Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package salt for openSUSE:Factory checked in at 2022-04-14 17:25:03 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/salt (Old) and /work/SRC/openSUSE:Factory/.salt.new.1941 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "salt" Thu Apr 14 17:25:03 2022 rev:128 rq:969843 version:3004 Changes: -------- --- /work/SRC/openSUSE:Factory/salt/salt.changes 2022-04-04 19:26:18.864590950 +0200 +++ /work/SRC/openSUSE:Factory/.salt.new.1941/salt.changes 2022-04-14 17:25:36.551273468 +0200 @@ -1,0 +2,20 @@ +Tue Apr 12 09:21:38 UTC 2022 - Victor Zhestkov <victor.zhest...@suse.com> + +- Prevent data pollution between actions proceesed + at the same time (bsc#1197637) +- Fix regression preventing bootstrapping new clients + caused by redundant dependency on psutil (bsc#1197533) + +- Added: + * fix-regression-with-depending-client.ssh-on-psutil-b.patch + * prevent-affection-of-ssh.opts-with-lazyloader-bsc-11.patch + +------------------------------------------------------------------- +Tue Apr 5 09:29:14 UTC 2022 - Victor Zhestkov <victor.zhest...@suse.com> + +- Fixes for Python 3.10 + +- Added: + * fixes-for-python-3.10-502.patch + +------------------------------------------------------------------- @@ -13,4 +33,4 @@ -- * Sign authentication replies to prevent MiTM (CVE-2022-22935) -- * Sign pillar data to prevent MiTM attacks. (CVE-2022-22934) -- * Prevent job and fileserver replays (CVE-2022-22936) -- * Fixed targeting bug, especially visible when using syndic and user auth. (CVE-2022-22941) + * Sign authentication replies to prevent MiTM (CVE-2022-22935) + * Sign pillar data to prevent MiTM attacks. (CVE-2022-22934) + * Prevent job and fileserver replays (CVE-2022-22936) + * Fixed targeting bug, especially visible when using syndic and user auth. (CVE-2022-22941) New: ---- fix-regression-with-depending-client.ssh-on-psutil-b.patch fixes-for-python-3.10-502.patch prevent-affection-of-ssh.opts-with-lazyloader-bsc-11.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ salt.spec ++++++ --- /var/tmp/diff_new_pack.w0C7FB/_old 2022-04-14 17:25:38.063275235 +0200 +++ /var/tmp/diff_new_pack.w0C7FB/_new 2022-04-14 17:25:38.067275240 +0200 @@ -296,6 +296,15 @@ # PATCH-FIX_OPENSUSE: https://github.com/openSUSE/salt/pull/501 Patch76: fix-salt-ssh-opts-poisoning-bsc-1197637-3004-501.patch +# PATCH-FIX_UPSTREAM: https://github.com/saltstack/salt/pull/61064 +Patch77: fixes-for-python-3.10-502.patch + +# PATCH-FIX_OPENSUSE: https://github.com/openSUSE/salt/pull/505 +Patch78: prevent-affection-of-ssh.opts-with-lazyloader-bsc-11.patch + +# PATCH-FIX_OPENSUSE: https://github.com/openSUSE/salt/pull/506 +Patch79: fix-regression-with-depending-client.ssh-on-psutil-b.patch + BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: logrotate ++++++ _lastrevision ++++++ --- /var/tmp/diff_new_pack.w0C7FB/_old 2022-04-14 17:25:38.127275310 +0200 +++ /var/tmp/diff_new_pack.w0C7FB/_new 2022-04-14 17:25:38.131275314 +0200 @@ -1,3 +1,3 @@ -babf3dc7d243793c1134a8009ce18de316451d1a +2a9748d411cf0d0e49f59fb6fa7ddd336992532e (No newline at EOF) ++++++ fix-regression-with-depending-client.ssh-on-psutil-b.patch ++++++ >From 0c4a71224d49e778b4a2c683c63de52a0876de69 Mon Sep 17 00:00:00 2001 From: Victor Zhestkov <vzhest...@suse.com> Date: Tue, 12 Apr 2022 10:08:17 +0300 Subject: [PATCH] Fix regression with depending client.ssh on psutil (bsc#1197533) --- salt/client/ssh/__init__.py | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/salt/client/ssh/__init__.py b/salt/client/ssh/__init__.py index 6d24d8d716..396f9457f2 100644 --- a/salt/client/ssh/__init__.py +++ b/salt/client/ssh/__init__.py @@ -12,7 +12,6 @@ import hashlib import logging import multiprocessing import os -import psutil import queue import re import shlex @@ -407,6 +406,16 @@ class SSH: self.__parsed_rosters[self.ROSTER_UPDATE_FLAG] = False return + def _pid_exists(self, pid): + """ + Check if specified pid is alive + """ + try: + os.kill(pid, 0) + except OSError: + return False + return True + def _update_roster(self, hostname=None, user=None): """ Update default flat roster with the passed in information. @@ -626,7 +635,8 @@ class SSH: pid_running = ( False if cached_session["pid"] == 0 - else cached_session.get("running", False) or psutil.pid_exists(cached_session["pid"]) + else cached_session.get("running", False) + or self._pid_exists(cached_session["pid"]) ) if ( pid_running and prev_session_running < self.max_pid_wait -- 2.35.1 ++++++ fixes-for-python-3.10-502.patch ++++++ >From efcf52ad6b7edf64e6a2eaead99c8df5894ab613 Mon Sep 17 00:00:00 2001 From: Victor Zhestkov <vzhest...@suse.com> Date: Tue, 5 Apr 2022 12:04:46 +0300 Subject: [PATCH] Fixes for Python 3.10 (#502) * Fix _compat.py importlib logic for Python 3.10 Use the same logic in _compat.py and entrypoints.py to load the same importlib.metadata. Python's built in implementation for Python >= 3.10 and the Salt one for others. * Use collections.abc.Mapping instead collections.Mapping in state Co-authored-by: piterpunk <piterp...@slackware.com> --- salt/_compat.py | 30 +++++++++++++++++------------- salt/state.py | 5 +++-- 2 files changed, 20 insertions(+), 15 deletions(-) diff --git a/salt/_compat.py b/salt/_compat.py index 8149657bea..a402f17a3c 100644 --- a/salt/_compat.py +++ b/salt/_compat.py @@ -11,19 +11,23 @@ if sys.version_info >= (3, 9, 5): else: import salt.ext.ipaddress as ipaddress +if sys.version_info >= (3, 10): + # Python 3.10 will include a fix in importlib.metadata which allows us to + # get the distribution of a loaded entry-point + import importlib.metadata # pylint: disable=no-member,no-name-in-module +else: + # importlib_metadata before version 3.3.0 does not include the functionality we need. + try: + import importlib_metadata -# importlib_metadata before version 3.3.0 does not include the functionality we need. -try: - import importlib_metadata - - importlib_metadata_version = [ - int(part) - for part in importlib_metadata.version("importlib_metadata").split(".") - if part.isdigit() - ] - if tuple(importlib_metadata_version) < (3, 3, 0): + importlib_metadata_version = [ + int(part) + for part in importlib_metadata.version("importlib_metadata").split(".") + if part.isdigit() + ] + if tuple(importlib_metadata_version) < (3, 3, 0): + # Use the vendored importlib_metadata + import salt.ext.importlib_metadata as importlib_metadata + except ImportError: # Use the vendored importlib_metadata import salt.ext.importlib_metadata as importlib_metadata -except ImportError: - # Use the vendored importlib_metadata - import salt.ext.importlib_metadata as importlib_metadata diff --git a/salt/state.py b/salt/state.py index 3361a537cd..b759c8e0ee 100644 --- a/salt/state.py +++ b/salt/state.py @@ -12,7 +12,6 @@ The data sent to the state calls is as follows: """ -import collections import copy import datetime import fnmatch @@ -26,6 +25,8 @@ import sys import time import traceback +from collections.abc import Mapping + import salt.fileclient import salt.loader import salt.minion @@ -3276,7 +3277,7 @@ class State: """ for chunk in high: state = high[chunk] - if not isinstance(state, collections.Mapping): + if not isinstance(state, Mapping): continue for state_ref in state: needs_default = True -- 2.35.1 ++++++ prevent-affection-of-ssh.opts-with-lazyloader-bsc-11.patch ++++++ >From c86432645863a21da589346ad587b610ab51a2a9 Mon Sep 17 00:00:00 2001 From: Victor Zhestkov <vzhest...@suse.com> Date: Tue, 12 Apr 2022 10:06:43 +0300 Subject: [PATCH] Prevent affection of SSH.opts with LazyLoader (bsc#1197637) * Prevent affection SSH.opts with LazyLoader * Restore parsed targets * Fix test_ssh unit tests --- salt/client/ssh/__init__.py | 19 +++++++++++-------- tests/unit/client/test_ssh.py | 16 ++++++++-------- 2 files changed, 19 insertions(+), 16 deletions(-) diff --git a/salt/client/ssh/__init__.py b/salt/client/ssh/__init__.py index bc77eb700e..6d24d8d716 100644 --- a/salt/client/ssh/__init__.py +++ b/salt/client/ssh/__init__.py @@ -225,15 +225,16 @@ class SSH: ROSTER_UPDATE_FLAG = "#__needs_update" def __init__(self, opts, context=None): + self.opts = copy.deepcopy(opts) + self.sopts = copy.deepcopy(self.opts) self.__parsed_rosters = {SSH.ROSTER_UPDATE_FLAG: True} - pull_sock = os.path.join(opts["sock_dir"], "master_event_pull.ipc") + pull_sock = os.path.join(self.opts["sock_dir"], "master_event_pull.ipc") if os.path.exists(pull_sock) and zmq: self.event = salt.utils.event.get_event( - "master", opts["sock_dir"], opts["transport"], opts=opts, listen=False + "master", self.opts["sock_dir"], self.opts["transport"], opts=self.opts, listen=False ) else: self.event = None - self.opts = opts if self.opts["regen_thin"]: self.opts["ssh_wipe"] = True if not salt.utils.path.which("ssh"): @@ -244,7 +245,7 @@ class SSH: " to run. Exiting." ), ) - self.opts["_ssh_version"] = ssh_version() + self.sopts["_ssh_version"] = ssh_version() self.tgt_type = ( self.opts["selected_target_option"] if self.opts["selected_target_option"] @@ -341,6 +342,9 @@ class SSH: self.opts["cachedir"], "salt-ssh.session.lock" ) self.ssh_session_grace_time = int(self.opts.get("ssh_session_grace_time", 1)) + self.sopts["tgt"] = copy.deepcopy(self.opts["tgt"]) + self.sopts["ssh_cli_tgt"] = copy.deepcopy(self.opts["ssh_cli_tgt"]) + self.opts = self.sopts @property def parse_tgt(self): @@ -594,7 +598,6 @@ class SSH: Spin up the needed threads or processes and execute the subsequent routines """ - opts = copy.deepcopy(self.opts) que = multiprocessing.Queue() running = {} targets_queue = deque(self.targets.keys()) @@ -605,7 +608,7 @@ class SSH: if not self.targets: log.error("No matching targets found in roster.") break - if len(running) < opts.get("ssh_max_procs", 25) and not init: + if len(running) < self.opts.get("ssh_max_procs", 25) and not init: if targets_queue: host = targets_queue.popleft() else: @@ -669,7 +672,7 @@ class SSH: continue args = ( que, - opts, + self.opts, host, self.targets[host], mine, @@ -763,7 +766,7 @@ class SSH: if len(rets) >= len(self.targets): break # Sleep when limit or all threads started - if len(running) >= opts.get("ssh_max_procs", 25) or len( + if len(running) >= self.opts.get("ssh_max_procs", 25) or len( self.targets ) >= len(running): time.sleep(0.1) diff --git a/tests/unit/client/test_ssh.py b/tests/unit/client/test_ssh.py index 23cb3d0700..5003500de1 100644 --- a/tests/unit/client/test_ssh.py +++ b/tests/unit/client/test_ssh.py @@ -95,7 +95,7 @@ class SSHReturnEventTests(ShellCase): assert "localhost" in ret assert "fun" in ret["localhost"] client.run() - display_output.assert_called_once_with(expected, "nested", opts) + display_output.assert_called_once_with(expected, "nested", client.opts) self.assertIs(ret, handle_ssh_ret[0]) assert len(client.event.fire_event.call_args_list) == 2 assert "fun" in client.event.fire_event.call_args_list[0][0][0] @@ -539,7 +539,7 @@ class SSHTests(ShellCase): MagicMock(return_value=salt.utils.yaml.safe_load(self.roster)), ): client._expand_target() - assert opts["tgt"] == host + assert client.opts["tgt"] == host def test_expand_target_dns(self): """ @@ -562,7 +562,7 @@ class SSHTests(ShellCase): MagicMock(return_value=salt.utils.yaml.safe_load(self.roster)), ): client._expand_target() - assert opts["tgt"] == host + assert client.opts["tgt"] == host def test_expand_target_no_user(self): """ @@ -602,7 +602,7 @@ class SSHTests(ShellCase): client = ssh.SSH(opts) assert opts["tgt"] == user + host client._update_targets() - assert opts["tgt"] == host + assert client.opts["tgt"] == host assert client.targets[host]["user"] == user.split("@")[0] def test_update_targets_dns(self): @@ -620,7 +620,7 @@ class SSHTests(ShellCase): client = ssh.SSH(opts) assert opts["tgt"] == user + host client._update_targets() - assert opts["tgt"] == host + assert client.opts["tgt"] == host assert client.targets[host]["user"] == user.split("@")[0] def test_update_targets_no_user(self): @@ -661,7 +661,7 @@ class SSHTests(ShellCase): ): client._expand_target() client._update_targets() - assert opts["tgt"] == host + assert client.opts["tgt"] == host assert client.targets[host]["user"] == user.split("@")[0] def test_parse_tgt(self): @@ -681,7 +681,7 @@ class SSHTests(ShellCase): client = ssh.SSH(opts) assert client.parse_tgt["hostname"] == host assert client.parse_tgt["user"] == user.split("@")[0] - assert self.opts.get("ssh_cli_tgt") == user + host + assert client.opts.get("ssh_cli_tgt") == user + host def test_parse_tgt_no_user(self): """ @@ -700,7 +700,7 @@ class SSHTests(ShellCase): client = ssh.SSH(opts) assert client.parse_tgt["hostname"] == host assert client.parse_tgt["user"] == opts["ssh_user"] - assert self.opts.get("ssh_cli_tgt") == host + assert client.opts.get("ssh_cli_tgt") == host def test_extra_filerefs(self): """ -- 2.35.1
