Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package salt for openSUSE:Factory checked in at 2021-03-10 08:48:52 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/salt (Old) and /work/SRC/openSUSE:Factory/.salt.new.2378 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "salt" Wed Mar 10 08:48:52 2021 rev:115 rq:876003 version:3002.2 Changes: -------- --- /work/SRC/openSUSE:Factory/salt/salt.changes 2021-02-17 18:09:32.453842474 +0100 +++ /work/SRC/openSUSE:Factory/.salt.new.2378/salt.changes 2021-03-10 08:49:11.510389601 +0100 @@ -1,0 +2,30 @@ +Mon Mar 1 11:21:01 UTC 2021 - Alexander Graul <[email protected]> + +- Allow extra_filerefs as sanitized kwargs for SSH client +- Fix regression on cmd.run when passing tuples as cmd (bsc#1182740) +- Fix for multiple for security issues + (CVE-2020-28243) (CVE-2020-28972) (CVE-2020-35662) (CVE-2021-3148) (CVE-2021-3144) + (CVE-2021-25281) (CVE-2021-25282) (CVE-2021-25283) (CVE-2021-25284) (CVE-2021-3197) + (bsc#1181550) (bsc#1181556) (bsc#1181557) (bsc#1181558) (bsc#1181559) (bsc#1181560) + (bsc#1181561) (bsc#1181562) (bsc#1181563) (bsc#1181564) (bsc#1181565) +- Implementation of suse_ip execution module to prevent issues with network.managed (bsc#1099976) +- Add sleep on exception handling on minion connection attempt to the master (bsc#1174855) +- Allows for the VMware provider to handle CPU and memory hot-add in newer versions of the software. (bsc#1181347) +- Always require python-certifi (used by salt.ext.tornado) +- Bring missing part of async batch implementation back (bsc#1182382) (CVE-2021-25315) + +- Added: + * implementation-of-suse_ip-execution-module-bsc-10999.patch + * fix-regression-on-cmd.run-when-passing-tuples-as-cmd.patch + * async-batch-implementation-fix-320.patch + * add-sleep-on-exception-handling-on-minion-connection.patch + * allow-extra_filerefs-as-sanitized-kwargs-for-ssh-cli.patch + * fix-for-some-cves-bsc1181550.patch + * fixes-56144-to-enable-hotadd-profile-support.patch + +------------------------------------------------------------------- +Tue Feb 16 17:10:30 UTC 2021 - Alexander Graul <[email protected]> + +- Always require python3-distro (bsc#1182293) + +------------------------------------------------------------------- New: ---- add-sleep-on-exception-handling-on-minion-connection.patch allow-extra_filerefs-as-sanitized-kwargs-for-ssh-cli.patch async-batch-implementation-fix-320.patch fix-for-some-cves-bsc1181550.patch fix-regression-on-cmd.run-when-passing-tuples-as-cmd.patch fixes-56144-to-enable-hotadd-profile-support.patch implementation-of-suse_ip-execution-module-bsc-10999.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ salt.spec ++++++ --- /var/tmp/diff_new_pack.iywpf6/_old 2021-03-10 08:49:13.146391290 +0100 +++ /var/tmp/diff_new_pack.iywpf6/_new 2021-03-10 08:49:13.150391294 +0100 @@ -359,6 +359,20 @@ Patch149: 3002.2-xen-spicevmc-dns-srv-records-backports-314.patch # PATCH-FIX_UPSTREAM: https://github.com/saltstack/salt/pull/59485 Patch150: open-suse-3002.2-xen-grub-316.patch +# PATCH-FIX_OPENSUSE: https://github.com/openSUSE/salt/pull/320 +Patch151: async-batch-implementation-fix-320.patch +# PATCH-FIX_UPSTREAM: https://github.com/saltstack/salt/pull/56173 +Patch152: fixes-56144-to-enable-hotadd-profile-support.patch +# PATCH-FIX_OPENSUSE: https://github.com/openSUSE/salt/pull/307 +Patch153: add-sleep-on-exception-handling-on-minion-connection.patch +# PATCH-FIX_OPENSUSE: https://github.com/openSUSE/salt/pull/323 +Patch154: implementation-of-suse_ip-execution-module-bsc-10999.patch +# PATCH-FIX_UPSTREAM: no PR to link to yet +Patch155: fix-for-some-cves-bsc1181550.patch +# PATCH-FIX_UPSTREAM: no PR to link to yet +Patch156: allow-extra_filerefs-as-sanitized-kwargs-for-ssh-cli.patch +# PATCH-FIX_UPSTREAM: no PR to link to yet +Patch157: fix-regression-on-cmd.run-when-passing-tuples-as-cmd.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: logrotate @@ -458,7 +472,6 @@ BuildRequires: python3-msgpack-python > 0.3 BuildRequires: python3-pyzmq >= 2.2.0 %if 0%{?suse_version} >= 1500 -BuildRequires: python3-distro BuildRequires: python3-M2Crypto %else BuildRequires: python3-pycrypto >= 2.6.1 @@ -467,6 +480,7 @@ BuildRequires: python3-PyYAML BuildRequires: python3-psutil BuildRequires: python3-requests >= 1.0.0 +BuildRequires: python3-distro # requirements/zeromq.txt %if %{with test} @@ -486,10 +500,7 @@ %else Requires: python3 %endif -# -%if ! 0%{?suse_version} > 1110 Requires: python3-certifi -%endif # requirements/base.txt %if 0%{?rhel} || 0%{?fedora} Requires: python3-jinja2 @@ -510,7 +521,6 @@ Requires: python3-MarkupSafe Requires: python3-msgpack-python > 0.3 %if 0%{?suse_version} >= 1500 -Requires: python3-distro Requires: python3-M2Crypto %else Requires: python3-pycrypto >= 2.6.1 @@ -520,6 +530,7 @@ Requires: python3-PyYAML Requires: python3-psutil Requires: python3-requests >= 1.0.0 +Requires: python3-distro %if 0%{?suse_version} # required for zypper.py Requires: python3-rpm @@ -908,6 +919,13 @@ %patch148 -p1 %patch149 -p1 %patch150 -p1 +%patch151 -p1 +%patch152 -p1 +%patch153 -p1 +%patch154 -p1 +%patch155 -p1 +%patch156 -p1 +%patch157 -p1 %build # Putting /usr/bin at the front of $PATH is needed for RHEL/RES 7. Without this ++++++ _lastrevision ++++++ --- /var/tmp/diff_new_pack.iywpf6/_old 2021-03-10 08:49:13.202391348 +0100 +++ /var/tmp/diff_new_pack.iywpf6/_new 2021-03-10 08:49:13.206391352 +0100 @@ -1 +1 @@ -98a9fb14263d76c4873bc68f208aeee04b583044 \ No newline at end of file +20438f0fbeca551fd5a04babf1a686a5455c2ce3 \ No newline at end of file ++++++ add-sleep-on-exception-handling-on-minion-connection.patch ++++++ >From aafa76ddd04114f699d760577681db75579685d7 Mon Sep 17 00:00:00 2001 From: Victor Zhestkov <[email protected]> Date: Thu, 18 Feb 2021 14:49:38 +0300 Subject: [PATCH] Add sleep on exception handling on minion connection attempt to the master (bsc#1174855) (#321) * Async batch implementation fix * Add sleep on exception handling on minion connection attempt to the master (bsc#1174855) --- salt/minion.py | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/salt/minion.py b/salt/minion.py index 4da665a130..dacff1e0a9 100644 --- a/salt/minion.py +++ b/salt/minion.py @@ -1123,6 +1123,9 @@ class MinionManager(MinionBase): last = 0 # never have we signed in auth_wait = minion.opts["acceptance_wait_time"] failed = False + retry_wait = 1 + retry_wait_inc = 1 + max_retry_wait = 20 while True: try: if minion.opts.get("beacons_before_connect", False): @@ -1158,6 +1161,9 @@ class MinionManager(MinionBase): minion.opts["master"], exc_info=True, ) + yield salt.ext.tornado.gen.sleep(retry_wait) + if retry_wait < max_retry_wait: + retry_wait += retry_wait_inc # Multi Master Tune In def tune_in(self): -- 2.29.2 ++++++ allow-extra_filerefs-as-sanitized-kwargs-for-ssh-cli.patch ++++++ >From 5e8a9c9eaa18c53b259a3bb1da8df51f5382ed6b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pablo=20Su=C3=A1rez=20Hern=C3=A1ndez?= <[email protected]> Date: Mon, 22 Feb 2021 11:39:19 +0000 Subject: [PATCH] Allow extra_filerefs as sanitized kwargs for SSH client (cherry picked from commit 89f843398849633af52cceab2155e9cedf8ad3dd) --- salt/client/ssh/client.py | 1 + 1 file changed, 1 insertion(+) diff --git a/salt/client/ssh/client.py b/salt/client/ssh/client.py index 2cf42f53e7..3631c3bb67 100644 --- a/salt/client/ssh/client.py +++ b/salt/client/ssh/client.py @@ -60,6 +60,7 @@ class SSHClient: ("rosters", list), ("ignore_host_keys", bool), ("raw_shell", bool), + ("extra_filerefs", str), ] sane_kwargs = {} for name, kind in roster_vals: -- 2.30.1 ++++++ async-batch-implementation-fix-320.patch ++++++ >From 843c76e5889659ec80fea3f39b750b9f907a902d Mon Sep 17 00:00:00 2001 From: Victor Zhestkov <[email protected]> Date: Wed, 17 Feb 2021 16:47:11 +0300 Subject: [PATCH] Async batch implementation fix (#320) --- salt/client/__init__.py | 38 -------------------------------------- 1 file changed, 38 deletions(-) diff --git a/salt/client/__init__.py b/salt/client/__init__.py index cc8fd4048d..ddb437604b 100644 --- a/salt/client/__init__.py +++ b/salt/client/__init__.py @@ -534,12 +534,6 @@ class LocalClient: {'dave': {...}} {'stewart': {...}} """ - # We need to re-import salt.utils.args here - # even though it has already been imported. - # when cmd_batch is called via the NetAPI - # the module is unavailable. - import salt.utils.args - # Late import - not used anywhere else in this file import salt.cli.batch @@ -557,38 +551,6 @@ class LocalClient: eauth = salt.cli.batch.batch_get_eauth(kwargs) - arg = salt.utils.args.condition_input(arg, kwarg) - opts = { - "tgt": tgt, - "fun": fun, - "arg": arg, - "tgt_type": tgt_type, - "ret": ret, - "batch": batch, - "failhard": kwargs.get("failhard", self.opts.get("failhard", False)), - "raw": kwargs.get("raw", False), - } - - if "timeout" in kwargs: - opts["timeout"] = kwargs["timeout"] - if "gather_job_timeout" in kwargs: - opts["gather_job_timeout"] = kwargs["gather_job_timeout"] - if "batch_wait" in kwargs: - opts["batch_wait"] = int(kwargs["batch_wait"]) - - eauth = {} - if "eauth" in kwargs: - eauth["eauth"] = kwargs.pop("eauth") - if "username" in kwargs: - eauth["username"] = kwargs.pop("username") - if "password" in kwargs: - eauth["password"] = kwargs.pop("password") - if "token" in kwargs: - eauth["token"] = kwargs.pop("token") - - for key, val in self.opts.items(): - if key not in opts: - opts[key] = val batch = salt.cli.batch.Batch(opts, eauth=eauth, quiet=True) for ret in batch.run(): yield ret -- 2.30.0 ++++++ fix-for-some-cves-bsc1181550.patch ++++++ ++++ 5284 lines (skipped) ++++++ fix-regression-on-cmd.run-when-passing-tuples-as-cmd.patch ++++++ >From d8538a57553d94290870671db1d5a4fcd4d7e709 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pablo=20Su=C3=A1rez=20Hern=C3=A1ndez?= <[email protected]> Date: Fri, 26 Feb 2021 09:15:03 +0000 Subject: [PATCH] Fix regression on cmd.run when passing tuples as cmd (bsc#1182740) (cherry picked from commit 9a76246adedb60e24a75682077654a352a965cb9) --- salt/modules/cmdmod.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/modules/cmdmod.py b/salt/modules/cmdmod.py index bbc303c3f8..f24e7cc9ae 100644 --- a/salt/modules/cmdmod.py +++ b/salt/modules/cmdmod.py @@ -78,7 +78,7 @@ def __virtual__(): def _log_cmd(cmd): - if not isinstance(cmd, list): + if isinstance(cmd, str): return cmd.split()[0].strip() return cmd[0].strip() -- 2.30.1 ++++++ fixes-56144-to-enable-hotadd-profile-support.patch ++++++ >From 5761a11227c8d78df62d1a1552a50c0a4b76ae33 Mon Sep 17 00:00:00 2001 From: nicholasmhughes <[email protected]> Date: Fri, 14 Feb 2020 22:03:42 -0500 Subject: [PATCH] fixes #56144 to enable hotadd profile support --- doc/topics/cloud/vmware.rst | 8 ++++++++ salt/cloud/clouds/vmware.py | 12 ++++++++++++ 2 files changed, 20 insertions(+) diff --git a/doc/topics/cloud/vmware.rst b/doc/topics/cloud/vmware.rst index e4cb607e8d..0ac7c255a8 100644 --- a/doc/topics/cloud/vmware.rst +++ b/doc/topics/cloud/vmware.rst @@ -457,6 +457,14 @@ Set up an initial profile at ``/etc/salt/cloud.profiles`` or Specifies whether the new virtual machine should be powered on or not. If ``template: True`` is set, this field is ignored. Default is ``power_on: True``. +``cpu_hot_add`` + Boolean value that enables hot-add support for modifying CPU resources while + the guest is powered on. + +``mem_hot_add`` + Boolean value that enables hot-add support for modifying memory resources while + the guest is powered on. + ``extra_config`` Specifies the additional configuration information for the virtual machine. This describes a set of modifications to the additional options. If the key is already diff --git a/salt/cloud/clouds/vmware.py b/salt/cloud/clouds/vmware.py index 5ebf448abc..edaca9618b 100644 --- a/salt/cloud/clouds/vmware.py +++ b/salt/cloud/clouds/vmware.py @@ -2824,6 +2824,12 @@ def create(vm_): win_run_once = config.get_cloud_config_value( "win_run_once", vm_, __opts__, search_global=False, default=None ) + cpu_hot_add = config.get_cloud_config_value( + 'cpu_hot_add', vm_, __opts__, search_global=False, default=None + ) + mem_hot_add = config.get_cloud_config_value( + 'mem_hot_add', vm_, __opts__, search_global=False, default=None + ) # Get service instance object si = _get_si() @@ -3042,6 +3048,12 @@ def create(vm_): ) config_spec.deviceChange = specs["device_specs"] + if cpu_hot_add and hasattr(config_spec, 'cpuHotAddEnabled'): + config_spec.cpuHotAddEnabled = bool(cpu_hot_add) + + if mem_hot_add and hasattr(config_spec, 'memoryHotAddEnabled'): + config_spec.memoryHotAddEnabled = bool(mem_hot_add) + if extra_config: for key, value in six.iteritems(extra_config): option = vim.option.OptionValue(key=key, value=value) -- 2.29.2 ++++++ implementation-of-suse_ip-execution-module-bsc-10999.patch ++++++ ++++ 1368 lines (skipped)
