Salt 2015.8.1 Release Notes

Version 2015.8.1 is a bugfix release for 2015.8.0.

Security Fixes

CVE-2015-6941 - win_useradd module and salt-cloud display passwords in debug log

Updated the win_useradd module return data to no longer include the password of the newly created user. The password is now replaced with the string XXX-REDACTED-XXX. Updated the Salt Cloud debug output to no longer display win_password and sudo_password authentication credentials. Also updated the Linode driver to no longer display authentication credentials in debug logs. These credentials are now replaced with REDACTED in the debug output.

CVE-2015-6918 - Git modules leaking HTTPS auth credentials to debug log

Updated the Git state and execution modules to no longer display HTTPS basic authentication credentials in loglevel debug output on the Salt master. These credentials are now replaced with REDACTED in the debug output. Thanks to Andreas Stieger <asteiger@suse.com> for bringing this to our attention.

Major Bug Fixes

  • Add support for spm.d/*.conf configuration of SPM (issue 27010)
  • Fix proxy grains breakage for non-proxy minions (issue 27039)
  • Fix global key management for git state
  • Fix passing http auth to util.http from state.file (issue 21917)
  • Fix multiprocessing: True in windows (on by default`)
  • Add pkg.info to pkg modules
  • Fix name of serial grain (this was accidentally renamed in 2015.8.0`)
  • Merge config values from master.d/minion.d conf files (rather than flat update`)
  • Clean grains cache on grains sync (issue 19853)
  • Remove streamed response for fileclient to avoid HTTP redirection problems (issue 27093)
  • Fixed incorrect warning about osrelease grain (issue 27065)
  • Fix authentication via Salt-API with tokens (issue 27270)
  • Fix winrepo downloads from https locations (issue 27081)
  • Fix potential error with salt-call as non-root user (issue 26889)
  • Fix global minion provider overrides (issue 27209)
  • Fix backward compatibility issues for pecl modules
  • Fix Windows uninstaller to only remove ./bin, salt*, nssm.exe, uninst.exe (issue 27383)
  • Fix misc issues with mongo returner.
  • Add sudo option to cloud config files (issue 27398)
  • Fix regression in RunnerClient argument handling (issue 25107)
  • Fix dockerng.running replacing creation hostconfig with runtime hostconfig (issue 27265)
  • Fix dockerng.running replacing creation hostconfig with runtime hostconfig (issue 27265)
  • Increased performance on boto asg/elb states due to __states__ integration
  • Windows minion no longer requires powershell to restart (issue 26629)
  • Fix x509 module to support recent versions of OpenSSL (issue 27326)
  • Some issues with proxy minions were corrected.

Known Issues:

  • Proxy minions currently cannot execute a highstate because of the way the proxymodule is being loaded internally. This will be fixed in a future release.

Changes for v2015.8.0..v2015.8.1

Extended changelog courtesy of Todd Stansell (https://github.com/tjstansell/salt-changelogs):

Generated at: 2015-10-01T04:45:02Z

Total Merges: 200

Changes:

  • PR #27584: (jacobhammons) added changes list to 2015.8.1 release notes
  • PR #27575: (rallytime) Don't report existing instances as running only if they're actually terminated in EC2
  • PR #27573: (basepi) [2015.8] Use the custom yaml serializer for minion_opts for salt-ssh
  • PR #27514: (clinta) Recent Versions of OpenSSL don't allow importing incomplete PEMs
  • PR #27564: (jacobhammons) Man pages
  • PR #27522: (twangboy) Removed dependency on powershell to restart salt-minion
  • PR #27550: (rallytime) [2015.8] Clean up salt-cloud logging and make it more useful
  • PR #27517: (jacobhammons) Updated install docs
  • PR #27526: (eliasp) Add missing newlines before param listing to fix doc rendering
  • PR #27525: (basepi) [2015.8] Merge forward from 2015.5 to 2015.8
  • PR #27513: (terminalmage) Fix integration tests for worktree addition in git >= 2.6
  • PR #27510: (rallytime) Merge #27475 with test fixes
  • PR #27451: (ticosax) [dockerng] Enforce usage of host_config and require docker-py>=1.4.0
  • PR #27461: (cachedout) Only clean context if it exists
  • PR #27473: (terminalmage) salt.utils.gitfs: Don't use close_fds=True on Windows
  • PR #27496: (blueyed) Fix version reporting of gitpython
  • PR #27502: (ticosax) Add test to check we don't call inspect_image on absent images.
  • PR #27497: (blueyed) dockerng: fix image_present for forced, non-existent image
  • PR #27411: (terminalmage) Fix invocation of git.config_get and git.config_set
  • PR #27477: (terminalmage) Don't append role to hash_cachedir
  • PR #27474: (whiteinge) Add fake pymongo version attribute for the docs
  • PR #27466: (blueyed) Fix version reporting of python-gnupg and mysql-python
  • PR #27465: (ticosax) Fix usage of dockerng "cmd" was #27459
  • PR #27417: (whiteinge) Backport #25243 into 2015.8
  • PR #27423: (dmurphy18) Changes to support configurable repository for Debian / Ubuntu
  • PR #27428: (rallytime) Back-port #27398 to 2015.8
  • PR #27429: (rallytime) Back-port #27344 to 2015.8
  • PR #27450: (ticosax) [dockerng] Fix typo in docstring
  • PR #27430: (jacksontj) Fix bug introduced in eee0291ff8b65ff1e22f4dc2447a74aa28a3ce7f
  • PR #27418: (terminalmage) Don't always remove dest path in salt.utils.files.rename()
  • PR #27383: (twangboy) Uninstaller only removes specific files and dirs
  • PR #27416: (rallytime) Back-port #27399 to 2015.8
  • PR #27394: (jacksontj) Remove streamed response for fileclient to avoid HTTP redirection problems
  • PR #27415: (ryan-lane) Backwards compat fixes for pecl module
  • PR #27407: (meggiebot) Adding stretch label definition
  • PR #27388: (basepi) [2015.8] Fix global provider overrides
  • PR #27386: (rallytime) Document tty: True usage in salt-ssh roster file
  • PR #27380: (jtand) Skipping Async tests
  • PR #27382: (terminalmage) Revert "fixes `#27217`_ clear_old_remotes clears wrong directory (gitfs)"
  • PR #27361: (cro) Correct some issues with proxy minions
  • PR #27364: (ruzarowski) SaltCloud[EC2] Fix missing credentials in modify_eni_properties api call
  • PR #27349: (jfindlay) add freebsd install docs to release notes
  • PR #27343: (cachedout) Close io loop before deleting attribute
  • PR #27337: (rallytime) [2015.8] Fixup salt-cloud logging
  • PR #27332: (terminalmage) Adjust dockerng/dockerio docstrings
  • PR #27353: (cachedout) Fix case where var not set in config
  • PR #27350: (rallytime) Allow IP-forwarding in GCE driver
  • PR #27305: (cachedout) Re-init logging system on Windows when using multiprocessing
  • PR #27331: (terminalmage) dockerng: Allow both cmd and command to be used to specify command
  • PR #27327: (isbm) Fix a typo in the RPM output
  • PR #27312: (basepi) [2015.8] Merge forward from 2015.5 to 2015.8
  • PR #27303: (jacobhammons) Updated module doc index using https://github.com/saltstack/salt/pull
  • PR #27301: (twangboy) Pass ca_bundle for windows (fixes SSL Error)
  • PR #27300: (rallytime) Back-port #27287 to 2015.8
  • PR #27288: (rallytime) Filter on 'name', not 'id', when listing images
  • PR #27283: (jtand) __grains__['osrelease'] returns a string
  • PR #27276: (rallytime) Back-port #27218 to 2015.8
  • PR #27275: (rallytime) Back-port #27213 to 2015.8
  • PR #27274: (rallytime) Back-port #27272 to 2015.8
  • PR #27271: (isbm) Bugfix: crash on token authentication via API
  • PR #27251: (rallytime) Add support for post_uri in SoftLayer cloud drivers
  • PR #27260: (bechtoldt) add missing module doc references
  • PR #27254: (jfindlay) 2015.2,2015.8,Beryllium -> 2015.8.0
  • PR #27245: (rallytime) If two ssh keynames are found in DigitalOcean, abort and warn the user.
  • PR #27241: (jfindlay) osrelease is only an integer for fedora
  • PR #27234: (basepi) [2015.8] Merge forward from 2015.5 to 2015.8
  • PR #27240: (isbm) Backport of the fix of 'pkg.info*' for Beryllium
  • PR #27223: (pprkut) Support firewalld per interface zone config on rh7 systems
  • PR #27238: (bechtoldt) salt.modules.disk.percent() throws KeyError when partition doesn't exist
  • PR #27232: (basepi) [2015.8] Add stub release notes for 2015.8.1
  • PR #27199: (rallytime) Avoid RunTimeError (dictionary changed size during iteration) with keys()
  • PR #27206: (rallytime) Don't repeat GCE setup instructions, and make the use of .json files clearer
  • PR #27210: (rallytime) Refactor some digital ocean functions
  • PR #27197: (basepi) [2015.8] Merge forward from 2015.5 to 2015.8
  • PR #27195: (jacobhammons) Fixed sphinx / latex build warnings and errors
  • PR #27182: (bernieke) fix restart_on_error
  • PR #27163: (terminalmage) Workaround upstream tornado bug affecting redirects
  • PR #27177: (rallytime) Remove note - incorrect info
  • PR #27173: (rallytime) Add the ability to specify multiple disks on the SoftLayer driver
  • PR #27164: (rallytime) Make sure changes from #26824 to digital_ocean_v2.py driver make it to digital_ocean.py in 2015.8
  • PR #27143: (cachedout) Clean grains cache on grains sync
  • PR #27150: (cachedout) Merge config values from master.d/minion.d conf files
  • PR #27137: (jfindlay) revert serial grain regression
  • PR #27144: (rallytime) Don't stacktrace on softlayer_hw.show_all_prices if a code isn't supplied
  • PR #27139: (jacobhammons) Updated key instruction on rhel7
  • PR #27134: (isbm) Backport to 2015.8: "pkg.info"
  • PR #27119: (l2ol33rt) Boto dynamodb module should be using layer 2 abstractions
  • PR #27092: (perfinion) salt/master: chdir to root not homedir
  • PR #27131: (jacobhammons) Install docs
  • PR #27124: (jfindlay) Backport #27123
  • PR #27111: (basepi) [2015.8] Merge forward from 2015.5 to 2015.8
  • PR #27122: (terminalmage) Fix broken link to git-config(1) docs
  • PR #27115: (jacobhammons) Release docs
  • PR #27110: (rallytime) Make sure -Q output is consistent across salt-cloud drivers
  • PR #27050: (twangboy) Turned multiprocessing on
  • PR #27086: (techhat) Document development of SPM loader modules
  • PR #26941: (msteed) Make elasticsearch work as master job cache
  • PR #27080: (bechtoldt) [Proposal] Add Github SPM label for issues
  • PR #27064: (twangboy) Fixed user docs
  • PR #27072: (rallytime) Back-port #26840 to 2015.8
  • PR #27060: (cro) Fix grains breakage when hosts are not Linux, Windows, or SunOS
  • PR #27051: (rallytime) Back-port #26953 to 2015.8
  • PR #26864: (terminalmage) Only do git_pillar preflight checks on new-style git_pillar configs
  • PR #26967: (TheBigBear) new URL for windows salt downloads
  • PR #26921: (terminalmage) Get rid of error in legacy git pillar when using branch mapping notation
  • PR #26923: (rallytime) Code clean up of cloud drivers and files
  • PR #27010: (rallytime) Back-port #26988 to 2015.8
  • PR #26985: (rallytime) Fix versionadded tag