Salt 2014.7.4 Release Notes
Version 2014.7.4 is a bugfix release for 2014.7.0.
This is a security release. The security issues fixed have only been present
since 2014.7.0, and only users of the two listed modules are vulnerable. The
following CVEs have been resolved:
- CVE-2015-1838 SaltStack: insecure /tmp file handling in
salt/modules/serverdensity_device.py
- CVE-2015-1839 SaltStack: insecure /tmp file handling in salt/modules/chef.py
Changes:
- Multi-master minions mode no longer route fileclient operations asymetrically.
This fixes the source of many multi-master bugs where the minion would
become unrepsonsive from one or more masters.
- Fix bug wherein network.iface could produce stack traces.
- net.arp will no longer be made available unless arp is installed on the
system.
- Major performance improvements to Saltnado
- Allow KVM module to operate under KVM itself or VMware Fusion
- Various fixes to the Windows installation scripts
- Fix issue where the syndic would not correctly propagate loads to the master
job cache.
- Improve error handling on invalid /etc/network/interfaces file in salt
networking modules
- Fix bug where a response status was not checked for in fileclient.get_url
- Enable eauth when running salt in batch mode
- Increase timeout in Boto Route53 module
- Fix bugs with Salt's 'tar' module option parsing
- Fix parsing of NTP servers on Windows
- Fix issue with blockdev tuning not reporting changes correctly
- Update to the latest Salt bootstrap script
- Update Linode salt-cloud driver to use either linode-python or
apache-libcloud
- Fix for s3.query function to return correct headers
- Fix for s3.head returning None for files that exist
- Fix the disable function in win_service module so that the service is
disabled correctly
- Fix race condition between master and minion when making a directory when
both daemons are on the same host
- Fix an issue where file.recurse would fail at the root of an svn repo
when the repo has a mountpoint
- Fix an issue where file.recurse would fail at the root of an hgfs repo
when the repo has a mountpoint
- Fix an issue where file.recurse would fail at the root of an gitfs repo
when the repo has a mountpoint
- Add status.master capability for Windows.
- Various fixes to ssh_known_hosts
- Various fixes to states.network bonding for Debian
- The debian_ip.get_interfaces module no longer removes nameservers.
- Better integration between grains.virtual and systemd-detect-virt and
virt-what
- Fix traceback in sysctl.present state output
- Fix for issue where mount.mounted would fail when superopts were not a part
of mount.active (extended=True). Also mount.mounted various fixes for Solaris
and FreeBSD.
- Fix error where datetimes were not correctly safeguarded before being passed
into msgpack.
- Fix file.replace regressions. If the pattern is not found, and if dry run is False,
and if backup is False, and if a pre-existing file exists with extension .bak,
then that backup file will be overwritten. This backup behavior is a result of how fileinput
works. Fixing it requires either passing through the file twice (the
first time only to search for content and set a flag), or rewriting
file.replace so it doesn't use fileinput
- VCS filreserver fixes/optimizations
- Catch fileserver configuration errors on master start
- Raise errors on invalid gitfs configurations
- set_locale when locale file does not exist (Redhat family)
- Fix to correctly count active devices when created mdadm array with spares
- Fix to correctly target minions in batch mode
- Support ssh:// urls using the gitfs dulwhich backend
- New fileserver runner
- Fix various bugs with argument parsing to the publish module.
- Fix disk.usage for Synology OS
- Fix issue with tags occurring twice with docker.pulled
- Fix incorrect key error in SMTP returner
- Fix condition which would remount loopback filesystems on every state run
- Remove requsites from listens after they are called in the state system
- Make system implementation of service.running aware of legacy service calls
- Fix issue where publish.publish would not handle duplicate responses gracefully.
- Accept Kali Linux for aptpkg salt execution module
- Fix bug where cmd.which could not handle a dirname as an argument
- Fix issue in ps.pgrep where exceptions were thrown on Windows.
Known issues:
- In multimaster mode, a minion may become temporarily unresponsive
if modules or pillars are refreshed at the same time that one
or more masters are down. This can be worked around by setting
'auth_timeout' and 'auth_tries' down to shorter periods.
- There are known issues with batch mode operating on the incorrect number of minions.
This bug can be patched with the change in Pull Request #22464.
- The fun, state, and unless keywords are missing from the state internals, which
can cause problems running some states. This bug can be patched with the change in
Pull Request #22365.