Salt 2015.5.6 Release Notes

Version 2015.5.6 is a bugfix release for 2015.5.0.

Security Fixes

CVE-2015-6941 - win_useradd module and salt-cloud display passwords in debug log

Updated the win_useradd module return data to no longer include the password of the newly created user. The password is now replaced with the string XXX-REDACTED-XXX. Updated the Salt Cloud debug output to no longer display win_password and sudo_password authentication credentials.

CVE-2015-6918 - Git modules leaking HTTPS auth credentials to debug log

Updated the Git state and execution modules to no longer display HTTPS basic authentication credentials in loglevel debug output on the Salt master. These credentials are now replaced with REDACTED in the debug output. Thanks to Andreas Stieger <asteiger@suse.com> for bringing this to our attention.

Changes for v2015.5.5..v2015.5.6

Extended changelog courtesy of Todd Stansell (https://github.com/tjstansell/salt-changelogs):

Generated at: 2015-09-30T22:22:43Z

Total Merges: 144

Changes:

  • PR #27557: (jfindlay) add doc motivating mine vs grains
  • PR #27515: (jfindlay) save iptables rules on SuSE
  • PR #27509: (jfindlay) tell the user why the gluster module does not work
  • PR #27379: (jfindlay) document and check dict type for pip env_vars
  • PR #27516: (basepi) [2015.5] Merge forward from 2014.7 to 2015.5
  • PR #27472: (cachedout) Change recommeded schema for data field in mysql event table
  • PR #27468: (cachedout) Fix 27351
  • PR #27479: (aboe76) fix locale on opensuse and suse `#27438`_
  • PR #27483: (rallytime) Outputters should sync to output, not outputters, on the minion.
  • PR #27484: (rallytime) Back-port #27434 and #27470 to 2015.5
  • PR #27469: (twangboy) Added quotes to version numbers example
  • PR #27467: (cachedout) file.managed: check contents_{pillar|grain} result
  • PR #27419: (rallytime) Amend error log to include multiple tips for troubleshooting.
  • PR #27426: (rallytime) Don't stacktrace if there are conflicting id errors in highstate
  • PR #27408: (rallytime) Fix avail_locations function for the softlayer_hw driver in 2015.5
  • PR #27410: (jacobhammons) Fix css layout Refs `#27389`_
  • PR #27336: (rallytime) [2015.5] Fixup salt-cloud logging
  • PR #27358: (lorengordon) Escape search replacement text, fixes `#27356`_
  • PR #27345: (rallytime) Allow use of rst header links by separating options out from yaml example
  • PR #26903: (bersace) Review defaults.get
  • PR #27317: (efficks) State unzip should use unzip command instead of unzip_cmd.
  • PR #27309: (rallytime) Change a value list to a comma-separated string in boto_route53.present
  • PR #27311: (jfindlay) discuss replacement occurrences in file doc
  • PR #27310: (basepi) [2015.5] Merge forward from 2014.7 to 2015.5
  • PR #27308: (terminalmage) Fix refresh_db regression in yumpkg.py
  • PR #27286: (terminalmage) Add a configurable timer for minion return retries
  • PR #27278: (rallytime) Back-port #27256 to 2015.5
  • PR #27277: (rallytime) Back-port #27230 to 2015.5
  • PR #27253: (jfindlay) 2015.5 -> 2015.5.0
  • PR #27244: (garethgreenaway) Exception in cloud.ec2.create_snapshot
  • PR #27231: (jfindlay) only write cron file if it is changed
  • PR #27233: (basepi) [2015.5] Add stub release notes for 2015.5.6
  • PR #27208: (basepi) [2015.5] Add test.nop state
  • PR #27201: (jfindlay) rename hash_hostname to hash_known_hosts
  • PR #27214: (jacksontj) Correctly support https, port 443 is not a requirement
  • PR #27172: (rallytime) Back-port #27150 to 2015.5
  • PR #27194: (rallytime) Back-port #27180 to 2015.5
  • PR #27176: (basepi) [2015.5] Merge forward from 2014.7 to 2015.5
  • PR #27170: (rallytime) Update Getting Started with GCE docs to use cloud.profiles or cloud.profiles.d examples
  • PR #27167: (rallytime) Back-port #27148 to 2015.5
  • PR #27168: (techhat) Add further gating of impacket library
  • PR #27166: (rallytime) Allow a full-query for EC2, even if there are no profiles defined
  • PR #27162: (rallytime) Be explicit in using "SoftLayer" for service queries in SoftLayer drivers
  • PR #27149: (twangboy) Fixed problem with add/remove path
  • PR #27147: (rallytime) Enforce bounds in the GCE Regex
  • PR #27128: (eguven) don't show diff for test run if show_diff=False
  • PR #27116: (jacobhammons) Update latest to 2015.8, 2015.5 is now previous
  • PR #27033: (jfindlay) Merge #27019
  • PR #26942: (Arabus) Fix docker.run
  • PR #26977: (abh) Add support for PEERNTP network interface configuration
  • PR #27023: (jfindlay) add test support for htpasswd state mod
  • PR #27074: (twangboy) Replaced password with redacted when displayed
  • PR #27073: (rallytime) Remove "use develop branch" warning from LXC tutorial
  • PR #27054: (rallytime) Back-port #27029 to 2015.5
  • PR #27053: (rallytime) Back-port #26992 to 2015.5
  • PR #27052: (rallytime) Back-port #26930 to 2015.5
  • PR #27049: (johanek) Run repoquery less
  • PR #27070: (stanislavb) Deprecate salt.utils.iam in Carbon
  • PR #27030: (jfindlay) Backport #26938
  • PR #27025: (cachedout) Better try and error handling for prep_jid
  • PR #27035: (terminalmage) useradd.py: Use contextmanager to prevent leaked filehandles
  • PR #27034: (rallytime) Update softlayer docs for where to find apikey
  • PR #27024: (rallytime) Back-port #27004 to 2015.5
  • PR #27027: (rallytime) Back-port #27013 to 2015.5
  • PR #27026: (rallytime) Back-port #27011 to 2015.5
  • PR #26972: (twangboy) Catch the 404 error from fileclient
  • PR #26951: (terminalmage) Fix timezone module for CentOS
  • PR #26875: (marccardinal) LXC gateway provisioned only when IP is provided
  • PR #26997: (twangboy) Fixed symlinks for windows (don't use user root)
  • PR #27001: (twangboy) Added CLI Example for reg.delete_key_recursive
  • PR #26996: (jacobhammons) Beacon doc updates
  • PR #26868: (joejulian) Use the actual device name when checking vgdisplay
  • PR #26955: (dsumsky) S3 ext_pillar module has broken caching mechanism (backport to 2015.5)
  • PR #26987: (rallytime) Back-port #26966 to 2015.5
  • PR #26915: (rallytime) Update Joyent Cloud Tests
  • PR #26971: (rallytime) Fix a couple of typos in reactor docs
  • PR #26976: (thatch45) Revert "file.symlink gets windows account instead of root"
  • PR #26975: (whiteinge) Remove mocks from rest_cherrypy integration tests; fix groups check bug
  • PR #26899: (twangboy) file.symlink gets windows account instead of root
  • PR #26960: (rallytime) Fix bash code block formatting in CherryPy netapi docs
  • PR #26940: (rallytime) Fix minor doc typo in client api
  • PR #26871: (rallytime) Back-port #26852 to 2015.5
  • PR #26851: (jacobhammons) states/pkgrepo examples, suse installation updates
  • PR #26817: (jfindlay) modify groupadd for rhel 5
  • PR #26824: (pravka) [salt-cloud] Fix creating droplet from snapshot in digital_ocean provider
  • PR #26823: (joejulian) use dbus instead of localectl
  • PR #26820: (jfindlay) add default param in _parse_localectl in locale mod
  • PR #26821: (twangboy) Fixed user.rename function in windows
  • PR #26803: (twangboy) Added check for PyMySQL if MySQLdb import fails
  • PR #26815: (jfindlay) stringify linode id before performing str actions
  • PR #26800: (jacobhammons) Doc bug fixes
  • PR #26793: (rallytime) Don't stacktrace if "name" is specified as a minion id in a map file
  • PR #26790: (rallytime) Update Saltify docs to be more accurate and helpful
  • PR #26787: (jfindlay) merge #26775
  • PR #26759: (terminalmage) Backport PR #26726 to 2015.5 branch
  • PR #26768: (garethgreenaway) Fixes to ipset in 2015.5 for `#26628`_
  • PR #26753: (jfindlay) import elementree from _compat in ilo exec mod
  • PR #26736: (twangboy) Changed import from smbconnection to smb3
  • PR #26714: (jfindlay) add exception placeholder for older msgpacks
  • PR #26710: (rallytime) Update GCE driver to return True, False or a new name in __virtual__()
  • PR #26709: (rallytime) Ensure VM name is valid before trying to create Linode VM
  • PR #26617: (terminalmage) Fix Windows failures in pip module due to raw string formatting
  • PR #26700: (kev009) Ignore the first element of kern.disks split, which is the sysctl name
  • PR #26695: (terminalmage) Better HTTPS basic auth redaction for 2015.5 branch
  • PR #26694: (terminalmage) Backport #26693 to 2015.5
  • PR #26681: (basepi) [2015.5] Merge forward from 2014.7 to 2015.5
  • PR #26676: (rallytime) Back-port #26648 to 2015.5
  • PR #26677: (rallytime) Back-port #26653 to 2015.5
  • PR #26675: (rallytime) Back-port #26631 to 2015.5
  • PR #26655: (cheng0919) Update win_dns_client.py
  • PR #26662: (jacobhammons) update version to 2015.5
  • PR #26651: (jfindlay) add 2015.5.4 notes to 2015.5.5 notes
  • PR #26525: (jfindlay) document check_file_meta args, remove unused arg
  • PR #26561: (stanislavb) Leave salt.utils.s3 location fallback to salt.utils.aws
  • PR #26573: (rallytime) Don't stacktrace if using private_ips and delete_sshkeys together
  • PR #26563: (rallytime) Fix error detection when salt-cloud config is missing a master's address
  • PR #26641: (basepi) [2015.5] Merge forward from 2014.7 to 2015.5
  • PR #26620: (rallytime) Also add -Z to script args for cloud tests
  • PR #26618: (rallytime) Add script_args: '-P' to Ubuntu 14 profiles for nightly cloud tests
  • PR #26612: (rallytime) Use an available image to test against
  • PR #26576: (rallytime) Ensure GCE and EC2 configuration checks are correct
  • PR #26580: (rallytime) Avoid race condition when assigning floating IPs to new VMs
  • PR #26581: (terminalmage) Skip tests that don't work with older mock
  • PR #26591: (rallytime) Back-port #26554 to 2015.5
  • PR #26565: (cachedout) Fix many errors with __virtual__ in tests
  • PR #26553: (rallytime) Back-port #26548 to 2015.5
  • PR #26552: (rallytime) Back-port #26542 to 2015.5
  • PR #26551: (rallytime) Back-port #26539 to 2015.5
  • PR #26549: (rallytime) Back-port #26524 to 2015.5
  • PR #26527: (jfindlay) check exists and values in boto_elb listeners
  • PR #26446: (stanislavb) Fetch AWS region from EC2 instance metadata
  • PR #26546: (nmadhok) Do not raise KeyError when calling avail_images if VM/template is in disconnected state
  • PR #26537: (jfindlay) Merge #26481
  • PR #26528: (zmalone) Fixing encrypt to instructions in the 2015.5 branch