Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package salt for openSUSE:Factory checked in at 2022-04-04 19:26:11 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/salt (Old) and /work/SRC/openSUSE:Factory/.salt.new.1900 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "salt" Mon Apr 4 19:26:11 2022 rev:127 rq:966247 version:3004 Changes: -------- --- /work/SRC/openSUSE:Factory/salt/salt.changes 2022-03-01 17:03:28.612331991 +0100 +++ /work/SRC/openSUSE:Factory/.salt.new.1900/salt.changes 2022-04-04 19:26:18.864590950 +0200 @@ -1,0 +2,20 @@ +Thu Mar 31 11:16:01 UTC 2022 - Victor Zhestkov <victor.zhest...@suse.com> + +- Fix salt-ssh opts poisoning (bsc#1197637) + +- Added: + * fix-salt-ssh-opts-poisoning-bsc-1197637-3004-501.patch + +------------------------------------------------------------------- +Thu Mar 31 08:34:58 UTC 2022 - Pablo Su??rez Hern??ndez <pablo.suarezhernan...@suse.com> + +- Fix multiple security issues (bsc#1197417) +- * Sign authentication replies to prevent MiTM (CVE-2022-22935) +- * Sign pillar data to prevent MiTM attacks. (CVE-2022-22934) +- * Prevent job and fileserver replays (CVE-2022-22936) +- * Fixed targeting bug, especially visible when using syndic and user auth. (CVE-2022-22941) + +- Added: + * fix-multiple-security-issues-bsc-1197417.patch + +------------------------------------------------------------------- New: ---- fix-multiple-security-issues-bsc-1197417.patch fix-salt-ssh-opts-poisoning-bsc-1197637-3004-501.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ salt.spec ++++++ --- /var/tmp/diff_new_pack.SJdTum/_old 2022-04-04 19:26:20.256574989 +0200 +++ /var/tmp/diff_new_pack.SJdTum/_new 2022-04-04 19:26:20.264574898 +0200 @@ -290,6 +290,12 @@ Patch74: prevent-shell-injection-via-pre_flight_script_args-4.patch ############### +# PATCH-FIX_UPSTREAM: implemented at 3004.1 release (no PR) +Patch75: fix-multiple-security-issues-bsc-1197417.patch + +# PATCH-FIX_OPENSUSE: https://github.com/openSUSE/salt/pull/501 +Patch76: fix-salt-ssh-opts-poisoning-bsc-1197637-3004-501.patch + BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: logrotate ++++++ _lastrevision ++++++ --- /var/tmp/diff_new_pack.SJdTum/_old 2022-04-04 19:26:20.320574256 +0200 +++ /var/tmp/diff_new_pack.SJdTum/_new 2022-04-04 19:26:20.320574256 +0200 @@ -1,3 +1,3 @@ -8fe3232b41facbf938d591053c0f457ba6b5e3dc +babf3dc7d243793c1134a8009ce18de316451d1a (No newline at EOF) ++++++ fix-multiple-security-issues-bsc-1197417.patch ++++++ ++++ 2947 lines (skipped) ++++++ fix-salt-ssh-opts-poisoning-bsc-1197637-3004-501.patch ++++++ >From 7096332546a65c0c507fbd4bccbf7062e7c3c9c7 Mon Sep 17 00:00:00 2001 From: Victor Zhestkov <vzhest...@suse.com> Date: Thu, 31 Mar 2022 13:39:57 +0300 Subject: [PATCH] Fix salt-ssh opts poisoning (bsc#1197637) - 3004 (#501) * Fix salt-ssh opts poisoning * Pass proper __opts__ to roster modules * Remove redundant copy.deepcopy for opts from handle_routine --- salt/client/ssh/__init__.py | 17 ++++++++++------- salt/loader/__init__.py | 7 ++++++- 2 files changed, 16 insertions(+), 8 deletions(-) diff --git a/salt/client/ssh/__init__.py b/salt/client/ssh/__init__.py index 3e032c7197..bc77eb700e 100644 --- a/salt/client/ssh/__init__.py +++ b/salt/client/ssh/__init__.py @@ -340,7 +340,7 @@ class SSH: self.session_flock_file = os.path.join( self.opts["cachedir"], "salt-ssh.session.lock" ) - self.ssh_session_grace_time = int(self.opts.get("ssh_session_grace_time", 3)) + self.ssh_session_grace_time = int(self.opts.get("ssh_session_grace_time", 1)) @property def parse_tgt(self): @@ -558,7 +558,6 @@ class SSH: """ LOG_LOCK.release() salt.loader.LOAD_LOCK.release() - opts = copy.deepcopy(opts) single = Single( opts, opts["argv"], @@ -595,6 +594,7 @@ class SSH: Spin up the needed threads or processes and execute the subsequent routines """ + opts = copy.deepcopy(self.opts) que = multiprocessing.Queue() running = {} targets_queue = deque(self.targets.keys()) @@ -605,7 +605,7 @@ class SSH: if not self.targets: log.error("No matching targets found in roster.") break - if len(running) < self.opts.get("ssh_max_procs", 25) and not init: + if len(running) < opts.get("ssh_max_procs", 25) and not init: if targets_queue: host = targets_queue.popleft() else: @@ -623,7 +623,7 @@ class SSH: pid_running = ( False if cached_session["pid"] == 0 - else psutil.pid_exists(cached_session["pid"]) + else cached_session.get("running", False) or psutil.pid_exists(cached_session["pid"]) ) if ( pid_running and prev_session_running < self.max_pid_wait @@ -638,9 +638,10 @@ class SSH: "salt-ssh/session", host, { - "pid": 0, + "pid": os.getpid(), "master_id": self.master_id, "ts": time.time(), + "running": True, }, ) for default in self.defaults: @@ -668,7 +669,7 @@ class SSH: continue args = ( que, - self.opts, + opts, host, self.targets[host], mine, @@ -704,6 +705,7 @@ class SSH: "pid": routine.pid, "master_id": self.master_id, "ts": time.time(), + "running": True, }, ) continue @@ -755,12 +757,13 @@ class SSH: "pid": 0, "master_id": self.master_id, "ts": time.time(), + "running": False, }, ) if len(rets) >= len(self.targets): break # Sleep when limit or all threads started - if len(running) >= self.opts.get("ssh_max_procs", 25) or len( + if len(running) >= opts.get("ssh_max_procs", 25) or len( self.targets ) >= len(running): time.sleep(0.1) diff --git a/salt/loader/__init__.py b/salt/loader/__init__.py index a0f2220476..bc3634bb7f 100644 --- a/salt/loader/__init__.py +++ b/salt/loader/__init__.py @@ -622,7 +622,12 @@ def roster(opts, runner=None, utils=None, whitelist=None, context=None): opts, tag="roster", whitelist=whitelist, - pack={"__runner__": runner, "__utils__": utils, "__context__": context}, + pack={ + "__runner__": runner, + "__utils__": utils, + "__context__": context, + "__opts__": opts, + }, extra_module_dirs=utils.module_dirs if utils else None, ) -- 2.35.1
