 index 08b2efd0424c..000000000000 --- a/changelog/64888.fixed.md +++ /dev/null @@ -1 +0,0 @@ -Fixed grp.getgrall() in utils/user.py causing performance issues diff --git a/changelog/64953.fixed.md b/changelog/64953.fixed.md deleted file mode 100644 index f0b1ed46f19f..000000000000 --- a/changelog/64953.fixed.md +++ /dev/null @@ -1 +0,0 @@ -Fix user.list_groups omits remote groups via sssd, etc. diff --git a/changelog/65027.fixed.md b/changelog/65027.fixed.md deleted file mode 100644 index 43289c688b28..000000000000 --- a/changelog/65027.fixed.md +++ /dev/null @@ -1 +0,0 @@ -Ensure sync from _grains occurs before attempting pillar compilation in case custom grain used in pillar file diff --git a/changelog/65029.removed.md b/changelog/65029.removed.md deleted file mode 100644 index d09f10b4ba31..000000000000 --- a/changelog/65029.removed.md +++ /dev/null @@ -1 +0,0 @@ -Tech Debt - support for pysss removed due to functionality addition in Python 3.3 diff --git a/changelog/65086.fixed.md b/changelog/65086.fixed.md deleted file mode 100644 index 292930f0fd46..000000000000 --- a/changelog/65086.fixed.md +++ /dev/null @@ -1 +0,0 @@ -Moved gitfs locks to salt working dir to avoid lock wipes diff --git a/changelog/65093.fixed.md b/changelog/65093.fixed.md deleted file mode 100644 index 55a5308689ce..000000000000 --- a/changelog/65093.fixed.md +++ /dev/null @@ -1 +0,0 @@ -Only attempt to create a keys directory when `--gen-keys` is passed to the `salt-key` CLI diff --git a/changelog/65114.fixed.md b/changelog/65114.fixed.md deleted file mode 100644 index fb4f2ab15361..000000000000 --- a/changelog/65114.fixed.md +++ /dev/null @@ -1 +0,0 @@ -Fix nonce verification, request server replies do not stomp on eachother. diff --git a/changelog/65152.fixed.md b/changelog/65152.fixed.md deleted file mode 100644 index dfa2dac34622..000000000000 --- a/changelog/65152.fixed.md +++ /dev/null @@ -1 +0,0 @@ -speed up yumpkg list_pkgs by not requiring digest or signature verification on lookup. diff --git a/changelog/65165.fixed.md b/changelog/65165.fixed.md deleted file mode 100644 index 7b981a517f80..000000000000 --- a/changelog/65165.fixed.md +++ /dev/null @@ -1 +0,0 @@ -Fix pkg.latest failing on windows for winrepo packages where the package is already up to date diff --git a/changelog/65179.fixed.md b/changelog/65179.fixed.md deleted file mode 100644 index 0e3239465500..000000000000 --- a/changelog/65179.fixed.md +++ /dev/null @@ -1 +0,0 @@ -Ensure __kwarg__ is preserved when checking for kwargs. This change affects proxy minions when used with Deltaproxy, which had kwargs popped when targeting multiple minions id. diff --git a/changelog/65210.fixed.md b/changelog/65210.fixed.md deleted file mode 100644 index 7fe7b21dcbe3..000000000000 --- a/changelog/65210.fixed.md +++ /dev/null @@ -1 +0,0 @@ -Fixes traceback when state id is an int in a reactor SLS file. diff --git a/changelog/65231.fixed.md b/changelog/65231.fixed.md deleted file mode 100644 index 50d225e7452f..000000000000 --- a/changelog/65231.fixed.md +++ /dev/null @@ -1,2 +0,0 @@ -Install logrotate config as /etc/logrotate.d/salt-common for Debian packages -Remove broken /etc/logrotate.d/salt directory from 3006.3 if it exists. diff --git a/changelog/65268.security.md b/changelog/65268.security.md deleted file mode 100644 index 15588570ad69..000000000000 --- a/changelog/65268.security.md +++ /dev/null @@ -1 +0,0 @@ -Bump to `cryptography==41.0.4` due to https://github.com/advisories/GHSA-v8gr-m533-ghj9 diff --git a/changelog/65287.fixed.md b/changelog/65287.fixed.md deleted file mode 100644 index e075d251820c..000000000000 --- a/changelog/65287.fixed.md +++ /dev/null @@ -1 +0,0 @@ -Use ``sha256`` as the default ``hash_type``. It has been the default since Salt v2016.9 diff --git a/changelog/65288.fixed.md b/changelog/65288.fixed.md deleted file mode 100644 index 885812433826..000000000000 --- a/changelog/65288.fixed.md +++ /dev/null @@ -1 +0,0 @@ -Preserve ownership on log rotation diff --git a/changelog/65302.fixed.md b/changelog/65302.fixed.md deleted file mode 100644 index 087bd27314e7..000000000000 --- a/changelog/65302.fixed.md +++ /dev/null @@ -1 +0,0 @@ -Ensure that the correct value of jid_inclue is passed if the argument is included in the passed keyword arguments. diff --git a/changelog/65316.fixed.md b/changelog/65316.fixed.md deleted file mode 100644 index f5f9e197e300..000000000000 --- a/changelog/65316.fixed.md +++ /dev/null @@ -1,4 +0,0 @@ -Uprade relenv to 0.14.2 - - Update openssl to address CVE-2023-5363. - - Fix bug in openssl setup when openssl binary can't be found. - - Add M1 mac support. diff --git a/changelog/65340.fixed.md b/changelog/65340.fixed.md deleted file mode 100644 index ed26da9f3cd5..000000000000 --- a/changelog/65340.fixed.md +++ /dev/null @@ -1 +0,0 @@ -Fix regex for filespec adding/deleting fcontext policy in selinux diff --git a/changelog/65358.fixed.md b/changelog/65358.fixed.md deleted file mode 100644 index 9a9acc31b4de..000000000000 --- a/changelog/65358.fixed.md +++ /dev/null @@ -1 +0,0 @@ -Ensure CLI options take priority over Saltfile options diff --git a/changelog/65372.fixed.md b/changelog/65372.fixed.md deleted file mode 100644 index 3ccf3d6578e2..000000000000 --- a/changelog/65372.fixed.md +++ /dev/null @@ -1 +0,0 @@ -Test mode for state function `saltmod.wheel` no longer set's `result` to `(None,)` diff --git a/changelog/65400.fixed.md b/changelog/65400.fixed.md deleted file mode 100644 index ae21abac9fe0..000000000000 --- a/changelog/65400.fixed.md +++ /dev/null @@ -1 +0,0 @@ -Client only process events which tag conforms to an event return. diff --git a/changelog/65411.fixed.md b/changelog/65411.fixed.md deleted file mode 100644 index 0500a7364ee1..000000000000 --- a/changelog/65411.fixed.md +++ /dev/null @@ -1,2 +0,0 @@ -Fixes an issue setting user or machine policy on Windows when the Group Policy -directory is missing diff --git a/changelog/65450.fixed.md b/changelog/65450.fixed.md deleted file mode 100644 index c680d37692ce..000000000000 --- a/changelog/65450.fixed.md +++ /dev/null @@ -1 +0,0 @@ -Fix regression in file module which was not re-using a file client. diff --git a/changelog/65458.fixed.md b/changelog/65458.fixed.md deleted file mode 100644 index 61cc57df9ca7..000000000000 --- a/changelog/65458.fixed.md +++ /dev/null @@ -1 +0,0 @@ -pip.installed state will now properly fail when a specified user does not exists diff --git a/changelog/65464.fixed.md b/changelog/65464.fixed.md deleted file mode 100644 index a931b6a64456..000000000000 --- a/changelog/65464.fixed.md +++ /dev/null @@ -1 +0,0 @@ -Publish channel connect callback method properly closes it's request channel. diff --git a/changelog/65483.fixed.md b/changelog/65483.fixed.md deleted file mode 100644 index 8092c6072d34..000000000000 --- a/changelog/65483.fixed.md +++ /dev/null @@ -1 +0,0 @@ -Ensured the pillar in SSH wrapper modules is the same as the one used in template rendering when overrides are passed diff --git a/changelog/65501.fixed.md b/changelog/65501.fixed.md deleted file mode 100644 index 31592c67e701..000000000000 --- a/changelog/65501.fixed.md +++ /dev/null @@ -1 +0,0 @@ -Fix file.comment ignore_missing not working with multiline char diff --git a/changelog/65554.fixed.md b/changelog/65554.fixed.md deleted file mode 100644 index 6d1598217e3b..000000000000 --- a/changelog/65554.fixed.md +++ /dev/null @@ -1 +0,0 @@ -Warn when an un-closed transport client is being garbage collected. diff --git a/changelog/65581.fixed.md b/changelog/65581.fixed.md deleted file mode 100644 index 3ac7427b6981..000000000000 --- a/changelog/65581.fixed.md +++ /dev/null @@ -1 +0,0 @@ -Only generate the HMAC's for ``libssl.so.1.1`` and ``libcrypto.so.1.1`` if those files exist. diff --git a/changelog/65584.fixed.md b/changelog/65584.fixed.md deleted file mode 100644 index 1da48b32bb04..000000000000 --- a/changelog/65584.fixed.md +++ /dev/null @@ -1,2 +0,0 @@ -Fixed an issue where Salt Cloud would fail if it could not delete lingering -PAexec binaries diff --git a/changelog/65643.security.md b/changelog/65643.security.md deleted file mode 100644 index 19ee102d1d2f..000000000000 --- a/changelog/65643.security.md +++ /dev/null @@ -1 +0,0 @@ -Bump to `cryptography==41.0.7` due to https://github.com/advisories/GHSA-jfhm-5ghh-2f97 diff --git a/doc/man/salt-api.1 b/doc/man/salt-api.1 index cfbe64d172ad..214422b243a4 100644 --- a/doc/man/salt-api.1 +++ b/doc/man/salt-api.1 @@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] .in \\n[rst2man-indent\\n[rst2man-indent-level]]u .. -.TH "SALT-API" "1" "Generated on October 16, 2023 at 05:24:47 PM UTC." "3006.4" "Salt" +.TH "SALT-API" "1" "Generated on December 12, 2023 at 05:54:17 PM UTC." "3006.5" "Salt" .SH NAME salt-api \- salt-api Command .sp diff --git a/doc/man/salt-call.1 b/doc/man/salt-call.1 index 2a964330511f..2e6698b8d4ac 100644 --- a/doc/man/salt-call.1 +++ b/doc/man/salt-call.1 @@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] .in \\n[rst2man-indent\\n[rst2man-indent-level]]u .. -.TH "SALT-CALL" "1" "Generated on October 16, 2023 at 05:24:47 PM UTC." "3006.4" "Salt" +.TH "SALT-CALL" "1" "Generated on December 12, 2023 at 05:54:17 PM UTC." "3006.5" "Salt" .SH NAME salt-call \- salt-call Documentation .SH SYNOPSIS diff --git a/doc/man/salt-cloud.1 b/doc/man/salt-cloud.1 index e3866a63e31e..7dc0450cc5cd 100644 --- a/doc/man/salt-cloud.1 +++ b/doc/man/salt-cloud.1 @@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] .in \\n[rst2man-indent\\n[rst2man-indent-level]]u .. -.TH "SALT-CLOUD" "1" "Generated on October 16, 2023 at 05:24:47 PM UTC." "3006.4" "Salt" +.TH "SALT-CLOUD" "1" "Generated on December 12, 2023 at 05:54:17 PM UTC." "3006.5" "Salt" .SH NAME salt-cloud \- Salt Cloud Command .sp diff --git a/doc/man/salt-cp.1 b/doc/man/salt-cp.1 index 0ad964aaf7b5..015e1b3461ce 100644 --- a/doc/man/salt-cp.1 +++ b/doc/man/salt-cp.1 @@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] .in \\n[rst2man-indent\\n[rst2man-indent-level]]u .. -.TH "SALT-CP" "1" "Generated on October 16, 2023 at 05:24:47 PM UTC." "3006.4" "Salt" +.TH "SALT-CP" "1" "Generated on December 12, 2023 at 05:54:17 PM UTC." "3006.5" "Salt" .SH NAME salt-cp \- salt-cp Documentation .sp diff --git a/doc/man/salt-key.1 b/doc/man/salt-key.1 index 913c2cf5b9ed..f346507ed58d 100644 --- a/doc/man/salt-key.1 +++ b/doc/man/salt-key.1 @@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] .in \\n[rst2man-indent\\n[rst2man-indent-level]]u .. -.TH "SALT-KEY" "1" "Generated on October 16, 2023 at 05:24:47 PM UTC." "3006.4" "Salt" +.TH "SALT-KEY" "1" "Generated on December 12, 2023 at 05:54:17 PM UTC." "3006.5" "Salt" .SH NAME salt-key \- salt-key Documentation .SH SYNOPSIS diff --git a/doc/man/salt-master.1 b/doc/man/salt-master.1 index b8bd9056ff33..1b54882a9b2e 100644 --- a/doc/man/salt-master.1 +++ b/doc/man/salt-master.1 @@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] .in \\n[rst2man-indent\\n[rst2man-indent-level]]u .. -.TH "SALT-MASTER" "1" "Generated on October 16, 2023 at 05:24:47 PM UTC." "3006.4" "Salt" +.TH "SALT-MASTER" "1" "Generated on December 12, 2023 at 05:54:17 PM UTC." "3006.5" "Salt" .SH NAME salt-master \- salt-master Documentation .sp diff --git a/doc/man/salt-minion.1 b/doc/man/salt-minion.1 index 5fb106bf3f29..d02a0bfa2e54 100644 --- a/doc/man/salt-minion.1 +++ b/doc/man/salt-minion.1 @@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] .in \\n[rst2man-indent\\n[rst2man-indent-level]]u .. -.TH "SALT-MINION" "1" "Generated on October 16, 2023 at 05:24:47 PM UTC." "3006.4" "Salt" +.TH "SALT-MINION" "1" "Generated on December 12, 2023 at 05:54:17 PM UTC." "3006.5" "Salt" .SH NAME salt-minion \- salt-minion Documentation .sp diff --git a/doc/man/salt-proxy.1 b/doc/man/salt-proxy.1 index 97fdfa6c6ae5..0f5b3b8e40e3 100644 --- a/doc/man/salt-proxy.1 +++ b/doc/man/salt-proxy.1 @@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] .in \\n[rst2man-indent\\n[rst2man-indent-level]]u .. -.TH "SALT-PROXY" "1" "Generated on October 16, 2023 at 05:24:47 PM UTC." "3006.4" "Salt" +.TH "SALT-PROXY" "1" "Generated on December 12, 2023 at 05:54:17 PM UTC." "3006.5" "Salt" .SH NAME salt-proxy \- salt-proxy Documentation .sp diff --git a/doc/man/salt-run.1 b/doc/man/salt-run.1 index 6954234ae0c0..1535cbde86c5 100644 --- a/doc/man/salt-run.1 +++ b/doc/man/salt-run.1 @@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] .in \\n[rst2man-indent\\n[rst2man-indent-level]]u .. -.TH "SALT-RUN" "1" "Generated on October 16, 2023 at 05:24:47 PM UTC." "3006.4" "Salt" +.TH "SALT-RUN" "1" "Generated on December 12, 2023 at 05:54:17 PM UTC." "3006.5" "Salt" .SH NAME salt-run \- salt-run Documentation .sp diff --git a/doc/man/salt-ssh.1 b/doc/man/salt-ssh.1 index b085a6a6cde6..5771453ad143 100644 --- a/doc/man/salt-ssh.1 +++ b/doc/man/salt-ssh.1 @@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] .in \\n[rst2man-indent\\n[rst2man-indent-level]]u .. -.TH "SALT-SSH" "1" "Generated on October 16, 2023 at 05:24:47 PM UTC." "3006.4" "Salt" +.TH "SALT-SSH" "1" "Generated on December 12, 2023 at 05:54:17 PM UTC." "3006.5" "Salt" .SH NAME salt-ssh \- salt-ssh Documentation .SH SYNOPSIS diff --git a/doc/man/salt-syndic.1 b/doc/man/salt-syndic.1 index 5e26b223e349..7a42e21c7676 100644 --- a/doc/man/salt-syndic.1 +++ b/doc/man/salt-syndic.1 @@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] .in \\n[rst2man-indent\\n[rst2man-indent-level]]u .. -.TH "SALT-SYNDIC" "1" "Generated on October 16, 2023 at 05:24:47 PM UTC." "3006.4" "Salt" +.TH "SALT-SYNDIC" "1" "Generated on December 12, 2023 at 05:54:17 PM UTC." "3006.5" "Salt" .SH NAME salt-syndic \- salt-syndic Documentation .sp diff --git a/doc/man/salt.1 b/doc/man/salt.1 index 852508174cc9..127fce42145c 100644 --- a/doc/man/salt.1 +++ b/doc/man/salt.1 @@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] .in \\n[rst2man-indent\\n[rst2man-indent-level]]u .. -.TH "SALT" "1" "Generated on October 16, 2023 at 05:24:47 PM UTC." "3006.4" "Salt" +.TH "SALT" "1" "Generated on December 12, 2023 at 05:54:17 PM UTC." "3006.5" "Salt" .SH NAME salt \- salt .SH SYNOPSIS diff --git a/doc/man/salt.7 b/doc/man/salt.7 index 7457d9dd5f48..a2232d27d5ae 100644 --- a/doc/man/salt.7 +++ b/doc/man/salt.7 @@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] .in \\n[rst2man-indent\\n[rst2man-indent-level]]u .. -.TH "SALT" "7" "Generated on October 16, 2023 at 05:24:47 PM UTC." "3006.4" "Salt" +.TH "SALT" "7" "Generated on December 12, 2023 at 05:54:17 PM UTC." "3006.5" "Salt" .SH NAME salt \- Salt Documentation .SH SALT PROJECT @@ -1404,6 +1404,9 @@ If someone isn\(aqt an expert in this area, what will they need to know? .sp This will also help you out, because when you go to create the PR it will automatically insert the body of your commit messages. +.sp +See the \fI\%changelog\fP +docs for more information. .SS Pull request time! .sp Once you\(aqve done all your dev work and tested locally, you should check @@ -7880,6 +7883,13 @@ log_level: warning .fi .UNINDENT .UNINDENT +.sp +Any log level below the \fIinfo\fP level is INSECURE and may log sensitive data. This currently includes: +#. profile +#. debug +#. trace +#. garbage +#. all .SS \fBlog_level_logfile\fP .sp Default: \fBwarning\fP @@ -7897,6 +7907,13 @@ log_level_logfile: warning .fi .UNINDENT .UNINDENT +.sp +Any log level below the \fIinfo\fP level is INSECURE and may log sensitive data. This currently includes: +#. profile +#. debug +#. trace +#. garbage +#. all .SS \fBlog_datefmt\fP .sp Default: \fB%H:%M:%S\fP @@ -12644,6 +12661,13 @@ log_level: warning .fi .UNINDENT .UNINDENT +.sp +Any log level below the \fIinfo\fP level is INSECURE and may log sensitive data. This currently includes: +#. profile +#. debug +#. trace +#. garbage +#. all .SS \fBlog_level_logfile\fP .sp Default: \fBwarning\fP @@ -12661,6 +12685,13 @@ log_level_logfile: warning .fi .UNINDENT .UNINDENT +.sp +Any log level below the \fIinfo\fP level is INSECURE and may log sensitive data. This currently includes: +#. profile +#. debug +#. trace +#. garbage +#. all .SS \fBlog_datefmt\fP .sp Default: \fB%H:%M:%S\fP @@ -15144,7 +15175,7 @@ For reference, see: # One of \(aqgarbage\(aq, \(aqtrace\(aq, \(aqdebug\(aq, info\(aq, \(aqwarning\(aq, \(aqerror\(aq, \(aqcritical\(aq. # # The following log levels are considered INSECURE and may log sensitive data: -# [\(aqgarbage\(aq, \(aqtrace\(aq, \(aqdebug\(aq] +# [\(aqprofile\(aq, \(aqgarbage\(aq, \(aqtrace\(aq, \(aqdebug\(aq, \(aqall\(aq] # #log_level: warning @@ -16125,7 +16156,7 @@ For reference, see: # One of \(aqgarbage\(aq, \(aqtrace\(aq, \(aqdebug\(aq, \(aqinfo\(aq, \(aqwarning\(aq, \(aqerror\(aq, \(aqcritical\(aq. # # The following log levels are considered INSECURE and may log sensitive data: -# [\(aqgarbage\(aq, \(aqtrace\(aq, \(aqdebug\(aq] +# [\(aqprofile\(aq, \(aqgarbage\(aq, \(aqtrace\(aq, \(aqdebug\(aq, \(aqall\(aq] # # Default: \(aqwarning\(aq #log_level: warning @@ -16836,7 +16867,7 @@ For reference, see: # One of \(aqgarbage\(aq, \(aqtrace\(aq, \(aqdebug\(aq, \(aqinfo\(aq, \(aqwarning\(aq, \(aqerror\(aq, \(aqcritical\(aq. # # The following log levels are considered INSECURE and may log sensitive data: -# [\(aqgarbage\(aq, \(aqtrace\(aq, \(aqdebug\(aq] +# [\(aqprofile\(aq, \(aqgarbage\(aq, \(aqtrace\(aq, \(aqdebug\(aq, \(aqall\(aq] # # Default: \(aqwarning\(aq #log_level: warning @@ -19003,6 +19034,13 @@ Everything T} _ .TE +.sp +Any log level below the \fIinfo\fP level is INSECURE and may log sensitive data. This currently includes: +#. profile +#. debug +#. trace +#. garbage +#. all .SS Available Configuration Settings .SS \fBlog_file\fP .sp @@ -23710,7 +23748,7 @@ most secure setup, only connect syndics directly to master of masters. .INDENT 0.0 .TP .B email -\fI\%saltproject-security.pdl@broadcom.com\fP +\fI\%saltproject\-security.pdl@broadcom.com\fP .TP .B gpg key ID 4EA0793D @@ -23831,7 +23869,7 @@ fwPKmQ2cKnCBs5ASj1DkgUcz2c8DTUPVqg== .UNINDENT .UNINDENT .sp -The SaltStack Security Team is available at \fI\%saltproject-security.pdl@broadcom.com\fP for +The SaltStack Security Team is available at \fI\%saltproject\-security.pdl@broadcom.com\fP for security\-related bug reports or questions. .sp We request the disclosure of any security\-related bugs or issues be reported @@ -23845,7 +23883,7 @@ seriously. Our disclosure policy is intended to resolve security issues as quickly and safely as is possible. .INDENT 0.0 .IP 1. 3 -A security report sent to \fI\%saltproject-security.pdl@broadcom.com\fP is assigned to a team +A security report sent to \fI\%saltproject\-security.pdl@broadcom.com\fP is assigned to a team member. This person is the primary contact for questions and will coordinate the fix, release, and announcement. .IP 2. 3 @@ -57834,7 +57872,7 @@ jim_nologin: .UNINDENT .UNINDENT -.SS Creates +.SS creates .sp New in version 3001. @@ -85544,6 +85582,243 @@ tools pkg build windows \-\-salt\-version \-\-arch .sp The python library is available in the install directory of the onedir package. For example on linux the default location would be \fB/opt/saltstack/salt/bin/python3\fP\&. +.SS Testing the packages +.sp +If you want to test your built packages, or any other collection of salt packages post 3006.0, follow \fI\%this guide\fP +.SS Testing packages +.SS The package test suite +.sp +The salt repo provides a test suite for testing basic functionality of our +packages at \fB/pkg/tests/\fP\&. You can run the install, upgrade, and +downgrade tests. These tests run automatically on most PRs that are submitted +against Salt. +.sp +\fBWARNING:\fP +.INDENT 0.0 +.INDENT 3.5 +These tests make destructive changes to your system because they install the +built packages onto the system. They may also install older versions in the +case of upgrades or downgrades. To prevent destructive changes, run the +tests in an isolated system, preferably a virtual machine. +.UNINDENT +.UNINDENT +.SS Setup +.sp +In order to run the package tests, the \fI\%relenv\fP onedir and +built packages need to be placed in the correct locations. +.INDENT 0.0 +.IP \(bu 2 +Place all salt packages for the applicable testing version in +\fB/pkg/artifacts/\fP\&. +.IP \(bu 2 +The onedir must be located under \fB/artifacts/\fP\&. +.IP \(bu 2 +Additionally, to ensure complete parity with Salt\(aqs CI/CD suite, place the +\fBnox\fP virtual environment in \fB/.nox/test\-pkgs\-onedir\fP\&. +.UNINDENT +.sp +The following are a few ways this can be accomplished easily. +.sp +You can ensure parity by installing the package test suite through a few +possible methods: +.INDENT 0.0 +.IP \(bu 2 +Using \fBtools\fP +.IP \(bu 2 +Downloading individually +.UNINDENT +.SS Using \fBtools\fP +.sp +Salt has preliminary support for setting up the package test suite in the +\fBtools\fP command suite that is located under \fB/tools/testsuite/\fP\&. +This method requires the Github CLI tool \fBgh\fP (\fI\%https://cli.github.com/\fP) to be properly configured for +interaction with the salt repo. +.INDENT 0.0 +.IP 1. 3 +Install the dependencies using this command: +.INDENT 3.0 +.INDENT 3.5 +.INDENT 0.0 +.INDENT 3.5 +.sp +.nf +.ft C +pip install \-r requirements/static/ci/py{python_version}/tools.txt +.ft P +.fi +.UNINDENT +.UNINDENT +.UNINDENT +.UNINDENT +.IP 2. 3 +Download and extract the artifacts with this \fBtools\fP command: +.INDENT 3.0 +.INDENT 3.5 +.INDENT 0.0 +.INDENT 3.5 +.sp +.nf +.ft C +tools ts setup \-\-platform {linux|darwin|windows} \-\-slug + \-\-pr \-\-pkg +.ft P +.fi +.UNINDENT +.UNINDENT +.sp +The most common use case is to test the packages built on a CI/CD run for a +given PR. To see the possible options for each argument, and other ways to +utilize this command, use the following: +.INDENT 0.0 +.INDENT 3.5 +.sp +.nf +.ft C +tools ts setup \-h +.ft P +.fi +.UNINDENT +.UNINDENT +.UNINDENT +.UNINDENT +.UNINDENT +.sp +\fBWARNING:\fP +.INDENT 0.0 +.INDENT 3.5 +You can only download artifacts from finished workflow runs. This is something +imposed by the GitHub API. +To download artifacts from a running workflow run, you either have to wait for +the finish or cancel it. +.UNINDENT +.UNINDENT +.SS Downloading individually +.sp +If the \fBtools ts setup\fP command doesn\(aqt work, you can download, unzip, and +place the artifacts in the correct locations manually. Typically, you want to +test packages built on a CI/CD run for a given PR. This guide explains how to +set up for running the package tests using those artifacts. An analogous process +can be performed for artifacts from nightly builds. +.INDENT 0.0 +.IP 1. 3 +Find and download the artifacts: +.INDENT 3.0 +.INDENT 3.5 +Under the summary page for the most recent actions run for that PR, there is +a list of available artifacts from that run that can be downloaded. Download +the package artifacts by finding +\fBsalt\-.+.\-\-\fP\&. For example, the +amd64 deb packages might look like: +\fBsalt\-3006.2+123.01234567890\-x86_64\-deb\fP\&. +.sp +The onedir artifact will look like +\fBsalt\-.+.\-onedir\-\-.tar.xz\fP\&. For +instance, the macos x86_64 onedir may have the name +\fBsalt\-3006.2+123.01234567890\-onedir\-darwin\-x86_64.tar.xz\fP\&. +.sp +\fBNOTE:\fP +.INDENT 0.0 +.INDENT 3.5 +Windows onedir artifacts have \fB\&.zip\fP extensions instead of \fBtar.xz\fP +.UNINDENT +.UNINDENT +.sp +While it is optional, it is recommended to download the \fBnox\fP session +artifact as well. This will have the form of +\fBnox\-\-test\-pkgs\-onedir\-\fP\&. The amd64 Ubuntu 20.04 nox +artifact may look like \fBnox\-ubuntu\-20.04\-test\-pkgs\-onedir\-x86_64\fP\&. +.UNINDENT +.UNINDENT +.IP 2. 3 +Place the artifacts in the correct location: +.INDENT 3.0 +.INDENT 3.5 +Unzip the packages and place them in \fB/pkg/artifacts/\fP\&. +.sp +You must unzip and untar the onedir packages and place them in +\fB/artifacts/\fP\&. Windows onedir requires an additional unzip +action. If you set it up correctly, the \fB/artifacts/salt\fP +directory then contains the uncompressed onedir files. +.sp +Additionally, decompress the \fBnox\fP artifact and place it under +\fB/.nox/\fP\&. +.UNINDENT +.UNINDENT +.UNINDENT +.SS Running the tests +.sp +You can run the test suite run if all the artifacts are in the correct location. +.sp +\fBNOTE:\fP +.INDENT 0.0 +.INDENT 3.5 +You need root access to run the test artifacts. Run all nox commands at the +root of the salt repo and as the root user. +.UNINDENT +.UNINDENT +.INDENT 0.0 +.IP 1. 3 +Install \fBnox\fP: +.INDENT 3.0 +.INDENT 3.5 +.INDENT 0.0 +.INDENT 3.5 +.sp +.nf +.ft C +pip install nox +.ft P +.fi +.UNINDENT +.UNINDENT +.UNINDENT +.UNINDENT +.IP 2. 3 +Run the install tests: +.INDENT 3.0 +.INDENT 3.5 +.INDENT 0.0 +.INDENT 3.5 +.sp +.nf +.ft C +nox \-e test\-pkgs\-onedir \-\- install +.ft P +.fi +.UNINDENT +.UNINDENT +.UNINDENT +.UNINDENT +.IP 3. 3 +Run the upgrade or downgrade tests: +.INDENT 3.0 +.INDENT 3.5 +.INDENT 0.0 +.INDENT 3.5 +.sp +.nf +.ft C +nox \-e test\-pkgs\-onedir \-\- upgrade \-\-prev\-version +.ft P +.fi +.UNINDENT +.UNINDENT +.sp +You can run the downgrade tests in the same way, replacing \fBupgrade\fP with +\fBdowngrade\fP\&. +.sp +\fBNOTE:\fP +.INDENT 0.0 +.INDENT 3.5 +If you are testing upgrades or downgrades and classic packages are +available for your system, replace \fBupgrade\fP or +\fBdowngrade\fP with \fBupgrade\-classic\fP or \fBdowngrade\-classic\fP +respectively to test against those versions. +.UNINDENT +.UNINDENT +.UNINDENT +.UNINDENT +.UNINDENT .SH COMMAND LINE REFERENCE .SS salt\-api .SS \fBsalt\-api\fP @@ -88275,19 +88550,6 @@ The Python interface to PAM does not support authenticating as \fBroot\fP\&. \fBNOTE:\fP .INDENT 0.0 .INDENT 3.5 -Using PAM groups with SSSD groups on python2. -.sp -To use sssd with the PAM eauth module and groups the \fIpysss\fP module is -needed. On RedHat/CentOS this is \fIpython\-sss\fP\&. -.sp -This should not be needed with python >= 3.3, because the \fIos\fP modules has the -\fIgetgrouplist\fP function. -.UNINDENT -.UNINDENT -.sp -\fBNOTE:\fP -.INDENT 0.0 -.INDENT 3.5 This module executes itself in a subprocess in order to user the system python and pam libraries. We do this to avoid openssl version conflicts when running under a salt onedir build. @@ -194128,7 +194390,7 @@ Passes through all the parameters described in the \fI\%utils.http.query function\fP: .INDENT 7.0 .TP -.B salt.utils.http.query(url, method=\(aqGET\(aq, params=None, data=None, data_file=None, header_dict=None, header_list=None, header_file=None, username=None, password=None, auth=None, decode=False, decode_type=\(aqauto\(aq, status=False, headers=False, text=False, cookies=None, cookie_jar=None, cookie_format=\(aqlwp\(aq, persist_session=False, session_cookie_jar=None, data_render=False, data_renderer=None, header_render=False, header_renderer=None, template_dict=None, test=False, test_url=None, node=\(aqminion\(aq, port=80, opts=None, backend=None, ca_bundle=None, verify_ssl=None, cert=None, text_out=None, headers_out=None, decode_out=None, stream=False, streaming_callback=None, header_callback=None, handle=False, agent=\(aqSalt/3006.4\(aq, hide_fields=None, raise_error=True, formdata=False, formdata_fieldname=None, formdata_filename=None, decode_body=True, **kwargs) +.B salt.utils.http.query(url, method=\(aqGET\(aq, params=None, data=None, data_file=None, header_dict=None, header_list=None, header_file=None, username=None, password=None, auth=None, decode=False, decode_type=\(aqauto\(aq, status=False, headers=False, text=False, cookies=None, cookie_jar=None, cookie_format=\(aqlwp\(aq, persist_session=False, session_cookie_jar=None, data_render=False, data_renderer=None, header_render=False, header_renderer=None, template_dict=None, test=False, test_url=None, node=\(aqminion\(aq, port=80, opts=None, backend=None, ca_bundle=None, verify_ssl=None, cert=None, text_out=None, headers_out=None, decode_out=None, stream=False, streaming_callback=None, header_callback=None, handle=False, agent=\(aqSalt/3006.5\(aq, hide_fields=None, raise_error=True, formdata=False, formdata_fieldname=None, formdata_filename=None, decode_body=True, **kwargs) Query a resource, and decode the return data .UNINDENT .INDENT 7.0 @@ -261773,7 +262035,9 @@ Accepts either :all: to disable all binary packages, :none: to empty the set, or one or more package names with commas between them .TP .B log -Log file where a complete (maximum verbosity) record will be kept +Log file where a complete (maximum verbosity) record will be kept. +If this file doesn\(aqt exist and the parent directory is writeable, +it will be created. .TP .B proxy Specify a proxy in the form \fBuser:passwd@proxy.server:port\fP\&. Note @@ -320458,7 +320722,7 @@ CLI Example: .sp .nf .ft C -salt \(aq*\(aq file.chpgrp c:\etemp\etest.txt administrators +salt \(aq*\(aq file.chgrp c:\etemp\etest.txt administrators .ft P .fi .UNINDENT @@ -337948,8 +338212,8 @@ When encoding a certificate as \fBpkcs12\fP, a name for the certificate can be i Instead of returning the certificate, write it to this file path. .TP .B overwrite -If \fBpath\fP is specified and the file exists, do not overwrite it. -Defaults to false. +If \fBpath\fP is specified and the file exists, overwrite it. +Defaults to true. .TP .B raw Return the encoded raw bytes instead of a string. Defaults to false. @@ -338406,7 +338670,7 @@ Available: \fBrsa\fP, \fBec\fP, \fBed25519\fP, \fBed448\fP\&. Defaults to \fBrsa .B keysize For \fBrsa\fP, specifies the bitlength of the private key (2048, 3072, 4096). For \fBec\fP, specifies the NIST curve to use (256, 384, 521). -Irrelevant for Edwards\-curve schemes (\fIed25519\(ga\fP, \fBed448\fP). +Irrelevant for Edwards\-curve schemes (\fBed25519\fP, \fBed448\fP). Defaults to 2048 for RSA and 256 for EC. .TP .B passphrase @@ -338559,7 +338823,7 @@ Return the encoded raw bytes instead of a string. Defaults to false. .UNINDENT .INDENT 0.0 .TP -.B salt.modules.x509_v2.encode_private_key(private_key, encoding=\(aqpem\(aq, passphrase=None, pkcs12_encryption_compat=False, raw=False) +.B salt.modules.x509_v2.encode_private_key(private_key, encoding=\(aqpem\(aq, passphrase=None, private_key_passphrase=None, pkcs12_encryption_compat=False, raw=False) Create an encoded representation of a private key. .sp CLI Example: @@ -338575,7 +338839,7 @@ salt \(aq*\(aq x509.encode_private_key /etc/pki/my.key der .UNINDENT .INDENT 7.0 .TP -.B csr +.B private_key The private key to encode. .TP .B encoding @@ -338583,6 +338847,24 @@ Specify the encoding of the resulting private key. It can be returned as a \fBpem\fP string, base64\-encoded \fBder\fP and base64\-encoded \fBpkcs12\fP\&. Defaults to \fBpem\fP\&. .TP +.B passphrase +If this is specified, the private key will be encrypted using this +passphrase. The encryption algorithm cannot be selected, it will be +determined automatically as the best available one. +.TP +.B private_key_passphrase +New in version 3006.2. + +.sp +If the current \fBprivate_key\fP is encrypted, the passphrase to +decrypt it. +.TP +.B pkcs12_encryption_compat +Some operating systems are incompatible with the encryption defaults +for PKCS12 used since OpenSSL v3. This switch triggers a fallback to +\fBPBESv1SHA1And3KeyTripleDESCBC\fP\&. +Please consider the \fI\%notes on PKCS12 encryption\fP\&. +.TP .B raw Return the encoded raw bytes instead of a string. Defaults to false. .UNINDENT @@ -354046,7 +354328,7 @@ curl \-sSi localhost:8000/minions \e POST /minions HTTP/1.1 Host: localhost:8000 Accept: application/x\-yaml -Content\-Type: application/json +Content\-Type: application/x\-www\-form\-urlencoded tgt=*&fun=status.diskusage .ft P @@ -406792,6 +407074,9 @@ specified either using \fBrepo:tag\fP notation, or just the repo name (in which case a tag of \fBlatest\fP is assumed). .INDENT 7.0 .TP +.B name +The name of the docker image. +.TP .B images Run this state on more than one image at a time. The following two examples accomplish the same thing: @@ -406831,7 +407116,6 @@ all the deletions in a single run, rather than executing the state separately on each image (as it would in the first example). .TP .B force -False Salt will fail to remove any images currently in use by a container. Set this option to true to remove the image even if it is already present. @@ -406908,6 +407192,9 @@ myuser/myimage: .UNINDENT .INDENT 7.0 .TP +.B name +The name of the docker image. +.TP .B tag Tag name for the image. Required when using \fBbuild\fP, \fBload\fP, or \fBsls\fP to create the image, but optional if pulling from a repository. @@ -406967,10 +407254,13 @@ Changed in version 2018.3.0: The \fBtag\fP must be manually specified using the .TP .B force -False Set this parameter to \fBTrue\fP to force Salt to pull/build/load the image even if it is already present. .TP +.B insecure_registry +If \fBTrue\fP, the Docker client will permit the use of insecure +(non\-HTTPS) registries. +.TP .B client_timeout Timeout in seconds for the Docker client. This is not a timeout for the state, but for receiving a response from the API. @@ -407049,6 +407339,10 @@ Values passed this way will override Pillar values set via .sp New in version 2018.3.0. +.TP +.B kwargs +Additional keyword arguments to pass to +\fI\%docker.build\fP .UNINDENT .UNINDENT .SS salt.states.docker_network @@ -455896,7 +456190,7 @@ Create CA private key: \- keysize: 4096 \- backup: true \- require: - \- file: /etc/pki + \- file: /etc/pki/issued_certs Create self\-signed CA certificate: x509.certificate_managed: @@ -456375,7 +456669,7 @@ Available: \fBrsa\fP, \fBec\fP, \fBed25519\fP, \fBed448\fP\&. Defaults to \fBrsa .B keysize For \fBrsa\fP, specifies the bitlength of the private key (2048, 3072, 4096). For \fBec\fP, specifies the NIST curve to use (256, 384, 521). -Irrelevant for Edwards\-curve schemes (\fIed25519\(ga\fP, \fBed448\fP). +Irrelevant for Edwards\-curve schemes (\fBed25519\fP, \fBed448\fP). Defaults to 2048 for RSA and 256 for EC. .TP .B passphrase @@ -457626,7 +457920,7 @@ installed2 .UNINDENT .INDENT 0.0 .TP -.B salt.states.zcbuildout.installed(name, config=\(aqbuildout.cfg\(aq, quiet=False, parts=None, user=None, env=(), buildout_ver=None, test_release=False, distribute=None, new_st=None, offline=False, newest=False, python=\(aq/opt/actions\-runner/_work/salt\-priv/salt\-priv/.tools\-venvs/py3.10/docs/bin/python\(aq, debug=False, verbose=False, unless=None, onlyif=None, use_vt=False, loglevel=\(aqdebug\(aq, **kwargs) +.B salt.states.zcbuildout.installed(name, config=\(aqbuildout.cfg\(aq, quiet=False, parts=None, user=None, env=(), buildout_ver=None, test_release=False, distribute=None, new_st=None, offline=False, newest=False, python=\(aq/opt/actions\-runner/_work/salt/salt/.tools\-venvs/py3.10/docs/bin/python\(aq, debug=False, verbose=False, unless=None, onlyif=None, use_vt=False, loglevel=\(aqdebug\(aq, **kwargs) Install buildout in a specific directory .sp It is a thin wrapper to modules.buildout.buildout @@ -461812,7 +462106,7 @@ to execute those modules instead. Each module type has a corresponding loader function. .INDENT 0.0 .TP -.B salt.loader.minion_mods(opts, context=None, utils=None, whitelist=None, initial_load=False, loaded_base_name=None, notify=False, static_modules=None, proxy=None) +.B salt.loader.minion_mods(opts, context=None, utils=None, whitelist=None, initial_load=False, loaded_base_name=None, notify=False, static_modules=None, proxy=None, file_client=None) Load execution modules .sp Returns a dictionary of execution modules appropriate for the current @@ -461905,7 +462199,7 @@ testmod[\(aqtest.ping\(aq]() .UNINDENT .INDENT 0.0 .TP -.B salt.loader.states(opts, functions, utils, serializers, whitelist=None, proxy=None, context=None, loaded_base_name=None) +.B salt.loader.states(opts, functions, utils, serializers, whitelist=None, proxy=None, context=None, loaded_base_name=None, file_client=None) Returns the state modules .INDENT 7.0 .TP @@ -467324,6 +467618,9 @@ If someone isn\(aqt an expert in this area, what will they need to know? .sp This will also help you out, because when you go to create the PR it will automatically insert the body of your commit messages. +.sp +See the \fI\%changelog\fP +docs for more information. .SS Pull request time! .sp Once you\(aqve done all your dev work and tested locally, you should check @@ -469623,13 +469920,9 @@ The following dunder dictionaries are always defined, but may be empty .UNINDENT .SS __opts__ .sp -\&..versionchanged:: 3006.0 -.INDENT 0.0 -.INDENT 3.5 -The \fB__opts__\fP dictionary can now be accessed via +Changed in version 3006.0: The \fB__opts__\fP dictionary can now be accessed via \fBcontext\(ga\fP\&. -.UNINDENT -.UNINDENT + .sp Defined in: All modules .sp @@ -469723,13 +470016,6 @@ When running an execution module \fB__context__\fP persists across all module executions until the modules are refreshed; such as when \fI\%saltutil.sync_all\fP or \fI\%state.apply\fP are executed. -.sp -A great place to see how to use \fB__context__\fP is in the cp.py module in -salt/modules/cp.py. The fileclient authenticates with the master when it is -instantiated and then is used to copy files to the minion. Rather than create a -new fileclient for each file that is to be copied down, one instance of the -fileclient is instantiated in the \fB__context__\fP dictionary and is reused for -each file. Here is an example from salt/modules/cp.py: .INDENT 0.0 .INDENT 3.5 .sp @@ -469784,6 +470070,14 @@ Defined in: State .SS __sdb__ .sp Defined in: SDB +.SS __file_client__ +.sp +Changed in version 3006.5. + +.sp +The \fB__file_client__\fP dunder was added to states and execution modules. This +enables the use of a file client without haveing to instantiate one in +the module. .SS Configuration Options .sp A number of configuration options can affect the load process. This is a quick @@ -477575,6 +477869,137 @@ Bump to \fBurllib3==1.26.17\fP or \fBurllib3==2.0.6\fP due to \fI\%https://githu .IP \(bu 2 Bump to \fBgitpython==3.1.37\fP due to \fI\%https://github.com/advisories/GHSA\-cwvm\-v4w8\-q58c\fP \fI\%#65383\fP .UNINDENT +(release\-3006.5)= +.SS Salt 3006.5 release notes +.SS Changelog +.SS Removed +.INDENT 0.0 +.IP \(bu 2 +Tech Debt \- support for pysss removed due to functionality addition in Python 3.3 \fI\%#65029\fP +.UNINDENT +.SS Fixed +.INDENT 0.0 +.IP \(bu 2 +Improved error message when state arguments are accidentally passed as a string \fI\%#38098\fP +.IP \(bu 2 +Allow \fBpip.install\fP to create a log file that is passed in if the parent directory is writeable \fI\%#44722\fP +.IP \(bu 2 +Fixed merging of complex pillar overrides with salt\-ssh states \fI\%#59802\fP +.IP \(bu 2 +Fixed gpg pillar rendering with salt\-ssh \fI\%#60002\fP +.IP \(bu 2 +Made salt\-ssh states not re\-render pillars unnecessarily \fI\%#62230\fP +.IP \(bu 2 +Made Salt maintain options in Debian package repo definitions \fI\%#64130\fP +.IP \(bu 2 +Migrated all \fI\%invoke\fP tasks to \fI\%python\-tools\-scripts\fP\&. +.INDENT 2.0 +.IP \(bu 2 +\fBtasks/docs.py\fP \-> \fBtools/precommit/docs.py\fP +.IP \(bu 2 +\fBtasks/docstrings.py\fP \-> \fBtools/precommit/docstrings.py\fP +.IP \(bu 2 +\fBtasks/loader.py\fP \-> \fBtools/precommit/loader.py\fP +.IP \(bu 2 +\fBtasks/filemap.py\fP \-> \fBtools/precommit/filemap.py\fP \fI\%#64374\fP +.UNINDENT +.IP \(bu 2 +Fix salt user login shell path in Debian packages \fI\%#64377\fP +.IP \(bu 2 +Fill out lsb_distrib_xxxx (best estimate) grains if problems with retrieving lsb_release data \fI\%#64473\fP +.IP \(bu 2 +Fixed an issue in the \fBfile.directory\fP state where the \fBchildren_only\fP keyword +argument was not being respected. \fI\%#64497\fP +.IP \(bu 2 +Move salt.ufw to correct location /etc/ufw/applications.d/ \fI\%#64572\fP +.IP \(bu 2 +Fixed salt\-ssh stacktrace when retcode is not an integer \fI\%#64575\fP +.IP \(bu 2 +Fixed SSH shell seldomly fails to report any exit code \fI\%#64588\fP +.IP \(bu 2 +Fixed some issues in x509_v2 execution module private key functions \fI\%#64597\fP +.IP \(bu 2 +Fixed grp.getgrall() in utils/user.py causing performance issues \fI\%#64888\fP +.IP \(bu 2 +Fix user.list_groups omits remote groups via sssd, etc. \fI\%#64953\fP +.IP \(bu 2 +Ensure sync from _grains occurs before attempting pillar compilation in case custom grain used in pillar file \fI\%#65027\fP +.IP \(bu 2 +Moved gitfs locks to salt working dir to avoid lock wipes \fI\%#65086\fP +.IP \(bu 2 +Only attempt to create a keys directory when \fB\-\-gen\-keys\fP is passed to the \fBsalt\-key\fP CLI \fI\%#65093\fP +.IP \(bu 2 +Fix nonce verification, request server replies do not stomp on eachother. \fI\%#65114\fP +.IP \(bu 2 +speed up yumpkg list_pkgs by not requiring digest or signature verification on lookup. \fI\%#65152\fP +.IP \(bu 2 +Fix pkg.latest failing on windows for winrepo packages where the package is already up to date \fI\%#65165\fP +.IP \(bu 2 +Ensure \fBkwarg\fP is preserved when checking for kwargs. This change affects proxy minions when used with Deltaproxy, which had kwargs popped when targeting multiple minions id. \fI\%#65179\fP +.IP \(bu 2 +Fixes traceback when state id is an int in a reactor SLS file. \fI\%#65210\fP +.IP \(bu 2 +Install logrotate config as /etc/logrotate.d/salt\-common for Debian packages +Remove broken /etc/logrotate.d/salt directory from 3006.3 if it exists. \fI\%#65231\fP +.IP \(bu 2 +Use \fBsha256\fP as the default \fBhash_type\fP\&. It has been the default since Salt v2016.9 \fI\%#65287\fP +.IP \(bu 2 +Preserve ownership on log rotation \fI\%#65288\fP +.IP \(bu 2 +Ensure that the correct value of jid_inclue is passed if the argument is included in the passed keyword arguments. \fI\%#65302\fP +.IP \(bu 2 +Uprade relenv to 0.14.2 +.INDENT 2.0 +.IP \(bu 2 +Update openssl to address CVE\-2023\-5363. +.IP \(bu 2 +Fix bug in openssl setup when openssl binary can\(aqt be found. +.IP \(bu 2 +Add M1 mac support. \fI\%#65316\fP +.UNINDENT +.IP \(bu 2 +Fix regex for filespec adding/deleting fcontext policy in selinux \fI\%#65340\fP +.IP \(bu 2 +Ensure CLI options take priority over Saltfile options \fI\%#65358\fP +.IP \(bu 2 +Test mode for state function \fBsaltmod.wheel\fP no longer set\(aqs \fBresult\fP to \fB(None,)\fP \fI\%#65372\fP +.IP \(bu 2 +Client only process events which tag conforms to an event return. \fI\%#65400\fP +.IP \(bu 2 +Fixes an issue setting user or machine policy on Windows when the Group Policy +directory is missing \fI\%#65411\fP +.IP \(bu 2 +Fix regression in file module which was not re\-using a file client. \fI\%#65450\fP +.IP \(bu 2 +pip.installed state will now properly fail when a specified user does not exists \fI\%#65458\fP +.IP \(bu 2 +Publish channel connect callback method properly closes it\(aqs request channel. \fI\%#65464\fP +.IP \(bu 2 +Ensured the pillar in SSH wrapper modules is the same as the one used in template rendering when overrides are passed \fI\%#65483\fP +.IP \(bu 2 +Fix file.comment ignore_missing not working with multiline char \fI\%#65501\fP +.IP \(bu 2 +Warn when an un\-closed transport client is being garbage collected. \fI\%#65554\fP +.IP \(bu 2 +Only generate the HMAC\(aqs for \fBlibssl.so.1.1\fP and \fBlibcrypto.so.1.1\fP if those files exist. \fI\%#65581\fP +.IP \(bu 2 +Fixed an issue where Salt Cloud would fail if it could not delete lingering +PAexec binaries \fI\%#65584\fP +.UNINDENT +.SS Added +.INDENT 0.0 +.IP \(bu 2 +Added Salt support for Debian 12 \fI\%#64223\fP +.IP \(bu 2 +Added Salt support for Amazon Linux 2023 \fI\%#64455\fP +.UNINDENT +.SS Security +.INDENT 0.0 +.IP \(bu 2 +Bump to \fBcryptography==41.0.4\fP due to \fI\%https://github.com/advisories/GHSA\-v8gr\-m533\-ghj9\fP \fI\%#65268\fP +.IP \(bu 2 +Bump to \fBcryptography==41.0.7\fP due to \fI\%https://github.com/advisories/GHSA\-jfhm\-5ghh\-2f97\fP \fI\%#65643\fP +.UNINDENT .sp See \fI\%Install a release candidate\fP for more information about installing an RC when one is available. @@ -478536,6 +478961,34 @@ Bump to \fIcertifi==2023.07.22\fP due to \fI\%https://github.com/advisories/GHSA .sp Python 3.5 cannot get the updated requirements since certifi no longer supports this python version (#64720) .UNINDENT +.SS Salt 3005.3 Release Notes +.sp +Version 3005.3 is a Bug fix release for \fI\%3005\fP\&. +.SS Changed +.INDENT 0.0 +.IP \(bu 2 +Fix __env__ and improve cache cleaning see more info at pull #65017. (#65002) +.UNINDENT +.SS Security +.INDENT 0.0 +.IP \(bu 2 +Update to \fIgitpython>=3.1.35\fP due to \fI\%https://github.com/advisories/GHSA\-wfm5\-v35h\-vwf4\fP and \fI\%https://github.com/advisories/GHSA\-cwvm\-v4w8\-q58c\fP (#65167) +.UNINDENT +.SS Salt 3005.4 Release Notes +.sp +Version 3005.4 is a CVE security fix release for \fI\%3005\fP\&. +.SS Security +.INDENT 0.0 +.IP \(bu 2 +Fix CVE\-2023\-34049 by ensuring we do not use a predictable name for the script and correctly check returncode of scp command. +This only impacts salt\-ssh users using the pre\-flight option. (cve\-2023\-34049) +.IP \(bu 2 +Bump to \fIcryptography==41.0.4\fP due to \fI\%https://github.com/advisories/GHSA\-v8gr\-m533\-ghj9\fP (#65267) +.IP \(bu 2 +Bump to \fIurllib3==1.26.17\fP or \fIurllib3==2.0.6\fP due to \fI\%https://github.com/advisories/GHSA\-v845\-jxx5\-vc9f\fP (#65334) +.IP \(bu 2 +Bump to \fIgitpython==3.1.37\fP due to \fI\%https://github.com/advisories/GHSA\-cwvm\-v4w8\-q58c\fP (#65383) +.UNINDENT .SS Salt 3004 Release Notes \- Codename Silicon .SS New Features .SS Transactional System Support (MicroOS) diff --git a/doc/man/spm.1 b/doc/man/spm.1 index 686ce512eeba..5e715ca48299 100644 --- a/doc/man/spm.1 +++ b/doc/man/spm.1 @@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] .in \\n[rst2man-indent\\n[rst2man-indent-level]]u .. -.TH "SPM" "1" "Generated on October 16, 2023 at 05:24:47 PM UTC." "3006.4" "Salt" +.TH "SPM" "1" "Generated on December 12, 2023 at 05:54:17 PM UTC." "3006.5" "Salt" .SH NAME spm \- Salt Package Manager Command .sp diff --git a/doc/topics/releases/3006.5.md b/doc/topics/releases/3006.5.md new file mode 100644 index 000000000000..9e97f72382dd --- /dev/null +++ b/doc/topics/releases/3006.5.md @@ -0,0 +1,93 @@ +(release-3006.5)= +# Salt 3006.5 release notes + + + + + + + +## Changelog + +### Removed + +- Tech Debt - support for pysss removed due to functionality addition in Python 3.3 [#65029](https://github.com/saltstack/salt/issues/65029) + + +### Fixed + +- Improved error message when state arguments are accidentally passed as a string [#38098](https://github.com/saltstack/salt/issues/38098) +- Allow `pip.install` to create a log file that is passed in if the parent directory is writeable [#44722](https://github.com/saltstack/salt/issues/44722) +- Fixed merging of complex pillar overrides with salt-ssh states [#59802](https://github.com/saltstack/salt/issues/59802) +- Fixed gpg pillar rendering with salt-ssh [#60002](https://github.com/saltstack/salt/issues/60002) +- Made salt-ssh states not re-render pillars unnecessarily [#62230](https://github.com/saltstack/salt/issues/62230) +- Made Salt maintain options in Debian package repo definitions [#64130](https://github.com/saltstack/salt/issues/64130) +- Migrated all [`invoke`](https://www.pyinvoke.org/) tasks to [`python-tools-scripts`](https://github.com/s0undt3ch/python-tools-scripts). + + * `tasks/docs.py` -> `tools/precommit/docs.py` + * `tasks/docstrings.py` -> `tools/precommit/docstrings.py` + * `tasks/loader.py` -> `tools/precommit/loader.py` + * `tasks/filemap.py` -> `tools/precommit/filemap.py` [#64374](https://github.com/saltstack/salt/issues/64374) +- Fix salt user login shell path in Debian packages [#64377](https://github.com/saltstack/salt/issues/64377) +- Fill out lsb_distrib_xxxx (best estimate) grains if problems with retrieving lsb_release data [#64473](https://github.com/saltstack/salt/issues/64473) +- Fixed an issue in the ``file.directory`` state where the ``children_only`` keyword + argument was not being respected. [#64497](https://github.com/saltstack/salt/issues/64497) +- Move salt.ufw to correct location /etc/ufw/applications.d/ [#64572](https://github.com/saltstack/salt/issues/64572) +- Fixed salt-ssh stacktrace when retcode is not an integer [#64575](https://github.com/saltstack/salt/issues/64575) +- Fixed SSH shell seldomly fails to report any exit code [#64588](https://github.com/saltstack/salt/issues/64588) +- Fixed some issues in x509_v2 execution module private key functions [#64597](https://github.com/saltstack/salt/issues/64597) +- Fixed grp.getgrall() in utils/user.py causing performance issues [#64888](https://github.com/saltstack/salt/issues/64888) +- Fix user.list_groups omits remote groups via sssd, etc. [#64953](https://github.com/saltstack/salt/issues/64953) +- Ensure sync from _grains occurs before attempting pillar compilation in case custom grain used in pillar file [#65027](https://github.com/saltstack/salt/issues/65027) +- Moved gitfs locks to salt working dir to avoid lock wipes [#65086](https://github.com/saltstack/salt/issues/65086) +- Only attempt to create a keys directory when `--gen-keys` is passed to the `salt-key` CLI [#65093](https://github.com/saltstack/salt/issues/65093) +- Fix nonce verification, request server replies do not stomp on eachother. [#65114](https://github.com/saltstack/salt/issues/65114) +- speed up yumpkg list_pkgs by not requiring digest or signature verification on lookup. [#65152](https://github.com/saltstack/salt/issues/65152) +- Fix pkg.latest failing on windows for winrepo packages where the package is already up to date [#65165](https://github.com/saltstack/salt/issues/65165) +- Ensure __kwarg__ is preserved when checking for kwargs. This change affects proxy minions when used with Deltaproxy, which had kwargs popped when targeting multiple minions id. [#65179](https://github.com/saltstack/salt/issues/65179) +- Fixes traceback when state id is an int in a reactor SLS file. [#65210](https://github.com/saltstack/salt/issues/65210) +- Install logrotate config as /etc/logrotate.d/salt-common for Debian packages + Remove broken /etc/logrotate.d/salt directory from 3006.3 if it exists. [#65231](https://github.com/saltstack/salt/issues/65231) +- Use ``sha256`` as the default ``hash_type``. It has been the default since Salt v2016.9 [#65287](https://github.com/saltstack/salt/issues/65287) +- Preserve ownership on log rotation [#65288](https://github.com/saltstack/salt/issues/65288) +- Ensure that the correct value of jid_inclue is passed if the argument is included in the passed keyword arguments. [#65302](https://github.com/saltstack/salt/issues/65302) +- Uprade relenv to 0.14.2 + - Update openssl to address CVE-2023-5363. + - Fix bug in openssl setup when openssl binary can't be found. + - Add M1 mac support. [#65316](https://github.com/saltstack/salt/issues/65316) +- Fix regex for filespec adding/deleting fcontext policy in selinux [#65340](https://github.com/saltstack/salt/issues/65340) +- Ensure CLI options take priority over Saltfile options [#65358](https://github.com/saltstack/salt/issues/65358) +- Test mode for state function `saltmod.wheel` no longer set's `result` to `(None,)` [#65372](https://github.com/saltstack/salt/issues/65372) +- Client only process events which tag conforms to an event return. [#65400](https://github.com/saltstack/salt/issues/65400) +- Fixes an issue setting user or machine policy on Windows when the Group Policy + directory is missing [#65411](https://github.com/saltstack/salt/issues/65411) +- Fix regression in file module which was not re-using a file client. [#65450](https://github.com/saltstack/salt/issues/65450) +- pip.installed state will now properly fail when a specified user does not exists [#65458](https://github.com/saltstack/salt/issues/65458) +- Publish channel connect callback method properly closes it's request channel. [#65464](https://github.com/saltstack/salt/issues/65464) +- Ensured the pillar in SSH wrapper modules is the same as the one used in template rendering when overrides are passed [#65483](https://github.com/saltstack/salt/issues/65483) +- Fix file.comment ignore_missing not working with multiline char [#65501](https://github.com/saltstack/salt/issues/65501) +- Warn when an un-closed transport client is being garbage collected. [#65554](https://github.com/saltstack/salt/issues/65554) +- Only generate the HMAC's for ``libssl.so.1.1`` and ``libcrypto.so.1.1`` if those files exist. [#65581](https://github.com/saltstack/salt/issues/65581) +- Fixed an issue where Salt Cloud would fail if it could not delete lingering + PAexec binaries [#65584](https://github.com/saltstack/salt/issues/65584) + + +### Added + +- Added Salt support for Debian 12 [#64223](https://github.com/saltstack/salt/issues/64223) +- Added Salt support for Amazon Linux 2023 [#64455](https://github.com/saltstack/salt/issues/64455) + + +### Security + +- Bump to `cryptography==41.0.4` due to https://github.com/advisories/GHSA-v8gr-m533-ghj9 [#65268](https://github.com/saltstack/salt/issues/65268) +- Bump to `cryptography==41.0.7` due to https://github.com/advisories/GHSA-jfhm-5ghh-2f97 [#65643](https://github.com/saltstack/salt/issues/65643) diff --git a/doc/topics/releases/templates/3006.5.md.template b/doc/topics/releases/templates/3006.5.md.template new file mode 100644 index 000000000000..1750e9a85172 --- /dev/null +++ b/doc/topics/releases/templates/3006.5.md.template @@ -0,0 +1,14 @@ +(release-3006.5)= +# Salt 3006.5 release notes{{ unreleased }} +{{ warning }} + + + + +## Changelog +{{ changelog }} diff --git a/pkg/debian/changelog b/pkg/debian/changelog index e45d8665d162..12f388a11280 100644 --- a/pkg/debian/changelog +++ b/pkg/debian/changelog @@ -1,3 +1,80 @@ +salt (3006.5) stable; urgency=medium + + + # Removed + + * Tech Debt - support for pysss removed due to functionality addition in Python 3.3 [#65029](https://github.com/saltstack/salt/issues/65029) + + # Fixed + + * Improved error message when state arguments are accidentally passed as a string [#38098](https://github.com/saltstack/salt/issues/38098) + * Allow `pip.install` to create a log file that is passed in if the parent directory is writeable [#44722](https://github.com/saltstack/salt/issues/44722) + * Fixed merging of complex pillar overrides with salt-ssh states [#59802](https://github.com/saltstack/salt/issues/59802) + * Fixed gpg pillar rendering with salt-ssh [#60002](https://github.com/saltstack/salt/issues/60002) + * Made salt-ssh states not re-render pillars unnecessarily [#62230](https://github.com/saltstack/salt/issues/62230) + * Made Salt maintain options in Debian package repo definitions [#64130](https://github.com/saltstack/salt/issues/64130) + * Migrated all [`invoke`](https://www.pyinvoke.org/) tasks to [`python-tools-scripts`](https://github.com/s0undt3ch/python-tools-scripts). + + * `tasks/docs.py` *> `tools/precommit/docs.py` + * `tasks/docstrings.py` *> `tools/precommit/docstrings.py` + * `tasks/loader.py` *> `tools/precommit/loader.py` + * `tasks/filemap.py` *> `tools/precommit/filemap.py` [#64374](https://github.com/saltstack/salt/issues/64374) + * Fix salt user login shell path in Debian packages [#64377](https://github.com/saltstack/salt/issues/64377) + * Fill out lsb_distrib_xxxx (best estimate) grains if problems with retrieving lsb_release data [#64473](https://github.com/saltstack/salt/issues/64473) + * Fixed an issue in the ``file.directory`` state where the ``children_only`` keyword + argument was not being respected. [#64497](https://github.com/saltstack/salt/issues/64497) + * Move salt.ufw to correct location /etc/ufw/applications.d/ [#64572](https://github.com/saltstack/salt/issues/64572) + * Fixed salt-ssh stacktrace when retcode is not an integer [#64575](https://github.com/saltstack/salt/issues/64575) + * Fixed SSH shell seldomly fails to report any exit code [#64588](https://github.com/saltstack/salt/issues/64588) + * Fixed some issues in x509_v2 execution module private key functions [#64597](https://github.com/saltstack/salt/issues/64597) + * Fixed grp.getgrall() in utils/user.py causing performance issues [#64888](https://github.com/saltstack/salt/issues/64888) + * Fix user.list_groups omits remote groups via sssd, etc. [#64953](https://github.com/saltstack/salt/issues/64953) + * Ensure sync from _grains occurs before attempting pillar compilation in case custom grain used in pillar file [#65027](https://github.com/saltstack/salt/issues/65027) + * Moved gitfs locks to salt working dir to avoid lock wipes [#65086](https://github.com/saltstack/salt/issues/65086) + * Only attempt to create a keys directory when `--gen-keys` is passed to the `salt-key` CLI [#65093](https://github.com/saltstack/salt/issues/65093) + * Fix nonce verification, request server replies do not stomp on eachother. [#65114](https://github.com/saltstack/salt/issues/65114) + * speed up yumpkg list_pkgs by not requiring digest or signature verification on lookup. [#65152](https://github.com/saltstack/salt/issues/65152) + * Fix pkg.latest failing on windows for winrepo packages where the package is already up to date [#65165](https://github.com/saltstack/salt/issues/65165) + * Ensure __kwarg__ is preserved when checking for kwargs. This change affects proxy minions when used with Deltaproxy, which had kwargs popped when targeting multiple minions id. [#65179](https://github.com/saltstack/salt/issues/65179) + * Fixes traceback when state id is an int in a reactor SLS file. [#65210](https://github.com/saltstack/salt/issues/65210) + * Install logrotate config as /etc/logrotate.d/salt-common for Debian packages + Remove broken /etc/logrotate.d/salt directory from 3006.3 if it exists. [#65231](https://github.com/saltstack/salt/issues/65231) + * Use ``sha256`` as the default ``hash_type``. It has been the default since Salt v2016.9 [#65287](https://github.com/saltstack/salt/issues/65287) + * Preserve ownership on log rotation [#65288](https://github.com/saltstack/salt/issues/65288) + * Ensure that the correct value of jid_inclue is passed if the argument is included in the passed keyword arguments. [#65302](https://github.com/saltstack/salt/issues/65302) + * Uprade relenv to 0.14.2 + * Update openssl to address CVE-2023-5363. + * Fix bug in openssl setup when openssl binary can't be found. + * Add M1 mac support. [#65316](https://github.com/saltstack/salt/issues/65316) + * Fix regex for filespec adding/deleting fcontext policy in selinux [#65340](https://github.com/saltstack/salt/issues/65340) + * Ensure CLI options take priority over Saltfile options [#65358](https://github.com/saltstack/salt/issues/65358) + * Test mode for state function `saltmod.wheel` no longer set's `result` to `(None,)` [#65372](https://github.com/saltstack/salt/issues/65372) + * Client only process events which tag conforms to an event return. [#65400](https://github.com/saltstack/salt/issues/65400) + * Fixes an issue setting user or machine policy on Windows when the Group Policy + directory is missing [#65411](https://github.com/saltstack/salt/issues/65411) + * Fix regression in file module which was not re-using a file client. [#65450](https://github.com/saltstack/salt/issues/65450) + * pip.installed state will now properly fail when a specified user does not exists [#65458](https://github.com/saltstack/salt/issues/65458) + * Publish channel connect callback method properly closes it's request channel. [#65464](https://github.com/saltstack/salt/issues/65464) + * Ensured the pillar in SSH wrapper modules is the same as the one used in template rendering when overrides are passed [#65483](https://github.com/saltstack/salt/issues/65483) + * Fix file.comment ignore_missing not working with multiline char [#65501](https://github.com/saltstack/salt/issues/65501) + * Warn when an un-closed transport client is being garbage collected. [#65554](https://github.com/saltstack/salt/issues/65554) + * Only generate the HMAC's for ``libssl.so.1.1`` and ``libcrypto.so.1.1`` if those files exist. [#65581](https://github.com/saltstack/salt/issues/65581) + * Fixed an issue where Salt Cloud would fail if it could not delete lingering + PAexec binaries [#65584](https://github.com/saltstack/salt/issues/65584) + + # Added + + * Added Salt support for Debian 12 [#64223](https://github.com/saltstack/salt/issues/64223) + * Added Salt support for Amazon Linux 2023 [#64455](https://github.com/saltstack/salt/issues/64455) + + # Security + + * Bump to `cryptography==41.0.4` due to https://github.com/advisories/GHSA-v8gr-m533-ghj9 [#65268](https://github.com/saltstack/salt/issues/65268) + * Bump to `cryptography==41.0.7` due to https://github.com/advisories/GHSA-jfhm-5ghh-2f97 [#65643](https://github.com/saltstack/salt/issues/65643) + + + -- Salt Project Packaging Tue, 12 Dec 2023 17:52:33 +0000 + salt (3006.4) stable; urgency=medium diff --git a/pkg/rpm/salt.spec b/pkg/rpm/salt.spec index 54da61d50dd0..9bb75580e03a 100644 --- a/pkg/rpm/salt.spec +++ b/pkg/rpm/salt.spec @@ -31,7 +31,7 @@ %define fish_dir %{_datadir}/fish/vendor_functions.d Name: salt -Version: 3006.4 +Version: 3006.5 Release: 0 Summary: A parallel remote execution system Group: System Environment/Daemons @@ -583,6 +583,80 @@ fi %changelog +* Tue Dec 12 2023 Salt Project Packaging - 3006.5 + +# Removed + +- Tech Debt - support for pysss removed due to functionality addition in Python 3.3 [#65029](https://github.com/saltstack/salt/issues/65029) + +# Fixed + +- Improved error message when state arguments are accidentally passed as a string [#38098](https://github.com/saltstack/salt/issues/38098) +- Allow `pip.install` to create a log file that is passed in if the parent directory is writeable [#44722](https://github.com/saltstack/salt/issues/44722) +- Fixed merging of complex pillar overrides with salt-ssh states [#59802](https://github.com/saltstack/salt/issues/59802) +- Fixed gpg pillar rendering with salt-ssh [#60002](https://github.com/saltstack/salt/issues/60002) +- Made salt-ssh states not re-render pillars unnecessarily [#62230](https://github.com/saltstack/salt/issues/62230) +- Made Salt maintain options in Debian package repo definitions [#64130](https://github.com/saltstack/salt/issues/64130) +- Migrated all [`invoke`](https://www.pyinvoke.org/) tasks to [`python-tools-scripts`](https://github.com/s0undt3ch/python-tools-scripts). + + * `tasks/docs.py` -> `tools/precommit/docs.py` + * `tasks/docstrings.py` -> `tools/precommit/docstrings.py` + * `tasks/loader.py` -> `tools/precommit/loader.py` + * `tasks/filemap.py` -> `tools/precommit/filemap.py` [#64374](https://github.com/saltstack/salt/issues/64374) +- Fix salt user login shell path in Debian packages [#64377](https://github.com/saltstack/salt/issues/64377) +- Fill out lsb_distrib_xxxx (best estimate) grains if problems with retrieving lsb_release data [#64473](https://github.com/saltstack/salt/issues/64473) +- Fixed an issue in the ``file.directory`` state where the ``children_only`` keyword + argument was not being respected. [#64497](https://github.com/saltstack/salt/issues/64497) +- Move salt.ufw to correct location /etc/ufw/applications.d/ [#64572](https://github.com/saltstack/salt/issues/64572) +- Fixed salt-ssh stacktrace when retcode is not an integer [#64575](https://github.com/saltstack/salt/issues/64575) +- Fixed SSH shell seldomly fails to report any exit code [#64588](https://github.com/saltstack/salt/issues/64588) +- Fixed some issues in x509_v2 execution module private key functions [#64597](https://github.com/saltstack/salt/issues/64597) +- Fixed grp.getgrall() in utils/user.py causing performance issues [#64888](https://github.com/saltstack/salt/issues/64888) +- Fix user.list_groups omits remote groups via sssd, etc. [#64953](https://github.com/saltstack/salt/issues/64953) +- Ensure sync from _grains occurs before attempting pillar compilation in case custom grain used in pillar file [#65027](https://github.com/saltstack/salt/issues/65027) +- Moved gitfs locks to salt working dir to avoid lock wipes [#65086](https://github.com/saltstack/salt/issues/65086) +- Only attempt to create a keys directory when `--gen-keys` is passed to the `salt-key` CLI [#65093](https://github.com/saltstack/salt/issues/65093) +- Fix nonce verification, request server replies do not stomp on eachother. [#65114](https://github.com/saltstack/salt/issues/65114) +- speed up yumpkg list_pkgs by not requiring digest or signature verification on lookup. [#65152](https://github.com/saltstack/salt/issues/65152) +- Fix pkg.latest failing on windows for winrepo packages where the package is already up to date [#65165](https://github.com/saltstack/salt/issues/65165) +- Ensure __kwarg__ is preserved when checking for kwargs. This change affects proxy minions when used with Deltaproxy, which had kwargs popped when targeting multiple minions id. [#65179](https://github.com/saltstack/salt/issues/65179) +- Fixes traceback when state id is an int in a reactor SLS file. [#65210](https://github.com/saltstack/salt/issues/65210) +- Install logrotate config as /etc/logrotate.d/salt-common for Debian packages + Remove broken /etc/logrotate.d/salt directory from 3006.3 if it exists. [#65231](https://github.com/saltstack/salt/issues/65231) +- Use ``sha256`` as the default ``hash_type``. It has been the default since Salt v2016.9 [#65287](https://github.com/saltstack/salt/issues/65287) +- Preserve ownership on log rotation [#65288](https://github.com/saltstack/salt/issues/65288) +- Ensure that the correct value of jid_inclue is passed if the argument is included in the passed keyword arguments. [#65302](https://github.com/saltstack/salt/issues/65302) +- Uprade relenv to 0.14.2 + - Update openssl to address CVE-2023-5363. + - Fix bug in openssl setup when openssl binary can't be found. + - Add M1 mac support. [#65316](https://github.com/saltstack/salt/issues/65316) +- Fix regex for filespec adding/deleting fcontext policy in selinux [#65340](https://github.com/saltstack/salt/issues/65340) +- Ensure CLI options take priority over Saltfile options [#65358](https://github.com/saltstack/salt/issues/65358) +- Test mode for state function `saltmod.wheel` no longer set's `result` to `(None,)` [#65372](https://github.com/saltstack/salt/issues/65372) +- Client only process events which tag conforms to an event return. [#65400](https://github.com/saltstack/salt/issues/65400) +- Fixes an issue setting user or machine policy on Windows when the Group Policy + directory is missing [#65411](https://github.com/saltstack/salt/issues/65411) +- Fix regression in file module which was not re-using a file client. [#65450](https://github.com/saltstack/salt/issues/65450) +- pip.installed state will now properly fail when a specified user does not exists [#65458](https://github.com/saltstack/salt/issues/65458) +- Publish channel connect callback method properly closes it's request channel. [#65464](https://github.com/saltstack/salt/issues/65464) +- Ensured the pillar in SSH wrapper modules is the same as the one used in template rendering when overrides are passed [#65483](https://github.com/saltstack/salt/issues/65483) +- Fix file.comment ignore_missing not working with multiline char [#65501](https://github.com/saltstack/salt/issues/65501) +- Warn when an un-closed transport client is being garbage collected. [#65554](https://github.com/saltstack/salt/issues/65554) +- Only generate the HMAC's for ``libssl.so.1.1`` and ``libcrypto.so.1.1`` if those files exist. [#65581](https://github.com/saltstack/salt/issues/65581) +- Fixed an issue where Salt Cloud would fail if it could not delete lingering + PAexec binaries [#65584](https://github.com/saltstack/salt/issues/65584) + +# Added + +- Added Salt support for Debian 12 [#64223](https://github.com/saltstack/salt/issues/64223) +- Added Salt support for Amazon Linux 2023 [#64455](https://github.com/saltstack/salt/issues/64455) + +# Security + +- Bump to `cryptography==41.0.4` due to https://github.com/advisories/GHSA-v8gr-m533-ghj9 [#65268](https://github.com/saltstack/salt/issues/65268) +- Bump to `cryptography==41.0.7` due to https://github.com/advisories/GHSA-jfhm-5ghh-2f97 [#65643](https://github.com/saltstack/salt/issues/65643) + + * Mon Oct 16 2023 Salt Project Packaging - 3006.4 # Security