diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 4694c935fae7..3808f94fa8bd 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -261,6 +261,8 @@ jobs: - name: Build Documentation shell: bash + env: + LATEST_RELEASE: ${{ needs.prepare-workflow.outputs.salt-version }} run: | tools docs html --no-clean --archive salt-${{ needs.prepare-workflow.outputs.salt-version }}-docs.tar.xz diff --git a/.github/workflows/nightly.yml b/.github/workflows/nightly.yml index bc7aeb670fda..06758b8c7c95 100644 --- a/.github/workflows/nightly.yml +++ b/.github/workflows/nightly.yml @@ -259,6 +259,8 @@ jobs: - name: Build Documentation shell: bash + env: + LATEST_RELEASE: ${{ needs.prepare-workflow.outputs.salt-version }} run: | tools docs html --no-clean --archive salt-${{ needs.prepare-workflow.outputs.salt-version }}-docs.tar.xz diff --git a/.github/workflows/scheduled.yml b/.github/workflows/scheduled.yml index a54cded7bede..fb4ff3ea72e9 100644 --- a/.github/workflows/scheduled.yml +++ b/.github/workflows/scheduled.yml @@ -259,6 +259,8 @@ jobs: - name: Build Documentation shell: bash + env: + LATEST_RELEASE: ${{ needs.prepare-workflow.outputs.salt-version }} run: | tools docs html --no-clean --archive salt-${{ needs.prepare-workflow.outputs.salt-version }}-docs.tar.xz diff --git a/.github/workflows/templates/ci.yml.jinja b/.github/workflows/templates/ci.yml.jinja index 5c1a781cd856..67968e208045 100644 --- a/.github/workflows/templates/ci.yml.jinja +++ b/.github/workflows/templates/ci.yml.jinja @@ -104,6 +104,8 @@ on: - name: Build Documentation shell: bash + env: + LATEST_RELEASE: ${{ needs.prepare-workflow.outputs.salt-version }} run: | tools docs html --no-clean --archive salt-${{ needs.prepare-workflow.outputs.salt-version }}-docs.tar.xz diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index f6e53339ad17..956f9caaf6fd 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -46,8 +46,19 @@ repos: )$ - repo: https://github.com/s0undt3ch/python-tools-scripts - rev: "0.10.2" + rev: "0.10.4" hooks: + - id: tools + alias: check-changelog-entries + name: Check Changelog Entries + args: + - changelog + - pre-commit-checks + additional_dependencies: + - boto3==1.21.46 + - pyyaml==6.0 + - jinja2==3.1.2 + - packaging==23.0 - id: tools alias: generate-workflows name: Generate GitHub Workflow Templates @@ -1080,15 +1091,6 @@ repos: - requirements/static/ci/tools.in # <---- Tools ----------------------------------------------------------------------------------------------------- - # ----- Local Hooks -----------------------------------------------------------------------------------------------> - - repo: local - hooks: - - id: check-changelog-entries - name: Check Changelog Entries - entry: .pre-commit-hooks/check-changelog-entries.py - language: script - # <---- Local Hooks ------------------------------------------------------------------------------------------------ - # ----- Code Formatting -------------------------------------------------------------------------------------------> - repo: https://github.com/asottile/pyupgrade rev: v2.37.2 diff --git a/.pre-commit-hooks/check-changelog-entries.py b/.pre-commit-hooks/check-changelog-entries.py deleted file mode 100755 index a5ae631962cd..000000000000 --- a/.pre-commit-hooks/check-changelog-entries.py +++ /dev/null @@ -1,104 +0,0 @@ -#!/usr/bin/env python3 -# pylint: skip-file - -import pathlib -import re -import sys - -CODE_ROOT = pathlib.Path(__file__).resolve().parent.parent -DOCS_PATH = CODE_ROOT / "doc" -TESTS_INTEGRATION_FILES_PATH = CODE_ROOT / "tests" / "integration" / "files" -CHANGELOG_ENTRIES_PATH = CODE_ROOT / "changelog" -CHANGELOG_LIKE_RE = re.compile(r"([\d]+)\.([a-z]+)$") -CHANGELOG_EXTENSIONS = ( - "removed", - "deprecated", - "changed", - "fixed", - "added", - "security", -) -CHANGELOG_ENTRY_RE = re.compile( - r"([\d]+|(CVE|cve)-[\d]{{4}}-[\d]+)\.({})$".format("|".join(CHANGELOG_EXTENSIONS)) -) - - -def check_changelog_entries(files): - - exitcode = 0 - for entry in files: - path = pathlib.Path(entry).resolve() - # Is it under changelog/ - try: - path.relative_to(CHANGELOG_ENTRIES_PATH) - if path.name == ".keep": - # This is the file we use so git doesn't delete the changelog/ directory - continue - # Is it named properly - if not CHANGELOG_ENTRY_RE.match(path.name): - print( - "The changelog entry '{}' should have one of the following extensions: {}.".format( - path.relative_to(CODE_ROOT), - ", ".join(repr(ext) for ext in CHANGELOG_EXTENSIONS), - ), - file=sys.stderr, - flush=True, - ) - exitcode = 1 - continue - except ValueError: - # No, carry on - pass - # Does it look like a changelog entry - if CHANGELOG_LIKE_RE.match(path.name) and not CHANGELOG_ENTRY_RE.match( - path.name - ): - try: - # Is this under doc/ - path.relative_to(DOCS_PATH) - # Yes, carry on - continue - except ValueError: - # No, resume the check - pass - try: - # Is this under tests/integration/files - path.relative_to(TESTS_INTEGRATION_FILES_PATH) - # Yes, carry on - continue - except ValueError: - # No, resume the check - pass - print( - "The changelog entry '{}' should have one of the following extensions: {}.".format( - path.relative_to(CODE_ROOT), - ", ".join(repr(ext) for ext in CHANGELOG_EXTENSIONS), - ), - file=sys.stderr, - flush=True, - ) - exitcode = 1 - continue - # Is it a changelog entry - if not CHANGELOG_ENTRY_RE.match(path.name): - # No? Carry on - continue - # Is the changelog entry in the right path? - try: - path.relative_to(CHANGELOG_ENTRIES_PATH) - except ValueError: - exitcode = 1 - print( - "The changelog entry '{}' should be placed under '{}/', not '{}'".format( - path.name, - CHANGELOG_ENTRIES_PATH.relative_to(CODE_ROOT), - path.relative_to(CODE_ROOT).parent, - ), - file=sys.stderr, - flush=True, - ) - sys.exit(exitcode) - - -if __name__ == "__main__": - check_changelog_entries(sys.argv[1:]) diff --git a/CHANGELOG.md b/CHANGELOG.md index ee75c8b4aebb..7da999d37254 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,11 +7,9 @@ Versions are `MAJOR.PATCH`. # Changelog -Salt 3005.1 (2022-09-26) -======================== +## Salt 3005.1 (2022-09-26) -Fixed ------ +### Fixed - Fix arch parsing issue in apt source files (#62247) - Fixed parsing CDROM apt sources (#62474) @@ -32,11 +30,9 @@ Fixed - The sub proxies controlled by Deltaproxy need to have their own req_channel otherwise there are timeout exceptions when the __master_req_channel_payload is fired and reacted on. (#62708) -Salt 3005 (2022-08-22) -====================== +## Salt 3005 (2022-08-22) -Removed -------- +### Removed - Deprecating and removing salt-unity. (#56055) - Removed support for macos mojave (#61130) @@ -61,8 +57,7 @@ Removed Since it's currently not being used, it's removed. (#62432) -Deprecated ----------- +### Deprecated - In etcd_util, the recursive kwarg in the read and delete methods has been deprecated in favor of recurse for both client versions. In etcd_util, the index kwarg in the watch method has been deprecated in favor of start_revision for both client versions. @@ -76,8 +71,7 @@ Deprecated - Deprecated the cassandra module in favor of the cassandra_cql module/returner. (#62327) -Changed -------- +### Changed - alternatives: Do not access /var/lib/dpkg/alternatives directly (#58745) - Enhance logging when there are errors at loading beacons (#60402) @@ -89,8 +83,7 @@ Changed - "Sign before ending the testrun in x509.create_certificate" (#62100) -Fixed ------ +### Fixed - Fix salt-ssh using sudo with a password (#8882) - Fix SSH password regex to not search for content after password:. (#25721) @@ -348,11 +341,9 @@ Added - Add " python" subcommand to allow execution or arbitrary scripts via bundled Python runtime (#62381) -Salt 3004.2 (2022-05-12) -======================== +## Salt 3004.2 (2022-05-12) -Fixed ------ +### Fixed - Expand environment variables in the root_dir registry key (#61445) - Update Markup and contextfunction imports for jinja versions >=3.1. (#61848) @@ -360,17 +351,14 @@ Fixed - Make sure the correct key is being used when verifying or validating communication, eg. when a Salt syndic is involved use syndic_master.pub and when a Salt minion is involved use minion_master.pub. (#61868) -Security --------- +### Security - Fixed PAM auth to reject auth attempt if user account is locked. (cve-2022-22967) -Salt 3004.1 (2022-02-16) -======================== +## Salt 3004.1 (2022-02-16) -Security --------- +### Security - Sign authentication replies to prevent MiTM (cve-2022-22935) - Prevent job and fileserver replays (cve-2022-22936) @@ -379,11 +367,9 @@ Security - Fix denial of service in junos ifconfig output parsing. -Salt 3004 (2021-10-11) -====================== +## Salt 3004 (2021-10-11) -Removed -------- +### Removed - Removed the deprecated glance state and execution module in favor of the glance_image state module and the glanceng execution module. (#59079) @@ -392,8 +378,7 @@ Removed - Removed deprecated virt.migrate_non_shared, virt.migrate_non_shared_inc, ssh from virt.migrate, and python2/python3 args from salt.utils.thin.gen_min and .gen_thin (#60893) -Deprecated ----------- +### Deprecated - The _ext_nodes alias to the master_tops function was added back in 3004 to maintain backwards compatibility with older supported versions. This alias will now be removed in 3006. This change will break Master and Minion communication compatibility with Salt minions running versions 3003 and lower. (#60980) - utils/boto3_elasticsearch is no longer needed (#59882) @@ -401,8 +386,7 @@ Deprecated - Deprecate `salt.payload.Serial` (#60953) -Changed -------- +### Changed - Changed nginx.version to return version without `nginx/` prefix. (#57111) - Updated Slack webhook returner to support event returns on salt-master (#57182) @@ -411,8 +395,7 @@ Changed - Changed the default character set used by `utils.pycrypto.secure_password()` to include symbols and implemented arguments to control the used character set. (#59486) -Fixed ------ +### Fixed - Set default 'bootstrap_delay' to 0 (#61005) - Fixed issue where multiple args to netapi were not preserved (#59182) @@ -566,28 +549,23 @@ Added - Allow a user to use the aptpkg.py module without installing python-apt. (#60818) -Salt 3003.5 (2022-07-05) -======================== +## Salt 3003.5 (2022-07-05) -Fixed ------ +### Fixed - Update Markup and contextfunction imports for jinja versions >=3.1. (#61848) - Fix bug in tcp transport (#61865) - Make sure the correct key is being used when verifying or validating communication, eg. when a Salt syndic is involved use syndic_master.pub and when a Salt minion is involved use minion_master.pub. (#61868) -Security --------- +### Security - Fixed PAM auth to reject auth attempt if user account is locked. (cve-2022-22967) -Salt 3003.4 (2022-02-25) -======================== +## Salt 3003.4 (2022-02-25) -Security --------- +### Security - Sign authentication replies to prevent MiTM (cve-2022-22935) - Prevent job and fileserver replays (cve-2022-22936) @@ -596,27 +574,22 @@ Security - Fix denial of service in junos ifconfig output parsing. -Salt 3003.3 (2021-08-20) -======================== +## Salt 3003.3 (2021-08-20) -Fixed ------ +### Fixed - Fix issue introduced in https://github.com/saltstack/salt/pull/59648 (#60046) -Security --------- +### Security - Verify the owner of an existing config before trusting it during install. If the owner cannot be verified, back it up and use defaults. (CVE-2021-22004) - Ensure that sourced file is cached using its hash name (cve-2021-21996) -Salt 3003.2 (2021-07-29) -======================== +## Salt 3003.2 (2021-07-29) -Fixed ------ +### Fixed - Periodically restart the fileserver update process to avoid leaks (#50313) - Add ssh_timeout to kwargs in deploy_script (#59901) @@ -627,17 +600,14 @@ Fixed - Ignore configuration for 'enable_fqdns_grains' for AIX, Solaris and Juniper, assume False (#60529) -Salt 3003.1 (2021-06-08) -======================== +## Salt 3003.1 (2021-06-08) -Fixed ------ +### Fixed - Import salt.utils.azurearm instead of using __utils__ from loader in azure cloud. This fixes an issue where __utils__ would become unavailable when we are using the ThreadPool in azurearm. (#59744) - Use contextvars library from site-packages if it is intalled. Fixes salt ssh for targets with python <=3.6 (#59942) -Fixed ------ +### Fixed - Fixed race condition in batch logic. Added `listen` option to `LocalClient` to prevent event subscriber from purging cached events during batch iteration. (#56273) - Fixed dependencies for Amazon Linux 2 on https://repo.saltproject.io since Amazon Linux 2 now provides some of the python libraries in their repos. (#59982) @@ -648,11 +618,9 @@ Fixed - Pass the value of the `__grains__` NamedContext to salt.pillar.get_pillar, instead of the NamedContext object itself. (#59975) - Fix pillar serialization in jinja templates (#60083) -Salt 3003 (2021-03-05) -====================== +## Salt 3003 (2021-03-05) -Removed -------- +### Removed - Removed the deprecated glance state and execution module in favor of the glance_image state module and the glanceng execution module. (#59079) @@ -662,13 +630,11 @@ Removed - Removed support for Ubuntu 16.04 (#59913) -Deprecated ----------- +### Deprecated - Added deprecation warning for grains.get_or_set_hash (#59425) -Changed -------- +### Changed - Change `brew cask --list` to `brew list --cask` (#58381) - Store git sha in salt/_version.py when installing from a tag so it can be found if needed later. (#59137) @@ -676,8 +642,7 @@ Changed - Updating the pkg beacon to fire the events when there are upgrades to packages, but also when watched packages are installed or removed. Breaking out the logic for listing pkgs from context into a separate function to aid in testing. Updating tests to ensure context is not used when use_context option to list_pkgs is False. (#59463) -Fixed ------ +### Fixed - When instantiating the loader grab values of grains and pillars if they are NamedLoaderContext instances. (#59773) @@ -817,28 +782,23 @@ Added binary ELF files in the package. (#59569) -Salt 3002.9 (2022-05-25) -======================== +## Salt 3002.9 (2022-05-25) -Fixed ------ +### Fixed - Fixed an error when running on CentOS Stream 8. (#59161) - Fix bug in tcp transport (#61865) - Make sure the correct key is being used when verifying or validating communication, eg. when a Salt syndic is involved use syndic_master.pub and when a Salt minion is involved use minion_master.pub. (#61868) -Security --------- +### Security - Fixed PAM auth to reject auth attempt if user account is locked. (cve-2022-22967) -Salt 3002.8 (2022-02-25) -======================== +## Salt 3002.8 (2022-02-25) -Security --------- +### Security - Sign authentication replies to prevent MiTM (cve-2020-22935) - Sign pillar data to prevent MiTM attacks. (cve-2022-22934) @@ -847,34 +807,28 @@ Security -Salt 3002.7 (2021-08-20) -======================== +## Salt 3002.7 (2021-08-20) -Fixed ------ +### Fixed - Verify the owner of an existing config before trusting it during install. If the owner cannot be verified, back it up and use defaults. (CVE-2021-22004) -Security --------- +### Security - Fix the CVE-2021-31607 vulnerability Additionally, an audit and a tool was put in place, ``bandit``, to address similar issues througout the code base, and prevent them. (CVE-2021-31607) - Ensure that sourced file is cached using its hash name (cve-2021-21996) -Salt 3002.6 (2021-03-10) -======================== +## Salt 3002.6 (2021-03-10) -Changed -------- +### Changed - Store git sha in salt/_version.py when installing from a tag so it can be found if needed later. (#59137) -Fixed ------ +### Fixed - Fix argument injection bug in restartcheck.restartcheck. This change hardens the fix for CVE-2020-28243. (#200) @@ -883,29 +837,23 @@ Fixed - Allow all ssh kwargs as sanitized kwargs for SSH client. (#59748) -Salt 3002.5 (2021-02-25) -======================== +## Salt 3002.5 (2021-02-25) -Fixed ------ +### Fixed - Tests and fix for CVE-2021-25283 -Salt 3002.4 (2021-02-05) -======================== +## Salt 3002.4 (2021-02-05) -Fixed ------ +### Fixed - Fix runners that broke when patching for CVE-2021-25281 - Fix issue with runners in SSE -Salt 3002.3 (2021-01-25) -======================== +## Salt 3002.3 (2021-01-25) -Fixed ------ +### Fixed - CVE-2020-28243 - Fix local privilege escalation in the restartcheck module. (CVE-2020-28243) - CVE-2020-28972 - Ensure authentication to vcenter, vsphere, and esxi server @@ -928,11 +876,9 @@ Fixed - CVE-2021-3197 - Fix ssh client to remove ProxyCommand from arguments provided by cli and netapi. (CVE-2021-3197) -Salt 3002.2 (2020-11-16) -======================== +## Salt 3002.2 (2020-11-16) -Fixed ------ +### Fixed - Fix server core grains issue when running inside a windows container (#59611) - Change dict check to isinstance instead of type() for key_values in file.keyvalue. (#57758) - Fail when func_ret is False when using the new module.run syntax. (#57768) @@ -953,11 +899,9 @@ Fixed - Revert LazyLoader finalizer. Removed the weakref.finalizer code. On some occasions, the finalized would run when trying to load a new module, firing a race condition. (#58947) -Salt 3002.1 (2020-10-26) -======================== +## Salt 3002.1 (2020-10-26) -Fixed ------ +### Fixed - Prevent shell injections in netapi ssh client (cve-2020-16846) - Prevent creating world readable private keys with the tls execution module. (cve-2020-17490) @@ -966,11 +910,9 @@ Fixed Salt ssh via the salt-api. Any value for 'eauth' or 'token' would allow a user to bypass authentication and make calls to Salt ssh. (CVE-2020-25592) -Salt 3002 (2020-10-19) -====================== +## Salt 3002 (2020-10-19) -Removed -------- +### Removed - removed boto_vpc.describe_route_table please use boto_vpc.describe_route_tables (#58636) - removed show_ipv4 arg from all functions in from salt.runners.manage (#58638) @@ -981,14 +923,12 @@ Removed - deprecated opts default argument of none and removed deprecation warnings (#58635) -Deprecated ----------- +### Deprecated - The `ssh` parameter of `virt.migrate` has been deprecated. Use a libvirt URI `target` value instead. Both `virt.migrate_non_shared` and `virt.migrate_non_shared_inc` have been deprecated. Use the `copy_storage` parameter with `virt.migrate` instead. (#57947) -Changed -------- +### Changed - Allow specifying a custom port for Proxmox connection (#50620) - Changed the lvm.lv_present state to accept a resizefs switch. So, when @@ -1004,8 +944,7 @@ Changed arguments. ``formatter`` is still supported, but using both ``serializer`` and ``formatter`` will cause the state to fail. (#57858) -Fixed ------ +### Fixed - `file.read` exec module function no longer fails on binary data. (#58033) - Remove py2 support from winrepo execution module and runner (#58596) @@ -1194,30 +1133,25 @@ Added This flag will be deprecated in the Phosphorus release when this functionality becomes the default. (#58652) -Salt 3001.8 (2021-08-20) -======================== +## Salt 3001.8 (2021-08-20) Version 3001.8 is a bug fix release for :ref:`3001 `. -Fixed ------ +### Fixed - Verify the owner of an existing config before trusting it during install. If the owner cannot be verified, back it up and use defaults. (CVE-2021-22004) -Security --------- +### Security - Fix the CVE-2021-31607 vulnerability Additionally, an audit and a tool was put in place, ``bandit``, to address similar issues througout the code base, and prevent them. (CVE-2021-31607) - Ensure that sourced file is cached using its hash name (cve-2021-21996) -Salt 3001.7 (2021-03-10) -======================== +## Salt 3001.7 (2021-03-10) -Fixed ------ +### Fixed - Fix argument injection bug in restartcheck.restartcheck. This change hardens the fix for CVE-2020-28243. (#200) @@ -1225,20 +1159,16 @@ Fixed Fix regression on "cmd.run" when passing tuples as cmd. (#59664) - Allow all ssh kwargs as sanitized kwargs for SSH client. (#59748) -Salt 3001.6 (2021-02-09) -======================== +## Salt 3001.6 (2021-02-09) -Fixed ------ +### Fixed - Fix runners that broke when patching for CVE-2021-25281 - Fix issue with runners in SSE -Salt 3001.5 -=========== +## Salt 3001.5 -Fixed ------ +### Fixed - CVE-2020-28243 - Fix local privilege escalation in the restartcheck module. (CVE-2020-28243) - CVE-2020-28972 - Ensure authentication to vcenter, vsphere, and esxi server @@ -1262,39 +1192,31 @@ Fixed by cli and netapi. (CVE-2021-3197) -Salt 3001.4 -=========== +## Salt 3001.4 -Fixed ------ +### Fixed - Fixes salt-ssh authentication when using tty (#58922) -Salt 3001.3 -=========== +## Salt 3001.3 -Fixed ------ +### Fixed - Properly validate eauth credentials and tokens along with their ACLs. Prior to this change eauth was not properly validated when calling Salt ssh via the salt-api. Any value for 'eauth' or 'token' would allow a user to bypass authentication and make calls to Salt ssh. (CVE-2020-25592) -Salt 3001.2 -=========== +## Salt 3001.2 -Fixed ------ +### Fixed - Prevent shell injections in netapi ssh client (cve-2020-16846) - Prevent creating world readable private keys with the tls execution module. (cve-2020-17490) -Salt 3001.1 (2020-07-27) -======================== +## Salt 3001.1 (2020-07-27) -Changed -------- +### Changed - Change the ``enable_fqdns_grains`` setting to default to ``False`` on Windows to address some issues with slowness. (#56296, #57529) @@ -1306,8 +1228,7 @@ Changed - Updated requirement to PyYAML 5.3.1 due to vulnerability in PyYAML 5.2.1. (#58019) -Fixed ------ +### Fixed - When running scheduled jobs from a proxy minion with multiprocessing turned off (default) a recursive error occurs as __pub_fun_args is repeated over and over again in the kwargs element in the data dictionary. Now we make a copy of data['kwargs'] instead of using a reference. (#57941) - The `x509.certificate_managed` state no longer triggers a change because of sorting issues if the certificate being evaluated was previously generated under Python 2. (#56556) @@ -1355,11 +1276,9 @@ Added - Added docs demonstrating how to apply an MSI patch with winrepo (#32780) -Salt 3001 (2020-06-17) -====================== +## Salt 3001 (2020-06-17) -Removed -------- +### Removed - Removed long-deprecated `repo` option from pip state. (#51060) - Removed noisy debug logging from config.get. (#54205) @@ -1378,8 +1297,7 @@ Removed - Remove salt/utils/vt.py duplication from filename map. (#57004) -Changed -------- +### Changed - `file.rename` no longer returns False when `force:False`. (#49843) - Brought localclient command line args functionality into line with regular `salt` calls. (#56853) @@ -1406,8 +1324,7 @@ Changed - Update `formulas.rst` with new IRC channel and links to IRC logs (#51628) -Fixed ------ +### Fixed - `pkgrepo.managed` now checks for a changed `key_url`. (#4438) - Allow passing extra args to `file.rename`. (#29001) @@ -1716,11 +1633,9 @@ Added - [#56637](https://github.com/saltstack/salt/pull/56637) - Add ``win_wua.installed`` to the ``win_wua`` execution module - Clarify how to get the master fingerprint (#54699) -Salt 3000.9 (2021-03-10) -======================== +## Salt 3000.9 (2021-03-10) -Fixed ------ +### Fixed - Allow "extra_filerefs" as sanitized kwargs for SSH client. Fix regression on "cmd.run" when passing tuples as cmd. (#59664) @@ -1728,20 +1643,16 @@ Fixed - Fix argument injection bug in restartcheck.restartcheck. This change hardens the fix for CVE-2020-28243. -Salt 3000.8 (2021-02-09) -======================== +## Salt 3000.8 (2021-02-09) -Fixed ------ +### Fixed - Fix runners that broke when patching for CVE-2021-25281 - Fix issue with runners in SSE -Salt 3000.7 -=========== +## Salt 3000.7 -Fixed ------ +### Fixed - CVE-2020-28243 - Fix local privilege escalation in the restartcheck module. (CVE-2020-28243) - CVE-2020-28972 - Ensure authentication to vcenter, vsphere, and esxi server @@ -1764,35 +1675,29 @@ Fixed - CVE-2021-3197 - Fix ssh client to remove ProxyCommand from arguments provided by cli and netapi. (CVE-2021-3197) -Salt 3000.6 -=========== +## Salt 3000.6 -Fixed ------ +### Fixed - Fixes salt-ssh authentication when using tty (#58922) -Salt 3000.5 -=========== +## Salt 3000.5 -Fixed ------ +### Fixed - Properly validate eauth credentials and tokens along with their ACLs. Prior to this change eauth was not properly validated when calling Salt ssh via the salt-api. Any value for 'eauth' or 'token' would allow a user to bypass authentication and make calls to Salt ssh. (CVE-2020-25592) -Salt 3000.4 -=========== +## Salt 3000.4 -Fixed ------ +### Fixed - Prevent shell injections in netapi ssh client (cve-2020-16846) - Prevent creating world readable private keys with the tls execution module. (cve-2020-17490) -### 3000.3 +## 3000.3 ### Fixed - [#57100](https://github.com/saltstack/salt/pull/57100) - Address Issues in CVE Release @@ -1820,13 +1725,13 @@ Fixed ### Changed - [#56730](https://github.com/saltstack/salt/pull/56730) - Backport #52992 -### 3000.2 +## 3000.2 ### Fixed - [#56987](https://github.com/saltstack/salt/pull/56987) - CVE fix -### 3000.1 +## 3000.1 ### Fixed @@ -1863,7 +1768,7 @@ Fixed ### Added -### 3000 - Neon [2020-02-10] +## 3000 - Neon [2020-02-10] ### Removed diff --git a/changelog/.template.jinja b/changelog/.template.jinja new file mode 100644 index 000000000000..0cf429a3b182 --- /dev/null +++ b/changelog/.template.jinja @@ -0,0 +1,15 @@ +{% if sections[""] %} +{% for category, val in definitions.items() if category in sections[""] %} + +### {{ definitions[category]['name'] }} + +{% for text, values in sections[""][category].items() %} +- {{ text }} {{ values|join(', ') }} +{% endfor %} + +{% endfor %} +{% else %} +No significant changes. + + +{% endif %} diff --git a/changelog/31468.added b/changelog/31468.added.md similarity index 100% rename from changelog/31468.added rename to changelog/31468.added.md diff --git a/changelog/3396.added b/changelog/3396.added.md similarity index 100% rename from changelog/3396.added rename to changelog/3396.added.md diff --git a/changelog/36138.fixed b/changelog/36138.fixed.md similarity index 100% rename from changelog/36138.fixed rename to changelog/36138.fixed.md diff --git a/changelog/39292.fixed b/changelog/39292.fixed.md similarity index 100% rename from changelog/39292.fixed rename to changelog/39292.fixed.md diff --git a/changelog/40054.fixed b/changelog/40054.fixed.md similarity index 100% rename from changelog/40054.fixed rename to changelog/40054.fixed.md diff --git a/changelog/42306.fixed b/changelog/42306.fixed.md similarity index 100% rename from changelog/42306.fixed rename to changelog/42306.fixed.md diff --git a/changelog/43287.added b/changelog/43287.added.md similarity index 100% rename from changelog/43287.added rename to changelog/43287.added.md diff --git a/changelog/45823.fixed b/changelog/45823.fixed.md similarity index 100% rename from changelog/45823.fixed rename to changelog/45823.fixed.md diff --git a/changelog/47201.fixed b/changelog/47201.fixed.md similarity index 100% rename from changelog/47201.fixed rename to changelog/47201.fixed.md diff --git a/changelog/48609.changed b/changelog/48609.changed.md similarity index 100% rename from changelog/48609.changed rename to changelog/48609.changed.md diff --git a/changelog/49310.fixed b/changelog/49310.fixed.md similarity index 100% rename from changelog/49310.fixed rename to changelog/49310.fixed.md diff --git a/changelog/49430.changed b/changelog/49430.changed.md similarity index 100% rename from changelog/49430.changed rename to changelog/49430.changed.md diff --git a/changelog/51088.added b/changelog/51088.added.md similarity index 100% rename from changelog/51088.added rename to changelog/51088.added.md diff --git a/changelog/51620.fixed b/changelog/51620.fixed.md similarity index 100% rename from changelog/51620.fixed rename to changelog/51620.fixed.md diff --git a/changelog/51739.fixed b/changelog/51739.fixed.md similarity index 100% rename from changelog/51739.fixed rename to changelog/51739.fixed.md diff --git a/changelog/52167.fixed b/changelog/52167.fixed.md similarity index 100% rename from changelog/52167.fixed rename to changelog/52167.fixed.md diff --git a/changelog/52354.fixed b/changelog/52354.fixed.md similarity index 100% rename from changelog/52354.fixed rename to changelog/52354.fixed.md diff --git a/changelog/52400.fixed b/changelog/52400.fixed.md similarity index 100% rename from changelog/52400.fixed rename to changelog/52400.fixed.md diff --git a/changelog/53353.fixed b/changelog/53353.fixed.md similarity index 100% rename from changelog/53353.fixed rename to changelog/53353.fixed.md diff --git a/changelog/53377.fixed b/changelog/53377.fixed.md similarity index 100% rename from changelog/53377.fixed rename to changelog/53377.fixed.md diff --git a/changelog/53914.fixed b/changelog/53914.fixed.md similarity index 100% rename from changelog/53914.fixed rename to changelog/53914.fixed.md diff --git a/changelog/53988.fixed b/changelog/53988.fixed.md similarity index 100% rename from changelog/53988.fixed rename to changelog/53988.fixed.md diff --git a/changelog/54347.fixed b/changelog/54347.fixed.md similarity index 100% rename from changelog/54347.fixed rename to changelog/54347.fixed.md diff --git a/changelog/54508.fixed b/changelog/54508.fixed.md similarity index 100% rename from changelog/54508.fixed rename to changelog/54508.fixed.md diff --git a/changelog/54679.added b/changelog/54679.added.md similarity index 100% rename from changelog/54679.added rename to changelog/54679.added.md diff --git a/changelog/54682.fixed b/changelog/54682.fixed.md similarity index 100% rename from changelog/54682.fixed rename to changelog/54682.fixed.md diff --git a/changelog/54713.added b/changelog/54713.added.md similarity index 100% rename from changelog/54713.added rename to changelog/54713.added.md diff --git a/changelog/54907.fixed b/changelog/54907.fixed.md similarity index 100% rename from changelog/54907.fixed rename to changelog/54907.fixed.md diff --git a/changelog/55226.fixed b/changelog/55226.fixed.md similarity index 100% rename from changelog/55226.fixed rename to changelog/55226.fixed.md diff --git a/changelog/55269.fixed b/changelog/55269.fixed.md similarity index 100% rename from changelog/55269.fixed rename to changelog/55269.fixed.md diff --git a/changelog/55295.deprecated b/changelog/55295.deprecated.md similarity index 100% rename from changelog/55295.deprecated rename to changelog/55295.deprecated.md diff --git a/changelog/56013.added b/changelog/56013.added.md similarity index 100% rename from changelog/56013.added rename to changelog/56013.added.md diff --git a/changelog/56016.fixed b/changelog/56016.fixed.md similarity index 100% rename from changelog/56016.fixed rename to changelog/56016.fixed.md diff --git a/changelog/56093.fixed b/changelog/56093.fixed.md similarity index 100% rename from changelog/56093.fixed rename to changelog/56093.fixed.md diff --git a/changelog/57139.fixed b/changelog/57139.fixed.md similarity index 100% rename from changelog/57139.fixed rename to changelog/57139.fixed.md diff --git a/changelog/57180.fixed b/changelog/57180.fixed.md similarity index 100% rename from changelog/57180.fixed rename to changelog/57180.fixed.md diff --git a/changelog/57463.fixed b/changelog/57463.fixed.md similarity index 100% rename from changelog/57463.fixed rename to changelog/57463.fixed.md diff --git a/changelog/57500.added b/changelog/57500.added.md similarity index 100% rename from changelog/57500.added rename to changelog/57500.added.md diff --git a/changelog/57535.fixed b/changelog/57535.fixed.md similarity index 100% rename from changelog/57535.fixed rename to changelog/57535.fixed.md diff --git a/changelog/57803.changed b/changelog/57803.changed.md similarity index 100% rename from changelog/57803.changed rename to changelog/57803.changed.md diff --git a/changelog/57842.fixed b/changelog/57842.fixed.md similarity index 100% rename from changelog/57842.fixed rename to changelog/57842.fixed.md diff --git a/changelog/58165.fixed b/changelog/58165.fixed.md similarity index 100% rename from changelog/58165.fixed rename to changelog/58165.fixed.md diff --git a/changelog/58202.fixed b/changelog/58202.fixed.md similarity index 100% rename from changelog/58202.fixed rename to changelog/58202.fixed.md diff --git a/changelog/58297.fixed b/changelog/58297.fixed.md similarity index 100% rename from changelog/58297.fixed rename to changelog/58297.fixed.md diff --git a/changelog/58423.fixed b/changelog/58423.fixed.md similarity index 100% rename from changelog/58423.fixed rename to changelog/58423.fixed.md diff --git a/changelog/58729.fixed b/changelog/58729.fixed.md similarity index 100% rename from changelog/58729.fixed rename to changelog/58729.fixed.md diff --git a/changelog/58953.fixed b/changelog/58953.fixed.md similarity index 100% rename from changelog/58953.fixed rename to changelog/58953.fixed.md diff --git a/changelog/58971.changed b/changelog/58971.changed.md similarity index 100% rename from changelog/58971.changed rename to changelog/58971.changed.md diff --git a/changelog/58986.added b/changelog/58986.added.md similarity index 100% rename from changelog/58986.added rename to changelog/58986.added.md diff --git a/changelog/59017.fixed b/changelog/59017.fixed.md similarity index 100% rename from changelog/59017.fixed rename to changelog/59017.fixed.md diff --git a/changelog/59169.fixed b/changelog/59169.fixed.md similarity index 100% rename from changelog/59169.fixed rename to changelog/59169.fixed.md diff --git a/changelog/59183.fixed b/changelog/59183.fixed.md similarity index 100% rename from changelog/59183.fixed rename to changelog/59183.fixed.md diff --git a/changelog/59315.fixed b/changelog/59315.fixed.md similarity index 100% rename from changelog/59315.fixed rename to changelog/59315.fixed.md diff --git a/changelog/59339.fixed b/changelog/59339.fixed.md similarity index 100% rename from changelog/59339.fixed rename to changelog/59339.fixed.md diff --git a/changelog/59439.changed b/changelog/59439.changed.md similarity index 100% rename from changelog/59439.changed rename to changelog/59439.changed.md diff --git a/changelog/59585.fixed b/changelog/59585.fixed.md similarity index 100% rename from changelog/59585.fixed rename to changelog/59585.fixed.md diff --git a/changelog/59766.fixed b/changelog/59766.fixed.md similarity index 100% rename from changelog/59766.fixed rename to changelog/59766.fixed.md diff --git a/changelog/59786.fixed b/changelog/59786.fixed.md similarity index 100% rename from changelog/59786.fixed rename to changelog/59786.fixed.md diff --git a/changelog/59909.fixed b/changelog/59909.fixed.md similarity index 100% rename from changelog/59909.fixed rename to changelog/59909.fixed.md diff --git a/changelog/59917.removed b/changelog/59917.removed.md similarity index 100% rename from changelog/59917.removed rename to changelog/59917.removed.md diff --git a/changelog/60003.fixed b/changelog/60003.fixed.md similarity index 100% rename from changelog/60003.fixed rename to changelog/60003.fixed.md diff --git a/changelog/60154.added b/changelog/60154.added.md similarity index 100% rename from changelog/60154.added rename to changelog/60154.added.md diff --git a/changelog/60170.fixed b/changelog/60170.fixed.md similarity index 100% rename from changelog/60170.fixed rename to changelog/60170.fixed.md diff --git a/changelog/60227.fixed b/changelog/60227.fixed.md similarity index 100% rename from changelog/60227.fixed rename to changelog/60227.fixed.md diff --git a/changelog/60249.fixed b/changelog/60249.fixed.md similarity index 100% rename from changelog/60249.fixed rename to changelog/60249.fixed.md diff --git a/changelog/60365.fixed b/changelog/60365.fixed.md similarity index 100% rename from changelog/60365.fixed rename to changelog/60365.fixed.md diff --git a/changelog/60430.added b/changelog/60430.added.md similarity index 100% rename from changelog/60430.added rename to changelog/60430.added.md diff --git a/changelog/60467.fixed b/changelog/60467.fixed.md similarity index 100% rename from changelog/60467.fixed rename to changelog/60467.fixed.md diff --git a/changelog/60476.removed b/changelog/60476.removed.md similarity index 100% rename from changelog/60476.removed rename to changelog/60476.removed.md diff --git a/changelog/60518.added b/changelog/60518.added.md similarity index 100% rename from changelog/60518.added rename to changelog/60518.added.md diff --git a/changelog/60557.fixed b/changelog/60557.fixed.md similarity index 100% rename from changelog/60557.fixed rename to changelog/60557.fixed.md diff --git a/changelog/60700.added b/changelog/60700.added.md similarity index 100% rename from changelog/60700.added rename to changelog/60700.added.md diff --git a/changelog/60722.added b/changelog/60722.added.md similarity index 100% rename from changelog/60722.added rename to changelog/60722.added.md diff --git a/changelog/60853.fixed b/changelog/60853.fixed.md similarity index 100% rename from changelog/60853.fixed rename to changelog/60853.fixed.md diff --git a/changelog/60915.fixed b/changelog/60915.fixed.md similarity index 100% rename from changelog/60915.fixed rename to changelog/60915.fixed.md diff --git a/changelog/60994.fixed b/changelog/60994.fixed.md similarity index 100% rename from changelog/60994.fixed rename to changelog/60994.fixed.md diff --git a/changelog/60995.fixed b/changelog/60995.fixed.md similarity index 100% rename from changelog/60995.fixed rename to changelog/60995.fixed.md diff --git a/changelog/60997.fixed b/changelog/60997.fixed.md similarity index 100% rename from changelog/60997.fixed rename to changelog/60997.fixed.md diff --git a/changelog/61083.fixed b/changelog/61083.fixed.md similarity index 100% rename from changelog/61083.fixed rename to changelog/61083.fixed.md diff --git a/changelog/61092.fixed b/changelog/61092.fixed.md similarity index 100% rename from changelog/61092.fixed rename to changelog/61092.fixed.md diff --git a/changelog/61122.fixed b/changelog/61122.fixed.md similarity index 100% rename from changelog/61122.fixed rename to changelog/61122.fixed.md diff --git a/changelog/61153.added b/changelog/61153.added.md similarity index 100% rename from changelog/61153.added rename to changelog/61153.added.md diff --git a/changelog/61245.added b/changelog/61245.added.md similarity index 100% rename from changelog/61245.added rename to changelog/61245.added.md diff --git a/changelog/61319.added b/changelog/61319.added.md similarity index 100% rename from changelog/61319.added rename to changelog/61319.added.md diff --git a/changelog/61335.added b/changelog/61335.added.md similarity index 100% rename from changelog/61335.added rename to changelog/61335.added.md diff --git a/changelog/61409.changed b/changelog/61409.changed.md similarity index 100% rename from changelog/61409.changed rename to changelog/61409.changed.md diff --git a/changelog/61420.added b/changelog/61420.added.md similarity index 100% rename from changelog/61420.added rename to changelog/61420.added.md diff --git a/changelog/61422.fixed b/changelog/61422.fixed.md similarity index 100% rename from changelog/61422.fixed rename to changelog/61422.fixed.md diff --git a/changelog/61433.added b/changelog/61433.added.md similarity index 100% rename from changelog/61433.added rename to changelog/61433.added.md diff --git a/changelog/61542.deprecated b/changelog/61542.deprecated.md similarity index 100% rename from changelog/61542.deprecated rename to changelog/61542.deprecated.md diff --git a/changelog/61618.fixed b/changelog/61618.fixed.md similarity index 100% rename from changelog/61618.fixed rename to changelog/61618.fixed.md diff --git a/changelog/61619.fixed b/changelog/61619.fixed.md similarity index 100% rename from changelog/61619.fixed rename to changelog/61619.fixed.md diff --git a/changelog/61650.fixed b/changelog/61650.fixed.md similarity index 100% rename from changelog/61650.fixed rename to changelog/61650.fixed.md diff --git a/changelog/61727.fixed b/changelog/61727.fixed.md similarity index 100% rename from changelog/61727.fixed rename to changelog/61727.fixed.md diff --git a/changelog/61789.fixed b/changelog/61789.fixed.md similarity index 100% rename from changelog/61789.fixed rename to changelog/61789.fixed.md diff --git a/changelog/61805.fixed b/changelog/61805.fixed.md similarity index 100% rename from changelog/61805.fixed rename to changelog/61805.fixed.md diff --git a/changelog/61814.fixed b/changelog/61814.fixed.md similarity index 100% rename from changelog/61814.fixed rename to changelog/61814.fixed.md diff --git a/changelog/61816.fixed b/changelog/61816.fixed.md similarity index 100% rename from changelog/61816.fixed rename to changelog/61816.fixed.md diff --git a/changelog/61821.fixed b/changelog/61821.fixed.md similarity index 100% rename from changelog/61821.fixed rename to changelog/61821.fixed.md diff --git a/changelog/61827.fixed b/changelog/61827.fixed.md similarity index 100% rename from changelog/61827.fixed rename to changelog/61827.fixed.md diff --git a/changelog/61857.added b/changelog/61857.added.md similarity index 100% rename from changelog/61857.added rename to changelog/61857.added.md diff --git a/changelog/61859.fixed b/changelog/61859.fixed.md similarity index 100% rename from changelog/61859.fixed rename to changelog/61859.fixed.md diff --git a/changelog/61860.fixed b/changelog/61860.fixed.md similarity index 100% rename from changelog/61860.fixed rename to changelog/61860.fixed.md diff --git a/changelog/61931.added b/changelog/61931.added.md similarity index 100% rename from changelog/61931.added rename to changelog/61931.added.md diff --git a/changelog/61966.fixed b/changelog/61966.fixed.md similarity index 100% rename from changelog/61966.fixed rename to changelog/61966.fixed.md diff --git a/changelog/62009.added b/changelog/62009.added.md similarity index 100% rename from changelog/62009.added rename to changelog/62009.added.md diff --git a/changelog/62009.deprecated b/changelog/62009.deprecated.md similarity index 100% rename from changelog/62009.deprecated rename to changelog/62009.deprecated.md diff --git a/changelog/62019.fixed b/changelog/62019.fixed.md similarity index 100% rename from changelog/62019.fixed rename to changelog/62019.fixed.md diff --git a/changelog/62022.fixed b/changelog/62022.fixed.md similarity index 100% rename from changelog/62022.fixed rename to changelog/62022.fixed.md diff --git a/changelog/62029.fixed b/changelog/62029.fixed.md similarity index 100% rename from changelog/62029.fixed rename to changelog/62029.fixed.md diff --git a/changelog/62030.fixed b/changelog/62030.fixed.md similarity index 100% rename from changelog/62030.fixed rename to changelog/62030.fixed.md diff --git a/changelog/62031.added b/changelog/62031.added.md similarity index 100% rename from changelog/62031.added rename to changelog/62031.added.md diff --git a/changelog/62032.fixed b/changelog/62032.fixed.md similarity index 100% rename from changelog/62032.fixed rename to changelog/62032.fixed.md diff --git a/changelog/62053.fixed b/changelog/62053.fixed.md similarity index 100% rename from changelog/62053.fixed rename to changelog/62053.fixed.md diff --git a/changelog/62058.fixed b/changelog/62058.fixed.md similarity index 100% rename from changelog/62058.fixed rename to changelog/62058.fixed.md diff --git a/changelog/62074.fixed b/changelog/62074.fixed.md similarity index 100% rename from changelog/62074.fixed rename to changelog/62074.fixed.md diff --git a/changelog/62082.fixed b/changelog/62082.fixed.md similarity index 100% rename from changelog/62082.fixed rename to changelog/62082.fixed.md diff --git a/changelog/62089.changed b/changelog/62089.changed.md similarity index 100% rename from changelog/62089.changed rename to changelog/62089.changed.md diff --git a/changelog/62101.fixed b/changelog/62101.fixed.md similarity index 100% rename from changelog/62101.fixed rename to changelog/62101.fixed.md diff --git a/changelog/62120.added b/changelog/62120.added.md similarity index 100% rename from changelog/62120.added rename to changelog/62120.added.md diff --git a/changelog/62120.fixed b/changelog/62120.fixed.md similarity index 100% rename from changelog/62120.fixed rename to changelog/62120.fixed.md diff --git a/changelog/62131.fixed b/changelog/62131.fixed.md similarity index 100% rename from changelog/62131.fixed rename to changelog/62131.fixed.md diff --git a/changelog/62139.fixed b/changelog/62139.fixed.md similarity index 100% rename from changelog/62139.fixed rename to changelog/62139.fixed.md diff --git a/changelog/62152.fixed b/changelog/62152.fixed.md similarity index 100% rename from changelog/62152.fixed rename to changelog/62152.fixed.md diff --git a/changelog/62168.changed b/changelog/62168.changed.md similarity index 100% rename from changelog/62168.changed rename to changelog/62168.changed.md diff --git a/changelog/62178.added b/changelog/62178.added.md similarity index 100% rename from changelog/62178.added rename to changelog/62178.added.md diff --git a/changelog/62185.fixed b/changelog/62185.fixed.md similarity index 100% rename from changelog/62185.fixed rename to changelog/62185.fixed.md diff --git a/changelog/62197.fixed b/changelog/62197.fixed.md similarity index 100% rename from changelog/62197.fixed rename to changelog/62197.fixed.md diff --git a/changelog/62198.fixed b/changelog/62198.fixed.md similarity index 100% rename from changelog/62198.fixed rename to changelog/62198.fixed.md diff --git a/changelog/62204.fixed b/changelog/62204.fixed.md similarity index 100% rename from changelog/62204.fixed rename to changelog/62204.fixed.md diff --git a/changelog/62211.fixed b/changelog/62211.fixed.md similarity index 100% rename from changelog/62211.fixed rename to changelog/62211.fixed.md diff --git a/changelog/62218.changed b/changelog/62218.changed.md similarity index 100% rename from changelog/62218.changed rename to changelog/62218.changed.md diff --git a/changelog/62220.fixed b/changelog/62220.fixed.md similarity index 100% rename from changelog/62220.fixed rename to changelog/62220.fixed.md diff --git a/changelog/62235.fixed b/changelog/62235.fixed.md similarity index 100% rename from changelog/62235.fixed rename to changelog/62235.fixed.md diff --git a/changelog/62239.removed b/changelog/62239.removed.md similarity index 100% rename from changelog/62239.removed rename to changelog/62239.removed.md diff --git a/changelog/62248.fixed b/changelog/62248.fixed.md similarity index 100% rename from changelog/62248.fixed rename to changelog/62248.fixed.md diff --git a/changelog/62273.fixed b/changelog/62273.fixed.md similarity index 100% rename from changelog/62273.fixed rename to changelog/62273.fixed.md diff --git a/changelog/62275.added b/changelog/62275.added.md similarity index 100% rename from changelog/62275.added rename to changelog/62275.added.md diff --git a/changelog/62281.fixed b/changelog/62281.fixed.md similarity index 100% rename from changelog/62281.fixed rename to changelog/62281.fixed.md diff --git a/changelog/62283.fixed b/changelog/62283.fixed.md similarity index 100% rename from changelog/62283.fixed rename to changelog/62283.fixed.md diff --git a/changelog/62323.fixed b/changelog/62323.fixed.md similarity index 100% rename from changelog/62323.fixed rename to changelog/62323.fixed.md diff --git a/changelog/62334.fixed b/changelog/62334.fixed.md similarity index 100% rename from changelog/62334.fixed rename to changelog/62334.fixed.md diff --git a/changelog/62336.fixed b/changelog/62336.fixed.md similarity index 100% rename from changelog/62336.fixed rename to changelog/62336.fixed.md diff --git a/changelog/62346.changed b/changelog/62346.changed.md similarity index 100% rename from changelog/62346.changed rename to changelog/62346.changed.md diff --git a/changelog/62366.added b/changelog/62366.added.md similarity index 100% rename from changelog/62366.added rename to changelog/62366.added.md diff --git a/changelog/62372.fixed b/changelog/62372.fixed.md similarity index 100% rename from changelog/62372.fixed rename to changelog/62372.fixed.md diff --git a/changelog/62377.fixed b/changelog/62377.fixed.md similarity index 100% rename from changelog/62377.fixed rename to changelog/62377.fixed.md diff --git a/changelog/62381.added b/changelog/62381.added.md similarity index 100% rename from changelog/62381.added rename to changelog/62381.added.md diff --git a/changelog/62390.fixed b/changelog/62390.fixed.md similarity index 100% rename from changelog/62390.fixed rename to changelog/62390.fixed.md diff --git a/changelog/62398.fixed b/changelog/62398.fixed.md similarity index 100% rename from changelog/62398.fixed rename to changelog/62398.fixed.md diff --git a/changelog/62400.fixed b/changelog/62400.fixed.md similarity index 100% rename from changelog/62400.fixed rename to changelog/62400.fixed.md diff --git a/changelog/62405.fixed b/changelog/62405.fixed.md similarity index 100% rename from changelog/62405.fixed rename to changelog/62405.fixed.md diff --git a/changelog/62408.fixed b/changelog/62408.fixed.md similarity index 100% rename from changelog/62408.fixed rename to changelog/62408.fixed.md diff --git a/changelog/62426.fixed b/changelog/62426.fixed.md similarity index 100% rename from changelog/62426.fixed rename to changelog/62426.fixed.md diff --git a/changelog/62432.removed b/changelog/62432.removed.md similarity index 100% rename from changelog/62432.removed rename to changelog/62432.removed.md diff --git a/changelog/62435.fixed b/changelog/62435.fixed.md similarity index 100% rename from changelog/62435.fixed rename to changelog/62435.fixed.md diff --git a/changelog/62439.fixed b/changelog/62439.fixed.md similarity index 100% rename from changelog/62439.fixed rename to changelog/62439.fixed.md diff --git a/changelog/62446.added b/changelog/62446.added.md similarity index 100% rename from changelog/62446.added rename to changelog/62446.added.md diff --git a/changelog/62451.fixed b/changelog/62451.fixed.md similarity index 100% rename from changelog/62451.fixed rename to changelog/62451.fixed.md diff --git a/changelog/62461.fixed b/changelog/62461.fixed.md similarity index 100% rename from changelog/62461.fixed rename to changelog/62461.fixed.md diff --git a/changelog/62474.fixed b/changelog/62474.fixed.md similarity index 100% rename from changelog/62474.fixed rename to changelog/62474.fixed.md diff --git a/changelog/62480.added b/changelog/62480.added.md similarity index 100% rename from changelog/62480.added rename to changelog/62480.added.md diff --git a/changelog/62483.fixed b/changelog/62483.fixed.md similarity index 100% rename from changelog/62483.fixed rename to changelog/62483.fixed.md diff --git a/changelog/62485.deprecated b/changelog/62485.deprecated.md similarity index 100% rename from changelog/62485.deprecated rename to changelog/62485.deprecated.md diff --git a/changelog/62496.added b/changelog/62496.added.md similarity index 100% rename from changelog/62496.added rename to changelog/62496.added.md diff --git a/changelog/62499.fixed b/changelog/62499.fixed.md similarity index 100% rename from changelog/62499.fixed rename to changelog/62499.fixed.md diff --git a/changelog/62502.fixed b/changelog/62502.fixed.md similarity index 100% rename from changelog/62502.fixed rename to changelog/62502.fixed.md diff --git a/changelog/62508.added b/changelog/62508.added.md similarity index 100% rename from changelog/62508.added rename to changelog/62508.added.md diff --git a/changelog/62519.fixed b/changelog/62519.fixed.md similarity index 100% rename from changelog/62519.fixed rename to changelog/62519.fixed.md diff --git a/changelog/62521.fixed b/changelog/62521.fixed.md similarity index 100% rename from changelog/62521.fixed rename to changelog/62521.fixed.md diff --git a/changelog/62523.fixed b/changelog/62523.fixed.md similarity index 100% rename from changelog/62523.fixed rename to changelog/62523.fixed.md diff --git a/changelog/62527.fixed b/changelog/62527.fixed.md similarity index 100% rename from changelog/62527.fixed rename to changelog/62527.fixed.md diff --git a/changelog/62539.added b/changelog/62539.added.md similarity index 100% rename from changelog/62539.added rename to changelog/62539.added.md diff --git a/changelog/62546.fixed b/changelog/62546.fixed.md similarity index 100% rename from changelog/62546.fixed rename to changelog/62546.fixed.md diff --git a/changelog/62547.fixed b/changelog/62547.fixed.md similarity index 100% rename from changelog/62547.fixed rename to changelog/62547.fixed.md diff --git a/changelog/62556.fixed b/changelog/62556.fixed.md similarity index 100% rename from changelog/62556.fixed rename to changelog/62556.fixed.md diff --git a/changelog/62558.fixed b/changelog/62558.fixed.md similarity index 100% rename from changelog/62558.fixed rename to changelog/62558.fixed.md diff --git a/changelog/62565.fixed b/changelog/62565.fixed.md similarity index 100% rename from changelog/62565.fixed rename to changelog/62565.fixed.md diff --git a/changelog/62576.fixed b/changelog/62576.fixed.md similarity index 100% rename from changelog/62576.fixed rename to changelog/62576.fixed.md diff --git a/changelog/62578.added b/changelog/62578.added.md similarity index 100% rename from changelog/62578.added rename to changelog/62578.added.md diff --git a/changelog/62580.fixed b/changelog/62580.fixed.md similarity index 100% rename from changelog/62580.fixed rename to changelog/62580.fixed.md diff --git a/changelog/62587.fixed b/changelog/62587.fixed.md similarity index 100% rename from changelog/62587.fixed rename to changelog/62587.fixed.md diff --git a/changelog/62595.fixed b/changelog/62595.fixed.md similarity index 100% rename from changelog/62595.fixed rename to changelog/62595.fixed.md diff --git a/changelog/62618.fixed b/changelog/62618.fixed.md similarity index 100% rename from changelog/62618.fixed rename to changelog/62618.fixed.md diff --git a/changelog/62624.fixed b/changelog/62624.fixed.md similarity index 100% rename from changelog/62624.fixed rename to changelog/62624.fixed.md diff --git a/changelog/62633.fixed b/changelog/62633.fixed.md similarity index 100% rename from changelog/62633.fixed rename to changelog/62633.fixed.md diff --git a/changelog/62644.deprecated b/changelog/62644.deprecated.md similarity index 100% rename from changelog/62644.deprecated rename to changelog/62644.deprecated.md diff --git a/changelog/62651.fixed b/changelog/62651.fixed.md similarity index 100% rename from changelog/62651.fixed rename to changelog/62651.fixed.md diff --git a/changelog/62654.fixed b/changelog/62654.fixed.md similarity index 100% rename from changelog/62654.fixed rename to changelog/62654.fixed.md diff --git a/changelog/62657.fixed b/changelog/62657.fixed.md similarity index 100% rename from changelog/62657.fixed rename to changelog/62657.fixed.md diff --git a/changelog/62670.fixed b/changelog/62670.fixed.md similarity index 100% rename from changelog/62670.fixed rename to changelog/62670.fixed.md diff --git a/changelog/62672.fixed b/changelog/62672.fixed.md similarity index 100% rename from changelog/62672.fixed rename to changelog/62672.fixed.md diff --git a/changelog/62676.fixed b/changelog/62676.fixed.md similarity index 100% rename from changelog/62676.fixed rename to changelog/62676.fixed.md diff --git a/changelog/62678.added b/changelog/62678.added.md similarity index 100% rename from changelog/62678.added rename to changelog/62678.added.md diff --git a/changelog/62728.fixed b/changelog/62728.fixed.md similarity index 100% rename from changelog/62728.fixed rename to changelog/62728.fixed.md diff --git a/changelog/62754.deprecated b/changelog/62754.deprecated.md similarity index 100% rename from changelog/62754.deprecated rename to changelog/62754.deprecated.md diff --git a/changelog/62761.added b/changelog/62761.added.md similarity index 100% rename from changelog/62761.added rename to changelog/62761.added.md diff --git a/changelog/62768.added b/changelog/62768.added.md similarity index 100% rename from changelog/62768.added rename to changelog/62768.added.md diff --git a/changelog/62772.fixed b/changelog/62772.fixed.md similarity index 100% rename from changelog/62772.fixed rename to changelog/62772.fixed.md diff --git a/changelog/62793.fixed b/changelog/62793.fixed.md similarity index 100% rename from changelog/62793.fixed rename to changelog/62793.fixed.md diff --git a/changelog/62795.fixed b/changelog/62795.fixed.md similarity index 100% rename from changelog/62795.fixed rename to changelog/62795.fixed.md diff --git a/changelog/62817.fixed b/changelog/62817.fixed.md similarity index 100% rename from changelog/62817.fixed rename to changelog/62817.fixed.md diff --git a/changelog/62818.fixed b/changelog/62818.fixed.md similarity index 100% rename from changelog/62818.fixed rename to changelog/62818.fixed.md diff --git a/changelog/62826.fixed b/changelog/62826.fixed.md similarity index 100% rename from changelog/62826.fixed rename to changelog/62826.fixed.md diff --git a/changelog/62845.fixed b/changelog/62845.fixed.md similarity index 100% rename from changelog/62845.fixed rename to changelog/62845.fixed.md diff --git a/changelog/62854.fixed b/changelog/62854.fixed.md similarity index 100% rename from changelog/62854.fixed rename to changelog/62854.fixed.md diff --git a/changelog/62856.added b/changelog/62856.added.md similarity index 100% rename from changelog/62856.added rename to changelog/62856.added.md diff --git a/changelog/62858.fixed b/changelog/62858.fixed.md similarity index 100% rename from changelog/62858.fixed rename to changelog/62858.fixed.md diff --git a/changelog/62867.added b/changelog/62867.added.md similarity index 100% rename from changelog/62867.added rename to changelog/62867.added.md diff --git a/changelog/62873.fixed b/changelog/62873.fixed.md similarity index 100% rename from changelog/62873.fixed rename to changelog/62873.fixed.md diff --git a/changelog/62878.fixed b/changelog/62878.fixed.md similarity index 100% rename from changelog/62878.fixed rename to changelog/62878.fixed.md diff --git a/changelog/62882.fixed b/changelog/62882.fixed.md similarity index 100% rename from changelog/62882.fixed rename to changelog/62882.fixed.md diff --git a/changelog/62886.fixed b/changelog/62886.fixed.md similarity index 100% rename from changelog/62886.fixed rename to changelog/62886.fixed.md diff --git a/changelog/62895.changed b/changelog/62895.changed.md similarity index 100% rename from changelog/62895.changed rename to changelog/62895.changed.md diff --git a/changelog/62900.fixed b/changelog/62900.fixed.md similarity index 100% rename from changelog/62900.fixed rename to changelog/62900.fixed.md diff --git a/changelog/62914.deprecated b/changelog/62914.deprecated.md similarity index 100% rename from changelog/62914.deprecated rename to changelog/62914.deprecated.md diff --git a/changelog/62915.deprecated b/changelog/62915.deprecated.md similarity index 100% rename from changelog/62915.deprecated rename to changelog/62915.deprecated.md diff --git a/changelog/62917.deprecated b/changelog/62917.deprecated.md similarity index 100% rename from changelog/62917.deprecated rename to changelog/62917.deprecated.md diff --git a/changelog/62933.fixed b/changelog/62933.fixed.md similarity index 100% rename from changelog/62933.fixed rename to changelog/62933.fixed.md diff --git a/changelog/62934.fixed b/changelog/62934.fixed.md similarity index 100% rename from changelog/62934.fixed rename to changelog/62934.fixed.md diff --git a/changelog/62937.fixed b/changelog/62937.fixed.md similarity index 100% rename from changelog/62937.fixed rename to changelog/62937.fixed.md diff --git a/changelog/62940.fixed b/changelog/62940.fixed.md similarity index 100% rename from changelog/62940.fixed rename to changelog/62940.fixed.md diff --git a/changelog/62942.fixed b/changelog/62942.fixed.md similarity index 100% rename from changelog/62942.fixed rename to changelog/62942.fixed.md diff --git a/changelog/62953.fixed b/changelog/62953.fixed.md similarity index 100% rename from changelog/62953.fixed rename to changelog/62953.fixed.md diff --git a/changelog/62968.fixed b/changelog/62968.fixed.md similarity index 100% rename from changelog/62968.fixed rename to changelog/62968.fixed.md diff --git a/changelog/62977.fixed b/changelog/62977.fixed.md similarity index 100% rename from changelog/62977.fixed rename to changelog/62977.fixed.md diff --git a/changelog/62978.added b/changelog/62978.added.md similarity index 100% rename from changelog/62978.added rename to changelog/62978.added.md diff --git a/changelog/62983.added b/changelog/62983.added.md similarity index 100% rename from changelog/62983.added rename to changelog/62983.added.md diff --git a/changelog/62986.fixed b/changelog/62986.fixed.md similarity index 100% rename from changelog/62986.fixed rename to changelog/62986.fixed.md diff --git a/changelog/62988.fixed b/changelog/62988.fixed.md similarity index 100% rename from changelog/62988.fixed rename to changelog/62988.fixed.md diff --git a/changelog/62993.fixed b/changelog/62993.fixed.md similarity index 100% rename from changelog/62993.fixed rename to changelog/62993.fixed.md diff --git a/changelog/63012.changed b/changelog/63012.changed.md similarity index 100% rename from changelog/63012.changed rename to changelog/63012.changed.md diff --git a/changelog/63013.fixed b/changelog/63013.fixed.md similarity index 100% rename from changelog/63013.fixed rename to changelog/63013.fixed.md diff --git a/changelog/63024.fixed b/changelog/63024.fixed.md similarity index 100% rename from changelog/63024.fixed rename to changelog/63024.fixed.md diff --git a/changelog/63025.fixed b/changelog/63025.fixed.md similarity index 100% rename from changelog/63025.fixed rename to changelog/63025.fixed.md diff --git a/changelog/63033.fixed b/changelog/63033.fixed.md similarity index 100% rename from changelog/63033.fixed rename to changelog/63033.fixed.md diff --git a/changelog/63042.added b/changelog/63042.added.md similarity index 100% rename from changelog/63042.added rename to changelog/63042.added.md diff --git a/changelog/63050.changed b/changelog/63050.changed.md similarity index 100% rename from changelog/63050.changed rename to changelog/63050.changed.md diff --git a/changelog/63058.fixed b/changelog/63058.fixed.md similarity index 100% rename from changelog/63058.fixed rename to changelog/63058.fixed.md diff --git a/changelog/63067.added b/changelog/63067.added.md similarity index 100% rename from changelog/63067.added rename to changelog/63067.added.md diff --git a/changelog/63093.added b/changelog/63093.added.md similarity index 100% rename from changelog/63093.added rename to changelog/63093.added.md diff --git a/changelog/63095.added b/changelog/63095.added.md similarity index 100% rename from changelog/63095.added rename to changelog/63095.added.md diff --git a/changelog/63095.deprecated b/changelog/63095.deprecated.md similarity index 100% rename from changelog/63095.deprecated rename to changelog/63095.deprecated.md diff --git a/changelog/63098.added b/changelog/63098.added.md similarity index 100% rename from changelog/63098.added rename to changelog/63098.added.md diff --git a/changelog/63103.fixed b/changelog/63103.fixed.md similarity index 100% rename from changelog/63103.fixed rename to changelog/63103.fixed.md diff --git a/changelog/63120.fixed b/changelog/63120.fixed.md similarity index 100% rename from changelog/63120.fixed rename to changelog/63120.fixed.md diff --git a/changelog/63128.added b/changelog/63128.added.md similarity index 100% rename from changelog/63128.added rename to changelog/63128.added.md diff --git a/changelog/63131.added b/changelog/63131.added.md similarity index 100% rename from changelog/63131.added rename to changelog/63131.added.md diff --git a/changelog/63145.fixed b/changelog/63145.fixed.md similarity index 100% rename from changelog/63145.fixed rename to changelog/63145.fixed.md diff --git a/changelog/63208.fixed b/changelog/63208.fixed.md similarity index 100% rename from changelog/63208.fixed rename to changelog/63208.fixed.md diff --git a/changelog/63231.fixed b/changelog/63231.fixed.md similarity index 100% rename from changelog/63231.fixed rename to changelog/63231.fixed.md diff --git a/changelog/63248.added b/changelog/63248.added.md similarity index 100% rename from changelog/63248.added rename to changelog/63248.added.md diff --git a/changelog/63249.added b/changelog/63249.added.md similarity index 100% rename from changelog/63249.added rename to changelog/63249.added.md diff --git a/changelog/63315.added b/changelog/63315.added.md similarity index 100% rename from changelog/63315.added rename to changelog/63315.added.md diff --git a/changelog/63316.added b/changelog/63316.added.md similarity index 100% rename from changelog/63316.added rename to changelog/63316.added.md diff --git a/changelog/63350.fixed b/changelog/63350.fixed.md similarity index 100% rename from changelog/63350.fixed rename to changelog/63350.fixed.md diff --git a/changelog/63356.added b/changelog/63356.added.md similarity index 100% rename from changelog/63356.added rename to changelog/63356.added.md diff --git a/changelog/63383.changed b/changelog/63383.changed.md similarity index 100% rename from changelog/63383.changed rename to changelog/63383.changed.md diff --git a/changelog/63383.deprecated b/changelog/63383.deprecated.md similarity index 100% rename from changelog/63383.deprecated rename to changelog/63383.deprecated.md diff --git a/changelog/63590.fixed b/changelog/63590.fixed.md similarity index 100% rename from changelog/63590.fixed rename to changelog/63590.fixed.md diff --git a/changelog/63595.changed b/changelog/63595.changed.md similarity index 100% rename from changelog/63595.changed rename to changelog/63595.changed.md diff --git a/changelog/63596.fixed b/changelog/63596.fixed.md similarity index 100% rename from changelog/63596.fixed rename to changelog/63596.fixed.md diff --git a/changelog/63606.added b/changelog/63606.added.md similarity index 100% rename from changelog/63606.added rename to changelog/63606.added.md diff --git a/changelog/63710.changed.md b/changelog/63710.changed.md new file mode 100644 index 000000000000..799e0a7aafa3 --- /dev/null +++ b/changelog/63710.changed.md @@ -0,0 +1 @@ +Changelog snippet files must now have a `.md` file extension to be more explicit on what type of rendering is done when they are included in the main `CHANGELOG.md` file. diff --git a/doc/conf.py b/doc/conf.py index 024916b8084e..01709bff618e 100644 --- a/doc/conf.py +++ b/doc/conf.py @@ -151,7 +151,8 @@ "sphinx.ext.intersphinx", "httpdomain", "youtube", - "saltrepo" + "saltrepo", + "myst_parser", #'saltautodoc', # Must be AFTER autodoc #'shorturls', ] @@ -215,6 +216,7 @@ "formula_url": ("https://github.com/saltstack-formulas/%s", "url %s"), } +myst_gfm_only = True # ----- Localization --------------------------------------------------------> locale_dirs = ["locale/"] diff --git a/doc/topics/development/changelog.rst b/doc/topics/development/changelog.rst index fb4b4fe8ded5..b730243b4387 100644 --- a/doc/topics/development/changelog.rst +++ b/doc/topics/development/changelog.rst @@ -19,8 +19,8 @@ How do I add a changelog entry ------------------------------ To add a changelog entry you will need to add a file in the `changelog` directory. -The file name should follow the syntax ``.``. If it is a security -fix then the following syntax will need to be used ``cve-.security``. +The file name should follow the syntax ``..md``. If it is a security +fix then the following syntax will need to be used ``cve-.security.md``. The types are in alignment with keepachangelog: @@ -44,12 +44,12 @@ The types are in alignment with keepachangelog: For example if you are fixing a bug for issue number #1234 your filename would -look like this: changelog/1234.fixed. The contents of the file should contain +look like this: `changelog/1234.fixed.md`. The contents of the file should contain a summary of what you are fixing. If there is a legitimate reason to not include an issue number with a given contribution you can add the PR number as the file -name (``.``). +name (``..md``). -For a security fix your filename would look like this: changelog/cve-2021-25283.security. +For a security fix your filename would look like this: `changelog/cve-2021-25283.security.md`. If your PR does not align with any of the types, then you do not need to add a changelog entry. @@ -72,10 +72,19 @@ This step is only used when we need to generate the changelog right before relea You should NOT run towncrier on your PR, unless you are preparing the final PR to update the changelog before a release. -You can run the `towncrier` tool directly or you can use nox to help run the command +You can run the `towncrier` tool directly or you can use `tools` to help run the command and ensure towncrier is installed in a virtual environment. The instructions below will detail both approaches. + +Installing `tools` +.................. + +.. code-block: bash + + python -m pip install -r requirements/static/ci/py3.10/tools.txt + + If you want to see what output towncrier will produce before generating the change log you can run towncrier in draft mode: @@ -85,7 +94,7 @@ you can run towncrier in draft mode: .. code-block:: bash - nox -e 'changelog(force=False, draft=True)' -- 3000.1 + tools changelog update-changelog-md --draft 3000.1 Version will need to be set to whichever version we are about to release. Once you are confident the draft output looks correct you can now generate the changelog by running: @@ -96,7 +105,8 @@ confident the draft output looks correct you can now generate the changelog by r .. code-block:: bash - nox -e 'changelog(force=False, draft=False)' -- 3000.1 + tools changelog update-changelog-md 3000.1 + After this is run towncrier will automatically remove all the files in the changelog directory. @@ -104,9 +114,13 @@ After this is run towncrier will automatically remove all the files in the chang If you want to force towncrier to automatically remove all the files in the changelog directory without asking you to type yes, you can set force to True. + .. code-block:: bash - nox -e 'changelog(force=True, draft=False)' -- 3000.1 + towncrier --yes --version=3001 + + +The `tools changelog update-changelog-md ` command will automatically add `--yes` if `--draft` is not passed. .. _`SEP 01`: https://github.com/saltstack/salt-enhancement-proposals/pull/2 diff --git a/doc/topics/releases/3006.0.md b/doc/topics/releases/3006.0.md new file mode 100644 index 000000000000..a7f1967c8882 --- /dev/null +++ b/doc/topics/releases/3006.0.md @@ -0,0 +1,57 @@ +[](#release-3006.0) + +# Salt 3006.0 release notes - Codename Sulfur - UNRELEASED + +## Onedir packaging + +Going forward from the 3006.0 release, the Salt Project will only provide onedir +packages to install or upgrade Salt. The classic, non-onedir packages will not +be provided for supported operating systems. See [Upgrade to onedir](https://docs.saltproject.io/salt/install-guide/en/latest/topics/upgrade-to-onedir.html) +in the [Salt Install Guide](https://docs.saltproject.io/salt/install-guide/en/latest) for information about upgrading from the classic packages to the onedir +packages. + + +## Dropping support for Python 3.5 and 3.6 + +Python 3.5 and 3.6 will no longer be supported by Salt since they +are end of life. Going forward our policy will be to align with Python's +supported versions. See [Salt support for Python versions](https://docs.saltproject.io/salt/install-guide/en/latest/topics/salt-python-version-support.html) +for more information. + + +## All salt-api functionality disabled by default + +All netapi clients, which provide the functionality to ``salt-api``, will now +be disabled by default as a security precaution. If you use ``salt-api``, you +must add the new ``netapi_enable_clients`` option to your salt master config. +This is a breaking change and the ``salt-api`` will not function without this +new configuration option. See [Enabling netapi client interfaces](https://docs.saltproject.io/en/3006.0/topics/netapi/netapi-enable-clients.html#netapi-enable-clients) +for more information. + + +## How do I migrate to the onedir packages? + +The migration path from the classic, non-onedir packages to the onedir packages +will include: + +* Repo File: You need to update your repo file to point to the new repo paths + for your platform. After the repo file is updated, upgrade your Salt packages. +* Pip packages: You need to ensure any 3rd party pip packages are installed in + the correct onedir path. This can be accomplished in two ways: + + * ``salt-pip install `` + * Using the ``pip.installed`` Salt state. + +To install python packages into the system python environment, user's must now +provide the ``pip_bin`` or ``bin_env`` to the pip state module. + +For example: + +```yaml +lib-foo: + pip.installed: + - pip_bin: /usr/bin/pip3 +lib-bar: + pip.installed: + - bin_env: /usr/bin/python3 +``` diff --git a/doc/topics/releases/3006.0.rst b/doc/topics/releases/3006.0.rst deleted file mode 100644 index 5cd3fb7fc149..000000000000 --- a/doc/topics/releases/3006.0.rst +++ /dev/null @@ -1,67 +0,0 @@ -.. _release-3006.0: - -=========================================== -Salt 3006.0 release notes - Codename Sulfur -=========================================== - -Salt 3006.0 is currently under development. - - -Onedir packaging ----------------- -Going forward from the 3006.0 release, the Salt Project will only provide onedir -packages to install or upgrade Salt. The classic, non-onedir packages will not -be provided for supported operating systems. See -`Upgrade to onedir `_ -in the `Salt Install Guide `_ -for information about upgrading from the classic packages to the onedir -packages. - - -Dropping support for Python 3.5 and 3.6 ---------------------------------------- - -Python 3.5 and 3.6 will no longer be supported by Salt since they -are end of life. Going forward our policy will be to align with Python's -supported versions. See -`Salt support for Python versions `_ -for more information. - - -All salt-api functionality disabled by default ----------------------------------------------- - -All netapi clients, which provide the functionality to ``salt-api``, will now -be disabled by default as a security precaution. If you use ``salt-api``, you -must add the new ``netapi_enable_clients`` option to your salt master config. -This is a breaking change and the ``salt-api`` will not function without this -new configuration option. See :ref:`netapi-enable-clients` for more -information. - - -How do I migrate to the onedir packages? ----------------------------------------- -The migration path from the classic, non-onedir packages to the onedir packages -will include: - -* Repo File: You need to update your repo file to point to the new repo paths - for your platform. After the repo file is updated, upgrade your Salt packages. -* Pip packages: You need to ensure any 3rd party pip packages are installed in - the correct onedir path. This can be accomplished in two ways: - - * ``salt-pip install `` - * Using the ``pip.installed`` Salt state. - -To install python packages into the system python environment, user's must now -provide the ``pip_bin`` or ``bin_env`` to the pip state module. - -For example: - -.. code-block:: yaml - - lib-foo: - pip.installed: - - pip_bin: /usr/bin/pip3 - lib-bar: - pip.installed: - - bin_env: /usr/bin/python3 diff --git a/noxfile.py b/noxfile.py index 24511b067196..b00bc9a9772e 100644 --- a/noxfile.py +++ b/noxfile.py @@ -1629,20 +1629,22 @@ def changelog(session, draft, force): """ Generate salt's changelog """ + session_warn( + session, + "Please stop using this nox session and start using the 'tools' command shown below.", + ) if _upgrade_pip_setuptools_and_wheel(session): requirements_file = os.path.join( - "requirements", "static", "ci", _get_pydir(session), "changelog.txt" + "requirements", "static", "ci", _get_pydir(session), "tools.txt" ) install_command = ["--progress-bar=off", "-r", requirements_file] session.install(*install_command, silent=PIP_INSTALL_SILENT) - town_cmd = ["towncrier", "build", "--version={}".format(session.posargs[0])] + cmd = ["tools", "changelog", "update-changelog-md"] if draft: - town_cmd.append("--draft") - if force: - # Do not ask, just remove news fragments - town_cmd.append("--yes") - session.run(*town_cmd) + cmd.append("--draft") + cmd.append(session.posargs[0]) + session.run(*cmd) class Recompress: diff --git a/pyproject.toml b/pyproject.toml index 44ef8b36e565..8afba8f0f4c3 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -23,8 +23,11 @@ known_third_party = [ package = "salt" filename = "CHANGELOG.md" directory = "changelog/" + template = "changelog/.template.jinja" start_string = "# Changelog\n" - issue_format = "`#{issue} `_" + underlines = ["", "", ""] + title_format = "## {version} ({project_date})" + issue_format = "[#{issue}](https://github.com/saltstack/salt/issues/{issue})" [[tool.towncrier.type]] directory = "removed" diff --git a/requirements/static/ci/docs.in b/requirements/static/ci/docs.in index ef3b49e13678..a1ec03c9c2d2 100644 --- a/requirements/static/ci/docs.in +++ b/requirements/static/ci/docs.in @@ -2,3 +2,4 @@ sphinx>=3.5.1; python_version < '3.9' sphinx>=6.1.0; python_version >= '3.9' +myst-docutils[linkify] diff --git a/requirements/static/ci/py3.10/docs.txt b/requirements/static/ci/py3.10/docs.txt index e09938d21442..037a8f16a8cf 100644 --- a/requirements/static/ci/py3.10/docs.txt +++ b/requirements/static/ci/py3.10/docs.txt @@ -40,24 +40,37 @@ jinja2==3.1.2 # via # -c requirements/static/ci/py3.10/linux.txt # -r requirements/base.txt + # myst-docutils # sphinx jmespath==1.0.1 # via # -c requirements/static/ci/py3.10/linux.txt # -r requirements/base.txt +linkify-it-py==1.0.3 + # via myst-docutils looseversion==1.0.2 # via # -c requirements/static/ci/py3.10/linux.txt # -r requirements/base.txt +markdown-it-py==2.1.0 + # via + # mdit-py-plugins + # myst-docutils markupsafe==2.0.1 # via # -c requirements/static/ci/py3.10/linux.txt # -r requirements/base.txt # jinja2 +mdit-py-plugins==0.3.3 + # via myst-docutils +mdurl==0.1.2 + # via markdown-it-py msgpack==1.0.2 # via # -c requirements/static/ci/py3.10/linux.txt # -r requirements/base.txt +myst-docutils[linkify]==0.18.1 + # via -r requirements/static/ci/docs.in packaging==22.0 # via # -c requirements/static/ci/py3.10/linux.txt @@ -81,6 +94,7 @@ pyyaml==5.4.1 # via # -c requirements/static/ci/py3.10/linux.txt # -r requirements/base.txt + # myst-docutils pyzmq==23.2.0 # via # -c requirements/static/ci/py3.10/linux.txt @@ -106,6 +120,12 @@ sphinxcontrib-qthelp==1.0.3 # via sphinx sphinxcontrib-serializinghtml==1.1.5 # via sphinx +typing-extensions==4.2.0 + # via + # -c requirements/static/ci/py3.10/linux.txt + # myst-docutils +uc-micro-py==1.0.1 + # via linkify-it-py urllib3==1.26.6 # via # -c requirements/static/ci/py3.10/linux.txt diff --git a/requirements/static/ci/py3.6/docs.txt b/requirements/static/ci/py3.6/docs.txt index 14e1388003f7..93859224f599 100644 --- a/requirements/static/ci/py3.6/docs.txt +++ b/requirements/static/ci/py3.6/docs.txt @@ -6,6 +6,10 @@ # alabaster==0.7.12 # via sphinx +attrs==20.3.0 + # via + # -c requirements/static/ci/py3.6/linux.txt + # markdown-it-py babel==2.9.1 # via sphinx certifi==2022.12.7 @@ -40,24 +44,37 @@ jinja2==3.0.3 # via # -c requirements/static/ci/py3.6/linux.txt # -r requirements/base.txt + # myst-docutils # sphinx jmespath==0.10.0 # via # -c requirements/static/ci/py3.6/linux.txt # -r requirements/base.txt +linkify-it-py==1.0.3 + # via myst-docutils looseversion==1.0.3 # via # -c requirements/static/ci/py3.6/linux.txt # -r requirements/base.txt +markdown-it-py==2.0.1 + # via + # mdit-py-plugins + # myst-docutils markupsafe==2.0.1 # via # -c requirements/static/ci/py3.6/linux.txt # -r requirements/base.txt # jinja2 +mdit-py-plugins==0.3.0 + # via myst-docutils +mdurl==0.1.0 + # via markdown-it-py msgpack==1.0.2 # via # -c requirements/static/ci/py3.6/linux.txt # -r requirements/base.txt +myst-docutils[linkify]==0.16.1 + # via -r requirements/static/ci/docs.in packaging==21.3 # via # -c requirements/static/ci/py3.6/linux.txt @@ -85,6 +102,7 @@ pyyaml==5.4.1 # via # -c requirements/static/ci/py3.6/linux.txt # -r requirements/base.txt + # myst-docutils pyzmq==23.2.0 # via # -c requirements/static/ci/py3.6/linux.txt @@ -110,6 +128,12 @@ sphinxcontrib-qthelp==1.0.3 # via sphinx sphinxcontrib-serializinghtml==1.1.4 # via sphinx +typing-extensions==3.10.0.0 + # via + # -c requirements/static/ci/py3.6/linux.txt + # markdown-it-py +uc-micro-py==1.0.1 + # via linkify-it-py urllib3==1.26.6 # via # -c requirements/static/ci/py3.6/linux.txt diff --git a/requirements/static/ci/py3.7/docs.txt b/requirements/static/ci/py3.7/docs.txt index 01bc4a82c761..753a000fb871 100644 --- a/requirements/static/ci/py3.7/docs.txt +++ b/requirements/static/ci/py3.7/docs.txt @@ -40,24 +40,37 @@ jinja2==3.1.2 # via # -c requirements/static/ci/py3.7/linux.txt # -r requirements/base.txt + # myst-docutils # sphinx jmespath==1.0.1 # via # -c requirements/static/ci/py3.7/linux.txt # -r requirements/base.txt +linkify-it-py==1.0.3 + # via myst-docutils looseversion==1.0.2 # via # -c requirements/static/ci/py3.7/linux.txt # -r requirements/base.txt +markdown-it-py==2.1.0 + # via + # mdit-py-plugins + # myst-docutils markupsafe==2.0.1 # via # -c requirements/static/ci/py3.7/linux.txt # -r requirements/base.txt # jinja2 +mdit-py-plugins==0.3.3 + # via myst-docutils +mdurl==0.1.2 + # via markdown-it-py msgpack==1.0.2 # via # -c requirements/static/ci/py3.7/linux.txt # -r requirements/base.txt +myst-docutils[linkify]==0.18.1 + # via -r requirements/static/ci/docs.in packaging==21.3 # via # -c requirements/static/ci/py3.7/linux.txt @@ -85,6 +98,7 @@ pyyaml==5.4.1 # via # -c requirements/static/ci/py3.7/linux.txt # -r requirements/base.txt + # myst-docutils pyzmq==23.2.0 # via # -c requirements/static/ci/py3.7/linux.txt @@ -110,6 +124,13 @@ sphinxcontrib-qthelp==1.0.3 # via sphinx sphinxcontrib-serializinghtml==1.1.4 # via sphinx +typing-extensions==3.10.0.0 + # via + # -c requirements/static/ci/py3.7/linux.txt + # markdown-it-py + # myst-docutils +uc-micro-py==1.0.1 + # via linkify-it-py urllib3==1.26.6 # via # -c requirements/static/ci/py3.7/linux.txt diff --git a/requirements/static/ci/py3.8/docs.txt b/requirements/static/ci/py3.8/docs.txt index 9c23c81a80d1..a6b9f1184ef9 100644 --- a/requirements/static/ci/py3.8/docs.txt +++ b/requirements/static/ci/py3.8/docs.txt @@ -40,24 +40,37 @@ jinja2==3.1.2 # via # -c requirements/static/ci/py3.8/linux.txt # -r requirements/base.txt + # myst-docutils # sphinx jmespath==1.0.1 # via # -c requirements/static/ci/py3.8/linux.txt # -r requirements/base.txt +linkify-it-py==1.0.3 + # via myst-docutils looseversion==1.0.2 # via # -c requirements/static/ci/py3.8/linux.txt # -r requirements/base.txt +markdown-it-py==2.1.0 + # via + # mdit-py-plugins + # myst-docutils markupsafe==2.0.1 # via # -c requirements/static/ci/py3.8/linux.txt # -r requirements/base.txt # jinja2 +mdit-py-plugins==0.3.3 + # via myst-docutils +mdurl==0.1.2 + # via markdown-it-py msgpack==1.0.2 # via # -c requirements/static/ci/py3.8/linux.txt # -r requirements/base.txt +myst-docutils[linkify]==0.18.1 + # via -r requirements/static/ci/docs.in packaging==22.0 # via # -c requirements/static/ci/py3.8/linux.txt @@ -81,6 +94,7 @@ pyyaml==5.4.1 # via # -c requirements/static/ci/py3.8/linux.txt # -r requirements/base.txt + # myst-docutils pyzmq==23.2.0 # via # -c requirements/static/ci/py3.8/linux.txt @@ -106,6 +120,12 @@ sphinxcontrib-qthelp==1.0.3 # via sphinx sphinxcontrib-serializinghtml==1.1.4 # via sphinx +typing-extensions==4.2.0 + # via + # -c requirements/static/ci/py3.8/linux.txt + # myst-docutils +uc-micro-py==1.0.1 + # via linkify-it-py urllib3==1.26.6 # via # -c requirements/static/ci/py3.8/linux.txt diff --git a/requirements/static/ci/py3.9/docs.txt b/requirements/static/ci/py3.9/docs.txt index caf55df5df89..324c30545c94 100644 --- a/requirements/static/ci/py3.9/docs.txt +++ b/requirements/static/ci/py3.9/docs.txt @@ -44,24 +44,37 @@ jinja2==3.1.2 # via # -c requirements/static/ci/py3.9/linux.txt # -r requirements/base.txt + # myst-docutils # sphinx jmespath==1.0.1 # via # -c requirements/static/ci/py3.9/linux.txt # -r requirements/base.txt +linkify-it-py==1.0.3 + # via myst-docutils looseversion==1.0.2 # via # -c requirements/static/ci/py3.9/linux.txt # -r requirements/base.txt +markdown-it-py==2.1.0 + # via + # mdit-py-plugins + # myst-docutils markupsafe==2.0.1 # via # -c requirements/static/ci/py3.9/linux.txt # -r requirements/base.txt # jinja2 +mdit-py-plugins==0.3.3 + # via myst-docutils +mdurl==0.1.2 + # via markdown-it-py msgpack==1.0.2 # via # -c requirements/static/ci/py3.9/linux.txt # -r requirements/base.txt +myst-docutils[linkify]==0.18.1 + # via -r requirements/static/ci/docs.in packaging==22.0 # via # -c requirements/static/ci/py3.9/linux.txt @@ -85,6 +98,7 @@ pyyaml==5.4.1 # via # -c requirements/static/ci/py3.9/linux.txt # -r requirements/base.txt + # myst-docutils pyzmq==23.2.0 # via # -c requirements/static/ci/py3.9/linux.txt @@ -110,6 +124,12 @@ sphinxcontrib-qthelp==1.0.3 # via sphinx sphinxcontrib-serializinghtml==1.1.5 # via sphinx +typing-extensions==4.2.0 + # via + # -c requirements/static/ci/py3.9/linux.txt + # myst-docutils +uc-micro-py==1.0.1 + # via linkify-it-py urllib3==1.26.6 # via # -c requirements/static/ci/py3.9/linux.txt diff --git a/tools/changelog.py b/tools/changelog.py index 71f6a209b101..1a1bf273a6d1 100644 --- a/tools/changelog.py +++ b/tools/changelog.py @@ -7,7 +7,8 @@ import datetime import logging import os -import subprocess +import pathlib +import re import sys import textwrap @@ -15,6 +16,20 @@ import tools.utils +REPO_ROOT = pathlib.Path(__file__).resolve().parent.parent +CHANGELOG_LIKE_RE = re.compile(r"([\d]+)\.([a-z]+)$") +CHANGELOG_TYPES = ( + "removed", + "deprecated", + "changed", + "fixed", + "added", + "security", +) +CHANGELOG_ENTRY_RE = re.compile( + r"([\d]+|(CVE|cve)-[\d]{{4}}-[\d]+)\.({})(\.md)?$".format("|".join(CHANGELOG_TYPES)) +) + log = logging.getLogger(__name__) # Define the command group @@ -35,17 +50,119 @@ ) +@changelog.command( + name="pre-commit-checks", + arguments={ + "files": { + "nargs": "*", + } + }, +) +def check_changelog_entries(ctx: Context, files: list[pathlib.Path]): + """ + Run pre-commit checks on changelog snippets. + """ + docs_path = REPO_ROOT / "doc" + tests_integration_files_path = REPO_ROOT / "tests" / "integration" / "files" + changelog_entries_path = REPO_ROOT / "changelog" + exitcode = 0 + for entry in files: + path = pathlib.Path(entry).resolve() + # Is it under changelog/ + try: + path.relative_to(changelog_entries_path) + if path.name in (".keep", ".template.jinja"): + # This is the file we use so git doesn't delete the changelog/ directory + continue + # Is it named properly + if not CHANGELOG_ENTRY_RE.match(path.name): + ctx.error( + "The changelog entry '{}' should have one of the following extensions: {}.".format( + path.relative_to(REPO_ROOT), + ", ".join(f"{ext}.md" for ext in CHANGELOG_TYPES), + ), + ) + exitcode = 1 + continue + if path.suffix != ".md": + ctx.error( + f"Please rename '{path.relative_to(REPO_ROOT)}' to " + f"'{path.relative_to(REPO_ROOT)}.md'" + ) + exitcode = 1 + continue + except ValueError: + # No, carry on + pass + # Does it look like a changelog entry + if CHANGELOG_LIKE_RE.match(path.name) and not CHANGELOG_ENTRY_RE.match( + path.name + ): + try: + # Is this under doc/ + path.relative_to(docs_path) + # Yes, carry on + continue + except ValueError: + # No, resume the check + pass + try: + # Is this under tests/integration/files + path.relative_to(tests_integration_files_path) + # Yes, carry on + continue + except ValueError: + # No, resume the check + pass + ctx.error( + "The changelog entry '{}' should have one of the following extensions: {}.".format( + path.relative_to(REPO_ROOT), + ", ".join(f"{ext}.md" for ext in CHANGELOG_TYPES), + ) + ) + exitcode = 1 + continue + # Is it a changelog entry + if not CHANGELOG_ENTRY_RE.match(path.name): + # No? Carry on + continue + # Is the changelog entry in the right path? + try: + path.relative_to(changelog_entries_path) + except ValueError: + exitcode = 1 + ctx.error( + "The changelog entry '{}' should be placed under '{}/', not '{}'".format( + path.name, + changelog_entries_path.relative_to(REPO_ROOT), + path.relative_to(REPO_ROOT).parent, + ) + ) + if path.suffix != ".md": + ctx.error( + f"Please rename '{path.relative_to(REPO_ROOT)}' to " + f"'{path.relative_to(REPO_ROOT)}.md'" + ) + exitcode = 1 + ctx.exit(exitcode) + + def _get_changelog_contents(ctx: Context, version: str): """ Return the full changelog generated by towncrier. """ - return ctx.run( + ret = ctx.run( "towncrier", "build", "--draft", f"--version={version}", capture=True, - ).stdout.decode() + check=False, + ) + if ret.returncode: + ctx.error(ret.stderr.decode()) + ctx.exit(1) + return ret.stdout.decode() def _get_pkg_changelog_contents(ctx: Context, version: str): @@ -107,14 +224,12 @@ def _get_pkg_changelog_contents(ctx: Context, version: str): return changes -def _get_salt_version(): - return ( - subprocess.run( - ["python3", "salt/version.py"], stdout=subprocess.PIPE, check=True - ) - .stdout.decode() - .strip() - ) +def _get_salt_version(ctx): + ret = ctx.run("python3", "salt/version.py", capture=True, check=False) + if ret.returncode: + ctx.error(ret.stderr.decode()) + ctx.exit(1) + return ret.stdout.decode().strip() @changelog.command( @@ -135,7 +250,7 @@ def _get_salt_version(): ) def update_rpm(ctx: Context, salt_version: str, draft: bool = False): if salt_version is None: - salt_version = _get_salt_version() + salt_version = _get_salt_version(ctx) changes = _get_pkg_changelog_contents(ctx, salt_version) ctx.info("Salt version is %s", salt_version) orig = ctx.run( @@ -185,7 +300,7 @@ def update_rpm(ctx: Context, salt_version: str, draft: bool = False): ) def update_deb(ctx: Context, salt_version: str, draft: bool = False): if salt_version is None: - salt_version = _get_salt_version() + salt_version = _get_salt_version(ctx) changes = _get_pkg_changelog_contents(ctx, salt_version) formated = "\n".join([f" {_.replace('-', '*', 1)}" for _ in changes.split("\n")]) dt = datetime.datetime.utcnow() @@ -228,21 +343,22 @@ def update_deb(ctx: Context, salt_version: str, draft: bool = False): ) def update_release_notes(ctx: Context, salt_version: str, draft: bool = False): if salt_version is None: - salt_version = _get_salt_version() + salt_version = _get_salt_version(ctx) if "+" in salt_version: major_version = salt_version.split("+", 1)[0] else: major_version = salt_version changes = _get_changelog_contents(ctx, salt_version) changes = "\n".join(changes.split("\n")[2:]) - tmpnotes = f"doc/topics/releases/{salt_version}.rst.tmp" + tmpnotes = f"doc/topics/releases/{salt_version}.md.tmp" try: - with open(f"doc/topics/releases/{major_version}.rst") as rfp: + with open(f"doc/topics/releases/{major_version}.md") as rfp: existing = rfp.read() except FileNotFoundError: existing = "" with open(tmpnotes, "w") as wfp: wfp.write(existing) + wfp.write("\n## Changelog\n") wfp.write(changes) try: with open(tmpnotes) as rfp: @@ -250,7 +366,7 @@ def update_release_notes(ctx: Context, salt_version: str, draft: bool = False): if draft: ctx.print(contents, soft_wrap=True) else: - with open(f"doc/topics/releases/{salt_version}.rst", "w") as wfp: + with open(f"doc/topics/releases/{salt_version}.md", "w") as wfp: wfp.write(contents) finally: os.remove(tmpnotes) @@ -274,7 +390,7 @@ def update_release_notes(ctx: Context, salt_version: str, draft: bool = False): ) def generate_changelog_md(ctx: Context, salt_version: str, draft: bool = False): if salt_version is None: - salt_version = _get_salt_version() + salt_version = _get_salt_version(ctx) cmd = ["towncrier", "build", f"--version={salt_version}"] if draft: cmd += ["--draft"]