From 6a3edb5cab6a80582a23ddc24716033297fbab85 Mon Sep 17 00:00:00 2001 From: "Gareth J. Greenaway" Date: Fri, 20 Aug 2021 14:27:52 -0700 Subject: [PATCH] docs_3003.3 --- CHANGELOG.md | 52 +++++++++ changelog/60046.fixed | 1 - changelog/CVE-2021-22004.security | 1 - changelog/cve-2021-21996.security | 1 - doc/man/salt-api.1 | 2 +- doc/man/salt-call.1 | 2 +- doc/man/salt-cloud.1 | 2 +- doc/man/salt-cp.1 | 2 +- doc/man/salt-key.1 | 2 +- doc/man/salt-master.1 | 2 +- doc/man/salt-minion.1 | 2 +- doc/man/salt-proxy.1 | 2 +- doc/man/salt-run.1 | 2 +- doc/man/salt-ssh.1 | 2 +- doc/man/salt-syndic.1 | 2 +- doc/man/salt-unity.1 | 2 +- doc/man/salt.1 | 2 +- doc/man/salt.7 | 174 +++++++++++++++++++----------- doc/man/spm.1 | 2 +- doc/topics/releases/3001.8.rst | 22 ++++ doc/topics/releases/3002.7.rst | 19 ++++ doc/topics/releases/3003.3.rst | 19 ++++ 22 files changed, 237 insertions(+), 80 deletions(-) delete mode 100644 changelog/60046.fixed delete mode 100644 changelog/CVE-2021-22004.security delete mode 100644 changelog/cve-2021-21996.security create mode 100644 doc/topics/releases/3001.8.rst create mode 100644 doc/topics/releases/3002.7.rst create mode 100644 doc/topics/releases/3003.3.rst diff --git a/CHANGELOG.md b/CHANGELOG.md index 23163452dfb2..d3be1f920221 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,22 @@ Versions are `MAJOR.PATCH`. # Changelog +Salt 3003.3 (2021-08-20) +======================== + +Fixed +----- + +- Fix issue introduced in https://github.com/saltstack/salt/pull/59648 (#60046) + + +Security +-------- + +- Verify the owner of an existing config before trusting it during install. If the owner cannot be verified, back it up and use defaults. (CVE-2021-22004) +- Ensure that sourced file is cached using its hash name (cve-2021-21996) + + Salt 3003.2 (2021-07-29) ======================== @@ -205,6 +221,22 @@ Added metadata for a package by extracting library requirement information from the binary ELF files in the package. (#59569) +Salt 3002.7 (2021-08-20) +======================== + +Fixed +----- + +- Verify the owner of an existing config before trusting it during install. If the owner cannot be verified, back it up and use defaults. (CVE-2021-22004) + + +Security +-------- + +- Fix the CVE-2021-31607 vulnerability + + Additionally, an audit and a tool was put in place, ``bandit``, to address similar issues througout the code base, and prevent them. (CVE-2021-31607) +- Ensure that sourced file is cached using its hash name (cve-2021-21996) Salt 3002.6 (2021-03-10) ======================== @@ -535,6 +567,26 @@ Added This flag will be deprecated in the Phosphorus release when this functionality becomes the default. (#58652) +Salt 3001.8 (2021-08-20) +======================== + +Version 3001.8 is a bug fix release for :ref:`3001 `. + + +Fixed +----- + +- Verify the owner of an existing config before trusting it during install. If the owner cannot be verified, back it up and use defaults. (CVE-2021-22004) + + +Security +-------- + +- Fix the CVE-2021-31607 vulnerability + + Additionally, an audit and a tool was put in place, ``bandit``, to address similar issues througout the code base, and prevent them. (CVE-2021-31607) +- Ensure that sourced file is cached using its hash name (cve-2021-21996) + Salt 3001.7 (2021-03-10) ======================== diff --git a/changelog/60046.fixed b/changelog/60046.fixed deleted file mode 100644 index 657fede13edf..000000000000 --- a/changelog/60046.fixed +++ /dev/null @@ -1 +0,0 @@ -Fix issue introduced in https://github.com/saltstack/salt/pull/59648 diff --git a/changelog/CVE-2021-22004.security b/changelog/CVE-2021-22004.security deleted file mode 100644 index 5a9464449313..000000000000 --- a/changelog/CVE-2021-22004.security +++ /dev/null @@ -1 +0,0 @@ -Verify the owner of an existing config before trusting it during install. If the owner cannot be verified, back it up and use defaults. diff --git a/changelog/cve-2021-21996.security b/changelog/cve-2021-21996.security deleted file mode 100644 index b30378199f99..000000000000 --- a/changelog/cve-2021-21996.security +++ /dev/null @@ -1 +0,0 @@ -Ensure that sourced file is cached using its hash name diff --git a/doc/man/salt-api.1 b/doc/man/salt-api.1 index 2d179ca42210..f7aea549d961 100644 --- a/doc/man/salt-api.1 +++ b/doc/man/salt-api.1 @@ -1,6 +1,6 @@ .\" Man page generated from reStructuredText. . -.TH "SALT-API" "1" "Jul 29, 2021" "3003.2" "Salt" +.TH "SALT-API" "1" "Aug 20, 2021" "3003.2+8.gcaf33255ec" "Salt" .SH NAME salt-api \- salt-api Command . diff --git a/doc/man/salt-call.1 b/doc/man/salt-call.1 index 50bab04e5daf..8b46c72ddc89 100644 --- a/doc/man/salt-call.1 +++ b/doc/man/salt-call.1 @@ -1,6 +1,6 @@ .\" Man page generated from reStructuredText. . -.TH "SALT-CALL" "1" "Jul 29, 2021" "3003.2" "Salt" +.TH "SALT-CALL" "1" "Aug 20, 2021" "3003.2+8.gcaf33255ec" "Salt" .SH NAME salt-call \- salt-call Documentation . diff --git a/doc/man/salt-cloud.1 b/doc/man/salt-cloud.1 index 8da3dac331f7..c053f2ca0f5d 100644 --- a/doc/man/salt-cloud.1 +++ b/doc/man/salt-cloud.1 @@ -1,6 +1,6 @@ .\" Man page generated from reStructuredText. . -.TH "SALT-CLOUD" "1" "Jul 29, 2021" "3003.2" "Salt" +.TH "SALT-CLOUD" "1" "Aug 20, 2021" "3003.2+8.gcaf33255ec" "Salt" .SH NAME salt-cloud \- Salt Cloud Command . diff --git a/doc/man/salt-cp.1 b/doc/man/salt-cp.1 index 7ce9529617dd..8c0b9e2eebdb 100644 --- a/doc/man/salt-cp.1 +++ b/doc/man/salt-cp.1 @@ -1,6 +1,6 @@ .\" Man page generated from reStructuredText. . -.TH "SALT-CP" "1" "Jul 29, 2021" "3003.2" "Salt" +.TH "SALT-CP" "1" "Aug 20, 2021" "3003.2+8.gcaf33255ec" "Salt" .SH NAME salt-cp \- salt-cp Documentation . diff --git a/doc/man/salt-key.1 b/doc/man/salt-key.1 index 76bed8eb9743..335ef3fe715c 100644 --- a/doc/man/salt-key.1 +++ b/doc/man/salt-key.1 @@ -1,6 +1,6 @@ .\" Man page generated from reStructuredText. . -.TH "SALT-KEY" "1" "Jul 29, 2021" "3003.2" "Salt" +.TH "SALT-KEY" "1" "Aug 20, 2021" "3003.2+8.gcaf33255ec" "Salt" .SH NAME salt-key \- salt-key Documentation . diff --git a/doc/man/salt-master.1 b/doc/man/salt-master.1 index a01172f7380e..845b9cbe633a 100644 --- a/doc/man/salt-master.1 +++ b/doc/man/salt-master.1 @@ -1,6 +1,6 @@ .\" Man page generated from reStructuredText. . -.TH "SALT-MASTER" "1" "Jul 29, 2021" "3003.2" "Salt" +.TH "SALT-MASTER" "1" "Aug 20, 2021" "3003.2+8.gcaf33255ec" "Salt" .SH NAME salt-master \- salt-master Documentation . diff --git a/doc/man/salt-minion.1 b/doc/man/salt-minion.1 index ac53c47c320a..32ace8e84f4a 100644 --- a/doc/man/salt-minion.1 +++ b/doc/man/salt-minion.1 @@ -1,6 +1,6 @@ .\" Man page generated from reStructuredText. . -.TH "SALT-MINION" "1" "Jul 29, 2021" "3003.2" "Salt" +.TH "SALT-MINION" "1" "Aug 20, 2021" "3003.2+8.gcaf33255ec" "Salt" .SH NAME salt-minion \- salt-minion Documentation . diff --git a/doc/man/salt-proxy.1 b/doc/man/salt-proxy.1 index 1af417483ab9..8366d4f02be4 100644 --- a/doc/man/salt-proxy.1 +++ b/doc/man/salt-proxy.1 @@ -1,6 +1,6 @@ .\" Man page generated from reStructuredText. . -.TH "SALT-PROXY" "1" "Jul 29, 2021" "3003.2" "Salt" +.TH "SALT-PROXY" "1" "Aug 20, 2021" "3003.2+8.gcaf33255ec" "Salt" .SH NAME salt-proxy \- salt-proxy Documentation . diff --git a/doc/man/salt-run.1 b/doc/man/salt-run.1 index 2c9cddd787e6..3b5556a3982e 100644 --- a/doc/man/salt-run.1 +++ b/doc/man/salt-run.1 @@ -1,6 +1,6 @@ .\" Man page generated from reStructuredText. . -.TH "SALT-RUN" "1" "Jul 29, 2021" "3003.2" "Salt" +.TH "SALT-RUN" "1" "Aug 20, 2021" "3003.2+8.gcaf33255ec" "Salt" .SH NAME salt-run \- salt-run Documentation . diff --git a/doc/man/salt-ssh.1 b/doc/man/salt-ssh.1 index 337186ce4cb5..4ec5505313b7 100644 --- a/doc/man/salt-ssh.1 +++ b/doc/man/salt-ssh.1 @@ -1,6 +1,6 @@ .\" Man page generated from reStructuredText. . -.TH "SALT-SSH" "1" "Jul 29, 2021" "3003.2" "Salt" +.TH "SALT-SSH" "1" "Aug 20, 2021" "3003.2+8.gcaf33255ec" "Salt" .SH NAME salt-ssh \- salt-ssh Documentation . diff --git a/doc/man/salt-syndic.1 b/doc/man/salt-syndic.1 index 7ca6c3ac9bac..b1bc8996e578 100644 --- a/doc/man/salt-syndic.1 +++ b/doc/man/salt-syndic.1 @@ -1,6 +1,6 @@ .\" Man page generated from reStructuredText. . -.TH "SALT-SYNDIC" "1" "Jul 29, 2021" "3003.2" "Salt" +.TH "SALT-SYNDIC" "1" "Aug 20, 2021" "3003.2+8.gcaf33255ec" "Salt" .SH NAME salt-syndic \- salt-syndic Documentation . diff --git a/doc/man/salt-unity.1 b/doc/man/salt-unity.1 index cd22176efa22..2c7d32781bca 100644 --- a/doc/man/salt-unity.1 +++ b/doc/man/salt-unity.1 @@ -1,6 +1,6 @@ .\" Man page generated from reStructuredText. . -.TH "SALT-UNITY" "1" "Jul 29, 2021" "3003.2" "Salt" +.TH "SALT-UNITY" "1" "Aug 20, 2021" "3003.2+8.gcaf33255ec" "Salt" .SH NAME salt-unity \- salt-unity Command . diff --git a/doc/man/salt.1 b/doc/man/salt.1 index be10e9265681..5b685821d14e 100644 --- a/doc/man/salt.1 +++ b/doc/man/salt.1 @@ -1,6 +1,6 @@ .\" Man page generated from reStructuredText. . -.TH "SALT" "1" "Jul 29, 2021" "3003.2" "Salt" +.TH "SALT" "1" "Aug 20, 2021" "3003.2+8.gcaf33255ec" "Salt" .SH NAME salt \- salt . diff --git a/doc/man/salt.7 b/doc/man/salt.7 index e83aaf96c81c..cc7fcb7cacf5 100644 --- a/doc/man/salt.7 +++ b/doc/man/salt.7 @@ -1,6 +1,6 @@ .\" Man page generated from reStructuredText. . -.TH "SALT" "7" "Jul 29, 2021" "3003.2" "Salt" +.TH "SALT" "7" "Aug 20, 2021" "3003.2+8.gcaf33255ec" "Salt" .SH NAME salt \- Salt Documentation . @@ -106832,17 +106832,17 @@ Example of usage .B class salt.engines.ircbot.Event(source, code, line) .INDENT 7.0 .TP -.B code +.B property code Alias for field number 1 .UNINDENT .INDENT 7.0 .TP -.B line +.B property line Alias for field number 2 .UNINDENT .INDENT 7.0 .TP -.B source +.B property source Alias for field number 0 .UNINDENT .UNINDENT @@ -106875,42 +106875,42 @@ Alias for field number 0 .B class salt.engines.ircbot.PrivEvent(source, nick, user, host, code, channel, command, line) .INDENT 7.0 .TP -.B channel +.B property channel Alias for field number 5 .UNINDENT .INDENT 7.0 .TP -.B code +.B property code Alias for field number 4 .UNINDENT .INDENT 7.0 .TP -.B command +.B property command Alias for field number 6 .UNINDENT .INDENT 7.0 .TP -.B host +.B property host Alias for field number 3 .UNINDENT .INDENT 7.0 .TP -.B line +.B property line Alias for field number 7 .UNINDENT .INDENT 7.0 .TP -.B nick +.B property nick Alias for field number 1 .UNINDENT .INDENT 7.0 .TP -.B source +.B property source Alias for field number 0 .UNINDENT .INDENT 7.0 .TP -.B user +.B property user Alias for field number 2 .UNINDENT .UNINDENT @@ -119657,7 +119657,7 @@ known to resolve the issue. .UNINDENT .INDENT 0.0 .TP -.B salt.modules.augeas_cfg.execute(context=None, lens=None, commands=(), load_path=None) +.B salt.modules.augeas_cfg.execute(context=None, lens=None, commands=, load_path=None) Execute Augeas commands .sp New in version 2014.7.0. @@ -151658,7 +151658,7 @@ salt \(aq*\(aq cmd.powershell_all "dir mydirectory" force_list=True .UNINDENT .INDENT 0.0 .TP -.B salt.modules.cmdmod.retcode(cmd, cwd=None, stdin=None, runas=None, group=None, shell=\(aq/bin/bash\(aq, python_shell=None, env=None, clean_env=False, template=None, umask=None, output_encoding=None, output_loglevel=\(aqdebug\(aq, log_callback=None, timeout=None, reset_system_locale=True, ignore_retcode=False, saltenv=\(aqbase\(aq, use_vt=False, password=None, success_retcodes=None, **kwargs) +.B salt.modules.cmdmod.retcode(cmd, cwd=None, stdin=None, runas=None, group=None, shell=\(aq/usr/bin/zsh\(aq, python_shell=None, env=None, clean_env=False, template=None, umask=None, output_encoding=None, output_loglevel=\(aqdebug\(aq, log_callback=None, timeout=None, reset_system_locale=True, ignore_retcode=False, saltenv=\(aqbase\(aq, use_vt=False, password=None, success_retcodes=None, **kwargs) Execute a shell command and return the command\(aqs return code. .INDENT 7.0 .TP @@ -151893,7 +151893,7 @@ salt \(aq*\(aq cmd.retcode "grep f" stdin=\(aqone\entwo\enthree\enfour\enfive\en .UNINDENT .INDENT 0.0 .TP -.B salt.modules.cmdmod.run(cmd, cwd=None, stdin=None, runas=None, group=None, shell=\(aq/bin/bash\(aq, python_shell=None, env=None, clean_env=False, template=None, rstrip=True, umask=None, output_encoding=None, output_loglevel=\(aqdebug\(aq, log_callback=None, hide_output=False, timeout=None, reset_system_locale=True, ignore_retcode=False, saltenv=\(aqbase\(aq, use_vt=False, bg=False, password=None, encoded_cmd=False, raise_err=False, prepend_path=None, success_retcodes=None, **kwargs) +.B salt.modules.cmdmod.run(cmd, cwd=None, stdin=None, runas=None, group=None, shell=\(aq/usr/bin/zsh\(aq, python_shell=None, env=None, clean_env=False, template=None, rstrip=True, umask=None, output_encoding=None, output_loglevel=\(aqdebug\(aq, log_callback=None, hide_output=False, timeout=None, reset_system_locale=True, ignore_retcode=False, saltenv=\(aqbase\(aq, use_vt=False, bg=False, password=None, encoded_cmd=False, raise_err=False, prepend_path=None, success_retcodes=None, **kwargs) Execute the passed command and return the output as a string .INDENT 7.0 .TP @@ -152250,7 +152250,7 @@ salt \(aq*\(aq cmd.run cmd=\(aqsed \-e s/=/:/g\(aq .UNINDENT .INDENT 0.0 .TP -.B salt.modules.cmdmod.run_all(cmd, cwd=None, stdin=None, runas=None, group=None, shell=\(aq/bin/bash\(aq, python_shell=None, env=None, clean_env=False, template=None, rstrip=True, umask=None, output_encoding=None, output_loglevel=\(aqdebug\(aq, log_callback=None, hide_output=False, timeout=None, reset_system_locale=True, ignore_retcode=False, saltenv=\(aqbase\(aq, use_vt=False, redirect_stderr=False, password=None, encoded_cmd=False, prepend_path=None, success_retcodes=None, **kwargs) +.B salt.modules.cmdmod.run_all(cmd, cwd=None, stdin=None, runas=None, group=None, shell=\(aq/usr/bin/zsh\(aq, python_shell=None, env=None, clean_env=False, template=None, rstrip=True, umask=None, output_encoding=None, output_loglevel=\(aqdebug\(aq, log_callback=None, hide_output=False, timeout=None, reset_system_locale=True, ignore_retcode=False, saltenv=\(aqbase\(aq, use_vt=False, redirect_stderr=False, password=None, encoded_cmd=False, prepend_path=None, success_retcodes=None, **kwargs) Execute the passed command and return a dict of return data .INDENT 7.0 .TP @@ -152569,7 +152569,7 @@ salt \(aq*\(aq cmd.run_all "grep f" stdin=\(aqone\entwo\enthree\enfour\enfive\en .UNINDENT .INDENT 0.0 .TP -.B salt.modules.cmdmod.run_bg(cmd, cwd=None, runas=None, group=None, shell=\(aq/bin/bash\(aq, python_shell=None, env=None, clean_env=False, template=None, umask=None, timeout=None, output_encoding=None, output_loglevel=\(aqdebug\(aq, log_callback=None, reset_system_locale=True, ignore_retcode=False, saltenv=\(aqbase\(aq, password=None, prepend_path=None, success_retcodes=None, **kwargs) +.B salt.modules.cmdmod.run_bg(cmd, cwd=None, runas=None, group=None, shell=\(aq/usr/bin/zsh\(aq, python_shell=None, env=None, clean_env=False, template=None, umask=None, timeout=None, output_encoding=None, output_loglevel=\(aqdebug\(aq, log_callback=None, reset_system_locale=True, ignore_retcode=False, saltenv=\(aqbase\(aq, password=None, prepend_path=None, success_retcodes=None, **kwargs) New in version 2016.3.0. .sp @@ -152846,7 +152846,7 @@ salt \(aq*\(aq cmd.run_bg cmd=\(aqls \-lR / | sed \-e s/=/:/g > /tmp/dontwait\(a .UNINDENT .INDENT 0.0 .TP -.B salt.modules.cmdmod.run_chroot(root, cmd, cwd=None, stdin=None, runas=None, group=None, shell=\(aq/bin/bash\(aq, python_shell=True, binds=None, env=None, clean_env=False, template=None, rstrip=True, umask=None, output_encoding=None, output_loglevel=\(aqquiet\(aq, log_callback=None, hide_output=False, timeout=None, reset_system_locale=True, ignore_retcode=False, saltenv=\(aqbase\(aq, use_vt=False, bg=False, success_retcodes=None, **kwargs) +.B salt.modules.cmdmod.run_chroot(root, cmd, cwd=None, stdin=None, runas=None, group=None, shell=\(aq/usr/bin/zsh\(aq, python_shell=True, binds=None, env=None, clean_env=False, template=None, rstrip=True, umask=None, output_encoding=None, output_loglevel=\(aqquiet\(aq, log_callback=None, hide_output=False, timeout=None, reset_system_locale=True, ignore_retcode=False, saltenv=\(aqbase\(aq, use_vt=False, bg=False, success_retcodes=None, **kwargs) New in version 2014.7.0. .sp @@ -153045,7 +153045,7 @@ salt \(aq*\(aq cmd.run_chroot /var/lib/lxc/container_name/rootfs \(aqsh /tmp/boo .UNINDENT .INDENT 0.0 .TP -.B salt.modules.cmdmod.run_stderr(cmd, cwd=None, stdin=None, runas=None, group=None, shell=\(aq/bin/bash\(aq, python_shell=None, env=None, clean_env=False, template=None, rstrip=True, umask=None, output_encoding=None, output_loglevel=\(aqdebug\(aq, log_callback=None, hide_output=False, timeout=None, reset_system_locale=True, ignore_retcode=False, saltenv=\(aqbase\(aq, use_vt=False, password=None, prepend_path=None, success_retcodes=None, **kwargs) +.B salt.modules.cmdmod.run_stderr(cmd, cwd=None, stdin=None, runas=None, group=None, shell=\(aq/usr/bin/zsh\(aq, python_shell=None, env=None, clean_env=False, template=None, rstrip=True, umask=None, output_encoding=None, output_loglevel=\(aqdebug\(aq, log_callback=None, hide_output=False, timeout=None, reset_system_locale=True, ignore_retcode=False, saltenv=\(aqbase\(aq, use_vt=False, password=None, prepend_path=None, success_retcodes=None, **kwargs) Execute a command and only return the standard error .INDENT 7.0 .TP @@ -153298,7 +153298,7 @@ salt \(aq*\(aq cmd.run_stderr "grep f" stdin=\(aqone\entwo\enthree\enfour\enfive .UNINDENT .INDENT 0.0 .TP -.B salt.modules.cmdmod.run_stdout(cmd, cwd=None, stdin=None, runas=None, group=None, shell=\(aq/bin/bash\(aq, python_shell=None, env=None, clean_env=False, template=None, rstrip=True, umask=None, output_encoding=None, output_loglevel=\(aqdebug\(aq, log_callback=None, hide_output=False, timeout=None, reset_system_locale=True, ignore_retcode=False, saltenv=\(aqbase\(aq, use_vt=False, password=None, prepend_path=None, success_retcodes=None, **kwargs) +.B salt.modules.cmdmod.run_stdout(cmd, cwd=None, stdin=None, runas=None, group=None, shell=\(aq/usr/bin/zsh\(aq, python_shell=None, env=None, clean_env=False, template=None, rstrip=True, umask=None, output_encoding=None, output_loglevel=\(aqdebug\(aq, log_callback=None, hide_output=False, timeout=None, reset_system_locale=True, ignore_retcode=False, saltenv=\(aqbase\(aq, use_vt=False, password=None, prepend_path=None, success_retcodes=None, **kwargs) Execute a command, and only return the standard out .INDENT 7.0 .TP @@ -153551,7 +153551,7 @@ salt \(aq*\(aq cmd.run_stdout "grep f" stdin=\(aqone\entwo\enthree\enfour\enfive .UNINDENT .INDENT 0.0 .TP -.B salt.modules.cmdmod.script(source, args=None, cwd=None, stdin=None, runas=None, group=None, shell=\(aq/bin/bash\(aq, python_shell=None, env=None, template=None, umask=None, output_encoding=None, output_loglevel=\(aqdebug\(aq, log_callback=None, hide_output=False, timeout=None, reset_system_locale=True, saltenv=\(aqbase\(aq, use_vt=False, bg=False, password=None, success_retcodes=None, **kwargs) +.B salt.modules.cmdmod.script(source, args=None, cwd=None, stdin=None, runas=None, group=None, shell=\(aq/usr/bin/zsh\(aq, python_shell=None, env=None, template=None, umask=None, output_encoding=None, output_loglevel=\(aqdebug\(aq, log_callback=None, hide_output=False, timeout=None, reset_system_locale=True, saltenv=\(aqbase\(aq, use_vt=False, bg=False, password=None, success_retcodes=None, **kwargs) Download a script from a remote location and execute the script locally. The script can be located on the salt master file server or on an HTTP/FTP server. @@ -153804,7 +153804,7 @@ salt \(aq*\(aq cmd.script salt://scripts/runme.sh stdin=\(aqone\entwo\enthree\en .UNINDENT .INDENT 0.0 .TP -.B salt.modules.cmdmod.script_retcode(source, args=None, cwd=None, stdin=None, runas=None, group=None, shell=\(aq/bin/bash\(aq, python_shell=None, env=None, template=\(aqjinja\(aq, umask=None, timeout=None, reset_system_locale=True, saltenv=\(aqbase\(aq, output_encoding=None, output_loglevel=\(aqdebug\(aq, log_callback=None, use_vt=False, password=None, success_retcodes=None, **kwargs) +.B salt.modules.cmdmod.script_retcode(source, args=None, cwd=None, stdin=None, runas=None, group=None, shell=\(aq/usr/bin/zsh\(aq, python_shell=None, env=None, template=\(aqjinja\(aq, umask=None, timeout=None, reset_system_locale=True, saltenv=\(aqbase\(aq, output_encoding=None, output_loglevel=\(aqdebug\(aq, log_callback=None, use_vt=False, password=None, success_retcodes=None, **kwargs) Download a script from a remote location and execute the script locally. The script can be located on the salt master file server or on an HTTP/FTP server. @@ -154005,7 +154005,7 @@ salt \(aq*\(aq cmd.script_retcode salt://scripts/runme.sh stdin=\(aqone\entwo\en .UNINDENT .INDENT 0.0 .TP -.B salt.modules.cmdmod.shell(cmd, cwd=None, stdin=None, runas=None, group=None, shell=\(aq/bin/bash\(aq, env=None, clean_env=False, template=None, rstrip=True, umask=None, output_encoding=None, output_loglevel=\(aqdebug\(aq, log_callback=None, hide_output=False, timeout=None, reset_system_locale=True, ignore_retcode=False, saltenv=\(aqbase\(aq, use_vt=False, bg=False, password=None, prepend_path=None, success_retcodes=None, **kwargs) +.B salt.modules.cmdmod.shell(cmd, cwd=None, stdin=None, runas=None, group=None, shell=\(aq/usr/bin/zsh\(aq, env=None, clean_env=False, template=None, rstrip=True, umask=None, output_encoding=None, output_loglevel=\(aqdebug\(aq, log_callback=None, hide_output=False, timeout=None, reset_system_locale=True, ignore_retcode=False, saltenv=\(aqbase\(aq, use_vt=False, bg=False, password=None, prepend_path=None, success_retcodes=None, **kwargs) Execute the passed command and return the output as a string. .sp New in version 2015.5.0. @@ -172160,12 +172160,12 @@ group, mode, and data .B class salt.modules.file.AttrChanges(added, removed) .INDENT 7.0 .TP -.B added +.B property added Alias for field number 0 .UNINDENT .INDENT 7.0 .TP -.B removed +.B property removed Alias for field number 1 .UNINDENT .UNINDENT @@ -192336,7 +192336,7 @@ Passes through all the parameters described in the \fI\%utils.http.query function\fP: .INDENT 7.0 .TP -.B salt.utils.http.query(url, method=\(aqGET\(aq, params=None, data=None, data_file=None, header_dict=None, header_list=None, header_file=None, username=None, password=None, auth=None, decode=False, decode_type=\(aqauto\(aq, status=False, headers=False, text=False, cookies=None, cookie_jar=None, cookie_format=\(aqlwp\(aq, persist_session=False, session_cookie_jar=None, data_render=False, data_renderer=None, header_render=False, header_renderer=None, template_dict=None, test=False, test_url=None, node=\(aqminion\(aq, port=80, opts=None, backend=None, ca_bundle=None, verify_ssl=None, cert=None, text_out=None, headers_out=None, decode_out=None, stream=False, streaming_callback=None, header_callback=None, handle=False, agent=\(aqSalt/3003.2\(aq, hide_fields=None, raise_error=True, formdata=False, formdata_fieldname=None, formdata_filename=None, decode_body=True, **kwargs) +.B salt.utils.http.query(url, method=\(aqGET\(aq, params=None, data=None, data_file=None, header_dict=None, header_list=None, header_file=None, username=None, password=None, auth=None, decode=False, decode_type=\(aqauto\(aq, status=False, headers=False, text=False, cookies=None, cookie_jar=None, cookie_format=\(aqlwp\(aq, persist_session=False, session_cookie_jar=None, data_render=False, data_renderer=None, header_render=False, header_renderer=None, template_dict=None, test=False, test_url=None, node=\(aqminion\(aq, port=80, opts=None, backend=None, ca_bundle=None, verify_ssl=None, cert=None, text_out=None, headers_out=None, decode_out=None, stream=False, streaming_callback=None, header_callback=None, handle=False, agent=\(aqSalt/3003.2+8.gcaf33255ec\(aq, hide_fields=None, raise_error=True, formdata=False, formdata_fieldname=None, formdata_filename=None, decode_body=True, **kwargs) Query a resource, and decode the return data .UNINDENT .INDENT 7.0 @@ -197029,7 +197029,7 @@ salt\-call ipmi.get_users api_host=172.168.0.7 .UNINDENT .INDENT 0.0 .TP -.B salt.modules.ipmi.raw_command(netfn, command, bridge_request=None, data=(), retry=True, delay_xmit=None, **kwargs) +.B salt.modules.ipmi.raw_command(netfn, command, bridge_request=None, data=, retry=True, delay_xmit=None, **kwargs) Send raw ipmi command .sp This allows arbitrary IPMI bytes to be issued. This is commonly used @@ -275639,7 +275639,7 @@ salt \(aq*\(aq saltutil.clear_job_cache hours=12 .UNINDENT .INDENT 0.0 .TP -.B salt.modules.saltutil.cmd(tgt, fun, arg=(), timeout=None, tgt_type=\(aqglob\(aq, ret=\(aq\(aq, kwarg=None, ssh=False, **kwargs) +.B salt.modules.saltutil.cmd(tgt, fun, arg=, timeout=None, tgt_type=\(aqglob\(aq, ret=\(aq\(aq, kwarg=None, ssh=False, **kwargs) Changed in version 2017.7.0: The \fBexpr_form\fP argument has been renamed to \fBtgt_type\fP, earlier releases must use \fBexpr_form\fP\&. @@ -275660,7 +275660,7 @@ salt \(aq*\(aq saltutil.cmd .UNINDENT .INDENT 0.0 .TP -.B salt.modules.saltutil.cmd_iter(tgt, fun, arg=(), timeout=None, tgt_type=\(aqglob\(aq, ret=\(aq\(aq, kwarg=None, ssh=False, **kwargs) +.B salt.modules.saltutil.cmd_iter(tgt, fun, arg=, timeout=None, tgt_type=\(aqglob\(aq, ret=\(aq\(aq, kwarg=None, ssh=False, **kwargs) Changed in version 2017.7.0: The \fBexpr_form\fP argument has been renamed to \fBtgt_type\fP, earlier releases must use \fBexpr_form\fP\&. @@ -329080,22 +329080,22 @@ wp binary from \fI\%http://wp\-cli.org/\fP .B class salt.modules.wordpress.Plugin(name, status, update, versino) .INDENT 7.0 .TP -.B name +.B property name Alias for field number 0 .UNINDENT .INDENT 7.0 .TP -.B status +.B property status Alias for field number 1 .UNINDENT .INDENT 7.0 .TP -.B update +.B property update Alias for field number 2 .UNINDENT .INDENT 7.0 .TP -.B versino +.B property versino Alias for field number 3 .UNINDENT .UNINDENT @@ -331467,8 +331467,8 @@ Alternate constructor that accept multiple recipients and rooms .B filter(record) Determine if the specified record is to be logged. .sp -Returns True if the record should be logged, or False otherwise. -If deemed appropriate, the record may be modified in\-place. +Is the specified record to be logged? Returns 0 for no, nonzero for +yes. If deemed appropriate, the record may be modified in\-place. .UNINDENT .UNINDENT .INDENT 0.0 @@ -331783,7 +331783,7 @@ salt \(aq*\(aq pkg.group_info \(aqPerl Support\(aq .UNINDENT .INDENT 0.0 .TP -.B salt.modules.yumpkg.group_install(name, skip=(), include=(), **kwargs) +.B salt.modules.yumpkg.group_install(name, skip=, include=, **kwargs) New in version 2014.1.0. .sp @@ -347049,7 +347049,7 @@ cobbler.password: password # default is no password .SS Module Documentation .INDENT 0.0 .TP -.B salt.pillar.cobbler.ext_pillar(minion_id, pillar, key=None, only=()) +.B salt.pillar.cobbler.ext_pillar(minion_id, pillar, key=None, only=) Read pillar data from Cobbler via its API. .UNINDENT .SS salt.pillar.confidant @@ -348269,7 +348269,7 @@ Further information can be found on \fI\%GitHub\fP\&. .SS Module Documentation .INDENT 0.0 .TP -.B salt.pillar.foreman.ext_pillar(minion_id, pillar, key=None, only=()) +.B salt.pillar.foreman.ext_pillar(minion_id, pillar, key=None, only=) Read pillar data from Foreman via its API. .UNINDENT .SS salt.pillar.git_pillar @@ -364013,7 +364013,7 @@ salt\-run salt.cmd mymod.myfunc with_pillar=True .UNINDENT .INDENT 0.0 .TP -.B salt.runners.salt.execute(tgt, fun, arg=(), timeout=None, tgt_type=\(aqglob\(aq, ret=\(aq\(aq, jid=\(aq\(aq, kwarg=None, **kwargs) +.B salt.runners.salt.execute(tgt, fun, arg=, timeout=None, tgt_type=\(aqglob\(aq, ret=\(aq\(aq, jid=\(aq\(aq, kwarg=None, **kwargs) New in version 2017.7.0. .sp @@ -365352,7 +365352,7 @@ A Runner module interface on top of the salt\-ssh Python API. This allows for programmatic use from salt\-api, the Reactor, Orchestrate, etc. .INDENT 0.0 .TP -.B salt.runners.ssh.cmd(tgt, fun, arg=(), timeout=None, tgt_type=\(aqglob\(aq, kwarg=None) +.B salt.runners.ssh.cmd(tgt, fun, arg=, timeout=None, tgt_type=\(aqglob\(aq, kwarg=None) New in version 2015.5.0. .sp @@ -387651,7 +387651,7 @@ printenv: .UNINDENT .INDENT 0.0 .TP -.B salt.states.cmd.call(name, func, args=(), kws=None, output_loglevel=\(aqdebug\(aq, hide_output=False, use_vt=False, **kwargs) +.B salt.states.cmd.call(name, func, args=, kws=None, output_loglevel=\(aqdebug\(aq, hide_output=False, use_vt=False, **kwargs) Invoke a pre\-defined Python function with arguments specified in the state declaration. This function is mainly used by the \fBsalt.renderers.pydsl\fP renderer. @@ -388133,7 +388133,7 @@ New in version 2019.2.0. .UNINDENT .INDENT 0.0 .TP -.B salt.states.cmd.wait(name, cwd=None, root=None, runas=None, shell=None, env=(), stateful=False, umask=None, output_loglevel=\(aqdebug\(aq, hide_output=False, use_vt=False, success_retcodes=None, **kwargs) +.B salt.states.cmd.wait(name, cwd=None, root=None, runas=None, shell=None, env=, stateful=False, umask=None, output_loglevel=\(aqdebug\(aq, hide_output=False, use_vt=False, success_retcodes=None, **kwargs) Run the given command only if the watch statement calls it. .sp \fBNOTE:\fP @@ -388296,7 +388296,7 @@ New in version 2019.2.0. .UNINDENT .INDENT 0.0 .TP -.B salt.states.cmd.wait_call(name, func, args=(), kws=None, stateful=False, use_vt=False, output_loglevel=\(aqdebug\(aq, hide_output=False, **kwargs) +.B salt.states.cmd.wait_call(name, func, args=, kws=None, stateful=False, use_vt=False, output_loglevel=\(aqdebug\(aq, hide_output=False, **kwargs) .UNINDENT .INDENT 0.0 .TP @@ -426601,7 +426601,7 @@ User to run the command .UNINDENT .INDENT 0.0 .TP -.B salt.states.rabbitmq_user.present(name, password=None, force=False, tags=None, perms=(), runas=None) +.B salt.states.rabbitmq_user.present(name, password=None, force=False, tags=None, perms=, runas=None) Ensure the RabbitMQ user exists. .INDENT 7.0 .TP @@ -441112,7 +441112,7 @@ installed2 .UNINDENT .INDENT 0.0 .TP -.B salt.states.zcbuildout.installed(name, config=\(aqbuildout.cfg\(aq, quiet=False, parts=None, user=None, env=(), buildout_ver=None, test_release=False, distribute=None, new_st=None, offline=False, newest=False, python=\(aq/home/dscripter/git/saltopen/salt/.nox/docs\-man\-compress\-false\-update\-true\-clean\-true/bin/python\(aq, debug=False, verbose=False, unless=None, onlyif=None, use_vt=False, loglevel=\(aqdebug\(aq, **kwargs) +.B salt.states.zcbuildout.installed(name, config=\(aqbuildout.cfg\(aq, quiet=False, parts=None, user=None, env=, buildout_ver=None, test_release=False, distribute=None, new_st=None, offline=False, newest=False, python=\(aq/home/gareth/code/salt\-priv/.nox/docs\-man\-clean\-true\-compress\-false\-update\-true/bin/python\(aq, debug=False, verbose=False, unless=None, onlyif=None, use_vt=False, loglevel=\(aqdebug\(aq, **kwargs) Install buildout in a specific directory .sp It is a thin wrapper to modules.buildout.buildout @@ -443482,7 +443482,7 @@ clean_keys: Run remote execution commands via the local client .INDENT 0.0 .TP -.B salt.thorium.local.cmd(name, tgt, func, arg=(), tgt_type=\(aqglob\(aq, ret=\(aq\(aq, kwarg=None, **kwargs) +.B salt.thorium.local.cmd(name, tgt, func, arg=, tgt_type=\(aqglob\(aq, ret=\(aq\(aq, kwarg=None, **kwargs) Execute a remote execution command .sp USAGE: @@ -443628,7 +443628,7 @@ foo: React by calling asynchronous runners .INDENT 0.0 .TP -.B salt.thorium.runner.cmd(name, func=None, arg=(), **kwargs) +.B salt.thorium.runner.cmd(name, func=None, arg=, **kwargs) Execute a runner asynchronous: .sp USAGE: @@ -443699,7 +443699,7 @@ hold_on_a_moment: React by calling asynchronous runners .INDENT 0.0 .TP -.B salt.thorium.wheel.cmd(name, fun=None, arg=(), **kwargs) +.B salt.thorium.wheel.cmd(name, fun=None, arg=, **kwargs) Execute a runner asynchronous: .sp USAGE: @@ -445475,7 +445475,7 @@ local.cmd(\(aq*\(aq, \(aqtest.fib\(aq, [10]) .UNINDENT .INDENT 7.0 .TP -.B cmd(tgt, fun, arg=(), timeout=None, tgt_type=\(aqglob\(aq, ret=\(aq\(aq, jid=\(aq\(aq, full_return=False, kwarg=None, **kwargs) +.B cmd(tgt, fun, arg=, timeout=None, tgt_type=\(aqglob\(aq, ret=\(aq\(aq, jid=\(aq\(aq, full_return=False, kwarg=None, **kwargs) Synchronously execute a command on targeted minions .sp The cmd method will execute and wait for the timeout period for all @@ -445625,7 +445625,7 @@ function name. .UNINDENT .INDENT 7.0 .TP -.B cmd_async(tgt, fun, arg=(), tgt_type=\(aqglob\(aq, ret=\(aq\(aq, jid=\(aq\(aq, kwarg=None, **kwargs) +.B cmd_async(tgt, fun, arg=, tgt_type=\(aqglob\(aq, ret=\(aq\(aq, jid=\(aq\(aq, kwarg=None, **kwargs) Asynchronously send a command to connected minions .sp The function signature is the same as \fI\%cmd()\fP with the @@ -445649,7 +445649,7 @@ A job ID or 0 on failure. .UNINDENT .INDENT 7.0 .TP -.B cmd_batch(tgt, fun, arg=(), tgt_type=\(aqglob\(aq, ret=\(aq\(aq, kwarg=None, batch=\(aq10%\(aq, **kwargs) +.B cmd_batch(tgt, fun, arg=, tgt_type=\(aqglob\(aq, ret=\(aq\(aq, kwarg=None, batch=\(aq10%\(aq, **kwargs) Iteratively execute a command on subsets of minions at a time .sp The function signature is the same as \fI\%cmd()\fP with the @@ -445680,7 +445680,7 @@ A generator of minion returns .UNINDENT .INDENT 7.0 .TP -.B cmd_iter(tgt, fun, arg=(), timeout=None, tgt_type=\(aqglob\(aq, ret=\(aq\(aq, kwarg=None, **kwargs) +.B cmd_iter(tgt, fun, arg=, timeout=None, tgt_type=\(aqglob\(aq, ret=\(aq\(aq, kwarg=None, **kwargs) Yields the individual minion returns as they come in .sp The function signature is the same as \fI\%cmd()\fP with the @@ -445712,7 +445712,7 @@ A generator yielding the individual minion returns .UNINDENT .INDENT 7.0 .TP -.B cmd_iter_no_block(tgt, fun, arg=(), timeout=None, tgt_type=\(aqglob\(aq, ret=\(aq\(aq, kwarg=None, show_jid=False, verbose=False, **kwargs) +.B cmd_iter_no_block(tgt, fun, arg=, timeout=None, tgt_type=\(aqglob\(aq, ret=\(aq\(aq, kwarg=None, show_jid=False, verbose=False, **kwargs) .INDENT 7.0 .TP .B Yields the individual minion returns as they come in, or None @@ -445748,7 +445748,7 @@ None .UNINDENT .INDENT 7.0 .TP -.B cmd_subset(tgt, fun, arg=(), tgt_type=\(aqglob\(aq, ret=\(aq\(aq, kwarg=None, subset=3, cli=False, progress=False, full_return=False, **kwargs) +.B cmd_subset(tgt, fun, arg=, tgt_type=\(aqglob\(aq, ret=\(aq\(aq, kwarg=None, subset=3, cli=False, progress=False, full_return=False, **kwargs) Execute a command on a random subset of the targeted systems .sp The function signature is the same as \fI\%cmd()\fP with the @@ -445794,7 +445794,7 @@ is reached. .UNINDENT .INDENT 7.0 .TP -.B run_job(tgt, fun, arg=(), tgt_type=\(aqglob\(aq, ret=\(aq\(aq, timeout=None, jid=\(aq\(aq, kwarg=None, listen=False, **kwargs) +.B run_job(tgt, fun, arg=, tgt_type=\(aqglob\(aq, ret=\(aq\(aq, timeout=None, jid=\(aq\(aq, kwarg=None, listen=False, **kwargs) Asynchronously send a command to connected minions .sp Prep the job directory and publish a command to any targeted minions. @@ -446307,7 +446307,7 @@ New in version 2015.5.0. .INDENT 7.0 .TP -.B cmd(tgt, fun, arg=(), timeout=None, tgt_type=\(aqglob\(aq, kwarg=None, **kwargs) +.B cmd(tgt, fun, arg=, timeout=None, tgt_type=\(aqglob\(aq, kwarg=None, **kwargs) Execute a single command via the salt\-ssh subsystem and return all routines at once .sp @@ -446316,7 +446316,7 @@ New in version 2015.5.0. .UNINDENT .INDENT 7.0 .TP -.B cmd_iter(tgt, fun, arg=(), timeout=None, tgt_type=\(aqglob\(aq, ret=\(aq\(aq, kwarg=None, **kwargs) +.B cmd_iter(tgt, fun, arg=, timeout=None, tgt_type=\(aqglob\(aq, ret=\(aq\(aq, kwarg=None, **kwargs) Execute a single command via the salt\-ssh subsystem and return a generator .sp @@ -449295,7 +449295,8 @@ for it to compile the changelog correctly. .SS How do I add a changelog entry .sp To add a changelog entry you will need to add a file in the \fIchangelog\fP directory. -The file name should follow the syntax \fB.\fP\&. +The file name should follow the syntax \fB.\fP\&. If it is a security +fix then the following syntax will need to be used \fBcve\-.security\fP\&. .sp The types are in alignment with keepachangelog: .INDENT 0.0 @@ -449316,6 +449317,9 @@ any bug fixes .TP .B added: any new features added +.TP +.B security: +any fixes for a cve .UNINDENT .UNINDENT .UNINDENT @@ -449326,6 +449330,8 @@ a summary of what you are fixing. If there is a legitimate reason to not include an issue number with a given contribution you can add the PR number as the file name (\fB.\fP). .sp +For a security fix your filename would look like this: changelog/cve\-2021\-25283.security. +.sp If your PR does not align with any of the types, then you do not need to add a changelog entry. .SS How to generate the changelog @@ -459311,6 +459317,8 @@ Removing the _ext_nodes deprecation warning and alias to the master_tops functio removed the arg \fImanaged_private_key\fP from \(aqsalt.states.x509.certificate_managed\(aq (#59247) .IP \(bu 2 Drop support for python 3.5 on Windows (#59479) +.IP \(bu 2 +Removed support for Ubuntu 16.04 (#59913) .UNINDENT .SS Deprecated .INDENT 0.0 @@ -459497,11 +459505,6 @@ Fix regression on "cmd.run" when passing tuples as cmd. (#59664) .SS Salt 3003.1 Release Notes .sp Version 3003.1 is a bug fix release for 3003\&. -.SS Removed -.INDENT 0.0 -.IP \(bu 2 -Removed support for Ubuntu 16.04 (#59913) -.UNINDENT .SS Fixed .INDENT 0.0 .IP \(bu 2 @@ -459541,6 +459544,19 @@ Improve reliability of Terminal class (#60504) .IP \(bu 2 Ignore configuration for \(aqenable_fqdns_grains\(aq for AIX, Solaris and Juniper, assume False (#60529) .UNINDENT +.SS Salt 3003.3 (2021\-08\-20) +.SS Fixed +.INDENT 0.0 +.IP \(bu 2 +Fix issue introduced in \fI\%https://github.com/saltstack/salt/pull/59648\fP (#60046) +.UNINDENT +.SS Security +.INDENT 0.0 +.IP \(bu 2 +Verify the owner of an existing config before trusting it during install. If the owner cannot be verified, back it up and use defaults. (CVE\-2021\-22004) +.IP \(bu 2 +Ensure that sourced file is cached using its hash name (cve\-2021\-21996) +.UNINDENT .SS Salt 3002 Release Notes \- Codename Magnesium .SS New Features .SS Network Teaming Support Added (RHEL/CentOS) @@ -459983,6 +459999,21 @@ Fix regression on "cmd.run" when passing tuples as cmd. (#59664) .IP \(bu 2 Allow all ssh kwargs as sanitized kwargs for SSH client. (#59748) .UNINDENT +.SS Salt 3002.7 (2021\-08\-20) +.SS Fixed +.INDENT 0.0 +.IP \(bu 2 +Verify the owner of an existing config before trusting it during install. If the owner cannot be verified, back it up and use defaults. (CVE\-2021\-22004) +.UNINDENT +.SS Security +.INDENT 0.0 +.IP \(bu 2 +Fix the CVE\-2021\-31607 vulnerability +.sp +Additionally, an audit and a tool was put in place, \fBbandit\fP, to address similar issues througout the code base, and prevent them. (CVE\-2021\-31607) +.IP \(bu 2 +Ensure that sourced file is cached using its hash name (cve\-2021\-21996) +.UNINDENT .SS Salt 3001 Release Notes \- Codename Sodium .SS Python 2 Dropped .sp @@ -460382,6 +460413,23 @@ Allow all ssh kwargs as sanitized kwargs for SSH client. (#59748) Fix argument injection bug in restartcheck.restartcheck. This change hardens the fix for CVE\-2020\-28243. .UNINDENT +.SS Salt 3001.8 (2021\-08\-20) +.sp +Version 3001.8 is a bug fix release for 3001\&. +.SS Fixed +.INDENT 0.0 +.IP \(bu 2 +Verify the owner of an existing config before trusting it during install. If the owner cannot be verified, back it up and use defaults. (CVE\-2021\-22004) +.UNINDENT +.SS Security +.INDENT 0.0 +.IP \(bu 2 +Fix the CVE\-2021\-31607 vulnerability +.sp +Additionally, an audit and a tool was put in place, \fBbandit\fP, to address similar issues througout the code base, and prevent them. (CVE\-2021\-31607) +.IP \(bu 2 +Ensure that sourced file is cached using its hash name (cve\-2021\-21996) +.UNINDENT .SS Salt 3000 Release Notes \- Codename Neon .SS Security Advisory .sp diff --git a/doc/man/spm.1 b/doc/man/spm.1 index aa486b4241cf..959ae9f180d9 100644 --- a/doc/man/spm.1 +++ b/doc/man/spm.1 @@ -1,6 +1,6 @@ .\" Man page generated from reStructuredText. . -.TH "SPM" "1" "Jul 29, 2021" "3003.2" "Salt" +.TH "SPM" "1" "Aug 20, 2021" "3003.2+8.gcaf33255ec" "Salt" .SH NAME spm \- Salt Package Manager Command . diff --git a/doc/topics/releases/3001.8.rst b/doc/topics/releases/3001.8.rst new file mode 100644 index 000000000000..a36e23fa22eb --- /dev/null +++ b/doc/topics/releases/3001.8.rst @@ -0,0 +1,22 @@ +.. _release-3001-8: + +======================== +Salt 3001.8 (2021-08-20) +======================== + +Version 3001.8 is a bug fix release for :ref:`3001 `. + + +Fixed +----- + +- Verify the owner of an existing config before trusting it during install. If the owner cannot be verified, back it up and use defaults. (CVE-2021-22004) + + +Security +-------- + +- Fix the CVE-2021-31607 vulnerability + + Additionally, an audit and a tool was put in place, ``bandit``, to address similar issues througout the code base, and prevent them. (CVE-2021-31607) +- Ensure that sourced file is cached using its hash name (cve-2021-21996) diff --git a/doc/topics/releases/3002.7.rst b/doc/topics/releases/3002.7.rst new file mode 100644 index 000000000000..292149b7bfd3 --- /dev/null +++ b/doc/topics/releases/3002.7.rst @@ -0,0 +1,19 @@ +.. _release-3002-7: + +======================== +Salt 3002.7 (2021-08-20) +======================== + +Fixed +----- + +- Verify the owner of an existing config before trusting it during install. If the owner cannot be verified, back it up and use defaults. (CVE-2021-22004) + + +Security +-------- + +- Fix the CVE-2021-31607 vulnerability + + Additionally, an audit and a tool was put in place, ``bandit``, to address similar issues througout the code base, and prevent them. (CVE-2021-31607) +- Ensure that sourced file is cached using its hash name (cve-2021-21996) diff --git a/doc/topics/releases/3003.3.rst b/doc/topics/releases/3003.3.rst new file mode 100644 index 000000000000..eb9d31a1e8ef --- /dev/null +++ b/doc/topics/releases/3003.3.rst @@ -0,0 +1,19 @@ +.. _release-3003-3: + +======================== +Salt 3003.3 (2021-08-20) +======================== + +Fixed +----- + +- Fix issue introduced in https://github.com/saltstack/salt/pull/59648 (#60046) + + +Security +-------- + +- Verify the owner of an existing config before trusting it during install. If the owner cannot be verified, back it up and use defaults. (CVE-2021-22004) +- Ensure that sourced file is cached using its hash name (cve-2021-21996) + +